CN110557380A - secure data transmission method based on TCP/IP protocol - Google Patents

secure data transmission method based on TCP/IP protocol Download PDF

Info

Publication number
CN110557380A
CN110557380A CN201910726808.0A CN201910726808A CN110557380A CN 110557380 A CN110557380 A CN 110557380A CN 201910726808 A CN201910726808 A CN 201910726808A CN 110557380 A CN110557380 A CN 110557380A
Authority
CN
China
Prior art keywords
data
database
client
header
group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910726808.0A
Other languages
Chinese (zh)
Inventor
姚志江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Yueyan Technology Co ltd
Original Assignee
Beijing Shaini Science And Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shaini Science And Technology Development Co Ltd filed Critical Beijing Shaini Science And Technology Development Co Ltd
Priority to CN201910726808.0A priority Critical patent/CN110557380A/en
Publication of CN110557380A publication Critical patent/CN110557380A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to the technical field of secure data transmission, in particular to a secure data transmission method based on a TCP/IP protocol, which comprises the following steps: finishing the communication establishment of a TCP/IP protocol between a server and a client; using a JSON server to send data to a server; the client side obtains data of the database in real time, distinguishes a packet header and a data body through a regular expression for sending data, distinguishes various data in the packet header through the regular expression, and judges whether to execute database operation or not. The invention is used for acquiring database data in the transmission process based on the TCP/IP protocol network, and ensuring reliable client-side link; preventing other applications from acquiring data at will; meanwhile, the communication pressure of the main server can be shared, and the high-efficiency communication between the client and the database is improved.

Description

Secure data transmission method based on TCP/IP protocol
Technical Field
The invention relates to the technical field of secure data transmission, in particular to a secure data transmission method based on a TCP/IP protocol.
Background
in a B/S or C/S server architecture, data acquisition is a critical, limited, expensive resource, which is especially prominent in multi-user web applications. Database data are frequently acquired through a server, the flexibility and the robustness of the whole application program are influenced, and the performance index of the program is influenced. Meanwhile, too much load is added to the server, so that better server hardware configuration and more broadband cost budgets are needed when the server is built. Resulting in a large increase in operating costs and a decrease in operating efficiency. In view of the above, a secure data transmission method based on the TCP/IP protocol is provided.
Disclosure of Invention
the invention aims to provide a secure data transmission method based on a TCP/IP protocol, which is used for a client to acquire data of a database in real time by establishing a server based on the TCP/IP protocol, thereby ensuring the safety and high efficiency of communication between a user and the database, improving the network transmission efficiency and reducing the operation cost.
In order to achieve the above purpose, the invention provides the following technical scheme:
a secure data transmission method based on TCP/IP protocol includes the following steps:
s1: finishing the communication establishment of a TCP/IP protocol between a server and a client;
s2: using a JSON server to send data to a server;
s3: the client side obtains data of the database in real time, distinguishes a packet header and a data body through a regular expression for sending data, distinguishes various data in the packet header through the regular expression, and judges whether to execute database operation or not.
in step S1, the data is encapsulated in JSON format in the transmission process; the step S2 of obtaining data from the database includes two ways, one is to directly send SQL statements, and the other is to negotiate and send command codes.
wherein, the TCP/IP protocol between the server and the client in the step S1 includes:
the database generates a UID with the length of 32 bits in the user table each time the client logs in, and then the UID is returned to the client, and the client stores the UID for later data acquisition.
the step S2 of sending data to the server by the JSON server to obtain database data includes the following steps:
s4: establishing a Map table in the class, wherein a primary key in the Map table is a client link sock value; the Map table is used for recording the data sent by each link and judging whether the data is complete data or not;
s5: after a piece of complete data is sent, distinguishing a packet header and a data body through a regular expression, and then distinguishing various data in the packet header through the regular expression;
S6: in the step S5, every two pieces of data in the header data are a group, which includes eight groups in total; the first group of header data is a transmission type and a safe UID, the second group of header data is a transmission data structure, the third group of header data is a data length, the fourth group of header data is a link mode, the fifth group of header data is a data compression mode, the sixth group of header data is a transmission code, the seventh group of header data is a user agent, and the eighth group of header data is an IP and a port;
S7: judging whether the length of the third group of header data is matched with the length of the data body, if so, executing database operation, if not, checking whether data are lost, if so, judging that the return is failed, if not, continuously judging whether the UID in the first group of header data is consistent with the UID in the database, if so, executing database operation, and if not, judging that the return is failed, and returning null data.
wherein, the directly sending SQL statements to acquire data comprises the following steps:
s8: receiving a link of a client;
S9: analyzing the data to judge whether the data length of the packet header is matched with the data body, if the data length of the packet header is not matched with the data body, returning to failure, and if the data length of the packet header is not matched with the data body, executing S10;
s10: if the first group of data is 'exec SQL with out result' data body representing SQL statement;
S11: judging whether the UID code is consistent with the UID code in the database, if so, continuing to execute S12, and if not, returning null data;
S12: data is issued to the database to allow the database to execute the data,
S13: and receiving data returned by the database, packaging the data into JSON format data and returning the data to the client.
wherein the acquiring data by negotiating to send a command code comprises the steps of:
S14: receiving a link of a client;
s15: analyzing the data to judge whether the data length of the packet header is matched with the data body, if the data length of the packet header is not matched with the data body, returning to failure, and if the data length of the packet header is not matched with the data body, executing S16;
S16: if the first group of data is the data body of 'exec sql with out result' representing the command code;
s17: judging whether the UID code is consistent with the UID code in the database, if so, continuing to execute S18, and if not, returning null data;
S18: issuing a command code to a database;
S19: after receiving the command code, the database analyzes the data, and then judges and executes a related command according to the command code to obtain the desired data;
s20: and receiving data returned by the database, packaging the data into JSON format data and returning the data to the client.
The invention has the advantages that the invention is used for the client to acquire the data of the database in real time by newly establishing a server based on the TCP/IP protocol, and utilizes the TCP/IP protocol as the basic communication framework of the internet; the JSON server is used for sending data to the server to obtain database data, the JSON data is a lightweight data exchange format, and is based on a subset of ECMAScript, a text format completely independent of a programming language is adopted to store and represent the data, so that the data can be conveniently read and written by people, meanwhile, the machine analysis and generation are easy, and the network transmission efficiency is effectively improved; the client side is directly sent data to obtain database data after being linked with the JSON server, login verification is not needed, operation efficiency can be improved, some complicated processes are omitted, and operation cost is reduced; meanwhile, in order to prevent other invalid clients or attackers from acquiring the data of the database, a safe UID is added to authenticate an effective client link when the data is transmitted, and the communication between a user and the database is safe and efficient.
Drawings
FIG. 1 is a flow chart of a method for implementing a secure data transmission based on TCP/IP protocol according to the present invention;
FIG. 2 is a flow chart of establishing a TCP/IP protocol between a server and a client in the present invention;
FIG. 3 is a flow chart of the steps of sending data to a server using a JSON server in the present invention;
FIG. 4 is a flowchart of a method for obtaining data from a database according to the present invention.
Detailed Description
the technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the following embodiments, unless otherwise specified, the technical means used are conventional means well known to those skilled in the art.
A secure data transmission method based on TCP/IP protocol includes the following steps:
S1: finishing the communication establishment of a TCP/IP protocol between a server and a client;
s2: using a JSON server to send data to a server;
S3: the client side obtains data of the database in real time, distinguishes a packet header and a data body through a regular expression for sending data, distinguishes various data in the packet header through the regular expression, and judges whether to execute database operation or not.
In the step S1, the data is encapsulated in JSON format in the transmission process; the step S2 of obtaining data from the database includes two ways, one is to directly send SQL statements, and the other is to negotiate and send command codes.
The invention builds a server based on TCP/IP protocol, the server is linked with the client through the network, the network is not limited to wide area network, metropolitan area network or local area network, the client is not limited to mobile phone, tablet computer and PC client; the method can be executed by a client and a TCP/IP protocol server together, and the construction of the TCP/IP protocol is completed by utilizing a library function of the server, for example, Active represents that a communication establishment state is represented, SendtoIP is an IP address of the client, recidata is a received data buffer area, senddata is a sent data buffer area, Send _ number is the number of the sent data, Recvnumber is the number of the received data, and Send is a mark bit; and the TCP/IP protocol is used as a basic communication framework of the Internet and is used for the client to acquire the data of the database in real time.
the invention obtains the database data by sending data to the server by using the JSON server, the JSON data is a light data exchange format, based on a subset of ECMAScript (js specification established by European computer Association), the JSON data adopts a text format completely independent of a programming language to store and represent the data, is convenient for human reading and writing, is easy for machine analysis and generation, and effectively improves the network transmission efficiency.
as shown in fig. 1, the TCP/IP protocol between the server and the client in step S1 includes:
The database generates a UID with the length of 32 bits in the user table each time the client logs in, and then the UID is returned to the client, and the client stores the UID for later data acquisition.
when the client side acquires the data of the database in real time, in order to prevent other invalid client sides or attackers from acquiring the data of the database, the invention adds a safe UID to authenticate that the link is an effective client side link when the data is transmitted, thereby ensuring the safe and efficient communication between the user and the database.
As shown in fig. 2, the step S2 of the JSON server sending data to the server to obtain database data includes the following steps:
s4: establishing a Map table in the class, wherein a primary key in the Map table is a client link sock value; the Map table is used for recording the data sent by each link and judging whether the data is complete data or not;
s5: after a piece of complete data is sent, distinguishing a packet header and a data body through a regular expression, and then distinguishing various data in the packet header through the regular expression;
s6: in the step S5, every two pieces of data in the header data are a group, which includes eight groups in total; the first group of header data is a transmission type and a safe UID, the second group of header data is a transmission data structure, the third group of header data is a data length, the fourth group of header data is a link mode, the fifth group of header data is a data compression mode, the sixth group of header data is a transmission code, the seventh group of header data is a user agent, and the eighth group of header data is an IP and a port;
S7: judging whether the length of the third group of header data is matched with the length of the data body, if so, executing database operation, if not, checking whether data are lost, if so, judging that the return is failed, if not, continuously judging whether the UID in the first group of header data is consistent with the UID in the database, if so, executing database operation, and if not, judging that the return is failed, and returning null data.
in the invention, a client side is linked with a JSON server and then directly sends data to obtain database data, the length of the data sent by the client side is not fixed and can be sent by a plurality of packets, so that a Map table is established in a class, and a main key in the Map table is a client side link sock value; the Map table is used for recording data sent by each link and judging whether the data is complete data or not, and judging whether database operation is performed or not after the data is sent to be complete data.
as shown in fig. 3, the directly sending SQL statements to obtain data includes the following steps:
s8: receiving a link of a client;
s9: analyzing the data to judge whether the data length of the packet header is matched with the data body, if the data length of the packet header is not matched with the data body, returning to failure, and if the data length of the packet header is not matched with the data body, executing S10;
s10: if the first group of data is 'exec SQL with out result' data body representing SQL statement;
s11: judging whether the UID code is consistent with the UID code in the database, if so, continuing to execute S12, and if not, returning null data;
S12: data is issued to the database to allow the database to execute the data,
s13: and receiving data returned by the database, packaging the data into JSON format data and returning the data to the client.
as shown in fig. 3, the acquiring data by negotiating the sending of the command code includes the following steps:
S14: receiving a link of a client;
s15: analyzing the data to judge whether the data length of the packet header is matched with the data body, if the data length of the packet header is not matched with the data body, returning to failure, and if the data length of the packet header is not matched with the data body, executing S16;
S16: if the first group of data is the data body of 'exec sql with out result' representing the command code;
s17: judging whether the UID code is consistent with the UID code in the database, if so, continuing to execute S18, and if not, returning null data;
s18: issuing a command code to a database;
s19: after receiving the command code, the database analyzes the data, and then judges and executes a related command according to the command code to obtain the desired data;
s20: and receiving data returned by the database, packaging the data into JSON format data and returning the data to the client.
The invention provides two data acquisition modes, one mode is to directly send SQL statements to acquire the data, and the other mode is to negotiate and send command codes to acquire the data, so that reliable visiting client side link is ensured.
the invention is used for acquiring database data in the transmission process based on the TCP/IP protocol network, and ensuring reliable client-side link; preventing other applications from acquiring data at will; meanwhile, the communication pressure of the main server can be shared, and the high-efficiency communication between the client and the database is improved.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, but rather as the intention of all modifications, equivalents, improvements, and equivalents falling within the spirit and scope of the invention.

Claims (5)

1. a secure data transmission method based on TCP/IP protocol is characterized by comprising the following steps:
s1: finishing the communication establishment of a TCP/IP protocol between a server and a client;
S2: using a JSON server to send data to a server;
s3: the client side acquires data of the database in real time, distinguishes a packet header and a data body for the transmitted data through a regular expression, distinguishes various data in the packet header through the regular expression and judges whether to execute database operation or not;
in the step S1, the data is encapsulated in JSON format in the transmission process; the step S2 of obtaining data from the database includes two ways, one is to directly send SQL statements, and the other is to negotiate and send command codes.
2. the method for secure data transmission based on TCP/IP protocol according to claim 1, wherein the TCP/IP protocol between the server and the client in step S1 includes:
the database generates a UID with the length of 32 bits in the user table each time the client logs in, and then the UID is returned to the client, and the client stores the UID for later data acquisition.
3. The secure data transmission method based on the TCP/IP protocol according to claim 1, wherein the step S2 of the JSON server sending data to the server to obtain the database data comprises the steps of:
s4: establishing a Map table in the class, wherein a primary key in the Map table is a client link sock value; the Map table is used for recording the data sent by each link and judging whether the data is complete data or not;
S5: after a piece of complete data is sent, distinguishing a packet header and a data body through a regular expression, and then distinguishing various data in the packet header through the regular expression;
s6: in the step S5, every two pieces of data in the header data are a group, which includes eight groups in total; the first group of header data is a transmission type and a safe UID, the second group of header data is a transmission data structure, the third group of header data is a data length, the fourth group of header data is a link mode, the fifth group of header data is a data compression mode, the sixth group of header data is a transmission code, the seventh group of header data is a user agent, and the eighth group of header data is an IP and a port;
s7: judging whether the length of the third group of header data is matched with the length of the data body, if so, executing database operation, if not, checking whether data are lost, if so, judging that the return is failed, if not, continuously judging whether the UID in the first group of header data is consistent with the UID in the database, if so, executing database operation, and if not, judging that the return is failed, and returning null data.
4. the method for secure data transmission based on TCP/IP protocol according to claim 1, wherein the directly sending SQL statement to obtain data comprises the following steps:
s8: receiving a link of a client;
S9: analyzing the data to judge whether the data length of the packet header is matched with the data body, if the data length of the packet header is not matched with the data body, returning to failure, and if the data length of the packet header is not matched with the data body, executing S10;
s10: if the first group of data is 'exec SQL with out result' data body representing SQL statement;
S11: judging whether the UID code is consistent with the UID code in the database, if so, continuing to execute S12, and if not, returning null data;
s12: data is issued to the database to allow the database to execute the data,
S13: and receiving data returned by the database, packaging the data into JSON format data and returning the data to the client.
5. A method for secure data transmission based on TCP/IP protocol according to claim 1, wherein said obtaining data by negotiating a transmission command code comprises the steps of:
s14: receiving a link of a client;
s15: analyzing the data to judge whether the data length of the packet header is matched with the data body, if the data length of the packet header is not matched with the data body, returning to failure, and if the data length of the packet header is not matched with the data body, executing S16;
s16: if the first group of data is the data body of 'exec sql with out result' representing the command code;
S17: judging whether the UID code is consistent with the UID code in the database, if so, continuing to execute S18, and if not, returning null data;
s18: issuing a command code to a database;
S19: after receiving the command code, the database analyzes the data, and then judges and executes a related command according to the command code to obtain the desired data;
s20: and receiving data returned by the database, packaging the data into JSON format data and returning the data to the client.
CN201910726808.0A 2019-08-07 2019-08-07 secure data transmission method based on TCP/IP protocol Pending CN110557380A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910726808.0A CN110557380A (en) 2019-08-07 2019-08-07 secure data transmission method based on TCP/IP protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910726808.0A CN110557380A (en) 2019-08-07 2019-08-07 secure data transmission method based on TCP/IP protocol

Publications (1)

Publication Number Publication Date
CN110557380A true CN110557380A (en) 2019-12-10

Family

ID=68737046

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910726808.0A Pending CN110557380A (en) 2019-08-07 2019-08-07 secure data transmission method based on TCP/IP protocol

Country Status (1)

Country Link
CN (1) CN110557380A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112714181A (en) * 2020-12-25 2021-04-27 北京四维纵横数据技术有限公司 Data transmission method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102340506A (en) * 2011-09-29 2012-02-01 广东高新兴通信股份有限公司 Multimedia data transmission system and application method thereof
CN102882772A (en) * 2012-10-15 2013-01-16 北京推博信息技术有限公司 Instant messaging data transmission method, client, server and system
WO2019028673A1 (en) * 2017-08-08 2019-02-14 深圳先进技术研究院 B/s architecture-based data communication system and method, web server, and monitoring system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102340506A (en) * 2011-09-29 2012-02-01 广东高新兴通信股份有限公司 Multimedia data transmission system and application method thereof
CN102882772A (en) * 2012-10-15 2013-01-16 北京推博信息技术有限公司 Instant messaging data transmission method, client, server and system
WO2019028673A1 (en) * 2017-08-08 2019-02-14 深圳先进技术研究院 B/s architecture-based data communication system and method, web server, and monitoring system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112714181A (en) * 2020-12-25 2021-04-27 北京四维纵横数据技术有限公司 Data transmission method and device

Similar Documents

Publication Publication Date Title
US11425047B2 (en) Traffic analysis method, common service traffic attribution method, and corresponding computer system
CN104199927B (en) Data processing method and data processing equipment
EP3275162B1 (en) Systems and techniques for web communication
CN112822167B (en) Abnormal TLS encrypted traffic detection method and system
CN106789934A (en) A kind of network equipment recognition methods and system
JP2011512730A5 (en)
CN113835902B (en) Data processing method, device, computer equipment and storage medium
CN105119722A (en) Identity verification method, equipment and system
Gligorić et al. Performance evaluation of compact binary XML representation for constrained devices
CN102255914B (en) Android network application program information verification method
CN106656919B (en) A kind of session analytic method and system based on Telnet agreement
CN102340523B (en) Mobile terminal and method for down loading, server and data transmission method for uplink
KR20170047856A (en) Method and Apparatus for Analysis of Log Data
CN109525370A (en) Data packet sending method based on zigbee
CN110557380A (en) secure data transmission method based on TCP/IP protocol
US20180083777A1 (en) Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols
CN111369237A (en) Data processing method and device and computer storage medium
US9723091B1 (en) Variable length protocol using serialized payload with compression support
CN105207829B (en) Intrusion detection data processing method, device and system
CN110167193A (en) WiFi matches network method and WiFi equipment automatically
CN102938771B (en) A kind of method and system of network application fire compartment wall
JP4610233B2 (en) Data link layer and physical layer protocol independent supplicant and authenticator interconnection mechanisms
CN107104919A (en) The processing method of firewall box, SCTP SCTP packet
CN108989409A (en) Communication means and system, client, the server of mixed mode mobile application
EP3691346B1 (en) Modem and communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20240514

Address after: Room G1650, 4th Floor, Building 1, Phase III, International Enterprise Center, No. 1 Guanggu Avenue, Donghu New Technology Development Zone, Wuhan City, Hubei Province, 430205

Applicant after: Hubei Yueyan Technology Co.,Ltd.

Country or region after: China

Address before: Building 7, 201, No. 97 Changping Road, Shahe Town, Changping District, Beijing, 102206

Applicant before: BEIJING SHOUBEI TECHNOLOGY DEVELOPMENT CO.,LTD.

Country or region before: China