[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN110808989B - HTTPS acceleration method and system based on content distribution network - Google Patents

HTTPS acceleration method and system based on content distribution network Download PDF

Info

Publication number
CN110808989B
CN110808989B CN201911090331.8A CN201911090331A CN110808989B CN 110808989 B CN110808989 B CN 110808989B CN 201911090331 A CN201911090331 A CN 201911090331A CN 110808989 B CN110808989 B CN 110808989B
Authority
CN
China
Prior art keywords
server
https
session
client
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911090331.8A
Other languages
Chinese (zh)
Other versions
CN110808989A (en
Inventor
苗辉
江桂林
庄吴敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Baishancloud Technology Co Ltd
Original Assignee
Guizhou Baishancloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Baishancloud Technology Co Ltd filed Critical Guizhou Baishancloud Technology Co Ltd
Priority to CN201911090331.8A priority Critical patent/CN110808989B/en
Publication of CN110808989A publication Critical patent/CN110808989A/en
Application granted granted Critical
Publication of CN110808989B publication Critical patent/CN110808989B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses an HTTPS acceleration method and system based on a content distribution network, which adopts an SSL acceleration board scheme to solve the problems of large performance bearing pressure and low transaction processing capacity of software-based SSL implementation; the SSL acceleration board card is deployed on a server of a CDN edge node to realize centralized management of the certificate, one SSL acceleration board card can serve a plurality of clients to perform encryption and decryption, and the problems that each acceleration board card only binds specific client requests, resources are wasted, and management cost is high are solved.

Description

HTTPS acceleration method and system based on content distribution network
The application is a divisional application of Chinese patent application with the name of 'an HTTPS acceleration method and system based on a content distribution network', which is filed by the patent office of the intellectual property office of China, with the application number of 201610873442.6 on 30/09/2016.
Technical Field
The invention relates to a website optimization method, in particular to an HTTPS acceleration method and system based on a content distribution network.
Background
The HTTPS security protocol is an HTTP channel which takes security as a target, and by adding an SSL layer under the HTTP, transmission encryption can be realized, and important data such as user data, transaction data and the like are prevented from being stolen. HTTPS plays a very critical role in protecting user privacy and preventing traffic hijacking, but at the same time, HTTPS also reduces user access speed and increases computing resource consumption of the web server.
In the SSL session, the most computationally intensive part belongs to the SSL handshake phase, and there are two main handshake types for SSL, one is based on RSA and the other is based on defffie-hellman (dh). The public key algorithms of RSA and DH use many CPUs and are the slowest part of the handshake. On a notebook computer, several hundred RSA encryptions per second can be performed, in contrast to approximately one million symmetric encryption AES per second. The main work at this stage is to negotiate a session key, which is usually a symmetric key, to be applied throughout the respective session procedures; at the same time, the encryption and signature of the SSL handshake itself is an asymmetric key contained in the certificate, and the use of such an asymmetric key consumes more computing resources than a symmetric key.
Based on software SSL implementation, a processor of the server is responsible for initial key exchange of each session and subsequent data encryption and decryption, and the intensive calculation process can cause the server to bear great pressure, so that the processing capacity of other transactions is greatly reduced. Therefore, the software-based SSL implementation is only suitable for the scene of managing a small amount of SSL flow; the CDN network is characterized by a small node size, a small number of servers per node, and a large number of CDN nodes distributed in a geographically divergent manner. HTTPS acceleration is performed in a CDN network, and software-based SSL implementation obviously cannot meet the acceleration requirement.
Based on the above current situation, CDN manufacturers propose a hardware-based SSL acceleration scheme, such as an SSL acceleration board or SSL acceleration device.
The SSL acceleration board card can effectively share the pressure of a server CPU for processing SSL transactions, one or more coprocessors are used for realizing SSL calculation, and the coprocessors may adopt a general CPU or a customized ASIC chip and a RISC instruction set chip. However, for each client access, a server inserted with an SSL acceleration board needs to be allocated to complete the handshake, encryption and decryption processes, which wastes resources and increases the cost of single machine management. In addition, each server must have a unique digital certificate, so many certificates are easy to leak, and the security problem exists.
Secondly, the SSL acceleration equipment is an independent equipment embedded with the SSL acceleration board card, decrypts the encrypted traffic, and sends the decrypted data information to the background server; in the opposite direction, the system is responsible for encrypting the plaintext data sent by the background server and then forwarding the plaintext data to the client; the SSL accelerator terminates the SSL session and the background server can be released completely for data services or running applications, but the SSL accelerator is relatively expensive as a whole and is not an ideal alternative.
Disclosure of Invention
In order to solve the problems, the invention provides an HTTPS acceleration method and system based on a Content Delivery Network (CDN for short), which adopts an SSL acceleration board scheme to solve the problems of large performance bearing pressure and low transaction processing capacity efficiency of software-based SSL implementation; the SSL acceleration board card is deployed on a server of a CDN edge node to realize centralized management of the certificate, one SSL acceleration board card can serve a plurality of clients to perform encryption and decryption, and the problems that each acceleration board card only binds specific client requests, resources are wasted, and management cost is high are solved.
In order to solve the technical problem, the technical scheme adopted by the invention is that the HTTPS acceleration method based on the content delivery network comprises a CDN network management center and a DNS redirection analysis center which are positioned in a central part, a plurality of CDN network edge nodes positioned in an edge part and a source server positioned at a rear end; each CDN edge node is respectively provided with a session & cache server positioned at the front end and a unified verification server positioned at the rear end; the HTTPS acceleration method comprises the following steps:
step 1: a client side initiates an HTTPS access request to a CDN network edge node; the CDN edge node distributes a corresponding session and cache server through the load balance of the front end and carries out three-way handshake with the client;
step 2: in the handshake process, the distributed session & cache server is responsible for HTTPS session management, interacts with the unified verification server on the encryption and decryption work of the private key and the user certificate at the same time, and then returns to the client;
and step 3: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
The unified authentication server is provided with a user certificate and a private key, and integrates a plurality of SSL acceleration board cards, one or more unified authentication servers correspond to one user certificate, and the unified authentication servers are used for processing encryption and decryption; the step 2 further comprises the following processes: if a plurality of clients exist, the clients are mapped to a unified authentication server through the session & cache server, so that each client shares the hardware acceleration capability of the unified authentication server.
As a further aspect, the HTTPS accelerating method further includes the steps of: the proportional quantity of the uniform verification servers is deployed linearly along with the flow, the uniform verification servers are linearly expanded, and each uniform verification server is plugged with a plurality of SSL acceleration board cards so as to meet the requirements of larger-scale SSL transaction processing and deal with fault processing.
The invention also provides an HTTPS acceleration system based on the content delivery network, and the content delivery network comprises a CDN network management center and a DNS redirection analysis center which are positioned in the central part, a plurality of CDN network edge nodes which are positioned in the edge part and a source server which is positioned at the rear end; each CDN edge node is respectively provided with a session & cache server positioned at the front end and a unified verification server positioned at the rear end; the HTTPS acceleration system comprises the following units:
an HTTPS access request initiating unit configured to perform: a client side initiates an HTTPS access request to a CDN network edge node; a three-way handshake initiating unit to perform: the CDN edge node distributes a corresponding session and cache server through the load balance of the front end and carries out three-way handshake with the client; a three-way handshake processing unit to perform: in the handshake process, the distributed session & cache server is responsible for HTTPS session management, interacts with the unified verification server on the encryption and decryption work of the private key and the user certificate at the same time, and then returns to the client;
an HTTPS access response unit to perform: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
The invention effectively combines the respective technical advantages of the SSL acceleration board card and the CDN edge node, and the difference from the prior scheme is that:
(1) the SSL acceleration board card is used for replacing the encryption and decryption work of the common edge server, so that the edge server Offload is deployed on the unified verification server, the CPU consumption of the common edge server is greatly reduced, and the efficiency is improved;
(2) an SSL acceleration card is used for serving the encryption and decryption work of a plurality of customers from the original one-to-one service to 1-to-N service, so that the cost is greatly saved for CDN manufacturers;
(3) from the fact that one SSL acceleration card needs to manage one certificate to the fact that N customers use one SSL acceleration card at present, the certificate is managed in a centralized mode, and therefore management amount of the certificate is greatly reduced, and single machine management cost is greatly reduced;
(4) the unified verification server not only performs encryption and decryption work by inserting the SSL acceleration board card, but also can deploy software on the unified verification server according to different requirements of customers, such as a CDN server certificate application scheme, a Cloudflare keyles-SSL scheme and the like, and the invention can be effectively supported; interaction with the front-end server and the edge node is realized, so that Round Trip Time (RTT) between the servers is reduced, and efficiency is improved;
(5) the SSL acceleration board card can be linearly expanded in the edge unified verification server cluster so as to increase the transaction processing capacity of the SSL acceleration board card, centralized management is not influenced, and therefore the expansion cost is saved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of client access in an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The invention provides an HTTPS acceleration method based on a content delivery network, wherein the content delivery network comprises a CDN (content delivery network) management center and a DNS redirection analysis center which are positioned in a central part, a plurality of CDN network edge nodes which are positioned in an edge part and a source server which is positioned at a rear end.
The CDN network management center and the DNS redirection analysis center of the central part are responsible for global load balancing, and the equipment system is installed in a management center machine room.
The CDN network edge nodes are vectors for CDN delivery, and mainly comprise a Cache (Cache), a load balancer and the like, and each CDN network edge node is respectively deployed with a session & Cache at the front end and a Unified Authentication Server (UAS) at the rear end. A plurality of session and cache servers are provided, are responsible for HTTPS session management and interact with a back-end unified verification server; and after the interaction is completed, the role is changed into a cache server, and CDN service is provided for the customer. In an alternative example, the session & cache server uses OpenSSL and Nginx software configured to perform the above functions. The unified verification servers are provided with a plurality of user certificates and private keys, integrate a plurality of SSL acceleration board cards (such as Intel or NAVIMN), and are main processing servers for encryption and decryption of users. For the SSL acceleration board card, the single card throughput can reach 20Gbps generally, and the processing rates of the encryption and decryption of 1024-bit RSA and 2048-bit RSA are 35K-200Kqps and 6K-35Kqps respectively. The unified authentication server may be a RedHat/CentOS, Debian and Ubuntu, among others, other Unix operating systems (including FreeBSD) and Microsoft Windows servers running on Linux. The user certificate on each unified authentication server can be shared, that is, a plurality of unified authentication servers can use the same certificate, or each unified authentication server can correspond to one user certificate. The unified validation server is stateless, allows the client to use off-the-shelf hardware, and deploys the proportion of the unified validation server linearly with the traffic; by running multiple unified authentication servers and load balancing through DNS, the customer's site can be kept highly available.
The source server comprises cacheable data and non-cacheable data, the cacheable data is used for updating cache with the session & cache server, and the non-cacheable data is returned to the source for use after the client establishes a session with the edge node.
Based on a content distribution network, with reference to the schematic diagram of fig. 1, the HTTPS acceleration method of the present invention includes the following processes: step 1: a client initiates HTTPS access, distributes a corresponding session and cache server through load balance of a front end, and initiates a three-way handshake (RSA/DH) process; the client is a network terminal user, and may browse a webpage by using a currently popular browser (Chrome, Firefox, IE, and the like), and the client 1, the client 2, and the client 3 in the figure respectively refer to clients representing access of different website acceleration clients, such as different website acceleration clients of a new wave network, a Tencent network, a netbook, and the like;
step 2: in the handshake process, the session & cache server interacts with the unified verification server for the encryption and decryption work of the private key and the user certificate (depending on different schemes), and then returns to the client; for a plurality of clients, mapping each client to a unified verification server through a session & cache server, so that each client shares the hardware acceleration capability of the unified verification server;
and step 3: after the handshake process is completed, the Cache service of the session and Cache server is normally developed, the client normally uses the CDN service, for the cacheable data, the data is directly obtained from the server of the edge node, and for the non-cacheable data, the data is obtained from the source server;
and 4, step 4: the number of the uniform verification servers can be linearly deployed according to the flow rate, the uniform verification servers can be linearly expanded when expansion is needed, and each server is plugged with a plurality of SSL acceleration boards so as to meet requirements of larger-scale SSL transaction processing; or forming a master-slave to deal with fault processing.
The invention also provides an HTTPS acceleration system based on the content delivery network, and the content delivery network comprises a CDN network management center and a DNS redirection analysis center which are positioned in the central part, a plurality of CDN network edge nodes which are positioned in the edge part and a source server which is positioned at the rear end; each CDN edge node is respectively provided with a session & cache server positioned at the front end and a unified verification server positioned at the rear end; the HTTPS acceleration system comprises the following units:
an HTTPS access request initiating unit configured to perform: a client side initiates an HTTPS access request to a CDN network edge node; a three-way handshake initiating unit to perform: the CDN edge node distributes a corresponding session and cache server through the load balance of the front end and carries out three-way handshake with the client; a three-way handshake processing unit to perform: in the handshake process, the distributed session & cache server is responsible for HTTPS session management, interacts with the unified verification server on the encryption and decryption work of the private key and the user certificate at the same time, and then returns to the client; if a plurality of clients exist, the clients are mapped to a unified authentication server through the session & cache server, so that each client shares the hardware acceleration capability of the unified authentication server.
An HTTPS access response unit to perform: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
The system comprises a unified authentication server, a plurality of SSL acceleration board cards and a plurality of SSL acceleration board cards, wherein the unified authentication server is provided with a user certificate and a private key and integrates the SSL acceleration board cards; the number of the uniform verification servers can be linearly deployed according to the flow rate, the uniform verification servers can be linearly expanded when expansion is needed, and each server is plugged with a plurality of SSL acceleration boards so as to meet requirements of larger-scale SSL transaction processing; or forming a master-slave to deal with fault processing.
The above-described aspects may be implemented individually or in various combinations, and such variations are within the scope of the present invention.
It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by instructing the relevant hardware through a program, and the program may be stored in a computer readable storage medium, such as a read-only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the foregoing embodiments may also be implemented by using one or more integrated circuits, and accordingly, each module/unit in the foregoing embodiments may be implemented in the form of hardware, and may also be implemented in the form of a software functional module. The present invention is not limited to any specific form of combination of hardware and software.
It is to be noted that, in this document, the terms "comprises", "comprising" or any other variation thereof are intended to cover a non-exclusive inclusion, so that an article or apparatus including a series of elements includes not only those elements but also other elements not explicitly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of additional like elements in the article or device comprising the element.
The above embodiments are merely to illustrate the technical solutions of the present invention and not to limit the present invention, and the present invention has been described in detail with reference to the preferred embodiments. It will be understood by those skilled in the art that various modifications and equivalent arrangements may be made without departing from the spirit and scope of the present invention and it should be understood that the present invention is to be covered by the appended claims.

Claims (8)

1. An HTTPS acceleration method based on a content distribution network is characterized in that: the content delivery network comprises CDN network edge nodes, wherein the CDN network edge nodes are respectively provided with a session and cache server positioned at the front end and a unified verification server positioned at the rear end;
the HTTPS acceleration method comprises the following steps:
step 1: the method comprises the following steps that a CDN network edge node receives an HTTPS access request initiated by a client, distributes a corresponding session and cache server through load balancing of a front end, and performs three-way handshake with the client;
step 2: in the handshake process, the distributed session & cache server is responsible for HTTPS session management, the session & cache server interacts with the unified authentication server for encryption and decryption of the private key and the user certificate at the same time, and then returns to the client, the unified authentication server is used for processing encryption and decryption, the unified authentication server is provided with the user certificate and the private key, and one or more unified authentication servers correspond to the multi-user certificate;
and step 3: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
2. The HTTPS acceleration method according to claim 1, characterized in that: the unified verification server integrates a plurality of SSL acceleration board cards.
3. The HTTPS acceleration method according to claim 2, characterized in that: the step 2 further comprises the following processes:
if a plurality of clients exist, the clients are mapped to a unified authentication server through the session & cache server, so that each client shares the hardware acceleration capability of the unified authentication server.
4. HTTPS acceleration method according to claim 1, 2 or 3, characterized in that: the HTTPS acceleration method also comprises the following steps:
the proportional quantity of the uniform verification servers is deployed linearly along with the flow, the uniform verification servers are linearly expanded, and each uniform verification server is plugged with a plurality of SSL acceleration board cards so as to meet the requirements of larger-scale SSL transaction processing and deal with fault processing.
5. An HTTPS acceleration system based on a content delivery network comprises CDN network edge nodes, wherein the CDN network edge nodes are respectively deployed with a session & cache server positioned at the front end and a unified verification server positioned at the rear end;
the HTTPS acceleration system comprises the following units:
an HTTPS access request receiving unit configured to execute: a CDN network edge node receives an HTTPS access request initiated by a client;
a three-way handshake initiating unit to perform: the CDN edge node distributes a corresponding session and cache server through the load balance of the front end and carries out three-way handshake with the client;
a three-way handshake processing unit to perform: in the handshake process, the distributed session & cache server is responsible for HTTPS session management, the session & cache server interacts with the unified authentication server for encryption and decryption of the private key and the user certificate at the same time, and then returns to the client, the unified authentication server is used for processing encryption and decryption, the unified authentication server is provided with the user certificate and the private key, and one or more unified authentication servers correspond to the multi-user certificate;
an HTTPS access response unit to perform: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
6. The HTTPS acceleration system of claim 5, wherein: the unified verification server integrates a plurality of SSL acceleration board cards.
7. The HTTPS acceleration system of claim 6, wherein: the three-way handshake processing unit further performs the following operations:
if a plurality of clients exist, the clients are mapped to a unified authentication server through the session & cache server, so that each client shares the hardware acceleration capability of the unified authentication server.
8. The HTTPS acceleration system according to claim 5, 6 or 7, characterized in that:
the proportional quantity of the uniform verification servers is deployed linearly along with the flow, the uniform verification servers are linearly expanded, and each uniform verification server is plugged with a plurality of SSL acceleration board cards so as to meet requirements of larger-scale SSL transaction processing and deal with fault processing.
CN201911090331.8A 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network Active CN110808989B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911090331.8A CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911090331.8A CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network
CN201610873442.6A CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201610873442.6A Division CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network

Publications (2)

Publication Number Publication Date
CN110808989A CN110808989A (en) 2020-02-18
CN110808989B true CN110808989B (en) 2022-01-21

Family

ID=57839835

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201911090331.8A Active CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network
CN201610873442.6A Active CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201610873442.6A Active CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network

Country Status (2)

Country Link
CN (2) CN110808989B (en)
WO (1) WO2018059578A1 (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110808989B (en) * 2016-09-30 2022-01-21 贵州白山云科技股份有限公司 HTTPS acceleration method and system based on content distribution network
CN106789344B (en) * 2017-01-19 2019-11-12 上海帝联信息科技股份有限公司 Data transmission method, system, CDN network and client
CN107707514B (en) * 2017-02-08 2018-08-21 贵州白山云科技有限公司 One kind is for encrypted method and system and device between CDN node
CN107707517B (en) * 2017-05-09 2018-11-13 贵州白山云科技有限公司 A kind of HTTPs handshake methods, device and system
CN107257327B (en) * 2017-05-25 2020-12-29 中央民族大学 High-concurrency SSL session management method
CN108574687B (en) * 2017-07-03 2020-11-27 北京金山云网络技术有限公司 Communication connection establishment method and device, electronic equipment and computer readable medium
US11153289B2 (en) * 2017-07-28 2021-10-19 Alibaba Group Holding Limited Secure communication acceleration using a System-on-Chip (SoC) architecture
CN109428876B (en) * 2017-09-01 2021-10-08 腾讯科技(深圳)有限公司 Handshake connection method and device
CN109561027A (en) * 2017-09-26 2019-04-02 中兴通讯股份有限公司 Flow optimization method, load balancer and the storage medium of transparent caching
CN109842664A (en) * 2017-11-29 2019-06-04 苏宁云商集团股份有限公司 A kind of CDN of the safety without private key of High Availabitity supports the system and method for HTTPS
CN108401011B (en) * 2018-01-30 2021-09-24 网宿科技股份有限公司 Acceleration method and device for handshake request in content distribution network and edge node
CN108429682A (en) * 2018-02-26 2018-08-21 湖南科技学院 A kind of optimization method and system of network transmission link
CN110324365B (en) * 2018-03-28 2023-01-24 网易(杭州)网络有限公司 Keyless front-end cluster system, application method, storage medium and electronic device
CN111010404B (en) * 2018-03-30 2022-07-29 贵州白山云科技股份有限公司 Data transmission method, data transmission equipment and computer readable storage medium
CN108804515B (en) * 2018-04-25 2021-05-28 网宿科技股份有限公司 Webpage loading method, webpage loading system and server
CN114338629A (en) * 2020-09-25 2022-04-12 北京金山云网络技术有限公司 Data processing method, device, equipment and medium
CN112187804B (en) * 2020-09-29 2023-01-20 北京金山云网络技术有限公司 Communication method and device of server, computer equipment and storage medium
US11579781B2 (en) 2020-10-23 2023-02-14 Red Hat, Inc. Pooling distributed storage nodes that have specialized hardware
CN113301159B (en) * 2021-05-26 2022-12-09 中国电子科技集团公司第五十四研究所 Service position obtaining method and device in edge computing system
CN115460083B (en) * 2021-06-09 2024-04-19 贵州白山云科技股份有限公司 Security acceleration service deployment method, device, medium and equipment
CN117857095A (en) * 2023-12-05 2024-04-09 天翼云科技有限公司 Non-private key TLS handshake solving method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104702611A (en) * 2015-03-15 2015-06-10 西安电子科技大学 Equipment and method for protecting session key of secure socket layer
CN105871797A (en) * 2015-11-19 2016-08-17 乐视云计算有限公司 Handshake method, device and system of client and server

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9647835B2 (en) * 2011-12-16 2017-05-09 Akamai Technologies, Inc. Terminating SSL connections without locally-accessible private keys
US9531691B2 (en) * 2011-12-16 2016-12-27 Akamai Technologies, Inc. Providing forward secrecy in a terminating TLS connection proxy
KR101491697B1 (en) * 2013-12-10 2015-02-11 주식회사 시큐아이 Security device including ssl acceleration card and operating method thereof
CN104732164A (en) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 Device and method both for accelerating SSL (Security Socket Layer) data processing speed
CN106027646B (en) * 2016-05-19 2019-06-21 北京云钥网络科技有限公司 A kind of method and device accelerating HTTPS
CN106101007B (en) * 2016-05-24 2019-05-07 杭州迪普科技股份有限公司 Handle the method and device of message
CN106230782A (en) * 2016-07-20 2016-12-14 腾讯科技(深圳)有限公司 A kind of information processing method based on content distributing network and device
CN110808989B (en) * 2016-09-30 2022-01-21 贵州白山云科技股份有限公司 HTTPS acceleration method and system based on content distribution network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104702611A (en) * 2015-03-15 2015-06-10 西安电子科技大学 Equipment and method for protecting session key of secure socket layer
CN105871797A (en) * 2015-11-19 2016-08-17 乐视云计算有限公司 Handshake method, device and system of client and server

Also Published As

Publication number Publication date
CN106341417A (en) 2017-01-18
WO2018059578A1 (en) 2018-04-05
CN106341417B (en) 2019-11-05
CN110808989A (en) 2020-02-18

Similar Documents

Publication Publication Date Title
CN110808989B (en) HTTPS acceleration method and system based on content distribution network
US10880087B2 (en) System and method for service-to-service authentication
US6732277B1 (en) Method and apparatus for dynamically accessing security credentials and related information
CN111556120B (en) Data processing method and device based on block chain, storage medium and equipment
US20200372360A1 (en) Secure cloud-based machine learning without sending original data to the cloud
CN110351364A (en) Date storage method, equipment and computer readable storage medium
US20210211286A1 (en) System and methods for data exchange using a distributed ledger
JP7530146B2 (en) Secure private key distribution among endpoint instances
US11621856B2 (en) Generating a domain name system container image to create an instance of a domain name system container
CN112235274B (en) Bank-enterprise direct connection system and method supporting multiple encryption algorithms to carry out secure communication
WO2016000473A1 (en) Business access method, system and device
US9800568B1 (en) Methods for client certificate delegation and devices thereof
CN115694914B (en) Password service deployment system and method oriented to Internet of things
CN115706729B (en) Service providing method and device, equipment and storage medium
Hena et al. Blockchain Based Authentication Framework for Kerberos Enabled Hadoop Clusters
Rajathi et al. Practical Implementation and Analysis of TLS Client Certificate Authentication
Prakash et al. Data verification using block level batch auditing on multi-cloud server
Modh et al. Mobile Data Security using TPA Initiated Token Based Cryptography
Srivenkatesh et al. Implementing Multiprime RSA Algorithm to Enhance the Data Security in Federated Cloud Computing
CN114338056A (en) Network access method based on cloud distribution and system, medium and equipment thereof
Yang et al. PADP: A parallel data possession audit model for cloud storage
Yun et al. The biometric signature delegation scheme to balance the load of digital signing in hybrid P2P networks
Zibuschka et al. Towards privacy-enhancing identity management in mashup-providing platforms
Alkunte et al. Enhanced security using shared authority protocol and data partitioning for cloud storage
Krzywiecki et al. Efficient probabilistic methods for proof of possession in clouds

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant