[go: up one dir, main page]

CN106341417B - A method and system for accelerating HTTPS based on content distribution network - Google Patents

A method and system for accelerating HTTPS based on content distribution network Download PDF

Info

Publication number
CN106341417B
CN106341417B CN201610873442.6A CN201610873442A CN106341417B CN 106341417 B CN106341417 B CN 106341417B CN 201610873442 A CN201610873442 A CN 201610873442A CN 106341417 B CN106341417 B CN 106341417B
Authority
CN
China
Prior art keywords
server
session
https
client
unified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610873442.6A
Other languages
Chinese (zh)
Other versions
CN106341417A (en
Inventor
苗辉
江桂林
庄吴敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Baishancloud Technology Co Ltd
Original Assignee
Guizhou Baishancloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Baishancloud Technology Co Ltd filed Critical Guizhou Baishancloud Technology Co Ltd
Priority to CN201911090331.8A priority Critical patent/CN110808989B/en
Priority to CN201610873442.6A priority patent/CN106341417B/en
Publication of CN106341417A publication Critical patent/CN106341417A/en
Priority to PCT/CN2017/104806 priority patent/WO2018059578A1/en
Application granted granted Critical
Publication of CN106341417B publication Critical patent/CN106341417B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses an HTTPS acceleration method and system based on a content distribution network, which adopts an SSL acceleration board scheme to solve the problems of high performance bearing pressure and low transaction processing capacity caused by software-based SSL realization; the SSL acceleration board card is deployed on a server of a CDN edge node to realize centralized management of the certificate, one SSL acceleration board card can serve a plurality of clients to perform encryption and decryption, and the problems that each acceleration board card only binds specific client requests, resources are wasted, and management cost is high are solved.

Description

一种基于内容分发网络的HTTPS加速方法和系统A method and system for accelerating HTTPS based on content distribution network

技术领域technical field

本发明涉及一种网站优化方法,具体涉及一种基于CDN(内容分发网络)的HTTPS加速方法和系统。The invention relates to a website optimization method, in particular to a CDN (content distribution network)-based HTTPS acceleration method and system.

背景技术Background technique

HTTPS安全协议是以安全为目标的HTTP通道,通过在HTTP下加入SSL层,能够实现传输加密,避免用户数据、交易数据等重要数据被窃取。HTTPS 在保护用户隐私,防止流量劫持方面发挥着非常关键的作用,但与此同时,HTTPS 也会降低用户访问速度,增加网站服务器的计算资源消耗。The HTTPS security protocol is an HTTP channel with the goal of security. By adding the SSL layer under HTTP, it can realize transmission encryption and prevent important data such as user data and transaction data from being stolen. HTTPS plays a very critical role in protecting user privacy and preventing traffic hijacking, but at the same time, HTTPS will also reduce user access speed and increase the computing resource consumption of website servers.

在SSL会话中,计算量最大的部分当属SSL握手阶段,SSL有两种主要的握手类型,一种是基于RSA,一种是基于Deiffie-Hellman(DH)。RSA 和DH的公钥算法使用了很多CPU且是握手中最慢的部分。一个笔记本电脑上可以每秒进行几百次RSA加密,对比每秒大约一千万次对称加密AES。这个阶段的主要工作是协商会话密钥,该密钥通常是对称密钥,将被贯穿应用于相应的会话过程中;与此同时,SSL握手本身的加密和签名则是包含在证书中的非对称密钥,使用这种非对称密钥比对称密钥对计算资源的消耗更大。In an SSL session, the most computationally intensive part is the SSL handshake phase. SSL has two main handshake types, one based on RSA and the other based on Deiffie-Hellman (DH). The RSA and DH public key algorithms use a lot of CPU and are the slowest part of the handshake. Hundreds of RSA encryptions per second can be performed on a laptop, compared to about 10 million symmetric encryptions per second for AES. The main work of this stage is to negotiate the session key, which is usually a symmetric key, which will be applied throughout the corresponding session; at the same time, the encryption and signature of the SSL handshake itself are the non-public keys contained in the certificate. Symmetric keys, the use of such asymmetric keys consumes more computing resources than symmetric keys.

基于软件的SSL实现,服务器的处理器负责各个会话初始的密钥交换以及后续的数据加解密,这种密集的计算过程会使服务器承受极大的压力,使得其他事务处理能力大大降低。因此基于软件的SSL实现,只适用于管理少量SSL流量的场景;而CDN网络的特点,是节点规模小,每个节点的服务器数量较少,然而CDN节点分布较多,呈地理性发散分布。在CDN网络中做HTTPS加速,基于软件的SSL实现明显不能满足加速需求。Based on software-based SSL implementation, the server's processor is responsible for the initial key exchange of each session and the subsequent data encryption and decryption. This intensive calculation process will put great pressure on the server and greatly reduce other transaction processing capabilities. Therefore, the software-based SSL implementation is only suitable for managing a small amount of SSL traffic. The CDN network is characterized by a small scale of nodes and a small number of servers per node. However, there are many CDN nodes distributed geographically. For HTTPS acceleration in the CDN network, the software-based SSL implementation obviously cannot meet the acceleration requirements.

基于上述现状,CDN厂商提出了基于硬件的SSL加速方案,如SSL加速板卡或SSL加速设备。Based on the above status quo, CDN manufacturers have proposed hardware-based SSL acceleration solutions, such as SSL acceleration boards or SSL acceleration devices.

SSL加速板卡能够有效分担服务器CPU处理SSL事务的压力,一个或多个协处理器用于实现SSL计算,这些协处理器可能采用通用CPU,也可能采用定制的ASIC芯片和RISC指令集芯片。但是,对每个客户访问,都要分配一个插SSL加速板卡的服务器完成握手、加解密过程,浪费资源的同时,单机管理成本也高。另外,每台服务器上必须具备唯一性数字证书,这么多证书容易泄露,存在安全问题。 The SSL acceleration board can effectively share the pressure of the server CPU to handle SSL transactions. One or more coprocessors are used to implement SSL calculations. These coprocessors may use general-purpose CPUs, or custom-made ASIC chips and RISC instruction set chips. However, for each client visit, a server with an SSL accelerator card must be assigned to complete the handshake, encryption and decryption process, which wastes resources and also costs a lot of stand-alone management. In addition, each server must have a unique digital certificate, so many certificates are easy to leak, and there are security problems.

其次,SSL加速设备是嵌入SSL加速板卡的独立设备,对加密流量进行解密,并将解过密的数据信息发送给后台服务器;在相反方向上,负责加密由后台服务器发来的明文数据再将其转发给客户端;SSL加速设备终结了SSL会话,后台服务器可以完全被释放出来用于数据服务或者运行应用程序,但是SSL加速设备整体成本偏高,并不是一个理想的替代方案。Secondly, the SSL acceleration device is an independent device embedded in the SSL acceleration board, which decrypts the encrypted traffic and sends the decrypted data information to the background server; in the opposite direction, it is responsible for encrypting the plaintext data sent by the background server and then It is forwarded to the client; the SSL acceleration device terminates the SSL session, and the background server can be completely released for data services or running applications. However, the overall cost of the SSL acceleration device is high, so it is not an ideal alternative.

发明内容Contents of the invention

因此,对于上述的问题,本发明提出一种基于内容分发网络(Content DeliveryNetwork,简称CDN)的HTTPS加速方法和系统,采用SSL加速板卡方案,解决了基于软件的SSL实现的性能承受压力大、事务处理能力低效的问题;并将SSL加速板卡部署在CDN网络边缘节点的服务器上,对证书实现集中式管理,且一张SSL加速板卡能够服务多个客户进行加解密工作,解决了每个加速板卡只绑定特定客户端请求的资源浪费、管理成本高的问题。Therefore, for the above-mentioned problems, the present invention proposes an HTTPS acceleration method and system based on Content Delivery Network (CDN for short), adopts the SSL acceleration board scheme, and solves the problem of high performance pressure of the software-based SSL implementation. The problem of inefficient transaction processing capability; the SSL acceleration board is deployed on the server of the edge node of the CDN network to realize centralized management of certificates, and one SSL acceleration board can serve multiple customers for encryption and decryption, which solves the problem Each accelerator board is only bound to a specific client request, resulting in waste of resources and high management costs.

为了解决上述技术问题,本发明所采用的技术方案是,一种基于内容分发网络的HTTPS加速方法,该内容分发网络包括位于中心部分的CDN网管中心和DNS重定向解析中心、位于边缘部分的多个CDN网络边缘节点以及位于后端的源服务器;各CDN网络边缘节点分别部署了位于前端的会话&缓存服务器和位于后端的统一验证服务器;该HTTPS加速方法包括如下步骤:In order to solve the above-mentioned technical problems, the technical solution adopted by the present invention is an HTTPS acceleration method based on a content distribution network. A CDN network edge node and a source server positioned at the back end; each CDN network edge node is respectively deployed with a session & cache server positioned at the front end and a unified verification server positioned at the back end; the HTTPS acceleration method comprises the following steps:

步骤1:客户端向CDN网络边缘节点发起HTTPS访问请求;CDN网络边缘节点通过前端的负载均衡,分配一台对应的会话&缓存服务器,与客户端进行三次握手;Step 1: The client initiates an HTTPS access request to the edge node of the CDN network; the edge node of the CDN network allocates a corresponding session & cache server through front-end load balancing, and performs a three-way handshake with the client;

步骤2:握手过程中,分配好的会话&缓存服务器负责HTTPS会话管理,该会话&缓存服务器同时就私钥和用户证书的加解密工作与统一验证服务器进行交互,之后返回客户端;Step 2: During the handshake process, the assigned session & cache server is responsible for HTTPS session management. The session & cache server interacts with the unified authentication server on the encryption and decryption of the private key and user certificate at the same time, and then returns to the client;

步骤3:完成握手过程后,所述会话&缓存服务器的缓存服务正常开展,为客户端提供CDN服务;对于客户端所请求的数据,如果是可缓存数据,直接在会话&缓存服务器获取,如果是不可缓存数据,则向源服务器获取。Step 3: After the handshake process is completed, the cache service of the session & cache server is normally carried out to provide CDN services for the client; for the data requested by the client, if it is cacheable data, it is directly obtained from the session & cache server, if If the data is not cacheable, it will be obtained from the source server.

其中,所述统一验证服务器上设有用户证书和私钥,并集成了若干SSL加速板卡,一台或者多台统一验证服务器对应一用户证书,该统一验证服务器用于处理加解密;所述步骤2还包括如下过程:如果有多个客户端,则通过该会话&缓存服务器将各客户端映射到一台统一验证服务器上,使每个客户端分享统一验证服务器的硬件加速能力。Wherein, the unified verification server is provided with a user certificate and a private key, and integrates several SSL acceleration boards, and one or more unified verification servers correspond to a user certificate, and the unified verification server is used for processing encryption and decryption; Step 2 also includes the following process: if there are multiple clients, each client is mapped to a unified authentication server through the session & cache server, so that each client can share the hardware acceleration capability of the unified authentication server.

作为一个更进一步的方案,该HTTPS加速方法还包括如下步骤:统一验证服务器的比例数量随流量线性进行部署,将统一验证服务器线性扩展,每台统一验证服务器上插上若干SSL加速板卡,以应对更大规模的SSL事务处理需求和应对故障处理。As a further solution, the HTTPS acceleration method also includes the following steps: the proportion of the unified verification server is deployed linearly with the traffic, the unified verification server is linearly expanded, and several SSL acceleration boards are inserted on each unified verification server. Respond to larger-scale SSL transaction processing requirements and handle fault handling.

本发明还同时提供一种基于内容分发网络的HTTPS加速系统,该内容分发网络包括位于中心部分的CDN网管中心和DNS重定向解析中心、位于边缘部分的多个CDN网络边缘节点以及位于后端的源服务器;各CDN网络边缘节点分别部署了位于前端的会话&缓存服务器和位于后端的统一验证服务器;该HTTPS加速系统包括如下单元:The present invention also provides an HTTPS acceleration system based on a content distribution network. The content distribution network includes a CDN network management center and a DNS redirection analysis center located in the central part, a plurality of CDN network edge nodes located in the edge part, and a source located in the back end. Server; Each CDN network edge node is deployed with a session & cache server at the front end and a unified authentication server at the back end; the HTTPS acceleration system includes the following units:

HTTPS访问请求发起单元,用于执行:客户端向CDN网络边缘节点发起HTTPS访问请求;The HTTPS access request initiation unit is used to execute: the client initiates an HTTPS access request to the edge node of the CDN network;

三次握手发起单元,用于执行:CDN网络边缘节点通过前端的负载均衡,分配一台对应的会话&缓存服务器,与客户端进行三次握手;The three-way handshake initiation unit is used to execute: the CDN network edge node allocates a corresponding session & cache server through front-end load balancing, and performs three-way handshake with the client;

三次握手处理单元,用于执行:握手过程中,分配好的会话&缓存服务器负责HTTPS会话管理,该会话&缓存服务器同时就私钥和用户证书的加解密工作与统一验证服务器进行交互,之后返回客户端;The three-way handshake processing unit is used to execute: during the handshake process, the assigned session & cache server is responsible for HTTPS session management, and the session & cache server interacts with the unified authentication server on the encryption and decryption of the private key and user certificate at the same time, and then returns client;

HTTPS访问应答单元,用于执行:完成握手过程后,所述会话&缓存服务器的缓存服务正常开展,为客户端提供CDN服务;对于客户端所请求的数据,如果是可缓存数据,直接在会话&缓存服务器获取,如果是不可缓存数据,则向源服务器获取。The HTTPS access response unit is used to perform: after the handshake process is completed, the cache service of the session & cache server is normally carried out to provide CDN services for the client; for the data requested by the client, if it is cacheable data, it is directly stored in the session & The cache server gets it, if it is uncacheable data, it gets it from the source server.

本发明有效地结合SSL加速板卡和CDN网络边缘节点各自的技术优势,与现有方案之间的不同在于:The present invention effectively combines the respective technical advantages of the SSL acceleration board and the edge nodes of the CDN network, and the difference from the existing solutions lies in:

(1) 使用SSL加速板卡代替普通边缘服务器的加解密工作,使边缘服务器Offload,部署到统一验证服务器上,大大降低了普通边缘服务器的CPU消耗,提高了效率;(1) Use the SSL acceleration board to replace the encryption and decryption work of the ordinary edge server, so that the edge server is Offloaded and deployed to the unified verification server, which greatly reduces the CPU consumption of the ordinary edge server and improves the efficiency;

(2) 使用一张SSL加速卡来服务若干客户的加解密工作,从原来的一对一的服务到1对N,这样对CDN厂商而言,大大节省了成本;(2) Use one SSL accelerator card to serve the encryption and decryption work of several customers, from the original one-to-one service to one-to-N, which greatly saves costs for CDN manufacturers;

(3)从原来的一张SSL加速卡需要管理一个证书,到现在的N个客户使用一张SSL加速板卡,证书集中式管理,这样证书的管理量大大减少,单机管理成本大大降低;(3) From the original one SSL accelerator card that needs to manage one certificate to the current N customers using one SSL accelerator card, the certificates are managed in a centralized manner, which greatly reduces the amount of certificate management and greatly reduces the cost of stand-alone management;

(4)其中的统一验证服务器,除了通过插SSL加速板卡做加解密工作,还可以根据客户的不同需求情况,在统一验证服务器上部署软件,如CDN服务器申请证书方案、Cloudflare的keyless-SSL方案等,本发明都能有效支持;在实现与前端服务器同在边缘节点的交互,这样减少了服务器间往返RTT,提高了效率;(4) Among them, the unified verification server, in addition to doing encryption and decryption work by inserting the SSL acceleration board, can also deploy software on the unified verification server according to different needs of customers, such as the CDN server application certificate solution, Cloudflare's keyless-SSL The present invention can effectively support various schemes and the like; in realizing the interaction with the front-end server at the same edge node, this reduces the round-trip RTT between servers and improves the efficiency;

(5)SSL加速板卡可以在边缘统一验证服务器集群中线性扩展,以增加其事务处理能力,不影响集中管理,这样也节省了扩容成本。(5) The SSL acceleration board can be linearly expanded in the edge unified authentication server cluster to increase its transaction processing capability without affecting centralized management, which also saves expansion costs.

附图说明Description of drawings

图1为本发明的客户端访问示意图。FIG. 1 is a schematic diagram of client access in the present invention.

具体实施方式Detailed ways

现结合附图和具体实施方式对本发明进一步说明。The present invention will be further described in conjunction with the accompanying drawings and specific embodiments.

本发明提供一种基于内容分发网络的HTTPS加速方法,该内容分发网络包括位于中心部分的CDN网管中心和DNS重定向解析中心、位于边缘部分的多个CDN网络边缘节点以及位于后端的源服务器。The invention provides an HTTPS acceleration method based on a content distribution network. The content distribution network includes a CDN network management center and a DNS redirection analysis center located in the central part, a plurality of CDN network edge nodes located in the edge part, and a source server located in the back end.

中心部分的CDN网管中心和DNS重定向解析中心负责全局负载均衡,设备系统安装在管理中心机房。The CDN network management center and DNS redirection analysis center in the central part are responsible for global load balancing, and the equipment system is installed in the management center computer room.

CDN网络边缘节点为CDN分发的载体,主要由Cache(缓存)和负载均衡器等组成,各CDN网络边缘节点分别部署了位于前端的会话&缓存和位于后端的统一验证服务器(UAS)。其中,会话&缓存服务器设有多个,负责HTTPS会话管理,并与后端统一验证服务器交互;完成交互后,则转变角色为缓存服务器,为客户提供CDN服务。在一个可选的例子中,该会话&缓存服务器使用配置的OpenSSL和Nginx软件完成上述功能。统一验证服务器设有多个,其含用户证书、私钥,集成了若干SSL加速板卡(如Intel或者NAVIMN),是用户加解密的主要处理服务器。对SSL加速板卡,其单卡吞吐量通常可以达到20Gbps,对1024位RSA和2048位RSA加解密,其处理速率分别为35K-200Kqps和6K-35Kqps。统一验证服务器可以是在Linux上运行(RedHat/CentOS、Debian和Ubuntu,和其他的),其他的Unix操作系统(包含FreeBSD)和微软Windows服务器。各统一验证服务器上的用户证书可共享,也就是说多个统一验证服务器可以使用同一个证书,也可以是各统一验证服务器对应一个用户证书。统一验证服务器是无状态的、允许客户端使用现成的硬件,并随着流量线性部署统一验证服务器的比例;通过运行多个统一验证服务器和通过DNS的负载均衡,客户的站点可以被保持高可用的。The CDN network edge node is the carrier of CDN distribution, mainly composed of Cache (cache) and load balancer, etc. Each CDN network edge node is deployed with a session & cache at the front end and a unified authentication server (UAS) at the back end. Among them, there are multiple session & cache servers, which are responsible for HTTPS session management and interact with the back-end unified authentication server; after the interaction is completed, the role is changed to a cache server to provide CDN services for customers. In an optional example, the session & cache server uses configured OpenSSL and Nginx software to complete the above functions. There are multiple unified authentication servers, which include user certificates and private keys, and integrate several SSL acceleration boards (such as Intel or NAVIMN), which are the main processing servers for user encryption and decryption. For SSL accelerator boards, the throughput of a single card can usually reach 20Gbps, and the processing rates for 1024-bit RSA and 2048-bit RSA encryption and decryption are 35K-200Kqps and 6K-35Kqps respectively. Unified authentication servers can be running on Linux (RedHat/CentOS, Debian and Ubuntu, and others), other Unix operating systems (including FreeBSD) and Microsoft Windows servers. The user certificates on each unified verification server can be shared, that is to say, multiple unified verification servers can use the same certificate, or each unified verification server can correspond to a user certificate. The unified authentication server is stateless, allowing clients to use off-the-shelf hardware and deploying the proportion of the unified authentication server linearly with the traffic; by running multiple unified authentication servers and load balancing through DNS, the customer's site can be kept highly available of.

源服务器包含可缓存数据和不可缓存数据,可缓存数据用于与会话&缓存服务器更新缓存,不可缓存数据在客户端与边缘节点建立会话后回源使用。The source server contains cacheable data and non-cacheable data. The cacheable data is used to update the cache with the session & cache server, and the non-cacheable data is returned to the source for use after the client establishes a session with the edge node.

基于内容分发网络,结合图1的示意图,本发明的HTTPS加速方法包括如下过程:Based on the content distribution network, in conjunction with the schematic diagram of Fig. 1, the HTTPS acceleration method of the present invention includes the following processes:

步骤1:客户端发起HTTPS访问,通过前端的负载均衡,分配一台对应的会话&缓存服务器,发起三次握手(RSA/DH)过程;其中,客户端为网络终端用户,可能采用当下流行的浏览器(Chrome、Firefox、IE等)浏览网页,图中的客户端1、客户端2、客户端3,分别指不同网站加速客户的客户端代表访问,如分别指新浪网、腾讯网、网易等不同网站加速客户;Step 1: The client initiates HTTPS access, assigns a corresponding session & cache server through front-end load balancing, and initiates a three-way handshake (RSA/DH) process; where the client is a network end user, and may use the current popular browsing browsers (Chrome, Firefox, IE, etc.) to browse the web, the client 1, client 2, and client 3 in the figure refer to different websites to accelerate customer client representative visits, such as Sina.com, Tencent.com, NetEase, etc. Different websites accelerate customers;

步骤2:握手过程中,该会话&缓存服务器就私钥和用户证书的加解密工作与统一验证服务器交互(视不同方案实现而定),之后返回客户端;对于多个客户端,通过会话&缓存服务器将各客户端映射到一台统一验证服务器上,使每个客户端分享统一验证服务器的硬件加速能力;Step 2: During the handshake process, the session & cache server interacts with the unified authentication server on the encryption and decryption of the private key and user certificate (depending on the implementation of different schemes), and then returns to the client; for multiple clients, through the session & The cache server maps each client to a unified verification server, so that each client can share the hardware acceleration capability of the unified verification server;

步骤3:完成握手过程后,会话&缓存服务器的Cache服务正常开展,客户端则正常使用CDN服务,对于可缓存数据,直接在边缘节点的服务器获取,对于不可缓存数据,向源服务器获取;Step 3: After the handshake process is completed, the Cache service of the session & cache server is normally carried out, and the client uses the CDN service normally. For cacheable data, it is obtained directly from the server of the edge node, and for non-cacheable data, it is obtained from the source server;

步骤4:统一验证服务器的数量可以随流量线性来部署统一验证服务器的比例,需要扩展时,可将统一验证服务器进行线性扩展,每台服务器上插上若干SSL加速板卡,以应对更大规模的SSL事务处理需求;或者形成主备,以应对故障处理。Step 4: The number of unified authentication servers can be deployed linearly with the traffic. The proportion of unified authentication servers can be expanded. When expansion is required, the unified authentication server can be linearly expanded, and several SSL acceleration boards can be inserted on each server to cope with larger scale. SSL transaction processing requirements; or form a master and backup to deal with failures.

本发明还同时提供一种基于内容分发网络的HTTPS加速系统,该内容分发网络包括位于中心部分的CDN网管中心和DNS重定向解析中心、位于边缘部分的多个CDN网络边缘节点以及位于后端的源服务器;各CDN网络边缘节点分别部署了位于前端的会话&缓存服务器和位于后端的统一验证服务器;该HTTPS加速系统包括如下单元:The present invention also provides an HTTPS acceleration system based on a content distribution network. The content distribution network includes a CDN network management center and a DNS redirection analysis center located in the central part, a plurality of CDN network edge nodes located in the edge part, and a source located in the back end. Server; Each CDN network edge node is deployed with a session & cache server at the front end and a unified authentication server at the back end; the HTTPS acceleration system includes the following units:

HTTPS访问请求发起单元,用于执行:客户端向CDN网络边缘节点发起HTTPS访问请求;The HTTPS access request initiation unit is used to execute: the client initiates an HTTPS access request to the edge node of the CDN network;

三次握手发起单元,用于执行:CDN网络边缘节点通过前端的负载均衡,分配一台对应的会话&缓存服务器,与客户端进行三次握手;The three-way handshake initiation unit is used to execute: the CDN network edge node allocates a corresponding session & cache server through front-end load balancing, and performs three-way handshake with the client;

三次握手处理单元,用于执行:握手过程中,分配好的会话&缓存服务器负责HTTPS会话管理,该会话&缓存服务器同时就私钥和用户证书的加解密工作与统一验证服务器进行交互,之后返回客户端;如果有多个客户端,则通过该会话&缓存服务器将各客户端映射到一台统一验证服务器上,使每个客户端分享统一验证服务器的硬件加速能力。The three-way handshake processing unit is used to execute: during the handshake process, the assigned session & cache server is responsible for HTTPS session management, and the session & cache server interacts with the unified authentication server on the encryption and decryption of the private key and user certificate at the same time, and then returns Client; if there are multiple clients, each client is mapped to a unified authentication server through the session & cache server, so that each client can share the hardware acceleration capability of the unified authentication server.

HTTPS访问应答单元,用于执行:完成握手过程后,所述会话&缓存服务器的缓存服务正常开展,为客户端提供CDN服务;对于客户端所请求的数据,如果是可缓存数据,直接在会话&缓存服务器获取,如果是不可缓存数据,则向源服务器获取。The HTTPS access response unit is used to perform: after the handshake process is completed, the cache service of the session & cache server is normally carried out to provide CDN services for the client; for the data requested by the client, if it is cacheable data, it is directly stored in the session & The cache server gets it, if it is uncacheable data, it gets it from the source server.

其中,统一验证服务器上设有用户证书和私钥,并集成了若干SSL加速板卡,一台或者多台统一验证服务器对应一用户证书,该统一验证服务器用于处理加解密;统一验证服务器的数量可以随流量线性来部署统一验证服务器的比例,需要扩展时,可将统一验证服务器进行线性扩展,每台服务器上插上若干SSL加速板卡,以应对更大规模的SSL事务处理需求;或者形成主备,以应对故障处理。Among them, a user certificate and a private key are provided on the unified verification server, and several SSL acceleration boards are integrated, and one or more unified verification servers correspond to a user certificate, and the unified verification server is used for processing encryption and decryption; The number can be deployed linearly with the flow rate of the unified authentication server. When expansion is required, the unified authentication server can be linearly expanded, and several SSL acceleration boards can be inserted on each server to meet larger-scale SSL transaction processing requirements; or Form a master and backup to handle failures.

在本申请所提供的实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-OnlyMemory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, and other media that can store program codes.

以上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。As mentioned above, the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still understand the foregoing The technical solutions recorded in each embodiment are modified, or some of the technical features are replaced equivalently; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention.

Claims (8)

1.一种基于内容分发网络的HTTPS加速方法,其特征在于:该内容分发网络包括位于中心部分的CDN网管中心和DNS重定向解析中心、位于边缘部分的多个CDN网络边缘节点以及位于后端的源服务器;各CDN网络边缘节点分别部署了位于前端的会话&缓存服务器和位于后端的统一验证服务器;1. A method for accelerating HTTPS based on a content distribution network, characterized in that: the content distribution network includes a CDN network management center and a DNS redirection analysis center located at the central part, a plurality of CDN network edge nodes located at the edge and a backend Source server; each CDN network edge node is deployed with a session & cache server at the front end and a unified authentication server at the back end; 该HTTPS加速方法包括如下步骤:The HTTPS acceleration method comprises the following steps: 步骤1:客户端向CDN网络边缘节点发起HTTPS访问请求;CDN网络边缘节点通过前端的负载均衡,分配一台对应的会话&缓存服务器,与客户端进行三次握手;Step 1: The client initiates an HTTPS access request to the edge node of the CDN network; the edge node of the CDN network allocates a corresponding session & cache server through front-end load balancing, and performs a three-way handshake with the client; 步骤2:握手过程中,分配好的会话&缓存服务器负责HTTPS会话管理,该会话&缓存服务器同时就私钥和用户证书的加解密工作与统一验证服务器进行交互,之后返回客户端,该统一验证服务器用于处理加解密,统一验证服务器上设有用户证书和私钥,一台或者多台统一验证服务器对应一用户证书;Step 2: During the handshake process, the assigned session & cache server is responsible for HTTPS session management. The session & cache server interacts with the unified verification server on the encryption and decryption of the private key and user certificate at the same time, and then returns to the client. The unified verification The server is used to process encryption and decryption, and a user certificate and private key are provided on the unified verification server, and one or more unified verification servers correspond to a user certificate; 步骤3:完成握手过程后,所述会话&缓存服务器的缓存服务正常开展,为客户端提供CDN服务;对于客户端所请求的数据,如果是可缓存数据,直接在会话&缓存服务器获取,如果是不可缓存数据,则向源服务器获取。Step 3: After the handshake process is completed, the cache service of the session & cache server is normally carried out to provide CDN services for the client; for the data requested by the client, if it is cacheable data, it is directly obtained from the session & cache server, if If the data is not cacheable, it will be obtained from the source server. 2.根据权利要求1所述的HTTPS加速方法,其特征在于:所述统一验证服务器集成了若干SSL加速板卡。2. The HTTPS acceleration method according to claim 1, characterized in that: the unified verification server integrates several SSL acceleration boards. 3.根据权利要求2所述的HTTPS加速方法,其特征在于:所述步骤2还包括如下过程:如果有多个客户端,则通过该会话&缓存服务器将各客户端映射到一台统一验证服务器上,使每个客户端分享统一验证服务器的硬件加速能力。3. The HTTPS acceleration method according to claim 2, characterized in that: said step 2 also includes the following process: if there are multiple clients, each client is mapped to a unified authentication server by the session & cache server On the server, each client can share the hardware acceleration capability of the unified verification server. 4.根据权利要求1或2或3所述的HTTPS加速方法,其特征在于:该HTTPS加速方法还包括如下步骤:统一验证服务器的比例数量随流量线性进行部署,将统一验证服务器线性扩展,每台统一验证服务器上插上若干SSL加速板卡,以应对更大规模的SSL事务处理需求和应对故障处理。4. The HTTPS acceleration method according to claim 1, 2 or 3, characterized in that: the HTTPS acceleration method also includes the following steps: the proportion of the unified verification server is deployed linearly with the flow rate, and the unified verification server is linearly expanded, every A number of SSL acceleration boards are plugged into a unified authentication server to deal with larger-scale SSL transaction processing requirements and troubleshooting. 5.一种基于内容分发网络的HTTPS加速系统,该内容分发网络包括位于中心部分的CDN网管中心和DNS重定向解析中心、位于边缘部分的多个CDN网络边缘节点以及位于后端的源服务器;各CDN网络边缘节点分别部署了位于前端的会话&缓存服务器和位于后端的统一验证服务器;5. A kind of HTTPS acceleration system based on content distribution network, this content distribution network comprises CDN network management center and DNS redirection analysis center located in central part, a plurality of CDN network edge nodes located in edge part and source server located in back end; The edge nodes of the CDN network are respectively deployed with a session & cache server at the front end and a unified authentication server at the back end; 该HTTPS加速系统包括如下单元:The HTTPS acceleration system includes the following units: HTTPS访问请求发起单元,用于执行:客户端向CDN网络边缘节点发起HTTPS访问请求;The HTTPS access request initiation unit is used to execute: the client initiates an HTTPS access request to the edge node of the CDN network; 三次握手发起单元,用于执行:CDN网络边缘节点通过前端的负载均衡,分配一台对应的会话&缓存服务器,与客户端进行三次握手;The three-way handshake initiation unit is used to execute: the CDN network edge node allocates a corresponding session & cache server through front-end load balancing, and performs three-way handshake with the client; 三次握手处理单元,用于执行:握手过程中,分配好的会话&缓存服务器负责HTTPS会话管理,该会话&缓存服务器同时就私钥和用户证书的加解密工作与统一验证服务器进行交互,之后返回客户端,该统一验证服务器用于处理加解密,统一验证服务器上设有用户证书和私钥,一台或者多台统一验证服务器对应一用户证书;The three-way handshake processing unit is used to execute: during the handshake process, the assigned session & cache server is responsible for HTTPS session management, and the session & cache server interacts with the unified authentication server on the encryption and decryption of the private key and user certificate at the same time, and then returns Client, the unified verification server is used to process encryption and decryption, the unified verification server is provided with user certificates and private keys, and one or more unified verification servers correspond to a user certificate; HTTPS访问应答单元,用于执行:完成握手过程后,所述会话&缓存服务器的缓存服务正常开展,为客户端提供CDN服务;对于客户端所请求的数据,如果是可缓存数据,直接在会话&缓存服务器获取,如果是不可缓存数据,则向源服务器获取。The HTTPS access response unit is used to perform: after the handshake process is completed, the cache service of the session & cache server is normally carried out to provide CDN services for the client; for the data requested by the client, if it is cacheable data, it is directly stored in the session & The cache server gets it, if it is uncacheable data, it gets it from the source server. 6.根据权利要求5所述的HTTPS加速系统,其特征在于:所述统一验证服务器集成了若干SSL加速板卡。6. The HTTPS acceleration system according to claim 5, characterized in that: the unified authentication server integrates several SSL acceleration boards. 7.根据权利要求6所述的HTTPS加速系统,其特征在于:所述三次握手处理单元还执行如下操作:如果有多个客户端,则通过该会话&缓存服务器将各客户端映射到一台统一验证服务器上,使每个客户端分享统一验证服务器的硬件加速能力。7. The HTTPS acceleration system according to claim 6, wherein: the three-way handshake processing unit also performs the following operations: if there are multiple clients, each client is mapped to a server by the session & cache server On the unified verification server, each client can share the hardware acceleration capability of the unified verification server. 8.根据权利要求5或6或7所述的HTTPS加速系统,其特征在于:所述统一验证服务器的比例数量随流量线性进行部署,将统一验证服务器线性扩展,每台统一验证服务器上插上若干SSL加速板卡,以应对更大规模的SSL事务处理需求和应对故障处理。8. The HTTPS acceleration system according to claim 5 or 6 or 7, characterized in that: the proportion of the unified verification server is deployed linearly with the flow rate, the unified verification server is linearly expanded, and each unified verification server is plugged in Several SSL acceleration boards are used to handle larger-scale SSL transaction processing requirements and handle fault handling.
CN201610873442.6A 2016-09-30 2016-09-30 A method and system for accelerating HTTPS based on content distribution network Active CN106341417B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201911090331.8A CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network
CN201610873442.6A CN106341417B (en) 2016-09-30 2016-09-30 A method and system for accelerating HTTPS based on content distribution network
PCT/CN2017/104806 WO2018059578A1 (en) 2016-09-30 2017-09-30 Https acceleration method and system based on content distribution network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610873442.6A CN106341417B (en) 2016-09-30 2016-09-30 A method and system for accelerating HTTPS based on content distribution network

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201911090331.8A Division CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network

Publications (2)

Publication Number Publication Date
CN106341417A CN106341417A (en) 2017-01-18
CN106341417B true CN106341417B (en) 2019-11-05

Family

ID=57839835

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201610873442.6A Active CN106341417B (en) 2016-09-30 2016-09-30 A method and system for accelerating HTTPS based on content distribution network
CN201911090331.8A Active CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201911090331.8A Active CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network

Country Status (2)

Country Link
CN (2) CN106341417B (en)
WO (1) WO2018059578A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11579781B2 (en) 2020-10-23 2023-02-14 Red Hat, Inc. Pooling distributed storage nodes that have specialized hardware

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341417B (en) * 2016-09-30 2019-11-05 贵州白山云科技股份有限公司 A method and system for accelerating HTTPS based on content distribution network
CN106789344B (en) * 2017-01-19 2019-11-12 上海帝联信息科技股份有限公司 Data transmission method, system, CDN network and client
CN107707514B (en) 2017-02-08 2018-08-21 贵州白山云科技有限公司 One kind is for encrypted method and system and device between CDN node
CN107707517B (en) * 2017-05-09 2018-11-13 贵州白山云科技有限公司 A kind of HTTPs handshake methods, device and system
CN107257327B (en) * 2017-05-25 2020-12-29 中央民族大学 A high-concurrency SSL session management method
CN108574687B (en) * 2017-07-03 2020-11-27 北京金山云网络技术有限公司 Communication connection establishment method, apparatus, electronic device and computer readable medium
US11153289B2 (en) * 2017-07-28 2021-10-19 Alibaba Group Holding Limited Secure communication acceleration using a System-on-Chip (SoC) architecture
CN109428876B (en) * 2017-09-01 2021-10-08 腾讯科技(深圳)有限公司 Handshake connection method and device
CN109561027A (en) * 2017-09-26 2019-04-02 中兴通讯股份有限公司 Flow optimization method, load balancer and the storage medium of transparent caching
CN109842664A (en) * 2017-11-29 2019-06-04 苏宁云商集团股份有限公司 A kind of CDN of the safety without private key of High Availabitity supports the system and method for HTTPS
CN108401011B (en) * 2018-01-30 2021-09-24 网宿科技股份有限公司 Method, device and edge node for accelerating handshake request in content distribution network
CN108429682A (en) * 2018-02-26 2018-08-21 湖南科技学院 Method and system for optimizing network transmission link
CN110324365B (en) * 2018-03-28 2023-01-24 网易(杭州)网络有限公司 Keyless front-end cluster system, application method, storage medium and electronic device
CN111010404B (en) * 2018-03-30 2022-07-29 贵州白山云科技股份有限公司 Data transmission method, data transmission equipment and computer readable storage medium
CN108804515B (en) * 2018-04-25 2021-05-28 网宿科技股份有限公司 Web page loading method, web page loading system and server
CN114338629B (en) * 2020-09-25 2025-01-10 北京金山云网络技术有限公司 Data processing method, device, equipment and medium
CN112187804B (en) * 2020-09-29 2023-01-20 北京金山云网络技术有限公司 Communication method and device of server, computer equipment and storage medium
CN113301159B (en) * 2021-05-26 2022-12-09 中国电子科技集团公司第五十四研究所 Service position obtaining method and device in edge computing system
CN115460083B (en) * 2021-06-09 2024-04-19 贵州白山云科技股份有限公司 Security acceleration service deployment method, device, medium and equipment
CN117857095B (en) * 2023-12-05 2024-11-26 天翼云科技有限公司 A solution to TLS handshake without private key
CN118972380B (en) * 2024-09-27 2025-02-07 杭州优云科技股份有限公司 HTTPS uninstall method, device and electronic device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104081711A (en) * 2011-12-16 2014-10-01 阿卡麦科技公司 Terminating SSL connections without locally-accessible private keys
KR101491697B1 (en) * 2013-12-10 2015-02-11 주식회사 시큐아이 Security device including ssl acceleration card and operating method thereof
CN104732164A (en) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 Device and method both for accelerating SSL (Security Socket Layer) data processing speed
CN106101007A (en) * 2016-05-24 2016-11-09 杭州迪普科技有限公司 Process the method and device of message

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9531691B2 (en) * 2011-12-16 2016-12-27 Akamai Technologies, Inc. Providing forward secrecy in a terminating TLS connection proxy
CN104702611B (en) * 2015-03-15 2018-05-25 西安电子科技大学 A kind of device and method for protecting Secure Socket Layer session key
CN105871797A (en) * 2015-11-19 2016-08-17 乐视云计算有限公司 Handshake method, device and system of client and server
CN106027646B (en) * 2016-05-19 2019-06-21 北京云钥网络科技有限公司 A kind of method and device accelerating HTTPS
CN106230782A (en) * 2016-07-20 2016-12-14 腾讯科技(深圳)有限公司 A kind of information processing method based on content distributing network and device
CN106341417B (en) * 2016-09-30 2019-11-05 贵州白山云科技股份有限公司 A method and system for accelerating HTTPS based on content distribution network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104081711A (en) * 2011-12-16 2014-10-01 阿卡麦科技公司 Terminating SSL connections without locally-accessible private keys
KR101491697B1 (en) * 2013-12-10 2015-02-11 주식회사 시큐아이 Security device including ssl acceleration card and operating method thereof
CN104732164A (en) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 Device and method both for accelerating SSL (Security Socket Layer) data processing speed
CN106101007A (en) * 2016-05-24 2016-11-09 杭州迪普科技有限公司 Process the method and device of message

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11579781B2 (en) 2020-10-23 2023-02-14 Red Hat, Inc. Pooling distributed storage nodes that have specialized hardware

Also Published As

Publication number Publication date
CN106341417A (en) 2017-01-18
CN110808989A (en) 2020-02-18
WO2018059578A1 (en) 2018-04-05
CN110808989B (en) 2022-01-21

Similar Documents

Publication Publication Date Title
CN106341417B (en) A method and system for accelerating HTTPS based on content distribution network
US10742546B2 (en) Traffic on-boarding for acceleration through out-of-band security authenticators
US8745384B2 (en) Security management in a group based environment
US9712503B1 (en) Computing instance migration
US8843636B1 (en) Managing digital certificates for WAN optimization over content delivery networks
JP7649610B2 (en) Integrating Device Identity into a Blockchain Permissions Framework
US12192237B2 (en) Detecting attacks using handshake requests systems and methods
EP4046356B1 (en) Systems and methods for preventing replay attacks
US20090235067A1 (en) Method and system for configuring a server and dynamically loading ssl information
US10318747B1 (en) Block chain based authentication
JP7530146B2 (en) Secure private key distribution among endpoint instances
US11418342B2 (en) System and methods for data exchange using a distributed ledger
US8132246B2 (en) Kerberos ticket virtualization for network load balancers
US20250202872A1 (en) Security protocol handshake offloading
US20250175460A1 (en) Mechanism for enforcing access control at scale to an internet service using transport layer security (tls)
EP3220604B1 (en) Methods for client certificate delegation and devices thereof
CN118488111A (en) A communication method and device
EP3361764B1 (en) Management of authenticator information in a computer system
Reinhold et al. Hybrid cloud architecture for software-as-a-service provider to achieve higher privacy and decrease security concerns about cloud computing
Kim et al. A user authentication method for M2M environments
WO2025111481A1 (en) Mechanism for enforcing access control at scale to an internet service using transport layer security (tls)
CN114338056A (en) Network access method based on cloud distribution and system, medium and equipment thereof
Singh et al. Evaluation of a Secure Agent Based Framework for Optimized Resource Scheduling in Cloud Computing
CN104639567A (en) Realization method of server security authentication mechanism

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 550000 Fuyuan Medical Logistics Park Phase II 41, No. 22 Fuyuan North Road, Nanming District, Guiyang City, Guizhou Province

Applicant after: Guizhou Baishan cloud Polytron Technologies Inc

Address before: 550000 Fuyuan Medical Logistics Park Phase II 41, No. 22 Fuyuan North Road, Nanming District, Guiyang City, Guizhou Province

Applicant before: Guizhou white cloud Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant