Summary of the invention
The application's technical problem to be solved provides a kind of data transmission method, Apparatus and system, and in order to solving in the existing data transmission scheme, when realizing the transport layer data safe transmission, cost is higher, technical problem that can't extensive use.
A kind of data transmission method is applied to first terminal, and described method comprises:
Obtain the second encryption key of the second terminal;
According to the rule of obscuring that sets in advance, data to be sent are carried out data obfuscation obtain obfuscated data;
Adopt described the second encryption key to be encrypted described obfuscated data, obtain enciphered data;
Described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data.
Said method, preferred, described foundation sets in advance obscures rule, data to be sent is carried out data obfuscation obtain that obfuscated data comprises:
Obtain random data;
Described random data is added in the described data to be sent according to the interpolation rule that sets in advance, obtains obfuscated data.
Said method, preferred, described obtain random data before, described method also comprises:
Identification information to described data to be sent is resolved, and obtains analysis result;
According to described analysis result, extract legal data in the described data to be sent as current data to be sent.
Said method, preferred, describedly adopt described the second encryption key to be encrypted as sequence described obfuscated data, obtain enciphered data and comprise:
Extract the initial character segment data in the described obfuscated data;
Wherein, described initial character segment data comprises at least one character data;
Adopt described the second encryption key that described initial character segment data is encrypted;
Extract in the described obfuscated data the character late segment data of encrypted characters segment data as the current character segment data;
Adopt described the second encryption key that described current character segment data is encrypted;
Judge whether the character field data length of having encrypted in the described obfuscated data satisfies default the first key updating rule, if, according to described the first key updating rule described the second encryption key is upgraded, the second encryption key that obtains upgrading, and adopt the second encryption key that upgrades successively not encrypted character field data in the described obfuscated data to be encrypted, obtain enciphered data, otherwise, return in the described obfuscated data of described extraction the character late segment data of encrypted characters segment data as the current character segment data, until the encrypted characters segment data length in the described obfuscated data satisfies default the first key updating rule.
The application also provides another kind of data transmission method, is applied to the second terminal, and described method comprises:
Obtain the second encryption key of the second terminal;
Obtain first terminal by the enciphered data of physical connection link transmission;
Adopt described the second encryption key to be decrypted to described enciphered data, obtain data decryption;
According to the antialiasing rule that sets in advance, described data decryption is carried out data preparation obtain restoring data.
Said method, preferred, describedly adopt described the second encryption key to be decrypted to described enciphered data, obtaining, data decryption comprises:
Extract the initial character segment data in the described enciphered data;
Wherein, described initial character end data just comprises a character data;
Adopt described the second encryption key that described initial character segment data is decrypted;
Extract deciphered the character segment data in the described enciphered data the character late segment data as the current character segment data;
Adopt described the second encryption key that described current character segment data is decrypted;
Whether the length of judging the character field data of having deciphered in the described enciphered data satisfies default the second key updating rule, if, according to described the second key updating rule described the second encryption key is upgraded, the second encryption key that obtains upgrading, and adopt the second encryption key that upgrades successively character field data not decrypted in the described enciphered data to be decrypted, obtain data decryption, otherwise, return deciphered the character segment data in the described enciphered data of described extraction the character late segment data as the current character segment data, until the character segment data length of deciphering in the described enciphered data satisfies default the second key updating rule.
Said method, preferred, the antialiasing rule that described foundation sets in advance, described data decryption is carried out data preparation obtain that restoring data comprises:
Delete the random data in the described data decryption, obtain restoring data.
Said method, preferred, described obtain restoring data after, described method also comprises:
Judge whether described restoring data satisfies default data storage rule, if so, described restoring data is inserted in described the second terminal, otherwise, again obtain the second encryption key of described the second terminal, until described restoring data satisfies described data storage rule.
The application also provides a kind of first data transmission device, is applied to first terminal, and described device comprises:
The first key acquiring unit is for the second encryption key that obtains the second terminal;
The data obfuscation unit is used for data to be sent being carried out data obfuscation obtaining obfuscated data according to the rule of obscuring that sets in advance;
DEU data encryption unit is used for adopting described the second encryption key to be encrypted described obfuscated data, obtains enciphered data;
Data transmission unit is used for described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data.
The application also provides a kind of data transmission device, is applied to the second terminal, and described device comprises:
The second key acquiring unit is for the second encryption key that obtains the second terminal;
Data capture unit is used for obtaining described first terminal by the enciphered data of physical connection link transmission;
Data decryption unit is used for adopting described the second encryption key to be decrypted to described enciphered data, obtains data decryption;
The data preparation unit is used for described data decryption being carried out data preparation obtaining restoring data according to the antialiasing rule that sets in advance.
The application also provides a kind of data transmission system, comprises first data transmission device as described above, and the second data transmission device as described above.
By such scheme as can be known, a kind of data transmission method that the application provides and first data transmission device, be applied to first terminal, by obtaining the second encryption key of the second terminal, according to the rule of obscuring that sets in advance, data to be sent are carried out data obfuscation obtain obfuscated data, adopt described the second encryption key to be encrypted as sequence described obfuscated data, obtain enciphered data, described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data, thereby guarantee the safe transmission in the transport layer of data between first terminal and the second terminal, simultaneously, the application does not increase hardware cost, utilize the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
By such scheme as can be known, a kind of data transmission method that the application provides and the second data transmission device, be applied to the second terminal, by obtaining the second encryption key of the second terminal, obtain described first terminal by the enciphered data of physical connection link transmission, adopt described the second encryption key to be decrypted to described enciphered data, obtain data decryption, according to the antialiasing rule that sets in advance, described data decryption is carried out data preparation obtain restoring data, thereby guarantee the safe transmission in the transport layer of data between first terminal and the second terminal, simultaneously, the application does not increase hardware cost, utilizes the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
By such scheme as can be known, a kind of data transmission system that the application provides, by obtaining the second encryption key of the second terminal, according to the rule of obscuring that sets in advance, data to be sent are carried out data obfuscation obtain obfuscated data, adopt described the second encryption key to be encrypted as sequence described obfuscated data, obtain enciphered data, described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data, and by obtaining the second encryption key of the second terminal, obtain described first terminal by the enciphered data of physical connection link transmission, adopt described the second encryption key to be decrypted to described enciphered data, obtain data decryption, according to the antialiasing rule that sets in advance, described data decryption is carried out data preparation obtain restoring data, thereby so that data are in the safe transmission that can guarantee when first terminal transfers to the second terminal transport layer, simultaneously, the application does not increase hardware cost, utilize the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is clearly and completely described, obviously, described embodiment only is the application's part embodiment, rather than whole embodiment.Based on the embodiment among the application, those of ordinary skills are not making the every other embodiment that obtains under the creative work prerequisite, all belong to the scope of the application's protection.
With reference to figure 1, it shows the flow chart of a kind of data transmission method that the embodiment of the present application one provides, and described method is applied to first terminal, and described method can may further comprise the steps:
Step 101: the second encryption key that obtains the second terminal.
Need to prove, described step 101 specifically can realize in the following manner:
The Handshake Protocol of triggering between described first terminal and described the second terminal;
Obtain the encryption key of described the second terminal, i.e. described the second encryption key.
Preferably, described to execute the second encryption key that obtains behind the Handshake Protocol not identical at every turn, and namely described the second encryption key is Dynamic Acquisition, has increased the fail safe of transfer of data.
Step 102: according to the rule of obscuring that sets in advance, data to be sent are carried out data obfuscation obtain obfuscated data.
Wherein, describedly obscure rule and comprise: the order of each character field data in the described data to be sent is put upside down, obtained the data to be sent of inverted order;
Or, to adding default incremental data in the described data to be sent, obtain new data to be sent etc.
Step 103: adopt described the second encryption key to be encrypted described obfuscated data, obtain enciphered data.
Need to prove, described obfuscated data is comprised of a plurality of character field data on its basic structure, and each described character field data comprises at least one character data.Described step 103 is specially:
Adopt successively described the second encryption key to be encrypted a plurality of character field data in the described obfuscated data, obtain enciphered data.
Step 104: described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data.
Wherein, described physical connection link is specially existing PC hardware, such as: netting twine and/or optical fiber etc.
By such scheme as can be known, a kind of data transmission method that the embodiment of the present application one provides, be applied to first terminal, by obtaining the second encryption key of the second terminal, according to the rule of obscuring that sets in advance, data to be sent are carried out data obfuscation obtain obfuscated data, adopt described the second encryption key to be encrypted as sequence described obfuscated data, obtain enciphered data, described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data, thereby guarantee the safe transmission in the transport layer of data between first terminal and the second terminal, simultaneously, the application does not increase hardware cost, utilizes the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
Preferably, with reference to figure 2, it shows the part flow chart of a kind of data transmission method that the embodiment of the present application two provides, and described step 102 can may further comprise the steps:
Step 201: obtain random data.
Need to prove, described random data comprises the identification characters such as numeral and/or letter.
Step 202: described random data is added in the described data to be sent according to the interpolation rule that sets in advance, obtains obfuscated data.
Wherein, the described interpolation rule that sets in advance comprises:
Described random data is added into before the initial character in the described data to be sent;
Or described random data is added into after the last character in the described data to be sent;
Or described random data is divided at least two character fields, and described character field is all had between each character or character field that is added into described data to be sent.
By such scheme as can be known, a kind of data transmission method that the embodiment of the present application two provides, be applied to first terminal, by obtaining the second encryption key of the second terminal, obtain random data, described random data is added in the described data to be sent according to the interpolation rule that sets in advance, obtain obfuscated data, adopt described the second encryption key to be encrypted as sequence described obfuscated data, obtain enciphered data, described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data, thereby guarantee the safe transmission in the transport layer of data between first terminal and the second terminal, simultaneously, the application does not increase hardware cost, utilize the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
Preferably, with reference to figure 3, it shows another part flow chart of a kind of data transmission method that the embodiment of the present application two provides, and after described step 101, before described step 201, described method is further comprising the steps of:
Step S301: the identification information to described data to be sent is resolved, and obtains analysis result;
Wherein, described identification information comprises communication protocol, content, source information and the destination information of described data to be sent.
Described step S301 specifically comprises:
Communication protocol, content, source information and destination information to described data to be sent are resolved, and obtain analysis result.
Step S302: according to described analysis result, extract legal data in the described data to be sent as current data to be sent.
Need to prove, described analysis result shows in the described data to be sent and comprises legal data and invalid data, wherein, described legal data are the data that need and be allowed to transfer to described the second terminal in the described first terminal, and described invalid data is the data that are not allowed to transfer to described the second terminal in the described first terminal.
From the above, among the described step S302 by the legal data in the described data to be sent are extracted as current data to be sent, the invalid data of rejecting in the described data to be sent does not transmit, by subsequent step with described current transfer of data to be sent to described the second data terminal, further guaranteed described first terminal not by divulging a secret property, thereby ensured Security Data Transmission between first terminal and the second terminal.
With reference to figure 4, it shows the part flow chart of a kind of data transmission method that the embodiment of the present application three provides, and described step 103 can may further comprise the steps:
Step 401: extract the initial character segment data in the described obfuscated data.
Wherein, described initial character segment data comprises at least one character data;
Step 402: adopt described the second encryption key that described initial character segment data is encrypted.
Need to prove, described obfuscated data is comprised of a plurality of character datas or character field data.
Step 403: extract in the described obfuscated data the character late segment data of encrypted characters segment data as the current character segment data.
Preferably, the length of described character field data is for setting in advance or arranging in the process of implementation in the scheme that the application provides.
Step 404: adopt described the second encryption key that described current character segment data is encrypted.
Preferably, the implementation that in described step 402 and the described step 404 described character field data is encrypted can be identical.
Step 405: judge whether the character field data length of having encrypted in the described obfuscated data satisfies default the first key updating rule, if, execution in step 406, otherwise, return and carry out described step 403, until the character field data length of having encrypted in the described obfuscated data satisfies default the first key updating rule.
Preferably, described the first key updating rule comprises:
The character field data length of having encrypted in the described obfuscated data reaches default value.
Wherein, described default value can for setting in advance, can also arrange in the embodiment of the present application scheme implementation.
Step 406: described the second encryption key is upgraded the second encryption key that obtains upgrading, execution in step 407 according to described the first key updating rule.
Preferably, the embodiment of the present application when transmitting a certain data to be sent at every turn, and the second encryption key is carried out update scheme can be different.Be that being updated to of described the second encryption key dynamically updates, each rule of upgrading can be identical, and the second encryption key after upgrading is different.
Step 407: adopt the second encryption key of described renewal successively not encrypted character field data in the described obfuscated data to be encrypted, obtain enciphered data.
By such scheme as can be known, a kind of data transmission method that the embodiment of the present application three provides, be applied to first terminal, by obtaining the second encryption key of the second terminal, according to the rule of obscuring that sets in advance, data to be sent are carried out data obfuscation obtain obfuscated data, successively each character field data in the described obfuscated data are encrypted, and the character field data length of having encrypted in described obfuscated data is when satisfying the first key updating rule, upgrade the second encryption key, adopt the second encryption key that upgrades that not encrypted character field data in the described obfuscated data are encrypted, obtain enciphered data, described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data, thereby further guarantee the safe transmission in the transport layer of data between first terminal and the second terminal, simultaneously, the application does not increase hardware cost, utilize the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
With reference to figure 5, it shows the flow chart of a kind of data transmission method that the embodiment of the present application four provides, and described method can may further comprise the steps:
Step 501: the second encryption key that obtains the second terminal.
Need to prove, described step 501 specifically can realize in the following manner:
The Handshake Protocol of triggering between described first terminal and described the second terminal;
Obtain the encryption key of described the second terminal, i.e. described the second encryption key.
Preferably, described to execute the second encryption key that obtains behind the Handshake Protocol not identical at every turn, and namely described the second encryption key is Dynamic Acquisition, has increased the fail safe of transfer of data.
Step 502: obtain described first terminal by the enciphered data of physical connection link transmission.
Wherein, described physical connection link is specially existing PC hardware, such as: netting twine and/or optical fiber etc.
Step 503: adopt described the second encryption key to be decrypted to described enciphered data, obtain data decryption.
Need to prove, described enciphered data is comprised of the character field data of a plurality of encryptions, and described step 503 is specially:
Adopt successively described the second encryption key to be decrypted to a plurality of character field data of having encrypted in the described enciphered data, obtain data decryption.
Step 504: according to the antialiasing rule that sets in advance, described data decryption is carried out data preparation obtain restoring data.
Wherein, described antialiasing rule comprises: the order of each character field data in the described data decryption is put in order, obtain the tactic restoring data of its character field data;
Or, delete the incremental data in the described data decryption, obtain restoring data etc.
Preferably, described step 504 specifically comprises:
Delete the random data in the described data decryption, obtain restoring data.
By such scheme as can be known, a kind of data transmission method that the embodiment of the present application four provides, be applied to the second terminal, by obtaining the second encryption key of the second terminal, obtain described first terminal by the enciphered data of physical connection link transmission, adopt described the second encryption key to be decrypted to described enciphered data, obtain data decryption, according to the antialiasing rule that sets in advance, described data decryption is carried out data preparation obtain restoring data, thereby guarantee the safe transmission in the transport layer of data between first terminal and the second terminal, simultaneously, the application does not increase hardware cost, utilizes the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
Preferably, after described step 504, described method also comprises:
Judge whether described restoring data satisfies default data storage rule, if so, described restoring data is inserted in described the second terminal, otherwise, again obtain the second encryption key of described the second terminal, until described restoring data satisfies described data storage rule.
Need to prove, described data storage rule comprises: described restoring data meets predefined data structure feature.
Wherein, if described restoring data satisfies described data storage rule, illustrate that the embodiment of the present application has realized the safe transmission of data, do not stolen by the third party or inject invalid data, at this moment, described restoring data is inserted in described the second terminal; If described restoring data does not satisfy described data storage rule, illustrate that the embodiment of the present application is when carrying out transfer of data, carried out data theft or injected invalid data by the third party, at this moment, again obtain the second encryption key of described the second terminal, until describedly satisfy described data storage rule with restoring data, concrete, again trigger the Handshake Protocol between described first terminal and the second terminal, obtain the second encryption key of described the second terminal.
With reference to figure 6, it shows the part flow chart of a kind of data transmission method that the embodiment of the present application five provides, and described step 503 can may further comprise the steps:
Step 601: extract the initial character segment data in the described enciphered data;
Wherein, described initial character end data just comprises a character data;
Step 602: adopt described the second encryption key that described initial character segment data is decrypted.
Need to prove, described enciphered data is comprised of a plurality of character datas or character field data.
Step 603: extract deciphered the character segment data in the described enciphered data the character late segment data as the current character segment data;
Preferably, the length of described character field data is for setting in advance or arranging in the process of implementation in the scheme that the application provides.
Step 604: adopt described the second encryption key that described current character segment data is decrypted;
Preferably, the implementation that in described step 602 and the described step 604 described character field data is decrypted can be identical.
Step 605: whether the length of judging the character field data of having deciphered in the described enciphered data satisfies default the second key updating rule, if, execution in step 606, otherwise, return described step 603, until the character segment data length of deciphering in the described enciphered data satisfies default the second key updating rule
Preferably, described the second key updating rule comprises:
The character field data length of having deciphered in the described enciphered data reaches default value.
Wherein, described default value can for setting in advance, can also arrange in the embodiment of the present application scheme implementation.
Step 606: described the second encryption key is upgraded the second encryption key that obtains upgrading, execution in step 607 according to described the second key updating rule;
Preferably, the embodiment of the present application when being decrypted a certain enciphered data at every turn, and the second encryption key is carried out update scheme can be different.Be that being updated to of described the second encryption key dynamically updates, each rule of upgrading can be identical, and the second encryption key after upgrading is different.
Step 607: adopt the second encryption key that upgrades successively character field data not decrypted in the described enciphered data to be decrypted, obtain data decryption,
By such scheme as can be known, a kind of data transmission method that the embodiment of the present application five provides, be applied to the second terminal, by obtaining the second encryption key of the second terminal, obtain described first terminal by the enciphered data of physical connection link transmission, successively each character field data in the described enciphered data are decrypted, and the character field data length of having deciphered in described enciphered data is when satisfying the second key updating rule, upgrade the second encryption key, adopt the second encryption key that upgrades that character field data not decrypted in the described enciphered data are decrypted, obtain data decryption, according to the antialiasing rule that sets in advance, described data decryption is carried out data preparation obtain restoring data, thereby guarantee the safe transmission in the transport layer of data between first terminal and the second terminal, simultaneously, the application does not increase hardware cost, utilize the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
With reference to figure 7, it shows the structural representation of a kind of first data transmission device that the embodiment of the present application six provides, and described data transmission device is applied to first terminal, comprising:
The first key acquiring unit 701 is for the second encryption key that obtains the second terminal.
Need to prove, described the first key acquiring unit 701 specifically is used for:
The Handshake Protocol of triggering between described first terminal and described the second terminal;
Obtain the encryption key of described the second terminal, i.e. described the second encryption key.
Preferably, described to execute the second encryption key that obtains behind the Handshake Protocol not identical at every turn, and namely described the second encryption key is Dynamic Acquisition, has increased the fail safe of transfer of data.
Data obfuscation unit 702 is used for data to be sent being carried out data obfuscation obtaining obfuscated data according to the rule of obscuring that sets in advance.
Wherein, describedly obscure rule and comprise: the order of each character field data in the described data to be sent is put upside down, obtained the data to be sent of inverted order;
Or, to adding default incremental data in the described data to be sent, obtain new data to be sent etc.
Preferably, described data obfuscation unit 702 specifically is used for:
Obtain random data;
Described random data is added in the described data to be sent according to the interpolation rule that sets in advance, obtains obfuscated data.
Need to prove, described random data comprises the identification characters such as numeral and/or letter.
Wherein, the described interpolation rule that sets in advance comprises:
Described random data is added into before the initial character in the described data to be sent;
Or described random data is added into after the last character in the described data to be sent;
Or described random data is divided at least two character fields, and described character field is all had between each character or character field that is added into described data to be sent.
DEU data encryption unit 703 is used for adopting described the second encryption key to be encrypted described obfuscated data, obtains enciphered data.
Need to prove, described obfuscated data is comprised of a plurality of character field data on its basic structure, and each described character field data comprises at least one character data.Described DEU data encryption unit 703 specifically is used for:
Adopt successively described the second encryption key to be encrypted a plurality of character field data in the described obfuscated data, obtain enciphered data.
Preferably, described DEU data encryption unit 703 specifically is used for:
Extract the initial character segment data in the described obfuscated data;
Wherein, described initial character segment data comprises at least one character data;
Adopt described the second encryption key that described initial character segment data is encrypted;
Extract in the described obfuscated data the character late segment data of encrypted characters segment data as the current character segment data;
Adopt described the second encryption key that described current character segment data is encrypted;
Judge whether the character field data length of having encrypted in the described obfuscated data satisfies default the first key updating rule, if, according to described the first key updating rule described the second encryption key is upgraded, the second encryption key that obtains upgrading, and adopt the second encryption key that upgrades successively not encrypted character field data in the described obfuscated data to be encrypted, obtain enciphered data, otherwise, return in the described obfuscated data of described extraction the character late segment data of encrypted characters segment data as the current character segment data, until the encrypted characters segment data length in the described obfuscated data satisfies default the first key updating rule.
Need to prove, described obfuscated data is comprised of a plurality of character datas or character field data.
Preferably, the length of described character field data is for setting in advance or arranging in the process of implementation in the scheme that the application provides.
Preferably, described the first key updating rule comprises:
The character field data length of having encrypted in the described obfuscated data reaches default value.
Wherein, described default value can for setting in advance, can also arrange in the embodiment of the present application scheme implementation.
Preferably, the embodiment of the present application when transmitting a certain data to be sent at every turn, and the second encryption key is carried out update scheme can be different.Be that being updated to of described the second encryption key dynamically updates, each rule of upgrading can be identical, and the second encryption key after upgrading is different.
Data transmission unit 704 is used for described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data.
Wherein, described physical connection link is specially existing PC hardware, such as: netting twine and/or optical fiber etc.
By such scheme as can be known, a kind of first data transmission device that the embodiment of the present application six provides, be applied to first terminal, by obtaining the second encryption key of the second terminal, according to the rule of obscuring that sets in advance, data to be sent are carried out data obfuscation obtain obfuscated data, adopt described the second encryption key to be encrypted as sequence described obfuscated data, obtain enciphered data, described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data, thereby guarantee the safe transmission in the transport layer of data between first terminal and the second terminal, simultaneously, the application does not increase hardware cost, utilizes the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
With reference to figure 8, the structural representation that it shows a kind of the second data transmission device that the embodiment of the present application seven provides is applied to the second terminal, and described device comprises:
The second key acquiring unit 801 is for the second encryption key that obtains the second terminal;
Need to prove, described the second key acquiring unit 801 specifically is used for:
The Handshake Protocol of triggering between described first terminal and described the second terminal;
Obtain the encryption key of described the second terminal, i.e. described the second encryption key.
Preferably, described to execute the second encryption key that obtains behind the Handshake Protocol not identical at every turn, and namely described the second encryption key is Dynamic Acquisition, has increased the fail safe of transfer of data.
Data capture unit 802 is used for obtaining described first terminal by the enciphered data of physical connection link transmission;
Wherein, described physical connection link is specially existing PC hardware, such as: netting twine and/or optical fiber etc.
Data decryption unit 803 is used for adopting described the second encryption key to be decrypted to described enciphered data, obtains data decryption;
Need to prove, described enciphered data is comprised of the character field data of a plurality of encryptions, and described data decryption unit 803 specifically is used for:
Adopt successively described the second encryption key to be decrypted to a plurality of character field data of having encrypted in the described enciphered data, obtain data decryption.
Preferably, described data decryption unit 803 specifically is used for:
Extract the initial character segment data in the described enciphered data;
Wherein, described initial character end data just comprises a character data;
Adopt described the second encryption key that described initial character segment data is decrypted;
Extract deciphered the character segment data in the described enciphered data the character late segment data as the current character segment data;
Adopt described the second encryption key that described current character segment data is decrypted;
Whether the length of judging the character field data of having deciphered in the described enciphered data satisfies default the second key updating rule, if, according to described the second key updating rule described the second encryption key is upgraded, the second encryption key that obtains upgrading, and adopt the second encryption key that upgrades successively character field data not decrypted in the described enciphered data to be decrypted, obtain data decryption, otherwise, return deciphered the character segment data in the described enciphered data of described extraction the character late segment data as the current character segment data, until the character segment data length of deciphering in the described enciphered data satisfies default the second key updating rule.
Need to prove, described enciphered data is comprised of a plurality of character datas or character field data.
Preferably, the length of described character field data is for setting in advance or arranging in the process of implementation in the scheme that the application provides.
Preferably, described the second key updating rule comprises:
The character field data length of having deciphered in the described enciphered data reaches default value.
Wherein, described default value can for setting in advance, can also arrange in the embodiment of the present application scheme implementation.
Preferably, the embodiment of the present application when being decrypted a certain enciphered data at every turn, and the second encryption key is carried out update scheme can be different.Be that being updated to of described the second encryption key dynamically updates, each rule of upgrading can be identical, and the second encryption key after upgrading is different.
Data preparation unit 804 is used for described data decryption being carried out data preparation obtaining restoring data according to the antialiasing rule that sets in advance.
Wherein, described antialiasing rule comprises: the order of each character field data in the described data decryption is put in order, obtain the tactic restoring data of its character field data;
Or, delete the incremental data in the described data decryption, obtain restoring data etc.
Preferably, described data preparation unit 804 specifically is used for:
Delete the random data in the described data decryption, obtain restoring data.
By such scheme as can be known, a kind of the second data transmission device that the embodiment of the present application seven provides, be applied to the second terminal, by obtaining the second encryption key of the second terminal, obtain described first terminal by the enciphered data of physical connection link transmission, adopt described the second encryption key to be decrypted to described enciphered data, obtain data decryption, according to the antialiasing rule that sets in advance, described data decryption is carried out data preparation obtain restoring data, thereby guarantee the safe transmission in the transport layer of data between first terminal and the second terminal, simultaneously, the application does not increase hardware cost, utilizes the physical link in the PC existing hardware can realize Security Data Transmission, cost will be lower than the gateway system in the available data transmission plan in actual applications, can be widely used in the reality.
With reference to figure 9, it shows the structural representation of a kind of data transmission system that the embodiment of the present application eight provides, described system comprises such as the embodiment of the present application six described first data transmission devices 901, and such as the embodiment of the present application seven described the second data transmission devices 902, wherein:
Described first data transmission device 901, be applied to first terminal, be used for obtaining the second encryption key of the second terminal, according to the rule of obscuring that sets in advance, data to be sent are carried out data obfuscation obtain obfuscated data, adopt described the second encryption key to be encrypted described obfuscated data, obtain enciphered data, described enciphered data is passed through the physical connection link transmission to described the second terminal as serial data.
Described the second data transmission device 902, be applied to the second terminal, be used for obtaining the second encryption key of the second terminal, obtain described first terminal by the enciphered data of physical connection link transmission, adopt described the second encryption key to be decrypted to described enciphered data, obtain data decryption, according to the antialiasing rule that sets in advance, described data decryption is carried out data preparation obtain restoring data.
Preferably, the embodiment of the present application eight also provides another structural representation of a kind of data transmission system, and described data transmission system also comprises Handshake Protocol performance element 903, as shown in figure 10, and wherein:
Described Handshake Protocol performance element 903, when data to be sent are carried out transfer of data or when enciphered data is carried out the data reduction, be triggered, be used for carrying out the Handshake Protocol between described first terminal and the second terminal, obtain the second encryption key of described the second terminal.
Need to prove, the application is applicable to the Security Data Transmission between internal network and the external network, wherein, suppose that first terminal is a terminal of internal network, the second terminal is a terminal of external network, as shown in figure 11, be the data flow figure of the embodiment of the present application eight at the Security Data Transmission of realizing inner networking and external network.
Preferably, described first data transmission device 901 carries out the renewal of the second encryption key in realizing data encryption process, thereby further guarantees data security transmission; And described the second data transmission device 902 carries out the renewal of the second encryption key when realizing data deciphering, thereby further guarantees data security transmission.As shown in figure 12, be the flow chart of the embodiment of the present application eight at the Security Data Transmission of realizing inner networking and external network.
In Figure 12, described first data transmission device 901 obtains the second encryption key, receives external data and random data, realizes the data to be sent of first terminal are carried out data content arrangement and data obfuscation, obtains obfuscated data;
Wherein, described data content arrangement is the part of Obfuscating Algorithms, it is resolved communication protocol, content, source information and the destination information of described data to be sent and judges, thus the legal data in the data to be sent are extracted, illegal contents is abandoned, thereby further legal data and random data and/or external data are obscured processing;
Described obfuscated data is inserted crypto queue as sequence, adopt the second encryption key successively the data in the crypto queue to be encrypted, after encrypted preset length arrives preset length in the crypto queue, upgrade the second encryption key, then follow-up crypto queue is encrypted, obtains enciphered data;
With enciphered data as serial data by the logistics connecting link by transferring to the second terminal;
After encrypted data transmission to the second terminal, obtain the second encryption key of the second terminal, and obtain first terminal by the enciphered data of physical connection link transmission;
Adopt described the second encryption key to be decrypted to enciphered data, after the data length of having deciphered satisfies preset length, upgrade the second encryption key, then the follow-up not data of deciphering are decrypted, obtain data decryption;
Described data decryption is carried out antialiasing processing, obtain restoring data, judge whether the data format of described restoring data satisfies default form, if, so described restoring data is exported as former notebook data, insert the second terminal, otherwise, the replacement link, re-start Handshake Protocol, namely re-start data obfuscation, encryption, physical connection link transmission, deciphering and antialiasing processing obtain restoring data.
Need to prove, first terminal and the second terminal only are used for representing data are transmitted in two terminals among the application, be not limited to only data be transferred to the second terminal by first terminal, namely the application be equally applicable to data by the second terminal transmission to first terminal.
And the application is when realizing data by the second terminal transmission to first terminal, and the key that data to be sent are encrypted and decipher is the first encryption key of first terminal.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.
At last, also need to prove, in this article, relational terms such as the first and second grades only is used for an entity or operation are separated with another entity or operating space, and not necessarily requires or hint and have the relation of any this reality or sequentially between these entities or the operation.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby not only comprise those key elements so that comprise process, method, article or the equipment of a series of key elements, but also comprise other key elements of clearly not listing, or also be included as the intrinsic key element of this process, method, article or equipment.In the situation that not more restrictions, the key element that is limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises described key element and also have other identical element.
Above a kind of data transmission method provided by the present invention, Apparatus and system are described in detail, to the above-mentioned explanation of the disclosed embodiments, make this area professional and technical personnel can realize or use the present invention.Multiple modification to these embodiment will be apparent concerning those skilled in the art, and General Principle as defined herein can be in the situation that do not break away from the spirit or scope of the present invention, in other embodiments realization.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.