Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

HTTP safety communication method and system applicable for CDN value added service platform

A value-added service platform and secure communication technology, applied in transmission systems, electrical components, etc., can solve problems such as failure of security defense capabilities, inability to defend against client reverse cracking, and achieve the effect of defending against replay attacks

Active Publication Date: 2015-12-09
CHINANETCENT TECH
View PDF5 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method cannot prevent client reverse cracking
The attacker reversely analyzes the client logic through decompilation, disassembly, etc., and masters the synchronization and encryption methods, and the security defense capability will be completely invalid.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP safety communication method and system applicable for CDN value added service platform
  • HTTP safety communication method and system applicable for CDN value added service platform
  • HTTP safety communication method and system applicable for CDN value added service platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0082] Example 1: Normal HTTP request

[0083] 1) The client uses HTTPS to initiate a login request, and the request content is as follows:

[0084] POST / loginHTTP / 1.1

[0085] User-Agent:Test-Client

[0086] Content-Length: 34

[0087] Host:www.cdnvas.com

[0088] {

[0089] username=testusr;

[0090] password=testpwd;

[0091] }

[0092] 2) The value-added service platform dispatch control center checks the account name and password and confirms that it is valid. Use MD5 algorithm to calculate "username_password" to get the user's identity token. MD5(testusr_testpwd)=58d04acca5d09641967d3f28756da156.

[0093] 3) The value-added service platform dispatch control center selects a CDN node for the client with an IP address of 123.1.13.76, and issues the identity token to this CDN node. The CDN node stores this identity token in the local database.

[0094] 4) The value-added service platform dispatch control center obtains the current timestamp, T auth =1433903295. The first half of the ke...

Embodiment 2

[0118] Embodiment two: replay attack

[0119] 1) The attacker intercepts the normal HTTP request sent by the client of the system through sniffing.

[0120] 2) After a period of time, the attacker uses a replay attack on other client devices to issue a large number of replay requests that are exactly the same as the intercepted request data.

[0121] 3) When the replay request reaches the node, the node checks the timestamp.

[0122] 4) The request time stamp does not meet the time verification rules, and the request is rejected.

Embodiment 3

[0123] Embodiment 3: Client reverse cracking, theft of identity token

[0124] 1) The attacker reverse-engineered the client through decompilation and fully understood the client encryption and decryption process.

[0125] 2) The attacker intercepted the authentication request through sniffing. Since the authentication request uses HTTPS, the attacker cannot obtain the key and the encryption algorithm used.

[0126] 3) The attacker intercepted the HTTP request through sniffing, and obtained the timestamp and the ciphertext of the identity token.

[0127] 4) Since the key is generated by calculating the timestamp according to specific rules, and the algorithm only exists in the control center and nodes, the attacker cannot know the specific rules, so the attacker cannot obtain the key information from the intercepted request.

[0128] 5) The attacker cannot decrypt the ciphertext of the identity token, and the theft of the identity token fails.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a HTTP safety communication method and a system applicable for a CDN value added service platform. A client end should obtain an available identification token from a dispatching control center of the value added service platform and attaches the identification token information when a CDN node makes a HTTP request. The CDN node will identify the identification token information, reject invalid requests of the token and release valid request to a source station. According to the invention, by taking advantages of characteristics of the business structure of the CDN value added service platform, a little of additional safe data is added in a HTTP data package, and safety verification is carried out, so on the premise that deployment cost and additional resource consumption are lower than HTTPS, the objective of safe transmission is achieved.

Description

Technical field [0001] The present invention relates to the technical field of HTTP secure communication, in particular to an HTTP secure communication method and system suitable for a CDN value-added service platform. Background technique [0002] Hypertext Transfer Protocol (HTTP, HyperTextTransferProtocol) is the most widely used network protocol on the Internet. All WWW documents must comply with this standard. The HTTP protocol is a stateless protocol based on plain text, which has serious security risks. [0003] The full name of CDN is ContentDeliveryNetwork, that is, content delivery network. It publishes the content of the website to the edge of the network closest to the user by adding a new network architecture to the existing Internet, and directs user requests to the nearest service node. Thereby alleviating network congestion and improving user access speed. [0004] The CDN value-added service platform refers to various service platforms with high value-added servic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0428H04L63/08H04L67/02
Inventor 洪珂邹爽
Owner CHINANETCENT TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com