Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

HTTP secure communication method and system suitable for CDN value-added service platform

A value-added service platform and secure communication technology, applied in transmission systems, electrical components, etc., can solve problems such as failure of security defense capabilities, inability to defend against client reverse cracking, etc., and achieve the effect of defending against replay attacks

Active Publication Date: 2018-04-17
CHINANETCENT TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method cannot prevent client reverse cracking
The attacker reversely analyzes the client logic through decompilation, disassembly, etc., and masters the synchronization and encryption methods, and the security defense capability will be completely invalid.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP secure communication method and system suitable for CDN value-added service platform
  • HTTP secure communication method and system suitable for CDN value-added service platform
  • HTTP secure communication method and system suitable for CDN value-added service platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0083] Example 1: Normal HTTP request

[0084] 1) The client uses HTTPS to initiate a login request, and the content of the request is as follows:

[0085] POST / login HTTP / 1.1

[0086] User-Agent: Test-Client

[0087] Content-Length: 34

[0088] Host: www.cdnvas.com

[0089] {

[0090] username=testusr;

[0091] password=testpwd;

[0092]}

[0093] 2) The dispatch control center of the value-added service platform checks the account name and password and confirms that they are valid. Use the MD5 algorithm to calculate the "username_password" to get the user's identity token. MD5(testusr_testpwd)=58d04acca5d09641967d3f28756da156.

[0094] 3) The dispatch control center of the value-added service platform selects a CDN node for the client with an IP address of 123.1.13.76, and issues the identity token to the CDN node. The CDN node stores this identity token in the local database.

[0095] 4) The dispatch control center of the value-added service platform obtains the c...

Embodiment 2

[0127] Example 2: Replay attack

[0128] 1) The attacker intercepts the normal HTTP request sent by the client of the system through sniffing.

[0129] 2) After a period of time, the attacker uses a replay attack on other client devices to send a large number of replay requests that are exactly the same as the intercepted request data.

[0130] 3) When the replay request reaches the node, the node verifies the timestamp.

[0131] 4) The requested timestamp does not comply with the time verification rules, and the request is rejected.

Embodiment 3

[0132] Example 3: Client reverse cracking, stealing identity tokens

[0133] 1) The attacker reverses the client through decompilation and fully understands the encryption and decryption process of the client.

[0134] 2) The attacker intercepts the authentication request by sniffing. Since the authentication request uses HTTPS, the attacker cannot obtain the key and the encryption algorithm used.

[0135] 3) The attacker intercepts the HTTP request by sniffing, and obtains the time stamp and identity token ciphertext.

[0136]4) Since the key is generated by calculating the timestamp according to specific rules, and the algorithm only exists in the control center and nodes, the attacker cannot know the specific rules, so the attacker cannot obtain the key information from the intercepted request.

[0137] 5) The attacker cannot decrypt the ciphertext of the identity token, and the theft of the identity token fails.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a HTTP safety communication method and a system applicable for a CDN value added service platform. A client end should obtain an available identification token from a dispatching control center of the value added service platform and attaches the identification token information when a CDN node makes a HTTP request. The CDN node will identify the identification token information, reject invalid requests of the token and release valid request to a source station. According to the invention, by taking advantages of characteristics of the business structure of the CDN value added service platform, a little of additional safe data is added in a HTTP data package, and safety verification is carried out, so on the premise that deployment cost and additional resource consumption are lower than HTTPS, the objective of safe transmission is achieved.

Description

technical field [0001] The invention relates to the technical field of HTTP secure communication, in particular to an HTTP secure communication method and system suitable for a CDN value-added service platform. Background technique [0002] Hypertext Transfer Protocol (HTTP, HyperText Transfer Protocol) is the most widely used network protocol on the Internet. All WWW documents must comply with this standard. The HTTP protocol is a plaintext-based, stateless protocol, which has serious security risks. [0003] The full name of CDN is Content Delivery Network, that is, content distribution network. It adds a new layer of network architecture to the existing Internet, publishes the content of the website to the edge of the network closest to the user, and directs the user request to the nearest service. nodes, thereby alleviating network congestion and improving user access speed. [0004] The CDN value-added service platform refers to various service platforms developed on...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0428H04L63/08H04L67/02
Inventor 洪珂邹爽
Owner CHINANETCENT TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com