CN102984277B

CN102984277B - Prevent the system and method that malice connects

Info

Publication number: CN102984277B
Application number: CN201210548620.XA
Authority: CN
Inventors: 吴浩; 任寰
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2012-12-17
Filing date: 2012-12-17
Publication date: 2015-11-25
Anticipated expiration: 2032-12-17
Also published as: CN102984277A

Abstract

The invention provides a kind of system preventing malice from connecting, comprising: browser client, for sending connection request to distributor, and connecting with corresponding socket server according to the distribution of described distributor; Distributor, for receiving the connection request that browser client sends, and be this browser client distribution socket server, and be this connection distribution connection identifier (CID, the link information of distributed socket server and this connection identifier (CID are sent to browser client by distributor, and are cached in buffer by relevant information; Socket server, for receiving described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.Utilize the solution of the present invention can stop taking in a large number and shelving of storage resources, and prevent the generation of illegal connection.

Description

Prevent the system and method that malice connects

Technical field

The present invention relates to information technology data field of synchronization, particularly relate to a kind of system and method preventing malice from connecting.

Background technology

At present, along with the development of network technology, the Internet, as huge information resources, becomes the most convenient of people's obtaining information, efficiently approach.At present, user uses personal computer to access internet (Internet) usually, and browser (Browser) accessed web page by installing in personal computer, obtain the information needed.Along with the development of mobile communication technology, user can also by supporting the mobile terminal access internet of browser function, such as mobile phone, personal digital assistant (PersonalDigitalAssistant is called for short PDA).

But, no matter the browser on personal computer or the browser on mobile terminal, generally do not provide Push Service, the information interaction of server end and client depends on the connection that client is initiated, information cannot be sent to client by server end on one's own initiative, thus cannot realize the real-time synchronization of the information between server end and browser client.

In prior art, the most frequently used mode realizing browser client and server-side browser data syn-chronization is that browser client sends request to server end with certain frequency, as once in a week or monthly, if service end has the renewal of relevant information, obtain these information.But applicant finds that this kind of data syn-chronization mode exists following technological deficiency: efficiency comparison is low, take resource real real-time synchronization that is many, that can not accomplish content upgrades.

In the real time data synchronization in order to realize browser client, and when safeguarding the connection of browser client and network side, there is some browser client malice ceaselessly initiate situation from connection request to network side, and network side is ceaselessly to these browser clients end subscriber allocation of network resources, and by assignment information ceaselessly stored in corresponding thesaurus, then can take a large amount of storage resources, cause a large amount of wastes of storage resources.A kind of effective mechanism is lacked to prevent the generation of illegal connection in prior art.

Summary of the invention

In view of the above problems, the present invention is proposed to provide a kind of system and method preventing malice from connecting overcoming the problems referred to above or solve the problem at least in part.

According to an aspect of the present invention, provide a kind of system preventing malice from connecting, this system comprises: browser client, for sending connection request to distributor, connect with request and socket server, and connect with corresponding socket server according to the distribution of described distributor; Distributor, for receiving the connection request that browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described browser client by distributor, and are cached in buffer by the information relevant to this connection request and this connection identifier (CID; Socket server, for receiving described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.

According to another aspect of the present invention, provide a kind of method preventing malice from connecting, the method comprises: browser client sends connection request to distributor, to ask to connect with socket server, and connects with corresponding socket server according to the distribution of described distributor; Distributor receives the connection request that browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described browser client by distributor, and are cached in buffer by the information relevant to this connection request and this connection identifier (CID; Socket server receives described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.

According to a further aspect of the invention, provide in a kind of browser real-time synchronization the system preventing malice from connecting, this system comprises cloud storage server end, push server and multiple browser client, distributor and socket server, wherein: described cloud storage server end, for issuing conditional information and command information when there being Data Update to described push server; Described push server, for determining destination client according to this conditional information in described multiple browser client, and sends to described destination client by socket server by described command information; And described destination client, for realizing the data syn-chronization of itself and cloud storage server end according to described command information; Distributor, it connects described multiple browser client and socket server, carry out with socket server the connection request that is connected for what receive that described multiple browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described multiple browser client by distributor, and are cached in buffer by the information relevant to connection request and this connection identifier (CID; Socket server, it connects described distributor, push server and multiple browser client, for receiving described connection identifier (CID from described multiple browser client and verify, keep according to the result or disconnect the connection between described multiple browser client, and for described command information is transmitted to described destination client from push server.

Utilize the system and method preventing malice from connecting of the present invention, have the following advantages:

1) taking in a large number and shelving of storage resources can be stopped, and prevent the generation of illegal connection;

2) by arranging push server, the data content stored at cloud storage server end occurs more under news, in time command information is sent to destination client by push server, thus achieves the real time data synchronization of cloud storage server end and browser client simply, efficiently;

3) by increasing socket server, distributor and distribution information database, the connection of cloud storage server end, push server and destination client is achieved smoothly;

4) command information pushing to destination client by push server is notification message, after the notification message receiving push server propelling movement, the data content occurring to upgrade is downloaded in destination client from cloud storage server end, carry out the synchronous of local data content according to downloading contents, thus system resource can be saved further.

Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of specification, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.

Accompanying drawing explanation

By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:

Fig. 1 is the structural representation realizing the synchronous system of browser data according to an embodiment of the invention;

Fig. 2 is the structural representation realizing the synchronous system of browser data in accordance with another embodiment of the present invention;

Fig. 3 is for realizing the schematic diagram of the process that browser client and socket server connect in the synchronous system of browser data shown in Fig. 2;

Fig. 4 is for realizing the schematic diagram of the process of carrying out information pushing in the synchronous system of browser data under first kind scene to destination client shown in Fig. 2;

Fig. 5 is for realizing the schematic diagram of the process of carrying out information pushing in the synchronous system of browser data under Equations of The Second Kind scene to destination client shown in Fig. 2;

Fig. 6 is for realizing the schematic diagram of the process of carrying out information pushing in the synchronous system of browser data under the 3rd class scene to destination client shown in Fig. 2;

Fig. 7 is the flow chart realizing the synchronous method of browser data according to the embodiment of the present invention;

Fig. 8 is the structural representation realizing the synchronous browser client of browser data according to the embodiment of the present invention;

Fig. 9 is the structure chart of the system preventing malice from connecting according to the embodiment of the present invention;

Figure 10 is the method flow diagram preventing malice from connecting according to the embodiment of the present invention;

Figure 11 is the dispenser configuration figure distributed multiple socket server according to the embodiment of the present invention;

Figure 12 is the method flow diagram distributed multiple socket server according to the embodiment of the present invention.

Embodiment

Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.

In one exemplary embodiment of the present invention, provide and a kind ofly realize the synchronous system of browser data.As shown in Figure 1, this system realizing browser data synchronous comprises: cloud storage server end 1, push server 2 and multiple browser client 3,4.Wherein, cloud storage server end 1, for issuing conditional information and command information when there being Data Update to push server; Push server 2, for determining destination client according to conditional information in multiple browser client, and pushes to destination client 3 by this command information; Destination client 3, for the data syn-chronization according to this command information realize target client and cloud storage server end.

In the embodiment shown in fig. 1, by arranging independent push server 2, the data content stored at cloud storage server end occurs more under news, in time command information is sent to destination client by push server, thus achieves service end information and client real-time synchronization simply, efficiently.

As shown in Figure 1, starting client 4 and destination client 3 is included in multiple browser client.Wherein, starting client 4, for upgrading the data be stored in cloud storage server end 1.This starting client 4 and destination client 3 can belong to same user, also can belong to different users.The application scenarios that this starting client 4 and destination client 3 belong to the situation of same user main is: same user uses different equipment (such as mobile phone and PC) to log in browser, one of them (such as PC) changes collection, so needs another equipment (mobile phone) this renewal being synchronized to same user.The application scenarios that this starting client 4 and destination client 3 do not belong to the situation of same user is such as the information communication between different browsers client.

Certainly, the present invention also can by the renewal of cloud storage server end self initiation to data content, and in this case, the initiation browser client in Fig. 14 can not exist.The scene of this situation is such as: system pushes news messages or weather forecast to all browser clients; Or system is initiated to upgrade instruction to the browser client of certain versions all.

Because the cloud storage server end 1 within dotted line frame in Fig. 1, destination client 3 and starting client 4 are existing in existing browser, therefore add push server on this basis and can effectively utilize original system architecture, reduce and realize cost of the present invention.

In order to realize the connection of cloud storage server end 1, push server 2 and destination client 3, as shown in Figure 2, the system realizing browser client synchronous with cloud storage server end data can also comprise multiple socket server, distributor.

Distributor, for after receiving the connection request of client, for it distributes corresponding socket server and connection identifier (CID, and is stored to distribution information database by user totem information and connection identifier (CID.Detailed connection establishment process as shown in Figure 3, comprising:

Step S301, browser client submits connection request to distributor, at least user totem information is comprised in this connection request, for login user, its user totem information can comprise user name, and for A non logged-on user, its user totem information can comprise the machine hardware mark of user.

For login user, this user totem information can be a character string.Wherein, this character string, except the user name of login user, also comprises the information such as login time and checking character.User is called user's unique identifying number, i.e. a numeral, for representing a user.Checking character generates according to user name, namely judges whether user totem information is modified by authenticator symbol.

For A non logged-on user, this user totem information can comprise the machine hardware mark of A non logged-on user, and wherein machine hardware is designated machine unique identification, for client is generated by Hash such as subscriber set hardware, system configuration.

In addition, in order to the screening of follow-up destination client, this connection request can also comprise user's characteristic information, such as: IP address information, browser version information, or the user's characteristic information such as users classification information.Wherein, browser version number, users classification information, or the user's characteristic information such as IP address information may be used for follow-up client Select to use.

Step S302, distributor uses preset algorithm to carry out calculating a numerical value based on this user totem information, is submit to the browser client of connection request to distribute socket server according to this numerical value; This numerical value is that the overall situation is unique, i.e. connection identifier (CID; The link information such as IP address, port of this socket server and connection identifier (CID are sent to the browser client submitting request to by distributor;

In this step, default algorithm is used to calculate above-mentioned numerical value according to the user name of login user.For A non logged-on user, directly adopt the machine hardware mark of A non logged-on user to calculate above-mentioned numerical value, this algorithm can be cyclic redundancy check (CRC) (CRC) 32 algorithm.

Step S303, browser client connects with corresponding socket server according to the IP address of the socket server received and port numbers, and this connection can be that transmission control protocol TCP (TransmissionControlProtocol) connects.When browser client and socket server connect, this socket server obtains the resource identifier identifying this socket server and browser client annexation.Browser client utilizes the connection of having set up to transmit its connection identifier (CID received to this socket server.

Step S304, after socket server receives connection identifier (CID, verifies to distributor this connection identifier (CID, if be proved to be successful, then keep the connection of setting up between browser client, if verify unsuccessful, then disconnects the connection of having set up.

Step S305, user totem information (user name of login user or the machine hardware mark of A non logged-on user), user's characteristic information (if any) and connection identifier (CID are stored in distribution information database by distributor, and obtained resource identifier is also stored in this distribution information database by socket server.

It should be noted that, changing the distribution that causes chaotic in order to prevent server end, browser client needs to connect re-executing step S301-step S304 after a period of time.

In addition, for each socket server, in distribution information database, all there is corresponding independent tables of data, to reduce the scale of tables of data, accelerate to push the stage, the inquiry velocity of socket server at follow-up.

By increasing distributor and socket server, and distribution information database is set in distributor, make it possible in the stage of connecting, user totem information, connection identifier (CID, resource identifier and user's characteristic information etc. are stored in distribution information database, thus achieve the propelling movement of push server to the data content of goal-selling client.

In the information pushing stage: push server, for conditional information and command information are sent to socket server; Socket server, the information for push server being pushed is forwarded to corresponding destination client.Point three class scenes below detailed information pushing process are described in detail.

(1) when this real-time synchronization is initiated by starting client, and when starting client and reception client belong to same user, conditional information comprises user totem information.For example, as shown in Figure 4, this information pushing process comprises:

Step S401, the data that starting client is initiated being stored in the storage of cloud storage server end upgrade;

In this step, the data that cloud storage server end stores comprise one of following: collection information, history information, browser configuration information, note information, log in other possible information of house keeper's information, prompting message information, key information etc.

Step S402, cloud storage server end sends conditional information and command information to push server, this conditional information comprises user totem information, the user name of such as login user or the machine hardware mark of non-login user, and in this conditional information, also comprise the resource identifier of the connection of this starting client of mark socket server corresponding with it;

Step S403, push server calculates a numerical value by the algorithm same with distributor according to user totem information, thus the socket server obtained as destination client distribution, and conditional information and command information are sent to this to be the socket server that destination client is distributed, wherein this numerical value is that the overall situation is unique, i.e. connection identifier (CID;

Step S404, socket server is according to the distribution information database in the user totem information inquiry distributor in conditional information, determine the resource identifier corresponding with destination client, wherein eliminate the resource identifier of the connection of the mark starting client socket server corresponding with it;

Step S405, socket server according to this resource identifier with the connection of this destination client (one or more) in send this command information to this client.

(2) when this real-time synchronization is initiated by starting client, and when starting client and reception client belong to different login user, namely conditional information comprises user totem information, and as shown in Figure 5, this information pushing process comprises:

Step S501, the data that starting client is initiated being stored in the storage of cloud storage server end upgrade;

In this step, the data that cloud storage server end stores comprise one of following: collection information, history information, browser configuration information, note information, log in information that house keeper's information, prompting message information, key information, news information and/or user generate etc.

Step S502, cloud storage server end sends conditional information and command information to push server, and wherein this conditional information can comprise user totem information, the user name of such as login user or the machine hardware mark of non-login user;

Step S503, push server calculates a numerical value by the algorithm same with distributor according to user totem information, thus the socket server obtained as destination client distribution, and conditional information and command information are sent to this to be the socket server that destination client is distributed, wherein this numerical value is that the overall situation is unique, i.e. connection identifier (CID;

Step S504, socket server, according to the distribution information database in the user totem information inquiry distributor in conditional information, determines the resource identifier of destination client;

Step S505, corresponding socket server according to this resource identifier, with the connection of destination client (one or more) in send this notification message to this client, so far, information pushing process terminates.

(3) when this real-time synchronization is initiatively initiated by cloud storage server end, and conditional information comprises the Feature Selection information of destination client, and does not comprise user totem information, and wherein Feature Selection information also can be empty,

In this case, in the connection establishment stage, to be submitted in connection request also comprise Feature Selection information by browser client to distributor, it is with such as front to distribute the user's characteristic information of preserving in information database corresponding.

As shown in Figure 6, this information pushing process comprises:

Step S601, cloud storage server end issues in conditional information and command information to push server, comprise the Feature Selection information (version number of such as certain browser) of destination client in conditional information, this command information is such as the instruction of notice customer upgrade;

Step S602, conditional information and command information are pushed to all socket servers by push server;

Step S603, each socket server submits inquiry request respectively to the distribution information database of distributor, comprises Feature Selection information in this inquiry request; Distribution information database is according to the user's characteristic information of each browser client in Feature Selection condition query distribution information database, determine the resource identifier of the destination client meeting this Feature Selection condition, and this resource identifier is back to each socket server of initiating inquiry;

Step S604, each socket server sends command information according to the resource identifier received to corresponding client, and so far, information pushing process terminates.

In order to save system resource further, the command information being pushed to browser client 3 by push server 2 is notification message.In this case, browser client, also for after the notification message receiving push server propelling movement, connects with cloud storage server end, download the data content occurring to upgrade from cloud storage server end, carry out the synchronous of local data content according to the data content downloaded.Transmission data volume can be reduced by transmitting notification message, reducing system resource and taking.

Certainly, the command information being pushed to destination client by push server also can be content-message, namely the data content occurring to upgrade is comprised in this content-message, in this case, destination client is after the content-message receiving push server propelling movement, from this content-message, extract the data content occurring to upgrade, carry out the synchronous of local data content according to the data content extracted.Directly content-message can be pushed to client by transmitting content-message, information transmission is quick, and step is simple.

In order to realize multilingual support, call text easily, between push server and cloud storage server end, adopt HTTP interface.

Based on realizing the synchronous system of browser data shown in Fig. 1 and Fig. 2, invention further provides and a kind ofly realize the synchronous method of browser data.As shown in Figure 7, this method realizing browser data synchronous comprises:

Step S710, cloud storage server end issues conditional information and command information when there being Data Update to push server;

Step S720, push server determines destination client according to this conditional information in multiple browser client, and this command information is sent to destination client;

Step S730, destination client realizes the data syn-chronization of itself and cloud storage server end according to command information.

Further, also comprise before step S710 and set up socket between browser client with socket server and be connected, this establishment of connection process as shown in Figure 3, just repeats no more here.

Further, step S710 cloud storage server end issues to push server when there being Data Update in the step of conditional information and command information, if comprise the login user user name of destination client or the machine hardware mark of non-login user in conditional information, comprise following two kinds of situations:

Situation one: starting client and reception client belong to same user, this user uses different equipment (such as mobile phone and PC) to log in browser, one of them (such as PC) changes collection, so needs another equipment (mobile phone) this renewal being synchronized to same user;

In this situation, first starting client initiates the relevant configuration be stored in cloud storage server end, function or the information of collection or the amendment of other information.Then cloud storage server end sends conditional information and command information to push server, this command information comprises content-message and notification message, this command information will be sent to destination client according to conditional information by socket server by push server, and wherein this destination client eliminates starting client.Information pushing process in this kind of situation as shown in Figure 4, also repeats no more here.

Situation two: starting client and reception client do not belong to same user, thus realize the information interaction by client between different user.

Specifically, conditional information and content-message are sent to cloud storage server end by the client of a user, by conditional information and related notification message, it is sent to pusher to cloud storage server end, notification message is sent to object client according to conditional information by pusher, and then object client can access cloud storage server end to obtain content.Information pushing process in this case as shown in Figure 5, also repeats no more here.

In addition, if do not comprise the user totem information of destination client in conditional information, and Feature Selection information can be comprised, then also comprise following situation:

Situation three: cloud storage server end self has Data Update, needs browser client and cloud storage server end to carry out data syn-chronization, and cloud storage server end initiatively issues conditional information and command information to push server, such as:

1, cloud storage server end initiates to upgrade instruction to all browser clients of certain version, redaction is upgraded to make all browser clients of this version, wherein, command information is the notification message upgrading to redaction, condition is the client of certain version browser, and namely Feature Selection information is wherein the version number of browser client.Then this command information sends to the destination client in multiple browser client to comprise according to this conditional information by push server: the notification message upgrading to redaction is sent to all browser clients of certain version by push server.

2, cloud storage server end pushes news messages to all browser clients, and its conditional is all browser clients, and namely Feature Selection information is empty, and command information is the content-message comprising news messages; Then this command information sends to the destination client in multiple browser client to comprise according to this conditional information by push server: the content-message comprising news messages is sent to all browser clients by push server.Should be appreciated that, transmission also can be notification message.

3, cloud storage server end pushes weather forecast to the browser client of different regions, and its conditional is the browser client in a certain area, and namely Feature Selection information is the IP section of this certain area correspondence, and command information is the content-message comprising weather forecast; Then this command information sends to the destination client in multiple browser client to comprise according to this conditional information by push server: the content-message comprising weather forecast is sent to the browser client in a certain area by push server.Should be appreciated that, transmission also can be notification message.

Information pushing process in this case as shown in Figure 6, also repeats no more here.

Based on realizing the synchronous system of browser data shown in Fig. 1 and Fig. 2, invention further provides and a kind ofly realize the synchronous browser client of browser data.As shown in Figure 8, this browser client comprises: link block, for being established a connection by distributor and socket server, and receives command information from corresponding socket server; Application module, for according to this command information, performs the application operating of its correspondence.Wherein, described command information is notification message or content-message.

As shown in Figure 8, link block comprises again: distributor connexon module, for submitting connection request to described distributor, in this connection request, at least comprise user totem information, and receive link information and the connection identifier (CID of the socket server be assigned with returned by distributor; Socket connexon module, connects for setting up socket according to the link information of socket server received and described connection identifier (CID with corresponding socket server, and passes through the connection of this socket from corresponding socket server reception command information.Wherein, described user totem information is the user name of login user or the machine hardware mark of A non logged-on user.

As shown in Figure 8, can also comprise in above-mentioned browser client: cloud storing communication module, for the application operating of response application module, communicate with cloud storage server end.

In sum, provided by the inventionly thisly realize the synchronous system of browser data, method and browser client, by arranging independent push server, the browser related content stored at cloud storage server end occurs more under news, in time command information can be sent to the destination client in multiple browser client by this push server, solving cannot simply and effectively by the problem of browser client and cloud storage server end data real-time synchronization, thus it is simple, achieve the data syn-chronization of browser client and cloud storage server end efficiently.Thus, can make on the basis of original framework browser client can efficiently, on one's own initiative, resources conservation by information and cloud storage server end real-time synchronization.This system and method can also realize on the basis of original system framework, effectively utilizes original framework, realizes cost effective.

Describedly by reference to the accompanying drawings of the present inventionly realize in the synchronous method of browser data above-mentioned, in the stage of connecting, if there are some browser client malice ceaselessly send request to distributor, then distributor correspondingly ceaselessly can distribute the connection identifier (CID of socket server and correspondence to these users, and assignment information ceaselessly stored in distribution information repository.But these browser clients really do not connect, will a large amount of storage resources be taken thus, cause a large amount of wastes of storage resources.Or there are some browser clients and do not send request to distributor, but attempt being connected with socket server with illegal connection identifier (CID.

In order to stop taking in a large number and shelve and preventing the generation of illegal connection of storage resources, according to still another embodiment of the invention, propose a kind of system preventing malice from connecting, Fig. 9 shows the structure chart of this system.

With reference to Fig. 9, this system preventing malice from connecting comprises browser client, distributor and socket server.

Browser client is used for sending connection request to distributor, to ask to connect with socket server, and connects with corresponding socket server according to the distribution of described distributor.

The connection request that distributor sends for receiving browser client, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described browser client by distributor, and the information relevant to this connection request and this connection identifier (CID are cached in buffer.The information relevant to this connection request can comprise the user totem information and user's characteristic information that comprise in connection request.

Socket server is used for receiving described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.

If socket server is to the result of described connection identifier (CID for passing through, then the connection of having set up described in keeping, if do not passed through, then disconnects described connection.This checking refers to that the described socket server of checking receives connection identifier (CID from the browser client of described submission request and whether is kept at described buffer, if there is preservation, then the result is legal, otherwise is illegal.

Browser client to connect with corresponding socket server according to the distribution of distributor and comprises: browser client connects according to the link information received from distributor and connection identifier (CID and socket server, and this connection is that TCP connects.

Buffer discharges after preserving a predetermined amount of time to the information be buffered in wherein.This predetermined amount of time sets in advance to buffer, can arrange the size of this time period according to actual needs, such as, can be 30 seconds, and this buffer abandons the storage content exceeding this duration automatically, release memory space, can arrange the length size of this time period according to actual needs.

This buffer can use any suitable caching technology to realize, such as, redis can be used to realize.Can safeguard inside redis that one take connection identifier (CID as the information list of keyword, wherein can comprise the information such as connection identifier (CID, user totem information, machine hardware mark, version number.Redis is a key assignments storage system, it is a high performance key value database, it supports that the type of the value stored is relatively more, comprises string (character string), list (chained list), set (set) and zset (ordered set).

If in browser client another predetermined amount of time after connecting with described socket server, browser client does not send connection identifier (CID to socket server, then socket server disconnects the connection of setting up.This predetermined amount of time is preset, such as, can be 10 seconds, can arrange the length of this time period according to actual needs.By arranging this predetermined amount of time, can system resource be saved, preventing the generation that malice connects.

Distributor comprises for browser client distributes socket server according to connection request: distributor uses preset algorithm to carry out calculating a numerical value according to the user totem information comprised in the connection request received from browser client, is submit to the browser client of connection request to distribute socket server according to this numerical value.This numerical value is that the overall situation is unique, i.e. connection identifier (CID.

Described user totem information comprises: the user name of login user, the machine hardware mark of A non logged-on user.For login user, its user totem information can comprise user name, and for A non logged-on user, its user totem information can comprise the machine hardware mark of user.For login user, this user totem information can be a character string.Wherein, this character string, except the user name of login user, also comprises the information such as login time and checking character.User is called user's unique identifying number, i.e. a numeral, for representing a user.Checking character generates according to user name, namely judges whether user totem information is modified by authenticator symbol.For A non logged-on user, this user totem information can comprise the machine hardware mark of A non logged-on user, and wherein machine hardware is designated machine unique identification, for client is generated by Hash such as subscriber set hardware, system configuration.

In addition, in order to the screening of follow-up destination client, this connection request can also comprise user's characteristic information, such as: IP address information, browser version information, or the user's characteristic information such as users classification information.Wherein, browser version number, users classification information, or the user's characteristic information such as IP address information may be used for follow-up browser client Select to use.

Browser client is when setting up the connection with socket server, and socket server obtains the resource identifier identifying this socket server and browser client annexation.

Socket server, after being proved to be successful connection identifier (CID, extracts information, the connection identifier (CID relevant to this connection request from described buffer, by the information that extracts together with obtained resource identifier in the lump stored in the database of distributor.

This database can use any suitable database to realize, such as can select Doctype database, the present invention preferably selects the database to data columns does not limit to realize, and to make data items flexibility and changeability, is conducive to the compatibility to data items disappearance and expansion.MongoDB cluster such as can be used to realize this database, but the similar databases such as CouchDB also can be used to realize.Specifically, adopt the form of cluster can realize following advantage: 1. distributed storage, improve write renewal speed; 2. distributed query calculates, and improves search efficiency; 3. redundancy backup in cluster, improves data reliability.

This system also comprises cloud storage server end and push server further, wherein: cloud storage server end, for issuing conditional information and command information when there being Data Update to described push server; Push server, for determining destination client according to this conditional information, and sends to destination client by described socket server by command information; And destination client, for realizing the data syn-chronization of itself and cloud storage server end according to command information, destination client is the client in multiple browser client.

The distribution information repository of distributor is configured to and comprises buffer and database by the system that this prevents malice from connecting of the present invention, wherein pre-sets predetermined amount of time to buffer, and buffer just discharges after preserving this scheduled time to the information be buffered in wherein; On the other hand in browser client another predetermined amount of time after connecting with described socket server, if do not send connection identifier (CID to described socket server, then socket server disconnects the connection of setting up, thus stops taking in a large number and shelve and preventing the generation of illegal connection of storage resources.

According to one more embodiment of the present invention, also proposed a kind of method preventing malice from connecting, Figure 10 shows the flow chart of the method.

With reference to Figure 10, this method preventing malice from connecting comprises step: step S1001, browser client sends connection request to distributor, to ask to connect with socket server.

Step S1002, distributor receives the connection request that browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described browser client by distributor, and the information relevant to this connection request and this connection identifier (CID are cached in buffer.

In this step, distributor uses preset algorithm to carry out calculating a numerical value according to the user totem information comprised in the connection request received from browser client, is submit to the browser client of connection request to distribute socket server according to this numerical value.This numerical value is that the overall situation is unique, i.e. connection identifier (CID.By arranging this predetermined amount of time, can system resource be saved, preventing the generation that malice connects.

Described user totem information comprises: the user name of login user, the machine hardware mark of A non logged-on user.For login user, its user totem information can comprise user name, and for A non logged-on user, its user totem information can comprise the machine hardware mark of user.For login user, this user totem information can be a character string.Wherein, this character string, except the user name of login user, also comprises the information such as login time and checking character.User is called user's unique identifying number, i.e. a numeral, for representing a user.Checking character generates according to user name, namely judges whether user totem information is modified by authenticator symbol.For A non logged-on user, this user totem information can comprise the machine hardware mark of A non logged-on user, and wherein machine hardware is designated machine unique identification, for browser client is generated by Hash such as subscriber set hardware, system configuration.

Described buffer discharges after preserving a predetermined amount of time to the information be buffered in wherein.This predetermined amount of time sets in advance to buffer, can arrange the size of this time period according to actual needs, such as, can be 30 seconds, and this buffer abandons the storage content exceeding this duration automatically, release memory space.

This buffer can use any suitable caching technology to realize, such as, Redis can be used to realize.Can safeguard inside Redis that one take resource identifier as the information list of keyword, wherein can comprise the information such as user totem information, machine hardware mark, version number.

In step S1003, browser client connects with corresponding socket server according to the distribution of distributor.

Browser client is when setting up the connection with socket server, and socket server obtains the resource identifier identifying socket server and browser client annexation.

Step S1004, socket server receives described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.

If in browser client another predetermined amount of time after connecting with described socket server, browser client does not send connection identifier (CID to socket server, then socket server disconnects the connection of setting up.This predetermined amount of time is preset, such as, can be 10 seconds, can arrange the length of this time period according to actual needs.

In this step, if socket server to the result of described connection identifier (CID for passing through, then the connection of having set up described in keeping, if do not passed through, then disconnects described connection.This checking refers to that the described socket server of checking receives connection identifier (CID from the browser client of described submission request and whether is kept at described buffer, if there is preservation, then the result is legal, otherwise is illegal.

This database can use any suitable database to realize, such as can select Doctype database, the present invention preferably selects the database to data columns does not limit to realize, and to make data items flexibility and changeability, is conducive to the compatibility to data items disappearance and expansion.MongoDB cluster such as can be used to realize this database, but the similar databases such as CouchDB also can be used to realize.The method also comprises step S1005 further, and cloud storage server end issues conditional information and command information when there being Data Update to described push server.

Step S1006, push server determines destination client according to this conditional information, and by socket server, described command information is sent to described destination client.

Step S1007, destination client realizes the data syn-chronization of itself and cloud storage server end according to described command information, and destination client is the client in multiple browser client.

According to one more embodiment of the present invention, additionally provide a kind of system preventing malice from connecting.This system comprises: cloud storage server end, push server and multiple browser client, distributor and socket server.

Cloud storage server end is used for issuing conditional information and command information when there being Data Update to described push server.

Push server is used in described multiple browser client, determining destination client according to this conditional information, and by socket server, described command information is sent to described destination client.

Destination client is for realizing the data syn-chronization of itself and cloud storage server end according to described command information.

Distributor connects multiple browser client and socket server, carry out with socket server the connection request that is connected for what receive that described multiple browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described multiple browser client by distributor, and the information relevant to connection request and this connection identifier (CID are cached in buffer.

Wherein distributor uses preset algorithm to carry out calculating a numerical value according to the user totem information comprised in the connection request received from browser client, it is the browser client distribution socket server submitting connection request to according to this numerical value, wherein this numerical value is that the overall situation is unique, i.e. connection identifier (CID.Described user totem information comprises: the user name of login user, the machine hardware mark of A non logged-on user.

Socket server connects described distributor, push server and multiple browser client, for receiving described connection identifier (CID from described multiple browser client and verify, keep according to the result or disconnect the connection between described multiple browser client, and for described command information is transmitted to described destination client from push server.This checking refers to that the described socket server of checking receives connection identifier (CID from the browser client of described submission request and whether is kept at described buffer, if there is preservation, then the result is legal, otherwise is illegal.

Wherein said connection is that TCP connects, if described socket server to the result of described connection identifier (CID for passing through, then the connection of having set up described in keeping, if do not passed through, then disconnects described connection.

Above-mentioned buffer discharges after preserving the first predetermined amount of time to the information be buffered in wherein.If in second predetermined amount of time of described browser client after connecting with described socket server, described browser client does not send described connection identifier (CID to described socket server, then described socket server disconnects the connection of described foundation.

Browser client is when setting up the connection with described socket server, and described socket server obtains the resource identifier identifying socket server and browser client annexation.

Above-mentioned destination client is the client in multiple described browser client.

According to one more embodiment of the present invention, additionally provide a kind of distributor for distributing multiple socket server, Figure 11 is the structured flowchart of this distributor.With reference to Figure 11, this distributor comprises: receiver 1101, for receiving the connection request that browser client sends; Distributor 1102, for being that this browser client distributes socket server according to this connection request, and distributes overall unique connection identifier (CID for this connection; Transmitter 1103, for being sent to described browser client by the link information of distributed socket server and this connection identifier (CID; Buffer 1104, the information relevant to this connection request for buffer memory and this connection identifier (CID; And 1105 databases, for after described connection identifier (CID is proved to be successful, store information, the connection identifier (CID relevant to this connection request, the mark socket server that socket server obtains and the resource identifier of browser client annexation.Wherein buffer 1104 discharges after preserving the first predetermined amount of time to the information be buffered in wherein.

According to one more embodiment of the present invention, additionally provide a kind of method for distributing multiple socket server, Figure 12 is the flow chart of the method.With reference to Figure 12, the method comprising the steps of: step 1201, receives the connection request that browser client sends; Step 1202 according to this connection request for this browser client distributes socket server, and is the overall unique connection identifier (CID of this connection distribution; Step 1203, is sent to described browser client by the link information of distributed socket server and this connection identifier (CID; Step 1204, the information that buffer memory is relevant to this connection request in both the buffers and this connection identifier (CID; And step 1205, after described connection identifier (CID is proved to be successful, store information, connection identifier (CID, mark socket server that socket server obtain and the resource identifier of browser client annexation relevant to this connection request in a database.

Wherein, buffer discharges after preserving the first predetermined amount of time to the information be buffered in wherein.

Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.

In specification provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.

Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.

Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.

In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary compound mode.

All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the relevant device of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.

The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.

A1, a kind of system preventing malice from connecting are disclosed herein, this system comprises: browser client, for sending connection request to distributor, to ask to connect with socket server, and connect with corresponding socket server according to the distribution of described distributor; Distributor, for receiving the connection request that browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described browser client by distributor, and are cached in buffer by the information relevant to this connection request and this connection identifier (CID; Socket server, for receiving described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.A2, system according to A1, wherein, described browser client to connect with corresponding socket server according to the distribution of described distributor and comprises: described browser client connects according to the described link information received from distributor and connection identifier (CID and described socket server.A3, system according to A2, wherein, described connection is that transmission control protocol TCP connects, if described socket server to the result of described connection identifier (CID for passing through, the connection of having set up described in then keeping, if do not passed through, then disconnects described connection.A4, system according to any one of A1-A3, wherein, described buffer discharges after preserving the first predetermined amount of time to the information be buffered in wherein.A5, system according to A4, wherein, if in second predetermined amount of time of described browser client after connecting with described socket server, described browser client does not send described connection identifier (CID to described socket server, then described socket server disconnects the connection of described foundation.A6, system according to A1, wherein, described distributor is this browser client distribution socket server according to this connection request, and comprise for this connection distributes the unique connection identifier (CID of the overall situation: described distributor uses preset algorithm to carry out calculating connection identifier (CID according to the user totem information comprised in the connection request received from browser client, is submit to the browser client of connection request to distribute socket server according to this connection identifier (CID.A7, system according to A1, wherein, described browser client is when setting up the connection with described socket server, and described socket server obtains the resource identifier identifying this socket server and browser client annexation.A8, system according to A1, wherein, described socket server is after being proved to be successful connection identifier (CID, from described buffer, extract information, the connection identifier (CID relevant to this connection request, by the information that extracts together with obtained resource identifier in the lump stored in the database of distributor.A9, system according to A8, wherein, described user totem information comprises: the user name of login user, the machine hardware mark of A non logged-on user.A10, system according to A4, wherein, described checking refers to that the described socket server of checking receives connection identifier (CID from the browser client of described submission request and whether is kept at described buffer, if there is preservation, then the result is legal, otherwise is illegal.A11, system according to any one of A1-A10, wherein, this system comprises cloud storage server end and push server further, wherein: described cloud storage server end, for issuing conditional information and command information when there being Data Update to described push server; Described push server, for determining destination client according to this conditional information, and sends to described destination client by described socket server by described command information; And described destination client, for realizing the data syn-chronization of itself and cloud storage server end according to described command information, described destination client is the client in multiple described browser client.

Disclosed herein is B12, a kind of method preventing malice from connecting, the method comprises: browser client sends connection request to distributor, to ask to connect with socket server; Distributor receives the connection request that browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described browser client by distributor, and are cached in buffer by the information relevant to this connection request and this connection identifier (CID; Described browser client connects with corresponding socket server according to the distribution of described distributor; Socket server receives described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.B13, method according to B12, wherein, described browser client to connect with corresponding socket server according to the distribution of described distributor and comprises: described browser client connects according to the described link information received from distributor and connection identifier (CID and described socket server.B14, method according to B13, wherein, described connection is that transmission control protocol TCP connects, and the method comprises step further: if described socket server to the result of described connection identifier (CID for passing through, the connection of having set up described in then keeping, if do not passed through, then disconnect described connection.B15, method according to any one of B12-B14, wherein, the method comprises step further: described buffer discharges after preserving the first predetermined amount of time to the information be buffered in wherein.B16, method according to B15, wherein, the method comprises step further: if in second predetermined amount of time of described browser client after connecting with described socket server, described browser client does not send described connection identifier (CID to described socket server, then described socket server disconnects the connection of described foundation.B17, method according to B12, wherein, described distributor is this browser client distribution socket server according to this connection request, and comprise for this connection distributes the unique connection identifier (CID of the overall situation: described distributor uses preset algorithm to carry out calculating connection identifier (CID according to the user totem information comprised in the connection request received from browser client, is submit to the browser client of connection request to distribute socket server according to this connection identifier (CID.B18, method according to B12, wherein, the method comprises step further: described browser client is when setting up the connection with described socket server, and described socket server obtains the resource identifier identifying this socket server and browser client annexation.B19, method according to B12, wherein, the method comprises step further: described socket server is after being proved to be successful connection identifier (CID, from described buffer, extract information, the connection identifier (CID relevant to this connection request, by the information that extracts together with obtained resource identifier in the lump stored in the database of distributor.B20, method according to B19, wherein, described user totem information comprises: the user name of login user, the machine hardware mark of A non logged-on user.B21, method according to B15, wherein, described checking refers to whether the described socket server of checking is kept at described buffer, if there is preservation from the described connection identifier (CID submitting to the browser client of request to receive, then the result is legal, otherwise is illegal.B22, method according to any one of B12-B21, wherein, the method comprises step further: described cloud storage server end issues conditional information and command information when there being Data Update to described push server; Described push server determines destination client according to this conditional information, and by described socket server, described command information is sent to described destination client; And described destination client realizes the data syn-chronization of itself and cloud storage server end according to described command information, described destination client is the client in multiple described browser client.

The system preventing malice from connecting is disclosed herein in C23, a kind of browser real-time synchronization, this system comprises cloud storage server end, push server and multiple browser client, distributor and socket server, wherein: described cloud storage server end, for issuing conditional information and command information when there being Data Update to described push server; Described push server, for determining destination client according to this conditional information in described multiple browser client, and sends to described destination client by socket server by described command information; And described destination client, for realizing the data syn-chronization of itself and cloud storage server end according to described command information; Distributor, it connects described multiple browser client and socket server, carry out with socket server the connection request that is connected for what receive that described multiple browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described multiple browser client by distributor, and are cached in buffer by the information relevant to connection request and this connection identifier (CID; Socket server, it connects described distributor, push server and multiple browser client, for receiving described connection identifier (CID from described multiple browser client and verify, keep according to the result or disconnect the connection between described multiple browser client, and for described command information is transmitted to described destination client from push server.

Claims

1. prevent the system that malice connects, this system comprises:

Browser client, for sending connection request to distributor, to ask to connect with socket server, and connects with corresponding socket server according to the distribution of described distributor;

Distributor, for receiving the connection request that browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described browser client by distributor, and are cached in buffer by the information relevant to this connection request and this connection identifier (CID;

Socket server, for receiving described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.

2. system according to claim 1, wherein, described browser client to connect with corresponding socket server according to the distribution of described distributor and comprises: described browser client connects according to the described link information received from distributor and connection identifier (CID and described socket server.

3. system according to claim 2, wherein, described connection is that transmission control protocol TCP connects, if described socket server to the result of described connection identifier (CID for passing through, then keep the described connection of having set up, if do not passed through, then disconnect described connection.

4. system according to claim 1, wherein, described buffer discharges after preserving the first predetermined amount of time to the information be buffered in wherein.

5. system according to claim 4, wherein, if in second predetermined amount of time of described browser client after connecting with described socket server, described browser client does not send described connection identifier (CID to described socket server, then described socket server disconnects the connection of described foundation.

6. system according to claim 1, wherein, described distributor is this browser client distribution socket server according to this connection request, and comprise for this connection distributes the unique connection identifier (CID of the overall situation: described distributor uses preset algorithm to carry out calculating connection identifier (CID according to the user totem information comprised in the connection request received from browser client, is submit to the browser client of connection request to distribute socket server according to this connection identifier (CID.

7. system according to claim 1, wherein, described browser client is when setting up the connection with described socket server, and described socket server obtains the resource identifier identifying this socket server and browser client annexation.

8. system according to claim 1, wherein, described socket server is after being proved to be successful connection identifier (CID, from described buffer, extract information, the connection identifier (CID relevant to this connection request, by the information that extracts together with obtained resource identifier in the lump stored in the database of distributor.

9. system according to claim 6, wherein, described user totem information comprises: the user name of login user, the machine hardware mark of A non logged-on user.

10. system according to claim 4, wherein, described checking refers to whether the described socket server of checking is kept at described buffer, if there is preservation from submitting to the browser client of request to receive connection identifier (CID, then the result is legal, otherwise is illegal.

11. systems according to any one of claim 1-10, wherein, this system comprises cloud storage server end and push server further, wherein:

Described cloud storage server end, for issuing conditional information and command information when there being Data Update to described push server;

Described push server, for determining destination client according to this conditional information, and sends to described destination client by described socket server by described command information;

And described destination client, for realizing the data syn-chronization of itself and cloud storage server end according to described command information, described destination client is the client in multiple described browser client.

12. 1 kinds of methods preventing malice from connecting, the method comprises:

Browser client sends connection request to distributor, to ask to connect with socket server;

Distributor receives the connection request that browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described browser client by distributor, and are cached in buffer by the information relevant to this connection request and this connection identifier (CID;

Described browser client connects with corresponding socket server according to the distribution of described distributor;

Socket server receives described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.

13. methods according to claim 12, wherein, described browser client to connect with corresponding socket server according to the distribution of described distributor and comprises: described browser client connects according to the described link information received from distributor and connection identifier (CID and described socket server.

14. methods according to claim 13, wherein, described connection is that transmission control protocol TCP connects, and the method comprises step further: if described socket server to the result of described connection identifier (CID for passing through, then keep the described connection of having set up, if do not passed through, then disconnect described connection.

15. methods according to claim 12, wherein, the method comprises step further: described buffer discharges after preserving the first predetermined amount of time to the information be buffered in wherein.

16. methods according to claim 15, wherein, the method comprises step further: if in second predetermined amount of time of described browser client after connecting with described socket server, described browser client does not send described connection identifier (CID to described socket server, then described socket server disconnects the connection of described foundation.

17. methods according to claim 12, wherein, described distributor is this browser client distribution socket server according to this connection request, and comprises for this connection distributes the unique connection identifier (CID of the overall situation:

Described distributor uses preset algorithm to carry out calculating connection identifier (CID according to the user totem information comprised in the connection request received from browser client, is submit to the browser client of connection request to distribute socket server according to this connection identifier (CID.

18. methods according to claim 12, wherein, the method comprises step further: described browser client is when setting up the connection with described socket server, and described socket server obtains the resource identifier identifying this socket server and browser client annexation.

19. methods according to claim 12, wherein, the method comprises step further:

Described socket server, after being proved to be successful connection identifier (CID, extracts information, the connection identifier (CID relevant to this connection request from described buffer, by the information that extracts together with obtained resource identifier in the lump stored in the database of distributor.

20. methods according to claim 17, wherein, described user totem information comprises: the user name of login user, the machine hardware mark of A non logged-on user.

21. methods according to claim 15, wherein, described checking refers to whether the described socket server of checking is kept at described buffer, if there is preservation from the connection identifier (CID submitting to the browser client of request to receive, then the result is legal, otherwise is illegal.

22. methods according to any one of claim 12-21, wherein, the method comprises step further:

Cloud storage server end issues conditional information and command information when there being Data Update to push server;

Described push server determines destination client according to this conditional information, and by described socket server, described command information is sent to described destination client;

And described destination client realizes the data syn-chronization of itself and cloud storage server end according to described command information, described destination client is the client in multiple described browser client.

Prevent the system that malice connects in 23. 1 kinds of browser real-time synchronizations, this system comprises cloud storage server end, push server and multiple browser client, distributor and socket server, wherein:

Described push server, for determining destination client according to this conditional information in described multiple browser client, and sends to described destination client by socket server by described command information;

And described destination client, for realizing the data syn-chronization of itself and cloud storage server end according to described command information;

Distributor, it connects described multiple browser client and socket server, carry out with socket server the connection request that is connected for what receive that described multiple browser client sends, and according to this connection request for this browser client distributes socket server, and be the overall unique connection identifier (CID of this connection distribution, the link information of distributed socket server and this connection identifier (CID are sent to described multiple browser client by distributor, and are cached in buffer by the information relevant to connection request and this connection identifier (CID;

Socket server, it connects described distributor, push server and multiple browser client, for receiving described connection identifier (CID from described multiple browser client and verify, keep according to the result or disconnect the connection between described multiple browser client, and for described command information is transmitted to described destination client from push server.