CN109818939A - A kind of data processing method and equipment - Google Patents
A kind of data processing method and equipment Download PDFInfo
- Publication number
- CN109818939A CN109818939A CN201811654925.2A CN201811654925A CN109818939A CN 109818939 A CN109818939 A CN 109818939A CN 201811654925 A CN201811654925 A CN 201811654925A CN 109818939 A CN109818939 A CN 109818939A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- client
- server
- destination server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the present application discloses a kind of data processing method and equipment, and this method is applied to the data processing equipment, and the data processing equipment is for receiving, handling and forwarding the data interacted between client and server.This method comprises: receiving the first data that the first client is sent;Judge whether first data are encryption data;If first data are encryption data, the second data are obtained to first data deciphering according to the first default decryption rule;Second data are sent to destination server, the destination server is the server determined according to the first destination address carried in second data;If first data are non-encrypted data, first data are sent to the destination server.Server process data speed can also be improved while the flexibility of data interaction between client and server can be increased using the embodiment of the present application.
Description
Technical field
The present invention relates to technical field of data processing more particularly to a kind of data processing methods and equipment.
Background technique
It is in plain text that content may be ravesdropping, this is because super literary that client and server, which communicate usually used,
This transport protocol (Hyper Text Transfer Protocol, HTTP) does not have encryption function in itself, so can not be right
The content of request and response is encrypted.Moreover, the server and client using http protocol will not all verify communication party's
Identity may meet with camouflage;For example, server, when receiving request, as long as the information of request is correct, server is not
It can go to verify whether this request is issued by its corresponding client, and server can make immediately a secondary response to request, return
Return corresponding data.In addition, the integrality of message can not be all verified using the server and client of HTTP agreement, so
In communication process, message is possible to be tampered.Based on such safety problem, various encryption technologies have been derived.
One is the encryption to communicating route, HTTP does not have an encryption function, but can by and Secure Socket Layer
(Secure Socket Layer, SSL) is applied in combination, coded communication route.After establishing secure communication line using SSL, so that it may
To carry out http communication on this route.It is referred to as Hyper text transfer security protocol (HTTP with the HTTP that SSL is applied in combination
Secure, HTTPS).But the technical threshold of HTTPS is higher, most personal or private sites are difficult to support;In addition, comparing
In HTTP, it needs more resources to support, and HTTPS has aggravated the burden of server-side, while also reducing the access speed of user
Degree.
Another is encrypted to Content of Communication itself, i.e., encrypts to the content for being included in HTTP message.
Current data encryption technology can be divided into symmetrical enciphering and deciphering algorithm and asymmetric enciphering and deciphering algorithm according to type of encryption key;It is right
Claiming Encryption Algorithm is the traditional encryption system of comparison, communicating pair in encryption process using the single key that they are shared,
Algorithm is simple, but enciphering rate is fast, is at present still one of the cipher system of mainstream;Rivest, shamir, adelman due to encryption and decryption secret keys not
Together, key management is simple, public key encryption, and private key decryption is applied in many industries.Symmetric encipherment algorithm mainly has data to add
Data Encryption Standard (Data Encryption Standard, DES), triple data encryption algorithm (Triple Data Encryption
Algorithm, TDEA), Advanced Encryption Standard (Advanced Encryption Standard, AES) etc.;Asymmetric encryption is calculated
Method mainly has ellipse curve public key cipher algorithm (Senior Middle 2, SM2).But these encryptions or decryption are all direct
It completes in the server, has thus aggravated the burden of server, reduce the speed of server process data;On in addition,
It states encryption method only solely to encrypt interaction data, the single flexibility for leading to data interaction of the mode of data interaction
It is poor.
Summary of the invention
The embodiment of the present application provides a kind of data processing method and equipment, using the embodiment of the present application, is needing to visitor
When interaction data between family end and server such as is encrypted or is decrypted at the further processing, it is only necessary in data processing equipment
On data are handled, do not need in server-side processes, to reduce the burden of server, improve service pre-treatment
The speed of data, furthermore application scheme is selectively to encrypt to interaction data, increases the spirit between data interaction
Activity and safety.
In a first aspect, the embodiment of the present application provides a kind of data processing method, it is applied to data processing equipment, this method
Include:
Receive the first data of the first client transmission;
Judge whether first data are encryption data;
If first data are encryption data, first data deciphering is obtained according to the first default decryption rule
To the second data;
Second data are sent to destination server, the destination server is carried according in second data
The server that first destination address determines.
If first data are non-encrypted data, first data are sent to the destination server.
The embodiment of the present application is decrypted by the data that data processing equipment interacts client with server, ensure that
Data server in the case where safe transmission can receive data, does not need server and does the work decrypted, to reduce
The burden of server, improves the speed of server process data.In addition, judging client and clothes by data processing equipment
Whether the data of business device interaction need to decrypt, and just press corresponding decryption rule process if necessary to decryption, if you do not need to decryption
It is then directly handled in the way of clear data, this optional decryption processing increases the flexibility of data interaction, while also increasing
The scalability of data interaction is added.
With reference to first aspect, in the first possible embodiment of first aspect, judgement first data
After whether being encryption data, further includes:
Receive the third data that the destination server is sent;
Judge whether the third data need to encrypt and obtains judging result;
The third data are handled according to the judging result.
The embodiment of the present application judges whether the data that client is interacted with server need to encrypt by data processing equipment,
This optional cipher mode increases the flexibility of data interaction.
The possible embodiment of with reference to first aspect the first, in second of possible embodiment of first aspect
In, it is described that the third data are handled according to the judging result, comprising:
If the judging result is that the third data need to encrypt, the judgement encrypted is needed according to the third data
As a result the 4th data are obtained to the third data encryption with the first predetermined encryption rule;
The 4th data are sent to purpose client, the purpose client is carried according in the third data
The client that second destination address determines;Alternatively,
If the judging result is that the third data do not need to encrypt, encryption is not needed according to the third data
Judging result, Xiang Suoshu purpose client send the third data.
With reference to first aspect, described to be sent to destination server in the third possible embodiment of first aspect
After second data, further includes:
Receive the 5th data that the destination server is sent, the 5th data are the destination server to described the
The response data of one data;
The 6th data are obtained to the 5th data encryption according to the second predetermined encryption rule;
The 6th data are sent to first client.
The embodiment of the present application is that the data for needing to encrypt during server is interacted with client carry out by data processing equipment
Encryption does not need to carry out cryptographic operation in server end, not only ensure that the safety of data transmission, but also reduces the negative of server
Load, improves the speed of server process data.
With reference to first aspect, described to the destination server in the 4th kind of possible embodiment of first aspect
After sending first data, further includes:
Receive the 7th data that the destination server is sent, the 7th data are the destination server to described the
The response data of one data;
The 7th data are sent to first client.
Using the embodiment of the present application, needing that the interaction data between client and server is encrypted or decrypted
When further processing, it is only necessary to data are handled on data processing equipment, are not needed in server-side processes, thus
The burden for reducing server improves the speed of service pre-processing data, and furthermore application scheme is selectively to interaction
Data are encrypted, and the flexibility between data interaction is increased.
Second aspect, this application provides a kind of data processing equipment, the data processing equipment for receive, handle and
The data interacted between forwarding client and server characterized by comprising
Receiving unit, for receiving the first data of the first client transmission;
First judging unit, for judging whether first data are encryption data;
Decryption unit, for it is right to preset decryption rule according to first in the case where first data are encryption data
First data deciphering obtains the second data;
Transmission unit, for sending second data to destination server, the destination server is according to described the
The server that the first destination address carried in two data determines;
The transmission unit is also used to the Xiang Suoshu purpose service in the case where first data are non-encrypted data
Device sends first data.
The embodiment of the present application is decrypted by the data that data processing equipment interacts client with server, ensure that
Data server in the case where safe transmission can receive data, does not need server and does the work decrypted, to reduce
The burden of server, improves the speed of server process data.In addition, judging client and clothes by data processing equipment
Whether the data of business device interaction need to decrypt, and just press corresponding decryption rule process if necessary to decryption, if you do not need to decryption
Or encryption is then directly handled in the way of clear data, this optional decryption processing increases the flexibility of data interaction, together
When also increase the scalability of data interaction.
In conjunction with second aspect, in the first possible embodiment of second aspect, the equipment further include:
Second judgment unit, for after the third data that the receiving unit receives that the destination server is sent,
Judge whether the third data need to encrypt and obtains judging result;
Processing unit, for handling the third data according to the judging result.
The embodiment of the present application judges whether the data that client is interacted with server need to encrypt by data processing equipment,
This optional cipher mode increases the flexibility of data interaction.
In conjunction with the first possible embodiment of second aspect, in second of possible embodiment of second aspect
In, it is described that the third data are handled according to the judging result, comprising:
If the judging result is that the third data need to encrypt, the judgement encrypted is needed according to the third data
As a result the 4th data are obtained to the third data encryption with the first predetermined encryption rule;
The 4th data are sent to purpose client, the purpose client is carried according in the third data
The client that second destination address determines;Alternatively,
If the judging result is that the third data do not need to encrypt, encryption is not needed according to the third data
Judging result, Xiang Suoshu purpose client send the third data.
In conjunction with second aspect, in the third possible embodiment of second aspect, the equipment further includes that encryption is single
Member, the transmission unit, after sending second data to destination server, further includes:
The receiving unit is also used to receive the 5th data that the destination server is sent, and the 5th data are institute
Destination server is stated to the response data of first data;
The encryption unit obtains the 6th data to the 5th data encryption according to the second predetermined encryption rule;
The transmission unit is also used to send the 6th data to first client.
The embodiment of the present application is that the data for needing to encrypt during server is interacted with client carry out by data processing equipment
Encryption does not need to carry out cryptographic operation in server end, not only ensure that the safety of data transmission, but also reduces the negative of server
Load, improves the speed of server process data.
In conjunction with second of possible embodiment of second aspect, in the 4th kind of possible embodiment of second aspect
In, the transmission unit, in the case where first data are non-encrypted data, Xiang Suoshu destination server sends described the
After one data, further includes:
The receiving unit is also used to receive the 7th data that the destination server is sent, and the 7th data are institute
Destination server is stated to the response data of first data;
The transmission unit is also used to send the 7th data to first client.
Using the embodiment of the present application, needing that the interaction data between client and server is encrypted or decrypted
When further processing, it is only necessary to data are handled on data processing equipment, are not needed in server-side processes, thus
The burden for reducing server improves the speed of service pre-processing data, and furthermore application scheme is selectively to interaction
Data are encrypted, and the flexibility between data interaction is increased.
The third aspect, the embodiment of the present application provide a kind of computer readable storage medium, the computer storage medium
It is stored with computer program, the computer program includes program instruction, and described program instruction makes institute when being executed by a processor
It states processor and executes method described in above-mentioned first aspect.
Fourth aspect, the embodiment of the present application provide a kind of server, including processor, communication interface and memory, institute
It states processor, communication interface and memory to be connected with each other, wherein the memory is for storing application code, the place
Reason device is configured for calling the application code, executes method described in above-mentioned first aspect.
In conclusion the embodiment of the present application is solved by the data that data processing equipment interacts client with server
Close and encryption, does not need the work that server is decrypted and encrypted, and not only ensure that the safety of data transmission, but also can reduce clothes
The burden of business device, improves the speed of server process data.In addition, judging client and server by data processing equipment
Whether interactive data need to decrypt or encryption, just press at corresponding decryption or the rule encrypted if necessary to decryption or encryption
Reason, if you do not need to decryption or encryption are then directly handled in the way of clear data, this optional encryption or decryption process increases
Add the flexibility of data interaction, while also increasing the scalability of data interaction.
Detailed description of the invention
Attached drawing needed in the embodiment of the present application will be described below.
Fig. 1 is a kind of system architecture schematic diagram of data processing method provided by the embodiments of the present application;
Fig. 2A is a kind of interaction flow schematic diagram of data processing method provided by the embodiments of the present application;
Fig. 2 B is a kind of another interaction flow schematic diagram of data processing method provided by the embodiments of the present application;
Fig. 2 C is a kind of another interaction flow schematic diagram of data processing method provided by the embodiments of the present application;
Fig. 2 D is a kind of another interaction flow schematic diagram of data processing method provided by the embodiments of the present application;
Fig. 3 is a kind of structural schematic diagram of data processing equipment provided by the embodiments of the present application;
Fig. 4 is a kind of structural schematic diagram of entity device provided by the embodiments of the present application.
Specific embodiment
In order to make those skilled in the art more fully understand the present invention program, below in conjunction with attached in the embodiment of the present application
Figure, the technical scheme in the embodiment of the application is clearly and completely described.
Using the embodiment of the present application, needing that the interaction data between client and server is encrypted or decrypted
When further processing, it is only necessary to data are handled on data processing equipment, are not needed in server-side processes, thus
The burden for reducing server improves the speed of service pre-processing data, and furthermore application scheme is selectively to interaction
Data are encrypted, and the flexibility between data interaction is increased.
First the system architecture of this programme is described below.Refering to fig. 1, Fig. 1 is the data that this programme embodiment provides
The system architecture schematic diagram of processing method.As shown in Figure 1, system architecture may include one or more 101 (multiple clothes of server
Business device may be constructed a server cluster), one or more data processing equipment 102 and one or more clients 103
(or equipment), in which:
Server 101 can include but is not limited to background server, component server, data processing server etc., service
Device 101 can be communicated by internet with multiple data processing equipments 102.Server 101 and client 103 carry out data
Interaction is further processed by the data of both 102 pairs of data processing equipment interactions.It needs to run on server and has phase
The server answered services to provide corresponding data interaction processing, and such as data interactive database service, data are calculated, certainly
Plan execution etc..
Data processing equipment 102 may include scheduler, interchanger, router, gateway etc., data processing equipment
102 may be implemented the forwarding of interaction data between server 101 and client 103, while can also complete to turn interaction data
It further encrypts, decrypt except hair, judging whether data need to encrypt or judge whether data are the processing such as encryption data.
Client can be installed and run relevant application (or APP).It is corresponding with server using referring to, it is mentioned for client
For the program of local service.Here, which may include but be not limited to: sending data information to server and receives service
The data information of device transmission and shared information etc..Client in this programme embodiment can include but is not limited to any one
Hand-held electronic product of the kind based on intelligent operating system can pass through keyboard, dummy keyboard, touch tablet, touch screen with user
And the input equipments such as voice-operated device carry out human-computer interaction, smart phone, tablet computer, PC etc..Wherein, intelligence
Can operating system include but is not limited to any to enrich the operation of functions of the equipments by providing various mobile applications to mobile device
System, such as Android (AndroidTM)、iOSTM、Windows PhoneTMDeng.
It should be noted that the system architecture of data processing method provided by the embodiments of the present application is not limited to frame shown in Fig. 1
Structure, it is not further herein to be limited.
A kind of data processing method provided by the present application is described in detail below with reference to framework shown in Fig. 1, refering to shown in Fig. 2A
A kind of flow chart of data processing method, specific method and step are as follows:
Step 201, the first client send the first data to data processing equipment.
Specifically, data processing equipment is not only acted as the intermediate equipment between client and server to client
The forwarding capability of interaction data between server turns again after the interaction data can also be further processed
Hair.In a particular embodiment, client needs to carry out data interaction with server, first sends the data to data processing equipment.
Specifically, the data that client is sent, which can be encryption data, is also possible to non-encrypted data i.e. in plain text.If client is sent
Data be encryption data, client can encrypt the data according to preset encryption method, the preset encryption side
Method can be symmetrical encryption method, be also possible to asymmetrical encryption method, can be in addition to using existing encryption method
Using customized encryption method.Customized encryption method can be will as mapping function by a customized function
Data are encrypted, for example, this customized function can be f (x)=ax2+ bx+c, x are exactly the data for needing to encrypt, f
It (x) is exactly encrypted data, such as x is 1, then encrypted x is exactly a+b+c;If the data to be encrypted are multiple characters
, it can be encrypted character one by one, such as the data to be encrypted are " 1 ", " 2 ", " 3 ", then adding one by one to it
Close available " a+b+c ", " 4a+2b+c ", " 9a+3b+c ".The above-mentioned son only to facilitate understanding is simply illustrated, this is certainly
The function of definition can be any function with inverse function.Customized encryption method is also not limited to the mapping of function,
It can be and data are encrypted using capital and small letter, number and letter, the relationship between number and text, herein with no restrictions.
In addition, the data encryption that client is sent to needs, can be and randomly choose in a variety of encryption methods stored in the client
A kind of encryption method is encrypted, be also possible to the data of encryption in need all encrypted using a kind of encryption method, or
It is also possible to store the corresponding relationship which kind of which data encrypt induction encryption method using in client, works as client in this way
When needing to send data, the method that encryption first can be selected according to the type of the data, then further according to the encryption selected
Method data are encrypted, wherein the division of data type can be divided according to the important level of the data, or can also
According to the grade classification of client user.
Above-mentioned client, can be refering to table 1 to the mode of data encryption in order to facilitate understanding.Table 1 is assumed to deposit in client
Three kinds of encryption methods are stored up, each encryption method all corresponds to the data type of response, i.e. the first data type can be used
The encryption of the second encryption method, the 4th data can be used in the encryption of first encryption method, the second data type and third data type
The encryption of third encryption method can be used in type, the 5th data type, the 6th data type and the 7th data type.
The corresponding relationship of table 1 encryption method and data type
Step 202, data processing equipment receive first data.
Step 203, data processing equipment judge whether first data are encryption data.
In a particular embodiment, after data processing equipment receives the data that client is sent, first judge that the data are
The no data for encryption.
If step 204, first data are encryption data, data processing equipment is according to the first default decryption rule
Second data are obtained to first data deciphering.
In a particular embodiment, if the data that client is sent are encryption data, data processing equipment is according to pre-
If decryption rule the encryption data is decrypted the data after being decrypted.Specifically, preset decryption rule can be
The decryption rule that data processing equipment is obtained from client in advance is also possible to store multiple decryption rule in data processing equipment
Then, the encryption method of the data sended over according to client matches corresponding decryption rule.
Above-mentioned data processing equipment, can be refering to table 2 to the mode of data deciphering in order to facilitate understanding.Table 2 assumes data
The corresponding decryption rule of three kinds of encryption methods in client is stored in processing equipment, i.e., the first encryption method corresponds to first
Encryption rule, the second encryption method correspond to the second decryption rule, and third encryption method corresponds to third decryption rule.At data
It, can be according to the encryption method of data in table 2 if it is encryption data after reason equipment receives the data of client transmission
Corresponding decryption rule is found, then data are decrypted.
The corresponding relationship of 2 encryption method of table and decryption rule
Encryption method | Decryption rule |
First encryption method | First decryption rule |
Second encryption method | Second decryption rule |
Third encryption method | Third decryption rule |
After data deciphering, the data after data processing equipment decapsulation decryption obtain to be carried in the data after the decryption
Destination address, which may include purpose MAC address and/or internet protocol address.
Step 205, data processing equipment send second data to destination server.
In a particular embodiment, after the destination address after data processing equipment is decrypted in data, after decapsulation
Data Reseal, and the data Resealed are sent to purpose equipment according to destination address, purpose equipment herein
As need to carry out the destination server of data interaction with client.
Step 206, destination server receive second data.
Step 207, destination server send third data to data processing equipment.
In a particular embodiment, after destination server receives the data that data processing equipment is sent, immediately to data
It responds, the data of response is sent to data processing equipment.Specifically, the response data that server is sent to data processing equipment
The request whether data need to encrypt can be carried, if the data need to encrypt, server can specify the data
Encryption method, i.e., increase the explanation of the data ciphering method in the response data of transmission;Or data can not also be specified
The method of encryption selects encryption method, i.e., storage in data processing equipment according to the data type of transmission by data processing equipment
A variety of encryption methods, data processing equipment can be selected according to the data type received corresponding encryption method to data into
Row encryption;Or it just directlys adopt some encryption method preset and data is encrypted.
Step 208, data processing equipment judge whether the third data need to encrypt.
Specifically, the response data that destination server is sent to data processing equipment other than carrying destination address, is gone back
Carry whether the response data need to encrypt illustrates information.After data processing equipment receives response data, decapsulation
Then whether the response data needs encryption to illustrate to judge whether the response data needs to encrypt in data according to response.
If step 209, the third data need to encrypt, according to the first predetermined encryption rule to the third data
Encryption obtains the 4th data.
Specifically, data processing equipment is first by the response data of decapsulation if above-mentioned response data needs to encrypt
It Reseals, then the packaged response data is being encrypted according to preset encryption rule;Or according to server
Specified encryption method encrypts data;Or data processing equipment according to the data type received in a variety of encryption sides
It is matched to the encryption method of the data type in method, then response data is encrypted according to the encryption method being matched to.
Above-mentioned processing equipment, can be refering to table 3 to the mode of data encryption in order to facilitate understanding.Table 3 assumes data processing
Three kinds of encryption methods are stored in equipment, each encryption method all corresponds to the data type of response, i.e. the first data type
The encryption of the 4th encryption method can be used, the encryption of the 5th encryption method can be used in the second data type and third data type,
The encryption of the 6th encryption method can be used in 4th data type, the 5th data type, the 6th data type and the 7th data type.
Data processing equipment can be identical with method of the client to data encryption to the method for data encryption, can not also be identical, can
It is identical to decide whether as the case may be.
The corresponding relationship of table 3 encryption method and data type
Step 210, data processing equipment send the 4th data to the first client.
Specifically, data processing equipment has been obtained for response data carrying when decapsulating response data in a step 208
Destination address, the destination address is the address of the client of above-mentioned purpose server response herein, which can be with
MAC Address and/or IP address including the client.Data processing equipment sends out the response data of encryption according to the destination address
Give purpose client.
In conclusion the embodiment of the present application is solved by the data that data processing equipment interacts client with server
Close and encryption, does not need the work that server is decrypted and encrypted, and not only ensure that the safety of data transmission, but also can reduce clothes
The burden of business device, improves the speed of server process data.In addition, judging client and server by data processing equipment
Whether interactive data need to decrypt or encryption, just press at corresponding decryption or the rule encrypted if necessary to decryption or encryption
Reason, if you do not need to decryption or encryption are then directly handled in the way of clear data, this optional encryption or decryption process increases
Add the flexibility of data interaction, while also increasing the scalability of data interaction.
Refering to the flow chart of another kind provided by the present application data processing method shown in Fig. 2 B, specific method and step is such as
Under:
Step 301, the first client send the first data to data processing equipment.
Specifically, data processing equipment is not only acted as the intermediate equipment between client and server to client
The forwarding capability of interaction data between server turns again after the interaction data can also be further processed
Hair.In a particular embodiment, client needs to carry out data interaction with server, first sends the data to data processing equipment.
Step 302, data processing equipment receive first data.
Step 303, data processing equipment judge whether first data are encryption data.
In a particular embodiment, after data processing equipment receives the data that client is sent, first judge that the data are
The no data for encryption.
Step 304 determines that first data are non-encrypted data.
Specifically, if client send data be non-encrypted data, data processing equipment decapsulate this it is non-plus
Ciphertext data obtains the destination address carried in the data, the destination address may include purpose MAC address and/
Or internet protocol address.
Step 305, data processing equipment send first data to destination server.
In a particular embodiment, after data processing equipment obtains the destination address in non-encrypted data, after decapsulation
Data Reseal, and the data Resealed are sent to purpose equipment according to destination address, purpose equipment herein
As need to carry out the destination server of data interaction with client.
Step 306, destination server receive first data.
Step 307, destination server send third data to data processing equipment.
Step 308, data processing equipment judge whether the third data need to encrypt.
If step 309, the third data need to encrypt, according to the first predetermined encryption rule to the third data
Encryption obtains the 4th data.
Step 310, data processing equipment send the 4th data to the first client.
Step 307- step 310 can be to should refer to step in embodiment shown in Fig. 2A in embodiment shown in Fig. 2 B
The description of 207- step 210, details are not described herein again.
In a kind of wherein possible embodiment, above-mentioned steps 209 be if the third data do not need to encrypt,
Data processing equipment is packaged by third data, and packaged third data are sent to the first client.
In a kind of wherein possible embodiment, since the data that the first client is sent to server do not encrypt,
So server is to respond the data and be defaulted as not needing to encrypt to the data that the first client is sent, i.e., server will respond
Data are sent to data processing equipment, and data processing equipment does not make a decision to whether the data will encrypt, and are defaulted as not needing adding
It is close, thus the response data not encrypted is sent to the first client by data processing equipment.Application scheme is to a certain extent
The burden of data processor processes is decreased, to improve the speed of data processing.
In conclusion the embodiment of the present application is solved by the data that data processing equipment interacts client with server
Close and encryption, does not need the work that server is decrypted and encrypted, and not only ensure that the safety of data transmission, but also can reduce clothes
The burden of business device, improves the speed of server process data.In addition, judging client and server by data processing equipment
Whether interactive data need to decrypt or encryption, just press at corresponding decryption or the rule encrypted if necessary to decryption or encryption
Reason, if you do not need to decryption or encryption are then directly handled in the way of clear data, this optional encryption or decryption process increases
Add the flexibility of data interaction, while also increasing the scalability of data interaction.
Refering to the flow chart of another kind provided by the present application data processing method shown in Fig. 2 C, specific method and step is such as
Under:
Step 401, the first client send the first data to data processing equipment.
Step 402, data processing equipment receive first data.
Step 403, data processing equipment judge whether first data are encryption data.
If step 404, first data are encryption data, data processing equipment is according to the first default decryption rule
Second data are obtained to first data deciphering.
Step 405, data processing equipment send second data to destination server.
Step 406, destination server receive second data.
Step 407, destination server send third data to data processing equipment.
Step 408, data processing equipment judge whether the third data need to encrypt.
Specifically, the response data that destination server is sent to data processing equipment other than carrying destination address, is gone back
Carry whether the response data need to encrypt illustrates information.After data processing equipment receives response data, decapsulation
Then whether the response data needs encryption to illustrate to judge whether the response data needs to encrypt in data according to response.
Step 409, data processing equipment determine that the third data do not need to encrypt.
Specifically, if above-mentioned response data does not need to encrypt, data processing equipment is by the response data of decapsulation
It Reseals.
Step 410, data processing equipment send the third data to the first client.
Specifically, data processing equipment has been obtained for response data carrying when decapsulating response data in a step 408
Destination address, the destination address is the address of the client of above-mentioned purpose server response herein, which can be with
MAC Address and/or IP address including the client.The response that data processing equipment will have been Resealed according to the destination address
Data are sent to purpose client.
There are no the step of specific exhibition description in embodiment shown in fig. 2 C may refer to retouching for embodiment shown in Fig. 2A
It states, details are not described herein again.
Step 401- step 407 can be to should refer to step in embodiment shown in Fig. 2A in embodiment shown in fig. 2 C
The description of 201- step 207, details are not described herein again.
In conclusion the embodiment of the present application is solved by the data that data processing equipment interacts client with server
Close and encryption, does not need the work that server is decrypted and encrypted, and not only ensure that the safety of data transmission, but also can reduce clothes
The burden of business device, improves the speed of server process data.In addition, judging client and server by data processing equipment
Whether interactive data need to decrypt or encryption, just press at corresponding decryption or the rule encrypted if necessary to decryption or encryption
Reason, if you do not need to decryption or encryption are then directly handled in the way of clear data, this optional encryption or decryption process increases
Add the flexibility of data interaction, while also increasing the scalability of data interaction.
Refering to the flow chart of another kind provided by the present application data processing method shown in Fig. 2 D, specific method and step is such as
Under:
Step 501, the first client send the first data to data processing equipment.
Step 502, data processing equipment receive first data.
Step 503, data processing equipment judge whether first data are encryption data.
If step 504, first data are encryption data, data processing equipment is according to the first default decryption rule
Second data are obtained to first data deciphering.
Step 505, data processing equipment send second data to destination server.
Step 506, destination server receive second data.
Step 507, destination server send third data to data processing equipment.
Step 508 obtains the 4th data to the third data encryption according to the first predetermined encryption rule
Specifically, decapsulating the response data after data processing equipment receives response data and obtaining in corresponding data
Then the destination address of carrying Reseals the data of decapsulation, and according to predetermined encryption rule to the encapsulation after
Data encryption obtains encrypted response data;Or data processing equipment according to the data type received in a variety of encryption sides
It is matched to the encryption method of the data type in method, then response data is encrypted according to the encryption method being matched to.
Step 509, data processing equipment send the 4th data to the first client.
Specifically, the destination address for decapsulating acquisition in step 508 is the client of above-mentioned purpose server response
Address, the destination address may include the MAC Address and/or IP address of the client.Data processing equipment is according to the destination
The response data of encryption is sent to purpose client by location.
Step 501- step 507 can be to should refer to step in embodiment shown in Fig. 2A in embodiment shown in Fig. 2 D
The description of 201- step 207, details are not described herein again.In the embodiment of the present application, since the data that client is sent to server are
Encryption data, server in response to the data and to client send response data be also defaulted as needing to encrypt, because without
It needs data processing equipment to judge whether data need to encrypt again, reduces the burden of data processing equipment to a certain extent,
Improve the speed of data processing equipment processing data.
In conclusion the embodiment of the present application is solved by the data that data processing equipment interacts client with server
Close and encryption, does not need the work that server is decrypted and encrypted, and not only ensure that the safety of data transmission, but also can reduce clothes
The burden of business device, improves the speed of server process data.In addition, judging client and server by data processing equipment
Whether interactive data need to decrypt or encryption, just press at corresponding decryption or the rule encrypted if necessary to decryption or encryption
Reason, if you do not need to decryption or encryption are then directly handled in the way of clear data, this optional encryption or decryption process increases
Add the flexibility of data interaction, while also increasing the scalability of data interaction.
For the ease of better implementing the above scheme of the application, the embodiment of the present application is also corresponding to be provided at a kind of data
Equipment is managed, 3 is described in detail with reference to the accompanying drawing:
Fig. 3 show a kind of structural schematic diagram of data processing equipment 300, and the data processing equipment 300 includes: to connect
Receive unit 301, the first judging unit 302, decryption unit 303 and transmission unit 304, in which:
Receiving unit 301, for receiving the first data of the first client transmission;
First judging unit 302, for judging whether first data are encryption data;
Decryption unit 303, if first data are encryption data, for regular to institute according to the first default decryption
It states the first data deciphering and obtains the second data;
Transmission unit 304, for sending second data to destination server, the destination server is according to
The server that the first destination address carried in second data determines;
Transmission unit 304 is also used in the case where first data are non-encrypted data, Xiang Suoshu destination server
Send first data.
In a kind of wherein possible embodiment, data processing equipment 300 further includes that second judgment unit and processing are single
Member:
The second judgment unit, for the receiving unit receive third data that the destination server is sent it
Afterwards, judge whether the third data need to encrypt and obtain judging result;
The processing unit, for handling the third data according to the judging result.
In a kind of wherein possible embodiment, the processing unit, for according to judging result processing
Third data, specifically:
If the judging result is that the third data need to encrypt, the judgement encrypted is needed according to the third data
As a result the 4th data are obtained to the third data encryption with the first predetermined encryption rule;
The 4th data are sent to purpose client, the purpose client is carried according in the third data
The client that second destination address determines;Alternatively,
If the judging result is that the third data do not need to encrypt, encryption is not needed according to the third data
Judging result, Xiang Suoshu purpose client send the third data.
In a kind of wherein possible embodiment, data processing equipment 300 further includes encryption unit, transmission unit 304,
After sending second data to destination server, further includes:
Receiving unit 301 is also used to receive the 5th data that the destination server is sent, and the 5th data are described
Response data of the destination server to first data;
The encryption unit obtains the 6th data to the 5th data encryption according to the second predetermined encryption rule;
Transmission unit 304 is also used to send the 6th data to first client.
In a kind of wherein possible embodiment, transmission unit 304, in the feelings that first data are non-encrypted data
Under condition, Xiang Suoshu destination server is sent after first data, further includes:
Receiving unit 301 is also used to receive the 7th data that the destination server is sent, and the 7th data are described
Response data of the destination server to first data;
Transmission unit 304 is also used to send the 7th data to first client.
The specific implementation of each unit and beneficial effect can be to should refer to figure in data processing equipment 300 shown in Fig. 3
Corresponding description in embodiment of the method shown in 2A, details are not described herein again.
Refer to Fig. 4, Fig. 4 is a kind of equipment 400 provided by the embodiments of the present application, the equipment 400 include processor 401,
Memory 402 and communication interface 403, the processor 401, memory 402 and communication interface 403 are mutually interconnected by bus 404
It connects.
Memory 402 include but is not limited to be random access memory (random access memory, RAM), it is read-only
Memory (read-only memory, ROM), Erasable Programmable Read Only Memory EPROM (erasable programmable
Read only memory, EPROM) or portable read-only memory (compact disc read-only memory, CD-
ROM), storage of the memory 402 for dependent instruction and data.Communication interface 403 is for sending and receiving data.
Processor 401 can be one or more central processing units (central processing unit, CPU), locate
In the case that reason device 401 is a CPU, which can be monokaryon CPU, be also possible to multi-core CPU.
Processor 401 in the equipment 400 executes following for reading the program code stored in the memory 402
Operation:
Processor 401 receives the first data that the first client is sent by communication interface 403;
Processor 401 judges whether first data are encryption data;
If first data are encryption data, processor 401 is according to the first default decryption rule to described first
Data deciphering obtains the second data;
Processor 401 sends second data to destination server by communication interface 403, and the destination server is
The server determined according to the first destination address carried in second data;
If first data are non-encrypted data, processor 401 passes through communication interface 403 to the purpose service
Device sends first data.
In a kind of wherein possible embodiment, processor 401 receives the destination server by communication interface 403
The third data of transmission;
Processor 401 judges whether the third data need to encrypt and obtains judging result;
Processor 401 handles the third data according to the judging result.
In a kind of wherein possible embodiment, processor 401 handles the third data according to the judging result,
Include:
If the judging result is that the third data need to encrypt, processor 401 is according to the third data needs
The judging result of encryption and the first predetermined encryption rule obtain the 4th data to the third data encryption;
Processor 401 sends the 4th data to purpose client by communication interface 403, and the purpose client is
The client determined according to the second destination address carried in the third data;Alternatively,
If the judging result is that the third data do not need to encrypt, encryption is not needed according to the third data
Judging result, processor 401 send the third data to the purpose client by communication interface 403.
In a kind of wherein possible embodiment, processor 401 sends institute to destination server by communication interface 403
After stating the second data, further includes:
Processor 401 receives the 5th data that the destination server is sent, the 5th data by communication interface 403
It is the destination server to the response data of first data;
Processor 401 obtains the 6th data to the 5th data encryption according to the second predetermined encryption rule;
Processor 401 sends the 6th data to first client by communication interface 403.
In a kind of wherein possible embodiment, processor 401 is sent out by communication interface 403 to the destination server
After sending first data, further includes:
Processor 401 receives the 7th data that the destination server is sent, the 7th data by communication interface 403
It is the destination server to the response data of first data;
Processor 401 sends the 7th data to first client by communication interface 403.
It should be noted that realizing for each operation can also be retouched to should refer to the corresponding of embodiment of the method shown in Fig. 2A
It states.
In conclusion the embodiment of the present application is solved by the data that data processing equipment interacts client with server
Close and encryption, does not need the work that server is decrypted and encrypted, and not only ensure that the safety of data transmission, but also can reduce clothes
The burden of business device, improves the speed of server process data.In addition, judging client and server by data processing equipment
Whether interactive data need to decrypt or encryption, just press at corresponding decryption or the rule encrypted if necessary to decryption or encryption
Reason, if you do not need to decryption or encryption are then directly handled in the way of clear data, this optional encryption or decryption process increases
Add the flexibility of data interaction, while also increasing the scalability of data interaction.
The embodiment of the invention also provides a kind of computer readable storage medium, the computer storage medium is stored with meter
Calculation machine program, the computer program include program instruction, when described program instruction is executed by processor, Fig. 2A, Fig. 2 B, figure
Method flow shown in 2C Fig. 2 D is achieved.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, the process
Relevant hardware can be instructed to complete by computer program, which can be stored in computer-readable storage medium, should
Program is when being executed, it may include such as the process of above-mentioned each method embodiment.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than it is limited
System;Those skilled in the art should understand that: it can still carry out technical solution documented by foregoing embodiments
Modification, or equivalent substitution of some or all of the technical features;And these are modified or replaceed, and are not made corresponding
The essence of technical solution departs from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. a kind of data processing method, which is characterized in that be applied to data processing equipment, the data processing equipment is for forwarding
The data interacted between client and server, comprising:
Receive the first data of the first client transmission;
Judge whether first data are encryption data;
If first data are encryption data, the is obtained to first data deciphering according to the first default decryption rule
Two data;
Second data are sent to destination server, the destination server is according to first carried in second data
The server that destination address determines;
If first data are non-encrypted data, first data are sent to the destination server.
2. method according to claim 1, which is characterized in that further include:
Receive the third data that the destination server is sent;
Judge whether the third data need to encrypt and obtains judging result;
The third data are handled according to the judging result.
3. method according to claim 2, which is characterized in that it is described that the third data are handled according to the judging result,
Include:
If the judging result is that the third data need to encrypt, the judging result encrypted is needed according to the third data
The 4th data are obtained to the third data encryption with the first predetermined encryption rule;
The 4th data are sent to purpose client, the purpose client is according to second carried in the third data
The client that destination address determines;Alternatively,
If the judging result is that the third data do not need to encrypt, the judgement of encryption is not needed according to the third data
As a result, sending the third data to the purpose client.
4. method according to claim 1, which is characterized in that after second data to destination server transmission,
Further include:
The 5th data that the destination server is sent are received, the 5th data are the destination server to first number
According to response data;
The 6th data are obtained to the 5th data encryption according to the second predetermined encryption rule;
The 6th data are sent to first client.
5. method according to claim 1, which is characterized in that it is described to the destination server send first data it
Afterwards, further includes:
The 7th data that the destination server is sent are received, the 7th data are the destination server to first number
According to response data;
The 7th data are sent to first client.
6. a kind of data processing equipment, the data processing equipment is used to forward the data interacted between client and server,
It is characterised by comprising:
Receiving unit, for receiving the first data of the first client transmission;
First judging unit, for judging whether first data are encryption data;
Decryption unit, for presetting decryption rule to described according to first in the case where first data are encryption data
First data deciphering obtains the second data;
Transmission unit, for sending second data to destination server, the destination server is according to second number
The server determined according to the first destination address of middle carrying;
The transmission unit is also used in the case where first data are non-encrypted data, Xiang Suoshu destination server hair
Send first data.
7. equipment according to claim 6, which is characterized in that further include:
Second judgment unit, for judging after the third data that the receiving unit receives that the destination server is sent
Whether the third data, which need to encrypt, obtains judging result;
Processing unit, for handling the third data according to the judging result.
8. equipment according to claim 7, which is characterized in that the processing unit, for being handled according to the judging result
The third data, specifically:
If the judging result is that the third data need to encrypt, the judging result encrypted is needed according to the third data
The 4th data are obtained to the third data encryption with the first predetermined encryption rule;
The 4th data are sent to purpose client, the purpose client is according to second carried in the third data
The client that destination address determines;Alternatively,
If the judging result is that the third data do not need to encrypt, the judgement of encryption is not needed according to the third data
As a result, sending the third data to the purpose client.
9. equipment according to claim 6, which is characterized in that further include encryption unit, in which:
The receiving unit is also used to after the transmission unit sends second data to destination server, receives institute
The 5th data of destination server transmission are stated, the 5th data are number of responses of the destination server to first data
According to;
The encryption unit obtains the 6th data to the 5th data encryption according to the second predetermined encryption rule;
The transmission unit is also used to send the 6th data to first client.
10. equipment according to claim 6, which is characterized in that the transmission unit is non-encrypted number in first data
In the case where, Xiang Suoshu destination server is sent after first data, further includes:
The receiving unit, is also used to receive the 7th data that the destination server is sent, and the 7th data are the mesh
Server to the response datas of first data;
The transmission unit is also used to send the 7th data to first client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811654925.2A CN109818939A (en) | 2018-12-29 | 2018-12-29 | A kind of data processing method and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811654925.2A CN109818939A (en) | 2018-12-29 | 2018-12-29 | A kind of data processing method and equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109818939A true CN109818939A (en) | 2019-05-28 |
Family
ID=66603188
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811654925.2A Pending CN109818939A (en) | 2018-12-29 | 2018-12-29 | A kind of data processing method and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109818939A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141243A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Device and method for carrying out security check and content filtering on communication data |
CN101621509A (en) * | 2009-07-31 | 2010-01-06 | 浪潮电子信息产业股份有限公司 | Design architecture and method for secure load balancing by utilizing SSL communication protocol |
CN102625299A (en) * | 2012-04-23 | 2012-08-01 | 北京市大富智慧云技术有限公司 | Data transmission method, system and device |
CN105871797A (en) * | 2015-11-19 | 2016-08-17 | 乐视云计算有限公司 | Handshake method, device and system of client and server |
CN105978798A (en) * | 2016-06-29 | 2016-09-28 | 深圳中兴网信科技有限公司 | Message encryption transmission method, terminal and server |
US20180091480A1 (en) * | 2016-09-27 | 2018-03-29 | Comscore, Inc. | Systems and methods for activating a private network |
CN109067803A (en) * | 2018-10-10 | 2018-12-21 | 深信服科技股份有限公司 | A kind of SSL/TLS encryption and decryption communication means, device and equipment |
-
2018
- 2018-12-29 CN CN201811654925.2A patent/CN109818939A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141243A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Device and method for carrying out security check and content filtering on communication data |
CN101621509A (en) * | 2009-07-31 | 2010-01-06 | 浪潮电子信息产业股份有限公司 | Design architecture and method for secure load balancing by utilizing SSL communication protocol |
CN102625299A (en) * | 2012-04-23 | 2012-08-01 | 北京市大富智慧云技术有限公司 | Data transmission method, system and device |
CN105871797A (en) * | 2015-11-19 | 2016-08-17 | 乐视云计算有限公司 | Handshake method, device and system of client and server |
CN105978798A (en) * | 2016-06-29 | 2016-09-28 | 深圳中兴网信科技有限公司 | Message encryption transmission method, terminal and server |
US20180091480A1 (en) * | 2016-09-27 | 2018-03-29 | Comscore, Inc. | Systems and methods for activating a private network |
CN109067803A (en) * | 2018-10-10 | 2018-12-21 | 深信服科技股份有限公司 | A kind of SSL/TLS encryption and decryption communication means, device and equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102229739B1 (en) | Key management system and method | |
US10250573B2 (en) | Leveraging transport-layer cryptographic material | |
US10693848B2 (en) | Installation of a terminal in a secure system | |
US10785261B2 (en) | Techniques for secure session reestablishment | |
CN105408913B (en) | Privacy data are handled in cloud | |
US20180183593A1 (en) | Location aware cryptography | |
CN103428221B (en) | Safe login method, system and device to Mobile solution | |
CN108347419A (en) | Data transmission method and device | |
US10356090B2 (en) | Method and system for establishing a secure communication channel | |
CN107918731A (en) | Method and apparatus for controlling the authority to access to open interface | |
US10511596B2 (en) | Mutual authentication | |
US10951652B1 (en) | Communication session resumption | |
CN107483383A (en) | A kind of data processing method, terminal and background server | |
SE1451210A1 (en) | Generating a symmetric encryption key | |
CN105764051B (en) | Authentication method, authentication device, mobile device and server | |
CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
US9961055B1 (en) | Inaccessibility of data to server involved in secure communication | |
CN110049032A (en) | A kind of the data content encryption method and device of two-way authentication | |
SE1451212A1 (en) | Improved security through authenticaton tokens | |
CN106603388B (en) | Mail sending, viewing and viewing control method and equipment thereof | |
CN103997405B (en) | A kind of key generation method and device | |
CN106230840B (en) | A kind of command identifying method of high security | |
CN107294968A (en) | The monitoring method and system of a kind of audio, video data | |
CN106031097A (en) | Service processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190528 |
|
RJ01 | Rejection of invention patent application after publication |