[go: up one dir, main page]

CN100426801C - Data transmission method and system in instant communication - Google Patents

Data transmission method and system in instant communication Download PDF

Info

Publication number
CN100426801C
CN100426801C CNB2005100636978A CN200510063697A CN100426801C CN 100426801 C CN100426801 C CN 100426801C CN B2005100636978 A CNB2005100636978 A CN B2005100636978A CN 200510063697 A CN200510063697 A CN 200510063697A CN 100426801 C CN100426801 C CN 100426801C
Authority
CN
China
Prior art keywords
node
client
data
signature
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB2005100636978A
Other languages
Chinese (zh)
Other versions
CN1842064A (en
Inventor
林友尧
陈伟华
李沛昭
叶茂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CNB2005100636978A priority Critical patent/CN100426801C/en
Publication of CN1842064A publication Critical patent/CN1842064A/en
Application granted granted Critical
Publication of CN100426801C publication Critical patent/CN100426801C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明适用于即时通信领域,提供了一种即时通信中的数据传输方法及传输系统,中转传输接入客户端和目标客户端之间的数据,所述方法包括:A.选择具备数据中转能力的客户端作为节点;B.选择为接入客户端和目标客户端提供数据中转服务的节点,并为所述节点分配一个节点密钥;C.建立节点中转通信通道;D.通过所述节点中转通信通道传输接入客户端和目标客户端之间的数据。利用本发明,能够降低中转服务器的通信带宽,减少运营商的设备购置投入,并能提高客户端的即时通信效率。

Figure 200510063697

The present invention is applicable to the field of instant communication, and provides a data transmission method and transmission system in instant communication, which transfers and transmits data between an access client and a target client, and the method includes: A. Selecting a data transfer capability B. Select a node that provides data transfer services for the access client and the target client, and assign a node key to the node; C. Establish a node transfer communication channel; D. Pass the node The transit communication channel transmits data between the access client and the target client. The present invention can reduce the communication bandwidth of the transfer server, reduce the equipment purchase investment of the operator, and improve the instant communication efficiency of the client.

Figure 200510063697

Description

一种即时通信中数据传输的方法及系统 Method and system for data transmission in instant messaging

技术领域 technical field

本发明属于即时通信领域,尤其涉及即时通信中数据传输的方法以及数据传输系统。The invention belongs to the field of instant messaging, and in particular relates to a data transmission method and a data transmission system in instant messaging.

背景技术 Background technique

在即时通信过程中,客户端之间的信息和数据的交互需要通过中转服务器来实现,由客户端向中心服务器请求对方的IP地址,使用该IP地址向对方客户端发出直连请求,若该请求得到对方客户端的同意,则建立直连,进行通信,如果由于对方客户端设置了防火墙等原因不能达成直连,则由发起方客户端向中转服务器发出中转请求,通过中转服务器进行通信。In the process of instant messaging, the interaction of information and data between clients needs to be realized through the transfer server. The client requests the IP address of the other party from the central server, and uses the IP address to send a direct connection request to the other client. If the request is approved by the other party’s client, a direct connection will be established for communication. If the direct connection cannot be achieved due to the firewall of the other party’s client, the initiator’s client will send a relay request to the relay server and communicate through the relay server.

目前,由于多数用户都是通过局域网上网,为了达到网络安全的目的,局域网往往会设置防火墙或者采取其他限制接入的措施,客观上造成大量用户不能数据直连,需要通过中转服务器进行中转通信,占用了大量的中转服务器带宽,降低了通信效率,不便于用户通信。而运营商为了保证用户的通信效率,必须购置更多的中转服务器,增加了设备的购置投入。At present, since most users access the Internet through a LAN, in order to achieve the purpose of network security, the LAN often sets up a firewall or takes other measures to restrict access. Objectively, a large number of users cannot directly connect to the data, and need to use a relay server for relay communication. It occupies a large amount of transit server bandwidth, reduces communication efficiency, and is not convenient for user communication. In order to ensure the communication efficiency of users, operators must purchase more transit servers, which increases the investment in equipment purchase.

发明内容 Contents of the invention

本发明的目的在于解决即时通信过程中用户的通信数据通过有限的中转服务器资源中转实现,降低了通信效率的问题。The purpose of the present invention is to solve the problem that the communication efficiency of the user is reduced through the transfer of limited transfer server resources in the process of instant messaging.

为了实现发明目的,本发明提供了一种即时通信中的数据传输方法,中转传输接入客户端和目标客户端之间的数据,所述方法包括下述步骤:In order to achieve the purpose of the invention, the present invention provides a data transmission method in instant messaging, which relays and transmits data between an access client and a target client, and the method includes the following steps:

A.选择具备数据中转能力的客户端作为节点;A. Select a client with data transfer capability as a node;

B.选择为接入客户端和目标客户端提供数据中转服务的节点,并为所述提供数据中转服务的节点分配一个节点密钥;B. Select a node that provides data transfer services for the access client and the target client, and assign a node key to the node that provides data transfer services;

C.所述提供数据中转服务的节点为接入客户端和目标客户端开放通信端口,以建立节点中转通信通道;C. The node providing the data transfer service opens communication ports for the access client and the target client to establish a node transfer communication channel;

D.通过所述节点中转通信通道传输接入客户端和目标客户端之间的数据。D. Transmitting data between the access client and the target client through the node relay communication channel.

所述步骤A包括下述步骤:Described step A comprises the following steps:

A1.接收客户端上报的设备环境信息和网络流量信息;A1. Receive device environment information and network traffic information reported by the client;

A2.根据客户端上报的设备环境信息和网络流量信息,选择具备数据中转能力的客户端作为节点;A2. According to the device environment information and network traffic information reported by the client, select the client with data transfer capability as the node;

A3.保存所述节点的设备环境信息、网络流量信息和节点签名。A3. Save the device environment information, network flow information and node signature of the node.

所述步骤B包括下述步骤:Said step B comprises the following steps:

B1.接收接入客户端发起的节点接入请求;B1. Receive the node access request initiated by the access client;

B2.选择为接入客户端和目标客户端提供数据中转服务的节点;B2. Select a node that provides data transfer services for access clients and target clients;

B3.为所述提供数据中转服务的节点分配一个节点密钥,并使用所述提供数据中转服务的节点的节点签名生成接入客户端签名和目标客户端签名;B3. Assign a node key to the node providing data transfer service, and use the node signature of the node providing data transfer service to generate an access client signature and a target client signature;

B4.向接入客户端返回节点接入请求应答。B4. Return the node access request response to the access client.

所述步骤C包括下述步骤:Described step C comprises the following steps:

C1.接入客户端将向目标客户端发送节点连接信息;C1. The access client will send node connection information to the target client;

C2.目标客户端对节点连接信息中的每个节点执行ping指令,并向接入客户端返回节点ping指令响应信息;C2. The target client performs a ping command on each node in the node connection information, and returns the node ping command response information to the access client;

C3.接入客户端根据目标客户端的ping指令响应信息和自身获得的节点ping指令响应信息,选择进行数据传输的节点,并通知目标客户端;C3. The access client selects a node for data transmission according to the ping command response information of the target client and the node ping command response information obtained by itself, and notifies the target client;

C4.接入客户端和目标客户端向提供数据中转服务的节点发起接入请求;C4. The access client and the target client initiate an access request to the node providing the data transfer service;

C5.提供数据中转服务的节点对接入客户端和目标客户端进行验证;C5. The node that provides the data transfer service verifies the access client and the target client;

C6.节点为验证通过的接入客户端和目标客户端开放通信端口。C6. The node opens communication ports for the access client and the target client that pass the verification.

所述步骤D包括下述步骤:Said step D comprises the following steps:

D1.接入客户端向提供数据中转服务的节点发送利用节点密钥加密的数据;D1. The access client sends the data encrypted with the node key to the node providing the data transfer service;

D2.提供数据中转服务的节点将所述数据转发给目标客户端;D2. The node providing the data transfer service forwards the data to the target client;

D3.目标客户端利用节点密钥解密节点转发的数据。D3. The target client uses the node key to decrypt the data forwarded by the node.

所述节点接入请求应答包括节点签名、节点IP和端口、节点密钥以及利用所述节点签名生成的接入客户端签名和目标客户端签名。The node access request response includes a node signature, a node IP and port, a node key, and an access client signature and a target client signature generated using the node signature.

所述节点连接信息包括节点签名、节点IP和端口、节点密钥以及目标客户端签名。The node connection information includes node signature, node IP and port, node key and target client signature.

所述步骤D进一步包括下述步骤:Said step D further comprises the following steps:

D4.中心服务器向所述提供数据中转服务的节点下发网络流量控制信息;D4. The central server sends network flow control information to the node providing the data transfer service;

D5.提供数据中转服务的节点接收网络流量控制信息,控制本地网络流量;D5. Nodes that provide data transfer services receive network traffic control information and control local network traffic;

D6.提供数据中转服务的节点向中心服务器返回本地网络流量控制结果。D6. The node providing the data transfer service returns the local network flow control result to the central server.

所述为接入客户端和目标客户端提供数据中转服务的节点为IP靠近所述接入客户端IP或目标客户端IP的节点。The node that provides data transfer services for the access client and the target client is a node with an IP close to the IP of the access client or the IP of the target client.

为了更好地实现发明目的,本发明进一步提供了一种即时通信中的数据传输系统,用于中转传输接入客户端和目标客户端之间的数据,所述系统包括中心服务器子系统、节点子系统以及客户端子系统,其中:In order to better realize the purpose of the invention, the present invention further provides a data transmission system in instant messaging, which is used to transfer and transmit data between the access client and the target client. The system includes a central server subsystem, a node Subsystem and Client Subsystem, where:

中心服务器子系统,用于选择为接入客户端和目标客户端提供数据中转服务的节点,并为每个节点分配一个节点密钥;The central server subsystem is used to select nodes that provide data transfer services for access clients and target clients, and assign a node key to each node;

节点子系统,用于建立节点中转通信通道,并通过所述节点中转通信通道转发接入客户端和目标客户端提交的数据;The node subsystem is used to establish a node transit communication channel, and forward the data submitted by the access client and the target client through the node transit communication channel;

客户端子系统,用于选择提供数据中转服务的节点,将数据提交所述节点转发。The client subsystem is used to select a node that provides data transfer service, and submit the data to the node for forwarding.

所述中心服务器子系统包括节点接入管理模块、节点信息存储模块、密钥及签名生成模块以及节点分配模块,其中:The central server subsystem includes a node access management module, a node information storage module, a key and signature generation module, and a node allocation module, wherein:

节点接入管理模块,接收客户端定时上报的设备环境信息和网络流量信息,选择向客户端提供数据中转服务的节点,并将所述节点的设备环境信息、网络流量信息和节点签名提交节点信息存储模块保存;向节点下发网络流量控制信息,接收节点返回的网络流量控制结果;The node accesses the management module, receives the device environment information and network flow information regularly reported by the client, selects a node that provides data transfer services to the client, and submits the device environment information, network flow information and node signature of the node to the node information The storage module saves; sends the network flow control information to the node, and receives the network flow control result returned by the node;

节点信息存储模块,接收并存储节点接入管理模块提交的节点的设备环境信息、网络流量信息和节点签名;接收节点分配模块的节点查询请求,选择为客户端提供数据中转服务的节点,将所述节点的IP和端口信息送交节点分配模块,将所述节点的节点签名送交密钥及签名生成模块;The node information storage module receives and stores the device environment information, network flow information and node signature of the node submitted by the node access management module; receives the node query request from the node allocation module, selects the node that provides data transfer services for the client, and transfers all The IP of the node and the port information are sent to the node allocation module, and the node signature of the node is sent to the key and signature generation module;

密钥及签名生成模块,接收节点信息存储模块送交的节点签名,利用所述节点签名生成接入客户端签名和目标客户端签名,并为每个节点分配一个节点密钥;将接入客户端签名、目标客户端签名以及节点密钥送交节点分配模块;The key and signature generation module receives the node signature sent by the node information storage module, uses the node signature to generate the access client signature and the target client signature, and assigns a node key to each node; the access client Terminal signature, target client signature and node key are sent to the node distribution module;

节点分配模块,接收接入客户端提交的节点接入请求,向节点信息存储模块发送节点查询请求,接收节点信息存储模块送交的节点的IP和端口,以及密钥及签名生成模块送交的接入客户端签名、目标客户端签名和节点密钥,向接入客户端返回节点接入请求应答。The node allocation module receives the node access request submitted by the access client, sends the node query request to the node information storage module, receives the IP and port of the node sent by the node information storage module, and sends the key and signature generation module The access client signature, the target client signature and the node key, return the node access request response to the access client.

所述节点子系统包括信息上报模块和接入中转模块,其中:The node subsystem includes an information reporting module and an access transfer module, wherein:

信息上报模块,将设备环境信息和所述网络流量信息上报中心服务器;接收中心服务器下发的网络流量控制信息,将所述网络流量控制信息转发给接入中转模块,接收接入中转模块返回的网络流量控制结果,并将所述网络流量控制结果上报中心服务器;The information reporting module reports the device environment information and the network flow information to the central server; receives the network flow control information issued by the central server, forwards the network flow control information to the access transfer module, and receives the information returned by the access transfer module Network flow control results, and report the network flow control results to the central server;

接入中转模块,接收客户端发送的ping指令,向客户端返回ping响应信息;接收接入客户端和目标客户端的接入请求,根据接入客户端签名和目标客户端签名验证接入客户端和目标客户端的身份,向通过验证的接入客户端和目标客户端开放通信端口,建立中转通信通道;接收接入客户端提交中转的数据,对数据进行合法性验证,并将验证通过的数据转发给目标客户端;接收信息上报模块转发的网络流量控制信息,调整本地网络流量,并将网络流量控制结果返回信息上报模块。Access the transit module, receive the ping command sent by the client, and return the ping response information to the client; receive the access request of the access client and the target client, and verify the access client according to the signature of the access client and the signature of the target client and the identity of the target client, open the communication port to the authenticated access client and the target client, and establish a transit communication channel; receive the data submitted by the access client for transit, verify the legality of the data, and pass the verified data Forwarding to the target client; receiving the network flow control information forwarded by the information reporting module, adjusting the local network flow, and returning the network flow control result to the information reporting module.

所述客户端子系统包括节点请求模块、传送模块和数据加解密模块,其中:The client subsystem includes a node request module, a transmission module and a data encryption and decryption module, wherein:

节点接入请求模块,向中心服务器提交节点接入请求,接收中心服务器返回的节点接入请求应答;将节点连接信息发送给传送模块;The node access request module submits the node access request to the central server, receives the node access request response returned by the central server; sends the node connection information to the transmission module;

传送模块,接收节点请求接入模块发送的节点连接信息,将所述节点连接信息发送给目标客户端;向节点发送ping指令,接收节点返回的ping指令响应信息;接收目标客户端返回的节点ping指令响应信息;根据自身的ping指令响应信息和目标客户端返回的ping指令响应信息选择进行数据传输的节点,并将选定的节点通知目标客户端;接收数据加解密模块加密的数据,并将所述数据转发给节点;接收节点转发的数据,并将所述数据转发给数据加解密模块;The transmission module receives the node connection information sent by the node request access module, and sends the node connection information to the target client; sends a ping command to the node, receives the ping command response information returned by the node; receives the node ping command returned by the target client Command response information; select the node for data transmission according to the ping command response information of itself and the ping command response information returned by the target client, and notify the selected node to the target client; receive the data encrypted by the data encryption and decryption module, and send The data is forwarded to the node; the data forwarded by the node is received, and the data is forwarded to the data encryption and decryption module;

数据加解密模块,利用节点密钥加密数据,并将所述数据转发给传送模块;接收传送模块转发的数据,利用节点密钥解密所述数据。The data encryption and decryption module uses the node key to encrypt data, and forwards the data to the transmission module; receives the data forwarded by the transmission module, and uses the node key to decrypt the data.

所述节点接入请求应答包括节点签名、节点IP和端口、节点密钥以及利用所述节点签名生成的接入客户端签名和目标客户端签名。The node access request response includes a node signature, a node IP and port, a node key, and an access client signature and a target client signature generated using the node signature.

所述节点连接信息包括节点签名、节点IP和端口、节点密钥以及目标客户端签名。The node connection information includes node signature, node IP and port, node key and target client signature.

所述为客户端提供数据中转服务的节点为IP靠近所述接入客户端IP或者目标客户端IP的节点。The node providing data transfer service for the client is a node whose IP is close to the IP of the access client or the IP of the target client.

本发明借用参与即时通信的客户端资源,选择具备数据中转能力的客户端作为数据传输的节点,中心服务器分配节点密钥对数据进行加密,保证数据传输的安全性。利用本发明,能够降低中转服务器的通信带宽,减少运营商的设备购置投入,并能提高客户端的即时通信效率。The present invention borrows client resources participating in instant messaging, selects clients with data transfer capabilities as nodes for data transmission, and the central server distributes node keys to encrypt data to ensure the security of data transmission. The present invention can reduce the communication bandwidth of the transfer server, reduce the equipment purchase investment of the operator, and improve the instant communication efficiency of the client.

附图说明 Description of drawings

图1是本发明提供的数据传输方法的实现流程图;Fig. 1 is the realization flowchart of the data transmission method provided by the present invention;

图2是本发明提供的数据传输系统的结构图。Fig. 2 is a structural diagram of the data transmission system provided by the present invention.

具体实施方式 Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

如图1所示,在本发明中,中心服务器101将网络流量符合数据传送要求的、有对外IP的客户端作为即时通信的节点对客户端之间的即时通信数据进行中转传输,由此达到节省中转服务器带宽的目的。客户端能否成为节点由中心服务器101来判断和选定。As shown in Figure 1, in the present invention, the central server 101 uses the client whose network traffic meets the data transmission requirements and has an external IP as an instant messaging node to transfer and transmit the instant messaging data between the clients, thereby achieving The purpose of saving the bandwidth of the transit server. Whether the client can become a node is judged and selected by the central server 101 .

步骤S101中,中心服务器101根据客户端上报的信息,判断客户端是否具备传输数据的能力,选择为客户端提供数据中转服务的节点。In step S101, the central server 101 judges whether the client has the ability to transmit data according to the information reported by the client, and selects a node that provides data transfer services for the client.

客户端定时向中心服务器101上报设备环境信息和网络流量信息,中心服务器101根据客户端上报的设备环境信息和网络流量信息,判断客户端是否可以作为节点使用,并保存节点的设备环境信息、网络流量信息和节点签名。The client regularly reports device environment information and network flow information to the central server 101, and the central server 101 judges whether the client can be used as a node according to the device environment information and network flow information reported by the client, and saves the node's device environment information, network Traffic information and node signatures.

客户端向中心服务器101上报的设备环境信息包括网络设备名称、本地时间、是否进行过大数据量如语音通话、视频、文件的传输、CPU信息、内存信息、本地IP和port(端口)等。网络流量信息包括连接数、发起方请求时间、通道数据包量、通道数据包流量等。节点签名包括密钥和有效期,中心服务器101利用节点的签名生成一对客户端签名,即接入客户端签名和目标客户端签名,用于节点在客户端接入时验证客户端的身份;有效期为客户端接入节点时的正常的连接建立的时间,当客户端接入节点时,节点在验证密钥是否正确的同时,用本机时间对比密钥的有效期,如果超时就认为签名是无效的。The device environment information reported by the client to the central server 101 includes network device names, local time, whether large data volumes such as voice calls, videos, file transfers, CPU information, memory information, local IP and port (ports) have been performed. Network traffic information includes the number of connections, the request time of the initiator, the amount of channel data packets, and the flow of channel data packets. The node signature includes a key and a validity period. The central server 101 uses the signature of the node to generate a pair of client signatures, that is, the access client signature and the target client signature, which are used for the node to verify the identity of the client when the client accesses; the validity period is The normal connection establishment time when the client accesses the node. When the client accesses the node, the node verifies whether the key is correct, and compares the validity period of the key with the local time. If it times out, the signature is considered invalid. .

步骤S102中,当客户端103A与目标客户端103B之间需要通过节点传输数据时,客户端103A向中心服务器101发起节点接入请求;中心服务器101根据IP靠近原则,选择多个IP靠近客户端103A或者103B的节点为客户端103A提供数据中转服务,为每个节点随机分配一个SN_key(节点密钥),并利用节点签名生成的一对客户端签名,即接入客户端签名和目标客户端签名,然后向客户端103A返回节点接入请求应答,节点接入请求应答中包括了节点签名、节点IP和port、SN_key以及利用节点签名生成的客户端103A的客户端签名和客户端103B的客户端签名。In step S102, when the client 103A and the target client 103B need to transmit data through nodes, the client 103A initiates a node access request to the central server 101; the central server 101 selects multiple IPs to be close to the client according to the principle of IP proximity The node 103A or 103B provides data transfer service for the client 103A, randomly assigns an SN_key (node key) to each node, and uses a pair of client signatures generated by the node signature, that is, the access client signature and the target client signature signature, and then return the node access request response to the client 103A, which includes the node signature, node IP and port, SN_key, and the client signature of the client 103A generated by the node signature and the client 103B client terminal signature.

步骤S103中,客户端103A通过即时通信系统提供的通信通道将节点签名、节点IP和port、SN_key以及目标客户端签名等节点连接信息发送给客户端103B。In step S103, the client 103A sends the node connection information such as node signature, node IP and port, SN_key and target client signature to the client 103B through the communication channel provided by the instant messaging system.

步骤S104中,客户端103B接收到客户端103A发送的节点连接信息后,对节点连接信息中的每个节点执行ping指令,并把各节点102的ping指令响应信息返回给客户端103A。In step S104, after receiving the node connection information sent by the client 103A, the client 103B executes a ping command on each node in the node connection information, and returns the ping command response information of each node 102 to the client 103A.

步骤S 105中,客户端103A根据客户端103B的ping指令响应信息和自身对每个节点执行ping指令后获得的ping指令响应信息,选择进行数据中转传输的节点,并将选择出的节点通知客户端103B。In step S105, the client 103A selects a node for data transfer and transmission according to the ping command response information of the client 103B and the ping command response information obtained by itself after executing the ping command for each node, and notifies the client of the selected node Terminal 103B.

步骤S106中,客户端103A和103B分别向节点102发起接入请求,节点102根据客户端103A和103B的客户端签名对客户端进行验证,判断客户端的身份是否合法,以及签名的有效期是否有效,如果客户端身份合法,且签名有效,则节点102分别为客户端103A和103B开放通信端口,建立中转通信通道。In step S106, the clients 103A and 103B respectively initiate access requests to the node 102, and the node 102 verifies the clients according to the client signatures of the clients 103A and 103B, and judges whether the identity of the clients is legal and whether the validity period of the signature is valid, If the identity of the client is legal and the signature is valid, the node 102 opens communication ports for the clients 103A and 103B respectively, and establishes a transit communication channel.

步骤S107中,客户端103A利用与节点102对应的SN_key加密需要传输的数据,并将加密后的数据发送至节点102;节点102接收到客户端103A发送的数据后,通过客户端签名判断数据是否合法,然后将验证合法的数据转发给客户端103B;客户端103B收到节点102转发的数据后,利用节点102的SN_key对数据进行解密处理。In step S107, the client 103A uses the SN_key corresponding to the node 102 to encrypt the data to be transmitted, and sends the encrypted data to the node 102; after the node 102 receives the data sent by the client 103A, it judges whether the data is legal, and then forward the verified legal data to the client 103B; after receiving the data forwarded by the node 102, the client 103B uses the SN_key of the node 102 to decrypt the data.

在节点102为客户端103A和103B提供数据中转服务的过程中,中心服务器101要求节点102定时上报本地的网络流量信息,中心服务器101根据节点102上报的网络流量信息对节点102的最大连接数、发起方请求超时值、通道最大数据包量以及通道最大流量等进行实时控制,保证其自身作为客户端时的即时通信质量。节点102根据中心服务器101的网络控制信息,控制本地的网络流量,并将网络流量控制结果返回中心服务器101。In the process that node 102 provides data transfer services for clients 103A and 103B, central server 101 requires node 102 to regularly report local network traffic information, and central server 101 is based on the network traffic information reported by node 102 to the maximum number of connections to node 102, The initiator requests real-time control of the timeout value, the maximum packet size of the channel, and the maximum flow rate of the channel to ensure the quality of instant communication when it acts as a client. The node 102 controls the local network traffic according to the network control information of the central server 101 , and returns the network traffic control result to the central server 101 .

在客户端103A、103B之间进行即时通信过程中,如果节点102的通信出现不稳定的情况,如断电、掉线等,客户端103A、103B会自动切换到另外的节点进行通信。During the instant messaging between the clients 103A and 103B, if the communication of the node 102 becomes unstable, such as power outage, disconnection, etc., the clients 103A and 103B will automatically switch to another node for communication.

图2示出了本发明提供的数据传输系统的结构,包括运行在中心服务器101上的服务器子系统201、运行在节点102上的节点子系统202以及运行在客户端103上的客户端子系统203。在本发明中,由于节点102也是一种提供数据中转服务的客户端,因此,实际中节点102和客户端103为同一种实体,均运行有节点子系统202和客户端子系统203,为了便于理解,分开进行描述。Fig. 2 shows the structure of the data transmission system provided by the present invention, including the server subsystem 201 running on the central server 101, the node subsystem 202 running on the node 102 and the client subsystem 203 running on the client 103 . In the present invention, since the node 102 is also a client that provides data transfer services, in practice, the node 102 and the client 103 are the same entity, and both run the node subsystem 202 and the client subsystem 203, for easy understanding , described separately.

服务器子系统201包括节点接入管理模块2011、节点信息存储模块2012、密钥及签名生成模块2013以及节点分配模块2014,其中:The server subsystem 201 includes a node access management module 2011, a node information storage module 2012, a key and signature generation module 2013, and a node allocation module 2014, wherein:

节点接入管理模块2011,接收客户端定时上报的设备环境信息和网络流量信息,选择具有数据传输能力的客户端作为节点,并将节点的设备环境信息、网络流量信息和节点签名上报节点信息存储模块2012存储;向节点下发网络流量控制信息,对节点的最大连接数、发起方请求超时值、通道最大包量以及通道最大流量等进行控制,并接收节点返回的网络流量控制结果;The node access management module 2011 receives the device environment information and network flow information regularly reported by the client, selects the client with data transmission capability as a node, and reports the device environment information, network flow information and node signature of the node to the node information storage Module 2012 stores; sends network flow control information to the node, controls the maximum number of connections of the node, the request timeout value of the initiator, the maximum packet size of the channel, and the maximum flow of the channel, etc., and receives the network flow control result returned by the node;

节点信息存储模块2012,存储节点接入管理模块2011上报的设备环境信息、网络流量信息和节点签名;接收节点分配模块2014的节点查询请求,选择为接入客户端和目标客户端提供数据中转服务的多个节点,如IP靠近接入客户端IP或目标客户端IP的节点,并将节点的IP和端口信息返回节点分配模块2014,同时将节点的节点签名送交密钥及签名生成模块2013;The node information storage module 2012 stores the device environment information, network flow information and node signature reported by the node access management module 2011; receives the node query request from the node allocation module 2014, and selects to provide data transfer services for the access client and the target client For example, a node whose IP is close to the IP of the access client or the IP of the target client, returns the IP and port information of the node to the node distribution module 2014, and at the same time sends the node signature of the node to the key and signature generation module 2013 ;

密钥及签名生成模块2013,接收节点信息存储模块2012送交的节点签名,利用节点签名生成接入客户端签名和目标客户端签名,并为每个节点分配一个SN_key,用于客户端之间加密需要中转传输的数据,同时,利用节点签名为客户端生成客户端签名,包括接入客户端签名和目标客户端签名,用于节点验证客户端身份,然后将SN_key及接入客户端签名和目标客户端签名送交节点分配模块2014;The key and signature generation module 2013 receives the node signature sent by the node information storage module 2012, uses the node signature to generate the access client signature and the target client signature, and assigns an SN_key to each node for use between clients Encrypt the data that needs to be transferred, and at the same time, use the node signature to generate a client signature for the client, including the access client signature and the target client signature, which are used for the node to verify the client identity, and then SN_key and the access client signature and The target client signature is sent to the node distribution module 2014;

节点分配模块2014,接收客户端提交的节点接入请求,向节点信息存储模块2012提交节点查询请求,接收节点信息存储模块2012返回的节点的IP和端口,以及密钥及签名生成模块2013送交的接入客户端签名、目标客户端签名和SN_key,并向接入客户端返回节点接入请求应答。The node distribution module 2014 receives the node access request submitted by the client, submits the node query request to the node information storage module 2012, receives the IP and port of the node returned by the node information storage module 2012, and sends the key and signature generation module 2013 The signature of the access client, the signature of the target client and SN_key, and return the node access request response to the access client.

节点子系统202包括信息上报模块2021以及接入中转模块2022,其中:The node subsystem 202 includes an information reporting module 2021 and an access transfer module 2022, wherein:

信息上报模块2021,向节点接入管理模块2011定时上报设备环境信息和网络流量信息;接收节点接入管理模块2011发送的网络流量控制信息,将网络流量控制信息转发给数据中转模块2023执行,并将执行结果返回节点接入管理模块2011;The information reporting module 2021 regularly reports the device environment information and network flow information to the node access management module 2011; receives the network flow control information sent by the node access management module 2011, forwards the network flow control information to the data transfer module 2023 for execution, and Return the execution result to the node access management module 2011;

接入中转模块2022,接收客户端发送的ping指令,向客户端返回ping响应信息;接收接入客户端和目标客户端的接入请求,根据接入客户端签名和目标客户端签名验证接入客户端和目标客户端的身份,向通过验证的接入客户端和目标客户端开放通信端口,建立中转通信通道;接收接入客户端提交中转的数据,对数据进行合法性验证,并将验证通过的数据转发给目标客户端;接收信息上报模块2021转发的网络流量控制信息,调整本地网络流量,并将网络流量控制结果返回信息上报模块2021。The access transfer module 2022 receives the ping command sent by the client, and returns the ping response information to the client; receives the access request of the access client and the target client, and verifies the access client according to the signature of the access client and the signature of the target client The identity of the terminal and the target client, open the communication port to the authenticated access client and target client, and establish a transit communication channel; receive the data submitted by the access client, verify the legality of the data, and pass the verification Forward the data to the target client; receive the network flow control information forwarded by the information reporting module 2021, adjust the local network flow, and return the network flow control result to the information reporting module 2021.

客户端子系统203包括节点接入请求模块2031、传送模块2032以及数据加解密模块2033,其中:The client subsystem 203 includes a node access request module 2031, a transmission module 2032, and a data encryption and decryption module 2033, wherein:

节点接入请求模块2031,向节点分配模块2014提交节点接入请求,接收节点分配模块2014返回的节点接入应答,并将节点IP和端口、节点密钥以及目标客户端签名等节点连接信息发送给传送模块2032;The node access request module 2031 submits a node access request to the node allocation module 2014, receives the node access response returned by the node allocation module 2014, and sends node connection information such as node IP and port, node key, and target client signature to the transmission module 2032;

传送模块2032,接收节点接入请求模块2031发送的节点连接信息,利用即时中转通信通道将节点连接信息发送给目标客户端;向节点发送ping指令,并接收节点返回的ping指令响应信息;接收目标客户端返回的节点ping指令响应信息;根据自身的ping指令响应信息和目标客户端返回的ping指令响应信息选择进行数据传输的节点,并将选定的节点通知目标客户端;接收数据加解密模块2033加密的数据,提交给节点转发,同时,接收节点转发的数据,并将数据送交数据加解密模块2033进行解密处理;The transmission module 2032 receives the node connection information sent by the node access request module 2031, and uses the instant transfer communication channel to send the node connection information to the target client; sends a ping command to the node, and receives the ping command response information returned by the node; receives the target client The node ping command response information returned by the client; select the node for data transmission according to its own ping command response information and the ping command response information returned by the target client, and notify the target client of the selected node; receive data encryption and decryption module The encrypted data at 2033 is submitted to the node for forwarding, and at the same time, the data forwarded by the node is received, and the data is sent to the data encryption and decryption module 2033 for decryption processing;

数据加解密模块2033,利用SN_key加密数据,并将加密后的数据转发给传送模块2032;接收传送模块2032转发的数据,利用SN_key对数据进行解密处理。The data encryption and decryption module 2033 uses the SN_key to encrypt data, and forwards the encrypted data to the transmission module 2032; receives the data forwarded by the transmission module 2032, and uses the SN_key to decrypt the data.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.

Claims (16)

1, the data transmission method in a kind of instant messaging, transfer transmission inserts the data between client and the destination client, and described method comprises the steps:
A. select to possess the client of data relay ability as node;
B. be chosen as access client and destination client the node of data relay service is provided, and be that the described node of data relay service that provides distributes a node key;
C. the described node of data relay service that provides is for inserting client and destination client open communication port, to set up node transfer communication passage;
D. by the data between described node transfer communication channel transfer access client and the destination client.
2, data transmission method as claimed in claim 1 is characterized in that, described steps A comprises the steps:
A1. receive facility environment information and network traffic information that client reports;
A2. facility environment information and the network traffic information that reports according to client selects to possess the client of data relay ability as node;
A3. preserve facility environment information, network traffic information and the node signature of described node.
3, data transmission method as claimed in claim 1 is characterized in that, described step B comprises the steps:
B1. receive the node access request that client is initiated that inserts;
B2. being chosen as access client and destination client provides the node of data relay service;
B3. be that the described node that provides data relay to serve distributes a node key, and use the described node signature of the node of data relay service that provides to generate access client signature and destination client signature;
B4. insert request-reply to inserting the client return node.
4, data transmission method as claimed in claim 1 is characterized in that, described step C comprises the steps:
C1. inserting client will be to destination client sending node link information;
C2. the ping instruction is carried out to each node in the node link information in the destination client, and to inserting client return node ping commanded response information;
C3. insert client according to the ping commanded response information of destination client and the node ping commanded response information that self obtains, select to carry out the node of transfer of data, and the notification target client;
C4. insert client and destination client and initiate to insert request to the node that the data relay service is provided;
C5. provide the node of data relay service to verify to inserting client and destination client;
C6., the node that the data relay service is provided is for verifying access client and the destination client open communication port that passes through.
5, data transmission method as claimed in claim 1 is characterized in that, described step D comprises the steps:
D1. insert client and utilize the node key ciphered data to the node transmission that the data relay service is provided;
D2., the node that data relay service is provided with described data forwarding to the destination client;
D3. the destination client utilizes the data that the node key decryption node is transmitted.
6, data transmission method as claimed in claim 3 is characterized in that, described node inserts access client signature and the destination client signature that request-reply comprises node signature, node IP and port, node key and utilizes described node signature to generate.
7, data transmission method as claimed in claim 4 is characterized in that, described node link information comprises node signature, node IP and port, node key and destination client signature.
8, data transmission method as claimed in claim 5 is characterized in that, described step D further comprises the steps:
D4. central server issues the network traffics control information to the described node of data relay service that provides;
D5. provide the node of data relay service to receive the network traffics control information, control local network flow;
D6. provide the node of data relay service to return local network flow control result to central server.
9, data transmission method as claimed in claim 1 is characterized in that, described the node of data relay service is provided is the node of IP near described access client ip or destination client IP in order to insert client and destination client.
10, the data transmission system in a kind of instant messaging is used for the data between transfer transmission access client and the destination client, and described system comprises central server subsystem, node subsystem and client-end subsystem, wherein:
The central server subsystem is used to be chosen as the access client and the destination client provides the node of data relay service, and is that each node distributes a node key;
The node subsystem is used to set up node transfer communication passage, and transmits the data that insert client and destination client submission by described node transfer communication passage;
Client-end subsystem is used to select provide the node of data relay service, submits to described node to transmit data.
11, data transmission system as claimed in claim 10 is characterized in that, described central server subsystem comprises node Access Management, nodal information memory module, key and signature generation module and node distribution module, wherein:
The node Access Management, receive facility environment information and network traffic information that client regularly reports, selection provides the node of data relay service to client, and submits to the nodal information memory module to preserve facility environment information, network traffic information and the node signature of described node; Issue the network traffics control information to node, the network traffics control result that receiving node returns;
The nodal information memory module receives and facility environment information, network traffic information and the node of the node that the memory node Access Management is submitted to are signed; The querying node request of receiving node distribution module is chosen as the node that client provides the data relay service, and the IP and the port information of described node are delivered the node distribution module, and the node signature of described node is delivered key and signature generation module;
Key and signature generation module, the node signature that the receiving node information storage module is delivered utilizes described node to sign and generates access client signature and destination client signature, and is node key of each node distribution; To insert client signature, destination client signature and node key and deliver the node distribution module;
The node distribution module, receive the node access request that client is submitted to that inserts, to nodal information memory module sending node query requests, the IP of the node that the receiving node information storage module is delivered and port, and key and signature generation module access client signature, destination client signature and the node key delivered, insert request-reply to inserting the client return node.
12, data transmission system as claimed in claim 10 is characterized in that, described node subsystem comprises information reporting module and access transit module, wherein:
The information reporting module reports central server with facility environment information and described network traffic information; The network traffics control information that the receiving center server issues is transmitted to the access transit module with described network traffics control information, receives to insert the network traffics control result that transit module returns, and described network traffics control result is reported central server;
Insert transit module, receive the ping instruction that client sends, return ping response information to client; Receive the access request that inserts client and destination client, according to inserting the identity that client signature and destination client signature verification insert client and destination client, to access client and destination client open communication port, set up the transfer communication passage by checking; Receive and insert the data that client is submitted transfer to, data are carried out legitimate verification, and will verify that the data forwarding of passing through is to the destination client; The local network flow is adjusted in the network traffics control information that reception information reporting module is transmitted, and network traffics are controlled return information reporting module as a result.
13, data transmission system as claimed in claim 10 is characterized in that, described client-end subsystem comprises node request module, delivery module and data encrypting and deciphering module, wherein:
Node inserts request module, submits to node to insert request to central server, and the node that the receiving center server returns inserts request-reply; The node link information is sent to delivery module;
Delivery module, the node link information that receiving node request access module sends sends to the destination client with described node link information; Send ping instruction, the ping commanded response information that receiving node returns to node; The node ping commanded response information that the receiving target client is returned; According to ping commanded response information and the ping commanded response Information Selection returned of the destination client node that carries out transfer of data of self, and with selected node notification target client; Receive the data of data encrypting and deciphering module encrypt, and give node described data forwarding; The data that receiving node is transmitted, and give the data encrypting and deciphering module with described data forwarding;
The data encrypting and deciphering module is utilized the node key enciphered data, and gives delivery module with described data forwarding; Receive the data that delivery module is transmitted, utilize node key to decipher described data.
14, as claim 11 or 13 described data transmission systems, it is characterized in that described node inserts access client signature and the destination client signature that request-reply comprises node signature, node IP and port, node key and utilizes described node signature to generate.
15, data transmission system as claimed in claim 13 is characterized in that, described node link information comprises node signature, node IP and port, node key and destination client signature.
16, data transmission system as claimed in claim 10 is characterized in that, described is the node of IP near described access client ip or destination client IP for client provides the node of data relay service.
CNB2005100636978A 2005-03-29 2005-03-29 Data transmission method and system in instant communication Expired - Lifetime CN100426801C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005100636978A CN100426801C (en) 2005-03-29 2005-03-29 Data transmission method and system in instant communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005100636978A CN100426801C (en) 2005-03-29 2005-03-29 Data transmission method and system in instant communication

Publications (2)

Publication Number Publication Date
CN1842064A CN1842064A (en) 2006-10-04
CN100426801C true CN100426801C (en) 2008-10-15

Family

ID=37030912

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100636978A Expired - Lifetime CN100426801C (en) 2005-03-29 2005-03-29 Data transmission method and system in instant communication

Country Status (1)

Country Link
CN (1) CN100426801C (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100440792C (en) * 2006-12-14 2008-12-03 北京中星微电子有限公司 Multi-point voice communication method and terminal
CN101076059B (en) * 2007-03-28 2012-09-05 腾讯科技(深圳)有限公司 Customer service system and method based on instant telecommunication
CN101068224B (en) * 2007-06-18 2010-07-28 北京亿企通信息技术有限公司 Information monitoring method in instant messaging system
CN101282302B (en) * 2008-05-29 2012-05-02 腾讯科技(深圳)有限公司 Data transfer method, system, client and server
CN104133728B (en) * 2013-12-16 2015-07-22 腾讯科技(深圳)有限公司 Method and device for communication between processes
CN107231373A (en) * 2017-06-28 2017-10-03 深圳市欧乐在线技术发展有限公司 A kind of internet data safe transmission method and device
CN107708084B (en) * 2017-09-30 2021-02-26 Oppo广东移动通信有限公司 Data processing method and apparatus, computer equipment, computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003283567A (en) * 2002-03-22 2003-10-03 Just Syst Corp Data communication system and method, server device, client device, relay device, and program
CN1487706A (en) * 2003-07-17 2004-04-07 腾讯科技(深圳)有限公司 Method, system and control process for enterprise to communicate timely
US20040152477A1 (en) * 2001-03-26 2004-08-05 Xiaoguang Wu Instant messaging system and method
JP2004326319A (en) * 2003-04-23 2004-11-18 Murata Mach Ltd Relay device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040152477A1 (en) * 2001-03-26 2004-08-05 Xiaoguang Wu Instant messaging system and method
JP2003283567A (en) * 2002-03-22 2003-10-03 Just Syst Corp Data communication system and method, server device, client device, relay device, and program
JP2004326319A (en) * 2003-04-23 2004-11-18 Murata Mach Ltd Relay device
CN1487706A (en) * 2003-07-17 2004-04-07 腾讯科技(深圳)有限公司 Method, system and control process for enterprise to communicate timely

Also Published As

Publication number Publication date
CN1842064A (en) 2006-10-04

Similar Documents

Publication Publication Date Title
US8762707B2 (en) Authorization, authentication and accounting protocols in multicast content distribution networks
CN108551464B (en) A hybrid cloud connection establishment, data transmission method, device and system
US7987359B2 (en) Information communication system, information communication apparatus and method, and computer program
US20230421394A1 (en) Secure authentication of remote equipment
US7747862B2 (en) Method and apparatus to authenticate base and subscriber stations and secure sessions for broadband wireless networks
CN111371730A (en) Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene
US7260841B2 (en) System and method for maintaining access to content in an encrypted network environment
US6725276B1 (en) Apparatus and method for authenticating messages transmitted across different multicast domains
Liyanage et al. Secure communication channel architecture for software defined mobile networks
WO2005096644A1 (en) A method for establishing security association between the roaming subscriber and the server of the visited network
CN115706977B (en) A data transmission method and related equipment
CN102893579B (en) For provide method, node and the equipment of bill in communication system
CN101277297A (en) Conversation control system and method
CN101471767B (en) Method, equipment and system for distributing cipher key
US7233981B2 (en) System and method for multi-site load-balancing of encrypted traffic
CN117155717B (en) Authentication method based on identification password, and cross-network and cross-domain data exchange method and system
CN100426801C (en) Data transmission method and system in instant communication
CN116915486A (en) A cloud service communication system
CN112637145B (en) Network equipment interconnection authentication method and system
CN100596068C (en) Secure Multicast Method Based on Session Initiation Protocol
WO2016000473A1 (en) Business access method, system and device
US8688077B2 (en) Communication system and method for providing a mobile communications service
CN101827079A (en) Blocking and attacking-resistant terminal connection building method and terminal access authenticating system
CN115102698A (en) Digital signature method and system for quantum encryption
CN102412962B (en) The distribution method and device of group secure connection joint ciphering key AK

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20081015