CN105208029A

CN105208029A - Data processing method and terminal device

Info

Publication number: CN105208029A
Application number: CN201510640538.3A
Authority: CN
Inventors: 陈耀攀
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2015-09-30
Filing date: 2015-09-30
Publication date: 2015-12-30
Anticipated expiration: 2035-09-30
Also published as: CN105208029B

Abstract

The invention discloses a data processing method and a terminal device. The method includes the steps that firstly, a current geographic position area of the terminal device is obtained; then, whether the current geographic position area of the terminal device belongs to a high-safety-level area or not is detected; if the current geographic position area of the terminal device belongs to the high-safety-level area, whether a target server corresponding to to-be-sent data allows the situation that a preset safety channel is established to receive the to-be-sent data or not is further judged; if the target server corresponding to the to-be-sent data allows the situation that the preset safety channel is established to receive the to-be-sent data, the to-be-sent data are sent to an agency device on the terminal device side so that the agency device can establish the preset safety channel for data transmission. Because the safety level of the preset safety channel is higher than that of a https channel, data transmission safety can be guaranteed.

Description

A kind of data processing method and terminal equipment

Technical field

The present invention relates to Internet communication technology field, particularly relate to a kind of data processing method and terminal equipment.

Background technology

Along with the development of science and technology, the kind of electronic product also gets more and more, and people have also enjoyed the various facilities that development in science and technology brings.Present people can pass through various types of terminal equipment, enjoy the comfortable life along with development in science and technology brings.Such as, the terminal equipment such as smart mobile phone, panel computer has become an important part in people's life, and user can use the terminal equipment such as smart mobile phone, panel computer to listen to the music, play games, search for major event of occurring in the recent period etc.Such as, user can use above terminal equipment to search for the recent dress parade held in Beijing of viewing.

And for current data transfer mode, what generally adopt at present is the safe transmission that https passage realizes data, but this transmission means cannot ensure the safety of transfer of data.Such as, user, when carrying out financial transaction with bank server, can send data of financial transaction (as bank's card number, password etc.) to bank server via platforms such as browser, shopping softwares.But this kind of data of financial transaction is likely just stolen by third party's interception in midway, causes data of financial transaction to be revealed, brings loss to user.

Therefore, for current be the transmission means of https passage, even if receive the requirement needing safety-oriented data transfer, such as some vital area (as Beijing) needs the fail safe ensureing transfer of data, still can only utilize https channel transmission data, the fail safe of transfer of data cannot be ensured.

Summary of the invention

In view of the above problems, the present invention is proposed to provide a kind of overcoming the problems referred to above or a kind of data processing method solved the problem at least in part and terminal equipment.

One aspect of the present invention, provides a kind of data processing method, and described method comprises:

Obtain the current geographic position region of terminal equipment;

Whether the current geographic position region detecting described terminal equipment belongs to high level of security region;

If the current geographic position region of described terminal equipment belongs to described high level of security region, judge further whether destination server corresponding to the data to be sent of described terminal equipment is supported to set up preset security passage to receive described data to be sent; Wherein, described preset security passage is the another kind of escape way being different from hypertext transfer protocol secure https passage, and the level of security of described preset security passage is higher than described https passage;

If described destination server support sets up described preset security passage to receive described data to be sent, then described data to be sent are sent to the agent apparatus of terminal equipment side, make described agent apparatus set up described preset security passage, then utilize described preset security passage to forward described data to be sent to described destination server.

Optionally, the current geographic position region of described acquisition terminal equipment, specifically comprises:

The current geographic position region of terminal equipment according to the Wireless Fidelity WIFI information acquisition of described terminal equipment; Or

The current geographic position region of described terminal equipment is obtained according to the base station information of described terminal equipment; Or

The current geographic position region of described terminal equipment is obtained according to the GPS (Global Position System) GPS information of described terminal equipment; Or

The current geographic position region of described terminal equipment is obtained according to the gateway information of described terminal equipment.

Optionally, whether the current geographic position region of the described terminal equipment of described detection belongs to high level of security region, specifically comprises:

Obtain the level of security that the current geographic position region of described terminal equipment is corresponding;

Whether the level of security detecting the current geographic position region of described terminal equipment corresponding reaches level of security threshold value;

If level of security corresponding to the current geographic position region of described terminal equipment reaches described level of security threshold value, show that the current geographic position region of described terminal equipment belongs to described high level of security region.

Whether the significance level detecting the just-in-time politics event occurred in preset time range in the current geographic position region of described terminal equipment reaches predeterminable level;

If so, show that the current geographic position region of described terminal equipment belongs to described high level of security region.

Detect the searching times obtaining the just-in-time politics event occurred in preset time range in the current geographic position region of described terminal equipment;

If detect, the searching times of described just-in-time politics event reaches preset times in preset time range, then show that the current geographic position region of described terminal equipment belongs to described high level of security region.

Optionally, describedly judge whether destination server corresponding to the data to be sent of described terminal equipment is supported to set up preset security passage to receive described data to be sent, specifically comprises:

Extract the characteristic information about destination server in described data to be sent;

Characteristic information based on described destination server judges whether described destination server supports that setting up described preset security passage receives described data to be sent.

Optionally, the described characteristic information based on described destination server judges whether described destination server supports that setting up described preset security passage receives described data to be sent, specifically comprises:

Judge whether the characteristic information of described destination server exists in white list, in described white list, describe the characteristic information of the server supporting described preset security passage;

If the characteristic information of described destination server exists in described white list, then represent that data to be sent described in described preset security channel reception are set up in described destination server support.

Optionally, the characteristic information of described destination server comprises: IP address and/or receiving port.

Optionally, the renewal of described white list comprises step below:

Timing upgrades described white list; Or

When the characteristic information of other servers described when supporting the update request of other servers of described preset security passage, is added described white list and upgrades by acquisition not on described white list.

Optionally, described described data to be sent are sent to agent apparatus, are specially:

Described agent apparatus is sent to after described data to be sent are used secret key encryption.

Optionally, judge whether destination server corresponding to the data to be sent of described terminal equipment supports to set up preset security passage to after receiving described data to be sent, and described method also comprises described:

If described destination server does not support to set up data to be sent described in preset security channel reception, utilize described htttps passage that described data to be sent are directly sent to described destination server.

Optionally, after described data to be sent are sent to agent apparatus, described method also comprises:

Receive other data that described agent apparatus utilizes described preset security passage to forward from described destination server.

Optionally, described agent apparatus is built in browser.

Another aspect of the present invention, provides a kind of terminal equipment, comprising:

First obtains module, for obtaining the current geographic position region of described terminal equipment;

Detection module, whether the current geographic position region for detecting described terminal equipment belongs to high level of security region;

Judge module, if the current geographic position region for described terminal equipment belongs to described high level of security region, judge further whether destination server corresponding to the data to be sent of described terminal equipment is supported to set up preset security passage to receive described data to be sent; Wherein, described preset security passage is the another kind of escape way being different from hypertext transfer protocol secure https passage, and the level of security of described preset security passage is higher than described https passage;

First sending module, if set up described preset security passage to receive described data to be sent for described destination server support, then described data to be sent are sent to the agent apparatus of terminal equipment side, make described agent apparatus set up described preset security passage, then utilize described preset security passage to forward described data to be sent to described destination server.

Optionally, described acquisition module specifically for:

Optionally, described detection module specifically comprises:

Second obtains module, the level of security that the current geographic position region for obtaining described terminal equipment is corresponding;

Detection sub-module, whether level of security corresponding to the current geographic position region for detecting described terminal equipment reaches level of security threshold value;

Optionally, whether the significance level of just-in-time politics event that described detection module occurs in preset time range specifically for the current geographic position region detecting described terminal equipment reaches predeterminable level; If so, show that the current geographic position region of described terminal equipment belongs to described high level of security region.

Optionally, described detection module specifically for

Optionally, described judge module specifically comprises:

Extraction module, for extracting the characteristic information about destination server in described data to be sent;

Judge submodule, for judging based on the characteristic information of described destination server whether described destination server supports that setting up described preset security passage receives described data to be sent.

Optionally, describedly judge that submodule is specifically for judging whether the characteristic information of described destination server exists in white list, describes the characteristic information of the server supporting described preset security passage in described white list; If the characteristic information of described destination server exists in described white list, then represent that data to be sent described in described preset security channel reception are set up in described destination server support.

Optionally, the renewal of described white list comprises step below:

Timing upgrades described white list; Or

Optionally, described first sending module sends to described agent apparatus after described data to be sent are used secret key encryption.

Optionally, described terminal equipment also comprises:

Second sending module, for judging whether destination server corresponding to the data to be sent of described terminal equipment supports to set up preset security passage to after receiving described data to be sent, if described destination server does not support to set up data to be sent described in preset security channel reception, utilize described htttps passage that described data to be sent are directly sent to described destination server.

Optionally, described terminal equipment also comprises:

Receiver module, for after described data to be sent are sent to agent apparatus, receives other data that described agent apparatus utilizes described preset security passage to forward from described destination server.

Optionally, described agent apparatus is built in browser.

The technical scheme provided in the embodiment of the present application, at least has following technique effect or advantage:

The invention discloses a kind of data processing method and terminal equipment.First method of the present invention obtains the current geographic position region of terminal equipment; Whether the current geographic position region then detecting described terminal equipment belongs to high level of security region; If the current geographic position region of described terminal equipment belongs to described high level of security region, judge further whether destination server corresponding to data to be sent is supported to set up preset security passage to receive described data to be sent; If support, described data to be sent are sent to the agent apparatus of terminal equipment side, make described agent apparatus set up described preset security passage and carry out transfer of data.Because the level of security of preset security passage is higher than https passage, the fail safe of transfer of data therefore can be ensured.

Further, if destination server corresponding to data to be sent is not supported to set up preset security channel reception data to be sent, the present invention can also transmit data to be sent by https passage.As can be seen here, the present invention not only can improve the safety of transfer of data, can also compatible two kinds of transmission meanss transmission data.

Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of specification, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.

Accompanying drawing explanation

By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:

Fig. 1 shows system architecture diagram corresponding to a kind of according to an embodiment of the invention data processing method;

Fig. 2 shows a kind of according to an embodiment of the invention implementing procedure figure of data processing method;

Fig. 3 shows the structural representation of terminal equipment according to an embodiment of the invention.

Embodiment

Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.

As a kind of optional embodiment, the invention provides a kind of data processing method, the mode in order to solve existing https channel transmission data cannot ensure the problem of data transmission security.It should be noted that the method that the present invention relates to can but be not limited only to be applied in browser.Except being applied to browser, can also be applied in other application programs, as: shopping software (such as Taobao's software), MSN (micro-letter, QQ, Fetion etc. software) etc.Below to use the method to be described in browser side, the execution mode of other sides (shopping software, MSN etc.) and the execution mode of browser side similar, therefore repeat no more.

Please refer to Fig. 1 below, is system architecture diagram corresponding to a kind of data processing method provided by the invention.

In system architecture diagram, the equipment related to comprises: terminal equipment, agent apparatus and destination server.Wherein, terminal equipment of the present invention can be specifically mobile phone, computer, PAD etc. electronic equipment.The user of terminal equipment is terminal use.Agent apparatus is mainly used in setting up preset security passage with destination server, then utilizes preset security passage to forward the data to be sent of terminal equipment side to destination server; Destination server is the final arrival point of data to be sent, is used for response pending to send data.Destination server can be any server, the various types of server of server that the server that such as bank server, video server, financial transaction mechanism (stock exchange) provide, privacy mechanism (such as Flight Design institute) provide etc.For example, terminal use utilizes terminal equipment to send the request msg of search video, agent apparatus meeting and destination server set up preset security passage, then utilize preset security passage that the request msg of search video is transmitted to corresponding video server, respond corresponding request by video server.

Specifically, terminal equipment side be provided with the monokaryon browser (such as IE browser) of support IE kernel or support the double-core browser of two kinds of kernels (as IE kernel and chrome kernel) simultaneously.Due to the closure of IE kernel, make the browser (comprising monokaryon browser and double-core browser) being provided with IE kernel can only support to set up single channel transmission data.Such as can only set up hypertext transfer protocol secure https channel transmission data, and this data transfer mode easily makes data to be sent be blocked in transmitting procedure steals.

In order to address this problem, the present invention is provided with agent apparatus in terminal equipment side.Specifically, the present invention can arrange agent apparatus in browser inside, becomes the part of browser.Or agent apparatus can be used as independently individuality and is present in terminal equipment side.And for other application programs, it is inner that agent apparatus is built in other application programs, become the part of other application programs.Or agent apparatus is present in terminal equipment side as independently individuality.

When agent apparatus is arranged at browser inside, due to the closure of IE kernel, the network library of a network library as agent apparatus can be increased newly at browser, the original network library of browser need not be revised, to reduce the original change of browser as far as possible.

When agent apparatus is arranged at browser inside, set up preset security passage (the close passage of such as state) if determine between needs and destination server and transmit data, and after destination server supports preset security passage, then certainly can employ new connection and replace original connection (https passage), namely automatically and between destination server set up preset security passage to replace original https passage, make browser can be joined seamlessly to preset security passage from https passage.

Agent apparatus has been supported on the basis of https channel transfer at browser, is used for setting up the preset security passage safer than existing https passage with destination server.For browser provides other escape way transmission data, to improve the fail safe of the transmission of data to be sent.Specifically, because agent apparatus is arranged at terminal equipment side, (no matter agent apparatus is arranged on that browser is inner or terminal equipment is inner, all belong to and be arranged on terminal equipment side), the transfer of data therefore between browser and agent apparatus belongs to internal transmission.And the transmission between agent apparatus and destination server, be the transmission being carried out data to be sent by the preset security passage of foundation.Because the level of security of preset security passage is higher than described https passage, therefore, use preset security channel transfer data to be sent, the fail safe transmitting data to be sent can be improved.

Further, data to be sent are transmitted owing to make use of agent apparatus to set up safer transmission channel, therefore do not affect the use of original https passage, make browser while raising data transmission security to be sent, go back compatibility two kinds of channel transmission datas.

In addition, browser of the present invention is not limited in the use of single channel at one time, such as, browser, while support utilizes preset security channel transfer data to be sent, can also utilize https channel transfer (send or receive) other data.For example, such as the server of certain privacy mechanism accessed by browser, and utilizing preset security passage to transmit confidential documents in this privacy mechanism server.And simultaneously on another webpage, browser can receive the homepage data (such as the webpage homepage data in so-and-so store) that other servers send.

Please refer to Fig. 2 below, is the implementation process figure of data processing method provided by the invention.

S1, obtains the current geographic position region of terminal equipment.

Current geographic position region representation be the current location of terminal equipment, the current position of such as terminal equipment is the current position of (latitude XX °, longitude XX °) or terminal equipment is Tian'anmen Square, Beijing etc.

As a kind of possible implementation, terminal equipment can according to device type the different and information that takes on a different character.Such as, if terminal equipment is smart mobile phone, so its characteristic information include but not limited to be: Wireless Fidelity WIFI information, base station information, GPS (Global Position System) GPS information, MAC (MediaAccessControl: medium access control) address, IMEI (InternationalMobileEquipmentIdentity: mobile device international identity code).If terminal equipment is computer, so the characteristic information of terminal equipment can be: WIFI information, gateway information etc.Therefore, in concrete implementation process, the current geographic position region of terminal equipment can be judged according to the information enumerated above.

As a kind of possible implementation, in the specific implementation process in current geographic position region obtaining terminal equipment, can according to the Wireless Fidelity WIFI information acquisition of described terminal equipment the current geographic position region of terminal equipment.Built-in location-based service in operating system due to these terminal equipments of Android, iOS and WindowsPhone, and each Wi-Fi hotspot has a unique Mac address, therefore opening after WiFi when terminal equipment will focus upload its positional information near automatic scan, so just establishes a huge hotspot location database.This database is the key positioned user.If terminal equipment connects gone up certain Wi-Fi Hotspot, so just can in calling data storehouse near the geographical location information of all focuses, then with reference to the strong and weak geographical position calculating this terminal equipment of signal of each focus.

As a kind of possible implementation, in the specific implementation process in current geographic position region obtaining terminal equipment, the current geographic position region of described terminal equipment can be obtained according to the base station information of described terminal equipment.Specifically, if terminal equipment needs to determine current location information, to multiple base stations (normal conditions the are 3) pilot signal transmitted (this pilot signal is framing signal) around it, and the transmitting time of pilot signal in the pilot signal sent, can be comprised.The arrival time that this pilot signal arrives at base station, after receiving pilot signal, is recorded respectively in each base station, and then base station information (such as: base station location), the transmitting time of pilot signal, arrival time are sent to a terminal equipment by base station.Terminal equipment receive base station send base station information, pilot signal transmitting time, after the arrival time, just can determine the distance between this terminal equipment and each base station, and base station location is fixing, so based on the distance between this terminal equipment and each base station and base station location, the current location of terminal equipment can be determined by the mode of architecture.

As a kind of possible implementation, in the specific implementation process in current geographic position region obtaining terminal equipment, the current geographic position region of described terminal equipment can be obtained according to the GPS (Global Position System) GPS information of described terminal equipment.Such as terminal equipment can obtain its current geographic position by the GPS positioning function of self.

As a kind of possible implementation, in the specific implementation process in current geographic position region obtaining terminal equipment, the current geographic position region of described terminal equipment can be obtained according to the gateway information of described terminal equipment.

S2, whether the current geographic position region detecting described terminal equipment belongs to high level of security region.

Described high level of security region is the region needing to ensure data transmission security.The such as Great Hall of the People is as high level of security region, and the data of its transmission need to ensure safe transmission (comprise and send data and receive data).

As a kind of possible implementation, when whether the current geographic position region detecting described terminal equipment belongs to high level of security region, the level of security that the current geographic position region of described terminal equipment is corresponding can be obtained; Whether the level of security then detecting the current geographic position region of described terminal equipment corresponding reaches level of security threshold value; If level of security corresponding to the current geographic position region of described terminal equipment reaches described level of security threshold value, show that the current geographic position region of described terminal equipment belongs to described high level of security region.For example, state's inner region (can certainly be international regions) can be divided according to grade in advance, and when divided rank, can divide according to area, such as divide according to Beijing, Wuhan, Chengdu etc. area, or divide according to longitude and latitude, can certainly divide according to other modes.Such as divide according to area, can for 5 grades, by Beijing for being divided into 5 grades (represent the highest grade), level of security threshold value is 3 grades (namely higher than or the region that equals this level of security threshold value just belong to high level of security region).If the current geographic position of terminal equipment is in Beijing, the level of security (5 grades) that so just expression terminal equipment current geographic position region is corresponding reaches level of security threshold value (3 grades), and then can determine that the current geographic position region of terminal equipment belongs to described high level of security region, need the safety ensureing transfer of data.

As a kind of possible implementation, when whether the current geographic position region detecting described terminal equipment belongs to high level of security region, whether the significance level detecting the just-in-time politics event occurred in preset time range in the current geographic position region of described terminal equipment reaches predeterminable level; If so, show that the current geographic position region of described terminal equipment belongs to described high level of security region.Specifically, the just-in-time politics event occurred in preset time range can divide according to significance level, and such as the significance level of the military review on September 3rd, 2015 is the highest, and the significance level of other events is taken second place.Suppose that the significance level rank of military review is 5 grades (highest levels), other events are divided into 1 (minimum rank) ~ 4 grades respectively according to significance level, and predeterminable level is 3 grades.If terminal use goes to the capital to watch military review.So then can detect that terminal equipment is in Beijing, and the significance level military review that Beijing was held on September 3rd, 2015 being detected is 5 grades, exceed the rank (3 grades) of predeterminable level, therefore, it is possible to determine that the current geographic position region of terminal equipment belongs to described high level of security region, need the safety ensureing transfer of data.Should be noted that; illustrate only for instruction and explanation of the present invention, and not as restriction citing of the present invention, the present invention also can use other modes to illustrate herein; such as utilize character, symbol, letter, word etc. to represent rank, this also should be within protection scope of the present invention.

As a kind of possible implementation, detect the searching times obtaining the just-in-time politics event occurred in preset time range in the current geographic position region of described terminal equipment; If detect, the searching times of described just-in-time politics event reaches preset times in preset time range, then show that the current geographic position region of described terminal equipment belongs to described high level of security region.Similar with above-mentioned citing, if terminal equipment detects that the searching times of the military review that the Beijing, current position at its place was held on September 3rd, 2015 reaches (or having exceeded) preset times, so also can show terminal equipment many Beijing, current position belong to described high level of security region, need to ensure the safety of transfer of data.

And for described data to be sent, it can be data or the data assemblies of any type.Such as document, file, video, audio frequency, image etc. data.In addition, data to be sent can be stored in the local data at any time etc. to be called of browser, document that such as browser this locality stores etc.Also can be that the browser of terminal equipment is collected and obtained data, picture that the external website of such as browser access is downloaded etc. from the Internet.

S3, if the current geographic position region of described terminal equipment belongs to described high level of security region, judges further whether destination server corresponding to the data to be sent of described terminal equipment is supported to set up preset security passage to receive described data to be sent.

Definition for preset security passage is: described preset security passage is the another kind of escape way being different from hypertext transfer protocol secure https passage, the close passage of such as state.

In addition, the level of security of described preset security passage is higher than HTML (Hypertext Markup Language) https passage.The fail safe of the close passage of such as state can higher than the fail safe of https passage.The close passage of state, is actually the data transmission channel set up based on state close algorithm (SM2-SM4), meets SSL (SecureSocketsLayer, SSL) data security protocol.The close algorithm of state is a set of public key algorithm that national Password Management office carries out issuing, and the fail safe of the data transmission channel set up based on this kind of algorithm can be higher than the fail safe of https passage.

Specifically, because the fail safe of preset security passage is higher than the fail safe of https passage, therefore after acquisition data to be sent, can judge that these data to be sent are the need of use preset security passage (the close passage of such as state) transmission in advance.If data to be sent need to use preset security channel transfer, then whether the destination server (that is: the final arrival point of data to be sent) that judgement data to be sent are corresponding further supports to set up data to be sent described in preset security channel reception.If when data to be sent described in preset security channel reception are set up in destination server support, can preferentially use preset security channel transmission data, to improve the fail safe of transfer of data.If do not support to set up data to be sent described in preset security channel reception, then select this Data Data to be sent of https channel transfer.

In concrete implementation process, when judging whether destination server corresponding to data to be sent is supported to set up data to be sent described in preset security channel reception, first can extract the characteristic information about destination server in described data to be sent; Then the characteristic information based on described destination server judges whether described destination server is supported to set up data to be sent described in described preset security channel reception.

Data to be sent, except comprising one or several data assemblies (combination of such as document and image), also comprise source address (such as source IP address), the source port of terminal equipment; The receiver address (the IP address of such as Construction Bank) of destination server (the final arrival point of data to be sent), receiving port; Etc..

It can thus be appreciated that, the characteristic information of destination server of the present invention include but not limited to be: IP address and/or receiving port.Terminal equipment side, after obtaining data to be sent, can go out characteristic information about destination server from extracting data to be sent, such as: IP address and/or receiving port.

Therefore, after the characteristic information extracting destination server, ' judging whether the characteristic information of described destination server exists in white list ' can be utilized to judge, and whether corresponding destination server supports to set up data to be sent described in preset security channel reception.

Specifically, white list is recorded be up to the present obtain (initiatively the whole network search or passive reception server send) support described in the characteristic information of server of preset security passage.That is, on white list except recording destination server corresponding to data to be sent, also describe the characteristic information of other destination servers supporting described preset security passage.

White list can have form, list, database etc. many forms.Please refer to table 1 below, is the characteristic information of the partial target server that the white list enumerated in table form of the present invention is recorded.

Server	IP address	Receiving port
			Server A 1	118.114.168.212	147
Server A 2	118.114.168.211	140

Table 1

It should be noted that except form, white list can also have other forms of expression, these forms of expression also should belong within protection scope of the present invention.

In general, white list is stored in terminal equipment side.About the renewal of white list, the embodiment of the present invention also provides multiple update mode, specifically please refer to introduction below.

Terminal equipment can to white list real-time update.Whenever to find not on white list and to support other servers of described preset security passage (not only supported described preset security passage but also server) not on white list, can immediately by its characteristic of correspondence information updating in white list, to ensure that white list keeps latest edition for terminal equipment side always.

And in order to save Internet resources, terminal equipment can also upgrade white list in timing.Such as just white list was once upgraded every 24 hours.

In addition, when supporting the characteristic information of other servers of described preset security passage, the characteristic information of other servers described can also be added described white list and upgrade not on white list in acquisition.Such as: support to inform terminal equipment by the bank server of preset security passage it can support this message of preset security passage not on white list, and send the characteristic information of self to terminal equipment, so terminal equipment is after receiving this message, then the characteristic information of bank server can be updated in white list.Or terminal equipment to receive not on white list and after supporting the characteristic information of the bank server of preset security passage, just can be directly updated in white list by the characteristic information of this bank server.

And when judging whether the characteristic information of described destination server exists white list, if the characteristic information of described destination server exists in described white list, then represent that data to be sent described in preset security channel reception are set up in described destination server support.

Characteristic information due to destination server includes but not limited to: IP address and/or receiving port.Therefore in concrete deterministic process, following several mode is had:

First kind of way: judge whether the IP address of destination server exists in white list, if the IP address of described destination server exists in described white list, then represents that data to be sent described in preset security channel reception are set up in described destination server support.The IP address of such as destination server A1 is 118.114.168.212.The IP address of the storage on itself and white list is contrasted, if white list stores 118.114.168.212.So just represent that the IP address of destination server A1 is present on white list, therefore data to be sent described in preset security channel reception are set up in destination server support.

The second way: judge whether the port of destination server exists in white list, if the port of described destination server exists in described white list, then represents that data to be sent described in preset security channel reception are set up in described destination server support.Such as destination server A1 port is 147.The port of the storage on itself and white list is contrasted, if white list stores 147.So just represent that the port of destination server A1 is present on white list, therefore data to be sent described in preset security channel reception are set up in destination server support.

The third mode: judge whether the IP address of destination server and port are all present in white list.If the IP address of destination server and port all exist in described white list, then represent that data to be sent described in preset security channel reception are set up in described destination server support.

More than judge whether corresponding destination server supports to set up the specific implementation process of data to be sent described in preset security channel reception based on the characteristic information of described destination server.

S4, if described destination server support sets up described preset security passage to receive described data to be sent, then described data to be sent are sent to the agent apparatus of terminal equipment side, make described agent apparatus set up described preset security passage, then utilize described preset security passage to forward described data to be sent to described destination server.

As a kind of possible implementation, when data to be sent being sent in browser side inner agent apparatus, after data to be sent can being used secret key encryption, send to described agent apparatus.The encryption key used includes but not limited to it is character, numeral, letter etc. any one or several combinations.

For agent apparatus, it may reside in browser inside, and as the part of browser, in addition, agent apparatus also can be present in terminal equipment inside as independently individuality.After agent apparatus receives data to be sent, corresponding decruption key can be used to be decrypted.

The data to be sent received are given tacit consent in agent apparatus side all to be needed to use preset security passage to send.Therefore, after receiving data to be sent, preset security passage can be set up, then utilize described preset security passage by data retransmission to be sent to described destination server.

In actual applications, agent apparatus can complete following functions (for the close passage of state):

(1) automatically identify and operate the close USBKEY of state, supporting many USBKEY, many certificate selections.

(2) the close certificate chain of checking and display state.

(3) the close white list of administering state.

(4) agreement is smelt the mechanism such as spy and is determined whether destination server is the close server of state, and agreement is smelt exploration and is used in the mode that in basic TCP connection, increase is once shaken hands and realizes.

(5) SM2/SM3/SM4 algorithm realization.

(6) the close SSL of state two-way/be bi-directionally connected foundation.

(7) state close/the close SSL of business is from main separation.

Therefore, when setting up preset security passage (for the close passage of state), following several stages can be experienced: handshake request stage, agent apparatus Qualify Phase, destination server Qualify Phase.

In request stage of shaking hands, agent apparatus elder generation and destination server mutually send access request and shake hands.After shaking hands, agent apparatus sends SM2 certificate, self cipher key exchange message and message of having shaken hands to destination server; Destination server sends the cipher key exchange message of self to agent apparatus after receiving the message of having shaken hands of agent apparatus transmission.Then both sides change cipher suite message and end; Both sides all receive the end of the other side and by after checking, represent that Path Setup completes.Both sides can use the security parameter of agreement to carry out Security Data Transmission.

After preset security Path Setup, agent apparatus then can utilize described preset security passage to forward described data to be sent.Rear transmission can be processed with the security parameter (such as arranging key) of agreement to data to be sent when forwarding.

After destination server side receives these data to be sent, then the security parameter of agreement (such as arranging key) can be used to process, then obtain data to be sent and carry out corresponding subsequent treatment.

It is more than the process that agent apparatus forwards data to be sent.And for terminal equipment, other data that described agent apparatus utilizes described preset security passage to forward can also be received.

In the implementation that another kind is possible, after the described characteristic information based on described destination server judges whether described destination server supports to set up data to be sent described in preset security channel reception, if described destination server does not support to set up data to be sent described in preset security channel reception, use described htttps passage that described data to be sent are directly sent to described destination server.

In order to improve the safety of transfer of data further, and when using described htttps passage to send described data to be sent, data to be sent can also be encrypted in advance, then send the data after encryption to described destination server.That is: if described destination server is not supported to set up described preset security channel reception data to be sent, described destination server is sent to utilizing described https passage after described data encryption to be sent.

Be more than data processing method disclosed by the invention, first obtain the current geographic position region of installing terminal equipment; Whether the current geographic position region then detecting described terminal equipment belongs to high level of security region; If the current geographic position region of described terminal equipment belongs to described high level of security region, judge further whether destination server corresponding to data to be sent to be sent is supported to set up preset security passage to receive described data to be sent; If support, described data to be sent are sent to the agent apparatus of terminal equipment side, make described agent apparatus set up described preset security passage and carry out transfer of data.Because the level of security of preset security passage is higher than https passage, the fail safe of transfer of data therefore can be ensured.

Further, if described destination server does not support to set up data to be sent described in preset security channel reception, the present invention can also use described htttps passage that described data to be sent are directly sent to described destination server.Therefore, data to be sent compatible two kinds of transmission meanss can be sent to described destination server by the present invention.

And based on same inventive concept, the following examples provide a kind of terminal equipment.

Please refer to Fig. 3 below, in another kind of embodiment of the present invention, provide a kind of terminal equipment, comprising:

First obtains module 301, for obtaining the current geographic position region of described terminal equipment;

Detection module 302, whether the current geographic position region for detecting described terminal equipment belongs to high level of security region;

Judge module 303, if the current geographic position region for described terminal equipment belongs to described high level of security region, judge further whether destination server corresponding to the data to be sent of described terminal equipment is supported to set up preset security passage to receive described data to be sent; Wherein, described preset security passage is the another kind of escape way being different from hypertext transfer protocol secure https passage, and the level of security of described preset security passage is higher than described https passage;

First sending module 304, if set up described preset security passage to receive described data to be sent for described destination server support, then described data to be sent are sent to the agent apparatus of terminal equipment side, make described agent apparatus set up described preset security passage, then utilize described preset security passage to forward described data to be sent to described destination server.

As a kind of optional embodiment, described acquisition module specifically for:

As a kind of optional embodiment, described detection module 302 specifically comprises:

As a kind of optional embodiment, whether described detection module 302 reaches predeterminable level specifically for the significance level of the just-in-time politics event that the current geographic position region detecting described terminal equipment occurs in preset time range; If so, show that the current geographic position region of described terminal equipment belongs to described high level of security region.

As a kind of optional embodiment, described detection module 302 specifically for

As a kind of optional embodiment, described judge module 303 specifically comprises:

As a kind of optional embodiment, describedly judge that submodule is specifically for judging whether the characteristic information of described destination server exists in white list, describes the characteristic information of the server supporting described preset security passage in described white list; If the characteristic information of described destination server exists in described white list, then represent that data to be sent described in described preset security channel reception are set up in described destination server support.

As a kind of optional embodiment, the characteristic information of described destination server comprises: IP address and/or receiving port.

As a kind of optional embodiment, the renewal of described white list comprises step below:

Timing upgrades described white list; Or

As a kind of optional embodiment, described first sending module 304 sends to described agent apparatus after described data to be sent are used secret key encryption.

As a kind of optional embodiment, described terminal equipment also comprises:

As a kind of optional embodiment, described agent apparatus is built in browser.

Due to the device of electronic equipment for adopting based on data processing method in enforcement the embodiment of the present application that the present embodiment is introduced, so based on the data processing method introduced in the embodiment of the present application, those skilled in the art can understand embodiment and its various version of the electronic equipment of the present embodiment, so how to realize introducing no longer in detail based on data processing method in the embodiment of the present application at this for this electronic equipment.As long as those skilled in the art implement based on the device that data processing method adopts in the embodiment of the present application, all belong to the application for protection scope.

By one or more embodiment of the present invention, the present invention has following beneficial effect or advantage:

The invention discloses a kind of data processing method and terminal equipment.First method of the present invention obtains the current geographic position region of terminal equipment; Whether the current geographic position region then detecting described terminal equipment belongs to high level of security region; If the current geographic position region of described terminal equipment belongs to described high level of security region, judge further whether destination server corresponding to data to be sent is supported to set up preset security passage to receive described data to be sent; If support, described data to be sent are sent to the agent apparatus of terminal equipment side, make described agent apparatus set up described preset security passage and carry out transfer of data.Because agent apparatus is arranged at terminal equipment side (no matter agent apparatus is arranged on that browser is inner or terminal equipment is inner, all belongs to and is arranged on terminal equipment side), the transfer of data therefore between browser and agent apparatus belongs to internal transmission.And the transmission between agent apparatus and destination server, be that the preset security passage by setting up carries out transfer of data.Because the level of security of preset security passage is higher than described https passage, therefore, preset security channel transmission data is used can to ensure the fail safe of transfer of data.

Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.

In specification provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.

Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.

Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.

In addition, those skilled in the art can understand, although to comprise in other embodiment some included feature instead of further feature in this some embodiments, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary compound mode.

All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize the some or all parts in gateway according to the embodiment of the present invention, proxy server, system.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.

The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.

The invention discloses, A1, a kind of data processing method, is characterized in that, described method comprises:

Obtain the current geographic position region of terminal equipment;

A2, method as described in A1, it is characterized in that, the current geographic position region of described acquisition terminal equipment, specifically comprises:

A3, method as described in A1, it is characterized in that, whether the current geographic position region of the described terminal equipment of described detection belongs to high level of security region, specifically comprises:

A4, method as described in A1, it is characterized in that, whether the current geographic position region of the described terminal equipment of described detection belongs to high level of security region, specifically comprises:

A5, method as described in A1, it is characterized in that, whether the current geographic position region of the described terminal equipment of described detection belongs to high level of security region, specifically comprises:

A6, method as described in A1, is characterized in that, describedly judges whether destination server corresponding to the data to be sent of described terminal equipment is supported to set up preset security passage to receive described data to be sent, specifically comprises:

A7, method as described in A6, it is characterized in that, the described characteristic information based on described destination server judges whether described destination server supports that setting up described preset security passage receives described data to be sent, specifically comprises:

A8, method as described in A1 or A7, it is characterized in that, the characteristic information of described destination server comprises: IP address and/or receiving port.

A9, method as described in A7, it is characterized in that, the renewal of described white list comprises step below:

Timing upgrades described white list; Or

A10, method as described in A1, is characterized in that, described described data to be sent sent to agent apparatus, is specially:

A1, method as described in A1, is characterized in that, judges whether destination server corresponding to the data to be sent of described terminal equipment supports to set up preset security passage to after receiving described data to be sent, and described method also comprises described:

A12, method as described in A1, it is characterized in that, after described data to be sent are sent to agent apparatus, described method also comprises:

A13, method as described in A1, it is characterized in that, described agent apparatus is built in browser.

B14, a kind of terminal equipment, is characterized in that, comprising:

B15, terminal equipment as described in B14, is characterized in that, described acquisition module specifically for:

B16, terminal equipment as described in B14, it is characterized in that, described detection module specifically comprises:

B17, terminal equipment as described in B14, it is characterized in that, whether described detection module reaches predeterminable level specifically for the significance level of the just-in-time politics event that the current geographic position region detecting described terminal equipment occurs in preset time range; If so, show that the current geographic position region of described terminal equipment belongs to described high level of security region.

B18, terminal equipment as described in B14, is characterized in that, described detection module specifically for

B19, terminal equipment as described in B14, it is characterized in that, described judge module specifically comprises:

B20, terminal equipment as described in B19, it is characterized in that, describedly judge that submodule is specifically for judging whether the characteristic information of described destination server exists in white list, describes the characteristic information of the server supporting described preset security passage in described white list; If the characteristic information of described destination server exists in described white list, then represent that data to be sent described in described preset security channel reception are set up in described destination server support.

B21, terminal equipment as described in B14 or B20, it is characterized in that, the characteristic information of described destination server comprises: IP address and/or receiving port.

B22, terminal equipment as described in B20, it is characterized in that, the renewal of described white list comprises step below:

Timing upgrades described white list; Or

B23, terminal equipment as described in B14, is characterized in that, described first sending module sends to described agent apparatus after described data to be sent are used secret key encryption.

B24, terminal equipment as described in B14, it is characterized in that, described terminal equipment also comprises:

B25, terminal equipment as described in B14, it is characterized in that, described terminal equipment also comprises:

B26, terminal equipment as described in B14, it is characterized in that, described agent apparatus is built in browser.

Claims

1. a data processing method, is characterized in that, described method comprises:

Obtain the current geographic position region of terminal equipment;

2. the method for claim 1, is characterized in that, the current geographic position region of described acquisition terminal equipment, specifically comprises:

3. the method for claim 1, is characterized in that, whether the current geographic position region of the described terminal equipment of described detection belongs to high level of security region, specifically comprises:

4. the method for claim 1, is characterized in that, whether the current geographic position region of the described terminal equipment of described detection belongs to high level of security region, specifically comprises:

5. the method for claim 1, is characterized in that, whether the current geographic position region of the described terminal equipment of described detection belongs to high level of security region, specifically comprises:

6. the method for claim 1, is characterized in that, describedly judges whether destination server corresponding to the data to be sent of described terminal equipment is supported to set up preset security passage to receive described data to be sent, specifically comprises:

7. method as claimed in claim 6, it is characterized in that, the described characteristic information based on described destination server judges whether described destination server supports that setting up described preset security passage receives described data to be sent, specifically comprises:

8. the method as described in claim 1 or 7, is characterized in that, the characteristic information of described destination server comprises: IP address and/or receiving port.

9. method as claimed in claim 7, it is characterized in that, the renewal of described white list comprises step below:

Timing upgrades described white list; Or

10. a terminal equipment, is characterized in that, comprising: