CN105262772B - Data transmission method, system and related device - Google Patents
Data transmission method, system and related device Download PDFInfo
- Publication number
- CN105262772B CN105262772B CN201510752718.0A CN201510752718A CN105262772B CN 105262772 B CN105262772 B CN 105262772B CN 201510752718 A CN201510752718 A CN 201510752718A CN 105262772 B CN105262772 B CN 105262772B
- Authority
- CN
- China
- Prior art keywords
- data packet
- data
- key
- transmitted
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Abstract
The embodiment of the invention discloses a data transmission method, a data transmission system and a related device, which are applied to the technical field of communication. In the method of this embodiment, the first communication device generates a random key, then encrypts the once encrypted data packet to be transmitted for the second time by using the random key, and finally forms a new data packet according to the random key and the encrypted data packet to be transmitted for transmission. Therefore, if the data to be transmitted obtained by the first encryption is only to encrypt part of the content of the original data packet, and the method of the embodiment is adopted to carry out the second encryption, the security of the transmitted data packet is further ensured.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a data transmission method, a data transmission system, and a related apparatus.
Background
In the existing data transmission process, in order to ensure the security of data, a transmitted data packet is generally encrypted, for example, a method of encrypting the entire data packet is adopted, or only part of the content of the data packet is encrypted in order to simplify an encryption algorithm. When encrypting a part of the content of a data packet, there is a method of encrypting important information in the data packet, for example, a data packet includes header information 1, header information 2 and content data, where the header information 1 is a fixed field, and the header information 2 and the content data are important, so that only the header information 2 and the content data are encrypted. However, because the fields in the header information 1 are relatively fixed and have relatively obvious characteristics, the fields are easily intercepted by a firewall or a router in the data transmission process, and the security is relatively poor.
Disclosure of Invention
The embodiment of the invention provides a data transmission method, a data transmission system and a related device, which realize secondary encryption of a data packet to be transmitted.
An embodiment of the present invention provides a data transmission method, including:
generating a random key, wherein the random key comprises an encryption identifier of a data packet to be transmitted; or, generating a random key and the encrypted identifier; the encryption identifier is used for indicating that the data packet to be transmitted is encrypted;
encrypting the data packet to be transmitted by using the random key;
forming a new data packet by using the random key and the encrypted data packet to be transmitted, or forming a new data packet by using the random key, the encrypted identifier and the encrypted data packet to be transmitted;
and transmitting the new data packet.
An embodiment of the present invention provides a data transmission method, including:
receiving a data packet, wherein the data packet comprises an encryption identifier;
if the encryption identification in the data packet indicates that the data packet is secondarily encrypted, the data packet is decomposed, and the decomposed data packet comprises a secondary encryption key of the data packet and data to be decrypted;
and decrypting the data to be decrypted according to the secondary encryption key, and decrypting the decrypted data again.
An embodiment of the present invention further provides a communication device, including:
the key generation unit is used for generating a random key, and the random key comprises an encryption identifier of a data packet to be transmitted; or, generating a random key and the encrypted identifier; the encryption identifier is used for indicating that the data packet to be transmitted is encrypted;
the encryption unit is used for encrypting the data packet to be transmitted by using the random key generated by the key generation unit;
and the transmission unit is used for forming a new data packet by using the random key and the data packet to be transmitted encrypted by the encryption unit, or forming a new data packet by using the random key, the encryption identifier and the encrypted data packet to be transmitted, and transmitting the new data packet.
An embodiment of the present invention further provides a communication device, including:
the data receiving unit is used for receiving a data packet, and the data packet comprises an encryption identifier;
the data decomposition unit is used for decomposing the data packet if the encryption identifier in the data packet received by the data receiving unit indicates that the data packet is subjected to secondary encryption, and the decomposed data packet comprises a secondary encryption key of the data packet and data to be decrypted;
and the decryption unit is used for decrypting the data to be decrypted according to the secondary encryption key obtained by the data decomposition unit and decrypting the decrypted data again.
The embodiment of the present invention further provides a data communication system, which includes a first communication device and a second communication device, wherein:
the first communication device includes:
the key generation unit is used for generating a random key, and the random key comprises an encryption identifier of a data packet to be transmitted; or, generating a random key and the encrypted identifier;
the encryption unit is used for encrypting the data packet to be transmitted by using the random key generated by the key generation unit;
the transmission unit is used for forming a new data packet by using the random key and the data packet to be transmitted encrypted by the encryption unit, or forming a new data packet by using the random key, the encryption identifier and the encrypted data packet to be transmitted, and transmitting the new data packet;
the second communication device includes:
the data receiving unit is used for receiving a data packet, and the data packet comprises an encryption identifier;
the data decomposition unit is used for decomposing the data packet if the encryption identifier in the data packet received by the data receiving unit indicates that the data packet is subjected to secondary encryption, and the decomposed data packet comprises a secondary encryption key of the data packet and data to be decrypted;
and the decryption unit is used for decrypting the data to be decrypted according to the secondary encryption key obtained by the data decomposition unit and decrypting the decrypted data again.
It can be seen that, in the method of this embodiment, the first communication device generates a random key, then performs secondary encryption on the to-be-transmitted data packet that has been subjected to primary encryption by using the random key, and finally forms a new data packet according to the random key and the encrypted to-be-transmitted data packet for transmission. Therefore, if the data to be transmitted obtained by the primary encryption is only to encrypt part of the content of the original data packet, the method of the embodiment is adopted to carry out the secondary encryption, so that the security of the transmitted data packet is further ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a data transmission method according to an embodiment of the present invention;
fig. 2a is a schematic diagram of an embodiment of the present invention after encrypting header information 1 in a data packet to be transmitted;
fig. 2b is a schematic diagram of a part of contents in a data packet to be transmitted after being encrypted according to an embodiment of the present invention;
fig. 2c is a schematic diagram of an embodiment of the present invention after encrypting the whole content in the data packet to be transmitted;
fig. 3 is a flowchart of a data transmission method according to a second embodiment of the present invention;
fig. 4 is a flowchart of a data transmission method according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of a communication device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of another communication device provided in the embodiment of the present invention;
fig. 7 is a schematic structural diagram of another communication device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Embodiment one of the invention
There is provided a data transmission method, which is a method executed by a communication device (such as a first communication device) at one end of data transmission, and a flowchart is shown in fig. 1, where the method includes:
It can be understood that when the first communication device transmits data to the second communication device, the transmitted data packet needs to be encrypted for one time to form a data packet to be transmitted, where the encryption for one time may be performed only on the more important content in the data packet, such as the header information 2 and the content data, and is not described herein again; then, the data packet to be transmitted is encrypted for the second time, and steps 101 to 103 in the method of this embodiment are the method for transmitting the data packet to be transmitted after encrypting for the second time. The encryption identifier is used to indicate that the data packet to be transmitted is encrypted, and the encryption identifier may be represented by a part of bytes in the random key, that is, the random key includes the encryption identifier, or the encryption identifier is independent of the random key, so that the random key generated by the first communication device does not include the encryption identifier, and an additional encryption identifier needs to be generated.
Specifically, the first communication device may encrypt the entire content of the data packet to be transmitted with the random key; or, in another case, the first communication device may encrypt part of the content of the data packet to be transmitted with a random key. When encrypting data to be transmitted, a certain Encryption Algorithm is required, such as Advanced Encryption Standard (AES), RC4 Encryption Algorithm or high efficiency Encryption Algorithm (TEA), etc.
For example, it is assumed that a data packet to be transmitted after being encrypted once includes unencrypted header information 1, encrypted header information 2, and encrypted content data, where the header information 1 is a fixed field and is mainly a command number, a version number, and the like used to distinguish command types transmitted by two communication ends (i.e., a first communication device and a second communication device), and the header information 2 is mainly important information such as a user account. When the data packet to be transmitted is encrypted for the second time, referring to fig. 2a, only the header information 1 may be encrypted for the second time by using the random key; or as shown in fig. 2b, the header information 1 and the header information 2 may be secondarily encrypted with a random key; or as shown in fig. 2c, the whole content of the data packet to be transmitted may be encrypted twice with the random key.
And 103, if the random key including the encryption identifier is generated in the step 101, forming a new data packet by using the random key and the encrypted data packet to be transmitted, and if the random key and the encryption identifier are generated in the step 101, forming a new data packet by using the random key, the encryption identifier and the encrypted data packet to be transmitted, and transmitting the new data packet.
It should be noted that, in the above steps 101 and 103, the first communication device may obtain the length of the random key, the encryption algorithm for encrypting the data packet to be transmitted, and also obtain information such as a command number required for the communication between the first communication device and the second communication device, in the negotiation process of the encryption information, where the data transmission method is executed by the first communication device after the first communication device and the second communication device negotiate the encryption information of the transmitted data packet.
It can be seen that, in the method of this embodiment, the first communication device generates a random key, then performs secondary encryption on the to-be-transmitted data packet that has been subjected to primary encryption by using the random key, and finally forms a new data packet according to the random key and the encrypted to-be-transmitted data packet for transmission. Therefore, if the data to be transmitted obtained by the first encryption is only to encrypt part of the content of the original data packet, and the method of the embodiment is adopted to carry out the second encryption, the security of the transmitted data packet is further ensured.
In a specific embodiment, when the first communication device generates the random key including the encrypted identifier in the step 101, the following steps may be specifically implemented:
step a1, a random number of n bytes is generated, denoted as [ K0, K1,.., K (n) ].
Step B1, if the first byte random number in the random number hits the command number in the data packet to be transmitted, replacing the first byte random number with a second byte random number, and using the replaced random number as the random key, wherein the second byte random number is not included in the generated n bytes of random numbers, and the first byte random number may be any byte random number in the n bytes of random numbers.
Assuming that the command number of the data packet to be transmitted is [ C0, C1., (C) (i) ], if the first byte random number K0 hits any one of [ C0, C1., (C) (i) ], a second byte random number is generated, specifically, a1 byte random number M in the range of [0, C0) can be generated, and then K0 is replaced by M, the finally generated random key is [ M, K1., (K (n) ], so that this random number M can be used as an encryption identifier. The first-ranked random key is enabled to avoid the command number, so that whether the transmitted new data packet is secondarily encrypted can be determined through the first-ranked random key.
Embodiment two of the invention
There is provided a data transmission method, which is a method executed by another-end communication device (such as a second communication device) that transmits data, that is, another-end communication device corresponding to the first communication device, and a flowchart is shown in fig. 3, where the method includes:
And 204, decrypting the data to be decrypted according to the secondary encryption key, and then decrypting the decrypted data again.
Specifically, if the encryption identifier is included in the secondary encryption key, the second communication device may use the first n bytes of data of the data packet as the secondary encryption key, and use data other than the secondary encryption key in the data packet as the data to be decrypted. If the secondary encryption key does not include the encryption identifier, the second communication device may divide the data packet into: the encryption identifier, the secondary encryption key and the data to be decrypted.
Assuming that the byte stream of the packet received by the second communication device is [ B0, B1,. ·, B (n) ], if the encryption flag B0 hits any one of the command numbers [ C0, C1,.. ·, Ci ], it is determined that the packet is not secondarily encrypted, and if not, it is determined that the packet is secondarily encrypted. Further, if it is determined that the data packet is twice-encrypted, the data packet is divided into N-byte-length data [ B0, B1.., B (N)) ] as a twice-encryption key, and data [ B (N +1), B (N +2),. once., B (N)) ] other than the twice-encryption key in the data packet as data to be decrypted.
It should be noted that, in the above steps 201 and 204, the data transmission method is executed by the second communication device after the first communication device and the second communication device negotiate the encryption information of the transmitted data packet, and in the negotiation process of the encryption information, the second communication device may obtain the length of the secondary encryption key, a decryption algorithm for decrypting the data packet by using the secondary encryption key, and may also obtain information such as a command number required for the communication between the first communication device and the second communication device.
It can be seen that, in the method of this embodiment, when the second communication device receives the data packet, if the encryption identifier in the data packet indicates that the data packet is secondarily encrypted, the second communication device decomposes the data packet to obtain a secondary encryption key of the data packet and data to be decrypted, decrypts the data to be decrypted according to the secondary encryption key, and decrypts the decrypted data again. Therefore, if the data to be transmitted obtained by the primary encryption is only to encrypt part of the content of the original data packet, the data packet transmission of the secondary encryption is carried out by adopting the method of the embodiment, so that the security of the transmitted data packet is further ensured, and the security of the encryption is further improved because the secondary encryption is carried out by using the dynamically generated random key and the new data packet consisting of the random key and the encrypted data is transmitted in the embodiment.
The following third embodiment describes the data transmission method of the present invention with a specific application example, referring to fig. 4, the third embodiment of the present invention is mainly used for transmitting voice data packets, in the present embodiment, the first communication device is a voice client, the second communication device is a voice server, and specifically:
step 301, the voice client sends a request to the signaling server to establish a call connection with the voice server.
Step 302, the signaling server sends a configuration request to the voice server, requesting to configure information of secondary encryption of the voice data packet transmitted between the voice client and the voice server, such as information whether secondary encryption is required, a command number required for interaction between the voice client and the voice server, a length of a random key, a secondary encryption algorithm, and the like.
And the voice server configures the secondarily encrypted information to the voice client through the signaling server.
Step 303, the voice client encrypts the voice data packet to be transmitted for the second time according to the first method embodiment, and transmits the encrypted voice data packet to the voice server.
Step 304, after receiving the voice data packet, the voice server may perform decryption according to the second embodiment of the method.
An embodiment of the present invention further provides a communication device, that is, the first communication device, a schematic structural diagram of which is shown in fig. 5, and specifically includes:
a key generation unit 10, configured to generate a random key, where the random key includes an encryption identifier of a data packet to be transmitted; or, generating a random key and the encrypted identifier; the encryption identifier is used for indicating that the data packet to be transmitted is encrypted;
if the data packet to be transmitted includes a command number of a command type transmitted by both communication ends, the key generation unit 10 is specifically configured to generate a random number of n bytes; if the first byte random number in the random number hits the command number in the data packet to be transmitted, replacing the first byte random number with a second byte random number, and taking the replaced random number as the random key; wherein the second byte random number is not included in the n bytes of random numbers.
And the encryption unit 11 is configured to encrypt the data packet to be transmitted by using the random key generated by the key generation unit 10. The encryption unit 11 encrypts the data packet to be transmitted by using a random key and using a certain encryption algorithm.
The encryption unit 11 is specifically configured to encrypt the entire content of the data packet to be transmitted by using the random key; or, the encrypting unit 11 is specifically configured to encrypt part of the content of the data packet to be transmitted by using the random key.
And the transmission unit 12 is configured to form a new data packet by using the random key generated by the key generation unit 10 and the data packet to be transmitted encrypted by the encryption unit 11, or form a new data packet by using the random key, the encryption identifier and the encrypted data packet to be transmitted, and transmit the new data packet.
Further, referring to the dotted line part in fig. 5, the communication device in this embodiment may further include: and the information obtaining unit 13 is configured to obtain the length of the random key and an encryption algorithm for encrypting the data packet to be transmitted. And the information obtaining unit 13 may also obtain a command number used when the communication device of the present embodiment communicates with the second communication device, in order to facilitate the generation of the random key by the key generation unit 10. Thus, the key generation unit 10 generates a random key according to the length of the random key acquired by the information acquisition unit 13, and the encryption unit 11 secondarily encrypts the packet to be transmitted according to the encryption algorithm acquired by the information acquisition unit 13.
It can be seen that, in the communication device of this embodiment, the key generation unit 10 generates a random key, then the encryption unit 11 performs secondary encryption on the data packet to be transmitted that has been subjected to primary encryption by using the random key, and finally the transmission unit 12 forms a new data packet according to the random key and the encrypted data packet to be transmitted and transmits the new data packet. Therefore, if the data to be transmitted obtained by the first encryption is only to encrypt part of the content of the original data packet, and the device of the embodiment is used for carrying out the second encryption, the security of the transmitted data packet is further ensured.
An embodiment of the present invention further provides a communication device, that is, the second communication device, a schematic structural diagram of which is shown in fig. 6, and specifically includes:
a data receiving unit 20, configured to receive a data packet, where the data packet includes an encryption identifier.
A data decomposition unit 21, configured to decompose the data packet if the encryption identifier in the data packet received by the data receiving unit 20 indicates that the data packet is subjected to secondary encryption, where the decomposed data packet includes a secondary encryption key of the data packet and data to be decrypted; if the encryption identifier is not included in the secondary encryption key, the data decomposition unit 21 may divide the data packet into: the encryption identifier, the secondary encryption key and the data to be decrypted.
And the decryption unit 22 is configured to decrypt the data to be decrypted according to the secondary encryption key obtained by the data decomposition unit 21, and decrypt the decrypted data again.
Specifically, if the secondary encryption key includes the encryption identifier in the data packet received by the data receiving unit 20; the data decomposition unit 21 is specifically configured to use the first n bytes of data of the data packet as the secondary encryption key, and use data in the data packet other than the secondary encryption key as the data to be decrypted; the n bytes are the length of the secondary encryption key.
Further, referring to the dotted line portion shown in fig. 6, the communication apparatus of the present embodiment may further include a decryption information obtaining unit 23 for obtaining the length of the secondary encryption key and a decryption algorithm for decrypting the data packet using the secondary encryption key. And the decryption information obtaining unit 23 may also obtain a command number used when the communication apparatus of the present embodiment communicates with the first communication apparatus. Thus, the data splitting unit 21 splits the data packet according to the length of the secondary encryption key acquired by the decryption information acquiring unit 23, and the decryption unit 22 decrypts the data to be decrypted according to the decryption algorithm acquired by the decryption information acquiring unit 23.
In the communication device of the embodiment, when the data receiving unit 20 receives the data packet, if the encryption identifier in the data packet indicates that the data packet is secondarily encrypted, the data decomposing unit 21 decomposes the data packet to obtain the secondary encryption key of the data packet and the data to be decrypted, and then the decrypting unit 22 decrypts the data to be decrypted according to the secondary encryption key and decrypts the decrypted data again. Therefore, if the original data packet is only encrypted by part of the content in the data to be transmitted obtained through the primary encryption, the communication device and the first communication device of the embodiment perform secondary encrypted data packet transmission, so that the security of the transmitted data packet is further ensured.
Embodiments of the present invention further provide a communication device, which is schematically shown in fig. 7, and the communication device may generate a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 30 (e.g., one or more processors) and a memory 31, and one or more storage media 32 (e.g., one or more mass storage devices) for storing applications 321 or data 322. The memory 31 and the storage medium 32 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 32 may include one or more modules (not shown), each of which may include a sequence of instructions operating on the communication device. Still further, the central processor 30 may be configured to communicate with the storage medium 32 to execute a series of instruction operations in the storage medium 32 on the communication device.
The communications apparatus also includes one or more power supplies 33, one or more wired or wireless network interfaces 34, one or more input-output interfaces 35, and/or one or more operating systems 323, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and so forth.
The steps executed by the first communication device in the first method embodiment may be based on the structure of the communication device shown in fig. 7, and the steps executed by the second communication device in the second method embodiment may also be based on the structure of the communication device shown in fig. 7.
An embodiment of the present invention further provides a data transmission system, which mainly includes a first communication device and a second communication device, where a structure of the first communication device may be the structure of the communication device shown in fig. 5 or fig. 7, and a structure of the second communication device may be the structure of the communication device shown in fig. 6 or fig. 7, which is not described herein again.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
The data transmission method, system and related devices provided by the embodiments of the present invention are described in detail above, and the principles and embodiments of the present invention are explained herein by applying specific examples, and the description of the embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (11)
1. A method of data transmission, comprising:
generating a random key, wherein the random key comprises an encryption identifier of a data packet to be transmitted;
encrypting the data packet to be transmitted by using the random key; the encrypting the data packet to be transmitted by using the random key specifically includes: encrypting the whole content of the data packet to be transmitted by using the random key; or, encrypting the unencrypted header information 1 in the data packet to be transmitted by using the random key, or encrypting the unencrypted header information 1 and the encrypted header information 2 in the data packet to be transmitted by using the random key;
forming a new data packet by using the random key and the encrypted data packet to be transmitted;
transmitting the new data packet;
the generating of the random key, where the random key includes an encryption identifier of a data packet to be transmitted, specifically includes:
generating a random number of n bytes, wherein the n bytes are the length of the random key;
if the first byte random number in the random number hits the command number in the data packet to be transmitted, replacing the first byte random number with a second byte random number, and taking the replaced random number as the random key; the second byte random number is an encryption identifier, and the first byte random number is a random number arranged in the first byte in the random numbers;
wherein the second byte random number is not included in the n bytes of random numbers, being a random number between 0 and the command number.
2. The method of claim 1, wherein the generating a random key, the random key including an encrypted identification of a data packet to be transmitted, further comprises:
and acquiring the length of the random key and an encryption algorithm for encrypting the data packet to be transmitted.
3. A method of data transmission, comprising:
receiving a data packet, wherein the data packet comprises an encryption identifier;
if the encryption identification in the data packet indicates that the data packet is secondarily encrypted, the data packet is decomposed, and the decomposed data packet comprises a secondary encryption key of the data packet and data to be decrypted;
decrypting the data to be decrypted according to the secondary encryption key, and decrypting the decrypted data again;
the decrypting the data to be decrypted according to the secondary encryption key specifically includes: decrypting the whole content of the data to be decrypted by using the secondary encryption key; or, the encrypted header information 1 in the data to be decrypted is decrypted by using the secondary encryption key, or the encrypted header information 1 and the encrypted header information 2 in the data to be decrypted are decrypted by using the secondary encryption key;
if the secondary encryption key comprises the encryption identifier, the data packet is decomposed, and the decomposed data packet comprises the secondary encryption key of the data packet and the data to be decrypted, and the method specifically comprises the following steps: if the command number is not hit by the encryption identifier, taking the first n bytes of data of the data packet as the secondary encryption key, and taking the data except the secondary encryption key in the data packet as the data to be decrypted;
the n bytes are the length of the secondary encryption key.
4. The method of claim 3, wherein prior to receiving the data packet, further comprising:
and acquiring the length of the secondary encryption key, and utilizing the secondary encryption key to decrypt the data packet.
5. A communication device, comprising:
the key generation unit is used for generating a random key, and the random key comprises an encryption identifier of a data packet to be transmitted;
the encryption unit is used for encrypting the data packet to be transmitted by using the random key generated by the key generation unit; the encryption unit is used for encrypting the whole content of the data packet to be transmitted by using the random key; or, encrypting the unencrypted header information 1 in the data packet to be transmitted by using the random key, or encrypting the unencrypted header information 1 and the encrypted header information 2 in the data packet to be transmitted by using the random key;
the transmission unit is used for forming a new data packet by using the random key and the data packet to be transmitted encrypted by the encryption unit;
if the data packet to be transmitted comprises command numbers of command types transmitted by two communication ends, the key generation unit is specifically used for generating n bytes of random numbers; if the first byte random number in the random number hits the command number in the data packet to be transmitted, replacing the first byte random number with a second byte random number, and taking the replaced random number as the random key; the second byte random number is an encryption identifier, and the first byte random number is a random number arranged in the first byte in the random numbers;
wherein the second byte random number is not included in the n bytes of random numbers, being a random number between 0 and the command number.
6. The apparatus of claim 5, further comprising:
and the information acquisition unit is used for acquiring the length of the random key and an encryption algorithm for encrypting the data packet to be transmitted.
7. A communication device, comprising:
the data receiving unit is used for receiving a data packet, and the data packet comprises an encryption identifier;
the data decomposition unit is used for decomposing the data packet if the encryption identifier in the data packet received by the data receiving unit indicates that the data packet is subjected to secondary encryption, and the decomposed data packet comprises a secondary encryption key of the data packet and data to be decrypted;
the decryption unit is used for decrypting the data to be decrypted according to the secondary encryption key obtained by the data decomposition unit and decrypting the decrypted data again; the decryption unit is specifically configured to decrypt the entire content of the data to be decrypted with the secondary encryption key; or, the encrypted header information 1 in the data to be decrypted is decrypted by using the secondary encryption key, or the encrypted header information 1 and the encrypted header information 2 in the data to be decrypted are decrypted by using the secondary encryption key;
the secondary encryption key comprises the encryption identifier; the data decomposition unit is specifically configured to determine that a first byte in the data packet is hit as an encryption identifier, if the encryption identifier does not hit a command number, use data of first n bytes of the data packet as the secondary encryption key, and use data in the data packet other than the secondary encryption key as the data to be decrypted;
the n bytes are the length of the secondary encryption key.
8. The apparatus of claim 7, further comprising:
and the decryption information acquisition unit is used for acquiring the length of the secondary encryption key and a decryption algorithm for decrypting the data packet by using the secondary encryption key.
9. A data communication system comprising a first communication device and a second communication device, wherein the first communication device is the communication device according to claim 5 or 6 and the second communication device is the communication device according to claim 7 or 8.
10. A storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform a data transfer method according to any one of claims 1 to 4.
11. A communication device comprising a processor and a storage medium, the processor configured to implement instructions;
the storage medium is configured to store a plurality of instructions for loading by a processor and executing the data transmission method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510752718.0A CN105262772B (en) | 2015-11-06 | 2015-11-06 | Data transmission method, system and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510752718.0A CN105262772B (en) | 2015-11-06 | 2015-11-06 | Data transmission method, system and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105262772A CN105262772A (en) | 2016-01-20 |
| CN105262772B true CN105262772B (en) | 2020-03-17 |
Family
ID=55102277
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510752718.0A Active CN105262772B (en) | 2015-11-06 | 2015-11-06 | Data transmission method, system and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105262772B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105743917B (en) * | 2016-04-05 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Message transmission method and terminal |
| CN106303584A (en) * | 2016-08-10 | 2017-01-04 | 北京蛙视通信技术股份有限公司 | The audio, video data of transmission is carried out encipher-decipher method |
| CN107733841B (en) * | 2016-08-12 | 2021-01-26 | 阿里巴巴集团控股有限公司 | Message transmission method and device based on multiple encryption |
| WO2018214108A1 (en) * | 2017-05-25 | 2018-11-29 | 深圳市伊特利网络科技有限公司 | Secure implementation method and system for network link |
| CN108322776A (en) * | 2018-02-02 | 2018-07-24 | 深圳爱影科技有限公司 | Virtual reality cinema release system |
| CN108667599A (en) * | 2018-05-21 | 2018-10-16 | 平安科技(深圳)有限公司 | Encryption method, device, computer equipment and storage medium |
| CN108769740A (en) * | 2018-06-05 | 2018-11-06 | 苏州科达科技股份有限公司 | Video data encrypted transmission method, system, equipment and storage medium |
| CN110636031B (en) * | 2018-06-21 | 2022-05-17 | 视联动力信息技术股份有限公司 | Video conference data processing method and device |
| CN110751821A (en) * | 2019-11-14 | 2020-02-04 | 华南理工大学广州学院 | RGB (Red Green blue) collector based on wifi (Wireless Fidelity) transmission and collecting method |
| CN111147461B (en) * | 2019-12-13 | 2022-01-11 | 北京像素软件科技股份有限公司 | Data transmission method, device, server and user terminal |
| CN110944009B (en) * | 2019-12-13 | 2022-03-18 | 武汉理工光科股份有限公司 | Data dynamic encryption communication method and system based on two-wire system communication |
| CN111355645A (en) * | 2020-03-06 | 2020-06-30 | 海信(广东)空调有限公司 | Household appliance, cloud server and corresponding data transmission method thereof |
| CN112565656B (en) * | 2020-11-27 | 2023-05-23 | Oppo广东移动通信有限公司 | Video call method, device, system, electronic equipment and storage medium |
| CN113935059B (en) * | 2021-12-16 | 2022-03-15 | 国网浙江省电力有限公司杭州供电公司 | Dynamic encryption method and device suitable for financial data and storage medium |
| CN115866299A (en) * | 2022-11-22 | 2023-03-28 | 航天信息股份有限公司 | Video tamper-proofing method and device, electronic equipment and storage medium |
| CN116032662B (en) * | 2023-03-24 | 2023-06-16 | 中瑞科技术有限公司 | Interphone data encryption transmission system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4482630B2 (en) * | 2005-11-21 | 2010-06-16 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Communication apparatus and communication method |
| KR20080100673A (en) * | 2007-05-14 | 2008-11-19 | 삼성전자주식회사 | Encryption-based security protection method for processor and apparatus thereof |
| US20170142082A1 (en) * | 2014-03-10 | 2017-05-18 | Sengi Corporation | System and method for secure deposit and recovery of secret data |
| CN104009841B (en) * | 2014-06-20 | 2018-01-19 | 天津理工大学 | A kind of message encryption method under instant messaging situation |
-
2015
- 2015-11-06 CN CN201510752718.0A patent/CN105262772B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN105262772A (en) | 2016-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105262772B (en) | Data transmission method, system and related device | |
| EP3293934B1 (en) | Cloud storage method and system | |
| CN109450852B (en) | Network communication encryption and decryption method and electronic equipment | |
| CN106487749B (en) | Key generation method and device | |
| Boakye-Boateng et al. | Encryption protocol for resource-constrained devices in fog-based IoT using one-time pads | |
| CN110912690A (en) | Data encryption and decryption method, vehicle and storage medium | |
| US20190199722A1 (en) | Systems and methods for networked computing | |
| CN110401527B (en) | Data encryption and decryption method and device and storage medium | |
| CN110166489B (en) | Data transmission method, system, equipment and computer medium in Internet of things | |
| US20150188699A1 (en) | Method and apparatus for establishing secure session between client and server | |
| US20220278970A1 (en) | Anonymous communication over virtual, modular and distributed satellite communications network | |
| EP1687998B1 (en) | Method and apparatus to inline encryption and decryption for a wireless station | |
| US10015208B2 (en) | Single proxies in secure communication using service function chaining | |
| CN113193958B (en) | Quantum key service method and system | |
| GB2488753A (en) | Encrypted communication | |
| CN109428868B (en) | Method, encryption device, encryption equipment and storage medium for encrypting OSPFv3 | |
| CN110784870A (en) | Wireless local area network secure communication method and system and authentication server | |
| CN113708928B (en) | Edge cloud communication method and related device | |
| CN115967790A (en) | Monitoring system and monitoring data encryption transmission method | |
| US9680636B2 (en) | Transmission system, transmission method and encrypting apparatus | |
| JP2008182649A (en) | Encrypted packet communication system | |
| JP2008066882A (en) | Encryption key distribution apparatus, and encryption key distribution method | |
| CN108809632B (en) | Quantum safety sleeving layer device and system | |
| KR20170083359A (en) | Method for encryption and decryption of IoT(Internet of Things) devices using AES algorithm | |
| IL254758B2 (en) | Method, equipment and computer program product for code encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |