CN106028320A - Data security transmission method, terminal and server - Google Patents
Data security transmission method, terminal and server Download PDFInfo
- Publication number
- CN106028320A CN106028320A CN201610596973.5A CN201610596973A CN106028320A CN 106028320 A CN106028320 A CN 106028320A CN 201610596973 A CN201610596973 A CN 201610596973A CN 106028320 A CN106028320 A CN 106028320A
- Authority
- CN
- China
- Prior art keywords
- data
- terminal
- request
- encryption
- wifi
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a data security transmission method, a terminal and a server. The method comprises the steps of: judging whether wifi (Wireless Fidelity) connected with the terminal is marked wifi; if the wifi connected with the wifi is unmarked wifi and the terminal needs to send a request data packet, encrypting the request data packet to obtain first encrypted data; by the terminal, sending the first encrypted data to the server through the wifi, and by the server, carrying out decryption on the first encrypted data; by the terminal, receiving second encrypted data returned by the server, wherein the second encrypted data is a response data packet encrypted by the server; and by the terminal, carrying out decryption on the second encrypted data to obtain the response data packet. According to the embodiment of the invention, by judging whether the public wifi is the marked wifi, encrypting the request data packet if the public wifi is the unmarked wifi and sending the encrypted request data packet to the server, loads of the terminal and the server can be reduced.
Description
Technical field
The present invention relates to technical field of data transmission, particularly relate to a kind of data safe transmission method and terminal,
Server.
Background technology
Present public wifi can solve the demand that user is transmitted in the big data of foreign environment, but public wifi
Data safety is but a problem the biggest.Illegal public wifi can be stolen very easily by data packet analysis
Take privacy of user and fishing website may be used to carry out cause the user loss so that data transmission under public wifi
Safety not enough.Prior art in the case of public wifi, the most public wifi whether safety, the most right
Terminal needs the data of transmission to be encrypted deciphering, and server receives data and is also required to be encrypted deciphering.
Resource spent by encrypting and decrypting and time add the load of terminal and server, reduce data transmission speed
Degree.
Summary of the invention
The embodiment of the present invention provides a kind of data safe transmission method and terminal, server, it is possible to decrease terminal and
The load of server.
First aspect, embodiments provides a kind of data safe transmission method, and the method includes:
Judge whether the wifi that terminal connects is marked wifi;
If the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to described request
Packet is encrypted and obtains the first encryption data;
First encryption data is sent to server by described wifi by terminal, and described server is to the first encryption
Data are decrypted;
Terminal receives the second encryption data that server returns, and described second encryption data is that server is through adding
Reply data bag after close;
Second encryption data is decrypted and obtains reply data bag by terminal.
On the other hand, embodiments providing a kind of terminal, this terminal includes:
Judging unit, for judging whether the wifi that terminal connects is marked wifi;
Ciphering unit, if the wifi connected for terminal is unlabelled wifi and terminal need to send request data
Bag, is encrypted described request data package and obtains the first encryption data;
Transmitting element, for being sent to server, described server by the first encryption data by described wifi
First encryption data is decrypted;
Receiving unit, for receiving the second encryption data that server returns, described second encryption data is clothes
Business device reply data bag after encryption;
Decryption unit, obtains reply data bag for being decrypted the second encryption data.
It addition, embodiments provide a kind of server, this server include security server and
Application server, described security server includes decryption unit, ciphering unit;
Described decryption unit, for receiving the first encryption data that terminal sends, is carried out the first encryption data
Deciphering obtains request data package, and request data package is sent to the application server needing to access;
Described ciphering unit, for receiving the reply data bag that application server returns, enters reply data bag
Row encryption obtains the second encryption data, and the second encryption data is sent to terminal.
The embodiment of the present invention is by judging that whether public wifi is the wifi of labelling, if unlabelled wifi
Just request data package is encrypted and is sent to server, receive the answer number after the encryption that server returns
According to wrapping and deciphering;The request data package deciphering that terminal is sent by server, is encrypted by reply data bag
Return to terminal, reduce terminal and the load of server.
Accompanying drawing explanation
In order to be illustrated more clearly that embodiment of the present invention technical scheme, required in embodiment being described below
The accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is some realities of the present invention
Execute example, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to
Other accompanying drawing is obtained according to these accompanying drawings.
Fig. 1 is the method schematic flow diagram that first embodiment of the invention provides;
Fig. 2 is the sub-process schematic diagram of the method that first embodiment of the invention provides;
Fig. 3 is the schematic flow diagram of the method that another embodiment of the present invention provides;
Fig. 4 is the sub-process schematic diagram of the method that another embodiment of the present invention provides;
Fig. 5 be the embodiment of the present invention provide judge that whether wifi is the method flow schematic diagram of safe wifi;
Fig. 6 is the schematic block diagram of a kind of terminal that the embodiment of the present invention provides;
Fig. 7 is the subfunction block diagram of the ciphering unit provided in Fig. 6 embodiment;
Fig. 8 is the schematic block diagram of a kind of terminal that another embodiment of the present invention provides;
Fig. 9 is the schematic block diagram of a kind of server that the embodiment of the present invention provides;
Figure 10 is the subfunction block diagram of the decryption unit provided in Fig. 9 embodiment;
Figure 11 is the schematic block diagram of a kind of terminal that another embodiment of the present invention provides;
Figure 12 is the schematic block diagram of a kind of server that another embodiment of the present invention provides.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, it is fully described by, it is clear that described embodiment is a part of embodiment of the present invention rather than all
Embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative labor
The every other embodiment obtained under dynamic premise, broadly falls into the scope of protection of the invention.
Should be appreciated that when using in this specification and in the appended claims, term " includes " and " bag
Contain " indicate described feature, entirety, step, operation, element and/or the existence of assembly, but be not precluded from
One or more further features, entirety, step, operation, element, assembly and/or its set existence or add
Add.
The schematic flow diagram of a kind of data safe transmission method that Fig. 1 provides for first embodiment of the invention.Should
Method is applied in the terminal unit that can get online without being tethered to a cable, such as mobile phone, pad etc..The method includes S101~S105.
S101, it is judged that whether the wifi that terminal connects is marked wifi.Marked wifi is safe
wifi.Specifically, it is judged that whether wifi is that the method for safe wifi can be: the wifi connected according to terminal
Geographical position judge the safety of wifi, if the wifi that terminal connects is safe wifi, terminal is connected
Wifi be marked.As in the geographic range be in of wifi that terminal connects or in the range of company,
The wifi of family or the wifi of company is labeled as safe wifi, mates according to ssid or mac address, this
A little wifi are made without encryption in transmission data.If the wifi that terminal connects is the wifi in certain market,
Its safety can not be judged, not be marked.Judge whether wifi is safe wifi's
Method can also be other feasible methods.
S102, if the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to this
Request data package is encrypted and obtains the first encryption data.Wherein, it is right that the AES that encryption is used includes
Claim AES, rivest, shamir, adelman etc., such as AESs such as DES, SHA, RSA.It is appreciated that
Ground, terminal need to send request data package and be specially the application program of terminal and need to send request data package.If terminal
The wifi connected is marked wifi, is not encrypted the request data package sent.
S103, the first encryption data is sent to server by wifi by terminal, and this server is to the first encryption
Data are decrypted.First encryption data plus TCP/IP packet header, is sent to server by wifi by terminal.
It should be noted that the encryption of different terminals, decryption mechanisms can be different.Accordingly, server is with this eventually
When transmitting data between end, the encryption of employing, decryption mechanisms and the encryption of this terminal, decryption mechanisms are identical.
As two different terminals can use des encryption algorithm, SHA AES respectively, when terminal uses DES
During AES, also use des encryption algorithm with the server of this terminal transmission data.For improving further
Safety, it is also possible to encryption, the decryption mechanisms of each terminal is updated.Server receives the first encryption
After data, according to the decruption key that the encryption key used when being encrypted with terminal is corresponding, it is decrypted,
Complete request data package is i.e. can get after deciphering.
S104, terminal receives the second encryption data that server returns, and this second encryption data is server warp
Cross the reply data bag after encryption.
S105, the second encryption data is decrypted and obtains reply data bag by terminal.Terminal receives second and adds
After ciphertext data, according to the encryption deciphering secret key pair answered of secret key pair used when being encrypted with server, it is carried out
Deciphering, i.e. can get complete reply data bag after deciphering.Reply data bag is distributed to send request by terminal
The application program of packet.
Whether the wifi that above-described embodiment connects by judging terminal is marked wifi, if unlabelled
Wifi is just encrypted to the data transmitted and is sent to server, and receives answering after the encryption that server returns
Answer packet and decipher, this embodiment reduces the load of terminal and server, improve network transfer speeds.
The sub-process schematic diagram of the method that Fig. 2 provides for first embodiment of the invention.Specifically, for S102's
Sub-process schematic diagram.S102 includes:
S201, if the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to needing
The request data package sent detects.
S202, if containing the data that there is a need to encryption in request data package, adds the request data package of terminal
Close obtain the first encryption data.Request between terminal and server can be http request, if terminal being detected
And the request data package between server is to include user in the request to special bank web page or request data package
Name, password etc. need the web-page requests of encryption, request data package are encrypted.As http request detected
In include ICBC, then for the packet of request industrial and commercial bank webpage, the data that need to maintain secrecy may be related to,
This request data package is encrypted.
Whether above-described embodiment is by including the data of needs encryption in detection request data package, if including
Request data package is encrypted by the data needing encryption.Further describe the request data package of needs encryption
Type, is not encrypted all of request data package, reduces terminal and the load of server, improves data
Transmission speed.
Fig. 3 is the schematic flow diagram of the method that another embodiment of the present invention provides.The method is applied to can nothing
In the terminal unit of line online, such as mobile phone, pad etc..The method includes S301~S307.Clothes in the method
Business device includes security server and application server.Wherein, security server can be to have CA (Certificate
Authority) certificate or corresponding with the computer program that relied on of this method run in terminal there is safe guarantor
The third-party server of barrier.Application server is the server of processing terminal service logic.
S301, it is judged that whether the wifi that terminal connects is marked wifi.Specifically, it is judged that whether wifi
Method for safe wifi can be: judge the safety of wifi according to the geographical position of the wifi of terminal connection,
If if the wifi that terminal connects is safe wifi, the wifi that terminal connects being marked.As terminal connects
The geographic range be in of wifi in or in the range of company, by wifi or the wifi mark of company of family
Be designated as safe wifi, mate according to ssid or mac address, these wifi transmission data in need not into
Row encryption.If the wifi that terminal connects is the wifi in certain market, it is impossible to the safety to it judges,
It is not marked.Judge that whether wifi is that the method for safe wifi can also be for other feasible methods.
S302, if the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to this
Request data package is encrypted and obtains the first encryption data.Wherein, it is right that the AES that encryption is used includes
Claim AES, rivest, shamir, adelman etc., such as AESs such as DES, SHA, RSA.It is appreciated that
Ground, terminal need to send request data package and be specially the application program of terminal and need to send request data package.If terminal
The wifi connected is marked wifi, is not encrypted the request data package sent.
S303, the first encryption data is sent to security server by wifi by terminal.Terminal is encrypted first
Data add TCP/IP packet header, are sent to security server by wifi.It should be noted that different terminals
Encryption, decryption mechanisms can be different.Accordingly, when transmitting data between server and this terminal, use
Encryption, decryption mechanisms and the encryption of this terminal, decryption mechanisms identical.As two different terminals can be distinguished
Use des encryption algorithm, SHA AES, when terminal uses des encryption algorithm, with this terminal
The server of transmission data also uses des encryption algorithm.For improving safety further, it is also possible to each end
The encryption of end, decryption mechanisms are updated.
S304, security server receives the first encryption data that terminal sends, the first encryption data is solved
Close obtain request data package, request data package is sent to the application server needing to access.Server receives
After the first encryption data, according to the decruption key pair that the encryption key used when being encrypted with terminal is corresponding
It is decrypted, and i.e. can get complete request data package after deciphering.Target ip address in request data package
I.e. counterpart terminal need to send the application server of request data package, can request data package transmission be taken to this application
Business device.
S305, security server receives the reply data bag that application server returns, carries out reply data bag
Encryption obtains the second encryption data, and the second encryption data is sent to terminal.
S306, terminal receives the second encryption data that security server returns.
S307, the second encryption data is decrypted and obtains reply data bag by terminal.Terminal receives second and adds
After ciphertext data, according to the encryption deciphering secret key pair answered of secret key pair used when being encrypted with server, it is carried out
Deciphering, i.e. can get complete reply data bag after deciphering.Reply data bag is distributed to send request by terminal
The application program of packet.
Server is divided into security server and application server, security server by above-described embodiment further
Data carry out encryption and decryption, and application server returns reply data bag to respond the request of terminal.Relative to only
For having a kind of server, it is divided into security server and application server can reduce the load of server,
Accelerate the speed of server response.
The sub-process schematic diagram of the method that Fig. 4 provides for another embodiment of the present invention.Specifically, for step S304
Method sub-process figure.S304 includes:
S401, security server receives the first encryption data that terminal sends, the first encryption data is solved
Close obtain request data package.After server receives the first encryption data, make according to when being encrypted with terminal
Decruption key corresponding to encryption key it is decrypted, i.e. can get complete request data after deciphering
Bag.Target ip address in request data package i.e. counterpart terminal need to send the application server of request data package.
S402, the request data package obtaining deciphering carries out safety inspection, it is judged that the data in request data package
It is whether the data of illegal request.
S403, if the data of illegal request, abandons request data package.Illegal request, such as answering of terminal
Steal mobile phone contact, terminal by program and individual privacy is sent to own server etc..
S404, if the data of legitimate request, is sent to the application server needing to access by request data package.
Above-described embodiment carries out safety inspection by security server to the request data report of terminal, if illegally
The data of request, abandon request data package, if the data of legitimate request, request data package are sent to
Need the application server accessed.The legitimacy of request data package is judged by security server, further
Ensure that the safety that data are transmitted.
In the embodiment that other are feasible, it is judged that whether wifi is that the method for safe wifi can also can for other
For another kind, the method for row, as it is shown in figure 5, judge that whether wifi is the method for safe wifi.
Specifically, Fig. 5 includes S501~S507.
S501, terminal is sent to application server and to application service the first request data package after connecting wifi
The first reply data bag that device returns calculates the first check value, described request data package according to default algorithm
In include the link of request.Wherein, the algorithm preset is preferably MD5 checking algorithm, and default algorithm is also
Can be other feasible algorithms.Without encrypting when this first request data package is sent to application server.
S502, terminal is sent to security server the first request data package.
S503, security server receives the first request data package and the first request data package is sent to application clothes
Business device is so that application server returns the second reply data bag.
S504, the link of security server checking request is the most effective, and to the second reply data bag received
The second check value is calculated according to default algorithm.Security server verifies the request in the first request data package
Link whether effective, and the second reply data bag received is calculated the second school according to default algorithm
Test value.Wherein, the algorithm preset is preferably MD5 checking algorithm, and default algorithm and terminal calculate the first school
The algorithm testing value is identical.
S505, terminal receives the most effective data of link and second verification of the request that security server returns
Value.
S506, terminal judges the first check value and the second check value are the most consistent, and judge described request
Link the most effective.If the first check value and the second check value are consistent, and the link of request is effective, enters S507.
If the first check value and the second check value is inconsistent or request link invalid, then be possible as end
The wifi that end connects is insincere, it is also possible to the webpage being request is insincere, and the webpage of request is modified,
Therefore the wifi connected terminal does not do any operation.If the first check value and the second check value are consistent, and
The link of request is effective, and the first reply data bag and safety that terminal directly asks application server to return is described
The content of the second reply data bag that server request application server returns is consistent, and wifi is believable, safety
's.Security server has further functioned as the effect of checking.If wifi is that safe wifi is to subsequent request
Packet is not encrypted.
S507, the wifi labelling that terminal will be connected.The wifi being marked is safe wifi.
Above-described embodiment directly asks the of the first reply data bag that application server returns by computing terminal
Second check value of the second reply data bag that one check value returns with security server request application server,
And verify that the link of request is whether effective, if the first check value is consistent with the second check value and linking of asking
Effectively, wifi labelling terminal connected, this embodiment judges wifi that terminal connected whether further
Wifi for safety.
See Fig. 6, be the schematic block diagram of a kind of terminal that the embodiment of the present invention provides.This terminal can realize
Get online without being tethered to a cable.This terminal 60 includes judging unit 61, ciphering unit 62, transmitting element 63, receives unit
64, decryption unit 65, indexing unit 66.
Judging unit 61, for judging whether the wifi that terminal connects is marked wifi.Judging unit 61,
The geographical position being additionally operable to the wifi according to terminal connection judges the safety of wifi.Indexing unit 66, is used for
If the wifi that terminal connects is safe wifi, the wifi that terminal connects is marked.As terminal connects
In the geographic range that wifi is in or in the range of company, by wifi or the wifi labelling of company of family
For safe wifi, mating according to ssid or mac address, these wifi are made without in transmission data
Encryption.If the wifi that terminal connects is the wifi in certain market, it is impossible to the safety to it judges, no
It is marked.Judge whether the wifi that terminal connects is that safe wifi can also be for other feasible sides
Method.
Ciphering unit 62, if the wifi connected for terminal is unlabelled wifi and terminal need to send number of request
According to bag, this request data package is encrypted and obtains the first encryption data.Wherein, the encryption used is encrypted
Algorithm includes symmetric encipherment algorithm, rivest, shamir, adelman etc., such as AESs such as DES, SHA, RSA.
It is specially the application program of terminal need to send request data package it is to be appreciated that terminal need to send request data package.
As it is shown in fig. 7, ciphering unit 62 includes detector unit 71, DEU data encryption unit 72.Wherein, detection is single
Unit 7, if the wifi connected for terminal is unlabelled wifi and terminal need to send request data package, to needing
The request data package sent detects.DEU data encryption unit 72, if containing there is a need in request data package
The data of encryption, are encrypted the request data package of terminal and obtain the first encryption data.Terminal and server
Between request can be http request, if the request data package detected between terminal and server is to special silver
The request of row webpage or request data package include the web-page requests of the needs such as user name, password encryption, will
Request data package is encrypted.As detected, http request includes ICBC, then for request industrial and commercial bank net
The packet of page, may relate to the data that need to maintain secrecy, be encrypted this request data package.
Transmitting element 63, for the first encryption data is sent to server by wifi, this server is to the
One encryption data is decrypted.First encryption data plus TCP/IP packet header, is sent to by terminal by wifi
Server.It should be noted that the encryption of different terminals, decryption mechanisms can be different.Accordingly, service
When transmitting data between device and this terminal, the encryption of employing, decryption mechanisms and the encryption of this terminal, deciphering machine
Make identical.As two different terminals can use des encryption algorithm, SHA AES respectively, work as terminal
When using des encryption algorithm, also use des encryption algorithm with the server of this terminal transmission data.For entering
One step improves safety, it is also possible to be updated encryption, the decryption mechanisms of each terminal.Server receives
After first encryption data, according to decruption key corresponding to encryption key used when being encrypted with terminal to it
It is decrypted, after deciphering, i.e. can get complete request data package.
Receiving unit 64, for receiving the second encryption data that server returns, this second encryption data is clothes
Business device reply data bag after encryption.
Decryption unit 65, obtains reply data bag for being decrypted the second encryption data.Terminal receives
After second encryption data, the deciphering secret key pair answered according to the encryption secret key pair used when being encrypted with server
It is decrypted, and i.e. can get complete reply data bag after deciphering.Reply data bag is distributed to send out by terminal
Go out the application program of request data package.
Whether above-described embodiment is by including the data of needs encryption in detection request data package, if including
Request data package is encrypted by the data needing encryption.Further describe the request data package of needs encryption
Type, is not encrypted all of request data package, reduces terminal and the load of server, improves data
Transmission speed.
The schematic block diagram of a kind of terminal that Fig. 8 provides for another embodiment of the present invention.This terminal 80 includes sentencing
Disconnected unit 81, ciphering unit 82, transmitting element 83, reception unit 84, decryption unit 85, indexing unit
86, computing unit 87.
Computing unit 87, is sent to application server correspondence the first request data package after being used for connecting wifi
The the first reply data bag returned with server calculates the first check value, described request according to default algorithm
Packet includes the link of request.Wherein, the algorithm preset is preferably MD5 checking algorithm, default
Algorithm can also be other feasible algorithms.Without adding when this first request data package is sent to application server
Close.Wherein, application server is the server of processing terminal service logic.
Transmitting element 83, for being sent to security server the first request data package.Wherein, security service
Device can be to have CA (Certificate Authority) certificate or relied on this method of operation in terminal
The third-party server with safety guarantee corresponding to computer program.
Receive unit 84, for for receiving the most effective data of the link of the request that security server returns
With the second check value, wherein, this second check value is that security server should according to default algorithm calculating second
Answering result produced by packet, this second reply data bag is application server response the first request data package
Produced.Wherein, the algorithm preset is preferably MD5 checking algorithm, and default algorithm and terminal calculate the
The algorithm of one check value is identical.
Judging unit 81, the most consistent for judging the first check value and the second check value, and judge described
The link of request is the most effective.
Indexing unit 86, if consistent for the first check value and the second check value and described request link is effective,
The wifi labelling that terminal will be connected.If the first check value and the second check value is inconsistent or request link
Invalid, then the wifi being possible as terminal connection is insincere, it is also possible to the webpage being request can not
Letter, the webpage of request is modified, and the wifi therefore connected terminal does not do any operation.If the first school
Test value consistent with the second check value, and the link of request is effective, illustrates that terminal directly asks application server to return
The the first reply data bag returned is interior with the second reply data bag of security server request application server return
Holding consistent, wifi is believable, safe.Security server has further functioned as the effect of checking.If wifi
The packet of subsequent request is not encrypted by the wifi for safety.
Judging unit 81, is additionally operable to judge whether the wifi that terminal connects is marked wifi.
Ciphering unit 82, if the wifi connected for terminal is unlabelled wifi and terminal need to send number of request
According to bag, this request data package is encrypted and obtains the first encryption data.Wherein, the encryption used is encrypted
Algorithm includes symmetric encipherment algorithm, rivest, shamir, adelman etc., such as AESs such as DES, SHA, RSA.
It is specially the application program of terminal need to send request data package it is to be appreciated that terminal need to send request data package.
As it is shown in fig. 7, ciphering unit 82 includes detector unit 71, DEU data encryption unit 72.Wherein, detection is single
Unit 71, if the wifi connected for terminal is unlabelled wifi and terminal need to send request data package, to needing
The request data package sent detects.DEU data encryption unit 72, if containing there is a need in request data package
The data of encryption, are encrypted the request data package of terminal and obtain the first encryption data.Terminal and server
Between request can be http request, if the request data package detected between terminal and server is to special silver
The request of row webpage or request data package include the web-page requests of the needs such as user name, password encryption, will
Request data package is encrypted.As detected, http request includes ICBC, then for request industrial and commercial bank net
The packet of page, may relate to the data that need to maintain secrecy, be encrypted this request data package.
Transmitting element 83, is additionally operable to by wifi, the first encryption data is sent to security server, this safety
First encryption data is decrypted by server.First encryption data plus TCP/IP packet header, is passed through by terminal
Wifi is sent to server.It should be noted that the encryption of different terminals, decryption mechanisms can be different.Accordingly
, when transmitting data between server and this terminal, the encryption of employing, the encryption of decryption mechanisms and this terminal,
Decryption mechanisms is identical.As two different terminals can use des encryption algorithm, SHA AES respectively,
When terminal uses des encryption algorithm, also use des encryption algorithm with the server of this terminal transmission data.
For improving safety further, it is also possible to encryption, the decryption mechanisms of each terminal is updated.Server connects
After receiving the first encryption data, according to the decruption key that the encryption key used when being encrypted with terminal is corresponding
It is decrypted, after deciphering, i.e. can get complete request data package.
Receive unit 84, be additionally operable to receive the second encryption data that security server returns, this second encryption number
According to being security server reply data bag after encryption, this reply data bag is application server response peace
Request data package that full server sends and produce.
Decryption unit 85, obtains reply data bag for being decrypted the second encryption data.Terminal receives
After second encryption data, the deciphering secret key pair answered according to the encryption secret key pair used when being encrypted with server
It is decrypted, and i.e. can get complete reply data bag after deciphering.Reply data bag is distributed to send out by terminal
Go out the application program of request data package.
The schematic block diagram of a kind of server that Fig. 9 provides for the embodiment of the present invention.This server is used for and end
End communicates.This server 90 includes security server 91 and application server 92.Wherein, safety clothes
Business device 91 can be have CA (Certificate Authority) certificate or with terminal on run this method institute
The third-party server with safety guarantee corresponding to computer program relied on.Application server 92 is to process
The server of terminal traffic logic, application server can response terminal send the first request data package, application
Server also can response security server send request data package.Security server 91 includes decryption unit
911, ciphering unit 912, authentication unit 913, computing unit 914.
Decryption unit 911, for receiving the first encryption data that terminal sends, solves the first encryption data
Close obtain request data package, request data package is sent to the application server needing to access.Server receives
After the first encryption data, according to the decruption key pair that the encryption key used when being encrypted with terminal is corresponding
It is decrypted, and i.e. can get complete request data package after deciphering.Target ip address in request data package
I.e. counterpart terminal need to send the application server of request data package, sends request data package to this application service
Device.
Ciphering unit 912, for receiving the reply data bag that application server returns, is carried out reply data bag
Encryption obtains the second encryption data, and the second encryption data is sent to terminal.
It should be noted that the encryption due to different terminals, decryption mechanisms can be different.Accordingly, service
When transmitting data between device and this terminal, the encryption of employing, decryption mechanisms and the encryption of this terminal, deciphering machine
Make identical.As two different terminals can use des encryption algorithm, SHA AES respectively, work as terminal
When using des encryption algorithm, also use des encryption algorithm with the server of this terminal transmission data.
Authentication unit 913, for receiving the first request data package, and verifies the request in the first request data package
Link the most effective.
Computing unit 914, the second response produced for receiving application server response the first request data package
Packet, and this second reply data bag is calculated the second check value according to default algorithm.This is preset
The algorithm that algorithm calculates the first check value with terminal is identical, the first school that this second check value and terminal calculate
Test value to compare, it may be judged whether one shows and judges whether the wifi that terminal is connected is safe wifi.
Server is divided into security server and application server, security server by above-described embodiment further
Data carry out encryption and decryption, and application server returns reply data bag to respond the request of terminal.Relative to only
For having a kind of server, it is divided into security server and application server can reduce the load of server,
Accelerate the speed of server response.On the other hand, the link that security server is asked by checking is the most effective,
And judge the first check value that the second check value that security server calculates calculates with terminal be
No unanimously, judge whether the wifi that terminal is connected is safe wifi, and security server serves verification
Effect.
The subfunction block diagram of the decryption unit that Figure 10 provides for embodiment in Fig. 9.Decryption unit 911 includes number
According to decryption unit 101, judging unit 102, discarding unit 103, transmitting element 104.
Data decryption unit 101, for receiving the first encryption data that terminal sends, enters the first encryption data
Row deciphering obtains request data package.After server receives the first encryption data, it is encrypted according to terminal
Time decruption key corresponding to encryption key that use it is decrypted, i.e. can get complete request after deciphering
Packet.Target ip address in request data package i.e. counterpart terminal need to send the application service of request data package
Device.
Judging unit 102, carries out safety inspection for the request data package obtaining deciphering, it is judged that request data
Whether the data in bag are the data of illegal request.
Discarding unit 103, if for the data of illegal request, abandoning request data package.Illegal request,
Steal mobile phone contact, terminal such as the application program of terminal and individual privacy is sent to own server etc..
Transmitting element 104, if for the data of legitimate request, is sent to request data package need access
Application server.
Above-described embodiment carries out safety inspection by security server to the request data report of terminal, if illegally
The data of request, abandon request data package, if the data of legitimate request, request data package are sent to
Need the application server accessed.The legitimacy of request data package is judged by security server, further
Ensure that the safety that data are transmitted.
The schematic block diagram of a kind of terminal that Figure 11 provides for another embodiment of the present invention.This terminal 110 includes
Input equipment 111, output device 112, memorizer 113 and processor 114, above-mentioned input equipment 111,
Output device 112, memorizer 113 and processor 114 are connected by bus 115.Wherein:
Input equipment 111, is used for providing user input marking information.In implementing, the embodiment of the present invention
Input equipment 111 can include keyboard, mouse, light device of electrical input, acoustic input device, touch input
Device etc..
Output device 112, connects the interface etc. of wifi for outlet terminal.In implementing, the present invention implements
The output device 112 of example can include display, display screen, touch screen etc..
Memorizer 113, for storing the routine data with various functions.Memorizer in the embodiment of the present invention
The data of 113 storages include marked wifi information, and other routine datas that can call and run.Tool
During body realizes, the memorizer 113 of the embodiment of the present invention can be system storage, such as, volatile (all
Such as RAM), non-volatile (such as ROM, flash memory etc.), or both combinations.In implementing,
The memorizer 113 of the embodiment of the present invention can also is that the external memory storage outside system, such as, disk, light
Dish, tape etc..
Processor 114, for calling the routine data of storage in memorizer 113, and performs following operation:
Judge whether the wifi that terminal connects is marked wifi;If the wifi that terminal connects is unlabelled
Wifi and terminal need to send request data package, are encrypted described request data package and obtain the first encryption data;
First encryption data is sent to server by described wifi by terminal, and described server is to the first encryption data
It is decrypted;Terminal receives the second encryption data that server returns, and described second encryption data is server
Reply data bag after encryption;Second encryption data is decrypted and obtains reply data bag by terminal.
In the embodiment that other are feasible, processor 114 can also carry out following steps:
If the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, terminal need to be sent out
The request data package sent detects;If request data package containing the data that there is a need to encryption, by request data
Bag is encrypted and obtains the first encryption data.
In the embodiment that other are feasible, server includes security server and application server, processor 114
Can also carry out following steps:
Described terminal is sent to application server application server the first request data package after connecting wifi
The the first reply data bag returned calculates the first check value according to default algorithm, in described request data package
Include the link of request;Described terminal is sent to security server the first request data package;Described terminal connects
Receive the most effective data of link and second check value of the described request that security server returns, wherein, institute
Stating the second check value is that described security server calculates the second reply data bag according to described default algorithm and produced
Raw result, described second reply data bag is the first request data package institute described in described application server response
Produce;Terminal judges the first check value and the second check value are the most consistent, and judge the chain of described request
Connect the most effective;If the first check value and the second check value is consistent and the link of described request is effective, terminal will
The wifi labelling connected.
The schematic block diagram of a kind of server that Figure 12 provides for another embodiment of the present invention.This server 120
Connected by bus 123 including memorizer 121 and processor 122, memorizer 121 and processor 122.
Wherein:
Memorizer 121, for storing the routine data with various functions.Memorizer in the embodiment of the present invention
The data of 121 storages include other routine datas that can call and run.In implementing, the embodiment of the present invention
Memorizer 121 can be system storage, such as, volatile (such as RAM), non-volatile
(such as ROM, flash memory etc.), or both combinations.In implementing, the storage of the embodiment of the present invention
Device 121 can also is that the external memory storage outside system, such as, disk, CD, tape etc..
Processor 122, for calling the routine data of storage in memorizer 121, and performs following operation:
Server includes security server and application server;The first of security server reception terminal transmission adds
Ciphertext data, is decrypted the first encryption data and obtains request data package, request data package is sent to needs
The application server accessed;Security server receives the reply data bag that application server returns, to answer number
It is encrypted according to bag and obtains the second encryption data, the second encryption data is sent to terminal.
In the embodiment that other are feasible, processor 122 can also carry out following steps:
Security server receives the first encryption data that terminal sends, and the first encryption data is decrypted and obtains
Request data package;The request data package obtaining deciphering carries out safety inspection, it is judged that the number in request data package
According to the data being whether illegal request;If the data of illegal request, described request data package is abandoned;If
For the data of legitimate request, request data package is sent to the application server needing to access.
Those of ordinary skill in the art are it is to be appreciated that combine respectively showing of the embodiments described herein description
The unit of example and algorithm steps, it is possible to electronic hardware, computer software or the two be implemented in combination in,
In order to clearly demonstrate the interchangeability of hardware and software, the most according to function the most in general manner
Describe composition and the step of each example.These functions perform with hardware or software mode actually, depend on
Application-specific and design constraint in technical scheme.Professional and technical personnel can be to each specific application
Use different methods to realize described function, but this realization is it is not considered that exceed the model of the present invention
Enclose.
Those skilled in the art is it can be understood that arrive, and for convenience of description and succinctly, above-mentioned retouches
The terminal stated and the specific works process of unit, be referred to the corresponding process in preceding method embodiment,
This repeats no more.
In several embodiments provided herein, it should be understood that disclosed terminal and method, can
To realize by another way.Such as, device embodiment described above is only schematically, example
Such as, the division of described unit, being only a kind of logic function and divide, actual can have other drawing when realizing
Point mode, the most multiple unit or assembly can in conjunction with or be desirably integrated into another system, or some are special
Levy and can ignore, or do not perform.It addition, shown or discussed coupling each other or direct-coupling or
Communication connection can be the INDIRECT COUPLING by some interfaces, device or unit or communication connection, it is also possible to is
Electricity, machinery or other form connect.
The described unit illustrated as separating component can be or may not be physically separate, as
The parts that unit shows can be or may not be physical location, i.e. may be located at a place, or
Can also be distributed on multiple NE.Can select therein some or all of according to the actual needs
Unit realizes the purpose of embodiment of the present invention scheme.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit,
Can also be that unit is individually physically present, it is also possible to be that two or more unit are integrated in a list
In unit.Above-mentioned integrated unit both can realize to use the form of hardware, it would however also be possible to employ SFU software functional unit
Form realize.
If described integrated unit realizes using the form of SFU software functional unit and as independent production marketing or
During use, can be stored in a computer read/write memory medium.Based on such understanding, the present invention
The part that the most in other words prior art contributed of technical scheme, or this technical scheme is whole
Or part can embody with the form of software product, this computer software product is stored in a storage and is situated between
In matter, including some instructions with so that computer equipment (can be personal computer, server,
Or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And it is aforementioned
Storage medium include: USB flash disk, portable hard drive, read only memory (ROM, Read-Only Memory),
Random access memory (RAM, RandomAccess Memory), magnetic disc or CD etc. are various can be deposited
The medium of storage program code.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited to
This, any those familiar with the art, in the technical scope that the invention discloses, can readily occur in
The amendment of various equivalences or replacement, these amendments or replacement all should be contained within protection scope of the present invention.
Therefore, protection scope of the present invention should be as the criterion with scope of the claims.
Claims (10)
1. a data safe transmission method, it is characterised in that including:
Judge whether the wifi that terminal connects is marked wifi;
If the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, to described request
Packet is encrypted and obtains the first encryption data;
First encryption data is sent to server by described wifi by terminal, and described server is to the first encryption
Data are decrypted;
Terminal receives the second encryption data that server returns, and described second encryption data is that server is through adding
Reply data bag after close;
Second encryption data is decrypted and obtains reply data bag by terminal.
Method the most according to claim 1, it is characterised in that if the wifi that terminal connects is unlabelled
Wifi and terminal need to send request data package, are encrypted described request data package and obtain the first encryption data,
Including:
If the wifi that terminal connects is unlabelled wifi and terminal need to send request data package, terminal need to be sent out
The request data package sent detects;
If containing there is a need to the data of encryption in request data package, request data package being encrypted and obtains first and add
Ciphertext data.
Method the most according to claim 1, it is characterised in that described server include security server and
Application server, described method also includes:
Described terminal is sent to application server application server the first request data package after connecting wifi
The the first reply data bag returned calculates the first check value according to default algorithm, in described request data package
Include the link of request;
Described terminal is sent to security server the first request data package;
Described terminal receives the most effective data of link and second school of the described request that security server returns
Testing value, wherein, described second check value is that described security server calculates second according to described default algorithm
Result produced by reply data bag, described second reply data bag is described in described application server response
Produced by one request data package;
Terminal judges the first check value and the second check value are the most consistent, and judge that the link of described request is
No effectively;
If the first check value and the second check value is consistent and the link of described request is effective, terminal will be connected
Wifi labelling.
Method the most according to claim 1, it is characterised in that described server include security server and
Application server;
Security server receives the first encryption data that terminal sends, and the first encryption data is decrypted and obtains
Request data package, is sent to the application server needing to access by request data package;
Security server receives the reply data bag that application server returns, and is encrypted reply data bag
To the second encryption data, the second encryption data is sent to terminal.
Method the most according to claim 4, it is characterised in that security server receives that terminal sends
One encryption data, is decrypted the first encryption data and obtains request data package, request data package be sent to
Need the application server accessed, including:
Security server receives the first encryption data that terminal sends, and the first encryption data is decrypted and obtains
Request data package;
The request data package that obtains of deciphering is carried out safety inspection, it is judged that whether the data in request data package are
The data of illegal request;
If the data of illegal request, described request data package is abandoned;
If the data of legitimate request, request data package is sent to the application server needing to access.
6. a terminal, it is characterised in that described terminal includes:
Judging unit, for judging whether the wifi that terminal connects is marked wifi;
Ciphering unit, if the wifi connected for terminal is unlabelled wifi and terminal need to send request data
Bag, is encrypted described request data package and obtains the first encryption data;
Transmitting element, for being sent to server, described server by the first encryption data by described wifi
First encryption data is decrypted;
Receiving unit, for receiving the second encryption data that server returns, described second encryption data is clothes
Business device reply data bag after encryption;
Decryption unit, obtains reply data bag for being decrypted the second encryption data.
Terminal the most according to claim 6, it is characterised in that described ciphering unit include detector unit,
DEU data encryption unit;
Described detector unit, if the wifi connected for terminal is unlabelled wifi and terminal need to send request
Packet, detects the request data package that need to send;
Described DEU data encryption unit, if being additionally operable in request data package containing the data that there is a need to encryption, will request
Packet is encrypted and obtains the first encryption data.
Terminal the most according to claim 6, it is characterised in that described server include security server and
Application server, described terminal also includes computing unit, indexing unit;
Described computing unit, is sent to application server right the first request data package after being used for connecting wifi
The first reply data bag that application server returns calculates the first check value according to default algorithm, described please
Ask the link including request in packet;
Described transmitting element, is additionally operable to the first request data package to be sent to security server;
Described reception unit, the link being additionally operable to receive the described request that security server returns is the most effective
Data and the second check value, wherein, described second check value is that described security server is according to described default
Algorithm calculates result produced by the second reply data bag, and described second reply data bag is described application service
Produced by first request data package described in device response;
Described judging unit, is additionally operable to judge that the first check value and the second check value are the most consistent, and judges
The link of described request is the most effective;
Described indexing unit, if consistent for the first check value and the second check value and described request chain is connected to
Effect, the wifi labelling that terminal will be connected.
9. a server, it is characterised in that described server includes security server and application server;Institute
State security server and include decryption unit, ciphering unit;
Described decryption unit, for receiving the first encryption data that terminal sends, is carried out the first encryption data
Deciphering obtains request data package, and request data package is sent to the application server needing to access;
Described ciphering unit, for receiving the reply data bag that application server returns, enters reply data bag
Row encryption obtains the second encryption data, and the second encryption data is sent to terminal.
Server the most according to claim 9, it is characterised in that described decryption unit includes data solution
Close unit, judging unit, discarding unit, transmitting element;
Described data decryption unit, receives, for security server, the first encryption data that terminal sends, by the
One encryption data is decrypted and obtains request data package;
Described judging unit, carries out safety inspection for the request data package obtaining deciphering, it is judged that number of request
It is whether the data of illegal request according to the data in bag;
Described discarding unit, if for the data of illegal request, abandoning described request data package;
Described transmitting element, if for the data of legitimate request, is sent to request data package need to access
Application server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610596973.5A CN106028320A (en) | 2016-07-26 | 2016-07-26 | Data security transmission method, terminal and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610596973.5A CN106028320A (en) | 2016-07-26 | 2016-07-26 | Data security transmission method, terminal and server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106028320A true CN106028320A (en) | 2016-10-12 |
Family
ID=57113913
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610596973.5A Withdrawn CN106028320A (en) | 2016-07-26 | 2016-07-26 | Data security transmission method, terminal and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106028320A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108650265A (en) * | 2018-05-11 | 2018-10-12 | 广州优视网络科技有限公司 | Method for down loading and its device, storage medium, the electric terminal of file |
CN111654774A (en) * | 2020-06-08 | 2020-09-11 | 歌尔科技有限公司 | Earphone charging box, finding method, system and computer readable storage medium |
CN112134881A (en) * | 2020-09-22 | 2020-12-25 | 宏图智能物流股份有限公司 | Network request tamper-proof method based on serial number |
CN113141333A (en) * | 2020-01-18 | 2021-07-20 | 佛山市云米电器科技有限公司 | Communication method, device, server, system and storage medium for network access device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101287277A (en) * | 2007-04-13 | 2008-10-15 | 华为技术有限公司 | Method and system for providing service to customer's terminal in wireless personal area network |
CN103916394A (en) * | 2014-03-31 | 2014-07-09 | 魏强 | Data transmission method and system under public wifi environment |
CN104539439A (en) * | 2015-01-12 | 2015-04-22 | 中国联合网络通信集团有限公司 | Data transmission method and terminal |
CN104955028A (en) * | 2015-06-23 | 2015-09-30 | 北京奇虎科技有限公司 | Method, device and sensor for identifying phishing WIFI (wireless fidelity) |
CN105516984A (en) * | 2015-07-29 | 2016-04-20 | 哈尔滨工业大学(威海) | Safe access system of public WiFi |
-
2016
- 2016-07-26 CN CN201610596973.5A patent/CN106028320A/en not_active Withdrawn
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101287277A (en) * | 2007-04-13 | 2008-10-15 | 华为技术有限公司 | Method and system for providing service to customer's terminal in wireless personal area network |
CN103916394A (en) * | 2014-03-31 | 2014-07-09 | 魏强 | Data transmission method and system under public wifi environment |
CN104539439A (en) * | 2015-01-12 | 2015-04-22 | 中国联合网络通信集团有限公司 | Data transmission method and terminal |
CN104955028A (en) * | 2015-06-23 | 2015-09-30 | 北京奇虎科技有限公司 | Method, device and sensor for identifying phishing WIFI (wireless fidelity) |
CN105516984A (en) * | 2015-07-29 | 2016-04-20 | 哈尔滨工业大学(威海) | Safe access system of public WiFi |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108650265A (en) * | 2018-05-11 | 2018-10-12 | 广州优视网络科技有限公司 | Method for down loading and its device, storage medium, the electric terminal of file |
CN108650265B (en) * | 2018-05-11 | 2021-08-20 | 阿里巴巴(中国)有限公司 | File downloading method and device, storage medium and electronic terminal |
CN113141333A (en) * | 2020-01-18 | 2021-07-20 | 佛山市云米电器科技有限公司 | Communication method, device, server, system and storage medium for network access device |
CN111654774A (en) * | 2020-06-08 | 2020-09-11 | 歌尔科技有限公司 | Earphone charging box, finding method, system and computer readable storage medium |
CN112134881A (en) * | 2020-09-22 | 2020-12-25 | 宏图智能物流股份有限公司 | Network request tamper-proof method based on serial number |
CN112134881B (en) * | 2020-09-22 | 2023-03-21 | 宏图智能物流股份有限公司 | Network request tamper-proof method based on serial number |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105207774B (en) | The cryptographic key negotiation method and device of verification information | |
CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
CN105812332A (en) | Data protection method | |
CN105450406A (en) | Data processing method and device | |
CN104113528A (en) | Pre-posed gateway-based method and system for preventing sensitive information leakage | |
CN107590396B (en) | Data processing method and device, storage medium and electronic equipment | |
CN106028320A (en) | Data security transmission method, terminal and server | |
CN109428867A (en) | A kind of message encipher-decipher method, network equipment and system | |
CN103916394A (en) | Data transmission method and system under public wifi environment | |
CN104967612A (en) | Data encryption storage method, server and system | |
CN110166489B (en) | Data transmission method, system, equipment and computer medium in Internet of things | |
CN104243452B (en) | A kind of cloud computing access control method and system | |
CN105764051A (en) | Authentication method, authentication device, mobile equipment and server | |
CN108306872A (en) | Network request processing method, device, computer equipment and storage medium | |
CN113111386A (en) | Privacy protection method for block chain transaction data | |
CN114095277A (en) | Power distribution network secure communication method, secure access device and readable storage medium | |
CN115348023A (en) | Data security processing method and device | |
CN111404674B (en) | Method and equipment for generating and receiving session key | |
CN104135458A (en) | Establishment of communication connection between mobile equipment and secure carrier | |
CN116684102A (en) | Message transmission method, message verification method, device, equipment, medium and product | |
CN103235907B (en) | A kind of method and system using smart card device protection software | |
CN112699391B (en) | Target data sending method and privacy computing platform | |
CN114124440B (en) | Secure transmission method, apparatus, computer device and storage medium | |
CN108701195B (en) | Data security protection method and device | |
CN106060792B (en) | A kind of IP sending and receiving short messages method based on TPM encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20161012 |