CN106161404A - The method of SSL Session state reuse, server and system - Google Patents
The method of SSL Session state reuse, server and system Download PDFInfo
- Publication number
- CN106161404A CN106161404A CN201510195144.1A CN201510195144A CN106161404A CN 106161404 A CN106161404 A CN 106161404A CN 201510195144 A CN201510195144 A CN 201510195144A CN 106161404 A CN106161404 A CN 106161404A
- Authority
- CN
- China
- Prior art keywords
- session identification
- client
- server
- symmetric key
- relevant information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses method, server and the system of a kind of SSL Session state reuse, belong to communication technical field.Described method includes: server and client carry out in handshake procedure, session identification is generated for described client, described session identification is sent to described client, the pre-main encryption returned according to described client concatenates into symmetrical cipher key related information, is stored in corresponding with described symmetric key relevant information for described session identification in preset memory;Described server and described client are carried out in handshake procedure again, when described server can get described session identification from described client, described server is according to described session identification, and from described preset memory, inquiry obtains the described symmetric key relevant information that described session identification is corresponding;Described server generates symmetric key according to described symmetric key relevant information, utilizes described symmetric key and described client to be encrypted data transmission.The present invention can realize SSL Session state reuse in the cluster.
Description
Technical field
The present invention relates to communication technical field, be specifically related to a kind of method of SSL Session state reuse, server
And system.
Background technology
SSL (Secure Sockets Layer, SSL)/TLS (Transport Layer Security,
Transmission security protocol) agreement is IETF (The Internet Engineering Task Force, international interconnection
Net engineering duty group) the secure network transmission agreement that proposes, primarily to protection is transmitted in the Internet
Confidential information, this agreement includes two processes: handshake phase and data transfer phase.Handshake phase:
Client (client) generates pre-main encryption string (PreMaster Secret word string), with server (server)
PKI (public key) pre-main encryption string is encrypted, will encryption after pre-main encryption string be sent to
Server;Server receives the pre-main encryption string after encryption, with the private key (private key) with public key match
Pre-main encryption string after encryption is decrypted, obtains pre-main encryption string, utilize pre-main encryption to concatenate in pairs
Key relevant information (session_info) is claimed (to include that master key (master secret), server are random
Number and client random number etc.), utilize symmetrical key relevant information to generate symmetrical key.Data transmission rank
Section: the symmetrical secret key pair that server by utilizing handshake phase generates is encrypted in plain text, by the plaintext after encryption
It is sent to client;After client receives the plaintext after encryption, the pre-main encryption of client is utilized to concatenate into
Symmetrical key relevant information, utilizes symmetrical key relevant information to generate symmetrical key, utilizes symmetrical secret key pair
Plaintext after encryption is decrypted i.e. available plaintext and continues with.
In order to improve the efficiency shaken hands, it is proposed that the method for SSL Session state reuse (session reuse),
Detailed process is as follows: in client handshake phase first, user end to server sends session identification length
(SESSION ID LENGTH) information;After server receives client session identification length information,
If supporting that Session state reuse is generated as and replys one session identification of client (SESSION ID);Client
End receives session identification, is encrypted pre-main encryption string with the PKI of server, by the pre-master after encryption
Encryption string is sent to server;Server receives the pre-main encryption string after encryption, with the private with public key match
Pre-main encryption string after encryption is decrypted by key, obtains pre-main encryption string, utilizes pre-main encryption to concatenate into
Symmetrical key relevant information, utilizes symmetrical key relevant information to generate symmetrical key;When client again please
Ask when shaking hands, send session identification to server;After server receives session identification, reply client phase
Same session identification, then directly sends to client and terminates (finish) message;Client and server
The pre-main encryption utilizing local terminal concatenates into symmetrical key relevant information, utilizes symmetrical key relevant information to generate
Symmetrical key, both sides utilize symmetrical key to carry out Data Encryption Transmission.
The method that can be seen that SSL Session state reuse by said process, can be directly by symmetrical key phase
Pass Information recovering goes out symmetrical key and carries out Data Encryption Transmission, the asymmetric encryption procedure of handshake phase is saved
Slightly, can save the time, accelerate the speed of SSL session.But, the side of existing SSL Session state reuse
Method, symmetrical key relevant information is which server generates, and just by which server is preserved, when running into clothes
During business device cluster (being made up of multiple servers), client access each time may be directed to clothes
Servers different in business device cluster, such as: when the once access of client is positioned to server cluster
In server A, server A generate symmetrical key relevant information, when client accesses next time,
Being positioned to again the server B in server cluster, now server B cannot be known and given birth to by server A
The symmetrical key relevant information become, thus SSL Session state reuse cannot be realized.
Summary of the invention
In order to solve the problems referred to above, the invention provides a kind of method of SSL Session state reuse, server and
System, it will words mark is corresponding with symmetric key relevant information to be stored in preset memory, it is possible to achieve
Symmetric key relevant information generates and the separation of storage, and any server in server cluster can be from
Preset memory gets symmetric key relevant information, SSL session can be realized in server cluster
Reuse.
In order to solve the problems referred to above, a kind of method that the invention discloses SSL Session state reuse, described method
Including:
Server and client carry out in handshake procedure, generate session identification for described client, by described
Session identification is sent to described client, and the pre-main encryption returned according to described client is concatenated into symmetrical close
Key relevant information, presets storage by corresponding with described symmetric key relevant information for described session identification being stored in
In device;
Described server and described client are carried out in handshake procedure, again when described server can be from institute
Stating client when getting described session identification, described server is according to described session identification, from described pre-
If inquiry obtains the described symmetric key relevant information that described session identification is corresponding in memorizer;
Described server generates symmetric key according to described symmetric key relevant information, utilizes described symmetry close
Key and described client are encrypted data transmission.
Further, server and client carry out in handshake procedure, generate session mark for described client
Know, described session identification is sent to described client, the pre-main encryption string returned according to described client
Generate symmetric key relevant information, by corresponding with described symmetric key relevant information for described session identification storage
In preset memory, including:
Described server receives the SSL request of described client, obtains and carries in described SSL request
Session identification length information;
Described server according to described session identification length information determine session identification a length of zero time, for institute
State client and generate described session identification, and described session identification is sent to described client so that institute
State client and receive session identification, generate and the described pre-main encryption string after encryption is sent to described service
Device;
Described pre-main encryption string after the encryption that described server receives and sends described client is carried out
Deciphering obtains described pre-main encryption string, concatenates into the relevant letter of described symmetric key according to described pre-main encryption
Breath, is stored in described preset memory by corresponding with described symmetric key relevant information for described session identification
In;
Described server generates described symmetric key according to described symmetric key relevant information, and it is described right to utilize
Key and described client is claimed to be encrypted data transmission.
Further, described server receives the SSL request of described client, and obtaining described SSL please
After seeking the session identification length information carried, also include:
According to described session identification length information, described server determines that described session identification length is not zero
Time, determine that described server and described client are carried out in handshake procedure again;
Correspondingly, when described server can get described session identification from described client, described
Server is according to described session identification, and from described preset memory, inquiry obtains described session identification correspondence
Described symmetric key relevant information, including:
Described server judges whether to carry in described SSL request described session identification;
If carrying described session identification in described SSL request, the most described server obtains described SSL
Described session identification in request, described server is according to described session identification, from described preset memory
Middle inquiry obtains the described symmetric key relevant information that described session identification is corresponding, is sent out by described session identification
Give described client, and send, to described client, ending message of shaking hands.
Further, whether carry during described server judges described SSL request described session identification it
After, also include:
If described SSL request does not carry described session identification, then perform to generate for described client
Described session identification, and described session identification is sent to the step of described client.
Further, described server, according to described session identification, is inquired about from described preset memory
To the described symmetric key relevant information that described session identification is corresponding, including:
Described server, according to described session identification, inquires about session identification pair described in described preset memory
Whether the described symmetric key relevant information answered exists;
If the described symmetric key relevant information that session identification described in described preset memory is corresponding is deposited
, then perform to be sent to described session identification described client, and send, to described client, knot of shaking hands
The step of bundle information;
If described symmetric key relevant information corresponding to session identification described in described preset memory is not
Exist, then perform to generate described session identification for described client, and described session identification is sent to institute
State the step of client.
Further, described symmetric key relevant information includes: master key master secret, server
Random number and client random number.
Further, described server is the arbitrary described server in server cluster, and described presetting is deposited
Reservoir is independent of the arbitrary described server in described server cluster.
In order to solve the problems referred to above, the invention also discloses the server of a kind of SSL Session state reuse, described
Server includes:
Processing module, for carrying out in handshake procedure, for described client in described server and client
Generate session identification, described session identification is sent to described client, returns according to described client
Pre-main encryption concatenates into symmetrical cipher key related information, by relevant with described symmetric key for described session identification letter
Breath correspondence is stored in preset memory;
Enquiry module, for again carrying out in handshake procedure in described server and described client, works as institute
Stating server can be when described client gets described session identification, according to described session identification, from
In described preset memory, inquiry obtains the described symmetric key relevant information that described session identification is corresponding;
Transport module, for generating symmetric key according to described symmetric key relevant information, it is described right to utilize
Key and described client is claimed to be encrypted data transmission.
Further, described processing module includes:
Processing unit, for receiving the SSL request of described client, obtains in described SSL request and takes
The session identification length information of band;
Signal generating unit, for according to described session identification length information determine session identification a length of zero time,
Generate described session identification for described client, and described session identification is sent to described client, make
Obtaining described client and receive session identification, the described pre-main encryption string after generating and encrypting is sent to described
Server;
Memory element, the described pre-main encryption string after the encryption received and send described client enters
Row deciphering obtains described pre-main encryption string, concatenates into the relevant letter of described symmetric key according to described pre-main encryption
Breath, is stored in described preset memory by corresponding with described symmetric key relevant information for described session identification
In;
Transmission unit, for generating described symmetric key according to described symmetric key relevant information, utilizes institute
State symmetric key and be encrypted data transmission with described client.
Further, described processing module also includes:
Determine unit, for determining that described session identification length is not according to described session identification length information
When zero, determine that described server and described client are carried out in handshake procedure again;
Correspondingly, described enquiry module includes:
Judging unit, is used for judging whether to carry in described SSL request described session identification;
Query unit, if carrying described session identification in described SSL request, then obtains described
Described session identification in SSL request, according to described session identification, inquires about from described preset memory
Obtain the described symmetric key relevant information that described session identification is corresponding, described session identification is sent to institute
State client, and send, to described client, ending message of shaking hands.
Further, described processing module also includes:
Notification unit, if not carrying described session identification in described SSL request, then notifies institute
State signal generating unit to perform to generate described session identification for described client, and described session identification is sent to
The step of described client.
Further, described query unit includes:
Inquiry subelement, for according to described session identification, inquires about session described in described preset memory
Whether the described symmetric key relevant information of mark correspondence exists;
First notice subelement, if corresponding described of session identification described in the described preset memory
Symmetric key relevant information exists, then notify that described query unit performs described session identification is sent to institute
State client, and send the step of ending message of shaking hands to described client;
Second notice subelement, if corresponding described of session identification described in the described preset memory
Symmetric key relevant information does not exists, then notify that described signal generating unit performs as the generation of described client described
Session identification, and described session identification is sent to the step of described client.
Further, described symmetric key relevant information includes: master key master secret, server
Random number and client random number.
Further, described server is the arbitrary described server in server cluster, and described presetting is deposited
Reservoir is independent of the arbitrary described server in described server cluster.
In order to solve the problems referred to above, the invention also discloses the system of a kind of SSL Session state reuse, described system
System includes: server and preset memory;Described server includes:
Processing module, for carrying out in handshake procedure, for described client in described server and client
Generate session identification, described session identification is sent to described client, returns according to described client
Pre-main encryption concatenates into symmetrical cipher key related information, by relevant with described symmetric key for described session identification letter
Breath correspondence is stored in described preset memory;
Enquiry module, for again carrying out in handshake procedure in described server and described client, works as institute
Stating server can be when described client gets described session identification, according to described session identification, from
In described preset memory, inquiry obtains the described symmetric key relevant information that described session identification is corresponding;
Transport module, for generating symmetric key according to described symmetric key relevant information, it is described right to utilize
Key and described client is claimed to be encrypted data transmission;
Described preset memory, for depositing corresponding with described symmetric key relevant information for described session identification
Storage.
Further, described processing module includes:
Processing unit, for receiving the SSL request of described client, obtains in described SSL request and takes
The session identification length information of band;
Signal generating unit, for according to described session identification length information determine session identification a length of zero time,
Generate described session identification for described client, and described session identification is sent to described client, make
Obtaining described client and receive session identification, the described pre-main encryption string after generating and encrypting is sent to described
Server;
Memory element, the described pre-main encryption string after the encryption received and send described client enters
Row deciphering obtains described pre-main encryption string, concatenates into the relevant letter of described symmetric key according to described pre-main encryption
Breath, is stored in described preset memory by corresponding with described symmetric key relevant information for described session identification
In;
Transmission unit, for generating described symmetric key according to described symmetric key relevant information, utilizes institute
State symmetric key and be encrypted data transmission with described client.
Further, described processing module also includes:
Determine unit, for determining that described session identification length is not according to described session identification length information
When zero, determine that described server and described client are carried out in handshake procedure again;
Correspondingly, described enquiry module includes:
Judging unit, is used for judging whether to carry in described SSL request described session identification;
Query unit, if carrying described session identification in described SSL request, then obtains described
Described session identification in SSL request, according to described session identification, inquires about from described preset memory
Obtain the described symmetric key relevant information that described session identification is corresponding, described session identification is sent to institute
State client, and send, to described client, ending message of shaking hands.
Further, described processing module also includes:
Notification unit, if not carrying described session identification in described SSL request, then notifies institute
State signal generating unit to perform to generate described session identification for described client, and described session identification is sent to
The step of described client.
Further, described query unit includes:
Inquiry subelement, for according to described session identification, inquires about session described in described preset memory
Whether the described symmetric key relevant information of mark correspondence exists;
First notice subelement, if corresponding described of session identification described in the described preset memory
Symmetric key relevant information exists, then notify that described query unit performs described session identification is sent to institute
State client, and send the step of ending message of shaking hands to described client;
Second notice subelement, if corresponding described of session identification described in the described preset memory
Symmetric key relevant information does not exists, then notify that described signal generating unit performs as the generation of described client described
Session identification, and described session identification is sent to the step of described client.
Further, described symmetric key relevant information includes: master key master secret, server
Random number and client random number.
Further, described server is the arbitrary described server in system cluster, described default storage
Device is independent of the arbitrary described server in described server cluster.
Compared with prior art, the present invention can obtain and include techniques below effect:
1) it is stored in corresponding with symmetric key relevant information for session identification in preset memory, Ke Yishi
Existing symmetric key relevant information generates and the separation of storage, and any server in server cluster can
From preset memory, get symmetric key relevant information, SSL meeting can be realized in server cluster
Words are reused.
2) it is stored in corresponding with symmetric key relevant information for session identification in preset memory so that right
Claim cipher key related information holding time can be completely independent, from regardless of whether server down machine or stop
Sleep, restart, all without the effect duration having influence on symmetric key relevant information, it is achieved that server cluster
The high availability of middle SSL Session state reuse.
Certainly, the arbitrary product implementing the present invention must be not necessarily required to reach all the above skill simultaneously
Art effect.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes of the present invention
Point, the schematic description and description of the present invention is used for explaining the present invention, is not intended that the present invention's
Improper restriction.In the accompanying drawings:
Fig. 1 is the method flow diagram of the first SSL Session state reuse of the embodiment of the present invention;
Fig. 2 is a kind of server and the preset memory relation schematic diagram of the embodiment of the present invention;
Fig. 3 is the method flow diagram of the second SSL Session state reuse of the embodiment of the present invention;
Fig. 4 is another kind of server and the preset memory relation schematic diagram of the embodiment of the present invention;
Fig. 5 is the server architecture schematic diagram of a kind of SSL Session state reuse of the embodiment of the present invention;
Fig. 6 is the system structure schematic diagram of a kind of SSL Session state reuse of the embodiment of the present invention.
Detailed description of the invention
Embodiments of the present invention are described in detail, thereby to the present invention below in conjunction with drawings and Examples
How application technology means solve technical problem and reach the process that realizes of technology effect and can fully understand
And implement according to this.
In a typical configuration, calculating equipment include one or more processor (CPU), input/
Output interface, network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory
(RAM) and/or the form such as Nonvolatile memory, such as read only memory (ROM) or flash memory (flash RAM).
Internal memory is the example of computer-readable medium.
Computer-readable medium includes that permanent and non-permanent, removable and non-removable media can be by
Any method or technology realize information storage.Information can be computer-readable instruction, data structure,
The module of program or other data.The example of the storage medium of computer includes, but are not limited to phase transition internal memory
(PRAM), static RAM (SRAM), dynamic random access memory (DRAM),
Other kinds of random access memory (RAM), read only memory (ROM), electrically erasable
Read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read only memory
(CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassette tape, tape
Magnetic rigid disk storage or other magnetic storage apparatus or any other non-transmission medium, can be used for storage can be by
The information that calculating equipment accesses.According to defining herein, computer-readable medium does not include non-temporary electricity
Brain readable media (transitory media), such as data signal and the carrier wave of modulation.
As employed some vocabulary in the middle of description and claim to censure specific components.This area skill
Art personnel are it is to be appreciated that hardware manufacturer may call same assembly with different nouns.This explanation
In the way of book and claim not difference by title is used as distinguishing assembly, but with assembly in function
On difference be used as distinguish criterion." bag as mentioned by the middle of description in the whole text and claim
Contain " it is an open language, therefore " comprise but be not limited to " should be construed to." substantially " refer to receivable
In range of error, those skilled in the art can solve described technical problem, base in the range of certain error
Originally described technique effect is reached.Additionally, " coupling " word comprises any directly and indirectly electrical coupling at this
Catcher section.Therefore, if a first server is coupled to a second server described in literary composition, then represent described
First server can directly be electrically coupled to described second server, or pass through other servers or couple hands
Intersegmental ground connection is electrically coupled to described second server.Description subsequent descriptions is the preferable of the enforcement present invention
Embodiment, for the purpose of right described description is the rule so that the present invention to be described, is not limited to this
The scope of invention.Protection scope of the present invention is when being as the criterion depending on the defined person of claims.
Also, it should be noted term " includes ", " comprising " or its any other variant are intended to non-
Comprising of exclusiveness, so that include that the commodity of a series of key element or system not only include that those are wanted
Element, but also include other key elements being not expressly set out, or also include for this commodity or be
Unite intrinsic key element.In the case of there is no more restriction, statement " including ... " limit
Key element, it is not excluded that there is also other identical element in the commodity including described key element or system.
Embodiment describes
With an embodiment, the realization of the inventive method is described further below.As it is shown in figure 1, be this
A kind of method flow diagram of the SSL Session state reuse of inventive embodiments, the method includes:
S101: server and client carry out in handshake procedure, generate session identification for client, it will
Words mark is sent to client, and the pre-main encryption returned according to client concatenates into the relevant letter of symmetric key
Breath, it will words mark is corresponding with symmetric key relevant information to be stored in preset memory.
Specifically, symmetric key relevant information (session_info) including: master key (master secret),
Server random number and client random number etc..Wherein, master key is according to pre-main encryption string (PreMaster
Secret word string), the generation such as server random number and client random number, the concrete process that generates is with existing
Having method to be similar to, here is omitted, and server random number is the random number of server stochastic generation, can
To be sent to client in client interaction, client random number is client stochastic generation
Random number, can be sent to server during server interaction.Further, the relevant letter of symmetric key
Breath can also include the effective time etc. of symmetric key relevant information, in order to monitoring symmetric key relevant information
The most expired inefficacy.
Specifically, seeing Fig. 2, server can be any server in server cluster, presets and deposits
Reservoir is independent of any server in server cluster, when server cluster includes multiple server
Time, multiple servers can be interacted with terminal unit by load equalizer, to realize multiple service
Task balance between device.Server can be the server that can provide SSL access service, including but
Being not limited to HTTPs, POPs, SMTPs, FTPs, preset memory can be the storage of any high-performance
Device.
S102: server and client are carried out in handshake procedure, again when server can obtain from client
When getting session identification, server is according to session identification, and from preset memory, inquiry obtains session identification
Corresponding symmetric key relevant information.
Specifically, server can be inquired about from preset memory and obtain the symmetric key that session identification is corresponding
Relevant information, then explanation symmetric key relevant information has not expired or not because preset memory is restarted
Losing efficacy etc. reason, symmetric key relevant information can be used to generate symmetric key.
S103: server generates symmetric key according to symmetric key relevant information, utilizes symmetric key and visitor
Family end is encrypted data transmission.
Specifically, when server by utilizing symmetric key and client are encrypted data transmission, client meeting
Pre-main encryption string, server random number and client randoms number according to client etc. generate master key, so
Generate symmetric key according to master key, server random number and client random number etc. afterwards, utilize symmetrical close
Plaintext after what server was sended over by key utilize symmetric key encryption is decrypted, and utilizes symmetric key
The plaintext being sent to server is encrypted, it is achieved encrypted data transmission.
Specifically, in a preferred embodiment of the present embodiment, see the side of Fig. 3, SSL Session state reuse
Method includes:
S201: server receives the SSL request of client, obtains the session mark carried in SSL request
Know length information.
Specifically, the SSL request of client can be client (Client) hello packet.Session
Identification length information is probably SESSOIIN ID LENGTH:0 or SESSOIIN ID LENGTH:32
Deng.
Specifically, if not carrying session identification length information in SSL request, server does not obtain
The session identification length information carried in SSL request, then prove that client does not accept SSL session weight
With, then server is follow-up will not generate session identification, according to existing non-SSL between server and client side
The method of Session state reuse carries out handshake procedure and Data Encryption Transmission process.
According to session identification length information, S202: server judges whether session identification length is zero, if
Session identification a length of zero, then perform S203;If session identification length is not zero, then perform S206.
Specifically, if session identification length information is SESSOIIN ID LENGTH:32, then session
Identification length is not zero, if session identification length information is SESSOIIN ID LENGTH:0, then can
Words identification length is zero.
S203: server is that client generates session identification, and session identification is sent to client, makes
Obtaining client and receive session identification, the pre-main encryption string after generating and encrypting is sent to server.
Specifically, according to SSL/TLS agreement, session identification (SESSION ID) can be one 32
Byte and the random number of non-zero, random string etc. (SESSION ID:token<32 is long>).
Pre-main encryption string after the encryption that S204: server receives and sends client is decrypted and obtains
Pre-main encryption string, concatenates into symmetrical cipher key related information according to pre-main encryption, it will words mark and symmetry are close
Key relevant information correspondence is stored in preset memory.
Specifically, concatenating into symmetrical cipher key related information according to pre-main encryption can be according to pre-main encryption
String, server random number and client random number etc. generate master key, then by master key, server with
Machine number and client random number are as symmetric key relevant information.
Specifically, the pre-main encryption string after the encryption that server receives and sends client is decrypted
After pre-main encryption string, it is also possible to first judge that pre-main encryption string is the most perfect, if pre-main encryption string
Perfect, concatenate into symmetrical cipher key related information further according to pre-main encryption, it will words mark and symmetry are close
Key relevant information correspondence is stored in preset memory;If pre-main encryption string is not perfect, then take
Business device sends end message to client, disconnects the connection with client, no longer carries out subsequent operation.
S205: server generates symmetric key according to symmetric key relevant information, utilizes symmetric key and visitor
Family end is encrypted data transmission, then terminates.
S206: server judges whether carry session identification in SSL request, if taken in SSL request
Band session identification, then perform S207;If SSL request does not carry session identification, then perform S203.
Specifically, when server determines that session identification length is not zero according to session identification length information, really
Determine server and client is probably and again carries out in handshake procedure, SSL request may carry server
The session identification generated for client in first handshake procedure.
S207: server obtains the session identification in SSL request.
S208: server is according to session identification, and the symmetry that in inquiry preset memory, session identification is corresponding is close
Whether key relevant information exists, if the symmetric key relevant information that in preset memory, session identification is corresponding
Exist, then perform S209;If the symmetric key relevant information that in preset memory, session identification is corresponding is not
Exist, then perform S203.
Specifically, if the symmetric key relevant information that in preset memory, session identification is corresponding exists, then
Illustrate that symmetric key relevant information has not expired or not do not loses because preset memory such as restarts at the reason
Effect, symmetric key relevant information can be used to generate symmetric key.If session identification in preset memory
Corresponding symmetric key relevant information does not exists, then explanation symmetric key relevant information probably due to expired or
Preset memory the reason such as is restarted and was lost efficacy.
Session identification is sent to client by S209: server, and sends, to client, ending message of shaking hands,
Then S205 is performed.
Specifically, session identification is sent to client by server, and sends end letter of shaking hands to client
Breath (such as: finish message), to inform that this handshake procedure of client completes to carry out subsequent flows
Journey.
In order to make it easy to understand, when server is any server in server cluster, and preset memory is only
When standing on any server in server cluster, see Fig. 4, server in server cluster 1 with
Client carries out in handshake procedure, generates session identification for client, it will words mark is sent to client,
The pre-main encryption returned according to client concatenates into symmetrical cipher key related information, it will words mark and symmetry are close
Key relevant information correspondence is stored in preset memory;Server 2 in server cluster is with client again
Secondary carry out in handshake procedure, when server 2 can get session identification from client, server 2
According to session identification, from preset memory, inquiry obtains the relevant letter of symmetric key corresponding to session identification
Breath;Server 2 generates symmetric key according to symmetric key relevant information, utilizes symmetric key and client
It is encrypted data transmission.
The method of the SSL Session state reuse described in the present embodiment, it will words mark and symmetric key relevant information
Correspondence is stored in preset memory, it is possible to achieve symmetric key relevant information generates and the separation of storage,
Any server in server cluster can get the relevant letter of symmetric key from preset memory
Breath, can realize SSL Session state reuse in server cluster.By relevant with symmetric key for session identification letter
Breath correspondence is stored in preset memory so that the holding time of symmetric key relevant information can be the most only
Vertical, from regardless of whether server down machine or dormancy, restart, all without having influence on symmetric key phase
The effect duration of pass information, it is achieved that the high availability of SSL Session state reuse in server cluster.
As it is shown in figure 5, be the server architecture figure of a kind of SSL Session state reuse of the embodiment of the present invention, should
Server includes:
Processing module 301, for carrying out in handshake procedure in server and client, generates for client
Session identification, it will words mark is sent to client, concatenates in pairs according to the pre-main encryption that client returns
Claim cipher key related information, it will be stored in corresponding with described symmetric key relevant information of words mark presets storage
In device;
Enquiry module 302, for again carrying out in handshake procedure in server and client, works as server
Can be when client get session identification, according to session identification, inquire about from preset memory and obtain
The symmetric key relevant information that session identification is corresponding;
Transport module 303, for generating symmetric key according to symmetric key relevant information, utilizes symmetrical close
Key and client are encrypted data transmission.
Further, processing module 301 includes:
Processing unit, for receiving the SSL request of client, obtains the session carried in SSL request
Identification length information;
Signal generating unit, for according to session identification length information determine session identification a length of zero time, for visitor
Family end generates session identification, and session identification is sent to client so that client receives session identification,
Generate and the pre-main encryption string after encryption is sent to server;
Memory element, the pre-main encryption string after the encryption received and send client is decrypted
To pre-main encryption string, concatenate into symmetrical cipher key related information according to pre-main encryption, it will words mark and symmetry
Cipher key related information correspondence is stored in preset memory;
Transmission unit, for according to symmetric key relevant information generate symmetric key, utilize symmetric key with
Client is encrypted data transmission.
Further, processing module 301 also includes:
Determine unit, in time determining that session identification length is not zero according to session identification length information, really
Determine server again to carry out in handshake procedure with client;
Correspondingly, enquiry module 302 includes:
Judging unit, is used for judging whether carry session identification in SSL request;
Query unit, if carrying session identification in SSL request, then obtains in SSL request
Session identification, according to session identification, the symmetry that inquiry obtains session identification corresponding from preset memory is close
Key relevant information, it will words mark is sent to client, and sends, to client, ending message of shaking hands.
Further, processing module 301 also includes:
Notification unit, if not carrying session identification in SSL request, then notice signal generating unit is held
Behavior client generates session identification, and session identification is sent to the step of client.
Further, query unit includes:
Inquiry subelement, for according to session identification, corresponding right of session identification in inquiry preset memory
Claim whether cipher key related information exists;
First notice subelement, if the symmetric key that session identification is corresponding in preset memory is correlated with
Information exists, then notice query unit performs to be sent to session identification client, and sends to client
Shake hands the step of ending message;
Second notice subelement, if the symmetric key that session identification is corresponding in preset memory is correlated with
Information does not exists, then notice signal generating unit performs to generate session identification for client, and is sent out by session identification
Give the step of client.
Further, symmetric key relevant information includes: master key master secret, server are random
Number and client random number.
Further, server is any server in server cluster, and preset memory is independent of clothes
Any server in business device cluster.
The server of the SSL Session state reuse described in the present embodiment, it will words mark letter relevant with symmetric key
Breath correspondence is stored in preset memory, it is possible to achieve what symmetric key relevant information generated and stored divides
From, any server in server cluster can get symmetric key from preset memory and be correlated with
Information, can realize SSL Session state reuse in server cluster.Session identification is relevant with symmetric key
Information correspondence is stored in preset memory so that the holding time of symmetric key relevant information can be complete
Independent, from regardless of whether server down machine or dormancy, restart, all without having influence on symmetric key
The effect duration of relevant information, it is achieved that the high availability of SSL Session state reuse in server cluster.
As shown in Figure 6, being the system construction drawing of a kind of SSL Session state reuse of the embodiment of the present invention, this is
System includes: server 40 and preset memory 50;Server 40 includes:
Processing module 401, for carrying out in handshake procedure in server 40 and client, raw for client
Become session identification, it will words mark is sent to client, concatenates into according to the pre-main encryption that client returns
Symmetric key relevant information, it will words mark is corresponding with symmetric key relevant information is stored in preset memory
In 50;
Enquiry module 402, for again carrying out in handshake procedure in server 40 and client, works as service
Device 40 can be when client gets session identification, according to session identification, from preset memory 50
Inquiry obtains the symmetric key relevant information that session identification is corresponding;
Transport module 403, for generating symmetric key according to symmetric key relevant information, utilizes symmetrical close
Key and client are encrypted data transmission;
Preset memory 50, for by corresponding with symmetric key relevant information for session identification storage.
Further, processing module 401 includes:
Processing unit, for receiving the SSL request of client, obtains the session carried in SSL request
Identification length information;
Signal generating unit, for according to session identification length information determine session identification a length of zero time, for visitor
Family end generates session identification, and session identification is sent to client so that client receives session identification,
Generate and the described pre-main encryption string after encryption is sent to server 40;
Memory element, the pre-main encryption string after the encryption received and send client is decrypted
To pre-main encryption string, concatenate into symmetrical cipher key related information according to pre-main encryption, it will words mark and symmetry
Cipher key related information correspondence is stored in preset memory 50;
Transmission unit, for according to symmetric key relevant information generate symmetric key, utilize symmetric key with
Client is encrypted data transmission.
Further, processing module 401 also includes:
Determine unit, in time determining that session identification length is not zero according to session identification length information, really
Determine server again to carry out in handshake procedure with client;
Correspondingly, enquiry module includes:
Judging unit, is used for judging whether carry session identification in SSL request;
Query unit, if carrying session identification in SSL request, then obtains in SSL request
Session identification, according to session identification, from preset memory 50, inquiry obtains corresponding right of session identification
Claim cipher key related information, it will words mark is sent to client, and sends, to client, ending message of shaking hands.
Further, processing module 401 also includes:
Notification unit, if not carrying session identification in SSL request, then notice signal generating unit is held
Behavior client generates session identification, and session identification is sent to the step of client.
Further, query unit includes:
Inquiry subelement, for according to session identification, in inquiry preset memory 50, session identification is corresponding
Symmetric key relevant information whether exist;
First notice subelement, if the symmetric key that session identification is corresponding in preset memory 50
Relevant information exists, then notice query unit performs to be sent to session identification client, and to client
Send the step of ending message of shaking hands;
Second notice subelement, if the symmetric key that session identification is corresponding in preset memory 50
Relevant information does not exists, then notice signal generating unit performs to generate session identification for client, and by session mark
Know the step being sent to client.
Further, symmetric key relevant information includes: master key master secret, server are random
Number and client random number.
Further, server 40 is any server 40 in server cluster, preset memory 50
Independent of any server 40 in server cluster.
The system of the SSL Session state reuse described in the present embodiment, it will words mark and symmetric key relevant information
Correspondence is stored in preset memory, it is possible to achieve symmetric key relevant information generates and the separation of storage,
Any server in server cluster can get the relevant letter of symmetric key from preset memory
Breath, can realize SSL Session state reuse in server cluster.By relevant with symmetric key for session identification letter
Breath correspondence is stored in preset memory so that the holding time of symmetric key relevant information can be the most only
Vertical, from regardless of whether server down machine or dormancy, restart, all without having influence on symmetric key phase
The effect duration of pass information, it is achieved that the high availability of SSL Session state reuse in server cluster.
Server, system describe corresponding with aforesaid method flow, and weak point is with reference to said method flow process
Narration, repeat the most one by one.
Described above illustrate and describes some preferred embodiments of the present invention, but as previously mentioned, it should reason
Solve the present invention and be not limited to form disclosed herein, be not to be taken as the eliminating to other embodiments,
And can be used for various other combination, amendment and environment, and can in invention contemplated scope described herein,
It is modified by above-mentioned teaching or the technology of association area or knowledge.And those skilled in the art are carried out changes
Move and change is without departing from the spirit and scope of the present invention, the most all should be in the protection of claims of the present invention
In the range of.
Claims (21)
1. the method for a SSL Session state reuse, it is characterised in that described method includes:
Server and client carry out in handshake procedure, generate session identification for described client, by described
Session identification is sent to described client, and the pre-main encryption returned according to described client is concatenated into symmetrical close
Key relevant information, presets storage by corresponding with described symmetric key relevant information for described session identification being stored in
In device;
Described server and described client are carried out in handshake procedure, again when described server can be from institute
Stating client when getting described session identification, described server is according to described session identification, from described pre-
If inquiry obtains the described symmetric key relevant information that described session identification is corresponding in memorizer;
Described server generates symmetric key according to described symmetric key relevant information, utilizes described symmetry close
Key and described client are encrypted data transmission.
2. the method for claim 1, it is characterised in that server is shaken hands with client
During, generate session identification for described client, described session identification be sent to described client,
The pre-main encryption returned according to described client concatenates into symmetrical cipher key related information, by described session identification
Corresponding with described symmetric key relevant information it is stored in preset memory, including:
Described server receives the SSL request of described client, obtains and carries in described SSL request
Session identification length information;
Described server according to described session identification length information determine session identification a length of zero time, for institute
State client and generate described session identification, and described session identification is sent to described client so that institute
State client and receive session identification, generate and the described pre-main encryption string after encryption is sent to described service
Device;
Described pre-main encryption string after the encryption that described server receives and sends described client is carried out
Deciphering obtains described pre-main encryption string, concatenates into the relevant letter of described symmetric key according to described pre-main encryption
Breath, is stored in described preset memory by corresponding with described symmetric key relevant information for described session identification
In;
Described server generates described symmetric key according to described symmetric key relevant information, and it is described right to utilize
Key and described client is claimed to be encrypted data transmission.
3. method as claimed in claim 2, it is characterised in that described server receives described client
The SSL request of end, after obtaining the session identification length information carried in described SSL request, also wraps
Include:
According to described session identification length information, described server determines that described session identification length is not zero
Time, determine that described server and described client are carried out in handshake procedure again;
Correspondingly, when described server can get described session identification from described client, described
Server is according to described session identification, and from described preset memory, inquiry obtains described session identification correspondence
Described symmetric key relevant information, including:
Described server judges whether to carry in described SSL request described session identification;
If carrying described session identification in described SSL request, the most described server obtains described SSL
Described session identification in request, described server is according to described session identification, from described preset memory
Middle inquiry obtains the described symmetric key relevant information that described session identification is corresponding, is sent out by described session identification
Give described client, and send, to described client, ending message of shaking hands.
4. method as claimed in claim 3, it is characterised in that described server judges described SSL
After whether request carries described session identification, also include:
If described SSL request does not carry described session identification, then perform to generate for described client
Described session identification, and described session identification is sent to the step of described client.
5. method as claimed in claim 3, it is characterised in that described server is according to described session
Mark, from described preset memory inquiry obtain described symmetric key corresponding to described session identification be correlated with
Information, including:
Described server, according to described session identification, inquires about session identification pair described in described preset memory
Whether the described symmetric key relevant information answered exists;
If the described symmetric key relevant information that session identification described in described preset memory is corresponding is deposited
, then perform to be sent to described session identification described client, and send, to described client, knot of shaking hands
The step of bundle information;
If described symmetric key relevant information corresponding to session identification described in described preset memory is not
Exist, then perform to generate described session identification for described client, and described session identification is sent to institute
State the step of client.
6. the method as described in claim 1-5 any claim, it is characterised in that described symmetry is close
Key relevant information includes: master key master secret, server random number and client random number.
7. the method as described in claim 1-5 any claim, it is characterised in that described server
For the arbitrary described server in server cluster, described preset memory is independent of described server cluster
In arbitrary described server.
8. the server of a SSL Session state reuse, it is characterised in that described server includes:
Processing module, for carrying out in handshake procedure, for described client in described server and client
Generate session identification, described session identification is sent to described client, returns according to described client
Pre-main encryption concatenates into symmetrical cipher key related information, by relevant with described symmetric key for described session identification letter
Breath correspondence is stored in preset memory;
Enquiry module, for again carrying out in handshake procedure in described server and described client, works as institute
Stating server can be when described client gets described session identification, according to described session identification, from
In described preset memory, inquiry obtains the described symmetric key relevant information that described session identification is corresponding;
Transport module, for generating symmetric key according to described symmetric key relevant information, it is described right to utilize
Key and described client is claimed to be encrypted data transmission.
9. server as claimed in claim 8, it is characterised in that described processing module includes:
Processing unit, for receiving the SSL request of described client, obtains in described SSL request and takes
The session identification length information of band;
Signal generating unit, for according to described session identification length information determine session identification a length of zero time,
Generate described session identification for described client, and described session identification is sent to described client, make
Obtaining described client and receive session identification, the described pre-main encryption string after generating and encrypting is sent to described
Server;
Memory element, the described pre-main encryption string after the encryption received and send described client enters
Row deciphering obtains described pre-main encryption string, concatenates into the relevant letter of described symmetric key according to described pre-main encryption
Breath, is stored in described preset memory by corresponding with described symmetric key relevant information for described session identification
In;
Transmission unit, for generating described symmetric key according to described symmetric key relevant information, utilizes institute
State symmetric key and be encrypted data transmission with described client.
10. server as claimed in claim 9, it is characterised in that described processing module also includes:
Determine unit, for determining that described session identification length is not according to described session identification length information
When zero, determine that described server and described client are carried out in handshake procedure again;
Correspondingly, described enquiry module includes:
Judging unit, is used for judging whether to carry in described SSL request described session identification;
Query unit, if carrying described session identification in described SSL request, then obtains described
Described session identification in SSL request, according to described session identification, inquires about from described preset memory
Obtain the described symmetric key relevant information that described session identification is corresponding, described session identification is sent to institute
State client, and send, to described client, ending message of shaking hands.
11. servers as claimed in claim 10, it is characterised in that described processing module also includes:
Notification unit, if not carrying described session identification in described SSL request, then notifies institute
State signal generating unit to perform to generate described session identification for described client, and described session identification is sent to
The step of described client.
12. servers as claimed in claim 10, it is characterised in that described query unit includes:
Inquiry subelement, for according to described session identification, inquires about session described in described preset memory
Whether the described symmetric key relevant information of mark correspondence exists;
First notice subelement, if corresponding described of session identification described in the described preset memory
Symmetric key relevant information exists, then notify that described query unit performs described session identification is sent to institute
State client, and send the step of ending message of shaking hands to described client;
Second notice subelement, if corresponding described of session identification described in the described preset memory
Symmetric key relevant information does not exists, then notify that described signal generating unit performs as the generation of described client described
Session identification, and described session identification is sent to the step of described client.
13. servers as described in claim 8-12 any claim, it is characterised in that described right
Cipher key related information is claimed to include: master key master secret, server random number and client random number.
14. servers as described in claim 8-12 any claim, it is characterised in that described clothes
Business device is the arbitrary described server in server cluster, and described preset memory is independent of described server
Arbitrary described server in cluster.
The system of 15. 1 kinds of SSL Session state reuse, it is characterised in that described system includes: server and
Preset memory;
Described server includes:
Processing module, for carrying out in handshake procedure, for described client in described server and client
Generate session identification, described session identification is sent to described client, returns according to described client
Pre-main encryption concatenates into symmetrical cipher key related information, by relevant with described symmetric key for described session identification letter
Breath correspondence is stored in described preset memory;
Enquiry module, for again carrying out in handshake procedure in described server and described client, works as institute
Stating server can be when described client gets described session identification, according to described session identification, from
In described preset memory, inquiry obtains the described symmetric key relevant information that described session identification is corresponding;
Transport module, for generating symmetric key according to described symmetric key relevant information, it is described right to utilize
Key and described client is claimed to be encrypted data transmission;
Described preset memory, for depositing corresponding with described symmetric key relevant information for described session identification
Storage.
16. systems as claimed in claim 15, it is characterised in that described processing module includes:
Processing unit, for receiving the SSL request of described client, obtains in described SSL request and takes
The session identification length information of band;
Signal generating unit, for according to described session identification length information determine session identification a length of zero time,
Generate described session identification for described client, and described session identification is sent to described client, make
Obtaining described client and receive session identification, the described pre-main encryption string after generating and encrypting is sent to described
Server;
Memory element, the described pre-main encryption string after the encryption received and send described client enters
Row deciphering obtains described pre-main encryption string, concatenates into the relevant letter of described symmetric key according to described pre-main encryption
Breath, is stored in described preset memory by corresponding with described symmetric key relevant information for described session identification
In;
Transmission unit, for generating described symmetric key according to described symmetric key relevant information, utilizes institute
State symmetric key and be encrypted data transmission with described client.
17. systems as claimed in claim 16, it is characterised in that described processing module also includes:
Determine unit, for determining that described session identification length is not according to described session identification length information
When zero, determine that described server and described client are carried out in handshake procedure again;
Correspondingly, described enquiry module includes:
Judging unit, is used for judging whether to carry in described SSL request described session identification;
Query unit, if carrying described session identification in described SSL request, then obtains described
Described session identification in SSL request, according to described session identification, inquires about from described preset memory
Obtain the described symmetric key relevant information that described session identification is corresponding, described session identification is sent to institute
State client, and send, to described client, ending message of shaking hands.
18. systems as claimed in claim 17, it is characterised in that described processing module also includes:
Notification unit, if not carrying described session identification in described SSL request, then notifies institute
State signal generating unit to perform to generate described session identification for described client, and described session identification is sent to
The step of described client.
19. systems as claimed in claim 17, it is characterised in that described query unit includes:
Inquiry subelement, for according to described session identification, inquires about session described in described preset memory
Whether the described symmetric key relevant information of mark correspondence exists;
First notice subelement, if corresponding described of session identification described in the described preset memory
Symmetric key relevant information exists, then notify that described query unit performs described session identification is sent to institute
State client, and send the step of ending message of shaking hands to described client;
Second notice subelement, if corresponding described of session identification described in the described preset memory
Symmetric key relevant information does not exists, then notify that described signal generating unit performs as the generation of described client described
Session identification, and described session identification is sent to the step of described client.
20. systems as described in claim 15-19 any claim, it is characterised in that described right
Cipher key related information is claimed to include: master key master secret, server random number and client random number.
21. systems as described in claim 15-19 any claim, it is characterised in that described clothes
Business device is the arbitrary described server in system cluster, and described preset memory is independent of described server set
Arbitrary described server in Qun.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510195144.1A CN106161404A (en) | 2015-04-22 | 2015-04-22 | The method of SSL Session state reuse, server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510195144.1A CN106161404A (en) | 2015-04-22 | 2015-04-22 | The method of SSL Session state reuse, server and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106161404A true CN106161404A (en) | 2016-11-23 |
Family
ID=57347911
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510195144.1A Pending CN106161404A (en) | 2015-04-22 | 2015-04-22 | The method of SSL Session state reuse, server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106161404A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790285A (en) * | 2017-02-27 | 2017-05-31 | 杭州迪普科技股份有限公司 | A kind of Session state reuse method and device |
| CN107426193A (en) * | 2017-06-30 | 2017-12-01 | 重庆大学 | For hardware-accelerated novel I/O paths design in a kind of https applications |
| CN109583220A (en) * | 2018-12-03 | 2019-04-05 | 北京安华金和科技有限公司 | A method of realizing data base encryption protocol analysis |
| WO2019114703A1 (en) * | 2017-12-15 | 2019-06-20 | 华为技术有限公司 | Secure communication method, apparatus and device |
| CN111385289A (en) * | 2020-02-26 | 2020-07-07 | 平安科技(深圳)有限公司 | Method, device and storage medium for secure handshake between client and server |
| CN111416714A (en) * | 2020-04-08 | 2020-07-14 | 北京信安世纪科技股份有限公司 | Method and system for realizing identifier exchange in SM9 algorithm based on SS L protocol |
| CN112019374A (en) * | 2020-07-15 | 2020-12-01 | 上海趣蕴网络科技有限公司 | Network communication optimization method and system |
| CN112769868A (en) * | 2021-02-07 | 2021-05-07 | 深圳市欧瑞博科技股份有限公司 | Communication method, communication device, electronic device and storage medium |
| CN114143108A (en) * | 2021-12-08 | 2022-03-04 | 中国建设银行股份有限公司 | Session encryption method, device, equipment and storage medium |
| CN115484301A (en) * | 2022-08-04 | 2022-12-16 | 支付宝(杭州)信息技术有限公司 | Data transmission method and device, storage medium and electronic equipment |
| CN117596076A (en) * | 2024-01-18 | 2024-02-23 | 北京华耀科技有限公司 | Session data transmission method, system, device, equipment and storage medium |
| CN118199880A (en) * | 2024-05-15 | 2024-06-14 | 上海黑瞳信息技术有限公司 | Communication protocol, system, equipment and medium based on ECDH algorithm |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102946405A (en) * | 2011-09-09 | 2013-02-27 | 微软公司 | SMB2 Scaleout |
| CN103959735A (en) * | 2011-08-25 | 2014-07-30 | 网络存储技术公司 | Systems and methods for providing secure multicast intra-cluster communication |
| EP2763374A1 (en) * | 2013-02-05 | 2014-08-06 | Nuance Communications, Inc. | Method and apparatus for supporting scalable multi-modal dialog application sessions |
-
2015
- 2015-04-22 CN CN201510195144.1A patent/CN106161404A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103959735A (en) * | 2011-08-25 | 2014-07-30 | 网络存储技术公司 | Systems and methods for providing secure multicast intra-cluster communication |
| CN102946405A (en) * | 2011-09-09 | 2013-02-27 | 微软公司 | SMB2 Scaleout |
| EP2763374A1 (en) * | 2013-02-05 | 2014-08-06 | Nuance Communications, Inc. | Method and apparatus for supporting scalable multi-modal dialog application sessions |
Non-Patent Citations (2)
| Title |
|---|
| 付亚男: "SSL服务器集群系统性能优化的研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 张忠林: "《电子商务概论》", 31 August 2006 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790285B (en) * | 2017-02-27 | 2019-09-06 | 杭州迪普科技股份有限公司 | A kind of Session state reuse method and device |
| CN106790285A (en) * | 2017-02-27 | 2017-05-31 | 杭州迪普科技股份有限公司 | A kind of Session state reuse method and device |
| CN107426193A (en) * | 2017-06-30 | 2017-12-01 | 重庆大学 | For hardware-accelerated novel I/O paths design in a kind of https applications |
| CN109936529B (en) * | 2017-12-15 | 2021-12-31 | 华为技术有限公司 | Method, device and system for secure communication |
| WO2019114703A1 (en) * | 2017-12-15 | 2019-06-20 | 华为技术有限公司 | Secure communication method, apparatus and device |
| CN109936529A (en) * | 2017-12-15 | 2019-06-25 | 华为技术有限公司 | A kind of methods, devices and systems of secure communication |
| CN109583220A (en) * | 2018-12-03 | 2019-04-05 | 北京安华金和科技有限公司 | A method of realizing data base encryption protocol analysis |
| CN111385289A (en) * | 2020-02-26 | 2020-07-07 | 平安科技(深圳)有限公司 | Method, device and storage medium for secure handshake between client and server |
| CN111416714A (en) * | 2020-04-08 | 2020-07-14 | 北京信安世纪科技股份有限公司 | Method and system for realizing identifier exchange in SM9 algorithm based on SS L protocol |
| CN112019374A (en) * | 2020-07-15 | 2020-12-01 | 上海趣蕴网络科技有限公司 | Network communication optimization method and system |
| CN112769868A (en) * | 2021-02-07 | 2021-05-07 | 深圳市欧瑞博科技股份有限公司 | Communication method, communication device, electronic device and storage medium |
| CN114143108A (en) * | 2021-12-08 | 2022-03-04 | 中国建设银行股份有限公司 | Session encryption method, device, equipment and storage medium |
| CN114143108B (en) * | 2021-12-08 | 2024-04-26 | 中国建设银行股份有限公司 | Session encryption method, device, equipment and storage medium |
| CN115484301A (en) * | 2022-08-04 | 2022-12-16 | 支付宝(杭州)信息技术有限公司 | Data transmission method and device, storage medium and electronic equipment |
| CN117596076A (en) * | 2024-01-18 | 2024-02-23 | 北京华耀科技有限公司 | Session data transmission method, system, device, equipment and storage medium |
| CN117596076B (en) * | 2024-01-18 | 2024-04-02 | 北京华耀科技有限公司 | Session data transmission method, system, device, equipment and storage medium |
| CN118199880A (en) * | 2024-05-15 | 2024-06-14 | 上海黑瞳信息技术有限公司 | Communication protocol, system, equipment and medium based on ECDH algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106161404A (en) | The method of SSL Session state reuse, server and system | |
| CN106059986A (en) | Method and server for SSL (Secure Sockets Layer) session reuse | |
| CN106533689B (en) | A kind of method and apparatus of the load digital certificates in SSL/TLS communication | |
| US10084760B2 (en) | Secure messages for internet of things devices | |
| Ristic | Bulletproof SSL and TLS: Understanding and deploying SSL/TLS and PKI to secure servers and web applications | |
| US20200021614A1 (en) | HTTPS request enrichment | |
| US11303431B2 (en) | Method and system for performing SSL handshake | |
| JP2005312026A (en) | Signature and verification method for session origination protocol routing header | |
| US10142298B2 (en) | Method and system for protecting data flow between pairs of branch nodes in a software-defined wide-area network | |
| US9942050B2 (en) | Method and apparatus for bulk authentication and load balancing of networked devices | |
| CN109921898A (en) | IPv6 stateless address generation method and device | |
| Lam et al. | Securing SDN southbound and data plane communication with IBC | |
| CN108667933A (en) | Device and communication system are established in connection method for building up, connection | |
| CN108737446A (en) | Multi-party communications method based on dual identity and system | |
| JP2009518955A (en) | Address component encapsulation | |
| US20180013729A1 (en) | Secure Application Communication System | |
| EP2753043B1 (en) | Reverse authorized syn cookie | |
| Kuntze et al. | On the automatic establishment of security relations for devices | |
| US20170201493A1 (en) | System and method for secure and anonymous communication in a network | |
| Kumar et al. | Hash based approach for providing privacy and integrity in cloud data storage using digital signatures | |
| Westermann et al. | Malice versus an. on: Possible risks of missing replay and integrity protection | |
| Baghel et al. | A survey for secure communication of cloud third party authenticator | |
| Varela et al. | Information security in WSN applied to smart metering networks based on cryptographic techniques | |
| CN111797417A (en) | File uploading method and device, storage medium and electronic device | |
| CN115086069B (en) | DDoS attack recognition method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161123 |