CN107948208A - A kind of method and device of network application layer transparent encryption - Google Patents

A kind of method and device of network application layer transparent encryption Download PDF

Info

Publication number
CN107948208A
CN107948208A CN201810012503.9A CN201810012503A CN107948208A CN 107948208 A CN107948208 A CN 107948208A CN 201810012503 A CN201810012503 A CN 201810012503A CN 107948208 A CN107948208 A CN 107948208A
Authority
CN
China
Prior art keywords
message
module
encryption
data
application layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810012503.9A
Other languages
Chinese (zh)
Inventor
滕建桓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bao Mu Science And Technology (tianjin) Co Ltd
Original Assignee
Bao Mu Science And Technology (tianjin) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bao Mu Science And Technology (tianjin) Co Ltd filed Critical Bao Mu Science And Technology (tianjin) Co Ltd
Priority to CN201810012503.9A priority Critical patent/CN107948208A/en
Publication of CN107948208A publication Critical patent/CN107948208A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of method and device of network application layer transparent encryption.With the use of Receive message module, depth detection module, encryption/decryption module and data transfer module, create one and method is encrypted in network application layer data in data transmission procedure, and transparent encryption is realized according to processing mode exclusive in method.Provide one kind efficiently, reliable network application layer data encryption/decryption method, not only the granularity of encryption and decryption is small, and data volume is few, and more efficient using parallel processing;Encryption and decryption does not change the network message structure of former data message, does not interfere with the transmission of data.Reduce the probability of message error, reduce influence of the encryption and decryption to current network conditions;Different network environments can be adapted to according to different business demand, free configuration rule, using flexible.

Description

A kind of method and device of network application layer transparent encryption
Technical field
The invention belongs to network communication field, more particularly, to a kind of method and device of network application layer transparent encryption.
Background technology
Data encryption is used to ensure data and the safety of network, plays an increasingly important role in daily life. And transparent encryption refers to that manual intervention is not required in encrypted action, it is automatically performed by the system or software that have set, so Substantially increase usability and the convenience of deployment.Protection for local data is generally using the reinforcing of operating system, software The technology such as security hardening, also differ, lead to relative to the safeguard measure selected by different software and different operating system It is often by adding driver in operating system nucleus, controlling the read-write operation to data, or be in software and operation Calling addition Hook Hook Functions between system are handled.This protected mode, the realization of inner nuclear layer are needed according to different Operating system develops corresponding driver, and client layer then will call API to set corresponding hook letter according to the difference of application Number.It is restricted using operating system environment for application, and local data are only protected, for the data of transmitting procedure Security is not protected.And for needing the protection of transmitted data on network that client and server end interacts, generally make Protected with network layer ipsec protocol or application layer ssl protocol, intermediate layer is added in the message of ICP/IP protocol transmission Agreement, reconstructed file form, is encrypted message data.The encapsulation that these protected modes are required to data packet messages carries out Modification, adds corresponding protocol header and protocol format.This protected mode is unpacked and recombinated to the message of transmission, and portion Need to carry out a large amount of relevant settings during administration, operation setting is cumbersome, efficiency of transmission declines, it is impossible to accomplishes transparent encryption.
The content of the invention
In view of this, the present invention is directed to propose a kind of method and device of network application layer transparent encryption, with the use of report Literary acquisition module, depth detection module, encryption/decryption module and data transfer module;Create one in data transmission procedure to Method is encrypted in network application layer data, and realizes transparent encryption according to processing mode exclusive in method, it is not necessary to numerous Trivial setting and the modification of message format, have only carried out encryption and decryption processing to the specific data message of message, realize transparent add It is close, effectively increase efficiency.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of method and device of network application layer transparent encryption, using client and server end model, establishes client End and the information encryption transmission of server end, use following steps encrypted transmission:
Step 1:Receive message module:Information data is taken by network interface card transmitting-receiving, carries out packet capturing Receive message;
Step 2:Depth detection module;Depth detection is carried out to the message that is obtained in step 1, according to the identification code of agreement into Row matching, obtains the protocol type and message data information of message;When there is no during match cognization code, depth detection module can be into Row machine learning, detects and records new identification code automatically, it is not necessary to manually sets and imports identification code;
Step 3:Encryption/decryption module;According to the type of message after depth detection identification in step 2 and the report under specific protocol Literary data message, is encrypted specific message data information;Encryption Algorithm is AES, 3DES, national secret algorithm and hardware Any of encrypted card;
Step 4:Data transfer module;Sent encrypted message is completed in step 3 by data transfer module to service Device end, after server end carries out the Receive message of step 1, is detected by step 2 and has been encrypted, and completes to report by step 3 The decryption of text, completes to receive the reduction of ciphertext message, realizes that data are transmitted in the transparent encryption of network application layer.
Further, configuration management module is managed for configuration when carrying out step 1-4;Configuration management module is supported local Configured with remote management, default configuration management can be carried out, customized rule and strategy can also be manually set.
Further, configuration management module has two kinds of different operator schemes of webUI and order line.
Further, usage log logging modle records the disposition of step 1-4.
A kind of device of network application layer transparent encryption, including client and server end, client and server end lead to Letter connection, client and server be equipped with sequentially connected Receive message module, depth detection module, encryption/decryption module and Data transfer module.
Receive message module carries out packet capturing Receive message;
Depth detection module is matched according to the identification code of agreement, obtains the protocol type and message data letter of message Breath;
Encryption/decryption module;The message data information under type of message and specific protocol after being identified according to depth detection is right Specific message data information is encrypted;
Data transfer module;Sent encrypted message is completed by data transfer module to server end, server end After carrying out Receive message, detected and be encrypted by depth detection module, the decryption of message is completed by encryption/decryption module, Completion receives the reduction of ciphertext message.
Relative to the prior art, a kind of method and device of network application layer transparent encryption of the present invention, have with Lower advantage:
A kind of method and device of network application layer transparent encryption of the present invention, with the use of Receive message module, Depth detection module, encryption/decryption module and data transfer module, create one in data transmission procedure in the network application number of plies Transparent encryption is realized according to the method that is encrypted, and according to processing mode exclusive in method.Provide one kind efficiently, reliably Network application layer data encryption/decryption method, not only the granularity of encryption and decryption is small, and data volume is few, and using parallel processing efficiency more It is high;Encryption and decryption does not change the network message structure of former data message, does not interfere with the transmission of data.Reduce the several of message error Rate, reduces influence of the encryption and decryption to current network conditions;Can be according to different business demand, free configuration rule, using spirit It is living, adapt to different network environments.
Brief description of the drawings
The attached drawing for forming the part of the present invention is used for providing a further understanding of the present invention, schematic reality of the invention Apply example and its explanation is used to explain the present invention, do not form inappropriate limitation of the present invention.
In the accompanying drawings:
Fig. 1 is a kind of method and device flow diagram of network application layer transparent encryption described in the embodiment of the present invention.
Embodiment
It should be noted that in the case where there is no conflict, the feature in embodiment and embodiment in the present invention can phase Mutually combination.
In the description of the present invention, it is to be understood that term " " center ", " longitudinal direction ", " transverse direction ", " on ", " under ", The orientation or position relationship of the instruction such as "front", "rear", "left", "right", " vertical ", " level ", " top ", " bottom ", " interior ", " outer " are Based on orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description, rather than instruction or dark Show that the device of meaning or element there must be specific orientation, with specific azimuth configuration and operation, thus it is it is not intended that right The limitation of the present invention.In addition, term " first ", " second " etc. are only used for description purpose, and it is not intended that instruction or hint phase To importance or the implicit quantity for indicating indicated technical characteristic.Thus, the feature for defining " first ", " second " etc. can To express or implicitly include one or more this feature.In the description of the present invention, unless otherwise indicated, " multiple " It is meant that two or more.
In the description of the present invention, it is necessary to illustrate, unless otherwise clearly defined and limited, term " installation ", " phase Even ", " connection " should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected, or be integrally connected;Can To be mechanical connection or be electrically connected;It can be directly connected, can also be indirectly connected by intermediary, Ke Yishi Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood by concrete condition Concrete meaning in the present invention.
Below with reference to the accompanying drawings and the present invention will be described in detail in conjunction with the embodiments.
As shown in Figure 1, a kind of method and device of network application layer transparent encryption, using client and server end mould Type, establishes the information encryption transmission of client and server, uses following steps encrypted transmission:
Step 1:Receive message module:Information data is taken by network interface card transmitting-receiving, carries out packet capturing Receive message;
Step 2:Depth detection module;Depth detection is carried out to the message that is obtained in step 1, according to the identification code of agreement into Row matching, obtains the protocol type and message data information of message;When there is no during match cognization code, depth detection module can be into Row machine learning, detects and records new identification code automatically, it is not necessary to manually sets and imports identification code;
Step 3:Encryption/decryption module;According to the type of message after depth detection identification in step 2 and the report under specific protocol Literary data message, is encrypted specific message data information;Encryption Algorithm is AES, 3DES, national secret algorithm and hardware Any of encrypted card;
Step 4:Data transfer module;Sent encrypted message is completed in step 3 by data transfer module to service Device end, after server end carries out the Receive message of step 1, is detected by step 2 and has been encrypted, and completes to report by step 3 The decryption of text, completes to receive the reduction of ciphertext message, realizes that data are transmitted in the transparent encryption of network application layer.
As shown in Figure 1, configuration management module is managed for configuration when carrying out step 1-4;Configuration management module supports this Ground and remote management configuration, can carry out default configuration management, can also manually be set customized rule and strategy.
As shown in Figure 1, configuration management module has two kinds of different operator schemes of webUI and order line.
As shown in Figure 1, usage log logging modle records the disposition of step 1-4.
The specific embodiment of the present invention is as follows:With the corporate HQ in real network environment and in other places branch company it Between communication exemplified by, the role of the server-side mentioned in this method and client plays the part of respectively in corporate HQ and branch company.First Branch company actively initiates the communicating requirement to parent company, and data flow can first flow through step 1 Receive message module progress message and obtain Take, then message resumes in platform relay and is sent to step 2 depth detection module, further analyzes message information detection, profit Message identification code is determined with protocol identification technology and machine learning.Determine whether message needs ciphertext to transmit.If meet close The condition of text transmission, enters step 3 message encryption/decryption module.The negotiation that the module can actively conversate with server-side, it is close The generation of key, the encryption of message is carried out using the key of generation.It can finally turn by encrypted message through step 4 data Module is sent to be sent to the server-side of parent company.After server-side receives this message, it can be reported according to the similar step of client Text obtains, depth detection, determines that message is encrypted.Cipher-text information is decrypted in the encryption/decryption module of invocation step 3 afterwards. For the relevant configuration of the safety communications equipment cryptographic operation of parent company and branch company, realized by configuration management module.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention With within principle, any modification, equivalent replacement, improvement and so on, should all be included in the protection scope of the present invention god.

Claims (5)

  1. A kind of 1. method and device of network application layer transparent encryption, it is characterised in that:Using client and server end model, The information encryption transmission of client and server is established, uses following steps encrypted transmission:
    Step 1:Receive message module:Information data is taken by network interface card transmitting-receiving, carries out packet capturing Receive message;
    Step 2:Depth detection module;Depth detection is carried out to the message obtained in step 1, according to the progress of the identification code of agreement Match somebody with somebody, obtain the protocol type and message data information of message;When there is no during match cognization code, depth detection module can carry out machine Device learns, and detects automatically and records new identification code, it is not necessary to manually sets and imports identification code;
    Step 3:Encryption/decryption module;According to the type of message after depth detection identification in step 2 and the message number under specific protocol It is believed that breath, is encrypted specific message data information;Encryption Algorithm is AES, 3DES, national secret algorithm and hardware are encrypted Any of card;
    Step 4:Data transfer module;Sent encrypted message is completed in step 3 by data transfer module to server end, After server end carries out the Receive message of step 1, detected and be encrypted by step 2, the solution of message is completed by step 3 It is close, complete to receive the reduction of ciphertext message, realize that data are transmitted in the transparent encryption of network application layer.
  2. A kind of 2. method and device of network application layer transparent encryption according to claim 1, it is characterised in that:Configuration pipe Reason module is managed for configuration when carrying out step 1-4;Configuration management module supports local and remote administration configuration, can carry out Default configuration management, can also manually be set customized rule and strategy.
  3. A kind of 3. method and device of network application layer transparent encryption according to claim 2, it is characterised in that:Configuration pipe Reason module has two kinds of different operator schemes of webUI and order line.
  4. A kind of 4. method and device of network application layer transparent encryption according to claim 3, it is characterised in that:Use day Will logging modle records the disposition of step 1-4.
  5. A kind of 5. device of network application layer transparent encryption, it is characterised in that:Including client and server end, the client And server end communication connection, the client and the server end be equipped with sequentially connected Receive message module, Depth detection module, encryption/decryption module and data transfer module;
    Receive message module carries out packet capturing Receive message;
    Depth detection module is matched according to the identification code of agreement, obtains the protocol type and message data information of message;
    Encryption/decryption module;The message data information under type of message and specific protocol after being identified according to depth detection, to specific Message data information be encrypted;
    Data transfer module;Sent encrypted message is completed by data transfer module to server end, server end progress After Receive message, detected and be encrypted by depth detection module, the decryption of message is completed by encryption/decryption module, completed The reduction of received ciphertext message.
CN201810012503.9A 2018-01-05 2018-01-05 A kind of method and device of network application layer transparent encryption Pending CN107948208A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810012503.9A CN107948208A (en) 2018-01-05 2018-01-05 A kind of method and device of network application layer transparent encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810012503.9A CN107948208A (en) 2018-01-05 2018-01-05 A kind of method and device of network application layer transparent encryption

Publications (1)

Publication Number Publication Date
CN107948208A true CN107948208A (en) 2018-04-20

Family

ID=61938466

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810012503.9A Pending CN107948208A (en) 2018-01-05 2018-01-05 A kind of method and device of network application layer transparent encryption

Country Status (1)

Country Link
CN (1) CN107948208A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110545256A (en) * 2019-07-15 2019-12-06 中移(杭州)信息技术有限公司 Data transmission method, system, electronic device, transfer server and storage medium
CN110602053A (en) * 2019-08-20 2019-12-20 华能四川水电有限公司 Application process non-inductive kernel layer encryption and decryption system and method
CN112272121A (en) * 2020-09-21 2021-01-26 中国科学院信息工程研究所 Effect verification method and system for flow monitoring
CN117354057A (en) * 2023-12-01 2024-01-05 杭州海康威视数字技术股份有限公司 Malicious traffic detection method, device and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102315974A (en) * 2011-10-17 2012-01-11 北京邮电大学 Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows
CN106161015A (en) * 2016-09-29 2016-11-23 长春大学 A kind of quantum key distribution method based on DPI
CN106355101A (en) * 2015-07-15 2017-01-25 中国科学院声学研究所 Transparent file encryption and decryption system and method for simple storage services
CN106789725A (en) * 2016-11-10 2017-05-31 瑞斯康达科技发展股份有限公司 It is a kind of to realize the methods, devices and systems that flow is redirected
US20170374016A1 (en) * 2016-06-23 2017-12-28 Cisco Technology, Inc. Utilizing service tagging for encrypted flow classification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102315974A (en) * 2011-10-17 2012-01-11 北京邮电大学 Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows
CN106355101A (en) * 2015-07-15 2017-01-25 中国科学院声学研究所 Transparent file encryption and decryption system and method for simple storage services
US20170374016A1 (en) * 2016-06-23 2017-12-28 Cisco Technology, Inc. Utilizing service tagging for encrypted flow classification
CN106161015A (en) * 2016-09-29 2016-11-23 长春大学 A kind of quantum key distribution method based on DPI
CN106789725A (en) * 2016-11-10 2017-05-31 瑞斯康达科技发展股份有限公司 It is a kind of to realize the methods, devices and systems that flow is redirected

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110545256A (en) * 2019-07-15 2019-12-06 中移(杭州)信息技术有限公司 Data transmission method, system, electronic device, transfer server and storage medium
CN110602053A (en) * 2019-08-20 2019-12-20 华能四川水电有限公司 Application process non-inductive kernel layer encryption and decryption system and method
CN110602053B (en) * 2019-08-20 2022-05-13 华能四川能源开发有限公司 Application process non-inductive kernel layer encryption and decryption system and method
CN112272121A (en) * 2020-09-21 2021-01-26 中国科学院信息工程研究所 Effect verification method and system for flow monitoring
CN117354057A (en) * 2023-12-01 2024-01-05 杭州海康威视数字技术股份有限公司 Malicious traffic detection method, device and equipment
CN117354057B (en) * 2023-12-01 2024-03-05 杭州海康威视数字技术股份有限公司 Malicious traffic detection method, device and equipment

Similar Documents

Publication Publication Date Title
CN103927654B (en) A kind of mobile terminal contacts the means of communication, device and method of payment with POS
CN107948208A (en) A kind of method and device of network application layer transparent encryption
TWI254523B (en) A system and method for managing network equipment via e-mail
US9332009B2 (en) Use, provision, customization and billing of services for mobile users through distinct electronic apparatuses
CN112104604B (en) System and method for realizing secure access service based on electric power Internet of things management platform
CN104902465B (en) System of real name is opened an account remote writing-card method and system
CN106101147A (en) A kind of method and system realizing smart machine and remote terminal dynamic encryption communication
CN103975568B (en) There is safety management system and the method for managing security of multiple Relay Servers
CN101771973B (en) Data short message processing method, data short message processing equipment and data short message processing system
CN104464054A (en) Method for opening electronic door lock by utilizing smart phone and management system thereof
CN108777681A (en) Network data unidirectional transmission control method based on NDIS filtration drives
CN102348210A (en) Method and mobile security equipment for security mobile officing
CN105119894A (en) Communication system and communication method based on hardware safety module
CN110635894B (en) Quantum key output method and system based on frame protocol format
US9485217B2 (en) Method for configuring network nodes of a telecommunications network, telecommunications network, program and computer program product
CN110519203A (en) A kind of data encryption and transmission method and device
CN108011867B (en) Safe encryption method and system for railway signals
US20080106423A1 (en) Monitoring Systems and Methods that Incorporate Instant Messaging
CN105228114A (en) A kind of Encrypted short message receive-transmit system based on power failure navigation system and method
CN106571937A (en) Router, mobile terminal and alarm information sending and reception method
CN101162995B (en) Communication system and communication method of chaos safety information internet transmission
US20130024497A1 (en) Communication device management over a telecommunications network
EP1397014A1 (en) WIM (WAP Identification module) Primitives for handling the secure socket layer protocol (SSL)
CN101227488A (en) Registration type portal program communication system, communication device and communication method
CN110191152B (en) Safe and reliable communication method for intelligent meter

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180420

RJ01 Rejection of invention patent application after publication