Summary of the invention
Based on this, it is necessary to can not conveniently, it is comprehensive ensure data transmission security aiming at the problem that, provide a kind of convenience with
And comprehensive information secure communications method, system, network interface card and storage medium.
A kind of information secure communications method is applied to network interface card, and Network card setup is in data sending terminal, information secure communications method
Include:
Receive the communication configuration parameter that data sending terminal is sent;
According to communication configuration parameter, encrypted public key is obtained;
The transmission data of data sending terminal output are carried out based on network layer using asymmetric arithmetic according to encrypted public key
The multi-layer security of framework obtains encryption data;
Encryption data is pushed to the data receiver of communication configuration parameter setting.
Communication configuration parameter includes: the address of data sending terminal, data sending terminal hard disk sequence in one of the embodiments,
The communication of row number, the address of data receiver, the hard disk serial number of data receiver and data sending terminal and data receiver
Time.
In one of the embodiments, according to communication configuration parameter, after obtaining encrypted public key further include:
According to the variation of call duration time, encrypted public key is updated.
In one of the embodiments, rivest, shamir, adelman include RSA (RSA algroithm) algorithm, knapsack algorithm,
At least one of Elgamal algorithm and ECC (Elliptic curve cryptography, elliptic curve encryption algorithm) algorithm are calculated
Method.
Transmission in one of the embodiments, according to encrypted public key, using asymmetric arithmetic, to data sending terminal output
Data carry out the multi-layer security based on network layer architecture, obtain encryption data and include:
According to encrypted public key, using asymmetric arithmetic, to transmitting data in application layer, transmit data, network in transport layer
The transmission data transmitted in data and data link layer in data at least one layer are transmitted in layer to be encrypted.
Transmission in one of the embodiments, according to encrypted public key, using asymmetric arithmetic, to data sending terminal output
Data carry out the multi-layer security based on network layer architecture, obtain encryption data further include:
Encrypted instruction is received, encrypted instruction characterizes the encryption level of encrypted transmission data;
Corresponding level encryption is carried out to transmission data according to the encryption level of encrypted instruction characterization, obtains encryption data.
Encryption data is pushed in one of the embodiments, after the data receiver of communication configuration parameter setting also
Include:
Encrypted transmission data is received, encrypted transmission data is that data receiver is added according to the corresponding private key of encrypted public key
The encrypted transmission data of close transmission;
Verifying is decrypted to encrypted transmission data according to encrypted public key.
A kind of information secure communications system, information secure communications system loads in network interface card, Network card setup in data sending terminal,
Information secure communications system includes:
Parameter receiving module, the communication configuration parameter that transmitting terminal is sent for receiving data;
Public key acquisition module, for obtaining encrypted public key according to communication configuration parameter;
Encrypting module, for according to encrypted public key, using asymmetric arithmetic, to the transmission data of data sending terminal output into
Multi-layer security of the row based on network layer architecture, obtains encryption data;
Encrypting module, for encryption data to be pushed to the data receiver of communication configuration parameter setting.
A kind of network interface card, including memory and processor, memory is stored with network interface card program, when processor executes network interface card program
Following steps:
Receive the communication configuration parameter that data sending terminal is sent;
According to communication configuration parameter, encrypted public key is obtained;
The transmission data of data sending terminal output are carried out based on network layer using asymmetric arithmetic according to encrypted public key
The multi-layer security of framework obtains encryption data;
Encryption data is pushed to the data receiver of communication configuration parameter setting.
A kind of network interface card readable storage medium storing program for executing is stored with network interface card program, and following step is realized when network interface card program is executed by processor
It is rapid:
Receive the communication configuration parameter that data sending terminal is sent;
According to communication configuration parameter, encrypted public key is obtained;
The transmission data of data sending terminal output are carried out based on network layer using asymmetric arithmetic according to encrypted public key
The multi-layer security of framework obtains encryption data;
Encryption data is pushed to the data receiver of communication configuration parameter setting.
Above- mentioned information safety communicating method, system, network interface card and storage medium, Network card setup is in data sending terminal, by connecing
Receive the communication configuration parameter that data sending terminal is sent;According to communication configuration parameter, encrypted public key is obtained;According to encrypted public key, adopt
With asymmetric arithmetic, the multi-layer security based on network layer architecture is carried out to the transmission data of data sending terminal output, obtains encryption
Data;Encryption data is pushed to the data receiver of communication configuration parameter setting.In entire ciphering process, encryption is applied to net
Card carries out the transmission data in network interface card using rivest, shamir, adelman layer-by-layer when network interface card starting according to the public key of acquisition
Encryption carries out multiple layer encrypting protection to each layer of transmission data, does not influence the computer speed of service and carries out to transmission data more
Layer encryption conveniently and has comprehensively ensured data transmission security.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.
In one of the embodiments, as shown in Figure 1, providing a kind of information secure communications method, it is applied to network interface card, net
Card is set to data sending terminal, comprising the following steps:
S110: the communication configuration parameter that data sending terminal is sent is received.
Communication configuration parameter may include: the address of communicating pair, the time of connection setup, the hard disk of intercommunication terminal
Sequence number, subnet mask, gateway etc..Further, network interface card is networking component of the work in link layer, is that LAN connection calculates
The interface of machine and transmission medium, the physical connection and electric signal being not only able to achieve between local network transport medium are matched, are also related to
And the sending and receiving of frame, the encapsulation of frame and opening, medium access control, data coding and the function of decoding and data buffer storage
Energy.Network interface card may include Ethernet card, token ring network interface card and PCMCIA ((PersonalComputerMemoryCardInte
RnationalAssoci ationPC, machine RAM card international federation) network interface card etc., in the present embodiment, it is with Ethernet card
Example, Ethernet card setting is in data sending terminal, and when transmitting terminal starting, Ethernet card starts automatically, complete data sending terminal with
The data accurate delivery of data receiver.
S120: according to communication configuration parameter, encrypted public key is obtained.
It needs to obtain communicating pair address, hard disk sequence by Handshake Protocol before data sending terminal is communicated with destination
Whether row number etc., confirmation both sides' identity communicate, and are set to the network interface card of transmitting terminal, believe in transmitting terminal and receiving end handshake exchange
When breath, obtain transmitting terminal address, transmitting terminal hard disk serial number, receiving end address, receiving end hard disk serial number and receiving end with
The communication configuration parameters such as transmitting terminal connection setup time, according to obtaining transmitting terminal address, transmitting terminal hard disk serial number, receiving end
Location, receiving end hard disk serial number and receiving end and transmitting terminal connection setup time form encrypted public key, for example, public key can be with
It is expressed as f (T, Mac_A, Mac_B, S_1, S_2), wherein T is the time of communication connection, and Mac_A indicates the address of transmitting terminal,
Mac_B indicates the address of receiving end, and S_1 and S_2 then respectively indicate the hard of the operating system installation place of transmitting terminal and receiving end
The sequence number of disk.Be understood that when, public key includes receiving end public key and transmitting terminal public key, when transmitting terminal sends number to receiving end
According to when, data are encrypted using receiving end public key, are sent to receiving end.
S130: the transmission data of data sending terminal output are carried out based on net using asymmetric arithmetic according to encrypted public key
The multi-layer security of network layers framework obtains encryption data.
Asymmetric arithmetic is also public key encryption, it is encoded with the relevant cipher key pair information of two mathematics,
In a key public-key cryptography, can arbitrarily issue the people that expectation is securely communicated with key holder, public-key cryptography is used for
Information is encrypted, second key is private cipher key, belongs to key holder, and key holder can be used private key to received letter
Breath is decrypted.Network layer architecture refers to the progress multi-zone supervision mode in data transmission procedure, such as OSI (Open
System Interconnect) 7 layer network structures and TCP (Transmission Control Protocol, transmission control
Agreement) 4 layers of hierarchical model, in the present embodiment, by taking TCP layer time model as an example, network interface card, which receives transmitting terminal, will be transferred to receiving end
Transmission data, based on hierarchical model to transmission data carry out multi-layer security processing, obtain through multi-layer security treated encryption
Data, it is to be understood that be based on rivest, shamir, adelman, for data sending terminal, the public key that network interface card obtains is data
Receiving end public key, data sending terminal carry out data encryption using the public key of data receiver, and data receiver receives the biography of encryption
Transmission of data, the private key corresponding with encrypted public key held with itself are decrypted, and in data receiver own private key pair
When transmission data are encrypted, data sending terminal can be decrypted with the encrypted public key of receiving end.
S140: encryption data is pushed to the data receiver of communication configuration parameter setting.
The transmission data that data sending terminal needs to be transferred to data receiver are carried out multi-layer security by network interface card, obtain encryption number
According to rear, according to the receiving end address in communication configuration parameter, identification lookup carried out to receiving end identity, it is corresponding to be sent to address
Data receiver.It is non-essential, when searching receiving end corresponding less than address, sends warning note message to data and send
Data communication is cancelled at end.
Above- mentioned information safety communicating method receives what data sending terminal was sent by being set to the network interface card of data sending terminal
Communication configuration parameter;According to communication configuration parameter, encrypted public key is obtained;According to encrypted public key, using asymmetric arithmetic, to data
The transmission data of transmitting terminal output carry out the multi-layer security based on network layer architecture, obtain encryption data;Encryption data is pushed
The data receiver set to communication configuration parameter.In entire ciphering process, encryption is applied to network interface card, when network interface card starting, root
According to the public key of acquisition, transmission data are successively encrypted in network interface card using rivest, shamir, adelman, to each layer of transmission number
According to encrypting, the computer speed of service is not influenced and multi-layer security, convenient and comprehensive guarantor are carried out to transmission data
Data transmission security is hindered.
Communication configuration parameter includes: the address of data sending terminal, data sending terminal hard disk sequence in one of the embodiments,
The communication of row number, the address of data receiver, the hard disk serial number of data receiver and data sending terminal and data receiver
Time.Wherein, data sending terminal and data receiver address can for data receiver and the respective MAC of data sending terminal
Location (Media Access Control Address, media access control address), also referred to as lan address, ethernet address
Or physical address etc., it is the address for confirming on-line apparatus position that MAC Address, which is physical address, in the present embodiment.Data hair
Sending end and the respective hard disk serial number of data receiver are the magnetic disc IDs of receiving end and transmitting terminal, are when being formatted to disk
The disk identification information being randomly generated is a convolution sequence number.Call duration time is that receiving end and transmitting terminal pass through Handshake Protocol
Confirm both sides' identity and confirmation call duration time.Communicating pair is accurately identified by communication configuration parameter, obtains corresponding encryption
Key guarantees that communication is accurate.
Further, in one of the embodiments, according to communication configuration parameter, after obtaining encrypted public key further include:
According to the variation of call duration time, encrypted public key is updated.Specifically, according to data receiver sum number in communication configuration parameter
According to transmitting terminal respectively address, hard disk serial number and intercommunication time parameter, encrypted public key is formed, in receiving end and transmitting terminal
When disconnecting communication, encrypted public key failure passes through three when being again coupled in the case that no change has taken place when receiving end and transmitting terminal
The secondary time established and communicated of shaking hands changes, and encrypted public key is also updated with the change of the time of intercommunication foundation.
Non-essential, the update of encrypted public key also can receive user and be set by man-machine friendly interface, for example be set in specific
Encrypted public key is automatically updated in time interval and automatically updates the corresponding private key of encrypted public key.Communication re-establishes each time,
Encryption key can be all updated, and guarantee key safety.
In one of the embodiments, rivest, shamir, adelman include RSA Algorithm, knapsack algorithm, Elgamal algorithm, with
And at least one of ECC algorithm algorithm.Wherein, RSA cryptographic algorithms are RSA arithmetics, using different encryption key with
Decruption key, and it is infeasible cipher system that one kind, which goes out decruption key computationally by known encryption key derivation, it is logical
It is often to generate a pair of of RSA key, one of them is privacy key, is saved by user, another is public-key cryptography, external disclosure.
In the present embodiment, data sending terminal and data receiver respectively have a pair of of encryption key, and data receiver and data receiver will
Respective one of encrypted public key carry out disclosure, obtain the encrypted public key of other side, using other side encrypted public key to data into
Row encryption, and in decryption, the private key saved using itself is decrypted.Knapsack algorithm is first to generate one to be easier to solve
Knapsack problem, and its solution then from this problem, generates another knapsack problem being difficult to resolve, and make as dedicated
For public keys, in the present embodiment, if transmitting terminal is want to send message to receiving end, the knapsack being difficult to resolve is can be used in transmitting terminal
Problem encrypts message, and after receiving end receives ciphertext, the private key decryption of legibility can be used.Elgamal algorithm is
A kind of relatively conventional Encryption Algorithm can be used for data encryption and digital signature, and safety is dependent in computer finite field
Discrete logarithm, in ciphering process, the ciphertext length of generation is twice of plaintext, and can all be generated in ciphertext after encryption every time
One random number K, and, Elgamal algorithm is the one-way process of non-reversible algorithm, for example, transmitting terminal sends data to receiving end,
The encrypted public key and private key of transmitting terminal are obtained, the public key of transmitting terminal is shared with receiving end, by receiving end adding according to transmitting terminal
Migong key carries out encryption to data and is sent to data sending terminal, and data sending terminal is decrypted by private key.And data sending terminal
Without data receiver public key, data receiver transmitting encrypted data can not be given.ECC is a kind of public key encryption algorithm,
Based on elliptic curve mathematics, smaller key, American National Standard and technology can be used than other algorithms in some cases
Office has set the length requirement of minimum key, and RSA and DSA are 1024, and ECC is 160, corresponding symmetrical packet key
Length be 80, in the present embodiment, data sending terminal using minimum key to transmission data encrypt, connect in data
Receiving end is decrypted using the corresponding minimum decruption key of minimum key.In ciphering process, Encryption Algorithm is not uniquely to limit
It is fixed, one of or multiple encryption algorithms can be chosen and encrypted, suitable encryption can also be selected according to business demand
Algorithm.By rivest, shamir, adelman, could only be decrypted with the proprietary corresponding proprietary private key of public key, data security is strong,
It ensure that data transmission security.
Transmission in one of the embodiments, according to encrypted public key, using asymmetric arithmetic, to data sending terminal output
Data carry out the multi-layer security based on network layer architecture, obtain encryption data and include: according to encrypted public key, using asymmetric calculation
Method, to transmitting data in application layer, data are transmitted in transport layer, transmitted in data and data link layer in network layer and transmit number
It is encrypted according to the transmission data in middle at least one layer.Wherein, network layer architecture is based on the layered structure in TCP model, packet
Include application layer, transport layer, network layer and data link layer.In the present embodiment, the network interface card of data sending terminal, logarithm are set to
The data that will be transmitted according to transmitting terminal are successively encrypted, will be using public key to application layer for the transmission data in application layer
Data carry out encryption encapsulation plus packet header 1, send data to transport layer;Asymmetric arithmetic such as rsa encryption is used in transport layer
Algorithm carries out encryption encapsulation to the encryption data that application layer transmits, in addition packet header 2 is transmitted to network layer, in network layer using non-
Symmetric encipherment algorithm such as knapsack algorithm carries out encryption encapsulation to the encryption data that transport layer transmits using public key, in addition packet header 3,
It is transmitted to data link layer;Rivest, shamir, adelman such as ECC algorithm is used in data link layer, using encrypted public key to transport layer
The data transmitted carry out encryption encapsulation, in addition packet header 4 is sent to data receiver after encrypting to transmission data.It can manage
Solution, each layer of rivest, shamir, adelman is not unique algorithm, can select suitable safe practice according to business demand.
And the present embodiment lists 4 layers of encryption technology, but is not defined to the encryption number of plies of data and specific encryption layer, can
To carry out the multi-layer securities such as 2 layers, 3 layers and 4 layers to transmission data.By being set to the Encryption Network Card of transmitting terminal, data are carried out
Multi-layer security realizes that data are protected comprehensively, reduces computer and runs occupancy.
Further, S130 further includes receiving encrypted instruction in one of the embodiments, and encrypted instruction characterization encryption passes
The encryption level of transmission of data;Corresponding level encryption is carried out to transmission data according to the encryption level of encrypted instruction characterization, obtains and adds
Ciphertext data.Wherein, in ciphering process, network interface card can receive the encrypted instruction of user's transmission, and encrypted instruction can characterize encryption
Transmitting the level of data, it is to be understood that encrypted instruction can also include Encryption Algorithm, specifically encrypted in a certain layer,
Encrypt the number of plies and specific a certain layer load a certain specific Encryption Algorithm even can to public key and the corresponding private key of public key into
Row modification or artificial update.In the present embodiment, the encrypted instruction that user issues, the encryption layer specified according to encrypted instruction are received
And the encryption number of plies encrypts transmission data.For example, when user wants encryption application layer, transport layer and network layer,
Encrypted instruction is sent to Encryption Network Card, Encryption Network Card is according to encrypted instruction, to transmitting data in application layer, transmit number in transport layer
Data are transmitted accordingly and in network layer to be encrypted.Specifically, encryption method can be encrypted according to specific business demand,
It when application software content secret, prevents from stealing the outer used time, the instruction of corresponding encryption method is sent to Encryption Network Card by user, is encrypted
The encryption method that network interface card is specified according to encrypted instruction encrypts transmission data in application layer, realizes that application software can only be in public affairs
Department could be opened using Intranet, and when leaving company using outer net, data messy code is presented.Added by receiving user encryption instruction setting
Close strategy carries out encryption and reaches customer service requirement, easy to use.
In one of the embodiments, as shown in Fig. 2, after step S140 further include:
S150: encrypted transmission data is received, encrypted transmission data is data receiver according to the corresponding private key of encrypted public key
Carry out the encrypted transmission data of encryption transmission.
S160: verifying is decrypted to encrypted transmission data according to encrypted public key.
After completing encryption to transmission data in Encryption Network Card, encryption data is sent to purpose data receiver, mesh
Receiving end receive encryption data, according to the corresponding private keys of public key, transmission data are successively decrypted, decapsulates and goes to exchange
Head, after obtaining original transmitted data, data receiver is fed back, and transmission transmits data to data sending terminal, data receiver
By the way of data signature, by HASH function, also referred to as hash function, by the message compression of random length to a certain fixation
The message of length is exported, and the first data summarization is generated, and using the corresponding private key of public key, is added to the first data summarization
It is close, data signature is generated, and data signature is attached in transmission data, is sent to data sending terminal, the network interface card of data sending terminal
Transmission data are received, data signature is removed, transmission data are decrypted using public key, obtain the first data summarization, then pass through
HASH function carries out data compression process to transmission data and generates the second data summarization, by the first data summarization and the second data
Abstract compares, and when the first summary data is consistent with the second summary data, illustrates that transmission data are complete, is not modified,
And encryption process is errorless, decryption verification success.By verifying to ciphering process, guarantee that ciphering process is accurate and information
Transmission safety.
In one of the embodiments, in practical applications, information secure communications method be applied to network interface card, Network card setup in
Transmitting terminal, when transmitting terminal starting, network interface card starts automatically, loading internal encipheror, when transmitting terminal passes through Handshake Protocol, determination
Purpose receiving end, when exchanging the communication configuration parameters such as mailing address and the hard disk serial number of communicating pair, network interface card obtains communication
The MAC Address of receiving end and transmitting terminal, that is, communicating pair physical address, terminal hard disk serial number and receiving end in configuration parameter
Encryption key is generated, encryption key includes private key and public affairs according to communication configuration parameter with the transmitting terminal connection setup successful time
The public key of oneself is shared to receiving end by key, transmitting terminal, and the public key of oneself is shared to transmitting terminal, obtains receiving end by receiving end
Encrypted public key, and respectively save private key.When transmitting terminal sends transmission data to receiving end, transmission data pass through network interface card, network interface card
By the receiving end public key of acquisition, using RSA Algorithm, knapsack algorithm, Elgamal algorithm and ECC in rivest, shamir, adelman
At least one of algorithm algorithm is based on TCP4 model of a layered structure, to transmitting data in application layer, transmit data, net in transport layer
It transmits the transmission data transmitted in data and data link layer in data at least one layer in network layers to be encrypted, encrypted
Cheng Zhong can receive the encrypted instruction of user's transmission, according to the encryption method that encrypted instruction carries, encrypt the number of plies and encryption layer
Etc. information carry out multi-layer security, by 4 layers all encryption for, encryption encapsulation is carried out according to public key to the data in application layer, is added
Encrypted data transmission to transport layer is carried out encryption encapsulation according to public key to the encryption data in transport layer by upper packet header 1, in addition
Packet header 2, is transmitted to network layer, encryption encapsulation is carried out according to public key to the encryption data in network layer, in addition packet header 3, is transmitted to
Data link layer carries out encryption encapsulation to the encryption data in data link layer, in addition packet header 4, it will be by the number of multi-layer security
According to purpose receiving end is sent to, packet header is gone to according to the private key held, to multi-layer security data in purpose receiving end layer by layer, deblocking
Dress obtains the initial data of transmitting terminal transmission, after receiving end receives initial data, carries out data feedback, and pass through HASH function
The first data summarization is generated, the first data summarization is encrypted in the private key held using itself, the transmission number with feedback
According to transmitting terminal is transmitted to together, transmitting terminal network interface card is received transmission data, is decrypted using public key, obtains the first data summarization,
It reuses HASH function and compression processing is carried out to transmission data, obtain the second data summarization, when the first data summarization and the second number
When according to making a summary consistent, illustrate in communication process, encryption data is not changed, and can normal transmission.By being set to transmitting terminal
Network interface card, the multi-layer security of complete paired data transmission process is not take up computer running memory, and conveniently, comprehensive to ensure
Information communication security.
In one of the embodiments, as shown in figure 3, providing a kind of information secure communications system, information secure communications
System loads are comprised the following modules in network interface card, Network card setup in data sending terminal, in which:
Parameter receiving module 310, the communication configuration parameter that transmitting terminal is sent for receiving data;
Public key acquisition module 320, for obtaining encrypted public key according to communication configuration parameter;
Encrypting module 330, for according to encrypted public key, using asymmetric arithmetic, the transmission number exported to data sending terminal
According to the multi-layer security based on network layer architecture is carried out, encryption data is obtained;
Data transmission module 340, for encryption data to be pushed to the data receiver of communication configuration parameter setting.
Above-mentioned a kind of information secure communications system in one of the embodiments, further includes update module, for according to logical
The variation for believing the time, is updated encrypted public key.
Encrypting module 330 in one of the embodiments, are also used to according to encrypted public key, corresponding using asymmetric arithmetic
With transmitting data in layer, data are transmitted in transport layer, transmit in data and data link layer and transmitted in data extremely in network layer
Transmission data in one layer few are encrypted.
Encrypting module 330 in one of the embodiments, are also used to receive encrypted instruction, and encrypted instruction characterization encryption passes
The encryption level of transmission of data;Corresponding level encryption is carried out to transmission data according to the encryption level of encrypted instruction characterization, obtains and adds
Ciphertext data.
Above-mentioned a kind of information secure communications system in one of the embodiments, further includes authentication module, is added for receiving
Close transmission data, encrypted transmission data are that data receiver is passed according to the encryption that the corresponding private key of encrypted public key carries out encryption transmission
Transmission of data;Verifying is decrypted to encrypted transmission data according to encrypted public key.
Specific about information secure communications system limits the limit that may refer to above for information secure communications method
Fixed, details are not described herein.Modules in above- mentioned information safe communication system can fully or partially through software, hardware and its
Combination is to realize.Above-mentioned each module can be embedded in the form of hardware or independently of in the processor in network interface card, can also be with software
Form is stored in the memory in network interface card, executes the corresponding operation of the above modules in order to which processor calls.
A kind of network interface card is provided in one of the embodiments, which can be server, and internal structure chart can be with
As shown in Figure 4.The network interface card includes processor, memory, network interface and the database connected by system bus.Wherein, should
The processor of network interface card is for providing calculating and control ability.The memory of the network interface card includes non-volatile memory medium, interior storage
Device.The non-volatile memory medium is stored with operating system, network interface card program and database.The built-in storage is non-volatile memories
The operation of operating system and network interface card program in medium provides environment.The database of the network interface card is for storing information secure communications number
According to.The network interface of the network interface card is used to communicate with external terminal by network connection.When the network interface card program is executed by processor
To realize information secure communications method.
It will be understood by those skilled in the art that structure shown in Fig. 4, only part relevant to application scheme
The block diagram of structure, does not constitute the restriction for the network interface card being applied thereon to application scheme, and specific network interface card may include ratio
More or fewer components as shown in the figure perhaps combine certain components or with different component layouts.
A kind of network interface card, including memory and processor are provided in one of the embodiments, are stored with net in memory
Card program, which performs the steps of when executing network interface card program receives the communication configuration parameter that data sending terminal is sent;Root
According to communication configuration parameter, encrypted public key is obtained;According to encrypted public key, using asymmetric arithmetic, to the biography of data sending terminal output
Transmission of data carries out the multi-layer security based on network layer architecture, obtains encryption data;Encryption data is pushed into communication configuration parameter
The data receiver of setting.
It also performs the steps of when processor executes network interface card program in one of the embodiments, according to call duration time
Variation, is updated encrypted public key.
It also performs the steps of when processor executes network interface card program in one of the embodiments, according to encrypted public key, adopts
With asymmetric arithmetic, to transmitting data in application layer, data are transmitted in transport layer, transmit data and data link in network layer
The transmission data in data at least one layer are transmitted in layer to be encrypted.
Reception encrypted instruction is also performed the steps of when processor executes network interface card program in one of the embodiments, is added
The encryption level of close instruction characterization encrypted transmission data;Transmission data are corresponded to according to the encryption level of encrypted instruction characterization
Level encryption, obtains encryption data.
It is also performed the steps of when processor executes network interface card program in one of the embodiments, and receives encrypted transmission number
According to encrypted transmission data is the encrypted transmission data that data receiver carries out encryption transmission according to the corresponding private key of encrypted public key;
Verifying is decrypted to encrypted transmission data according to encrypted public key.
A kind of network interface card readable storage medium storing program for executing is provided in one of the embodiments, is stored thereon with network interface card program, network interface card
It is performed the steps of when program execution processed and receives the communication configuration parameter that data sending terminal is sent;Joined according to communication configuration
Number obtains encrypted public key;According to encrypted public key, using asymmetric arithmetic, base is carried out to the transmission data of data sending terminal output
In the multi-layer security of network layer architecture, encryption data is obtained;The data that encryption data pushes to communication configuration parameter setting are connect
Receiving end.
It also performs the steps of when network interface card program is executed by processor in one of the embodiments, according to call duration time
Variation, encrypted public key is updated.
It is also performed the steps of when network interface card program is executed by processor in one of the embodiments, according to encrypted public key,
Using asymmetric arithmetic, to transmitting data in application layer, data are transmitted in transport layer, transmit data and data-link in network layer
The transmission data in data at least one layer are transmitted in the floor of road to be encrypted.
Reception encrypted instruction is also performed the steps of when network interface card program is executed by processor in one of the embodiments,
The encryption level of encrypted instruction characterization encrypted transmission data;Transmission data are carried out pair according to the encryption level of encrypted instruction characterization
It answers level to encrypt, obtains encryption data.
Reception encrypted transmission is also performed the steps of when network interface card program is executed by processor in one of the embodiments,
Data, encrypted transmission data are the encrypted transmission numbers that data receiver carries out encryption transmission according to the corresponding private key of encrypted public key
According to;Verifying is decrypted to encrypted transmission data according to encrypted public key.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by network interface card program, the network interface card program can be stored in a non-volatile network interface card and can be read
In storage medium, the network interface card program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the application institute
Any reference used in each embodiment provided to memory, storage, database or other media may each comprise non-easy
The property lost and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electricity
Programming ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include that arbitrary access is deposited
Reservoir (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, such as static
RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhanced SDRAM
(ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) directly RAM (RDRAM), straight
Connect memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention
Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.