CN106028320A - Data security transmission method, terminal and server - Google Patents

Data security transmission method, terminal and server Download PDF

Info

Publication number
CN106028320A
CN106028320A CN201610596973.5A CN201610596973A CN106028320A CN 106028320 A CN106028320 A CN 106028320A CN 201610596973 A CN201610596973 A CN 201610596973A CN 106028320 A CN106028320 A CN 106028320A
Authority
CN
China
Prior art keywords
data
terminal
request
encryption
wifi
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201610596973.5A
Other languages
Chinese (zh)
Inventor
李韧
袁旦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Jinli Communication Equipment Co Ltd
Original Assignee
Shenzhen Jinli Communication Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Jinli Communication Equipment Co Ltd filed Critical Shenzhen Jinli Communication Equipment Co Ltd
Priority to CN201610596973.5A priority Critical patent/CN106028320A/en
Publication of CN106028320A publication Critical patent/CN106028320A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a data security transmission method, a terminal and a server. The method comprises the steps of: judging whether wifi (Wireless Fidelity) connected with the terminal is marked wifi; if the wifi connected with the wifi is unmarked wifi and the terminal needs to send a request data packet, encrypting the request data packet to obtain first encrypted data; by the terminal, sending the first encrypted data to the server through the wifi, and by the server, carrying out decryption on the first encrypted data; by the terminal, receiving second encrypted data returned by the server, wherein the second encrypted data is a response data packet encrypted by the server; and by the terminal, carrying out decryption on the second encrypted data to obtain the response data packet. According to the embodiment of the invention, by judging whether the public wifi is the marked wifi, encrypting the request data packet if the public wifi is the unmarked wifi and sending the encrypted request data packet to the server, loads of the terminal and the server can be reduced.

Description

A kind of data safe transmission method and terminal, server
Technical field
The present invention relates to technical field of data transmission, particularly relate to a kind of data safe transmission method and terminal, Server.
Background technology
Present public wifi can solve the demand that user is transmitted in the big data of foreign environment, but public wifi Data safety is but a problem the biggest.Illegal public wifi can be stolen very easily by data packet analysis Take privacy of user and fishing website may be used to carry out cause the user loss so that data transmission under public wifi Safety not enough.Prior art in the case of public wifi, the most public wifi whether safety, the most right Terminal needs the data of transmission to be encrypted deciphering, and server receives data and is also required to be encrypted deciphering. Resource spent by encrypting and decrypting and time add the load of terminal and server, reduce data transmission speed Degree.
Summary of the invention
The embodiment of the present invention provides a kind of data safe transmission method and terminal, server, it is possible to decrease terminal and The load of server.
First aspect, embodiments provides a kind of data safe transmission method, and the method includes:
Judge whether the wifi that terminal connects is marked wifi;
If the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to described request Packet is encrypted and obtains the first encryption data;
First encryption data is sent to server by described wifi by terminal, and described server is to the first encryption Data are decrypted;
Terminal receives the second encryption data that server returns, and described second encryption data is that server is through adding Reply data bag after close;
Second encryption data is decrypted and obtains reply data bag by terminal.
On the other hand, embodiments providing a kind of terminal, this terminal includes:
Judging unit, for judging whether the wifi that terminal connects is marked wifi;
Ciphering unit, if the wifi connected for terminal is unlabelled wifi and terminal need to send request data Bag, is encrypted described request data package and obtains the first encryption data;
Transmitting element, for being sent to server, described server by the first encryption data by described wifi First encryption data is decrypted;
Receiving unit, for receiving the second encryption data that server returns, described second encryption data is clothes Business device reply data bag after encryption;
Decryption unit, obtains reply data bag for being decrypted the second encryption data.
It addition, embodiments provide a kind of server, this server include security server and Application server, described security server includes decryption unit, ciphering unit;
Described decryption unit, for receiving the first encryption data that terminal sends, is carried out the first encryption data Deciphering obtains request data package, and request data package is sent to the application server needing to access;
Described ciphering unit, for receiving the reply data bag that application server returns, enters reply data bag Row encryption obtains the second encryption data, and the second encryption data is sent to terminal.
The embodiment of the present invention is by judging that whether public wifi is the wifi of labelling, if unlabelled wifi Just request data package is encrypted and is sent to server, receive the answer number after the encryption that server returns According to wrapping and deciphering;The request data package deciphering that terminal is sent by server, is encrypted by reply data bag Return to terminal, reduce terminal and the load of server.
Accompanying drawing explanation
In order to be illustrated more clearly that embodiment of the present invention technical scheme, required in embodiment being described below The accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is some realities of the present invention Execute example, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to Other accompanying drawing is obtained according to these accompanying drawings.
Fig. 1 is the method schematic flow diagram that first embodiment of the invention provides;
Fig. 2 is the sub-process schematic diagram of the method that first embodiment of the invention provides;
Fig. 3 is the schematic flow diagram of the method that another embodiment of the present invention provides;
Fig. 4 is the sub-process schematic diagram of the method that another embodiment of the present invention provides;
Fig. 5 be the embodiment of the present invention provide judge that whether wifi is the method flow schematic diagram of safe wifi;
Fig. 6 is the schematic block diagram of a kind of terminal that the embodiment of the present invention provides;
Fig. 7 is the subfunction block diagram of the ciphering unit provided in Fig. 6 embodiment;
Fig. 8 is the schematic block diagram of a kind of terminal that another embodiment of the present invention provides;
Fig. 9 is the schematic block diagram of a kind of server that the embodiment of the present invention provides;
Figure 10 is the subfunction block diagram of the decryption unit provided in Fig. 9 embodiment;
Figure 11 is the schematic block diagram of a kind of terminal that another embodiment of the present invention provides;
Figure 12 is the schematic block diagram of a kind of server that another embodiment of the present invention provides.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly Chu, it is fully described by, it is clear that described embodiment is a part of embodiment of the present invention rather than all Embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative labor The every other embodiment obtained under dynamic premise, broadly falls into the scope of protection of the invention.
Should be appreciated that when using in this specification and in the appended claims, term " includes " and " bag Contain " indicate described feature, entirety, step, operation, element and/or the existence of assembly, but be not precluded from One or more further features, entirety, step, operation, element, assembly and/or its set existence or add Add.
The schematic flow diagram of a kind of data safe transmission method that Fig. 1 provides for first embodiment of the invention.Should Method is applied in the terminal unit that can get online without being tethered to a cable, such as mobile phone, pad etc..The method includes S101~S105.
S101, it is judged that whether the wifi that terminal connects is marked wifi.Marked wifi is safe wifi.Specifically, it is judged that whether wifi is that the method for safe wifi can be: the wifi connected according to terminal Geographical position judge the safety of wifi, if the wifi that terminal connects is safe wifi, terminal is connected Wifi be marked.As in the geographic range be in of wifi that terminal connects or in the range of company, The wifi of family or the wifi of company is labeled as safe wifi, mates according to ssid or mac address, this A little wifi are made without encryption in transmission data.If the wifi that terminal connects is the wifi in certain market, Its safety can not be judged, not be marked.Judge whether wifi is safe wifi's Method can also be other feasible methods.
S102, if the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to this Request data package is encrypted and obtains the first encryption data.Wherein, it is right that the AES that encryption is used includes Claim AES, rivest, shamir, adelman etc., such as AESs such as DES, SHA, RSA.It is appreciated that Ground, terminal need to send request data package and be specially the application program of terminal and need to send request data package.If terminal The wifi connected is marked wifi, is not encrypted the request data package sent.
S103, the first encryption data is sent to server by wifi by terminal, and this server is to the first encryption Data are decrypted.First encryption data plus TCP/IP packet header, is sent to server by wifi by terminal. It should be noted that the encryption of different terminals, decryption mechanisms can be different.Accordingly, server is with this eventually When transmitting data between end, the encryption of employing, decryption mechanisms and the encryption of this terminal, decryption mechanisms are identical. As two different terminals can use des encryption algorithm, SHA AES respectively, when terminal uses DES During AES, also use des encryption algorithm with the server of this terminal transmission data.For improving further Safety, it is also possible to encryption, the decryption mechanisms of each terminal is updated.Server receives the first encryption After data, according to the decruption key that the encryption key used when being encrypted with terminal is corresponding, it is decrypted, Complete request data package is i.e. can get after deciphering.
S104, terminal receives the second encryption data that server returns, and this second encryption data is server warp Cross the reply data bag after encryption.
S105, the second encryption data is decrypted and obtains reply data bag by terminal.Terminal receives second and adds After ciphertext data, according to the encryption deciphering secret key pair answered of secret key pair used when being encrypted with server, it is carried out Deciphering, i.e. can get complete reply data bag after deciphering.Reply data bag is distributed to send request by terminal The application program of packet.
Whether the wifi that above-described embodiment connects by judging terminal is marked wifi, if unlabelled Wifi is just encrypted to the data transmitted and is sent to server, and receives answering after the encryption that server returns Answer packet and decipher, this embodiment reduces the load of terminal and server, improve network transfer speeds.
The sub-process schematic diagram of the method that Fig. 2 provides for first embodiment of the invention.Specifically, for S102's Sub-process schematic diagram.S102 includes:
S201, if the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to needing The request data package sent detects.
S202, if containing the data that there is a need to encryption in request data package, adds the request data package of terminal Close obtain the first encryption data.Request between terminal and server can be http request, if terminal being detected And the request data package between server is to include user in the request to special bank web page or request data package Name, password etc. need the web-page requests of encryption, request data package are encrypted.As http request detected In include ICBC, then for the packet of request industrial and commercial bank webpage, the data that need to maintain secrecy may be related to, This request data package is encrypted.
Whether above-described embodiment is by including the data of needs encryption in detection request data package, if including Request data package is encrypted by the data needing encryption.Further describe the request data package of needs encryption Type, is not encrypted all of request data package, reduces terminal and the load of server, improves data Transmission speed.
Fig. 3 is the schematic flow diagram of the method that another embodiment of the present invention provides.The method is applied to can nothing In the terminal unit of line online, such as mobile phone, pad etc..The method includes S301~S307.Clothes in the method Business device includes security server and application server.Wherein, security server can be to have CA (Certificate Authority) certificate or corresponding with the computer program that relied on of this method run in terminal there is safe guarantor The third-party server of barrier.Application server is the server of processing terminal service logic.
S301, it is judged that whether the wifi that terminal connects is marked wifi.Specifically, it is judged that whether wifi Method for safe wifi can be: judge the safety of wifi according to the geographical position of the wifi of terminal connection, If if the wifi that terminal connects is safe wifi, the wifi that terminal connects being marked.As terminal connects The geographic range be in of wifi in or in the range of company, by wifi or the wifi mark of company of family Be designated as safe wifi, mate according to ssid or mac address, these wifi transmission data in need not into Row encryption.If the wifi that terminal connects is the wifi in certain market, it is impossible to the safety to it judges, It is not marked.Judge that whether wifi is that the method for safe wifi can also be for other feasible methods.
S302, if the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to this Request data package is encrypted and obtains the first encryption data.Wherein, it is right that the AES that encryption is used includes Claim AES, rivest, shamir, adelman etc., such as AESs such as DES, SHA, RSA.It is appreciated that Ground, terminal need to send request data package and be specially the application program of terminal and need to send request data package.If terminal The wifi connected is marked wifi, is not encrypted the request data package sent.
S303, the first encryption data is sent to security server by wifi by terminal.Terminal is encrypted first Data add TCP/IP packet header, are sent to security server by wifi.It should be noted that different terminals Encryption, decryption mechanisms can be different.Accordingly, when transmitting data between server and this terminal, use Encryption, decryption mechanisms and the encryption of this terminal, decryption mechanisms identical.As two different terminals can be distinguished Use des encryption algorithm, SHA AES, when terminal uses des encryption algorithm, with this terminal The server of transmission data also uses des encryption algorithm.For improving safety further, it is also possible to each end The encryption of end, decryption mechanisms are updated.
S304, security server receives the first encryption data that terminal sends, the first encryption data is solved Close obtain request data package, request data package is sent to the application server needing to access.Server receives After the first encryption data, according to the decruption key pair that the encryption key used when being encrypted with terminal is corresponding It is decrypted, and i.e. can get complete request data package after deciphering.Target ip address in request data package I.e. counterpart terminal need to send the application server of request data package, can request data package transmission be taken to this application Business device.
S305, security server receives the reply data bag that application server returns, carries out reply data bag Encryption obtains the second encryption data, and the second encryption data is sent to terminal.
S306, terminal receives the second encryption data that security server returns.
S307, the second encryption data is decrypted and obtains reply data bag by terminal.Terminal receives second and adds After ciphertext data, according to the encryption deciphering secret key pair answered of secret key pair used when being encrypted with server, it is carried out Deciphering, i.e. can get complete reply data bag after deciphering.Reply data bag is distributed to send request by terminal The application program of packet.
Server is divided into security server and application server, security server by above-described embodiment further Data carry out encryption and decryption, and application server returns reply data bag to respond the request of terminal.Relative to only For having a kind of server, it is divided into security server and application server can reduce the load of server, Accelerate the speed of server response.
The sub-process schematic diagram of the method that Fig. 4 provides for another embodiment of the present invention.Specifically, for step S304 Method sub-process figure.S304 includes:
S401, security server receives the first encryption data that terminal sends, the first encryption data is solved Close obtain request data package.After server receives the first encryption data, make according to when being encrypted with terminal Decruption key corresponding to encryption key it is decrypted, i.e. can get complete request data after deciphering Bag.Target ip address in request data package i.e. counterpart terminal need to send the application server of request data package.
S402, the request data package obtaining deciphering carries out safety inspection, it is judged that the data in request data package It is whether the data of illegal request.
S403, if the data of illegal request, abandons request data package.Illegal request, such as answering of terminal Steal mobile phone contact, terminal by program and individual privacy is sent to own server etc..
S404, if the data of legitimate request, is sent to the application server needing to access by request data package.
Above-described embodiment carries out safety inspection by security server to the request data report of terminal, if illegally The data of request, abandon request data package, if the data of legitimate request, request data package are sent to Need the application server accessed.The legitimacy of request data package is judged by security server, further Ensure that the safety that data are transmitted.
In the embodiment that other are feasible, it is judged that whether wifi is that the method for safe wifi can also can for other For another kind, the method for row, as it is shown in figure 5, judge that whether wifi is the method for safe wifi.
Specifically, Fig. 5 includes S501~S507.
S501, terminal is sent to application server and to application service the first request data package after connecting wifi The first reply data bag that device returns calculates the first check value, described request data package according to default algorithm In include the link of request.Wherein, the algorithm preset is preferably MD5 checking algorithm, and default algorithm is also Can be other feasible algorithms.Without encrypting when this first request data package is sent to application server.
S502, terminal is sent to security server the first request data package.
S503, security server receives the first request data package and the first request data package is sent to application clothes Business device is so that application server returns the second reply data bag.
S504, the link of security server checking request is the most effective, and to the second reply data bag received The second check value is calculated according to default algorithm.Security server verifies the request in the first request data package Link whether effective, and the second reply data bag received is calculated the second school according to default algorithm Test value.Wherein, the algorithm preset is preferably MD5 checking algorithm, and default algorithm and terminal calculate the first school The algorithm testing value is identical.
S505, terminal receives the most effective data of link and second verification of the request that security server returns Value.
S506, terminal judges the first check value and the second check value are the most consistent, and judge described request Link the most effective.If the first check value and the second check value are consistent, and the link of request is effective, enters S507. If the first check value and the second check value is inconsistent or request link invalid, then be possible as end The wifi that end connects is insincere, it is also possible to the webpage being request is insincere, and the webpage of request is modified, Therefore the wifi connected terminal does not do any operation.If the first check value and the second check value are consistent, and The link of request is effective, and the first reply data bag and safety that terminal directly asks application server to return is described The content of the second reply data bag that server request application server returns is consistent, and wifi is believable, safety 's.Security server has further functioned as the effect of checking.If wifi is that safe wifi is to subsequent request Packet is not encrypted.
S507, the wifi labelling that terminal will be connected.The wifi being marked is safe wifi.
Above-described embodiment directly asks the of the first reply data bag that application server returns by computing terminal Second check value of the second reply data bag that one check value returns with security server request application server, And verify that the link of request is whether effective, if the first check value is consistent with the second check value and linking of asking Effectively, wifi labelling terminal connected, this embodiment judges wifi that terminal connected whether further Wifi for safety.
See Fig. 6, be the schematic block diagram of a kind of terminal that the embodiment of the present invention provides.This terminal can realize Get online without being tethered to a cable.This terminal 60 includes judging unit 61, ciphering unit 62, transmitting element 63, receives unit 64, decryption unit 65, indexing unit 66.
Judging unit 61, for judging whether the wifi that terminal connects is marked wifi.Judging unit 61, The geographical position being additionally operable to the wifi according to terminal connection judges the safety of wifi.Indexing unit 66, is used for If the wifi that terminal connects is safe wifi, the wifi that terminal connects is marked.As terminal connects In the geographic range that wifi is in or in the range of company, by wifi or the wifi labelling of company of family For safe wifi, mating according to ssid or mac address, these wifi are made without in transmission data Encryption.If the wifi that terminal connects is the wifi in certain market, it is impossible to the safety to it judges, no It is marked.Judge whether the wifi that terminal connects is that safe wifi can also be for other feasible sides Method.
Ciphering unit 62, if the wifi connected for terminal is unlabelled wifi and terminal need to send number of request According to bag, this request data package is encrypted and obtains the first encryption data.Wherein, the encryption used is encrypted Algorithm includes symmetric encipherment algorithm, rivest, shamir, adelman etc., such as AESs such as DES, SHA, RSA. It is specially the application program of terminal need to send request data package it is to be appreciated that terminal need to send request data package. As it is shown in fig. 7, ciphering unit 62 includes detector unit 71, DEU data encryption unit 72.Wherein, detection is single Unit 7, if the wifi connected for terminal is unlabelled wifi and terminal need to send request data package, to needing The request data package sent detects.DEU data encryption unit 72, if containing there is a need in request data package The data of encryption, are encrypted the request data package of terminal and obtain the first encryption data.Terminal and server Between request can be http request, if the request data package detected between terminal and server is to special silver The request of row webpage or request data package include the web-page requests of the needs such as user name, password encryption, will Request data package is encrypted.As detected, http request includes ICBC, then for request industrial and commercial bank net The packet of page, may relate to the data that need to maintain secrecy, be encrypted this request data package.
Transmitting element 63, for the first encryption data is sent to server by wifi, this server is to the One encryption data is decrypted.First encryption data plus TCP/IP packet header, is sent to by terminal by wifi Server.It should be noted that the encryption of different terminals, decryption mechanisms can be different.Accordingly, service When transmitting data between device and this terminal, the encryption of employing, decryption mechanisms and the encryption of this terminal, deciphering machine Make identical.As two different terminals can use des encryption algorithm, SHA AES respectively, work as terminal When using des encryption algorithm, also use des encryption algorithm with the server of this terminal transmission data.For entering One step improves safety, it is also possible to be updated encryption, the decryption mechanisms of each terminal.Server receives After first encryption data, according to decruption key corresponding to encryption key used when being encrypted with terminal to it It is decrypted, after deciphering, i.e. can get complete request data package.
Receiving unit 64, for receiving the second encryption data that server returns, this second encryption data is clothes Business device reply data bag after encryption.
Decryption unit 65, obtains reply data bag for being decrypted the second encryption data.Terminal receives After second encryption data, the deciphering secret key pair answered according to the encryption secret key pair used when being encrypted with server It is decrypted, and i.e. can get complete reply data bag after deciphering.Reply data bag is distributed to send out by terminal Go out the application program of request data package.
Whether above-described embodiment is by including the data of needs encryption in detection request data package, if including Request data package is encrypted by the data needing encryption.Further describe the request data package of needs encryption Type, is not encrypted all of request data package, reduces terminal and the load of server, improves data Transmission speed.
The schematic block diagram of a kind of terminal that Fig. 8 provides for another embodiment of the present invention.This terminal 80 includes sentencing Disconnected unit 81, ciphering unit 82, transmitting element 83, reception unit 84, decryption unit 85, indexing unit 86, computing unit 87.
Computing unit 87, is sent to application server correspondence the first request data package after being used for connecting wifi The the first reply data bag returned with server calculates the first check value, described request according to default algorithm Packet includes the link of request.Wherein, the algorithm preset is preferably MD5 checking algorithm, default Algorithm can also be other feasible algorithms.Without adding when this first request data package is sent to application server Close.Wherein, application server is the server of processing terminal service logic.
Transmitting element 83, for being sent to security server the first request data package.Wherein, security service Device can be to have CA (Certificate Authority) certificate or relied on this method of operation in terminal The third-party server with safety guarantee corresponding to computer program.
Receive unit 84, for for receiving the most effective data of the link of the request that security server returns With the second check value, wherein, this second check value is that security server should according to default algorithm calculating second Answering result produced by packet, this second reply data bag is application server response the first request data package Produced.Wherein, the algorithm preset is preferably MD5 checking algorithm, and default algorithm and terminal calculate the The algorithm of one check value is identical.
Judging unit 81, the most consistent for judging the first check value and the second check value, and judge described The link of request is the most effective.
Indexing unit 86, if consistent for the first check value and the second check value and described request link is effective, The wifi labelling that terminal will be connected.If the first check value and the second check value is inconsistent or request link Invalid, then the wifi being possible as terminal connection is insincere, it is also possible to the webpage being request can not Letter, the webpage of request is modified, and the wifi therefore connected terminal does not do any operation.If the first school Test value consistent with the second check value, and the link of request is effective, illustrates that terminal directly asks application server to return The the first reply data bag returned is interior with the second reply data bag of security server request application server return Holding consistent, wifi is believable, safe.Security server has further functioned as the effect of checking.If wifi The packet of subsequent request is not encrypted by the wifi for safety.
Judging unit 81, is additionally operable to judge whether the wifi that terminal connects is marked wifi.
Ciphering unit 82, if the wifi connected for terminal is unlabelled wifi and terminal need to send number of request According to bag, this request data package is encrypted and obtains the first encryption data.Wherein, the encryption used is encrypted Algorithm includes symmetric encipherment algorithm, rivest, shamir, adelman etc., such as AESs such as DES, SHA, RSA. It is specially the application program of terminal need to send request data package it is to be appreciated that terminal need to send request data package. As it is shown in fig. 7, ciphering unit 82 includes detector unit 71, DEU data encryption unit 72.Wherein, detection is single Unit 71, if the wifi connected for terminal is unlabelled wifi and terminal need to send request data package, to needing The request data package sent detects.DEU data encryption unit 72, if containing there is a need in request data package The data of encryption, are encrypted the request data package of terminal and obtain the first encryption data.Terminal and server Between request can be http request, if the request data package detected between terminal and server is to special silver The request of row webpage or request data package include the web-page requests of the needs such as user name, password encryption, will Request data package is encrypted.As detected, http request includes ICBC, then for request industrial and commercial bank net The packet of page, may relate to the data that need to maintain secrecy, be encrypted this request data package.
Transmitting element 83, is additionally operable to by wifi, the first encryption data is sent to security server, this safety First encryption data is decrypted by server.First encryption data plus TCP/IP packet header, is passed through by terminal Wifi is sent to server.It should be noted that the encryption of different terminals, decryption mechanisms can be different.Accordingly , when transmitting data between server and this terminal, the encryption of employing, the encryption of decryption mechanisms and this terminal, Decryption mechanisms is identical.As two different terminals can use des encryption algorithm, SHA AES respectively, When terminal uses des encryption algorithm, also use des encryption algorithm with the server of this terminal transmission data. For improving safety further, it is also possible to encryption, the decryption mechanisms of each terminal is updated.Server connects After receiving the first encryption data, according to the decruption key that the encryption key used when being encrypted with terminal is corresponding It is decrypted, after deciphering, i.e. can get complete request data package.
Receive unit 84, be additionally operable to receive the second encryption data that security server returns, this second encryption number According to being security server reply data bag after encryption, this reply data bag is application server response peace Request data package that full server sends and produce.
Decryption unit 85, obtains reply data bag for being decrypted the second encryption data.Terminal receives After second encryption data, the deciphering secret key pair answered according to the encryption secret key pair used when being encrypted with server It is decrypted, and i.e. can get complete reply data bag after deciphering.Reply data bag is distributed to send out by terminal Go out the application program of request data package.
The schematic block diagram of a kind of server that Fig. 9 provides for the embodiment of the present invention.This server is used for and end End communicates.This server 90 includes security server 91 and application server 92.Wherein, safety clothes Business device 91 can be have CA (Certificate Authority) certificate or with terminal on run this method institute The third-party server with safety guarantee corresponding to computer program relied on.Application server 92 is to process The server of terminal traffic logic, application server can response terminal send the first request data package, application Server also can response security server send request data package.Security server 91 includes decryption unit 911, ciphering unit 912, authentication unit 913, computing unit 914.
Decryption unit 911, for receiving the first encryption data that terminal sends, solves the first encryption data Close obtain request data package, request data package is sent to the application server needing to access.Server receives After the first encryption data, according to the decruption key pair that the encryption key used when being encrypted with terminal is corresponding It is decrypted, and i.e. can get complete request data package after deciphering.Target ip address in request data package I.e. counterpart terminal need to send the application server of request data package, sends request data package to this application service Device.
Ciphering unit 912, for receiving the reply data bag that application server returns, is carried out reply data bag Encryption obtains the second encryption data, and the second encryption data is sent to terminal.
It should be noted that the encryption due to different terminals, decryption mechanisms can be different.Accordingly, service When transmitting data between device and this terminal, the encryption of employing, decryption mechanisms and the encryption of this terminal, deciphering machine Make identical.As two different terminals can use des encryption algorithm, SHA AES respectively, work as terminal When using des encryption algorithm, also use des encryption algorithm with the server of this terminal transmission data.
Authentication unit 913, for receiving the first request data package, and verifies the request in the first request data package Link the most effective.
Computing unit 914, the second response produced for receiving application server response the first request data package Packet, and this second reply data bag is calculated the second check value according to default algorithm.This is preset The algorithm that algorithm calculates the first check value with terminal is identical, the first school that this second check value and terminal calculate Test value to compare, it may be judged whether one shows and judges whether the wifi that terminal is connected is safe wifi.
Server is divided into security server and application server, security server by above-described embodiment further Data carry out encryption and decryption, and application server returns reply data bag to respond the request of terminal.Relative to only For having a kind of server, it is divided into security server and application server can reduce the load of server, Accelerate the speed of server response.On the other hand, the link that security server is asked by checking is the most effective, And judge the first check value that the second check value that security server calculates calculates with terminal be No unanimously, judge whether the wifi that terminal is connected is safe wifi, and security server serves verification Effect.
The subfunction block diagram of the decryption unit that Figure 10 provides for embodiment in Fig. 9.Decryption unit 911 includes number According to decryption unit 101, judging unit 102, discarding unit 103, transmitting element 104.
Data decryption unit 101, for receiving the first encryption data that terminal sends, enters the first encryption data Row deciphering obtains request data package.After server receives the first encryption data, it is encrypted according to terminal Time decruption key corresponding to encryption key that use it is decrypted, i.e. can get complete request after deciphering Packet.Target ip address in request data package i.e. counterpart terminal need to send the application service of request data package Device.
Judging unit 102, carries out safety inspection for the request data package obtaining deciphering, it is judged that request data Whether the data in bag are the data of illegal request.
Discarding unit 103, if for the data of illegal request, abandoning request data package.Illegal request, Steal mobile phone contact, terminal such as the application program of terminal and individual privacy is sent to own server etc..
Transmitting element 104, if for the data of legitimate request, is sent to request data package need access Application server.
Above-described embodiment carries out safety inspection by security server to the request data report of terminal, if illegally The data of request, abandon request data package, if the data of legitimate request, request data package are sent to Need the application server accessed.The legitimacy of request data package is judged by security server, further Ensure that the safety that data are transmitted.
The schematic block diagram of a kind of terminal that Figure 11 provides for another embodiment of the present invention.This terminal 110 includes Input equipment 111, output device 112, memorizer 113 and processor 114, above-mentioned input equipment 111, Output device 112, memorizer 113 and processor 114 are connected by bus 115.Wherein:
Input equipment 111, is used for providing user input marking information.In implementing, the embodiment of the present invention Input equipment 111 can include keyboard, mouse, light device of electrical input, acoustic input device, touch input Device etc..
Output device 112, connects the interface etc. of wifi for outlet terminal.In implementing, the present invention implements The output device 112 of example can include display, display screen, touch screen etc..
Memorizer 113, for storing the routine data with various functions.Memorizer in the embodiment of the present invention The data of 113 storages include marked wifi information, and other routine datas that can call and run.Tool During body realizes, the memorizer 113 of the embodiment of the present invention can be system storage, such as, volatile (all Such as RAM), non-volatile (such as ROM, flash memory etc.), or both combinations.In implementing, The memorizer 113 of the embodiment of the present invention can also is that the external memory storage outside system, such as, disk, light Dish, tape etc..
Processor 114, for calling the routine data of storage in memorizer 113, and performs following operation:
Judge whether the wifi that terminal connects is marked wifi;If the wifi that terminal connects is unlabelled Wifi and terminal need to send request data package, are encrypted described request data package and obtain the first encryption data; First encryption data is sent to server by described wifi by terminal, and described server is to the first encryption data It is decrypted;Terminal receives the second encryption data that server returns, and described second encryption data is server Reply data bag after encryption;Second encryption data is decrypted and obtains reply data bag by terminal.
In the embodiment that other are feasible, processor 114 can also carry out following steps:
If the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, terminal need to be sent out The request data package sent detects;If request data package containing the data that there is a need to encryption, by request data Bag is encrypted and obtains the first encryption data.
In the embodiment that other are feasible, server includes security server and application server, processor 114 Can also carry out following steps:
Described terminal is sent to application server application server the first request data package after connecting wifi The the first reply data bag returned calculates the first check value according to default algorithm, in described request data package Include the link of request;Described terminal is sent to security server the first request data package;Described terminal connects Receive the most effective data of link and second check value of the described request that security server returns, wherein, institute Stating the second check value is that described security server calculates the second reply data bag according to described default algorithm and produced Raw result, described second reply data bag is the first request data package institute described in described application server response Produce;Terminal judges the first check value and the second check value are the most consistent, and judge the chain of described request Connect the most effective;If the first check value and the second check value is consistent and the link of described request is effective, terminal will The wifi labelling connected.
The schematic block diagram of a kind of server that Figure 12 provides for another embodiment of the present invention.This server 120 Connected by bus 123 including memorizer 121 and processor 122, memorizer 121 and processor 122. Wherein:
Memorizer 121, for storing the routine data with various functions.Memorizer in the embodiment of the present invention The data of 121 storages include other routine datas that can call and run.In implementing, the embodiment of the present invention Memorizer 121 can be system storage, such as, volatile (such as RAM), non-volatile (such as ROM, flash memory etc.), or both combinations.In implementing, the storage of the embodiment of the present invention Device 121 can also is that the external memory storage outside system, such as, disk, CD, tape etc..
Processor 122, for calling the routine data of storage in memorizer 121, and performs following operation:
Server includes security server and application server;The first of security server reception terminal transmission adds Ciphertext data, is decrypted the first encryption data and obtains request data package, request data package is sent to needs The application server accessed;Security server receives the reply data bag that application server returns, to answer number It is encrypted according to bag and obtains the second encryption data, the second encryption data is sent to terminal.
In the embodiment that other are feasible, processor 122 can also carry out following steps:
Security server receives the first encryption data that terminal sends, and the first encryption data is decrypted and obtains Request data package;The request data package obtaining deciphering carries out safety inspection, it is judged that the number in request data package According to the data being whether illegal request;If the data of illegal request, described request data package is abandoned;If For the data of legitimate request, request data package is sent to the application server needing to access.
Those of ordinary skill in the art are it is to be appreciated that combine respectively showing of the embodiments described herein description The unit of example and algorithm steps, it is possible to electronic hardware, computer software or the two be implemented in combination in, In order to clearly demonstrate the interchangeability of hardware and software, the most according to function the most in general manner Describe composition and the step of each example.These functions perform with hardware or software mode actually, depend on Application-specific and design constraint in technical scheme.Professional and technical personnel can be to each specific application Use different methods to realize described function, but this realization is it is not considered that exceed the model of the present invention Enclose.
Those skilled in the art is it can be understood that arrive, and for convenience of description and succinctly, above-mentioned retouches The terminal stated and the specific works process of unit, be referred to the corresponding process in preceding method embodiment, This repeats no more.
In several embodiments provided herein, it should be understood that disclosed terminal and method, can To realize by another way.Such as, device embodiment described above is only schematically, example Such as, the division of described unit, being only a kind of logic function and divide, actual can have other drawing when realizing Point mode, the most multiple unit or assembly can in conjunction with or be desirably integrated into another system, or some are special Levy and can ignore, or do not perform.It addition, shown or discussed coupling each other or direct-coupling or Communication connection can be the INDIRECT COUPLING by some interfaces, device or unit or communication connection, it is also possible to is Electricity, machinery or other form connect.
The described unit illustrated as separating component can be or may not be physically separate, as The parts that unit shows can be or may not be physical location, i.e. may be located at a place, or Can also be distributed on multiple NE.Can select therein some or all of according to the actual needs Unit realizes the purpose of embodiment of the present invention scheme.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, Can also be that unit is individually physically present, it is also possible to be that two or more unit are integrated in a list In unit.Above-mentioned integrated unit both can realize to use the form of hardware, it would however also be possible to employ SFU software functional unit Form realize.
If described integrated unit realizes using the form of SFU software functional unit and as independent production marketing or During use, can be stored in a computer read/write memory medium.Based on such understanding, the present invention The part that the most in other words prior art contributed of technical scheme, or this technical scheme is whole Or part can embody with the form of software product, this computer software product is stored in a storage and is situated between In matter, including some instructions with so that computer equipment (can be personal computer, server, Or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And it is aforementioned Storage medium include: USB flash disk, portable hard drive, read only memory (ROM, Read-Only Memory), Random access memory (RAM, RandomAccess Memory), magnetic disc or CD etc. are various can be deposited The medium of storage program code.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited to This, any those familiar with the art, in the technical scope that the invention discloses, can readily occur in The amendment of various equivalences or replacement, these amendments or replacement all should be contained within protection scope of the present invention. Therefore, protection scope of the present invention should be as the criterion with scope of the claims.

Claims (10)

1. a data safe transmission method, it is characterised in that including:
Judge whether the wifi that terminal connects is marked wifi;
If the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to described request Packet is encrypted and obtains the first encryption data;
First encryption data is sent to server by described wifi by terminal, and described server is to the first encryption Data are decrypted;
Terminal receives the second encryption data that server returns, and described second encryption data is that server is through adding Reply data bag after close;
Second encryption data is decrypted and obtains reply data bag by terminal.
Method the most according to claim 1, it is characterised in that if the wifi that terminal connects is unlabelled Wifi and terminal need to send request data package, are encrypted described request data package and obtain the first encryption data, Including:
If the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, terminal need to be sent out The request data package sent detects;
If containing there is a need to the data of encryption in request data package, request data package being encrypted and obtains first and add Ciphertext data.
Method the most according to claim 1, it is characterised in that described server include security server and Application server, described method also includes:
Described terminal is sent to application server application server the first request data package after connecting wifi The the first reply data bag returned calculates the first check value according to default algorithm, in described request data package Include the link of request;
Described terminal is sent to security server the first request data package;
Described terminal receives the most effective data of link and second school of the described request that security server returns Testing value, wherein, described second check value is that described security server calculates second according to described default algorithm Result produced by reply data bag, described second reply data bag is described in described application server response Produced by one request data package;
Terminal judges the first check value and the second check value are the most consistent, and judge that the link of described request is No effectively;
If the first check value and the second check value is consistent and the link of described request is effective, terminal will be connected Wifi labelling.
Method the most according to claim 1, it is characterised in that described server include security server and Application server;
Security server receives the first encryption data that terminal sends, and the first encryption data is decrypted and obtains Request data package, is sent to the application server needing to access by request data package;
Security server receives the reply data bag that application server returns, and is encrypted reply data bag To the second encryption data, the second encryption data is sent to terminal.
Method the most according to claim 4, it is characterised in that security server receives that terminal sends One encryption data, is decrypted the first encryption data and obtains request data package, request data package be sent to Need the application server accessed, including:
Security server receives the first encryption data that terminal sends, and the first encryption data is decrypted and obtains Request data package;
The request data package that obtains of deciphering is carried out safety inspection, it is judged that whether the data in request data package are The data of illegal request;
If the data of illegal request, described request data package is abandoned;
If the data of legitimate request, request data package is sent to the application server needing to access.
6. a terminal, it is characterised in that described terminal includes:
Judging unit, for judging whether the wifi that terminal connects is marked wifi;
Ciphering unit, if the wifi connected for terminal is unlabelled wifi and terminal need to send request data Bag, is encrypted described request data package and obtains the first encryption data;
Transmitting element, for being sent to server, described server by the first encryption data by described wifi First encryption data is decrypted;
Receiving unit, for receiving the second encryption data that server returns, described second encryption data is clothes Business device reply data bag after encryption;
Decryption unit, obtains reply data bag for being decrypted the second encryption data.
Terminal the most according to claim 6, it is characterised in that described ciphering unit include detector unit, DEU data encryption unit;
Described detector unit, if the wifi connected for terminal is unlabelled wifi and terminal need to send request Packet, detects the request data package that need to send;
Described DEU data encryption unit, if being additionally operable in request data package containing the data that there is a need to encryption, will request Packet is encrypted and obtains the first encryption data.
Terminal the most according to claim 6, it is characterised in that described server include security server and Application server, described terminal also includes computing unit, indexing unit;
Described computing unit, is sent to application server right the first request data package after being used for connecting wifi The first reply data bag that application server returns calculates the first check value according to default algorithm, described please Ask the link including request in packet;
Described transmitting element, is additionally operable to the first request data package to be sent to security server;
Described reception unit, the link being additionally operable to receive the described request that security server returns is the most effective Data and the second check value, wherein, described second check value is that described security server is according to described default Algorithm calculates result produced by the second reply data bag, and described second reply data bag is described application service Produced by first request data package described in device response;
Described judging unit, is additionally operable to judge that the first check value and the second check value are the most consistent, and judges The link of described request is the most effective;
Described indexing unit, if consistent for the first check value and the second check value and described request chain is connected to Effect, the wifi labelling that terminal will be connected.
9. a server, it is characterised in that described server includes security server and application server;Institute State security server and include decryption unit, ciphering unit;
Described decryption unit, for receiving the first encryption data that terminal sends, is carried out the first encryption data Deciphering obtains request data package, and request data package is sent to the application server needing to access;
Described ciphering unit, for receiving the reply data bag that application server returns, enters reply data bag Row encryption obtains the second encryption data, and the second encryption data is sent to terminal.
Server the most according to claim 9, it is characterised in that described decryption unit includes data solution Close unit, judging unit, discarding unit, transmitting element;
Described data decryption unit, receives, for security server, the first encryption data that terminal sends, by the One encryption data is decrypted and obtains request data package;
Described judging unit, carries out safety inspection for the request data package obtaining deciphering, it is judged that number of request It is whether the data of illegal request according to the data in bag;
Described discarding unit, if for the data of illegal request, abandoning described request data package;
Described transmitting element, if for the data of legitimate request, is sent to request data package need to access Application server.
CN201610596973.5A 2016-07-26 2016-07-26 Data security transmission method, terminal and server Withdrawn CN106028320A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610596973.5A CN106028320A (en) 2016-07-26 2016-07-26 Data security transmission method, terminal and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610596973.5A CN106028320A (en) 2016-07-26 2016-07-26 Data security transmission method, terminal and server

Publications (1)

Publication Number Publication Date
CN106028320A true CN106028320A (en) 2016-10-12

Family

ID=57113913

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610596973.5A Withdrawn CN106028320A (en) 2016-07-26 2016-07-26 Data security transmission method, terminal and server

Country Status (1)

Country Link
CN (1) CN106028320A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108650265A (en) * 2018-05-11 2018-10-12 广州优视网络科技有限公司 Method for down loading and its device, storage medium, the electric terminal of file
CN111654774A (en) * 2020-06-08 2020-09-11 歌尔科技有限公司 Earphone charging box, finding method, system and computer readable storage medium
CN112134881A (en) * 2020-09-22 2020-12-25 宏图智能物流股份有限公司 Network request tamper-proof method based on serial number
CN113141333A (en) * 2020-01-18 2021-07-20 佛山市云米电器科技有限公司 Communication method, device, server, system and storage medium for network access device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101287277A (en) * 2007-04-13 2008-10-15 华为技术有限公司 Method and system for providing service to customer's terminal in wireless personal area network
CN103916394A (en) * 2014-03-31 2014-07-09 魏强 Data transmission method and system under public wifi environment
CN104539439A (en) * 2015-01-12 2015-04-22 中国联合网络通信集团有限公司 Data transmission method and terminal
CN104955028A (en) * 2015-06-23 2015-09-30 北京奇虎科技有限公司 Method, device and sensor for identifying phishing WIFI (wireless fidelity)
CN105516984A (en) * 2015-07-29 2016-04-20 哈尔滨工业大学(威海) Safe access system of public WiFi

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101287277A (en) * 2007-04-13 2008-10-15 华为技术有限公司 Method and system for providing service to customer's terminal in wireless personal area network
CN103916394A (en) * 2014-03-31 2014-07-09 魏强 Data transmission method and system under public wifi environment
CN104539439A (en) * 2015-01-12 2015-04-22 中国联合网络通信集团有限公司 Data transmission method and terminal
CN104955028A (en) * 2015-06-23 2015-09-30 北京奇虎科技有限公司 Method, device and sensor for identifying phishing WIFI (wireless fidelity)
CN105516984A (en) * 2015-07-29 2016-04-20 哈尔滨工业大学(威海) Safe access system of public WiFi

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108650265A (en) * 2018-05-11 2018-10-12 广州优视网络科技有限公司 Method for down loading and its device, storage medium, the electric terminal of file
CN108650265B (en) * 2018-05-11 2021-08-20 阿里巴巴(中国)有限公司 File downloading method and device, storage medium and electronic terminal
CN113141333A (en) * 2020-01-18 2021-07-20 佛山市云米电器科技有限公司 Communication method, device, server, system and storage medium for network access device
CN111654774A (en) * 2020-06-08 2020-09-11 歌尔科技有限公司 Earphone charging box, finding method, system and computer readable storage medium
CN112134881A (en) * 2020-09-22 2020-12-25 宏图智能物流股份有限公司 Network request tamper-proof method based on serial number
CN112134881B (en) * 2020-09-22 2023-03-21 宏图智能物流股份有限公司 Network request tamper-proof method based on serial number

Similar Documents

Publication Publication Date Title
CN105207774B (en) The cryptographic key negotiation method and device of verification information
CN110460439A (en) Information transferring method, device, client, server-side and storage medium
CN105812332A (en) Data protection method
CN105450406A (en) Data processing method and device
CN104113528A (en) Pre-posed gateway-based method and system for preventing sensitive information leakage
CN107590396B (en) Data processing method and device, storage medium and electronic equipment
CN106028320A (en) Data security transmission method, terminal and server
CN109428867A (en) A kind of message encipher-decipher method, network equipment and system
CN103916394A (en) Data transmission method and system under public wifi environment
CN104967612A (en) Data encryption storage method, server and system
CN110166489B (en) Data transmission method, system, equipment and computer medium in Internet of things
CN104243452B (en) A kind of cloud computing access control method and system
CN105764051A (en) Authentication method, authentication device, mobile equipment and server
CN108306872A (en) Network request processing method, device, computer equipment and storage medium
CN113111386A (en) Privacy protection method for block chain transaction data
CN114095277A (en) Power distribution network secure communication method, secure access device and readable storage medium
CN115348023A (en) Data security processing method and device
CN111404674B (en) Method and equipment for generating and receiving session key
CN104135458A (en) Establishment of communication connection between mobile equipment and secure carrier
CN116684102A (en) Message transmission method, message verification method, device, equipment, medium and product
CN103235907B (en) A kind of method and system using smart card device protection software
CN112699391B (en) Target data sending method and privacy computing platform
CN114124440B (en) Secure transmission method, apparatus, computer device and storage medium
CN108701195B (en) Data security protection method and device
CN106060792B (en) A kind of IP sending and receiving short messages method based on TPM encryption

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20161012