CN109450952A - Encrypted-data communication method, apparatus and electronic equipment - Google Patents

Encrypted-data communication method, apparatus and electronic equipment Download PDF

Info

Publication number
CN109450952A
CN109450952A CN201811632296.3A CN201811632296A CN109450952A CN 109450952 A CN109450952 A CN 109450952A CN 201811632296 A CN201811632296 A CN 201811632296A CN 109450952 A CN109450952 A CN 109450952A
Authority
CN
China
Prior art keywords
encrypted
data
target
transmission protocol
protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811632296.3A
Other languages
Chinese (zh)
Inventor
李淼
赵东
杨攀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Cloud In Faith Network Technology Co Ltd
Original Assignee
Beijing Cloud In Faith Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Cloud In Faith Network Technology Co Ltd filed Critical Beijing Cloud In Faith Network Technology Co Ltd
Priority to CN201811632296.3A priority Critical patent/CN109450952A/en
Publication of CN109450952A publication Critical patent/CN109450952A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/24Negotiation of communication capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of encrypted-data communication method, apparatus and electronic equipments, it is related to instant messaging technical field, it include: to be parsed using Encryption Transmission Protocol to target data, obtain target identification, wherein, the target data is to carry out encrypting obtained data by the Encryption Transmission Protocol, and the target identification is the unique identification for indicating the target data;The exit address of communication network is determined according to the target identification;The target data is transmitted to destination service end by the exit address, solves can not be by encrypted data transmission to corresponding server the technical issues of existing in the prior art.

Description

Encrypted-data communication method, apparatus and electronic equipment
Technical field
The present invention relates to instant messaging technical fields, more particularly, to a kind of encrypted-data communication method, apparatus and electricity Sub- equipment.
Background technique
Currently, instant messaging (Instant Messaging) is communication side more popular on internet (Internet) Formula, various instant message applications also emerge one after another, and service provider also provides more and more abundant Communications service function Energy.It is guidance with Computer Networks Principle, in conjunction with some common skills in current network from practical engineering application angle Art realizes that the Internet chat tool based on client/server (Client/Server, abbreviation C/S) framework is to cut by programming It is real feasible.
Instant messaging is a terminal service, allow two people or more people using the instant transmitting message language in network, archives, Voice is exchanged with video.Instant messaging is divided into enterprise instant communication and website instant messaging by usage, according to pair of loading As mobile telephone instant communication and personal computer (personal computer, i.e. PC) instant messaging, mobile phone Instant Messenger can be divided into again The representative of news is short message, website, video instant communication etc..
If necessary to carrying out encrypted transmission between user terminal and server-side, due to data be encryption, can not to its into Row parsing, the third party just can not accomplish to encrypted content according to rule match, to can not take encrypted data transmission to target Business end.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of encrypted-data communication method, apparatus and electronic equipment, with Solve can not be by encrypted data transmission to corresponding server the technical issues of existing in the prior art.
In a first aspect, the embodiment of the invention provides a kind of encrypted-data communication methods, comprising:
Target data is parsed using Encryption Transmission Protocol, obtains target identification, wherein the target data is logical It crosses the Encryption Transmission Protocol to carry out encrypting obtained data, the target identification is the unique mark for indicating the target data Know;
The exit address of communication network is determined according to the target identification;
The target data is transmitted to destination service end by the exit address.
With reference to first aspect, the embodiment of the invention provides the first possible embodiments of first aspect, wherein benefit Target data is parsed with Encryption Transmission Protocol, obtains target identification, comprising:
Target data is parsed using Encryption Transmission Protocol, obtains encrypted negotiation packet;
The encrypted negotiation packet is parsed, target identification is obtained.
With reference to first aspect, the embodiment of the invention provides second of possible embodiments of first aspect, wherein institute Stating Encryption Transmission Protocol includes: protocol header and protocol entity;
The protocol header includes: protocol type, check code and length mark;
The protocol entity includes: Encryption Transmission Protocol content.
With reference to first aspect, the embodiment of the invention provides the third possible embodiments of first aspect, wherein institute Stating Encryption Transmission Protocol content is according to set by instruction.
With reference to first aspect, the embodiment of the invention provides the 4th kind of possible embodiments of first aspect, wherein institute Stating encrypted negotiation packet includes: encryption identification and negotiated packet content, wherein the encryption identification indicates whether negotiated packet is encrypted.
With reference to first aspect, the embodiment of the invention provides the 5th kind of possible embodiments of first aspect, wherein institute Stating negotiated packet content includes: negotiated packet contents version number, client ip address, public key and the target identification.
With reference to first aspect, the embodiment of the invention provides the 6th kind of possible embodiments of first aspect, wherein also Include:
If after parsing using Encryption Transmission Protocol to data on flows, not obtaining encrypted negotiation packet, then by the stream Amount data are directly transferred to server-side.
Second aspect, the embodiment of the present invention also provide a kind of encrypted-data communication device, comprising:
Parsing module obtains target identification for parsing using Encryption Transmission Protocol to target data, wherein institute Stating target data is to carry out encrypting obtained data by the Encryption Transmission Protocol, and the target identification is to indicate the mesh Mark the unique identification of data;
Determining module, for determining the exit address of communication network according to the target identification;
Transmission module, for the target data to be transmitted to destination service end by the exit address.
The third aspect, the embodiment of the present invention also provide a kind of electronic equipment, including memory, processor, the memory In be stored with the computer program that can be run on the processor, the processor is realized when executing the computer program The step of stating method as described in relation to the first aspect.
Fourth aspect, the embodiment of the present invention also provide a kind of meter of non-volatile program code that can be performed with processor Calculation machine readable medium, said program code make the method for the processor execution as described in relation to the first aspect.
Technical solution provided in an embodiment of the present invention brings following the utility model has the advantages that encryption number provided in an embodiment of the present invention According to the means of communication, device and electronic equipment.Firstly, carrying out parsing to target data using Encryption Transmission Protocol to obtain mesh Mark mark, wherein target data is to carry out encrypting obtained data by Encryption Transmission Protocol, and target identification is to indicate target Then the unique identification of data determines the exit address of communication network according to target identification, later, by exit address by mesh Mark data are transmitted to destination service end, therefore, are parsed by Encryption Transmission Protocol to target data, since target data is It carries out encrypting obtained data by the Encryption Transmission Protocol, so that parsing obtains indicating the unique objects mark of the target data Know, determines the exit address of communication network, further according to this target identification later will pass through the export place that this is confirmed Target data is transmitted to destination service end by location, and encryption data is finally transmitted to corresponding destination service to realize End, to solve can not be by encrypted data transmission to corresponding server the technical issues of existing in the prior art.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification and attached drawing Specifically noted structure is achieved and obtained.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 shows the flow chart of encrypted-data communication method provided by the embodiment of the present invention one;
Fig. 2 shows the flow charts of encrypted-data communication method provided by the embodiment of the present invention two;
Fig. 3 shows a kind of structural schematic diagram of encrypted-data communication device provided by the embodiment of the present invention three;
Fig. 4 shows the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present invention four.
Icon: 3- encrypted-data communication device;31- parsing module;32- determining module;33- transmission module;4- electronics is set It is standby;41- memory;42- processor;43- bus;44- communication interface.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Currently, for the encryption data of encrypted transmission between client and server-side, the third party be can not be cracked from And carry out Context resolution, therefore can not according to content carry out rule match it is even more impossible to be forwarded to encryption data.And accelerate Network needs to obtain some rules according to parsing content, so that the request of access is forwarded to corresponding service according to certain rule It holds at (i.e. destination service end).
Therefore, for encryption data, since data are encryptions, can not parse to it that third party just can not accomplish To encrypted content according to rule match, thus can not be by encrypted data transmission to destination service end.
Based on this, a kind of encrypted-data communication method, apparatus provided in an embodiment of the present invention and electronic equipment can be solved Can not be by encrypted data transmission to corresponding server the technical issues of certainly existing in the prior art.
For convenient for understanding the present embodiment, first to a kind of encrypted-data communication side disclosed in the embodiment of the present invention Method, device and electronic equipment describe in detail.
Embodiment one:
A kind of encrypted-data communication method provided in an embodiment of the present invention, as shown in Figure 1, comprising:
S11: target data is parsed using Encryption Transmission Protocol, obtains target identification, wherein target data is logical It crosses Encryption Transmission Protocol to carry out encrypting obtained data, target identification is the unique identification for indicating target data.
For example, parsed according to Encryption Transmission Protocol to target data, it is resolved to after first packet be encrypted negotiation packet, The negotiated packet content is parsed again, and the corresponding content of client's unique identification, i.e. target identification are gone out according to negotiated packet Context resolution.
S12: the exit address of communication network is determined according to target identification.
Preferred embodiment as the present embodiment please be found out according to client's unique identification content (i.e. target identification) determination Mouth, the i.e. exit address of communication network.Wherein, communication network is to accelerate network, and the acceleration transmission of data is realized with this.
S13: target data is transmitted to by destination service end by exit address.
In this step, by the exit address determined in step S12, target data is transmitted to destination service end.
Therefore, using Encryption Transmission Protocol, rule match can be carried out to the encryption data of client and server-side, so that Target data is finally transferred to correct destination service end, even encryption data, can also be existed by Encryption Transmission Protocol Accelerate to carry out network acceleration transmission in network.For example, the data encrypted to itself, are carried out again by Encryption Transmission Protocol One layer of encryption, in transmission, it is only necessary to which being parsed using the negotiated packet that Encryption Transmission Protocol encrypts outermost layer will obtain The exit address for accelerating network, without any dissection process of data progress encrypt to itself, can realize to the data into Row accelerates the acceleration transmission of network.
In the present embodiment, by acting on behalf of transmitting encrypted data between client and server (i.e. destination service end), specifically , between client and agency, act on behalf of the safe encrypted negotiation data of transparent transmission and the encrypted number of transparent transmission between server-side According to.It should be noted that transparent transmission, that is, transparent transmission (pass-through), refers in communication regardless of the business tine of transmission How, only it is responsible for the content of transmission being transferred to destination address by source address, without making any change to business datum content.
Embodiment two:
A kind of encrypted-data communication method provided in an embodiment of the present invention, as shown in Figure 2, comprising:
S21: target data is parsed using Encryption Transmission Protocol, obtains encrypted negotiation packet, wherein target data is It carries out encrypting obtained data by Encryption Transmission Protocol.
As the preferred embodiment of the present embodiment, target data is parsed according to Encryption Transmission Protocol, is resolved to First packet is encrypted negotiation packet.Wherein, Encryption Transmission Protocol can be divided into head and body two parts.
Specifically, the Encryption Transmission Protocol in the present embodiment includes: protocol header and protocol entity.Wherein, protocol header includes: association Discuss type, check code and length mark.Protocol entity includes: Encryption Transmission Protocol content.
For the protocol header part of Encryption Transmission Protocol: the four bit identification protocol type of head of first byte;Second byte is it The check code of variable-length afterwards, to prevent content to be tampered, to ensure the safety of data;Third byte is to the 5th byte The content-length mark of one variable length.For the protocol type part of first byte mark, pass through analysis protocol head in parsing First byte can judge whether be encrypted negotiation packet.For example, first byte is that " 1 " then indicates to be encrypted negotiation packet.It is other Protocol type can also have data transmission packet, connection packet, disconnection packet etc., these include that encrypted negotiation packet one shares 16 kinds of protocol class Type.
For example, there are also nybble identification lengths for mark, if the first byte is most if first character section highest order is 1 A high position is 0, and mark only has the seven bit identification length of residue of the first byte, and so on, the identification length of up to 4 bytes.
For the agreement body portion of Encryption Transmission Protocol: the byte after protocol header is protocol contents, i.e. agreement body portion, Its difference instructed according to every kind has different contents, i.e. Encryption Transmission Protocol content is according to set by instruction.Specifically, The protocol contents of transmission are corresponding with protocol type (being indicated by first byte) in protocol header: if protocol header first byte mark association View type is encrypted negotiation packet, then corresponding protocol entity content is the particular content of encrypted negotiation packet;If protocol type is number It is wrapped according to transmission, then corresponding protocol entity content is the content of data transmission packet.
The particular content of encrypted negotiation packet includes: encryption identification and negotiated packet content.Wherein, encryption identification indicates to negotiate Whether packet is encrypted.Negotiated packet content includes: negotiated packet contents version number, client ip address, public key and target identification.
S22: encrypted negotiation packet is parsed, target identification is obtained, wherein target identification is to indicate target data only One mark.
As a preferred embodiment, after being resolved to first packet and being encrypted negotiation packet, then the negotiated packet content, root are parsed Go out the corresponding content of client's unique identification, i.e. target identification according to negotiated packet Context resolution.
Wherein, for encrypted negotiation packet portion, if four contents are zero before the first byte of encrypted negotiation packet, illustrate to mark Knowledge is safe encrypted negotiation packet.In terms of for negotiated packet content: version refers to contents version number, serves backward compatible;Visitor Family unique identification, that is, target identification accounts for the length of first two byte-identifier, and remaining is client's unique identification content;Random, which refers to, to be added Close random number is the length of 8 bytes;Public Key refers to public key, accounts for the length of first two byte content, remaining is public The content of Key, the decryption for encryption data;Client IP refers to the Internet protocol address (Internet of client Protocol Address, abbreviation IP) address, first two byte contents length is accounted for, remainder is the content of client IP.
S23: the exit address of communication network is determined according to target identification.
In practical applications, request outlet, i.e. communication network are determined according to client's unique identification content (i.e. target identification) Exit address.In the present embodiment, communication network is to accelerate network, and the acceleration transmission of data is realized with this.
S24: according to the entry address of exit address and target data entry communication network, exit address and entrance are selected Encrypted link between address.
Accelerate network (i.e. communication network specifically, entering according to the exit address and target data confirmed in step S23 Network) entry address, select the encrypted link of a low delay between exit address and entry address, High Availabitity.
S25: target data is transmitted to from entry address by exit address by encrypted link.
By the encrypted link selected in step S24, target data is transmitted to exit address from entry address, so that Target data reaches the exit address confirmed in step S23 by the encrypted link from entry address.
S26: the connection line between exit address and destination service end is established in exit.
In this step, accelerating the connecting line between the exit building of network and client service (i.e. destination service end) Road, so that target data reaches destination service end by the connection line from the exit address.
S27: target data is transmitted to from exit address by destination service end by connection line.
By the connection line established out in step S26, target data is transmitted to destination service end from exit address, with Target data is set to reach destination service end by the connection line from the exit address of acceleration network.
S28: storing encrypted link and connection line, so that data on flows is arrived by encrypted link and connection line Reach destination service end.
Connection as a preferred embodiment, to being established out in the encrypted link and step S26 selected in step S24 Route is stored, and to keep this to connect, the data transmitted after alloing by this connection are according to protocol analysis As a result by the encrypted link and the connection line to reaching destination service end.
As the another embodiment of the present embodiment, if after being parsed using Encryption Transmission Protocol to data on flows, Encrypted negotiation packet is not obtained, then data on flows is directly transferred to server-side.Specifically, if being carried out using Encryption Transmission Protocol Parsing result after parsing is not negotiated packet (i.e. non-encrypted negotiated packet), then the corresponding data packet of direct transparent transmission to client refers to Fixed server-side.For non-encrypted negotiated packet, i.e., it also includes protocol header and protocol entity that 15 kinds other than encrypted negotiation packet, which are wrapped, Part;Wherein, four contents are non-zero before the first byte of protocol header;Protocol entity indicates encrypted content.
Therefore, it by the design of the agreement of encrypted link (i.e. Encryption Transmission Protocol), just can be obtained by protocol analysis The unique identification (i.e. target identification) of target data is indicated, to just can confirm to accelerate going out for network according to the target identification Port address selects the encrypted link between port address and exit address, is transmitted to target data so as to finally corresponding Destination service end.
Embodiment three:
A kind of encrypted-data communication device provided in an embodiment of the present invention, as shown in figure 3, encrypted-data communication device 3 wraps It includes: parsing module 31, determining module 32 and transmission module 33.
Further, parsing module is used to parse target data using Encryption Transmission Protocol, obtains target identification, In, target data is to carry out encrypting obtained data by Encryption Transmission Protocol, and target identification is to indicate target data only One mark.
As the preferred embodiment of the present embodiment, determining module is used to determine the outlet of communication network according to target identification Address.Transmission module is used to that target data to be transmitted to destination service end by exit address.
Encrypted-data communication device provided in an embodiment of the present invention, with encrypted-data communication method provided by the above embodiment Technical characteristic having the same reaches identical technical effect so also can solve identical technical problem.
Example IV:
A kind of electronic equipment provided in an embodiment of the present invention, as shown in figure 4, electronic equipment 4 includes memory 41, processor 42, the computer program that can be run on the processor is stored in the memory, the processor executes the calculating The step of method that above-described embodiment one or embodiment two provide is realized when machine program.
Referring to fig. 4, electronic equipment further include: bus 43 and communication interface 44, processor 42, communication interface 44 and memory 41 are connected by bus 43;Processor 42 is for executing the executable module stored in memory 41, such as computer program.
Wherein, memory 41 may include high-speed random access memory (RAM, Random Access Memory), It may further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.By at least One communication interface 44 (can be wired or wireless) realizes the communication between the system network element and at least one other network element Connection, can be used internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 43 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 4, it is not intended that an only bus or A type of bus.
Wherein, memory 41 is for storing program, and the processor 42 executes the journey after receiving and executing instruction Sequence, method performed by the device that the stream process that aforementioned any embodiment of the present invention discloses defines can be applied to processor 42 In, or realized by processor 42.
It should be noted that processor 42 may be a kind of IC chip, the processing capacity with signal.In reality During now, each step of the above method can pass through the integrated logic circuit of the hardware in processor 42 or software form Instruction is completed.Above-mentioned processor 42 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, abbreviation ASIC), ready-made programmable gate array (Field-Programmable Gate Array, Abbreviation FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.It can be real Now or execute the embodiment of the present invention in disclosed each method, step and logic diagram.General processor can be micro process Device or the processor are also possible to any conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can Execute completion to be embodied directly in hardware decoding processor, or in decoding processor hardware and software module combination execute It completes.Software module can be located at random access memory, flash memory, read-only memory, programmable read only memory or electrically-erasable In the storage medium of this fields such as programmable storage, register maturation.The storage medium is located at memory 41, and processor 42 is read Information in access to memory 41, in conjunction with the step of its hardware completion above method.
Embodiment five:
It is provided in an embodiment of the present invention it is a kind of with processor can be performed non-volatile program code it is computer-readable Medium, said program code make the method that the processor executes above-described embodiment one or embodiment two provides.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table It is not limit the scope of the invention up to formula and numerical value.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In all examples being illustrated and described herein, any occurrence should be construed as merely illustratively, without It is as limitation, therefore, other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
The flow chart and block diagram in the drawings show the system of multiple embodiments according to the present invention, method and computer journeys The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part of one module, section or code of table, a part of the module, section or code include one or more use The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually base Originally it is performed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule The dedicated hardware based system of fixed function or movement is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
The computer-readable medium of the non-volatile program code provided in an embodiment of the present invention that can be performed with processor, With encrypted-data communication method, apparatus provided by the above embodiment and electronic equipment technical characteristic having the same, so It can solve identical technical problem, reach identical technical effect.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.
The computer program product of encrypted-data communication method is carried out provided by the embodiment of the present invention, including stores place The computer readable storage medium of the executable non-volatile program code of device is managed, the instruction that said program code includes can be used for Previous methods method as described in the examples is executed, specific implementation can be found in embodiment of the method, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of encrypted-data communication method characterized by comprising
Target data is parsed using Encryption Transmission Protocol, obtains target identification, wherein the target data is passes through It states Encryption Transmission Protocol to carry out encrypting obtained data, the target identification is the unique identification for indicating the target data;
The exit address of communication network is determined according to the target identification;
The target data is transmitted to destination service end by the exit address.
2. encrypted-data communication method according to claim 1, which is characterized in that using Encryption Transmission Protocol to number of targets According to being parsed, target identification is obtained, comprising:
Target data is parsed using Encryption Transmission Protocol, obtains encrypted negotiation packet;
The encrypted negotiation packet is parsed, target identification is obtained.
3. encrypted-data communication method according to claim 1, which is characterized in that the Encryption Transmission Protocol includes: association Discuss head and protocol entity;
The protocol header includes: protocol type, check code and length mark;
The protocol entity includes: Encryption Transmission Protocol content.
4. encrypted-data communication method according to claim 3, which is characterized in that the Encryption Transmission Protocol content is root According to set by instruction.
5. encrypted-data communication method according to claim 2, which is characterized in that the encrypted negotiation packet includes: encryption Mark and negotiated packet content, wherein the encryption identification indicates whether negotiated packet is encrypted.
6. encrypted-data communication method according to claim 5, which is characterized in that the negotiated packet content includes: to negotiate Packet contents version number, client ip address, public key and the target identification.
7. encrypted-data communication method according to claim 2, which is characterized in that further include:
If after parsing using Encryption Transmission Protocol to data on flows, not obtaining encrypted negotiation packet, then by the flow number According to being directly transferred to server-side.
8. a kind of encrypted-data communication device characterized by comprising
Parsing module obtains target identification for parsing using Encryption Transmission Protocol to target data, wherein the mesh Mark data are to carry out encrypting obtained data by the Encryption Transmission Protocol, and the target identification is to indicate the number of targets According to unique identification;
Determining module, for determining the exit address of communication network according to the target identification;
Transmission module, for the target data to be transmitted to destination service end by the exit address.
9. a kind of electronic equipment, including memory, processor, be stored in the memory to run on the processor Computer program, which is characterized in that the processor realizes that the claims 1 to 7 are any when executing the computer program The step of method described in item.
10. a kind of computer-readable medium for the non-volatile program code that can be performed with processor, which is characterized in that described Program code makes the processor execute described any the method for claim 1 to 7.
CN201811632296.3A 2018-12-28 2018-12-28 Encrypted-data communication method, apparatus and electronic equipment Pending CN109450952A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811632296.3A CN109450952A (en) 2018-12-28 2018-12-28 Encrypted-data communication method, apparatus and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811632296.3A CN109450952A (en) 2018-12-28 2018-12-28 Encrypted-data communication method, apparatus and electronic equipment

Publications (1)

Publication Number Publication Date
CN109450952A true CN109450952A (en) 2019-03-08

Family

ID=65542078

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811632296.3A Pending CN109450952A (en) 2018-12-28 2018-12-28 Encrypted-data communication method, apparatus and electronic equipment

Country Status (1)

Country Link
CN (1) CN109450952A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113938531A (en) * 2021-09-23 2022-01-14 北京车和家信息技术有限公司 Data transmission method, device, equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753808A (en) * 2013-12-31 2015-07-01 腾讯科技(深圳)有限公司 Network system data transmission method and device and data transmission system
CN104767684A (en) * 2014-01-03 2015-07-08 腾讯科技(深圳)有限公司 Data transmission method and related device and communication system
US20150244781A1 (en) * 2009-12-23 2015-08-27 Citrix Systems, Inc. Systems and methods for policy based integration to horizontally deployed wan optimization appliances
CN108259237A (en) * 2018-01-05 2018-07-06 葛晗 Network access accelerated method, cloud dns server, CE and cloud IP accelerate network system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150244781A1 (en) * 2009-12-23 2015-08-27 Citrix Systems, Inc. Systems and methods for policy based integration to horizontally deployed wan optimization appliances
CN104753808A (en) * 2013-12-31 2015-07-01 腾讯科技(深圳)有限公司 Network system data transmission method and device and data transmission system
CN104767684A (en) * 2014-01-03 2015-07-08 腾讯科技(深圳)有限公司 Data transmission method and related device and communication system
CN108259237A (en) * 2018-01-05 2018-07-06 葛晗 Network access accelerated method, cloud dns server, CE and cloud IP accelerate network system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113938531A (en) * 2021-09-23 2022-01-14 北京车和家信息技术有限公司 Data transmission method, device, equipment and medium
CN113938531B (en) * 2021-09-23 2023-10-31 北京车和家信息技术有限公司 Data transmission method, device, equipment and medium

Similar Documents

Publication Publication Date Title
CN110933118B (en) Edge computing gateway secure communication method, system, terminal equipment and server
CN111556136B (en) Data interaction method between internal containers of power edge Internet of things agent
EP3790239B1 (en) Network access method and device for edge router
CN106233694B (en) Sequential value is managed using the head of addition in calculating equipment
CN114828140B (en) Service flow message forwarding method and device, storage medium and electronic equipment
CN111163052B (en) Method, device, medium and electronic equipment for connecting Internet of things platform
CN108833255A (en) Communication means, system and block chain node device based on block chain
CN107925655A (en) For the notice of the priorization media path of communication session
CN111934873A (en) Bidding file encryption and decryption method and device
CN101326755B (en) Digital object title and transmission information
CN111246407B (en) Data encryption and decryption method and device for short message transmission
CN109450952A (en) Encrypted-data communication method, apparatus and electronic equipment
CN108234393B (en) Method and device for optimizing data link layer message
CN102938782A (en) Message processing method, device and system
CN111510384B (en) Method, electronic device and computer-readable medium for processing data generated by a service
CN109272318B (en) Resource flow transaction method, device, equipment and medium applied to requester client
CN103401751A (en) Method and device for establishing IPSEC (Internet Protocol Security) tunnels
CN109145620A (en) Data flow diversion processing method and device
CN113037760B (en) Message sending method and device
CN107526644A (en) A kind of interprocess communication system, method, computer-readable recording medium and storage control
CN107454116A (en) The optimization method and device of IPsec ESP agreements under single tunnel mode
CN110611668A (en) Freely-configurable Internet of things monitoring method and device, storage medium and equipment
CN111866100A (en) Method, device and system for controlling data transmission rate
CN114301704B (en) Ipsec tunnel negotiation method, home terminal equipment, opposite terminal equipment and storage medium
CN116781256B (en) Compatible interaction method, device, equipment and storage medium of mechanism data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190308