CN109450952A - Encrypted-data communication method, apparatus and electronic equipment - Google Patents
Encrypted-data communication method, apparatus and electronic equipment Download PDFInfo
- Publication number
- CN109450952A CN109450952A CN201811632296.3A CN201811632296A CN109450952A CN 109450952 A CN109450952 A CN 109450952A CN 201811632296 A CN201811632296 A CN 201811632296A CN 109450952 A CN109450952 A CN 109450952A
- Authority
- CN
- China
- Prior art keywords
- encrypted
- data
- target
- transmission protocol
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/24—Negotiation of communication capabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of encrypted-data communication method, apparatus and electronic equipments, it is related to instant messaging technical field, it include: to be parsed using Encryption Transmission Protocol to target data, obtain target identification, wherein, the target data is to carry out encrypting obtained data by the Encryption Transmission Protocol, and the target identification is the unique identification for indicating the target data;The exit address of communication network is determined according to the target identification;The target data is transmitted to destination service end by the exit address, solves can not be by encrypted data transmission to corresponding server the technical issues of existing in the prior art.
Description
Technical field
The present invention relates to instant messaging technical fields, more particularly, to a kind of encrypted-data communication method, apparatus and electricity
Sub- equipment.
Background technique
Currently, instant messaging (Instant Messaging) is communication side more popular on internet (Internet)
Formula, various instant message applications also emerge one after another, and service provider also provides more and more abundant Communications service function
Energy.It is guidance with Computer Networks Principle, in conjunction with some common skills in current network from practical engineering application angle
Art realizes that the Internet chat tool based on client/server (Client/Server, abbreviation C/S) framework is to cut by programming
It is real feasible.
Instant messaging is a terminal service, allow two people or more people using the instant transmitting message language in network, archives,
Voice is exchanged with video.Instant messaging is divided into enterprise instant communication and website instant messaging by usage, according to pair of loading
As mobile telephone instant communication and personal computer (personal computer, i.e. PC) instant messaging, mobile phone Instant Messenger can be divided into again
The representative of news is short message, website, video instant communication etc..
If necessary to carrying out encrypted transmission between user terminal and server-side, due to data be encryption, can not to its into
Row parsing, the third party just can not accomplish to encrypted content according to rule match, to can not take encrypted data transmission to target
Business end.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of encrypted-data communication method, apparatus and electronic equipment, with
Solve can not be by encrypted data transmission to corresponding server the technical issues of existing in the prior art.
In a first aspect, the embodiment of the invention provides a kind of encrypted-data communication methods, comprising:
Target data is parsed using Encryption Transmission Protocol, obtains target identification, wherein the target data is logical
It crosses the Encryption Transmission Protocol to carry out encrypting obtained data, the target identification is the unique mark for indicating the target data
Know;
The exit address of communication network is determined according to the target identification;
The target data is transmitted to destination service end by the exit address.
With reference to first aspect, the embodiment of the invention provides the first possible embodiments of first aspect, wherein benefit
Target data is parsed with Encryption Transmission Protocol, obtains target identification, comprising:
Target data is parsed using Encryption Transmission Protocol, obtains encrypted negotiation packet;
The encrypted negotiation packet is parsed, target identification is obtained.
With reference to first aspect, the embodiment of the invention provides second of possible embodiments of first aspect, wherein institute
Stating Encryption Transmission Protocol includes: protocol header and protocol entity;
The protocol header includes: protocol type, check code and length mark;
The protocol entity includes: Encryption Transmission Protocol content.
With reference to first aspect, the embodiment of the invention provides the third possible embodiments of first aspect, wherein institute
Stating Encryption Transmission Protocol content is according to set by instruction.
With reference to first aspect, the embodiment of the invention provides the 4th kind of possible embodiments of first aspect, wherein institute
Stating encrypted negotiation packet includes: encryption identification and negotiated packet content, wherein the encryption identification indicates whether negotiated packet is encrypted.
With reference to first aspect, the embodiment of the invention provides the 5th kind of possible embodiments of first aspect, wherein institute
Stating negotiated packet content includes: negotiated packet contents version number, client ip address, public key and the target identification.
With reference to first aspect, the embodiment of the invention provides the 6th kind of possible embodiments of first aspect, wherein also
Include:
If after parsing using Encryption Transmission Protocol to data on flows, not obtaining encrypted negotiation packet, then by the stream
Amount data are directly transferred to server-side.
Second aspect, the embodiment of the present invention also provide a kind of encrypted-data communication device, comprising:
Parsing module obtains target identification for parsing using Encryption Transmission Protocol to target data, wherein institute
Stating target data is to carry out encrypting obtained data by the Encryption Transmission Protocol, and the target identification is to indicate the mesh
Mark the unique identification of data;
Determining module, for determining the exit address of communication network according to the target identification;
Transmission module, for the target data to be transmitted to destination service end by the exit address.
The third aspect, the embodiment of the present invention also provide a kind of electronic equipment, including memory, processor, the memory
In be stored with the computer program that can be run on the processor, the processor is realized when executing the computer program
The step of stating method as described in relation to the first aspect.
Fourth aspect, the embodiment of the present invention also provide a kind of meter of non-volatile program code that can be performed with processor
Calculation machine readable medium, said program code make the method for the processor execution as described in relation to the first aspect.
Technical solution provided in an embodiment of the present invention brings following the utility model has the advantages that encryption number provided in an embodiment of the present invention
According to the means of communication, device and electronic equipment.Firstly, carrying out parsing to target data using Encryption Transmission Protocol to obtain mesh
Mark mark, wherein target data is to carry out encrypting obtained data by Encryption Transmission Protocol, and target identification is to indicate target
Then the unique identification of data determines the exit address of communication network according to target identification, later, by exit address by mesh
Mark data are transmitted to destination service end, therefore, are parsed by Encryption Transmission Protocol to target data, since target data is
It carries out encrypting obtained data by the Encryption Transmission Protocol, so that parsing obtains indicating the unique objects mark of the target data
Know, determines the exit address of communication network, further according to this target identification later will pass through the export place that this is confirmed
Target data is transmitted to destination service end by location, and encryption data is finally transmitted to corresponding destination service to realize
End, to solve can not be by encrypted data transmission to corresponding server the technical issues of existing in the prior art.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification and attached drawing
Specifically noted structure is achieved and obtained.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 shows the flow chart of encrypted-data communication method provided by the embodiment of the present invention one;
Fig. 2 shows the flow charts of encrypted-data communication method provided by the embodiment of the present invention two;
Fig. 3 shows a kind of structural schematic diagram of encrypted-data communication device provided by the embodiment of the present invention three;
Fig. 4 shows the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present invention four.
Icon: 3- encrypted-data communication device;31- parsing module;32- determining module;33- transmission module;4- electronics is set
It is standby;41- memory;42- processor;43- bus;44- communication interface.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Currently, for the encryption data of encrypted transmission between client and server-side, the third party be can not be cracked from
And carry out Context resolution, therefore can not according to content carry out rule match it is even more impossible to be forwarded to encryption data.And accelerate
Network needs to obtain some rules according to parsing content, so that the request of access is forwarded to corresponding service according to certain rule
It holds at (i.e. destination service end).
Therefore, for encryption data, since data are encryptions, can not parse to it that third party just can not accomplish
To encrypted content according to rule match, thus can not be by encrypted data transmission to destination service end.
Based on this, a kind of encrypted-data communication method, apparatus provided in an embodiment of the present invention and electronic equipment can be solved
Can not be by encrypted data transmission to corresponding server the technical issues of certainly existing in the prior art.
For convenient for understanding the present embodiment, first to a kind of encrypted-data communication side disclosed in the embodiment of the present invention
Method, device and electronic equipment describe in detail.
Embodiment one:
A kind of encrypted-data communication method provided in an embodiment of the present invention, as shown in Figure 1, comprising:
S11: target data is parsed using Encryption Transmission Protocol, obtains target identification, wherein target data is logical
It crosses Encryption Transmission Protocol to carry out encrypting obtained data, target identification is the unique identification for indicating target data.
For example, parsed according to Encryption Transmission Protocol to target data, it is resolved to after first packet be encrypted negotiation packet,
The negotiated packet content is parsed again, and the corresponding content of client's unique identification, i.e. target identification are gone out according to negotiated packet Context resolution.
S12: the exit address of communication network is determined according to target identification.
Preferred embodiment as the present embodiment please be found out according to client's unique identification content (i.e. target identification) determination
Mouth, the i.e. exit address of communication network.Wherein, communication network is to accelerate network, and the acceleration transmission of data is realized with this.
S13: target data is transmitted to by destination service end by exit address.
In this step, by the exit address determined in step S12, target data is transmitted to destination service end.
Therefore, using Encryption Transmission Protocol, rule match can be carried out to the encryption data of client and server-side, so that
Target data is finally transferred to correct destination service end, even encryption data, can also be existed by Encryption Transmission Protocol
Accelerate to carry out network acceleration transmission in network.For example, the data encrypted to itself, are carried out again by Encryption Transmission Protocol
One layer of encryption, in transmission, it is only necessary to which being parsed using the negotiated packet that Encryption Transmission Protocol encrypts outermost layer will obtain
The exit address for accelerating network, without any dissection process of data progress encrypt to itself, can realize to the data into
Row accelerates the acceleration transmission of network.
In the present embodiment, by acting on behalf of transmitting encrypted data between client and server (i.e. destination service end), specifically
, between client and agency, act on behalf of the safe encrypted negotiation data of transparent transmission and the encrypted number of transparent transmission between server-side
According to.It should be noted that transparent transmission, that is, transparent transmission (pass-through), refers in communication regardless of the business tine of transmission
How, only it is responsible for the content of transmission being transferred to destination address by source address, without making any change to business datum content.
Embodiment two:
A kind of encrypted-data communication method provided in an embodiment of the present invention, as shown in Figure 2, comprising:
S21: target data is parsed using Encryption Transmission Protocol, obtains encrypted negotiation packet, wherein target data is
It carries out encrypting obtained data by Encryption Transmission Protocol.
As the preferred embodiment of the present embodiment, target data is parsed according to Encryption Transmission Protocol, is resolved to
First packet is encrypted negotiation packet.Wherein, Encryption Transmission Protocol can be divided into head and body two parts.
Specifically, the Encryption Transmission Protocol in the present embodiment includes: protocol header and protocol entity.Wherein, protocol header includes: association
Discuss type, check code and length mark.Protocol entity includes: Encryption Transmission Protocol content.
For the protocol header part of Encryption Transmission Protocol: the four bit identification protocol type of head of first byte;Second byte is it
The check code of variable-length afterwards, to prevent content to be tampered, to ensure the safety of data;Third byte is to the 5th byte
The content-length mark of one variable length.For the protocol type part of first byte mark, pass through analysis protocol head in parsing
First byte can judge whether be encrypted negotiation packet.For example, first byte is that " 1 " then indicates to be encrypted negotiation packet.It is other
Protocol type can also have data transmission packet, connection packet, disconnection packet etc., these include that encrypted negotiation packet one shares 16 kinds of protocol class
Type.
For example, there are also nybble identification lengths for mark, if the first byte is most if first character section highest order is 1
A high position is 0, and mark only has the seven bit identification length of residue of the first byte, and so on, the identification length of up to 4 bytes.
For the agreement body portion of Encryption Transmission Protocol: the byte after protocol header is protocol contents, i.e. agreement body portion,
Its difference instructed according to every kind has different contents, i.e. Encryption Transmission Protocol content is according to set by instruction.Specifically,
The protocol contents of transmission are corresponding with protocol type (being indicated by first byte) in protocol header: if protocol header first byte mark association
View type is encrypted negotiation packet, then corresponding protocol entity content is the particular content of encrypted negotiation packet;If protocol type is number
It is wrapped according to transmission, then corresponding protocol entity content is the content of data transmission packet.
The particular content of encrypted negotiation packet includes: encryption identification and negotiated packet content.Wherein, encryption identification indicates to negotiate
Whether packet is encrypted.Negotiated packet content includes: negotiated packet contents version number, client ip address, public key and target identification.
S22: encrypted negotiation packet is parsed, target identification is obtained, wherein target identification is to indicate target data only
One mark.
As a preferred embodiment, after being resolved to first packet and being encrypted negotiation packet, then the negotiated packet content, root are parsed
Go out the corresponding content of client's unique identification, i.e. target identification according to negotiated packet Context resolution.
Wherein, for encrypted negotiation packet portion, if four contents are zero before the first byte of encrypted negotiation packet, illustrate to mark
Knowledge is safe encrypted negotiation packet.In terms of for negotiated packet content: version refers to contents version number, serves backward compatible;Visitor
Family unique identification, that is, target identification accounts for the length of first two byte-identifier, and remaining is client's unique identification content;Random, which refers to, to be added
Close random number is the length of 8 bytes;Public Key refers to public key, accounts for the length of first two byte content, remaining is public
The content of Key, the decryption for encryption data;Client IP refers to the Internet protocol address (Internet of client
Protocol Address, abbreviation IP) address, first two byte contents length is accounted for, remainder is the content of client IP.
S23: the exit address of communication network is determined according to target identification.
In practical applications, request outlet, i.e. communication network are determined according to client's unique identification content (i.e. target identification)
Exit address.In the present embodiment, communication network is to accelerate network, and the acceleration transmission of data is realized with this.
S24: according to the entry address of exit address and target data entry communication network, exit address and entrance are selected
Encrypted link between address.
Accelerate network (i.e. communication network specifically, entering according to the exit address and target data confirmed in step S23
Network) entry address, select the encrypted link of a low delay between exit address and entry address, High Availabitity.
S25: target data is transmitted to from entry address by exit address by encrypted link.
By the encrypted link selected in step S24, target data is transmitted to exit address from entry address, so that
Target data reaches the exit address confirmed in step S23 by the encrypted link from entry address.
S26: the connection line between exit address and destination service end is established in exit.
In this step, accelerating the connecting line between the exit building of network and client service (i.e. destination service end)
Road, so that target data reaches destination service end by the connection line from the exit address.
S27: target data is transmitted to from exit address by destination service end by connection line.
By the connection line established out in step S26, target data is transmitted to destination service end from exit address, with
Target data is set to reach destination service end by the connection line from the exit address of acceleration network.
S28: storing encrypted link and connection line, so that data on flows is arrived by encrypted link and connection line
Reach destination service end.
Connection as a preferred embodiment, to being established out in the encrypted link and step S26 selected in step S24
Route is stored, and to keep this to connect, the data transmitted after alloing by this connection are according to protocol analysis
As a result by the encrypted link and the connection line to reaching destination service end.
As the another embodiment of the present embodiment, if after being parsed using Encryption Transmission Protocol to data on flows,
Encrypted negotiation packet is not obtained, then data on flows is directly transferred to server-side.Specifically, if being carried out using Encryption Transmission Protocol
Parsing result after parsing is not negotiated packet (i.e. non-encrypted negotiated packet), then the corresponding data packet of direct transparent transmission to client refers to
Fixed server-side.For non-encrypted negotiated packet, i.e., it also includes protocol header and protocol entity that 15 kinds other than encrypted negotiation packet, which are wrapped,
Part;Wherein, four contents are non-zero before the first byte of protocol header;Protocol entity indicates encrypted content.
Therefore, it by the design of the agreement of encrypted link (i.e. Encryption Transmission Protocol), just can be obtained by protocol analysis
The unique identification (i.e. target identification) of target data is indicated, to just can confirm to accelerate going out for network according to the target identification
Port address selects the encrypted link between port address and exit address, is transmitted to target data so as to finally corresponding
Destination service end.
Embodiment three:
A kind of encrypted-data communication device provided in an embodiment of the present invention, as shown in figure 3, encrypted-data communication device 3 wraps
It includes: parsing module 31, determining module 32 and transmission module 33.
Further, parsing module is used to parse target data using Encryption Transmission Protocol, obtains target identification,
In, target data is to carry out encrypting obtained data by Encryption Transmission Protocol, and target identification is to indicate target data only
One mark.
As the preferred embodiment of the present embodiment, determining module is used to determine the outlet of communication network according to target identification
Address.Transmission module is used to that target data to be transmitted to destination service end by exit address.
Encrypted-data communication device provided in an embodiment of the present invention, with encrypted-data communication method provided by the above embodiment
Technical characteristic having the same reaches identical technical effect so also can solve identical technical problem.
Example IV:
A kind of electronic equipment provided in an embodiment of the present invention, as shown in figure 4, electronic equipment 4 includes memory 41, processor
42, the computer program that can be run on the processor is stored in the memory, the processor executes the calculating
The step of method that above-described embodiment one or embodiment two provide is realized when machine program.
Referring to fig. 4, electronic equipment further include: bus 43 and communication interface 44, processor 42, communication interface 44 and memory
41 are connected by bus 43;Processor 42 is for executing the executable module stored in memory 41, such as computer program.
Wherein, memory 41 may include high-speed random access memory (RAM, Random Access Memory),
It may further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.By at least
One communication interface 44 (can be wired or wireless) realizes the communication between the system network element and at least one other network element
Connection, can be used internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 43 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data
Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 4, it is not intended that an only bus or
A type of bus.
Wherein, memory 41 is for storing program, and the processor 42 executes the journey after receiving and executing instruction
Sequence, method performed by the device that the stream process that aforementioned any embodiment of the present invention discloses defines can be applied to processor 42
In, or realized by processor 42.
It should be noted that processor 42 may be a kind of IC chip, the processing capacity with signal.In reality
During now, each step of the above method can pass through the integrated logic circuit of the hardware in processor 42 or software form
Instruction is completed.Above-mentioned processor 42 can be general processor, including central processing unit (Central Processing
Unit, abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor
(Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific
Integrated Circuit, abbreviation ASIC), ready-made programmable gate array (Field-Programmable Gate Array,
Abbreviation FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.It can be real
Now or execute the embodiment of the present invention in disclosed each method, step and logic diagram.General processor can be micro process
Device or the processor are also possible to any conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can
Execute completion to be embodied directly in hardware decoding processor, or in decoding processor hardware and software module combination execute
It completes.Software module can be located at random access memory, flash memory, read-only memory, programmable read only memory or electrically-erasable
In the storage medium of this fields such as programmable storage, register maturation.The storage medium is located at memory 41, and processor 42 is read
Information in access to memory 41, in conjunction with the step of its hardware completion above method.
Embodiment five:
It is provided in an embodiment of the present invention it is a kind of with processor can be performed non-volatile program code it is computer-readable
Medium, said program code make the method that the processor executes above-described embodiment one or embodiment two provides.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table
It is not limit the scope of the invention up to formula and numerical value.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In all examples being illustrated and described herein, any occurrence should be construed as merely illustratively, without
It is as limitation, therefore, other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
The flow chart and block diagram in the drawings show the system of multiple embodiments according to the present invention, method and computer journeys
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, section or code of table, a part of the module, section or code include one or more use
The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually base
Originally it is performed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that
It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule
The dedicated hardware based system of fixed function or movement is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
The computer-readable medium of the non-volatile program code provided in an embodiment of the present invention that can be performed with processor,
With encrypted-data communication method, apparatus provided by the above embodiment and electronic equipment technical characteristic having the same, so
It can solve identical technical problem, reach identical technical effect.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
The computer program product of encrypted-data communication method is carried out provided by the embodiment of the present invention, including stores place
The computer readable storage medium of the executable non-volatile program code of device is managed, the instruction that said program code includes can be used for
Previous methods method as described in the examples is executed, specific implementation can be found in embodiment of the method, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit,
Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for
The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art
In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention
Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of encrypted-data communication method characterized by comprising
Target data is parsed using Encryption Transmission Protocol, obtains target identification, wherein the target data is passes through
It states Encryption Transmission Protocol to carry out encrypting obtained data, the target identification is the unique identification for indicating the target data;
The exit address of communication network is determined according to the target identification;
The target data is transmitted to destination service end by the exit address.
2. encrypted-data communication method according to claim 1, which is characterized in that using Encryption Transmission Protocol to number of targets
According to being parsed, target identification is obtained, comprising:
Target data is parsed using Encryption Transmission Protocol, obtains encrypted negotiation packet;
The encrypted negotiation packet is parsed, target identification is obtained.
3. encrypted-data communication method according to claim 1, which is characterized in that the Encryption Transmission Protocol includes: association
Discuss head and protocol entity;
The protocol header includes: protocol type, check code and length mark;
The protocol entity includes: Encryption Transmission Protocol content.
4. encrypted-data communication method according to claim 3, which is characterized in that the Encryption Transmission Protocol content is root
According to set by instruction.
5. encrypted-data communication method according to claim 2, which is characterized in that the encrypted negotiation packet includes: encryption
Mark and negotiated packet content, wherein the encryption identification indicates whether negotiated packet is encrypted.
6. encrypted-data communication method according to claim 5, which is characterized in that the negotiated packet content includes: to negotiate
Packet contents version number, client ip address, public key and the target identification.
7. encrypted-data communication method according to claim 2, which is characterized in that further include:
If after parsing using Encryption Transmission Protocol to data on flows, not obtaining encrypted negotiation packet, then by the flow number
According to being directly transferred to server-side.
8. a kind of encrypted-data communication device characterized by comprising
Parsing module obtains target identification for parsing using Encryption Transmission Protocol to target data, wherein the mesh
Mark data are to carry out encrypting obtained data by the Encryption Transmission Protocol, and the target identification is to indicate the number of targets
According to unique identification;
Determining module, for determining the exit address of communication network according to the target identification;
Transmission module, for the target data to be transmitted to destination service end by the exit address.
9. a kind of electronic equipment, including memory, processor, be stored in the memory to run on the processor
Computer program, which is characterized in that the processor realizes that the claims 1 to 7 are any when executing the computer program
The step of method described in item.
10. a kind of computer-readable medium for the non-volatile program code that can be performed with processor, which is characterized in that described
Program code makes the processor execute described any the method for claim 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811632296.3A CN109450952A (en) | 2018-12-28 | 2018-12-28 | Encrypted-data communication method, apparatus and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811632296.3A CN109450952A (en) | 2018-12-28 | 2018-12-28 | Encrypted-data communication method, apparatus and electronic equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109450952A true CN109450952A (en) | 2019-03-08 |
Family
ID=65542078
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811632296.3A Pending CN109450952A (en) | 2018-12-28 | 2018-12-28 | Encrypted-data communication method, apparatus and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109450952A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113938531A (en) * | 2021-09-23 | 2022-01-14 | 北京车和家信息技术有限公司 | Data transmission method, device, equipment and medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104753808A (en) * | 2013-12-31 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Network system data transmission method and device and data transmission system |
CN104767684A (en) * | 2014-01-03 | 2015-07-08 | 腾讯科技(深圳)有限公司 | Data transmission method and related device and communication system |
US20150244781A1 (en) * | 2009-12-23 | 2015-08-27 | Citrix Systems, Inc. | Systems and methods for policy based integration to horizontally deployed wan optimization appliances |
CN108259237A (en) * | 2018-01-05 | 2018-07-06 | 葛晗 | Network access accelerated method, cloud dns server, CE and cloud IP accelerate network system |
-
2018
- 2018-12-28 CN CN201811632296.3A patent/CN109450952A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150244781A1 (en) * | 2009-12-23 | 2015-08-27 | Citrix Systems, Inc. | Systems and methods for policy based integration to horizontally deployed wan optimization appliances |
CN104753808A (en) * | 2013-12-31 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Network system data transmission method and device and data transmission system |
CN104767684A (en) * | 2014-01-03 | 2015-07-08 | 腾讯科技(深圳)有限公司 | Data transmission method and related device and communication system |
CN108259237A (en) * | 2018-01-05 | 2018-07-06 | 葛晗 | Network access accelerated method, cloud dns server, CE and cloud IP accelerate network system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113938531A (en) * | 2021-09-23 | 2022-01-14 | 北京车和家信息技术有限公司 | Data transmission method, device, equipment and medium |
CN113938531B (en) * | 2021-09-23 | 2023-10-31 | 北京车和家信息技术有限公司 | Data transmission method, device, equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110933118B (en) | Edge computing gateway secure communication method, system, terminal equipment and server | |
CN111556136B (en) | Data interaction method between internal containers of power edge Internet of things agent | |
EP3790239B1 (en) | Network access method and device for edge router | |
CN106233694B (en) | Sequential value is managed using the head of addition in calculating equipment | |
CN114828140B (en) | Service flow message forwarding method and device, storage medium and electronic equipment | |
CN111163052B (en) | Method, device, medium and electronic equipment for connecting Internet of things platform | |
CN108833255A (en) | Communication means, system and block chain node device based on block chain | |
CN107925655A (en) | For the notice of the priorization media path of communication session | |
CN111934873A (en) | Bidding file encryption and decryption method and device | |
CN101326755B (en) | Digital object title and transmission information | |
CN111246407B (en) | Data encryption and decryption method and device for short message transmission | |
CN109450952A (en) | Encrypted-data communication method, apparatus and electronic equipment | |
CN108234393B (en) | Method and device for optimizing data link layer message | |
CN102938782A (en) | Message processing method, device and system | |
CN111510384B (en) | Method, electronic device and computer-readable medium for processing data generated by a service | |
CN109272318B (en) | Resource flow transaction method, device, equipment and medium applied to requester client | |
CN103401751A (en) | Method and device for establishing IPSEC (Internet Protocol Security) tunnels | |
CN109145620A (en) | Data flow diversion processing method and device | |
CN113037760B (en) | Message sending method and device | |
CN107526644A (en) | A kind of interprocess communication system, method, computer-readable recording medium and storage control | |
CN107454116A (en) | The optimization method and device of IPsec ESP agreements under single tunnel mode | |
CN110611668A (en) | Freely-configurable Internet of things monitoring method and device, storage medium and equipment | |
CN111866100A (en) | Method, device and system for controlling data transmission rate | |
CN114301704B (en) | Ipsec tunnel negotiation method, home terminal equipment, opposite terminal equipment and storage medium | |
CN116781256B (en) | Compatible interaction method, device, equipment and storage medium of mechanism data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190308 |