CN106603568A - Data encryption method, data encryption device, and access point equipment - Google Patents

Data encryption method, data encryption device, and access point equipment Download PDF

Info

Publication number
CN106603568A
CN106603568A CN201611271125.3A CN201611271125A CN106603568A CN 106603568 A CN106603568 A CN 106603568A CN 201611271125 A CN201611271125 A CN 201611271125A CN 106603568 A CN106603568 A CN 106603568A
Authority
CN
China
Prior art keywords
packet
terminal
data
access point
transmission path
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611271125.3A
Other languages
Chinese (zh)
Other versions
CN106603568B (en
Inventor
白剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN201611271125.3A priority Critical patent/CN106603568B/en
Publication of CN106603568A publication Critical patent/CN106603568A/en
Application granted granted Critical
Publication of CN106603568B publication Critical patent/CN106603568B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiments of the invention relate to the technical field of terminals, and disclose a data encryption method, a data encryption device, and access point equipment. The method comprises the following steps: an access point acquires a first data packet which needs to be sent by a first terminal to a second terminal via a wireless network; the access point parses the first data packet to acquire the Internet protocol (IP) address of the second terminal; the access point predicts a predicted transmission path for the first data packet to get to the second terminal via the wireless network according to the IP address of the second terminal; and the access point determines whether or not to encrypt the first data packet according to the safety of the predicted transmission path. According to the embodiments of the invention, data encryption work which is performed by terminal equipment originally is transferred to access point equipment, so that the operation burden on a terminal equipment processor is reduced, and the power consumption of the terminal equipment is reduced.

Description

Data ciphering method, device and access point apparatus
Technical field
The present invention relates to field of terminal technology, more particularly to a kind of data ciphering method, device and access point apparatus.
Background technology
It is widely available with wireless network, people can whenever and wherever possible access network being entertained, be handled official business and be exchanged Deng activity, it is that the life of people brings great convenience.However, the easy access of network and high popularity rate also bring it is increasingly tight The problem of data safety of weight.
For example, the data that user is sent by wireless network, it is easy to stolen by lawless person during transmission Take.For example, user data, or the data receiver's acquisition that disguises oneself as are stolen by pretending AP (Access Point, access point) Data that user sends etc..
Therefore, leaking data is caused in order to prevent the data for sending to be stolen, data are encrypted becomes especially necessary. Terminal unit is encrypted to data before data are sent, accordingly even when data are stolen during transmission, due to data It is encrypted, thus do not result in the information leakage of user yet.
However, carrying out the computational burden that data encryption can increase the processor of terminal unit, the computing capability to processor High requirement is proposed, and the power consumption of terminal unit can be increased.
The content of the invention
A kind of data ciphering method, device and access point apparatus are embodiments provided, script terminal can be set The standby work to data encryption for performing is transferred to access point apparatus to be carried out, and reduces the operation burden of terminal unit processor, enters And reduce the power consumption of terminal unit.
Embodiment of the present invention first aspect discloses a kind of data ciphering method, including:
Access point obtains the first packet that first terminal needs to send by wireless network to second terminal;
Parse first packet to obtain the internet protocol address of the second terminal;
Predict that first packet reaches described the through the wireless network according to the IP address of the second terminal The prediction transmission path of two terminals;
Determine whether to be encrypted first packet according to the safety of the prediction transmission path.
It is as a kind of optional embodiment, described that first packet is predicted according to the IP address of the second terminal The prediction transmission path of the second terminal is reached through the wireless network, including:
Described access point determines the subnet IP of the affiliated subnet of the second terminal according to the IP address of the second terminal;
Recorded according to the subnet IP query histories, so that the second packet whether is transmitted across before determining current time to institute State the affiliated subnet of second terminal;
If so, then obtain the historic transmission path conduct for sending second packet to the affiliated subnet of the second terminal The prediction transmission path.
Used as a kind of optional embodiment, the safety according to the prediction transmission path is determined whether to described First packet is encrypted, including:
The record whether the first transmission node in the described access point inquiry prediction transmission path has data to be stolen;
If the record that first transmission node there are data to be stolen, judge that the prediction transmission path is dangerous, need First packet is encrypted.
Used as a kind of optional embodiment, methods described also includes:
Described access point parses first packet to obtain the data content in first packet;
Carry out keyword extraction to determine whether to be encrypted first packet to the data content.
It is as a kind of optional embodiment, described to carry out keyword extraction to determine whether to institute to the data content State the first packet to be encrypted, including:
Described access point determines whether the data content in first packet includes account number cipher information;
If the data content in first packet includes account number cipher information, to first Data Packet Encryption.
As a kind of optional embodiment, first packet is encrypted using unsymmetrical key, including:
Described access point is encrypted to first packet using public-key cryptography, so that the second terminal is using right The first packet described in the private cipher key pair of the public-key cryptography is answered to be decrypted to obtain the data content.
Embodiment of the present invention second aspect discloses a kind of data encryption device, including:
First acquisition unit, needs the first data sent by wireless network to second terminal for obtaining first terminal Bag;
First resolution unit, for parsing first packet to obtain the Internet protocol IP ground of the second terminal Location;
Predicting unit, for predicting first packet through the wireless network according to the IP address of the second terminal Network reaches the prediction transmission path of the second terminal;
Determining unit, for determining whether to carry out first packet according to the safety of the prediction transmission path Encryption.
As a kind of optional embodiment, the predicting unit, including:
First determination subelement, for determining the affiliated subnet of the second terminal according to the IP address of the second terminal Subnet IP;
First inquiry subelement, for being recorded according to the subnet IP query histories, with before determining current time whether The second packet is transmitted across to the affiliated subnet of the second terminal;
Subelement is obtained, if for the second packet being transmitted across to the affiliated subnet of the second terminal, obtaining and sending institute The historic transmission path of the second packet to the affiliated subnet of the second terminal is stated as the prediction transmission path.
As a kind of optional embodiment, the determining unit, including:
Second inquiry subelement, for inquiring about whether the first transmission node in the prediction transmission path has data stolen The record for taking;
Judge subelement, if the record for there are data to be stolen for first transmission node, judge that the prediction is passed Defeated path is dangerous, and needs are encrypted to first packet.
Used as a kind of optional embodiment, described device also includes:
Second resolution unit, for parsing first packet to obtain the data content in first packet;
Extraction unit, for carrying out keyword extraction to determine whether to enter first packet to the data content Row encryption.
As a kind of optional embodiment, the extraction unit, including:
Second determination subelement, for determining whether the data content in first packet is believed comprising account number cipher Breath;
Encryption sub-unit operable, if including account number cipher information for the data content in first packet, to described First Data Packet Encryption.
As a kind of optional embodiment, the encryption sub-unit operable specifically for using unsymmetrical key to described first Packet is encrypted, including:
First packet is encrypted using public-key cryptography, so that the second terminal is using the correspondence disclosure First packet described in the private cipher key pair of key is decrypted to obtain the data content.
The embodiment of the present invention third aspect discloses a kind of access point apparatus, including:
Be stored with the memorizer of executable program code;
The processor coupled with the memorizer;
The executable program code that the processor is stored in calling the memorizer, performs such as above-mentioned first aspect Disclosed method.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:
In the embodiment of the present invention, access point obtains first terminal to be needed to send by wireless network to the first of second terminal Packet;Parse first packet to obtain the internet protocol address of the second terminal;According to described second eventually The IP address at end predicts that first packet reaches the prediction transmission path of the second terminal through the wireless network;Root Determine whether to be encrypted first packet according to the safety of the prediction transmission path.Implement the embodiment of the present invention, The work to data encryption that script terminal unit is performed can be transferred to access point apparatus is carried out, and is reduced terminal unit and is processed The operation burden of device, and then reduce the power consumption of terminal unit.
Description of the drawings
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, below will be to making needed for embodiment description Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, without having to pay creative labor, can be obtaining which according to these accompanying drawings His accompanying drawing.
Fig. 1 is a kind of schematic flow sheet of data ciphering method disclosed in the embodiment of the present invention;
Figure 1A is a kind of schematic diagram for determining prediction transmission path disclosed in the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of another kind of data ciphering method disclosed in the embodiment of the present invention;
Structural representations of the Fig. 3 for a kind of data encryption device 300 disclosed in the embodiment of the present invention;
Structural representations of Fig. 3 A for a kind of predicting unit 303 disclosed in the embodiment of the present invention;
Structural representations of Fig. 3 B for a kind of determining unit 304 disclosed in the embodiment of the present invention;
Fig. 4 is the structural representation of another kind of data encryption device 400 disclosed in the embodiment of the present invention;
Structural representations of Fig. 4 A for a kind of extraction unit 306 disclosed in the embodiment of the present invention;
Structural representations of the Fig. 5 for a kind of access point apparatus 500 disclosed in the embodiment of the present invention;
Fig. 6 is a kind of structural representation of the terminal unit 600 disclosed in the embodiment of the present invention.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into One step ground is described in detail, it is clear that described embodiment is only present invention some embodiments, rather than the enforcement of whole Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made All other embodiment, belongs to the scope of protection of the invention.
Term " first ", " second " in description and claims of this specification and above-mentioned accompanying drawing etc. are for distinguishing Different objects, rather than for describing particular order.Additionally, term " comprising " and " having " and their any deformations, meaning Figure is to cover non-exclusive including.Process, method, system, product or the equipment of series of steps or unit are contained for example The step of listing or unit are not limited to, but alternatively also include the step of not listing or unit, or alternatively also Including other steps intrinsic for these processes, method or equipment or unit.
A kind of data ciphering method, device and access point apparatus are embodiments provided, script terminal can be set The standby work to data encryption for performing is transferred to access point apparatus to be carried out, and reduces the operation burden of terminal unit processor, enters And reduce the power consumption of terminal unit.It is described in detail individually below.
Fig. 1 is referred to, Fig. 1 is a kind of schematic flow sheet of data ciphering method disclosed in the embodiment of the present invention.Wherein, scheme Data ciphering method shown in 1 may comprise steps of:
101st, access point obtains the first packet that first terminal needs to send by wireless network to second terminal.
In the embodiment of the present invention, first terminal and second terminal can include operation Android operation system, iOS operations The terminal unit of system, Windows operating system or other operating systems, such as mobile phone, removable computer, panel computer, Desktop computer, personal digital assistant (Personal Digital Assistant, PDA), intelligent watch, intelligent glasses, intelligence The terminal units such as bracelet, the embodiment of the present invention are not subsequently repeated.
In the embodiment of the present invention, above-mentioned access point can be simple access point apparatus or router, and first terminal is by connecing Enter above-mentioned access point to obtain wireless connection, first terminal will need the first packet for being sent to second terminal to be sent to access Point device, the first packet reach second terminal after the multiple forwarding of the transmission node in network.
102nd, the first packet is parsed to obtain the internet protocol address of second terminal.
In the embodiment of the present invention, the first packet has certain data frame structure, and access point is by the first packet Solution frame is carried out, to obtain the IP address of the data receiver included in the first packet header (i.e. second terminal).
103rd, predict that the first packet reaches second terminal through above-mentioned wireless network according to the IP address of second terminal Prediction transmission path.
As shown in Figure 1A, Figure 1A is a kind of schematic diagram for determining prediction transmission path disclosed in the embodiment of the present invention.Wherein, The access point of first terminal connection is the first access point, and the access point of second terminal connection is the second access point.Second access point The subnet set up is identified with its subnet IP, accordingly, it is determined that send packet from the first access point reaching with above-mentioned subnet IP The transmission path (in Figure 1A shown in overstriking lines) of the subnet of mark, you can using it as above-mentioned prediction transmission path.First, One access point determines the subnet IP of the affiliated subnet of second terminal according to the IP address of second terminal, is gone through according to subnet IP inquiries afterwards The Records of the Historian is recorded, so that the second packet whether is transmitted across before determining current time to the affiliated subnet of second terminal;If so, then obtain and send out The historic transmission path of the second packet to the affiliated subnet of second terminal is sent as above-mentioned prediction transmission path.
104th, determine whether to be encrypted the first packet according to the safety of above-mentioned prediction transmission path.
Used as a kind of optional embodiment, whether each transmission node that access point is inquired about in above-mentioned prediction transmission path There is the record that data are stolen;If the record for having at least one transmission node to have data to be stolen in above-mentioned prediction transmission path, Then judge that prediction transmission path is dangerous, need to be encrypted the first packet.
As can be seen here, using the method described by Fig. 1, the work to data encryption that script terminal unit can be performed Being transferred to access point apparatus is carried out, and is reduced the operation burden of terminal unit processor, and then is reduced the power consumption of terminal unit.
Fig. 2 is referred to, Fig. 2 is the schematic flow sheet of another kind of data ciphering method disclosed in the embodiment of the present invention.Such as Fig. 2 Shown, the method may comprise steps of:
201st, access point obtains the first packet that first terminal needs to send by wireless network to second terminal.
202nd, the first packet is parsed to obtain the internet protocol address of second terminal.
203rd, predict that the first packet reaches second terminal through above-mentioned wireless network according to the IP address of second terminal Prediction transmission path.
As a kind of optional embodiment, access point to the router broadcast request message in network so that in network Router return routing table, access point is calculated according to routing table and obtains above-mentioned prediction transmission path afterwards.
204th, determine whether to be encrypted the first packet according to the safety of above-mentioned prediction transmission path;If so, then Execution step 205;If it is not, then execution step 206~207.
205th, the first packet is encrypted using unsymmetrical key.
Asymmetric-key encryption algorithm needs two keys:Public-key cryptography (Public Key) and private cipher key (Private Key).Public-key cryptography is present in pairs with private cipher key, if be encrypted to data with public-key cryptography, only with corresponding privately owned Key could be decrypted;If be encrypted with private cipher key pair data, then only could be decrypted with corresponding public-key cryptography.Cause Two different keys are used to encrypt and decrypting, so this algorithm is referred to as asymmetric-key encryption algorithm.It is non-right Title secret key cryptographic algorithm realizes that the basic process that confidential information is exchanged is:Party A generate a pair of secret keys and using therein one as Public-key cryptography is disclosed to other data interaction sides;The Party B for obtaining the disclosure key is encrypted to confidential information using the key After be then forwarded to Party A;Information after the corresponding private cipher key pair encryption that Party A is preserved with oneself again is decrypted.
In embodiments of the present invention, access point is encrypted to the first packet using public-key cryptography, so that second terminal It is decrypted to obtain the data content in the first packet using first packet of private cipher key pair of correspondence public-key cryptography.
206th, above-mentioned access point parses the first packet to obtain the data content in the first packet.
207th, carry out keyword extraction to above-mentioned data content to determine whether to be encrypted the first packet.
Used as a kind of optional embodiment, access point determines whether the data content in the first packet is close comprising account Code information;If the data content in the first packet includes account number cipher information, to the first Data Packet Encryption.
As can be seen here, using the method described by Fig. 2, the work to data encryption that script terminal unit can be performed Being transferred to access point apparatus is carried out, and is reduced the operation burden of terminal unit processor, and then is reduced the power consumption of terminal unit.Except this In addition, access point, can be with according to number except judging whether to be encrypted data according to the safety of transmission path Whether it is related to account number cipher information according to data in bag, judges whether to Data Packet Encryption, improves the motility of data encryption And safety.
Fig. 3 is referred to, Fig. 3 is a kind of structural representation of data encryption device 300 disclosed in the embodiment of the present invention.As schemed Shown in 3, the data encryption device can include:
First acquisition unit 301, needs to send by wireless network to the first of second terminal for obtaining first terminal Packet.
First resolution unit 302, for parsing the first packet to obtain the internet protocol address of second terminal.
Predicting unit 303, for predicting that the first packet is arrived through above-mentioned wireless network according to the IP address of second terminal Up to the prediction transmission path of second terminal.
Determining unit 304, for determining whether to carry out the first packet according to the safety of above-mentioned prediction transmission path Encryption.
As shown in Figure 3A, above-mentioned predicting unit 303, can include:First determination subelement 3031, first inquires about subelement 3032 and obtain subelement 3033.Wherein, the first determination subelement 3031, determines second for the IP address according to second terminal The subnet IP of the affiliated subnet of terminal;First inquiry subelement 3032, for being recorded according to above-mentioned subnet IP query histories, to determine Whether second packet is transmitted across before current time to the affiliated subnet of second terminal;Subelement 3033 is obtained, if for sending The second packet is crossed to the affiliated subnet of second terminal, then obtains the history biography for sending the second packet to the affiliated subnet of second terminal Defeated path is used as above-mentioned prediction transmission path.
As shown in Figure 3 B, above-mentioned determining unit 304, including:Second inquiry subelement 3041 and judgement subelement 3042.Its In, the second inquiry subelement 3041, for inquiring about whether the first transmission node in above-mentioned prediction transmission path has data stolen The record for taking;Judge subelement 3042, if the record for there are data to be stolen for above-mentioned first transmission node, judge above-mentioned pre- Survey transmission path dangerous, need to be encrypted the first packet.
As can be seen here, using the device described by Fig. 3, the work to data encryption that script terminal unit can be performed Being transferred to access point apparatus is carried out, and is reduced the operation burden of terminal unit processor, and then is reduced the power consumption of terminal unit.
Fig. 4 is seen also, Fig. 4 is the structural representation of another kind of data encryption device 400 disclosed in the embodiment of the present invention Figure.Wherein, the data encryption device 400 shown in Fig. 4 is that data encryption device 300 as shown in Figure 3 is optimized what is obtained, with Device shown in Fig. 3 is compared, and the device shown in Fig. 4 also includes:
Second resolution unit 305, for parsing the first packet to obtain the data content in the first packet.
Extraction unit 306, for carrying out keyword extraction to determine whether to enter the first packet to above-mentioned data content Row encryption.
As shown in Figure 4 A, said extracted unit 306, including:Second determination subelement 3061 and encryption sub-unit operable 3062.Its In, the second determination subelement 3061, for determining whether the data content in the first packet includes account number cipher information;Encryption Subelement 3062, if including account number cipher information for the data content in the first packet, to the first Data Packet Encryption.
Wherein, above-mentioned encryption sub-unit operable 3062 is specifically for being encrypted to the first packet using unsymmetrical key, its Specific implementation is:The first packet is encrypted using public-key cryptography, so that second terminal is disclosed above using correspondence First packet of private cipher key pair of key is decrypted to obtain above-mentioned data content.
As can be seen here, using the device described by Fig. 4, the work to data encryption that script terminal unit can be performed Being transferred to access point apparatus is carried out, and is reduced the operation burden of terminal unit processor, and then is reduced the power consumption of terminal unit.Except this In addition, this device, can be with according to number except judging whether to be encrypted data according to the safety of transmission path Whether it is related to account number cipher information according to data in bag, judges whether to Data Packet Encryption, improves the motility of data encryption And safety.
Fig. 5 is referred to, Fig. 5 is a kind of structural representation of access point apparatus 500 disclosed in the embodiment of the present invention.Such as Fig. 5 Shown, the access point apparatus can include:
Input block 501, processor unit 502, output unit 503, communication unit 504, memory element 505 and power supply 506 grade components.These components are communicated by one or more bus.It will be understood by those skilled in the art that shown in Fig. 5 The structure of terminal does not constitute limitation of the invention, and it can both be busbar network, or hub-and-spoke configuration, can be with Including than the more or less of part of structure shown in Fig. 5, or some parts are combined, or different part arrangements.At this In invention embodiment, the access point apparatus shown in Fig. 5 include but is not limited to simple access device, router, bridge and exchange Machine equipment.
Input block 501 be used to realizing user and access point apparatus interact and/or information input is in access point apparatus. In the specific embodiment of the invention, input block 501 can be contact panel, and contact panel is also referred to as touch screen or touch-control Screen, can collect the operational motion that user touches thereon or is close to.Such as user is using any suitable objects such as finger, stylus Adnexa on contact panel or be close to contact panel position operational motion, and driven according to formula set in advance corresponding Attachment means.Optionally, contact panel may include two parts of touch detecting apparatus and touch controller.Wherein, touch inspection The touch operation that device detects user is surveyed, and the touch operation for detecting is converted to into the signal of telecommunication, and the signal of telecommunication is sent to Touch controller;Touch controller receives the signal of telecommunication from touch detecting apparatus, and is converted into contact coordinate, then gives place Reason device unit 502.Order that touch controller can be sent with receiving processor unit 502 is simultaneously performed.Furthermore, it is possible to using electricity The polytypes such as resistive, condenser type, infrared ray (Infrared) and surface acoustic wave realize contact panel.
Control centre of the processor unit 502 for access point apparatus, using various interfaces and the whole access point of connection The various pieces of equipment, by running or performing the program code and/or module being stored in memory element 505, and call The data being stored in memory element 505, to perform the various functions and/or processing data of access point apparatus.Processor unit Can be made up of integrated circuit (Integrated Circuit, abbreviation IC), for example, can be made up of the IC of single encapsulation, Can be made up of the encapsulation IC of many identical functions of connection or difference in functionality.For example, processor unit 502 only can be wrapped Include central processing unit (Central ProcessingUnit, abbreviation CPU), or CPU, digital signal processor (digital signal processor, abbreviation DSP), graphic process unit (Graphic Processing Unit, referred to as The combination of the control chip (such as baseband chip) GPU) and in communication unit.In embodiments of the present invention, CPU can be single Arithmetic core, it is also possible to including multioperation core.
Communication unit 504 is used to set up communication linkage, access point apparatus is set up with intelligent glasses by communication linkage and connects Connect, realize data interaction between the two.Communication unit 504 can include WLAN (Wireless Local Area Network, abbreviation wireless LAN) module, bluetooth module, wireless near field communication (Near Field Communication, abbreviation NFC), wireless communication module and Ethernet, the USB (universal serial bus) such as base band (Base Band) module (Lightning, current Apple are used for iPhone6/6s etc. and set for (Universal Serial Bus, abbreviation USB), lightning interface It is standby) etc. wire communication module.
Output unit 503 can include but is not limited to image output unit, voice output and sense of touch output unit.Image is defeated Go out unit for output character, picture and/or video.Image output unit may include display floater, for example with LCD (Liquid Crystal Display, liquid crystal display), OLED (Organic Light-Emitting Diode, You Jifa Optical diode), the form such as Field Emission Display (field emission display, abbreviation FED) is the display floater that configures. Or image output unit can include reflected displaying device, such as electrophoresis-type (electrophoretic) display, or utilize The display of interference of light modulation tech (Interferometric Modulation of Light).Image output unit can be with Including individual monitor or various sizes of multiple display.In the specific embodiment of the present invention, above-mentioned input block 501 The contact panel for being adopted also can be while as the display floater of output unit 503.For example, display floater provides QWERTY keyboard Visual output, user operate contact panel using finger or pointer etc. according to the visual information seen, when contact panel is examined After measuring touch thereon or close gesture operation, it is determined that touch or close to gestures indicated by position, send process to Device unit 502 obtains the character of the position on mapping keyboard to form input password.Although in Figure 5, input block 501 with it is defeated Go out unit 503 be as two independent parts realizing input and the output function of access point apparatus, but in some enforcements In example, can contact panel and display floater it is integrated and realize the input of access point apparatus and output function.For example, shadow As output unit can show QWERTY keyboard, so that user is operated by touch control manner.
Memory element 505 can be used for store program codes and module, and processor unit 502 is stored in storage by operation The program code and module of unit 505, so as to performing the various function application of terminal and realizing data processing.Memory element 505 mainly include program storage area and data storage area, wherein, program storage area can storage program area, at least one function Required program code, such as obtains the character shown on mapping keyboard to form the program code of input password;Data storage Area can store and use created data (such as voice data, phone directory etc.) etc. according to access point apparatus.In present invention tool In body embodiment, memory element 505 can include volatile memory, such as non-volatile DRAM (Dynamic Random Access Memory) (Nonvolatile RandomAccess Memory, abbreviation NVRAM), phase change random access memory (Phase Change RAM, abbreviation PRAM), magnetic-resistance random access memory (Magetoresistive RAM, abbreviation MRAM) etc., can also include non- Volatile memory, for example, at least one disk memory, electronics can be erased and can be planned read only memory (Electrically Erasable ProgrammableRead-OnlyMemory, abbreviation EEPROM), flush memory device, such as anti-or flash memory (NOR Flash memory) or anti-and flash memory (NAND flash memory).Performed by nonvolatile storage storage processor unit Operating system and program code.Processor unit is from nonvolatile storage load operating program and data to internal memory and by numeral Content storage is in mass storage.Operating system includes for controlling and managing general system tasks, such as memory management, Storage device control, power management etc., and the various assemblies that contribute to communicating between various software and hardwares and/or driver. In embodiment of the present invention, operating system can be the android system of Google companies, the iOS system of Apple companies exploitation Or the Windows operating system of Microsoft Corporation exploitation etc., or the embedded OS that Vxworks is this kind of.
Power supply 506 is for being powered to maintain which to run to the different parts of access point apparatus.As general understanding, Power supply 506 can be built-in battery, such as common lithium ion battery, Ni-MH battery etc., also including directly setting to access point The external power supply of available electricity, such as AC adapters etc..In certain embodiments of the present invention, power supply 506 can also be made more It is extensive to define, can also for example include power-supply management system, charging system, power failure detection circuit, power supply changeover device or Inverter, power supply status indicator (such as light emitting diode), and be associated with electric energy generation, management and the distribution of mobile terminal Other any components.
In the access point apparatus shown in Fig. 5, the program that processor unit 502 is stored in can calling memory element 505 Code, for performing following operation:
Obtain the first packet that first terminal needs to send by wireless network to second terminal;
Parse the first packet to obtain the internet protocol address of second terminal;
Predict that the first packet reaches the prediction of second terminal through above-mentioned wireless network according to the IP address of second terminal Transmission path;
Determine whether to be encrypted the first packet according to the safety of above-mentioned prediction transmission path.
As can be seen here, using the access point apparatus described by Fig. 5, can be by the execution of script terminal unit to data encryption Work be transferred to access point apparatus and carry out, reduce the operation burden of terminal unit processor, and then reduce the work(of terminal unit Consumption.
Refer to Fig. 6, structural representations of the Fig. 6 for a kind of terminal unit 600 disclosed in the embodiment of the present invention.The terminal sets It is standby can be used as first terminal involved in the method described by above-mentioned Fig. 1 and Fig. 2 and second terminal.As shown in fig. 6, in order to just In explanation, the part related to the embodiment of the present invention is illustrate only, particular technique details is not disclosed, and refer to enforcement of the present invention Example method part.The terminal can be to include mobile phone, panel computer, PDA (Personal Digital Assistant, individual Digital assistants), POS (Point of Sales, point-of-sale terminal), the arbitrarily terminal unit such as vehicle-mounted computer, by mobile phone of terminal be Example:
Fig. 6 is illustrated that the block diagram of the part-structure of the mobile phone related to terminal provided in an embodiment of the present invention.With reference to figure 6, mobile phone includes:Radio frequency (Radio Frequency, RF) circuit 601, memorizer 602, input block 603, display unit 604, Sensor 605, voicefrequency circuit 606, Wireless Fidelity (wireless fidelity, WiFi) module 607, processor 608, and 609 grade part of power supply.It will be understood by those skilled in the art that the handset structure illustrated in Fig. 6 does not constitute the restriction to mobile phone, Can include than illustrating more or less of part, or combine some parts, or different part arrangements.
Each component parts of mobile phone are specifically introduced with reference to Fig. 6:
RF circuits 601 can be used to receiving and sending messages or communication process in, the reception and transmission of signal, especially, by base station After downlink information is received, process to processor 608;In addition, up data is activation will be designed to base station.Generally, RF circuits 601 Including but not limited to antenna, at least one amplifier, transceiver, bonder, low-noise amplifier (Low Noise Amplifier, LNA), duplexer etc..Additionally, RF circuits 601 can also be communicated with network and other equipment by radio communication. Above-mentioned radio communication can use arbitrary communication standard or agreement, including but not limited to global system for mobile communications (Global System of Mobile communication, GSM), general packet radio service (General Packet Radio Service, GPRS), CDMA (Code Division Multiple Access, CDMA), WCDMA (Wideband Code Division Multiple Access, WCDMA), Long Term Evolution (Long Term Evolution, LTE), Email, Short Message Service (Short Messaging Service, SMS) etc..
Memorizer 602 can be used to store software program and module, and processor 608 is stored in memorizer 602 by operation Software program and module, so as to perform various function application and the data processing of mobile phone.Memorizer 602 mainly can include Storing program area and storage data field, wherein, storing program area can storage program area, the application journey needed at least one function Sequence (such as sound-playing function, image player function etc.) etc.;Storage data field can be stored and use what is created according to mobile phone Data (such as voice data, phone directory etc.) etc..Additionally, memorizer 602 can include high-speed random access memory, can be with Including nonvolatile memory, for example, at least one disk memory, flush memory device or other volatile solid-states Part.
Input block 603 can be used for the numeral or character information of receives input, and produce with the user of mobile phone arrange with And the key signals input that function control is relevant.Specifically, input block 603 may include that contact panel 6031 and other inputs set Standby 6032.Contact panel 6031, also referred to as touch screen, user can be collected thereon or neighbouring touch operation (such as user makes The operation on contact panel 6031 or near contact panel 6031 with any suitable object such as finger, stylus or adnexa), And corresponding attachment means are driven according to formula set in advance.Optionally, contact panel 6031 may include touch detecting apparatus With two parts of touch controller.Wherein, touch detecting apparatus detect the touch orientation of user, and detect what touch operation brought Signal, transmits a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and it is changed Into contact coordinate, then processor 608 is given, and the order sent of receiving processor 608 can be performed.Furthermore, it is possible to adopt Contact panel 6031 is realized with polytypes such as resistance-type, condenser type, infrared ray and surface acoustic waves.Except contact panel 6031, input block 603 can also include other input equipments 6032.Specifically, other input equipments 6032 can include but One be not limited in physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc. Plant or various.
Display unit 604 can be used for show by user input information or be supplied to user information and mobile phone it is various Menu.Display unit 604 may include display floater 6041, optionally, can adopt liquid crystal display (Liquid Crystal Display, LCD), the form such as Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) it is aobvious to configure Show panel 6041.Further, contact panel 6031 can cover display floater 6041, when contact panel 6031 is detected thereon Or after neighbouring touch operation, processor 608 is sent to determine the type of touch event, with preprocessor 608 according to touch The type of event provides corresponding visual output on display floater 6041.Although in figure 6, contact panel 6031 and display surface Plate 6041 be as two independent parts realizing input and the input function of mobile phone, but in some embodiments it is possible to Will be contact panel 6031 and display floater 6041 integrated and input that is realizing mobile phone and output function.
Mobile phone may also include at least one sensor 605, such as optical sensor, motion sensor and other sensors. Specifically, optical sensor may include ambient light sensor and proximity transducer, wherein, ambient light sensor can be according to ambient light Light and shade adjusting the brightness of display floater 6041, proximity transducer can cut out display floater when mobile phone is moved in one's ear 6041 and/or backlight.Used as one kind of motion sensor, in the detectable all directions of accelerometer sensor, (generally three axles) add The size of speed, can detect that size and the direction of gravity when static, can be used to recognize application (the such as horizontal/vertical screen of mobile phone attitude Switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, tap) etc.;As for mobile phone also The other sensors such as configurable gyroscope, barometer, drimeter, thermometer, infrared ray sensor, will not be described here.
Voicefrequency circuit 606, speaker 6061, microphone 6062 can provide the audio interface between user and mobile phone.Audio frequency The signal of telecommunication after the voice data for receiving conversion can be transferred to speaker 6061, is converted to by speaker 6061 by circuit 606 Acoustical signal is exported;On the other hand, the acoustical signal of collection is converted to the signal of telecommunication by microphone 6062, is connect by voicefrequency circuit 606 Voice data is converted to after receipts, then after voice data output processor 608 is processed, Jing RF circuits 601 are such as another to be sent to One mobile phone, or voice data is exported to memorizer 602 further to process.
WiFi belongs to short range wireless transmission technology, and mobile phone can help user's transceiver electronicses postal by WiFi module 607 Part, browse webpage and access streaming video etc., it has provided the user wireless broadband internet and has accessed.Although Fig. 6 shows WiFi module 607, but it is understood that, which is simultaneously not belonging to must be configured into for mobile phone, can not change as needed completely Omit in the scope of the essence for becoming invention.
Processor 608 is the control centre of mobile phone, using various interfaces and the various pieces of connection whole mobile phone, is led to Cross operation or perform the software program and/or module that are stored in memorizer 602, and call and be stored in memorizer 602 Data, perform the various functions and processing data of mobile phone, so as to carry out integral monitoring to mobile phone.Optionally, processor 608 can be wrapped Include one or more processing units;Preferably, processor 608 can integrated application processor and modem processor, wherein, should Operating system, user interface and application program etc. are processed mainly with processor, modem processor mainly processes radio communication. It is understood that above-mentioned modem processor can not also be integrated in processor 608.
Mobile phone also includes the power supply 609 (such as battery) powered to all parts, it is preferred that power supply can pass through power supply pipe Reason system is logically contiguous with processor 608, so as to realize management charging, electric discharge and power managed by power-supply management system Etc. function.
Although not shown, mobile phone can also include photographic head, bluetooth module etc., will not be described here.
In previous embodiment, each step method flow process can be realized based on the structure of the terminal unit.Wherein application layer and Operating system nucleus can be considered the ingredient of the abstract structure of processor 608.
It should be noted that in above-mentioned data encryption device, access point apparatus and terminal unit embodiment, included is each What individual unit was simply divided according to function logic, but above-mentioned division is not limited to, as long as corresponding work(can be realized Can;In addition, the specific name of each functional unit is also only to facilitate mutually differentiation, is not limited to the guarantor of the present invention Shield scope.
In addition, one of ordinary skill in the art will appreciate that realizing all or part of step in above-mentioned each method embodiment The hardware that program be can be by instruct correlation is completed, and corresponding program can be stored in a kind of computer-readable recording medium In, storage medium mentioned above can be read only memory, disk or CD etc..
The present invention preferably specific embodiment is these are only, but protection scope of the present invention is not limited thereto, it is any Those familiar with the art the change that can readily occur in or is replaced in the technical scope that the embodiment of the present invention is disclosed Change, should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of claim Enclose and be defined.

Claims (10)

1. a kind of data ciphering method, it is characterised in that include:
Access point obtains the first packet that first terminal needs to send by wireless network to second terminal;
Parse first packet to obtain the internet protocol address of the second terminal;
Predict that first packet reaches described second eventually through the wireless network according to the IP address of the second terminal The prediction transmission path at end;
Determine whether to be encrypted first packet according to the safety of the prediction transmission path.
2. method according to claim 1, it is characterised in that described according to the IP address of second terminal prediction described the One packet reaches the prediction transmission path of the second terminal through the wireless network, including:
Described access point determines the subnet IP of the affiliated subnet of the second terminal according to the IP address of the second terminal;
Recorded according to the subnet IP query histories, so that the second packet whether is transmitted across before determining current time to described the The affiliated subnet of two terminals;
If so, the historic transmission path for sending second packet to the affiliated subnet of the second terminal is then obtained as described Prediction transmission path.
3. method according to claim 2, it is characterised in that the safety according to the prediction transmission path determines is It is no that first packet is encrypted, including:
The record whether the first transmission node in the described access point inquiry prediction transmission path has data to be stolen;
If the record that first transmission node there are data to be stolen, judge that the prediction transmission path is dangerous, it is right to need First packet is encrypted.
4. according to any one methods described in claims 1 to 3, it is characterised in that methods described also includes:
Described access point parses first packet to obtain the data content in first packet;
Carry out keyword extraction to determine whether to be encrypted first packet to the data content.
5. method according to claim 4, it is characterised in that described to carry out keyword extraction to determine to the data content Whether first packet is encrypted, including:
Described access point determines whether the data content in first packet includes account number cipher information;
If the data content in first packet includes account number cipher information, to first Data Packet Encryption.
6. a kind of data encryption device, it is characterised in that include:
First acquisition unit, needs the first packet sent by wireless network to second terminal for obtaining first terminal;
First resolution unit, for parsing first packet to obtain the internet protocol address of the second terminal;
Predicting unit, for predicting that first packet is arrived through the wireless network according to the IP address of the second terminal Up to the prediction transmission path of the second terminal;
Determining unit, for determining whether to carry out adding to first packet according to the safety of the prediction transmission path It is close.
7. device according to claim 6, it is characterised in that the predicting unit, including:
First determination subelement, for the subnet of the affiliated subnet of the second terminal is determined according to the IP address of the second terminal IP;
First inquiry subelement, for being recorded according to the subnet IP query histories, whether to send before determining current time The second packet is crossed to the affiliated subnet of the second terminal;
Subelement is obtained, if for the second packet being transmitted across to the affiliated subnet of the second terminal, obtaining and sending described the The historic transmission path of two packets to the affiliated subnet of the second terminal is used as the prediction transmission path.
8. device according to claim 7, it is characterised in that the determining unit, including:
Second inquiry subelement, for inquiring about whether the first transmission node in the prediction transmission path has what data were stolen Record;
Judge subelement, if the record for there are data to be stolen for first transmission node, judge the prediction transmission road Footpath is dangerous, and needs are encrypted to first packet.
9. the device according to any one in claim 6~8, it is characterised in that described device also includes:
Second resolution unit, for parsing first packet to obtain the data content in first packet;
Extraction unit, for carrying out keyword extraction to determine whether to carry out adding to first packet to the data content It is close.
10. device according to claim 9, it is characterised in that the extraction unit, including:
Second determination subelement, for determining the data content in first packet whether comprising account number cipher information;
Encryption sub-unit operable, if including account number cipher information for the data content in first packet, to described first Data Packet Encryption.
CN201611271125.3A 2016-12-30 2016-12-30 Data ciphering method, device and access point apparatus Active CN106603568B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611271125.3A CN106603568B (en) 2016-12-30 2016-12-30 Data ciphering method, device and access point apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611271125.3A CN106603568B (en) 2016-12-30 2016-12-30 Data ciphering method, device and access point apparatus

Publications (2)

Publication Number Publication Date
CN106603568A true CN106603568A (en) 2017-04-26
CN106603568B CN106603568B (en) 2019-09-17

Family

ID=58582125

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611271125.3A Active CN106603568B (en) 2016-12-30 2016-12-30 Data ciphering method, device and access point apparatus

Country Status (1)

Country Link
CN (1) CN106603568B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107360566A (en) * 2017-07-25 2017-11-17 深圳市盛路物联通讯技术有限公司 Upstream data control extension method and device of the internet-of-things terminal based on type

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624722A (en) * 2012-03-05 2012-08-01 苏州市职业大学 Safe transferring method of data based on network
CN103916233A (en) * 2014-03-28 2014-07-09 小米科技有限责任公司 Information encryption method and device
CN104935593A (en) * 2015-06-16 2015-09-23 杭州华三通信技术有限公司 Data message transmitting method and device
US9338092B1 (en) * 2014-06-20 2016-05-10 Amazon Technologies, Inc. Overlay networks for application groups
CN105847072A (en) * 2015-01-15 2016-08-10 华为技术有限公司 Method and device for detecting transmission path of data stream in software defined network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624722A (en) * 2012-03-05 2012-08-01 苏州市职业大学 Safe transferring method of data based on network
CN103916233A (en) * 2014-03-28 2014-07-09 小米科技有限责任公司 Information encryption method and device
US9338092B1 (en) * 2014-06-20 2016-05-10 Amazon Technologies, Inc. Overlay networks for application groups
CN105847072A (en) * 2015-01-15 2016-08-10 华为技术有限公司 Method and device for detecting transmission path of data stream in software defined network
CN104935593A (en) * 2015-06-16 2015-09-23 杭州华三通信技术有限公司 Data message transmitting method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107360566A (en) * 2017-07-25 2017-11-17 深圳市盛路物联通讯技术有限公司 Upstream data control extension method and device of the internet-of-things terminal based on type
CN107360566B (en) * 2017-07-25 2020-11-27 深圳市盛路物联通讯技术有限公司 Type-based uplink data encryption control method and device for Internet of things terminal

Also Published As

Publication number Publication date
CN106603568B (en) 2019-09-17

Similar Documents

Publication Publication Date Title
CN104142862B (en) The overload protection method of server and device
CN104901991B (en) Virtual resource transfer method, device and system
CN105933904A (en) Network connection method and device
CN103731810A (en) Access point sharing method and device
CN111355707B (en) Data processing method and related equipment
CN103763112B (en) A kind of user identity protection method and apparatus
CN104376353A (en) Two-dimension code generating method, terminal and server and two-dimension code reading method, terminal and server
CN104580167A (en) Data transmission method, device and system
CN104426919A (en) Page sharing method, device and system
CN104967601A (en) Data processing method and apparatus
CN106658354B (en) A kind of data transmission method and equipment
CN105704712B (en) Network resource sharing method, mobile terminal and server
CN106658623A (en) Hotspot network switching method and terminal equipment
CN107395469A (en) The location information acquisition method and device of intelligent home device
CN106550361A (en) A kind of data transmission method and equipment
CN107590397A (en) A kind of method and apparatus for showing embedded webpage
CN106685948A (en) Data processing method, terminal, communication device and data processing system
CN106454976A (en) Switching method and device for wireless network and terminal
CN104639394B (en) Statistical method, the device and system of client number of users
CN105246075A (en) Access point connecting method and device
CN107404720A (en) The method and relevant device that a kind of wireless setting information is reset
CN103561155B (en) Send the method for note, device and terminal
CN107872791A (en) Access point connection method and device
CN107465646A (en) One kind applies method for down loading, system and relevant device
CN107102913B (en) Data back up method, device and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18

Applicant after: OPPO Guangdong Mobile Communications Co., Ltd.

Address before: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18

Applicant before: Guangdong OPPO Mobile Communications Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant