CN110808993A - Data transmission control method, device, computer system and medium - Google Patents

Data transmission control method, device, computer system and medium Download PDF

Info

Publication number
CN110808993A
CN110808993A CN201911092217.9A CN201911092217A CN110808993A CN 110808993 A CN110808993 A CN 110808993A CN 201911092217 A CN201911092217 A CN 201911092217A CN 110808993 A CN110808993 A CN 110808993A
Authority
CN
China
Prior art keywords
data
request data
condition
identifier
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911092217.9A
Other languages
Chinese (zh)
Inventor
张在兴
樊宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JD Digital Technology Holdings Co Ltd
Original Assignee
JD Digital Technology Holdings Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JD Digital Technology Holdings Co Ltd filed Critical JD Digital Technology Holdings Co Ltd
Priority to CN201911092217.9A priority Critical patent/CN110808993A/en
Publication of CN110808993A publication Critical patent/CN110808993A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure provides a data transmission control method for an intermediate system, wherein the intermediate system and a server are deployed in a first network. The method comprises the following steps: intercepting request data from a client deployed in a second network, wherein the request data comprises a source identifier; determining whether the source identifier meets a first filtering condition; and under the condition that the source identifier does not accord with a first filtering condition and the request data carries a decryption identifier, decrypting an encrypted message body of the request data so as to obtain plaintext request data, and sending the plaintext request data to the server through the first network. The present disclosure also provides a data transmission control apparatus for an intermediate system, a data transmission control method and apparatus for a client, a computer system, and a computer-readable storage medium.

Description

Data transmission control method, device, computer system and medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a data transmission control method and apparatus for an intermediate system, a computer system, and a medium.
Background
In a scenario of data transmission between a client and a server, one data transmission scheme is as follows: the client and the server appoint a transmission mode (plaintext transmission or ciphertext transmission), and then data transmission is carried out according to the appointed transmission mode. If the transmission mode is switched, the transmission mode needs to be agreed again between the client and the server and then data transmission is carried out, and the switching process is complicated and quick switching cannot be carried out.
Disclosure of Invention
In view of the above, the present disclosure provides an improved data transmission control method and apparatus.
One aspect of the present disclosure provides a data transmission control method for an intermediate system, where the intermediate system and a server are deployed in a first network. The method comprises the following steps: request data from a client deployed on a second network is intercepted, the request data including an identification of a source. It is then determined whether the source identification meets a first filtering condition. And under the condition that the source identifier does not accord with the first filtering condition and the request data carries the decryption identifier, decrypting the encrypted message body of the request data so as to obtain plaintext request data, and sending the plaintext request data to the server through the first network.
According to an embodiment of the present disclosure, the method further includes: and under the condition that the source identification meets the first filtering condition, directly sending the request data to the server through the first network.
According to an embodiment of the present disclosure, the method further includes: and under the condition that the source identifier does not accord with the first filtering condition and the request data does not carry the decryption identifier, sending the request data to the server through the first network.
According to an embodiment of the present disclosure, the method further includes: and acquiring a request URI of the request data, wherein the request URI is used as the source identifier. And matching the request URI with a preset filtering exclusion list, and if the matching is successful, determining that the source identifier of the request data meets a first filtering condition.
According to an embodiment of the present disclosure, the method further includes: and under the condition that the source identifier does not accord with the first filtering condition and the request data carries the decryption identifier, determining whether the value of the decryption identifier is a preset character string. If so, decrypting the cookie data carried by the request data so as to obtain the plaintext cookie data. The sending the plaintext request data to the server via the first network includes: and sending the plaintext request data carrying the plaintext cookie data to the server through the first network.
According to an embodiment of the present disclosure, the method further includes: and determining whether the message header of the request data has the decryption identifier, and if so, determining that the request data carries the decryption identifier.
According to an embodiment of the present disclosure, the method further includes: response data is received from the server, the response data including a destination identification. It is then determined whether the destination identification meets a second filtering condition. And under the condition that the destination identification does not meet the second filtering condition, encrypting the message body of the response data so as to obtain the response data containing the encrypted message body, and sending the response data containing the encrypted message body to the client.
According to an embodiment of the present disclosure, the method further includes: and under the condition that the destination identification meets the second filtering condition, directly sending response data to the client meeting the destination identification.
According to an embodiment of the present disclosure, the method further includes: and in the case that the destination identifier does not meet the second filtering condition, adding an encryption identifier to the response data containing the encrypted message body.
According to an embodiment of the present disclosure, the method further includes: and in the case that the destination identification does not meet the second filtering condition, encrypting the cookie data carried by the response data so as to obtain encrypted cookie data. The adding of the encrypted identifier to the response data containing the encrypted message body includes: and adding an encryption identifier in the message header of the response data, and setting the value of the encryption identifier as a preset character string. The sending of the response data containing the encrypted message body to the client includes: and sending response data which carries the encrypted cookie data and contains the encrypted message body to the client.
Another aspect of the present disclosure provides a data transmission control method for a client deployed in a second network. The method comprises the following steps: it is determined whether the client meets a first filtering condition. And under the condition that the client does not accord with the first filtering condition, determining whether the message body of the request data accords with the first encryption condition. If so, encrypting the message body of the request data, and adding a decryption identifier in the request data so as to obtain ciphertext request data which contains the encrypted message body and carries the decryption identifier. And then, the ciphertext request data are sent to an intermediate system deployed in the first network, the intermediate system decrypts the ciphertext request data based on the decryption identifier to obtain plaintext request data, and the intermediate system sends the plaintext request data to a server deployed in the first network.
According to an embodiment of the present disclosure, the method further includes: and under the condition that the message body of the request data is determined to accord with the first encryption condition, determining whether cookie data carried by the request data accords with a second encryption condition. If so, encrypting the cookie data carried by the ciphertext request data so as to obtain encrypted cookie data, and setting the value of the decryption identifier as a predetermined character string. The sending the ciphertext request data to the intermediate system deployed in the first network includes: and sending the ciphertext request data carrying the encrypted cookie data to the intermediate system.
Another aspect of the present disclosure provides a data transmission control apparatus for an intermediate system, where the intermediate system and a server are deployed in a first network. The data transmission control device for the intermediate system includes: the device comprises an interception module, a determination module and a processing module. The intercepting module is used for intercepting request data from a client deployed in a second network, wherein the request data comprises a source identifier. The determining module is used for determining whether the source identification meets the first filtering condition. The processing module is used for decrypting the encrypted message body of the request data under the condition that the source identifier does not accord with the first filtering condition and the request data carries the decryption identifier so as to obtain plaintext request data, and sending the plaintext request data to the server through the first network.
Another aspect of the present disclosure provides a data transmission control apparatus for a client,
the client is deployed in a second network. The device includes: the device comprises a first judging module, a second judging module, an encrypting module and a sending module. The first judging module is used for determining whether the client side meets the first filtering condition. The second determination module is used for determining whether the message body of the request data meets the first encryption condition or not under the condition that the client does not meet the first filtering condition. And the encryption module is used for encrypting the message body of the request data under the condition that the message body meets the first encryption condition, and adding a decryption identifier in the request data so as to obtain ciphertext request data which contains the encrypted message body and carries the decryption identifier. The sending module is used for sending the ciphertext request data to an intermediate system deployed in a first network, the intermediate system decrypts the ciphertext request data based on the decryption identifier to obtain plaintext request data, and the intermediate system sends the plaintext request data to a server deployed in the first network. Another aspect of the present disclosure provides a computer system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method as described above when executing the program.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the disclosure, when data transmission is performed between the intermediate system and the server, since the two transmission parties are deployed in the same network environment, the security trust degree of the data transmission is high, and plaintext transmission can be performed. When data transmission is performed between an intermediate system or a server and a client, as the two transmission parties are deployed in different network environments and used as external network communication, the security trust degree of data transmission is low, and more important data needs to be transmitted through a ciphertext. The data transmission method according to the embodiment of the disclosure provides a scheme for the intermediate system to perform targeted processing on the request data from the client. For the client, plaintext transmission or ciphertext transmission can be freely selected as required during data transmission, for example, ciphertext transmission is performed on data related to user privacy, plaintext transmission is performed on test data during testing, handshake engagement is not required to be performed before transmission modes are switched every time, and only a decryption identifier needs to be added into request data. For the server, whether the client sends plaintext data or ciphertext data, the plaintext data from the intermediate system can be received through targeted processing of the intermediate system. The method and the device realize the quick switching of the transmission modes and give consideration to the safety and the efficiency of data transmission.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture of an application data transmission control method and apparatus according to an embodiment of the present disclosure;
fig. 2 schematically shows an architecture diagram of an application data transmission control method according to an embodiment of the present disclosure;
fig. 3 schematically illustrates a flow chart of a data transmission control method for an intermediate system according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates an example schematic of a request message according to an embodiment of the disclosure;
fig. 5 schematically illustrates an example flow diagram of a data transfer process for an intermediate system in accordance with an embodiment of this disclosure;
fig. 6 schematically shows a flow chart of a data transmission control method for a client according to an embodiment of the present disclosure;
fig. 7 schematically shows a block diagram of a data transmission control apparatus for an intermediate system according to an embodiment of the present disclosure;
fig. 8 schematically shows a block diagram of a data transmission control apparatus for a client according to an embodiment of the present disclosure; and
FIG. 9 schematically shows a block diagram of a computer system according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The embodiment of the disclosure provides a data transmission control method and device for an intermediate system, wherein the intermediate system and a server are deployed in a first network, and data transmission between the intermediate system and the server is in the same network, so that the intermediate system and the server have higher security trust level. The method comprises the following steps: an interception procedure, a first sending procedure and a second sending procedure. In the intercepting process, the intermediate system intercepts request data from a client deployed in the second network, the request data including a source identification. In the case where the source identifier meets the first filtering condition, the first sending process may be performed if it is determined that the request data is plaintext data. And directly sending the request data to the server through the first network. And under the condition that the source identifier does not accord with the first filtering condition and the request data carries the decryption identifier, determining that the request data is ciphertext data, and performing a second sending process. The encrypted message body of the request data is decrypted to obtain plaintext request data, and then the plaintext request data is sent to the server through the first network.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which the data transmission control method and apparatus may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104 and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as various wired, wireless communication links, and so forth.
The terminal devices 101, 102, 103 may perform data transmission with the server 105 through the network 104 to receive or transmit messages or the like. The terminal devices 101, 102, 103 may have various client applications installed thereon, such as a web browser application, an instant messaging application, a mailbox client application, and the like, without limitation.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server capable of providing various services, such as a background management server (for example only) that provides support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received request data, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the request data) to the terminal device.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired.
In a scenario of data transmission between a client and a server, one data transmission scheme is as follows: the client and the server appoint a transmission mode (plaintext transmission or ciphertext transmission), and then data transmission is carried out according to the appointed transmission mode. And if the transmission modes are not switched, data transmission is always carried out according to the same transmission mode. In this case, if plaintext transmission is always used, the data security is too low, and if ciphertext transmission is always used, some data (for example, data in development and test stages) is not necessary. If the transmission mode is switched, the transmission mode needs to be agreed again between the client and the server and then data transmission is carried out, and the switching process is complicated and quick switching cannot be carried out.
Fig. 2 schematically shows an architecture diagram of an application data transmission control method according to an embodiment of the present disclosure.
As shown in fig. 2, according to the embodiment of the present disclosure, an intermediate system 230 is further deployed between the client 210 and the server 220, the intermediate system 230 and the server 220 are in the same network environment (e.g., a first network), and one or more clients 210 are in another network environment (e.g., a second network). A data transmission control method for an intermediate system is provided according to an embodiment of the present disclosure, and is explained below from the perspective of the intermediate system. It should be noted that the sequence numbers of the respective operations in the following methods are merely used as representations of the operations for description, and should not be construed as representing the execution order of the respective operations. The method need not be performed in the exact order shown, unless explicitly stated.
Fig. 3 schematically shows a flow chart of a data transmission control method for an intermediate system according to an embodiment of the present disclosure.
As shown in fig. 3, the method may include operations S301 to S303 as follows.
In operation S301, request data from a client deployed in a second network is intercepted.
Wherein the request data includes a source identifier to characterize a source of the request data.
Next, in operation S302, it is determined whether the source identifier meets a first filtering condition.
Wherein the first filter condition is used for screening out the request data which is determined to be transmitted in the clear. When the source identification in the request data meets the first filtering condition, the request data is indicated to be plaintext data, and the intermediate system can directly forward the request data to the server without processing. The filtering process based on the first filtering condition can greatly reduce the workload of the intermediate system and improve the data transmission efficiency.
Next, in operation S303, under the condition that the source identifier does not meet the first filtering condition and the request data carries the decryption identifier, the encrypted body (body) of the request data is decrypted to obtain plaintext request data, and the plaintext request data is sent to the server via the first network.
When the source identification in the request data does not meet the first filtering condition, the source identification indicates that the request data can be plaintext data or ciphertext data. Whether the request data carries a decryption identifier needs to be further judged, and the decryption identifier is used for representing whether the request data needs to be decrypted. And if the request data carries the decryption identification, the request data is indicated to be ciphertext data, and the request data needs to be decrypted by the intermediate system and then sent to the server. If the request data does not carry the decryption identification, the request data is indicated to be plaintext data, and the intermediate system can directly send the plaintext data to the server.
Those skilled in the art can understand that when data transmission is performed between the intermediate system and the server, since both transmission parties are deployed in the same network environment, the security trust degree of data transmission is high, and plaintext transmission can be performed. When data transmission is performed between an intermediate system or a server and a client, as the two transmission parties are deployed in different network environments and used as external network communication, the security trust degree of data transmission is low, and more important data needs to be transmitted through a ciphertext. The data transmission method according to the embodiment of the disclosure provides a scheme for the intermediate system to perform targeted processing on the request data from the client. For the client, plaintext transmission or ciphertext transmission can be freely selected as required during data transmission, for example, ciphertext transmission is performed on data related to user privacy, plaintext transmission is performed on test data during testing, handshake engagement is not required to be performed before transmission modes are switched every time, and only a decryption identifier needs to be added into request data. For the server, whether the client sends plaintext data or ciphertext data, the plaintext data from the intermediate system can be received through targeted processing of the intermediate system. The method and the device realize the quick switching of the transmission modes and give consideration to the safety and the efficiency of data transmission.
Further, the data transmission control method for the intermediate system according to the embodiment of the present disclosure may further include: and under the condition that the source identification meets the first filtering condition, directly sending the request data to the server through the first network.
For example, when determining whether the source Identifier in the request data meets the first filtering condition, a request URI (Uniform Resource Identifier) of the request data may be obtained, and the request URI may be used as the source Identifier of the request data. The request URI is then matched against a pre-set filter exclusion list, which may be a partial match or a full match, without limitation. If the matching is successful, the source identification of the request data is determined to meet the first filtering condition.
For example, a filter exclusion list is preset by the server, and the filter exclusion list includes URIs associated with one or more clients that have been determined to always use plaintext transmission with the server. The filtering exclusion list is transmitted to the intermediate system in the form of a JAR File (Java Archive File), and the filtering exclusion list is acquired based on the JAR File when the intermediate system is started.
For another example, the filter exclusion list includes path information of one or more clients that have been determined to always use plaintext transmission with the server, where the path information is a part of the URI.
Further, some request data carry cookie data, and in order to protect data security in the cookie data, the data transmission method for the intermediate system according to the embodiment of the present disclosure further provides switching of whether the cookie data is ciphertext data and a transmission mode of the cookie data. Illustratively, in the case that the source identifier in the request data does not meet the first filtering condition and the request data carries the decryption identifier, it is further determined whether a value of the decryption identifier is a predetermined character string. If so, the cookie data carried by the request data is indicated to be ciphertext transmission, so the intermediate system needs to decrypt the cookie data carried by the request data so as to obtain plaintext cookie data. On this basis, the sending the plaintext request data to the server via the first network includes: and sending the plaintext request data carrying the plaintext cookie data to a server through a first network. If not, the cookie data carried by the request data is transmitted in the clear text, so that the intermediate system does not need to decrypt the cookie data, and only needs to decrypt the message body in the request data.
According to the scheme of the embodiment, the client can flexibly select the transmission mode of the request data and further deeply select whether to encrypt the cookie data carried by the request data after selecting encryption transmission. Ciphertext transmission in the related art only ensures the safe transmission of the message body of the request data, and lacks the protection of data in cookie data. For example, in the case that cookie data contains user sensitive information (such as login information of a user), the protection of the cookie data is very important. The intermediate system may determine whether the cookie data needs to be decrypted based on the value of the decryption identifier.
For example, the decryption identifier may be disposed in a header (header) of the request data, so that the intermediate system only needs to determine whether the decryption identifier exists in the header when determining whether the request data carries the decryption identifier, and if so, determines that the request data carries the decryption identifier.
Fig. 4 schematically illustrates an example schematic diagram of a request message according to an embodiment of the disclosure.
As shown in fig. 4, taking HTTP (hypertext Transfer Protocol) request data as an example, the HTTP request data may include a request line 410, a header 420, and a body 430. The request line 410 may include a request method 411, a request URI 412, and an HTTP protocol and version 413. In this example, the request method 411 is a POST method, and the request URI 412 is a URL address, which, in combination with the Host attribute in the header 420, is a complete request URL. The header 420 may include a plurality of attributes, such as an Accept attribute (specifying a type of Content that the client can receive), an Accept-Language attribute (specifying a Language acceptable to the client), a User-Agent attribute (containing information of a User who issued the request), a Host attribute (specifying a domain name and a port number of a server for the request), a Content-Length attribute (Length of Content of the request), a Connection attribute (indicating whether persistent Connection is required), a cookie attribute, and the like, each of which is recorded in the form of a key-value pair (key-value). The "name & password & 1234 & realName" in the body 430 records the user name, password and real name in the form of key-value pairs.
For example, the field "wpe" is predefined as the decryption identifier described above. The intermediate system blocks the HTTP request data shown in the screenshot 4 and first obtains the request URI of the HTTP request data. And matching the request URI with a preset filtering exclusion list, and if the matching is successful, sending the HTTP request data to a corresponding server by the intermediate system. If the matching fails, the intermediate system further checks whether the header of the HTTP request data contains an "wpe" field. If the HTTP request data is not included in the example shown in fig. 4, the intermediate system transmits the HTTP request data to the corresponding server. If the message header of the HTTP request data contains the "wpe" field, the intermediate system determines that the HTTP request data carries the decryption identifier, and further checks whether the value of the "wpe" field is equal to a predetermined string (for example, the predetermined string is "cookie"). If so, determining that the message body and the cookie data (namely the cookie attribute) in the HTTP request data are ciphertext transmission, decrypting both the message body and the cookie data to obtain plaintext HTTP request data, and then sending the plaintext HTTP request data to the server. If the value of the 'wpe' field is not equal to the predetermined character string, only the message body in the HTTP request data is determined to be ciphertext transmission, the message body is decrypted to obtain plaintext HTTP request data, and then the plaintext HTTP request data is sent to the server.
The request process of data transmission has been explained above, and the response process of data transmission is explained below. The data transmission method for the intermediate system according to the embodiment of the present disclosure may further include: response data is received from the server, the response data including a destination identification. Then, in the case where the destination identifier meets the second filtering condition, the response data is sent to the client meeting the destination identifier. And then, under the condition that the destination identifier does not accord with the second filtering condition, encrypting the message body of the response data so as to obtain the response data containing the encrypted message body, and sending the response data containing the encrypted message body to the client conforming to the destination identifier.
Illustratively, the destination identifies an identification information for characterizing a transmission target of the response data, for example, a client as a transmission target of the response data. And matching the identification information with the filtering exclusion list, wherein if the matching is successful, the clear text transmission of the response data can be performed. If the matching fails, the ciphertext transmission of the response data is required.
In order to enable the client receiving the response data to determine whether the response data is encrypted, the intermediate system encrypts the message body of the response data to obtain the response data containing the encrypted message body, and then adds an encryption identifier to the response data containing the encrypted message body.
In some cases, the response data carries cookie data. If the cookie data records more important information, the cookie data is encrypted and then transmitted to the client. The data transmission method for the intermediate system according to the embodiment of the present disclosure may further include: and in the case that the destination identification of the response data does not meet the second filtering condition, encrypting the cookie data carried by the response data so as to obtain encrypted cookie data. On this basis, the above-mentioned adding the encrypted identifier to the response data containing the encrypted message body includes: and adding an encryption identifier in the message header of the response data, and setting the value of the encryption identifier as a preset character string. The sending of the response data containing the encrypted message body to the corresponding client includes: and sending the response data carrying the encrypted cookie data and the encrypted message body to the corresponding client.
In other cases, if the cookie data carried by the response data does not record important information, only the message body of the response file needs to be encrypted, and the encryption of the cookie data is not considered any more.
In one embodiment of the present disclosure, the processing of the response data returned by the intermediate system for the server may be performed as follows: illustratively, the response data a is issued for the request data a. In case 1, if the intermediate system decrypts the packet body of the request data a but does not decrypt the cookie data, that is, when the client sends the request data a, the packet body is in a ciphertext form and the cookie data is in a plaintext form, the intermediate system encrypts only the packet body of the response data a, but does not encrypt the cookie data carried by the response data a, so that the packet body of the response data a is sent to the client in the ciphertext form, and the cookie data is sent to the client in the plaintext form. In case 2, if the intermediate system decrypts the message body of the request data a and decrypts the cookie data, that is, when the client sends the request data a, the message body is in a ciphertext form and the cookie data is in a ciphertext form, the intermediate system encrypts the message body of the response data a and encrypts the cookie data carried by the message body of the response data a, so that both the message body of the response data a and the cookie data are sent to the client in a ciphertext form. In case 3, if the message body and the cookie data are both in plaintext form when the client transmits the request data a, the intermediate system does not need to encrypt the message body and the cookie data of the response data a, so that the message body and the cookie data of the response data a are both transmitted to the client in plaintext form.
Fig. 5 schematically illustrates an example flow diagram of a data transmission process for an intermediate system in accordance with an embodiment of this disclosure.
As shown in fig. 5, taking HTTP data transmission as an example, after data transmission is started, HTTP request data is intercepted in operation S501.
Then, in operation S502, it is determined whether a request path in the HTTP request data is a filtering exclusion path. If so, operation S503 is performed, and if not, operation S504 is performed.
In this operation, the request path is a part of the request URI of the HTTP request data, and the filter exclusion list above records a plurality of pieces of path information, which are referred to as "filter exclusion paths".
In operation S503, the HTTP request data is pushed to the server, and then operation S504 is performed.
In operation S504, HTTP response data from the server is acquired, and then operation S511 is performed.
In operation S505, it is determined whether a decryption flag exists in the HTTP request data. If so, operation S506 is performed, and if not, operation S503 is performed.
In operation S506, the body of the HTTP request is decrypted.
In operation S507, it is determined whether the value of the decryption flag is equal to "cookie". If so, operation S508 is performed, and if not, operation S509 is performed.
In the present operation, "cookie" is taken as a specific example of the predetermined character string, and in other examples, the predetermined character string may be arbitrarily set as needed.
In operation S508, cookie data carried by the HTTP request data is decrypted.
In operation S509, the decrypted HTTP request data is pushed to the server.
In operation S510, HTTP response data from the server is obtained, a packet body of the HTTP response data is encrypted, and an encryption identifier is added to the HTTP response data.
In operation S511, the HTTP response data is pushed to the client.
This data transmission is ended.
Corresponding to the data transmission method for the intermediate system described in the foregoing embodiments, according to an embodiment of the present disclosure, there is also provided a data transmission control method for a client. For example, the method may be applied to the client 210 deployed in the second network as shown in fig. 2, and the client 210 cooperates with the intermediate system 230 through the data transmission control method for the client to finally send the plaintext request data to the server 220. The following description is from the perspective of a client.
Fig. 6 schematically shows a flowchart of a data transmission control method for a client according to an embodiment of the present disclosure.
As shown in fig. 6, the method may include operations S601 to S604 as follows.
In operation S601, it is determined whether the client meets a first filtering condition.
The meaning of the first filtering condition is described in detail above, and is not described herein again. For example, the client may determine whether the first filtering condition is met based on the identification information of the client, and if the first filtering condition is met, the client is indicated that the client has agreed with the server in advance to transmit the request data in the clear text. If not, the client can select plaintext transmission or ciphertext transmission according to actual needs.
Then, in operation S602, in a case where the client does not comply with the first filtering condition, it is determined whether a packet body of the request data complies with the first encryption condition.
Next, in operation S603, if yes, the message body of the request data is encrypted, and a decryption identifier is added to the request data, so as to obtain ciphertext request data that includes the encrypted message body and carries the decryption identifier.
The process of encrypting the message body by the client corresponds to the process of decrypting the encrypted message body by the intermediate system in the above, and the meaning of the decryption identifier is described in detail in the above, and is not described again here.
Next, in operation S604, the ciphertext request data is sent to an intermediate system deployed in the first network, the intermediate system decrypts the ciphertext request data based on the decryption identifier to obtain plaintext request data, and the intermediate system sends the plaintext request data to a server deployed in the first network.
Those skilled in the art can understand that when data transmission is performed between the intermediate system and the server, since both transmission parties are deployed in the same network environment, the security trust degree of data transmission is high, and plaintext transmission can be performed. When data transmission is performed between an intermediate system or a server and a client, as the two transmission parties are deployed in different network environments and used as external network communication, the security trust degree of data transmission is low, and more important data needs to be transmitted through a ciphertext. The data transmission method according to the embodiment of the disclosure provides a scheme for the client to perform targeted processing on the request data before sending the request data to the intermediate system. For the client, plaintext transmission or ciphertext transmission can be freely selected as required during data transmission, for example, ciphertext transmission is performed on data related to user privacy, plaintext transmission is performed on test data during testing, handshake engagement is not required to be performed before transmission modes are switched every time, and only a decryption identifier needs to be added into request data. For the server, whether the client sends plaintext data or ciphertext data, the plaintext data from the intermediate system can be received through targeted processing of the intermediate system. The method and the device realize the quick switching of the transmission modes and give consideration to the safety and the efficiency of data transmission.
According to an embodiment of the present disclosure, the data transmission control method for a client according to an embodiment of the present disclosure may further include: and under the condition that the message body of the request data is determined to accord with the first encryption condition, further determining whether cookie data carried by the request data accords with a second encryption condition. If so, encrypting the cookie data carried by the ciphertext request data so as to obtain encrypted cookie data, and setting the value of the decryption identifier as a predetermined character string. The sending the ciphertext request data to the intermediate system deployed in the first network includes: and sending the ciphertext request data carrying the encrypted cookie data to the intermediate system. After confirming that the value of the decryption identification is the preset character string, the intermediate system decrypts the message body and the cookie data, and finally sends the plaintext request data to the server.
Fig. 7 schematically shows a block diagram of a data transmission control apparatus for an intermediate system according to an embodiment of the present disclosure. The intermediate system and the server are deployed in the first network.
As shown in fig. 7, the data transmission control apparatus 700 for an intermediate system includes: an interception module 710, a determination module 720, and a processing module 730.
The interception module 710 is configured to intercept request data from a client deployed on a second network, the request data including a source identification.
The determining module 720 is used for determining whether the source identifier meets the first filtering condition.
The processing module 730 is configured to decrypt the encrypted packet body of the request data to obtain plaintext request data when the source identifier does not meet the first filtering condition and the request data carries the decryption identifier, and send the plaintext request data to the server via the first network.
Fig. 8 schematically shows a block diagram of a data transmission control apparatus for a client according to an embodiment of the present disclosure. Wherein the client is deployed in a second network.
As shown in fig. 8, the data transmission control apparatus 800 for a client includes: a first determination module 810, a second determination module 820, an encryption module 830, and a transmission module 840.
The first determination module 810 is used to determine whether the client meets the first filtering criteria.
The second determining module 820 is configured to determine whether the packet body of the request data meets the first encryption condition or not, if the client does not meet the first filtering condition.
The encryption module 830 is configured to encrypt the message body of the request data and add a decryption identifier to the request data when the message body meets the first encryption condition, so as to obtain ciphertext request data that includes the encrypted message body and carries the decryption identifier.
The sending module 840 is configured to send the ciphertext request data to an intermediate system deployed in the first network, where the intermediate system decrypts the ciphertext request data based on the decryption identifier to obtain plaintext request data, and sends the plaintext request data to a server deployed in the first network. It should be noted that the implementation, solved technical problems, implemented functions, and achieved technical effects of each module/unit/subunit and the like in the apparatus part embodiment are respectively the same as or similar to the implementation, solved technical problems, implemented functions, and achieved technical effects of each corresponding step in the method part embodiment, and are not described herein again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any of the intercepting module 710, the determining module 720, and the processing module 730 may be combined in one module to be implemented, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the intercepting module 710, the determining module 720, and the processing module 730 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, at least one of the intercepting module 710, the determining module 720, and the processing module 730 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
FIG. 9 schematically shows a block diagram of a computer system suitable for implementing the above described method according to an embodiment of the present disclosure. The computer system illustrated in FIG. 9 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 9, a computer system 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. Processor 901 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the system 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
System 900 may also include an input/output (I/O) interface 905, input/output (I/O) interface 905 also connected to bus 904, according to an embodiment of the present disclosure. The system 900 may also include one or more of the following components connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 902 and/or the RAM 903 described above and/or one or more memories other than the ROM 902 and the RAM 903.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (16)

1. A data transmission control method for an intermediate system, the intermediate system and a server being deployed in a first network, the method comprising:
intercepting request data from a client deployed in a second network, wherein the request data comprises a source identifier;
determining whether the source identifier meets a first filtering condition; and
and under the condition that the source identifier does not accord with a first filtering condition and the request data carries a decryption identifier, decrypting an encrypted message body of the request data so as to obtain plaintext request data, and sending the plaintext request data to the server through the first network.
2. The method of claim 1, further comprising:
and sending the request data to the server side through the first network under the condition that the source identification meets a first filtering condition.
3. The method of claim 1, further comprising:
and under the condition that the source identifier does not accord with a first filtering condition and the request data does not carry a decryption identifier, sending the request data to the server through the first network.
4. The method of claim 1, wherein the determining whether the source identification meets a first filtering condition comprises:
acquiring a request URI of the request data, wherein the request URI is used as the source identifier;
matching the request URI with a preset filtering exclusion list; and
and if the matching is successful, determining that the source identification of the request data meets the first filtering condition.
5. The method of claim 1, further comprising:
under the condition that the source identifier does not accord with a first filtering condition and the request data carries a decryption identifier, determining whether the value of the decryption identifier is a predetermined character string; and
if so, decrypting the cookie data carried by the request data so as to obtain plaintext cookie data;
the sending the plaintext request data to the server via the first network comprises: and sending the plaintext request data carrying the plaintext cookie data to the server through the first network.
6. The method of claim 1, further comprising:
determining whether the decryption identification exists in a message header of the request data; and
if so, determining that the request data carries the decryption identification.
7. The method of claim 1, further comprising:
receiving response data from the server, wherein the response data comprises destination identification;
determining whether the destination identification meets a second filtering condition; and
and under the condition that the destination identifier does not meet a second filtering condition, encrypting the message body of the response data so as to obtain response data containing the encrypted message body, and sending the response data containing the encrypted message body to the client.
8. The method of claim 7, further comprising: and sending the response data to the client conforming to the destination identification under the condition that the destination identification conforms to a second filtering condition.
9. The method of claim 7, further comprising:
and in the case that the destination identifier does not meet the second filtering condition, adding an encryption identifier in the response data containing the encrypted message body.
10. The method of claim 9, further comprising: under the condition that the destination identification does not accord with the second filtering condition, encrypting the cookie data carried by the response data so as to obtain encrypted cookie data;
the adding of the encrypted identifier to the response data containing the encrypted message body comprises: adding the encryption identifier in a message header of the response data, and setting the value of the encryption identifier as a preset character string;
the sending the response data containing the encrypted message body to the client comprises: and sending response data which carries the encrypted cookie data and contains the encrypted message body to the client.
11. A data transmission control method for a client deployed in a second network, the method comprising:
determining whether the client meets a first filtering condition;
determining whether a message body of request data meets a first encryption condition or not under the condition that the client does not meet the first filtering condition;
if so, encrypting the message body of the request data, and adding a decryption identifier in the request data so as to obtain ciphertext request data which contains the encrypted message body and carries the decryption identifier; and
and sending the ciphertext request data to an intermediate system deployed in a first network, decrypting the ciphertext request data by the intermediate system based on the decryption identifier to obtain plaintext request data, and sending the plaintext request data to a server deployed in the first network by the intermediate system.
12. The method of claim 11, further comprising:
under the condition that the message body of the request data is determined to accord with the first encryption condition, determining whether cookie data carried by the request data accords with a second encryption condition; and
if so, encrypting cookie data carried by the ciphertext request data so as to obtain encrypted cookie data, and setting the value of the decryption identifier as a predetermined character string;
the sending the ciphertext request data to an intermediate system deployed in a first network comprises: and sending the ciphertext request data carrying the encrypted cookie data to the intermediate system.
13. A data transmission control apparatus for an intermediate system, the intermediate system and a server being deployed in a first network, the apparatus comprising:
the intercepting module is used for intercepting request data from a client deployed in a second network, wherein the request data comprises a source identifier;
the determining module is used for determining whether the source identifier meets a first filtering condition; and
and the processing module is used for decrypting the encrypted message body of the request data to obtain plaintext request data under the condition that the source identifier does not accord with a first filtering condition and the request data carries a decryption identifier, and sending the plaintext request data to the server through the first network.
14. A data transmission control apparatus for a client deployed in a second network, the apparatus comprising:
the first judging module is used for determining whether the client side meets a first filtering condition;
the second judgment module is used for determining whether the message body of the request data meets the first encryption condition or not under the condition that the client does not meet the first filtering condition;
the encryption module is used for encrypting the message body of the request data under the condition that the message body meets a first encryption condition, and adding a decryption identifier in the request data so as to obtain ciphertext request data which contains the encrypted message body and carries the decryption identifier; and
and the sending module is used for sending the ciphertext request data to an intermediate system deployed in a first network, decrypting the ciphertext request data by the intermediate system based on the decryption identifier to obtain plaintext request data, and sending the plaintext request data to a server deployed in the first network by the intermediate system.
15. A computer system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor when executing the program effecting:
the method of any one of claims 1 to 12.
16. A computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform:
the method of any one of claims 1 to 12.
CN201911092217.9A 2019-11-08 2019-11-08 Data transmission control method, device, computer system and medium Pending CN110808993A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911092217.9A CN110808993A (en) 2019-11-08 2019-11-08 Data transmission control method, device, computer system and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911092217.9A CN110808993A (en) 2019-11-08 2019-11-08 Data transmission control method, device, computer system and medium

Publications (1)

Publication Number Publication Date
CN110808993A true CN110808993A (en) 2020-02-18

Family

ID=69501761

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911092217.9A Pending CN110808993A (en) 2019-11-08 2019-11-08 Data transmission control method, device, computer system and medium

Country Status (1)

Country Link
CN (1) CN110808993A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992448A (en) * 2021-12-28 2022-01-28 北京瑞莱智慧科技有限公司 Data transparent transmission method, system, medium and computing device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1305931B1 (en) * 2000-08-04 2006-06-28 Avaya Technology Corp. Method and system for demand driven recognition of connection oriented transactions
CN101917424A (en) * 2010-08-05 2010-12-15 上海酷吧信息技术有限公司 Method for transferring login information among multiple application programs
CN107222473A (en) * 2017-05-26 2017-09-29 四川长虹电器股份有限公司 API service data are carried out with the method and system of encryption and decryption in transport layer
CN107992398A (en) * 2017-12-22 2018-05-04 宜人恒业科技发展(北京)有限公司 The monitoring method and monitoring system of a kind of operation system
CN109286634A (en) * 2018-11-08 2019-01-29 成都卫士通信息产业股份有限公司 A kind of data transmission method, device, electronic equipment and readable storage medium storing program for executing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1305931B1 (en) * 2000-08-04 2006-06-28 Avaya Technology Corp. Method and system for demand driven recognition of connection oriented transactions
CN101917424A (en) * 2010-08-05 2010-12-15 上海酷吧信息技术有限公司 Method for transferring login information among multiple application programs
CN107222473A (en) * 2017-05-26 2017-09-29 四川长虹电器股份有限公司 API service data are carried out with the method and system of encryption and decryption in transport layer
CN107992398A (en) * 2017-12-22 2018-05-04 宜人恒业科技发展(北京)有限公司 The monitoring method and monitoring system of a kind of operation system
CN109286634A (en) * 2018-11-08 2019-01-29 成都卫士通信息产业股份有限公司 A kind of data transmission method, device, electronic equipment and readable storage medium storing program for executing

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992448A (en) * 2021-12-28 2022-01-28 北京瑞莱智慧科技有限公司 Data transparent transmission method, system, medium and computing device

Similar Documents

Publication Publication Date Title
US10574686B2 (en) Security verification by message interception and modification
US9749292B2 (en) Selectively performing man in the middle decryption
US9294450B2 (en) Selectively performing man in the middle decryption
US10069809B2 (en) System and method for secure transmission of web pages using encryption of their content
CA3023218C (en) Selectively altering references within encrypted pages using man in the middle
KR20180002841A (en) Secure container platform for resource access and deployment in non-managed non-secure devices
CN113949566B (en) Resource access method, device, electronic equipment and medium
CN105119928A (en) Data transmission method, device and system for Android intelligent terminal
CN111478974B (en) Network connection method and device, electronic equipment and readable storage medium
CN110808993A (en) Data transmission control method, device, computer system and medium
KR20160123416A (en) Information security device, terminal, network having information security system and terminal
CN111181831B (en) Communication data processing method and device, storage medium and electronic device
Yadav et al. Poster: User-controlled System-level Encryption for all Applications
JP6167598B2 (en) Information processing apparatus, information processing method, and computer program
CN114465819A (en) Risk information early warning method, device, equipment and medium
CN115296881A (en) Information acquisition method and device, electronic equipment and computer readable medium
CN117155919A (en) File transmission system, file transmission method, file transmission device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200218

RJ01 Rejection of invention patent application after publication