CN111131245A - Data transmission method and device, electronic equipment and storage medium - Google Patents
Data transmission method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111131245A CN111131245A CN201911346181.2A CN201911346181A CN111131245A CN 111131245 A CN111131245 A CN 111131245A CN 201911346181 A CN201911346181 A CN 201911346181A CN 111131245 A CN111131245 A CN 111131245A
- Authority
- CN
- China
- Prior art keywords
- data packet
- identification data
- dpdk
- identification
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Abstract
The invention discloses a data transmission method, which relates to the technical field of communication and comprises the following steps: receiving a DPDK binding instruction, and binding a DPDK drive according to the DPDK binding instruction; receiving data to be transmitted, packaging the data through DPDK drive and adding an identifier to obtain an identifier data packet; and encrypting or decrypting the identification data packet through the DPDK processing thread, and transmitting the encrypted or decrypted identification data packet. The method combines the high-efficiency DPDK data processing technology with a general cryptographic algorithm, does not need to transform the original network, ensures the network transmission quality, improves the transmission efficiency, effectively reduces the cost and ensures the data transmission safety in the network. The invention also discloses a data transmission device, electronic equipment and a computer storage medium.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a data transmission method and apparatus, an electronic device, and a storage medium.
Background
The existing network transmission encryption schemes generally have the following two types:
1) IPSecVPN. According to the scheme, a secure communication channel is provided for two private networks on a public network, the connection safety is guaranteed through an encryption channel, private data packet service is provided between two public gateways, however, deployment of the IPSecVPN requires significant modification of network infrastructure, and the cost of manpower and material resources is huge.
2) SSLVPN. The scheme is a VPN technology for establishing a remote secure access channel based on a secure Socket Layer-SSL (secure Socket Layer-SSL), and due to the limitation of the SSL protocol, the performance of the VPN technology is far lower than that of equipment using an IPSec protocol.
Therefore, an efficient data transmission method is needed to secure data transmission of users.
Disclosure of Invention
In order to overcome the defects of the prior art, an object of the present invention is to provide a data transmission method, which ensures the security of data transmission in a network by using a high-efficiency DPDK data processing technique and combining a general cryptographic algorithm.
One of the purposes of the invention is realized by adopting the following technical scheme:
a data transmission method, comprising the steps of:
receiving a DPDK binding instruction, and binding a DPDK drive according to the DPDK binding instruction;
receiving data to be transmitted, wherein the data is packaged through the DPDK drive and added with an identifier to obtain an identifier data packet;
and encrypting or decrypting the identification data packet through a DPDK processing thread, and transmitting the encrypted or decrypted identification data packet.
Further, encrypting or decrypting the identification data packet through a DPDK processing thread includes:
when the identification data packet is received by the internal network interface, the identification data packet sequentially carries out data packet type judgment, session judgment, negotiation detection and encryption processing through a DPDK processing thread, and the encrypted identification data packet is sent from the external network interface;
when the identification data packet is received by the external network port, the identification data packet sequentially carries out encryption identification judgment, session judgment, negotiation detection and decryption processing through a DPDK processing thread, and the decrypted identification data packet is sent from the internal network port.
Further, the determining of the type of the data packet includes:
judging whether the data packet type of the identification data packet is a TCP data packet or a UDP data packet;
if not, the identification data packet is sent from an external network port;
if yes, the session of the identification data packet is judged.
Further, the encrypted identifier determination includes:
judging whether the identification data packet has an encrypted identification or not;
if not, the identification data packet is sent from the internal network port;
if yes, the session of the identification data packet is judged.
Further, the determining of the session includes:
acquiring a quintuple of the identification data packet;
searching the session of the identification data packet according to the quintuple;
if the session to which the user belongs cannot be found, the identification data packet is sent;
and if the session is found, carrying out negotiation detection on the identification data packet according to the session.
Further, the negotiation detection includes:
detecting whether the session and the opposite-end secret key are successfully negotiated;
if the session is not successfully negotiated with the key of the opposite terminal, the identification data packet is sent;
and if the session and the opposite-end secret key are successfully negotiated, obtaining a negotiation secret key, and encrypting or decrypting the identification data packet according to the negotiation secret key.
Further, encrypting or decrypting the identification data packet according to the negotiation key includes:
encrypting or decrypting the payload of the identification data packet by using a symmetric key encryption algorithm according to the negotiation key;
changing the protocol type of the encrypted identification data packet into a type which can be identified by an opposite terminal;
recovering the protocol type of the decrypted identification data packet into TCP or UDP;
and recalculating the checksum of the identification data packet and sending the calculated identification data packet.
The second objective of the present invention is to provide a data transmission device, which combines a general cryptographic algorithm with a high-efficiency DPDK data processing technique to ensure the security of data transmission in a network.
The second purpose of the invention is realized by adopting the following technical scheme:
a data transmission device, comprising:
the binding module is used for receiving a DPDK binding instruction and binding a DPDK drive according to the DPDK binding instruction;
the identification cache module is used for receiving data to be transmitted, and the data is packaged through the DPDK drive and is added with an identification to obtain an identification data packet;
and the encryption and decryption module is used for encrypting or decrypting the identification data packet through a DPDK processing thread and transmitting the encrypted or decrypted identification data packet.
It is a further object of the invention to provide an electronic device comprising a processor, a storage medium and a computer program, the computer program being stored in the storage medium and the computer program being executed by the processor to perform the data transmission method of one of the objects of the invention.
It is a fourth object of the present invention to provide a computer-readable storage medium storing one of the objects of the present invention, on which a computer program is stored, which, when executed by a processor, implements a data transmission method of one of the objects of the present invention.
Compared with the prior art, the invention has the beneficial effects that:
the invention adopts DPDK technology and cryptographic algorithm, ensures the transmission quality of the network without transforming the original network, greatly improves the transmission efficiency and effectively reduces the cost; and the user data is not deeply analyzed, and the encrypted user data is transmitted, so that the data transmission safety is ensured.
Drawings
Fig. 1 is a flowchart of a data transmission method according to a first embodiment of the present invention;
fig. 2 is a flowchart illustrating a process of receiving an identification packet via an internal network interface according to a first embodiment of the present invention;
fig. 3 is a flowchart illustrating a process of receiving an identification packet by an external port according to a first embodiment of the present invention;
fig. 4 is a block diagram of a data transmission apparatus according to a second embodiment of the present invention;
fig. 5 is a block diagram of an electronic device according to a third embodiment of the present invention.
Detailed Description
The present invention will now be described in more detail with reference to the accompanying drawings, in which the description of the invention is given by way of illustration and not of limitation. The various embodiments may be combined with each other to form other embodiments not shown in the following description.
Example one
The first embodiment provides a data transmission method, which aims to ensure the transmission quality of a network by combining a high-efficiency DPDK technology with a general cryptographic algorithm under the condition of not transforming an original network, greatly improve the transmission efficiency and effectively reduce the cost; and the user data is not deeply analyzed, and the encrypted user data is transmitted, so that the data transmission safety is ensured.
Referring to fig. 1, a data transmission method includes the following steps:
s110, receiving a DPDK binding instruction, and binding a DPDK drive according to the DPDK binding instruction.
The DPDK (Data Plane Development Kit) is developed by multiple companies such as 6WIND, Intel and the like, is mainly operated based on a Linux system, is used for a function library and a drive set for fast Data packet processing, can greatly improve the Data processing performance and throughput and improve the working efficiency of a Data Plane application program. The traditional method for acquiring the network card data is to add a hook function into a kernel, the network card generates interruption after receiving the data, the kernel acquires the data from the network card after receiving the interruption, and the data is returned to a driver for processing the transaction through the preset hook function for reprocessing; when the network card data is acquired through the DPDK technology, the kernel is not needed, the interruption is not generated, and the efficiency is greatly improved.
The network interface for receiving the data input by the network card needs to be unbound from the Linux kernel driver. At the transport layer of the network, when a DPDK bind command is received, a device is unbound from the kernel driver by writing the device's bus number into an unbound file. The network card is bound with a DPDK driver, and each network port in the network is managed through a vfio _ pci, igb _ uio or uio _ pci _ genetic driver, and at the moment, the operating system does not control the network card any more. Through these drivers, interaction between the user space and the device is achieved.
And S120, receiving the data to be transmitted, packaging the data through DPDK drive and adding an identifier to obtain an identifier data packet.
The DPDK allocates a large block of memory using large memory pages (huge pages) and writes data into the large block of memory, thereby implementing processing of data packets. The DPDK supports Polling Mode Driving (PMD) for all network cards and virtual devices, and the application program and the network cards are further communicated through the Polling Mode Driving (PMD) of the DPDK.
After data to be transmitted passes through the network card, the DPDK driver packs the data and adds necessary marks to obtain an identification data packet, and the identification data packet is stored in a buffer area pre-allocated by an application program, so that the application program can conveniently obtain the identification data packet, wherein the buffer area is positioned in a special memory pool.
S130, the identification data packet is encrypted or decrypted through the DPDK processing thread, and the encrypted or decrypted identification data packet is transmitted.
And the application program continuously cycles the DPDK network card at preset time intervals, acquires a new identification data packet from the buffer, and then delivers the new identification data packet to the exclusive DPDK processing thread established by the DPDK for processing. If the buffer contains a new packet descriptor, the application uses the pointer contained in the identified packet to do the processing, the pointer pointing to the DPDK packet buffer; if the buffer does not contain any identification packets, the application will queue the network device in the DPDK.
The DPDK processing thread acquires the quintuple (protocol type, source IP, source port, destination IP and destination port) of the identification data packet, encrypts and decrypts the payload of the identification data packet (TCP or UDP packet) to be processed, does not carry out deep analysis on user service data, and ensures the data transmission safety. Meanwhile, the quick updating of the key is ensured through a safe key exchange protocol.
In this embodiment, a port connected to the service network system is referred to as an internal port, and a port connected to an external network is referred to as an external port.
When the identification data packet is received by the internal network interface, the identification data packet is encrypted through a DPDK processing thread, and the encrypted identification data packet is sent from the external network interface; and when the identification data packet is received by the external network interface, decrypting the identification data packet through the DPDK processing thread, and sending the decrypted identification data packet from the internal network interface.
Referring to fig. 2, the processing of the identification data packet received by the internal network interface through the DPDK processing thread includes the following steps:
and S1301, judging the type of the data packet for the identification data packet.
After receiving the identification data packet from the internal network port, judging whether the data packet is a TCP data packet or a UDP data packet, if not, directly sending out the data packet from the external network port; if yes, the session belonging to step S1302 is determined for the identification packet.
S1302, judging the session of the identification data packet.
Obtaining a quintuple identifying a data packet, comprising: source IP, source port, destination IP, destination port, protocol type (TCP/UDP). Searching the session of the identification data packet according to the quintuple information, and if the session of the identification data packet cannot be found, directly sending the identification data packet out from an external network port; and if the session to which the identification data packet belongs is found, performing negotiation detection in the step S1303 on the identification data packet.
And S1303, carrying out negotiation detection on the identification data packet.
After the session is found, checking whether the session is successfully negotiated with the key of the opposite terminal, if the negotiation is not successful, directly forwarding the identification data packet without processing the identification data packet according to configuration, or discarding the identification data packet; if the negotiation is successful, the negotiation key is obtained, and the encryption process of step S1304 is performed on the identification packet.
And S1304, encrypting the identification data packet.
And according to the negotiation key, encrypting the payload of the TCP data packet/UDP data packet by using a symmetric key encryption algorithm, changing the protocol type of the encrypted identification data packet into a type which can be identified by the opposite terminal, recalculating the checksum of the identification data packet, and sending the checksum from the external network port.
Referring to fig. 3, the processing of the identification data packet received by the external network port through the DPDK processing thread includes the following steps:
and S1305, carrying out encryption identification judgment on the identification data packet.
After receiving the identification data packet from the external network port, judging whether the identification data packet has an encrypted identification, namely whether the identification data packet is encrypted in the steps from S1301 to S1304, and if not, directly sending the identification data packet from the internal network port; if so, the original packet protocol type corresponding to the identification data packet is TCP or UDP, and the session belonging to step S1306 is determined for the identification data packet.
And S1306, judging the session of the identification data packet.
Acquiring whether the original packet is a TCP data packet or a UDP data packet from the IP protocol type field, and acquiring quintuple information for identifying the data packet: source IP, source port, destination IP, destination port, protocol type (TCP/UDP). Searching the session of the identification data packet according to the quintuple information, and if the session of the identification data packet cannot be found, directly sending the session from the internal network port; if the session to which the user belongs is found, the negotiation detection of step S1307 is performed on the identification packet.
And S1307, carrying out negotiation detection on the identification data packet.
After the session is found, checking whether the session is successfully negotiated with the key of the opposite terminal, if the negotiation is not successful, directly forwarding the identification data packet without processing the identification data packet according to configuration, or discarding the identification data packet; if the negotiation is successful, the negotiation key is obtained, and the encryption process of step S1308 is performed on the identification packet.
And S1308, decrypting the identification data packet.
And decrypting the payload of the identification data packet by using a symmetric key encryption algorithm according to the negotiation key, recovering the protocol type of the decrypted identification data packet into TCP or UDP, recalculating the checksum of the identification data packet, and sending the checksum from the internal port.
By combining the efficient DPDK technology with the cryptographic algorithm, the original network is not required to be modified, the cost is effectively reduced, the transmission efficiency is greatly improved, the transmission quality of the network is ensured, and meanwhile, the user data is not deeply analyzed, so that the transmission safety of the user data is ensured.
Example two
The second embodiment discloses a data transmission device corresponding to the second embodiment, which is a virtual device structure of the second embodiment, and as shown in fig. 4, the data transmission device includes:
a binding module 210, configured to receive a DPDK binding instruction, and bind a DPDK drive according to the DPDK binding instruction;
the identifier cache module 220 is configured to receive data to be transmitted, where the data is packaged by the DPDK driver and an identifier is added to obtain an identifier data packet;
the encryption and decryption module 230 is configured to encrypt or decrypt the identification data packet through a DPDK processing thread, and transmit the encrypted or decrypted identification data packet.
EXAMPLE III
Fig. 5 is a schematic structural diagram of an electronic device according to a third embodiment of the present invention, as shown in fig. 5, the electronic device includes a processor 310, a memory 320, an input device 330, and an output device 340; the number of the processors 310 in the computer device may be one or more, and one processor 310 is taken as an example in fig. 5; the processor 310, the memory 320, the input device 330 and the output device 340 in the electronic apparatus may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 5.
The memory 320 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the data transmission method in the embodiment of the present invention (for example, the binding module 210, the identity caching module 220, and the encryption/decryption module 230 in the data transmission apparatus). The processor 310 executes various functional applications and data processing of the electronic device by executing the software programs, instructions and modules stored in the memory 320, so as to implement the data transmission method of the first embodiment.
The memory 320 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 320 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 320 may further include memory located remotely from the processor 310, which may be connected to the electronic device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 330 may be used to receive DPDK binding commands, data to be transmitted, etc. The output device 340 may include a display device such as a display screen.
Example four
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, where the computer-executable instructions are executed by a computer processor to perform a data transmission method, and the method includes:
receiving a DPDK binding instruction, and binding a DPDK drive according to the DPDK binding instruction;
receiving data to be transmitted, wherein the data is packaged through the DPDK drive and added with an identifier to obtain an identifier data packet;
and encrypting or decrypting the identification data packet through a DPDK processing thread, and transmitting the encrypted or decrypted identification data packet.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the operations of the method described above, and may also perform related operations in the data transmission method provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes instructions for enabling an electronic device (which may be a mobile phone, a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the data transmission device, the included units and modules are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
Various other modifications and changes may be made by those skilled in the art based on the above-described technical solutions and concepts, and all such modifications and changes should fall within the scope of the claims of the present invention.
Claims (10)
1. A method of data transmission, characterized by: the method comprises the following steps:
receiving a DPDK binding instruction, and binding a DPDK drive according to the DPDK binding instruction;
receiving data to be transmitted, wherein the data is packaged through the DPDK drive and added with an identifier to obtain an identifier data packet;
and encrypting or decrypting the identification data packet through a DPDK processing thread, and transmitting the encrypted or decrypted identification data packet.
2. A data transmission method according to claim 1, characterized in that: encrypting or decrypting the identification data packet through a DPDK processing thread, comprising:
when the identification data packet is received by the internal network interface, the identification data packet sequentially carries out data packet type judgment, session judgment, negotiation detection and encryption processing through a DPDK processing thread, and the encrypted identification data packet is sent from the external network interface;
when the identification data packet is received by the external network port, the identification data packet sequentially carries out encryption identification judgment, session judgment, negotiation detection and decryption processing through a DPDK processing thread, and the decrypted identification data packet is sent from the internal network port.
3. A data transmission method according to claim 2, characterized in that: the judging of the type of the data packet comprises the following steps:
judging whether the data packet type of the identification data packet is a TCP data packet or a UDP data packet;
if not, the identification data packet is sent from an external network port;
if yes, the session of the identification data packet is judged.
4. A data transmission method according to claim 2, characterized in that: the encrypted identifier judgment comprises the following steps:
judging whether the identification data packet has an encrypted identification or not;
if not, the identification data packet is sent from the internal network port;
if yes, the session of the identification data packet is judged.
5. A data transmission method according to any one of claims 2 to 4, characterized by: the session judgment comprises the following steps:
acquiring a quintuple of the identification data packet;
searching the session of the identification data packet according to the quintuple;
if the session to which the user belongs cannot be found, the identification data packet is sent;
and if the session is found, carrying out negotiation detection on the identification data packet according to the session.
6. A data transmission method according to claim 5, characterized in that: the negotiation detection includes:
detecting whether the session and the opposite-end secret key are successfully negotiated;
if the session is not successfully negotiated with the key of the opposite terminal, the identification data packet is sent;
and if the session and the opposite-end secret key are successfully negotiated, obtaining a negotiation secret key, and encrypting or decrypting the identification data packet according to the negotiation secret key.
7. A data transmission method according to claim 6, characterized in that: and encrypting or decrypting the identification data packet according to the negotiation key, wherein the encryption or decryption processing comprises the following steps:
encrypting or decrypting the payload of the identification data packet by using a symmetric key encryption algorithm according to the negotiation key;
changing the protocol type of the encrypted identification data packet into a type which can be identified by an opposite terminal;
recovering the protocol type of the decrypted identification data packet into TCP or UDP;
and recalculating the checksum of the identification data packet and sending the calculated identification data packet.
8. A data transmission apparatus, comprising:
the binding module is used for receiving a DPDK binding instruction and binding a DPDK drive according to the DPDK binding instruction;
the identification cache module is used for receiving data to be transmitted, and the data is packaged through the DPDK drive and is added with an identification to obtain an identification data packet;
and the encryption and decryption module is used for encrypting or decrypting the identification data packet through a DPDK processing thread and transmitting the encrypted or decrypted identification data packet.
9. An electronic device comprising a processor, a storage medium, and a computer program, the computer program being stored in the storage medium, wherein the computer program, when executed by the processor, performs the data transmission method of any one of claims 1 to 7.
10. A computer storage medium having a computer program stored thereon, characterized in that: the computer program, when executed by a processor, implements the data transmission method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911346181.2A CN111131245A (en) | 2019-12-24 | 2019-12-24 | Data transmission method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911346181.2A CN111131245A (en) | 2019-12-24 | 2019-12-24 | Data transmission method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111131245A true CN111131245A (en) | 2020-05-08 |
Family
ID=70501848
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911346181.2A Withdrawn CN111131245A (en) | 2019-12-24 | 2019-12-24 | Data transmission method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111131245A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113221147A (en) * | 2021-05-27 | 2021-08-06 | 安天科技集团股份有限公司 | Data packet processing method, device and storage medium |
| CN113746861A (en) * | 2021-09-13 | 2021-12-03 | 南京首传信安科技有限公司 | Data transmission encryption and decryption method and encryption and decryption system based on state encryption technology |
-
2019
- 2019-12-24 CN CN201911346181.2A patent/CN111131245A/en not_active Withdrawn
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113221147A (en) * | 2021-05-27 | 2021-08-06 | 安天科技集团股份有限公司 | Data packet processing method, device and storage medium |
| CN113221147B (en) * | 2021-05-27 | 2023-05-23 | 安天科技集团股份有限公司 | Data packet processing method, device and storage medium |
| CN113746861A (en) * | 2021-09-13 | 2021-12-03 | 南京首传信安科技有限公司 | Data transmission encryption and decryption method and encryption and decryption system based on state encryption technology |
| CN113746861B (en) * | 2021-09-13 | 2023-03-14 | 南京首传信安科技有限公司 | Data transmission encryption and decryption method and encryption and decryption system based on national encryption technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10250571B2 (en) | Systems and methods for offloading IPSEC processing to an embedded networking device | |
| CN102932350B (en) | A kind of method and apparatus of TLS scanning | |
| CN111600914B (en) | Data transmission method, server and client | |
| WO2020146081A1 (en) | Private exchange of encrypted data over a computer network | |
| WO2016047115A1 (en) | Analysis system, analysis device, analysis method, and storage medium having analysis program recorded therein | |
| CN111131245A (en) | Data transmission method and device, electronic equipment and storage medium | |
| WO2017221979A1 (en) | Process control device, process control method, and recording medium having process control program recorded therein | |
| JP2023533319A (en) | FIRMWARE DATA VERIFICATION APPARATUS AND METHOD AND FIRMWARE UPDATE APPARATUS, METHOD AND SYSTEM | |
| CN102907040A (en) | Method, device and system for data transmission | |
| CN112100639B (en) | Data encryption transmission method and system based on metadata service information | |
| US20220103359A1 (en) | Distributed storage system and method of reusing symmetric keys for encrypted message transmissions | |
| US8670565B2 (en) | Encrypted packet communication system | |
| CN113810397B (en) | Protocol data processing method and device | |
| WO2022100675A1 (en) | Data encryption and data decryption methods, apparatus, storage medium, and electronic apparatus | |
| CN114915503A (en) | Data stream splitting processing encryption method based on security chip and security chip device | |
| CN111835613B (en) | Data transmission method of VPN server and VPN server | |
| CN111628972A (en) | Data encryption and decryption device, method, system and storage medium | |
| KR102050797B1 (en) | Middle Box Apparatus and processing Encrypted Traffic Method Thereof | |
| CN111339578A (en) | Key access method, device, system, equipment and storage medium | |
| CN111031055A (en) | IPsec acceleration device and implementation method | |
| CN113468563B (en) | Virtual machine data encryption method and device, computer equipment and storage medium | |
| CN113177213B (en) | Encryption card and processing method of encrypted message thereof | |
| KR101653956B1 (en) | Method for monitoring encoded traffic and apparatus using the same | |
| CN116032545B (en) | Multi-stage filtering method and system for ssl or tls flow | |
| JP2009207049A (en) | Communications device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200508 |