CN113114648A - Method and device for realizing encrypted communication - Google Patents
Method and device for realizing encrypted communication Download PDFInfo
- Publication number
- CN113114648A CN113114648A CN202110357347.1A CN202110357347A CN113114648A CN 113114648 A CN113114648 A CN 113114648A CN 202110357347 A CN202110357347 A CN 202110357347A CN 113114648 A CN113114648 A CN 113114648A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- encrypted
- gateway
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The invention discloses a method and a device for realizing encrypted communication, wherein the method is applied to an encryption gateway, the encryption gateway is used for being arranged between a switch and a terminal router which are included in a network topology structure for realizing data transmission, and the method comprises the following steps: after receiving the first data sent by the switch, the encryption gateway analyzes the first data to obtain the data type of the first data; the encryption gateway judges whether encryption operation needs to be executed on the first data or not according to the data type of the first data; when the first data is judged to need to be encrypted, the first data is encrypted according to a predetermined encryption key to obtain encrypted data; and the encryption gateway sends the encrypted data to the terminal router. Therefore, the invention can realize the encryption of the corresponding data under the conditions of not changing the original network topology structure and no perception of the user, improve the data transmission safety and simultaneously reduce the complexity of network layout and the use cost of the user.
Description
Technical Field
The present invention relates to the field of communication security technologies, and in particular, to a method and an apparatus for implementing encrypted communication.
Background
With the rapid development of communication technology, besides meeting the daily life and work requirements of people, the communication technology is also applied to important fields, such as financial field, railway field, aerospace field, and the like, and the fields have very high requirements for communication security so as to ensure the security of data transmission.
Currently, in order to ensure the security of data transmission, data to be transmitted is generally encrypted. However, practice finds that currently, encryption of data to be transmitted often depends on redesigning the existing network topology or on the charging service provided by the operator, which greatly increases the complexity of network deployment and the use cost of the user.
Disclosure of Invention
The invention provides a method and a device for realizing encrypted communication, which can realize the encryption of corresponding data under the condition of not changing the original network topology structure, improve the data transmission safety and simultaneously reduce the complexity of network layout and the use cost of a user.
In order to solve the above technical problem, a first aspect of the present invention discloses a method for implementing encrypted communication, where the method is applied to an encryption gateway, where the encryption gateway is used to be deployed between a switch and a terminal router included in a network topology for implementing data transmission, and the method includes:
after receiving first data sent by the switch, the encryption gateway analyzes the first data to obtain the data type of the first data;
the encryption gateway judges whether encryption operation needs to be executed on the first data or not according to the data type of the first data; when the first data is judged to need to be encrypted, the first data is encrypted according to a predetermined encryption key to obtain encrypted data;
and the encryption gateway sends the encrypted data to the terminal router.
As an alternative implementation, in the first aspect of the present invention, the method further includes:
after receiving second data sent by the terminal router, the encryption gateway judges whether decryption operation needs to be executed on the second data;
when the second data is judged to need to be decrypted, the encryption gateway performs decryption operation on the second data according to a predetermined decryption key to obtain decrypted data;
and the encryption gateway sends the decrypted data to the switch.
As an optional implementation manner, in the first aspect of the present invention, after receiving the second data sent by the terminal router, the determining, by the encryption gateway, whether a decryption operation needs to be performed on the second data includes:
the encryption gateway analyzes the second data to obtain the data type of the second data;
and the encryption gateway judges whether decryption operation needs to be executed on the second data according to the data type of the second data.
As an optional implementation manner, in the first aspect of the present invention, the performing, by the encryption gateway, an encryption operation on the first data according to a predetermined encryption key to obtain encrypted data includes:
the encryption gateway analyzes subdata to be encrypted from the first data, and carries out encryption operation on the subdata in the first data according to a predetermined encryption key to obtain encrypted first data serving as encrypted data.
As an optional implementation manner, in the first aspect of the present invention, before the encryption gateway sends the encrypted data to the end router, the method further includes:
the encryption gateway acquires a key identifier corresponding to the encryption key;
the encryption gateway inserts the key identification into a first preset position in the encrypted data to update the encrypted data; alternatively, the first and second electrodes may be,
the encryption gateway executes preprocessing operation on the key identification to obtain a preprocessing result, and inserts the preprocessing result into a first preset position in the encrypted data to update the encrypted data;
and before the encryption gateway performs decryption operation on the second data according to the predetermined decryption key to obtain decrypted data, the method further comprises:
and the encryption gateway analyzes target information for determining a decryption key from a second preset position of the second data, and determines the decryption key according to the target information.
As an optional implementation manner, in the first aspect of the present invention, before the encryption gateway performs an encryption operation on the first data according to a predetermined encryption key to obtain encrypted data, the method further includes:
the encryption gateway acquires an encryption key required when encryption operation is performed on the first data;
and the encryption gateway acquires an encryption key required when the encryption operation is performed on the first data, and the method comprises the following steps:
randomly selecting at least one encryption key from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on the first data; alternatively, the first and second electrodes may be,
selecting at least one encryption key with historical use parameters meeting preset use conditions from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on the first data; alternatively, the first and second electrodes may be,
and selecting at least one encryption key matched with the data attribute of the first data from a pre-acquired encryption key set as an encryption key required for performing encryption operation on the first data.
As an optional implementation manner, in the first aspect of the present invention, after receiving first data sent by the switch, the analyzing, by the encryption gateway, the first data to obtain a data type of the first data includes:
after receiving first data sent by the switch, the encryption gateway analyzes the data format of the first data and determines the data type of the first data according to the data format of the first data; alternatively, the first and second electrodes may be,
after receiving first data sent by the switch, the encryption gateway acquires an object-oriented identifier of the first data, and determines the data type of the first data according to the object-oriented identifier of the first data; alternatively, the first and second electrodes may be,
after receiving the first data sent by the switch, the encryption gateway acquires the purpose identifier of the first data, and determines the data type of the first data according to the purpose identifier of the first data.
As an optional implementation manner, in the first aspect of the present invention, before the encryption gateway sends the encrypted data to the end router, the method further includes:
the encryption gateway judges whether the remaining subdata except the subdata in the first data comprises check subdata or not;
and when the residual subdata is judged to comprise the check subdata, the encryption gateway updates the check subdata into the calculated target check subdata so as to update the encrypted data.
The second aspect of the embodiment of the present invention discloses a device for implementing encrypted communication, which is applied to an encryption gateway, wherein the encryption gateway is used for being deployed between a switch and a terminal router included in a network topology structure for implementing data transmission, and the device includes:
the first receiving module is used for receiving first data sent by the switch;
the analysis module is used for analyzing the first data to obtain the data type of the first data;
the first judgment module is used for judging whether encryption operation needs to be executed on the first data according to the data type of the first data;
the encryption module is used for executing encryption operation on the first data according to a predetermined encryption key when the first judgment module judges that the encryption operation needs to be executed on the first data, so as to obtain encrypted data;
and the first sending module is used for sending the encrypted data to the terminal router.
As an alternative embodiment, in the second aspect of the present invention, the apparatus further comprises:
a second receiving module, configured to receive second data sent by the terminal router;
the second judgment module is used for judging whether decryption operation needs to be executed on the second data or not;
the decryption module is used for performing decryption operation on the second data according to a predetermined decryption key when the second judgment module judges that the decryption operation needs to be performed on the second data, so as to obtain decrypted data;
and the second sending module is used for sending the decrypted data to the switch.
As an optional implementation manner, in the second aspect of the present invention, a specific manner of determining whether the decryption operation needs to be performed on the second data by the second determining module is as follows:
analyzing the second data to obtain the data type of the second data;
and judging whether decryption operation needs to be executed on the second data or not according to the data type of the second data.
As an optional implementation manner, in the second aspect of the present invention, the encryption module includes:
the analysis submodule is used for analyzing the subdata to be encrypted from the first data;
and the encryption submodule is used for carrying out encryption operation on the subdata in the first data according to a predetermined encryption key to obtain encrypted first data which is used as encrypted data.
As an alternative embodiment, in the second aspect of the present invention, the apparatus further comprises:
a first obtaining module, configured to obtain a key identifier corresponding to the encryption key before the first sending module sends the encrypted data to the terminal router;
the first updating module is used for inserting the key identification into a first preset position in the encrypted data so as to update the encrypted data; or, performing a preprocessing operation on the key identifier to obtain a preprocessing result, and inserting the preprocessing result into a first preset position in the encrypted data to update the encrypted data;
and the analysis module is used for analyzing target information for determining a decryption key from a second preset position of the second data before the decryption module performs decryption operation on the second data according to the predetermined decryption key to obtain decrypted data, and determining the decryption key according to the target information.
As an alternative embodiment, in the second aspect of the present invention, the apparatus further comprises:
the second obtaining module is used for obtaining an encryption key required for performing encryption operation on the first data before the encryption module performs encryption operation on the first data according to a predetermined encryption key to obtain encrypted data;
the specific way for the second obtaining module to obtain the encryption key required for performing the encryption operation on the first data is as follows:
randomly selecting at least one encryption key from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on the first data; alternatively, the first and second electrodes may be,
selecting at least one encryption key with historical use parameters meeting preset use conditions from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on the first data; alternatively, the first and second electrodes may be,
and selecting at least one encryption key matched with the data attribute of the first data from a pre-acquired encryption key set as an encryption key required for performing encryption operation on the first data.
As an optional implementation manner, in the second aspect of the present invention, a specific manner of analyzing the first data by the analysis module to obtain the data type of the first data is as follows:
analyzing the data format of the first data, and determining the data type of the first data according to the data format of the first data; alternatively, the first and second electrodes may be,
acquiring an object-oriented identification of the first data, and determining the data type of the first data according to the object-oriented identification of the first data; alternatively, the first and second electrodes may be,
and acquiring the purpose identifier of the first data, and determining the data type of the first data according to the purpose identifier of the first data.
As an alternative embodiment, in the second aspect of the present invention, the apparatus further comprises:
a third determining module, configured to determine whether remaining sub-data, excluding the sub-data, in the first data includes check sub-data before the first sending module sends the encrypted data to the terminal router;
and the second updating module is used for updating the check subdata into the calculated target check subdata to update the encrypted data when the third judging module judges that the residual subdata comprises the check subdata.
The third aspect of the present invention discloses another device for implementing encrypted communication, where the device includes:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to execute part or all of the steps in any one of the implementation methods of encrypted communication disclosed by the first aspect of the present invention.
In a fourth aspect, the present invention discloses a computer storage medium, which stores computer instructions, and when the computer instructions are called, the computer storage medium is configured to perform some or all of the steps in any one of the methods for implementing encrypted communication disclosed in the first aspect of the present invention.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, the encryption gateway is used for being deployed between a switch and a terminal router which are included in a network topology structure for realizing data transmission, and after receiving first data sent by the switch, the encryption gateway analyzes the first data to obtain the data type of the first data; the encryption gateway judges whether encryption operation needs to be executed on the first data or not according to the data type of the first data; when the first data is judged to need to be encrypted, the first data is encrypted according to a predetermined encryption key to obtain encrypted data; and the encryption gateway sends the encrypted data to the terminal router. Therefore, the invention can realize the encryption of the corresponding data under the conditions of not changing the original network topology structure and no perception of the user, improve the data transmission safety and simultaneously reduce the complexity of network layout and the use cost of the user.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a network topology disclosed in an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an encryption gateway disclosed in an embodiment of the present invention;
fig. 3 is a schematic flow chart of an implementation method of encrypted communication according to an embodiment of the present invention;
fig. 4 is a flow chart illustrating another implementation method of encrypted communication according to the embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus for implementing encrypted communication according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of another implementation apparatus for encrypted communication disclosed in the embodiment of the present invention;
fig. 7 is a schematic structural diagram of another apparatus for implementing encrypted communication disclosed in the embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," and the like in the description and claims of the present invention and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, apparatus, article, or article that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or article.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The invention discloses a method and a device for realizing encrypted communication, which can realize the encryption of corresponding data under the conditions of not changing the original network topology structure and no perception of a user, improve the data transmission safety and simultaneously reduce the complexity of network layout and the use cost of the user. The following are detailed below.
In order to better understand the implementation method of encrypted communication described in the present invention, first, an application architecture to which the method described in the present invention is applied is described, the implementation method of encrypted communication described in the present invention may be applied to an encryption gateway, and the encryption gateway is configured to be deployed between a switch and a terminal router included in a network topology for implementing data transmission, optionally, the network topology may include the encryption gateway, where a network topology to which the method described in the present invention is applied may be as shown in fig. 1, and fig. 1 is a schematic structural diagram of a network topology disclosed in the embodiment of the present invention. As shown in fig. 1, in the network topology, an encryption gateway is added in a conventional network topology, the encryption gateway is connected between a switch and a terminal router, before transparent transmission data in a private network of a user is sent to an IP network, the encryption gateway needs to encrypt the data by a key to obtain encrypted data, and the encrypted data is transmitted to the IP network via the terminal router. Similarly, when the terminal router receives the encrypted data from the IP network, the encryption gateway needs to decrypt the encrypted data to obtain decrypted data (also called "transparent data" or "transparent data") and transmit the decrypted data to the private network of the user, so that only one encryption gateway capable of encrypting and decrypting the data needs to be added between the switch and the terminal router, thereby improving the security of data transmission, and reducing the complexity of network layout and the use cost of the user without perception of the user.
The structure of the encryption gateway applied to the implementation method of encrypted communication described in the present invention may be as shown in fig. 2, where fig. 2 is a schematic structural diagram of an encryption gateway disclosed in the embodiment of the present invention. As shown in fig. 2, the encryption gateway has two ethernet structures, which are Uplink Port and Downlink Port, respectively, the Uplink Port is connected to the terminal router and is used for receiving and transmitting encrypted data, and the Downlink Port is connected to the switch and is used for receiving and transmitting transparent data. In addition, the encryption gateway is also provided with a Configuration Port which is used for configuring a key (also called an encryption key) used for encrypting data, the PHY chip realizes the conversion from Ethernet data to an FPGA Ethernet MAC interface, and the FPGA chip specifically realizes the encryption processing and the decryption processing of the data.
The Configuration Port may specifically write a specific key value into a key storage module of the encryption gateway according to a key identifier (e.g., a key serial number) of each encryption key in a group of encryption keys, and may read a corresponding key value from the key storage module as a decryption key according to a corresponding key identifier when the encrypted data needs to be decrypted subsequently. Optionally, the Configuration Port may use any one of SPI, I2C, Wishbone, UART, PCI, etc., but is not limited thereto.
Wherein, the data flow of the data encryption process is as follows: the Downlink Port → Uplink Port comprises the following steps:
1. transmitting transparent data of a user private network to a Downlink Port of an encryption gateway;
2. after receiving the transparent data, the PHY chip corresponding to a Downlink Port of the encryption gateway converts the transparent data into an Ethernet MAC interface form;
3, a Downlink receiving module in the FPGA chip stores the transparent data of the user into an FIFO;
and 4, reading the Ethernet data in the FIFO by a Downlink data classification module and classifying the Ethernet data. Wherein, the non-IP data is transmitted to the transparent transmission module, and the IP data is transmitted to the encryption module;
5. after non-IP data are transmitted to the transparent transmission module, the non-IP data directly enter an Uplink sending module, and the Uplink sending module sends the data;
and 6, after the IP data are transmitted to the encryption module, the encryption module takes out a corresponding secret key from the secret key storage module according to the random number sequence generated by the random number generation module to encrypt the IP data. Then sending the data to an Uplink sending module, and sending the data after framing (according to the encrypted IP data format) by the Uplink sending module;
the Uplink sending module converts the encrypted data into an Ethernet MAC interface form and sends the data to an Uplink PHY chip;
and 8, the Uplink PHY chip sends the encrypted data to an edge router (namely a terminal router).
Wherein, the data flow direction of the data decryption process is as follows: uplink Port → Downlink Port, comprising the following steps:
1. the terminal router transmits the received data to an Uplink Port of the encryption gateway;
2. after an Uplink Port PHY chip of the encryption gateway receives the data, converting the data into a form of an Ethernet MAC interface;
3, an Uplink receiving module in the FPGA stores the data into FIFO;
and 4, reading the Ethernet data in the FIFO by an Uplink data classification module and classifying the Ethernet data. Wherein, the non-IP data is transmitted to the transparent transmission module, and the IP data is transmitted to the key extraction module;
5. after the non-IP data are transmitted to the transparent transmission module, the non-IP data directly enter a Downlink sending module, and the Downlink sending module sends the data;
and 6, after the IP data is transmitted to the key extraction module, the key extraction module takes out a corresponding key serial number according to the position of a key defined in advance in the data, then takes out a corresponding key from the key storage module according to the key serial number, and the decryption module decrypts the data. Then sending the data to a Downlink sending module, and sending the data after framing the decrypted data by the Downlink sending module;
the Downlink sending module converts the data into a form of an Ethernet MAC interface and sends the form of the Ethernet MAC interface to a Downlink PHY chip;
and 8, the Downlink PHY chip transmits the decrypted data to the private network of the user.
The specific operations and modular structure performed by the encryption gateway will be described in detail below.
Example one
Referring to fig. 3, fig. 3 is a flowchart illustrating an implementation method of encrypted communication according to an embodiment of the present invention. The method described in fig. 3 can be applied to an encryption gateway, and the encryption gateway is used for being deployed between a switch and a terminal router included in a network topology for implementing data transmission. As shown in fig. 3, the method may include the operations of:
101. after receiving the first data sent by the switch, the encryption gateway analyzes the first data to obtain the data type of the first data.
As an optional implementation manner, after receiving the first data sent by the switch, the encrypting gateway analyzes the first data to obtain a data type of the first data, and may include:
after receiving the first data sent by the switch, the encryption gateway analyzes the data format of the first data and determines the data type of the first data according to the data format of the first data; alternatively, the first and second electrodes may be,
after receiving first data sent by a switch, an encryption gateway acquires an object-oriented identifier of the first data, and determines the data type of the first data according to the object-oriented identifier of the first data; alternatively, the first and second electrodes may be,
after receiving the first data sent by the switch, the encryption gateway acquires the purpose identifier of the first data, and determines the data type of the first data according to the purpose identifier of the first data.
Therefore, the optional implementation mode provides multiple determination modes for determining the data type, which is beneficial to expanding the application scene of the encryption communication implementation method and improving the general applicability of the encryption communication implementation method.
102. The encryption gateway judges whether encryption operation needs to be executed on the first data according to the data type of the first data, and when the judgment result in the step 102 is yes, the step 103 can be triggered to be executed; when the judgment result in the step 102 is negative, the first data may be directly forwarded to the terminal router, or the first data may be directly discarded.
The data type of the first data may be used to indicate that the first data is IP data or non-IP data, and when the first data is IP data, the encryption gateway determines that an encryption operation needs to be performed on the first data, and when the first data is non-IP data, the encryption gateway determines that an encryption operation does not need to be performed on the first data.
For non-IP data, it is used to implement data interaction between user private devices (such as notebook, desktop, printer, scanner, etc. shown in fig. 2) and end routers, implementing some handshaking protocols. This type of data passes through the encryption gateway without requiring encryption or decryption operations. The non-IP data format is as follows:
for the IP data, the IP data is transmitted to the IP network from the user private network through the terminal router or transmitted to the user private network from the IP network, the IP network forwards the data according to the IP header information field in the data without concerning the content of the TCP/UDP data, when the data of the type passes through the encryption gateway, the TCP/UDP data needs to be encrypted or decrypted, and further, the CRC check field needs to be recalculated. The IP data format is as follows:
as can be seen from the above, for the user, all encryption and decryption are implemented on the encryption gateway, and the data received or sent by the user is still transparent data (also referred to as transparent data), so that encrypted communication without the perception of the user is implemented.
103. And when the encryption operation needs to be executed on the first data is judged, the encryption gateway executes the encryption operation on the first data according to the predetermined encryption key to obtain the encrypted data.
As an alternative implementation, the performing, by the encryption gateway, an encryption operation on the first data according to a predetermined encryption key to obtain encrypted data may include:
the encryption gateway analyzes the subdata to be encrypted from the first data, and carries out encryption operation on the subdata in the first data according to a predetermined encryption key to obtain encrypted first data serving as encrypted data.
Therefore, the optional implementation method can be implemented by only performing encryption operation on the subdata needing to be encrypted when the data is encrypted, which is beneficial to improving the encryption efficiency of the data and the decryption efficiency of the data receiving side for decrypting the encrypted data after receiving the encrypted data.
104. And the encryption gateway sends the encrypted data to the terminal router.
In the embodiment of the invention, the encryption gateway sends the encrypted data to the terminal router so that the terminal router sends the encrypted data to the IP network.
Therefore, the embodiment of the invention can realize the encryption of the corresponding data under the conditions of not changing the original network topology structure and no perception of the user, improve the data transmission safety and simultaneously reduce the complexity of network layout and the use cost of the user.
In an alternative embodiment, before performing step 104, the method may further comprise the following operations:
the encryption gateway acquires a key identifier corresponding to the encryption key;
the encryption gateway inserts the acquired key identification into a first preset position in the encrypted data to update the encrypted data; alternatively, the first and second electrodes may be,
and the encryption gateway executes preprocessing operation on the acquired key identification to obtain a preprocessing result, and inserts the preprocessing result into a first preset position in the encrypted data to update the encrypted data.
Optionally, the preprocessing operation may be a data conversion operation to implement the conversion of the key identification.
For example, before sending the encrypted data, the encryption gateway may insert a key identifier (e.g., a key serial number) of an encryption key used in the current encryption into a data location agreed after the IP header information, where a data format of the encrypted data is as follows:
it can be seen that, in the optional embodiment, after the data to be encrypted is encrypted by the encryption key, the key identifier of the used encryption key or the preprocessing result obtained after the preprocessing operation is performed on the key identifier can be inserted into the encrypted data, so that the data receiving side can directly obtain the decryption information from the encrypted data after receiving the encrypted data, and the decryption efficiency and accuracy of decrypting the encrypted data can be improved. In addition, the mode of inserting the preprocessing result after the preprocessing operation is executed on the key identification into the encrypted data is beneficial to improving the security of the encryption key, so that the probability that the encrypted data is successfully decrypted after being maliciously stolen is reduced, and the security of data transmission is further improved.
In another optional embodiment, before the encryption gateway performs an encryption operation on the first data according to a predetermined encryption key to obtain encrypted data, the method may further include the following operations:
the encryption gateway obtains an encryption key required when performing an encryption operation on the first data.
As an alternative implementation, the obtaining, by the encryption gateway, an encryption key required for performing an encryption operation on the first data may include:
the encryption gateway randomly selects at least one encryption key from a pre-acquired encryption key set as an encryption key required when an encryption operation is performed on the first data.
Further optionally, the randomly selecting, by the encryption gateway, at least one encryption key from a set of pre-obtained encryption keys as an encryption key required for performing an encryption operation on the first data may include:
the encryption gateway generates at least one random number, and selects an encryption key matched with each random number from the encryption key set according to each generated random number as an encryption key required when the encryption operation is performed on the first data.
In this alternative embodiment, the encryption gateway may be configured with a set of encryption keys in advance, where the set of encryption keys includes at least one encryption key, and each encryption key has a key identifier uniquely corresponding to the encryption key. When data needs to be encrypted, the encryption gateway can randomly select a required encryption key from the encryption key set, so that random switching of the encryption keys is realized, the acquisition efficiency of the encryption keys is improved, and the encryption efficiency of the data is improved.
As another alternative implementation, the obtaining, by the encryption gateway, an encryption key required for performing an encryption operation on the first data may include:
the encryption gateway selects at least one encryption key with historical use parameters meeting preset use conditions from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on the first data.
Alternatively, the historical usage parameter may include at least one of a historical number of uses, a historical frequency of use, a latest time of use, and the like.
Further, the selecting, by the encryption gateway, at least one encryption key with a historical usage parameter meeting a preset usage condition from a set of encryption keys obtained in advance as an encryption key required when performing an encryption operation on the first data may include:
when the historical use parameters comprise historical use times, the encryption gateway screens at least one encryption key of which the historical use times are less than or equal to a use time threshold value from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on first data; or the encryption gateway ranks the historical use times of each encryption key in the encryption key set acquired in advance, and takes at least one ranked encryption key as an encryption key required for executing encryption operation on the first data, wherein the later the ranking is, the less the historical use times of the corresponding encryption key are;
when the historical use parameters comprise historical use frequency, the encryption gateway screens at least one encryption key of which the historical use frequency is less than or equal to a use frequency threshold value from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on the first data;
when the historical use parameters comprise the latest use time, the encryption gateway screens at least one encryption key of which the time length from the latest use time to the current time is greater than or equal to a predetermined use time length threshold value from a pre-acquired encryption key set as an encryption key required when the encryption operation is performed on the first data.
Therefore, the optional implementation method can also screen at least one encryption key meeting the preset use condition according to the historical use parameters of the encryption keys in the encryption key set when the data needs to be encrypted, can improve the use rate of each encryption key, reduce the occurrence of the situation that some encryption keys are used too much and some encryption keys are used too little, and also reduce the occurrence of the situation that the data security is reduced after the data is encrypted due to the frequent use of some encryption keys.
As another alternative implementation, the obtaining, by the encryption gateway, an encryption key required for performing an encryption operation on the first data may include:
the encryption gateway selects at least one encryption key matched with the data attribute of the first data from a pre-acquired encryption key set as an encryption key required for performing an encryption operation on the first data.
Optionally, the data attribute of the first data may include one or more of a security requirement level, a privacy requirement level, a data size, a data source, an object to which the data is transmitted, and the like.
Therefore, the optional implementation method can also adaptively match the corresponding encryption key according to the data attribute of the data to be encrypted when the data needs to be encrypted, so that the matching degree of the determined encryption key and the data to be encrypted is favorably improved, and the application scene of the encryption communication implementation method is favorably expanded.
In the above optional embodiment, further optionally, when at least two encryption keys are selected from the encryption key set, the encryption key required for performing the encryption operation on the first data is obtained by the encryption gateway after performing the target operation on all the encryption keys selected from the encryption key set.
Optionally, the target operation may be one of a key concatenation operation, a key logic operation, and a key sorting operation.
Therefore, the optional embodiment can also select a plurality of encryption keys to encrypt the data, so that the safety of the encrypted data is further improved, and the selected plurality of encryption keys can be correspondingly processed and then encrypted, so that the safety of the encryption keys is improved, the probability of cracking the encryption keys is reduced, and the safety of the encrypted data is improved.
In yet another alternative embodiment, before performing step 104, the method may further comprise the operations of:
the encryption gateway judges whether the remaining subdata except the subdata in the first data comprises the check subdata;
and when the residual subdata is judged to comprise the check subdata, the encryption gateway updates the check subdata into the calculated target check subdata so as to update the encrypted data.
Therefore, the optional embodiment can also automatically update the check subdata after the subdata needing to be encrypted is encrypted and under the condition that the data also comprises the check subdata, thereby being beneficial to improving the data transmission safety and improving the accuracy of the check subdata.
In yet another alternative embodiment, the method may further include the operations of:
after receiving the second data sent by the terminal router, the encryption gateway judges whether decryption operation needs to be executed on the second data;
when the second data is judged to need to be decrypted, the encryption gateway performs decryption operation on the second data according to a predetermined decryption key to obtain decrypted data;
and the encryption gateway sends the decrypted data to the switch.
In this optional embodiment, further optionally, after receiving the second data sent by the terminal router, the encryption gateway determines whether a decryption operation needs to be performed on the second data, and may include:
the encryption gateway analyzes the second data to obtain the data type of the second data;
and the encryption gateway judges whether the decryption operation needs to be executed on the second data or not according to the data type of the second data.
Still further optionally, after determining that the decryption operation needs to be performed on the second data, before the encryption gateway performs the decryption operation on the second data according to the predetermined decryption key to obtain decrypted data, the method may further include the following operations:
and the encryption gateway analyzes target information for determining the decryption key from a second preset position of the second data, and determines the decryption key according to the target information.
The target information may be a key identifier, or a preprocessing result obtained after preprocessing the key identifier, which may specifically refer to the above specific data encryption process.
Therefore, the optional embodiment can decrypt the received encrypted data through the encryption gateway, and then the decrypted data is sent to the switch, so that the data transmission safety is improved, the user does not have perception, the related information of the decryption key can be directly obtained from the corresponding position of the encrypted data when the encrypted data is decrypted, the efficiency of obtaining the decryption key is improved, and the decryption efficiency of decrypting the encrypted data is improved.
Example two
Referring to fig. 4, fig. 4 is a flowchart illustrating another implementation method of encrypted communication according to an embodiment of the present invention. The method described in fig. 4 can be applied to an encryption gateway, and the encryption gateway is used for being deployed between a switch and a terminal router included in a network topology for implementing data transmission. As shown in fig. 4, the method may include the operations of:
201. and after receiving the second data sent by the terminal router, the encryption gateway judges whether decryption operation needs to be executed on the second data.
202. And when the second data is judged to need to be decrypted, the encryption gateway performs decryption operation on the second data according to the predetermined decryption key to obtain the decrypted data.
203. And the encryption gateway sends the decrypted data to the switch.
Optionally, after receiving the second data sent by the terminal router, the encryption gateway determines whether a decryption operation needs to be performed on the second data, and the determining may include:
the encryption gateway analyzes the second data to obtain the data type of the second data;
and the encryption gateway judges whether the decryption operation needs to be executed on the second data or not according to the data type of the second data.
Still further optionally, after determining that the decryption operation needs to be performed on the second data, before the encryption gateway performs the decryption operation on the second data according to the predetermined decryption key to obtain decrypted data, the method may further include the following operations:
and the encryption gateway analyzes target information for determining the decryption key from a second preset position of the second data, and determines the decryption key according to the target information.
Therefore, the embodiment of the invention can decrypt the received encrypted data through the encryption gateway, and then send the decrypted data to the switch, thereby improving the data transmission security and realizing no perception of a user, and when decrypting the encrypted data, the embodiment of the invention can directly acquire the relevant information of the decryption key from the corresponding position of the encrypted data, and further determine the decryption key according to the relevant information of the decryption key, thereby being beneficial to improving the efficiency of acquiring the decryption key and further being beneficial to improving the decryption efficiency of decrypting the encrypted data.
In another optional embodiment, the method may further include steps as described in steps 101 to 104, and for the description related to each step, please refer to the description related to the first embodiment, which is not described again in the embodiments of the present invention.
EXAMPLE III
Referring to fig. 5, fig. 5 is a schematic structural diagram of an apparatus for implementing encrypted communication according to an embodiment of the present invention. The device is applied to an encryption gateway, and the encryption gateway is used for being deployed between a switch and a terminal router which are included in a network topology structure for realizing data transmission. As shown in fig. 5, the apparatus may include:
the first receiving module 301 is configured to receive first data sent by the switch.
The analyzing module 302 is configured to analyze the first data received by the first receiving module 301 to obtain a data type of the first data.
The first determining module 303 is configured to determine whether an encryption operation needs to be performed on the first data according to the data type of the first data.
The encryption module 304 is configured to, when the first determining module 303 determines that the encryption operation needs to be performed on the first data, perform the encryption operation on the first data according to a predetermined encryption key to obtain encrypted data.
And a first sending module 305, configured to send the encrypted data to the terminal router.
Therefore, the device described in fig. 5 can encrypt the corresponding data without changing the original network topology and without the perception of the user, and reduce the complexity of the network layout and the use cost of the user while improving the data transmission security.
In an alternative embodiment, as shown in fig. 6, the apparatus may further include:
a second receiving module 306, configured to receive second data sent by the terminal router.
A second judging module 307, configured to judge whether a decryption operation needs to be performed on the second data.
The decryption module 308 is configured to, when the second determining module 307 determines that the decryption operation needs to be performed on the second data, perform the decryption operation on the second data according to a predetermined decryption key, so as to obtain decrypted data.
And a second sending module 309, configured to send the decrypted data to the switch.
In this optional embodiment, further optionally, the specific way for the second determining module 307 to determine whether the decryption operation needs to be performed on the second data is as follows:
analyzing the second data to obtain the data type of the second data;
and judging whether the decryption operation needs to be executed on the second data or not according to the data type of the second data.
It can be seen that, the implementation of the apparatus described in fig. 6 can also decrypt the received encrypted data through the encryption gateway, and then send the decrypted data to the switch, so that the security of data transmission is improved, the imperceptibility of the user is realized, and the intelligent function of the encryption gateway is further enriched.
In another alternative embodiment, as shown in fig. 6, the encryption module 304 may include:
the parsing submodule 3041 is configured to parse the sub data to be encrypted from the first data;
the encryption submodule 3042 is configured to perform an encryption operation on the sub data in the first data according to the predetermined encryption key to obtain encrypted first data, which is used as encrypted data.
It can be seen that, with the device described in fig. 6, when data is encrypted, only the encryption operation needs to be performed on the sub-data that needs to be encrypted, which is beneficial to improving the efficiency of encrypting the data and also beneficial to improving the efficiency of decrypting the encrypted data after the data receiving side receives the encrypted data.
In yet another alternative embodiment, as shown in fig. 6, the apparatus may further include:
the first obtaining module 310 is configured to obtain a key identifier corresponding to the encryption key before the first sending module 305 sends the encrypted data to the terminal router.
A first updating module 311, configured to insert the key identifier into a first preset position in the encrypted data to update the encrypted data; or, performing a preprocessing operation on the key identifier to obtain a preprocessing result, and inserting the preprocessing result into a first preset position in the encrypted data to update the encrypted data.
It can be seen that, with the implementation of the apparatus described in fig. 6, after the data to be encrypted is encrypted by the encryption key, the key identifier of the used encryption key or the preprocessing result obtained after the preprocessing operation is performed on the key identifier can be inserted into the encrypted data, so that the data receiving side can directly obtain decryption information from the encrypted data after receiving the encrypted data, which is beneficial to improving the decryption efficiency and accuracy of decrypting the encrypted data. In addition, the mode of inserting the preprocessing result after the preprocessing operation is executed on the key identification into the encrypted data is beneficial to improving the security of the encryption key, and further beneficial to reducing the probability that the encrypted data is successfully decrypted after being maliciously stolen, and further beneficial to further improving the security of data transmission.
Further optionally, as shown in fig. 6, the apparatus may further include:
the parsing module 312 is configured to parse, before the decryption module 308 performs a decryption operation on the second data according to the predetermined decryption key to obtain decrypted data, target information used for determining the decryption key from a second preset position of the second data, and determine the decryption key according to the target information.
It should be noted that the second receiving module 306, the second determining module 307, the decrypting module 308, and the second sending module 309 described in the third embodiment may be taken as a single embodiment, and further, the embodiment may further include the parsing module 312.
Therefore, the device described in fig. 6 can also directly obtain the relevant information of the decryption key from the corresponding position of the encrypted data when decrypting the encrypted data, which is beneficial to improving the efficiency of obtaining the decryption key and further beneficial to improving the decryption efficiency of decrypting the encrypted data.
In yet another alternative embodiment, as shown in fig. 6, the apparatus may further include:
a second obtaining module 313, configured to obtain an encryption key required when the encryption module 304 performs an encryption operation on the first data according to a predetermined encryption key to obtain encrypted data.
Optionally, the specific manner for the second obtaining module 313 to obtain the encryption key required for performing the encryption operation on the first data is as follows:
randomly selecting at least one encryption key from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on first data; alternatively, the first and second electrodes may be,
selecting at least one encryption key with historical use parameters meeting preset use conditions from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on first data; alternatively, the first and second electrodes may be,
at least one encryption key matching the data attribute of the first data is selected from a set of encryption keys acquired in advance as an encryption key required for performing an encryption operation on the first data.
It can be seen that the implementation of the apparatus described in fig. 6 can also randomly select a required encryption key from the encryption key set, thereby realizing random switching of the encryption keys, facilitating improvement of the acquisition efficiency of the encryption keys, further facilitating improvement of the encryption efficiency of data, or, when data needs to be encrypted, screening at least one encryption key meeting preset use conditions according to the historical use parameters of the encryption keys in the encryption key set, thereby improving the usage rate of each encryption key, reducing the occurrence of situations where some encryption keys are used too much and some encryption keys are used too little, and reducing the occurrence of situations where the security of the encrypted data is reduced due to frequent use of some encryption keys, or, when data needs to be encrypted, adaptively matching the corresponding encryption keys according to the data attributes of the data needing to be encrypted, the matching degree of the determined encryption key and the data to be encrypted is improved, and further the application scene of the device for realizing the encryption communication is expanded.
In yet another alternative embodiment, the specific manner of analyzing the first data by the analysis module 302 to obtain the data type of the first data is as follows:
analyzing the data format of the first data, and determining the data type of the first data according to the data format of the first data; alternatively, the first and second electrodes may be,
acquiring an object-oriented identification of the first data, and determining the data type of the first data according to the object-oriented identification of the first data; alternatively, the first and second electrodes may be,
and acquiring the purpose identifier of the first data, and determining the data type of the first data according to the purpose identifier of the first data.
Therefore, the device described in fig. 6 can provide various data type determination modes, which is beneficial to expanding the application scenarios of the device for realizing encrypted communication described in the embodiment of the present invention and improving the general applicability thereof.
In yet another alternative embodiment, as shown in fig. 6, the apparatus may further include:
the third determining module 314 is configured to determine whether remaining sub-data except the sub-data in the first data includes the check sub-data before the first sending module 305 sends the encrypted data to the terminal router.
The second updating module 315 is configured to update the syndrome data to the calculated target syndrome data when the third determining module 314 determines that the remaining syndrome data includes the syndrome data, so as to update the encrypted data.
It can be seen that, the device described in fig. 6 can also automatically update the check subdata after the subdata required to be encrypted is encrypted and when the data further includes the check subdata, which is beneficial to improving the data transmission security and improving the accuracy of the check subdata.
Example four
The embodiment of the invention discloses an encryption gateway which is used for being arranged between a switch and a terminal router which are included in a network topology structure for realizing data transmission. The encryption gateway is configured to execute part or all of the steps in the implementation method of encrypted communication described in the first embodiment or the second embodiment, or the encryption gateway may include any implementation apparatus of encrypted communication described in the third embodiment.
EXAMPLE five
Referring to fig. 7, fig. 7 is a schematic structural diagram of another apparatus for implementing encrypted communication according to an embodiment of the present invention. The apparatus described in fig. 7 can be applied to an encryption gateway, which is deployed between a switch and a terminal router included in a network topology that implements data transmission. As shown in fig. 7, the apparatus for implementing encrypted communication may include:
a memory 401 storing executable program code;
a processor 402 coupled with the memory 401;
the processor 402 calls the executable program code stored in the memory 402 to execute the steps of the method for implementing encrypted communication disclosed in the first embodiment or the second embodiment of the present invention.
EXAMPLE six
The embodiment of the invention discloses a computer storage medium, which stores computer instructions, and the computer instructions are used for executing the steps of the encrypted communication implementation method disclosed in the first embodiment or the second embodiment of the invention when being called.
The above-described embodiments of the apparatus are merely illustrative, and the modules described as separate components may or may not be physically separate, and the components shown as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above detailed description of the embodiments, those skilled in the art will clearly understand that the embodiments may be implemented by software plus a necessary general hardware platform, and may also be implemented by hardware. Based on such understanding, the above technical solutions may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, where the storage medium includes a Read-Only Memory (ROM), a Random Access Memory (RAM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), a One-time Programmable Read-Only Memory (OTPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Compact Disc-Read-Only Memory (CD-ROM), or other disk memories, CD-ROMs, or other magnetic disks, A tape memory, or any other medium readable by a computer that can be used to carry or store data.
Finally, it should be noted that: the method and apparatus for implementing encrypted communication disclosed in the embodiments of the present invention are only the preferred embodiments of the present invention, and are only used for illustrating the technical solutions of the present invention, not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art; the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (12)
1. A method for realizing encrypted communication is applied to an encryption gateway, wherein the encryption gateway is used for being deployed between a switch and an end router included in a network topology for realizing data transmission, and the method comprises the following steps:
after receiving first data sent by the switch, the encryption gateway analyzes the data type of the first data;
the encryption gateway judges whether encryption operation needs to be executed on the first data or not according to the data type of the first data; when the first data is judged to need to be encrypted, the first data is encrypted according to a predetermined encryption key to obtain encrypted data;
and the encryption gateway sends the encrypted data to the terminal router.
2. The method of claim 1, wherein the method further comprises:
after receiving second data sent by the terminal router, the encryption gateway judges whether decryption operation needs to be executed on the second data;
when the second data is judged to need to be decrypted, the encryption gateway performs decryption operation on the second data according to a predetermined decryption key to obtain decrypted data;
and the encryption gateway sends the decrypted data to the switch.
3. The method for implementing encrypted communication according to claim 2, wherein the determining, by the encryption gateway, whether a decryption operation needs to be performed on the second data after receiving the second data sent by the terminal router includes:
the encryption gateway analyzes the second data to obtain the data type of the second data;
and the encryption gateway judges whether decryption operation needs to be executed on the second data according to the data type of the second data.
4. The method according to claim 2 or 3, wherein the encrypting gateway performs an encryption operation on the first data according to a predetermined encryption key to obtain encrypted data, and the method comprises:
the encryption gateway analyzes subdata to be encrypted from the first data, and carries out encryption operation on the subdata in the first data according to a predetermined encryption key to obtain encrypted first data serving as encrypted data.
5. The method of claim 4, wherein before the encryption gateway sends the encrypted data to the end router, the method further comprises:
the encryption gateway acquires a key identifier corresponding to the encryption key;
the encryption gateway inserts the key identification into a first preset position in the encrypted data to update the encrypted data; alternatively, the first and second electrodes may be,
the encryption gateway executes preprocessing operation on the key identification to obtain a preprocessing result, and inserts the preprocessing result into a first preset position in the encrypted data to update the encrypted data;
and before the encryption gateway performs decryption operation on the second data according to the predetermined decryption key to obtain decrypted data, the method further comprises:
and the encryption gateway analyzes target information for determining a decryption key from a second preset position of the second data, and determines the decryption key according to the target information.
6. The method according to any one of claims 1 to 5, wherein the encryption gateway performs an encryption operation on the first data according to a predetermined encryption key, and before obtaining encrypted data, the method further comprises:
the encryption gateway acquires an encryption key required when encryption operation is performed on the first data;
and the encryption gateway acquires an encryption key required when the encryption operation is performed on the first data, and the method comprises the following steps:
randomly selecting at least one encryption key from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on the first data; alternatively, the first and second electrodes may be,
selecting at least one encryption key with historical use parameters meeting preset use conditions from a pre-acquired encryption key set as an encryption key required when encryption operation is performed on the first data; alternatively, the first and second electrodes may be,
and selecting at least one encryption key matched with the data attribute of the first data from a pre-acquired encryption key set as an encryption key required for performing encryption operation on the first data.
7. The method for implementing encrypted communication according to claim 6, wherein the analyzing, by the encryption gateway, the first data to obtain the data type of the first data after receiving the first data sent by the switch includes:
after receiving first data sent by the switch, the encryption gateway analyzes the data format of the first data and determines the data type of the first data according to the data format of the first data; alternatively, the first and second electrodes may be,
after receiving first data sent by the switch, the encryption gateway acquires an object-oriented identifier of the first data, and determines the data type of the first data according to the object-oriented identifier of the first data; alternatively, the first and second electrodes may be,
after receiving the first data sent by the switch, the encryption gateway acquires the purpose identifier of the first data, and determines the data type of the first data according to the purpose identifier of the first data.
8. The method of claim 4, wherein before the encryption gateway sends the encrypted data to the end router, the method further comprises:
the encryption gateway judges whether the remaining subdata except the subdata in the first data comprises check subdata or not;
and when the residual subdata is judged to comprise the check subdata, the encryption gateway updates the check subdata into the calculated target check subdata so as to update the encrypted data.
9. An apparatus for implementing encrypted communication, the apparatus being applied to an encryption gateway, the encryption gateway being configured to be deployed between a switch and an end router included in a network topology for implementing data transmission, the apparatus comprising:
the first receiving module is used for receiving first data sent by the switch;
the analysis module is used for analyzing the first data to obtain the data type of the first data;
the first judgment module is used for judging whether encryption operation needs to be executed on the first data according to the data type of the first data;
the encryption module is used for executing encryption operation on the first data according to a predetermined encryption key when the first judgment module judges that the encryption operation needs to be executed on the first data, so as to obtain encrypted data;
and the first sending module is used for sending the encrypted data to the terminal router.
10. The apparatus for implementing encrypted communication according to claim 9, further comprising:
a second receiving module, configured to receive second data sent by the terminal router;
the second judgment module is used for judging whether decryption operation needs to be executed on the second data or not;
the decryption module is used for performing decryption operation on the second data according to a predetermined decryption key when the second judgment module judges that the decryption operation needs to be performed on the second data, so as to obtain decrypted data;
and the second sending module is used for sending the decrypted data to the switch.
11. An apparatus for implementing encrypted communication, the apparatus being applied to an encryption gateway, the encryption gateway being configured to be deployed between a switch and an end router included in a network topology for implementing data transmission, the apparatus comprising:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to execute the implementation method of encrypted communication according to any one of claims 1 to 8.
12. A computer storage medium storing computer instructions which, when invoked, perform a method of implementing encrypted communications according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110357347.1A CN113114648A (en) | 2021-04-01 | 2021-04-01 | Method and device for realizing encrypted communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110357347.1A CN113114648A (en) | 2021-04-01 | 2021-04-01 | Method and device for realizing encrypted communication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113114648A true CN113114648A (en) | 2021-07-13 |
Family
ID=76713625
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110357347.1A Pending CN113114648A (en) | 2021-04-01 | 2021-04-01 | Method and device for realizing encrypted communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113114648A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553542A (en) * | 2022-02-22 | 2022-05-27 | 南京四维智联科技有限公司 | Data packet encryption method and device and electronic equipment |
| CN115348340A (en) * | 2022-08-15 | 2022-11-15 | 中国人民解放军战略支援部队信息工程大学 | Data forwarding method, device, equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7165175B1 (en) * | 2000-09-06 | 2007-01-16 | Widevine Technologies, Inc. | Apparatus, system and method for selectively encrypting different portions of data sent over a network |
| CN102695168A (en) * | 2012-05-21 | 2012-09-26 | 中国联合网络通信集团有限公司 | Terminal equipment, encrypted gateway and method and system for wireless network safety communication |
| CN103905180A (en) * | 2014-04-21 | 2014-07-02 | 西安电子科技大学 | Method for enabling classical application to have access to quantum communication network |
| CN108616878A (en) * | 2018-03-28 | 2018-10-02 | 努比亚技术有限公司 | A kind of encrypting and decrypting method, equipment and computer storage media |
| CN108880802A (en) * | 2018-07-11 | 2018-11-23 | 长春大学 | Classic network accesses quantum-key distribution network encryption fused controlling method |
| CN108965302A (en) * | 2018-07-24 | 2018-12-07 | 苏州科达科技股份有限公司 | Media data transmission system, method, apparatus and storage medium |
| CN110505066A (en) * | 2019-08-30 | 2019-11-26 | 北京字节跳动网络技术有限公司 | A kind of data transmission method, device, equipment and storage medium |
| CN111092872A (en) * | 2019-12-11 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Privacy protection method, device and equipment |
-
2021
- 2021-04-01 CN CN202110357347.1A patent/CN113114648A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7165175B1 (en) * | 2000-09-06 | 2007-01-16 | Widevine Technologies, Inc. | Apparatus, system and method for selectively encrypting different portions of data sent over a network |
| CN102695168A (en) * | 2012-05-21 | 2012-09-26 | 中国联合网络通信集团有限公司 | Terminal equipment, encrypted gateway and method and system for wireless network safety communication |
| CN103905180A (en) * | 2014-04-21 | 2014-07-02 | 西安电子科技大学 | Method for enabling classical application to have access to quantum communication network |
| CN108616878A (en) * | 2018-03-28 | 2018-10-02 | 努比亚技术有限公司 | A kind of encrypting and decrypting method, equipment and computer storage media |
| CN108880802A (en) * | 2018-07-11 | 2018-11-23 | 长春大学 | Classic network accesses quantum-key distribution network encryption fused controlling method |
| CN108965302A (en) * | 2018-07-24 | 2018-12-07 | 苏州科达科技股份有限公司 | Media data transmission system, method, apparatus and storage medium |
| CN110505066A (en) * | 2019-08-30 | 2019-11-26 | 北京字节跳动网络技术有限公司 | A kind of data transmission method, device, equipment and storage medium |
| CN111092872A (en) * | 2019-12-11 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Privacy protection method, device and equipment |
Non-Patent Citations (1)
| Title |
|---|
| 李艇: "计算机网络管理与安全技术", pages: 154 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553542A (en) * | 2022-02-22 | 2022-05-27 | 南京四维智联科技有限公司 | Data packet encryption method and device and electronic equipment |
| CN115348340A (en) * | 2022-08-15 | 2022-11-15 | 中国人民解放军战略支援部队信息工程大学 | Data forwarding method, device, equipment and storage medium |
| CN115348340B (en) * | 2022-08-15 | 2024-03-08 | 中国人民解放军战略支援部队信息工程大学 | Data forwarding method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11659385B2 (en) | Method and system for peer-to-peer enforcement | |
| US7774593B2 (en) | Encrypted packet, processing device, method, program, and program recording medium | |
| US11943695B2 (en) | Network channel switching method and apparatus, device, and storage medium | |
| CN106254147B (en) | It is a kind of for the configuration method of Wi-Fi network, internet-of-things terminal and control terminal | |
| US20040139339A1 (en) | Data encryption and decryption method and apparatus | |
| CN103647869B (en) | A kind of matching method of terminal, terminal and system | |
| CN103765848A (en) | Apparatus and methods for media access control replacement | |
| CN113114648A (en) | Method and device for realizing encrypted communication | |
| US20040184479A1 (en) | Packet routing device and packet routing method | |
| CN1839591B (en) | Method for discarding all segments corresponding to same packet in buffer | |
| CN112867005A (en) | Control frame processing and generating method, station, access point and storage medium | |
| CN105120454B (en) | Information transferring method, networking cut-in method and corresponding terminal | |
| KR20100021384A (en) | Non -access stratum protocol management method and system in mobile telecommunication system | |
| CN110868362B (en) | Method and device for processing MACsec uncontrolled port message | |
| KR20020088728A (en) | Method for transmitting and receiving of security provision IP packet in IP Layer | |
| Piet et al. | Ggfast: Automating generation of flexible network traffic classifiers | |
| CN1794648A (en) | Method of distinguishing playback management message | |
| CN111277517B (en) | Programmable switching chip-based convergence and shunt method and device, storage medium and electronic equipment | |
| CN113179229A (en) | Verification method, verification device, storage medium and electronic equipment | |
| CN112566123B (en) | Method and device for determining abnormal network node | |
| CN115834026A (en) | Safety encryption method based on industrial protocol | |
| WO2022227484A1 (en) | Data communication method and apparatus, computer device, and storage medium | |
| WO2023059501A1 (en) | Statistically private oblivious transfer from cdh | |
| CN114826748A (en) | Audio and video stream data encryption method and device based on RTP, UDP and IP protocols | |
| WO2001075559A2 (en) | Agent-based secure handling of e-mail header information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |