CN114666419A - Data transmission method, device, terminal equipment and storage medium - Google Patents
Data transmission method, device, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN114666419A CN114666419A CN202210242071.7A CN202210242071A CN114666419A CN 114666419 A CN114666419 A CN 114666419A CN 202210242071 A CN202210242071 A CN 202210242071A CN 114666419 A CN114666419 A CN 114666419A
- Authority
- CN
- China
- Prior art keywords
- data packet
- request data
- protocol
- request
- check
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a data transmission method, a data transmission device, terminal equipment and a storage medium, wherein the method comprises the following steps: receiving a first request data packet sent by sending end equipment; if the first request data packet passes the verification, verifying the address information of the first request data packet; if the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet; carrying out protocol verification and content verification on the second request data packet in sequence; if the second request data packet passes the protocol check and the content check, the second request data packet is sent to the receiving end equipment, the number of the received data packets in a preset time period is judged, then the address information, the video networking protocol format and the data packet content of the received data packets are judged, if the judgment of each time passes the check, the received data packets are not tampered, and the safety of data transmission is improved.
Description
Technical Field
The present invention relates to the field of video networking technologies, and in particular, to a data transmission method, an apparatus, a terminal device, and a storage medium.
Background
The video network is a private network (private network) and is a relatively closed self-owned network, normal video network services are not attacked, but in the era that the Internet occupies a major market, the video network and respective service and application platforms of the Internet need to be subjected to service docking and data transmission.
In the process of service docking or data transmission between the video network and the internet, some malicious attack behaviors can permeate into the video network through the internet, so that the security of data transmission in the internet and the video network is poor, and the problem that how to improve the security of data transmission in the internet and the video network is needed to be solved at present.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are proposed to provide a data transmission method, apparatus, terminal device and storage medium that overcome or at least partially solve the above problems.
In a first aspect, an embodiment of the present invention provides a data transmission method, where the method includes:
receiving a first request data packet sent by sending end equipment;
verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period;
under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet;
carrying out protocol check and content check on the second request data packet in sequence;
and if the second request data packet passes the protocol check and the content check, determining the second request data packet as a video networking protocol data packet, and sending the video networking protocol data packet to receiving end equipment.
Optionally, the verifying the request packet according to the first verification rule includes:
and if the number of the received first request data packets in a preset time period is smaller than a preset value, determining that the first request data packets pass the verification.
Optionally, if the first request packet passes the verification, verifying the address information of the first request packet includes:
obtaining internet address information corresponding to the first request data packet;
matching the corresponding relation between the internet address information corresponding to the first request data packet and the internet transmission address;
and if the internet address information corresponding to the first request data packet is matched with the preset address information in the corresponding relation of the internet transmission addresses, determining that the first request data packet passes the verification.
Optionally, the performing protocol check on the second request packet includes:
acquiring a protocol packet header of the second request data packet;
comparing the protocol packet header with a preset protocol format of a video networking protocol;
and if the protocol packet header is matched with the protocol format of a preset video networking protocol, determining that the second request data packet passes the verification.
Optionally, the first request packet is obtained by encrypting, by the sending-end device, according to a preset encryption rule.
Optionally, the performing content verification on the request packet of the video networking protocol includes:
decrypting the second request data packet passing the verification according to a preset decryption rule; wherein the preset decryption rule corresponds to the preset encryption rule;
and if the decryption is successful, determining that the second request data packet is the video networking protocol data packet.
In a second aspect, an embodiment of the present invention provides a data transmission apparatus, where the apparatus includes:
the receiving module is used for receiving a first request data packet sent by sending end equipment;
the first checking module is used for checking the first request data packet according to a first checking rule, and if the first request data packet passes the checking, the address information of the first request data packet is checked; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period;
the second check module is used for performing protocol conversion on the first request data packet to obtain a second request data packet under the condition that the address information of the first request data packet passes the check;
the third checking module is used for carrying out protocol checking and content checking on the second request data packet in sequence;
and the fourth checking module is used for determining the second request data packet as a video networking protocol data packet and sending the video networking protocol data packet to receiving end equipment if the second request data packet passes the protocol check and the content check.
Optionally, the first checking module is configured to:
and if the number of the received first request data packets in a preset time period is smaller than a preset value, determining that the first request data packets pass the verification.
Optionally, the first checking module is configured to:
obtaining internet address information corresponding to the first request data packet;
matching the corresponding relation between the internet address information corresponding to the first request data packet and the internet transmission address;
and if the internet address information corresponding to the first request data packet is matched with the preset address information in the corresponding relation of the internet transmission addresses, determining that the first request data packet passes the verification.
Optionally, the third checking module is configured to:
acquiring a protocol packet header of the second request data packet;
comparing the protocol packet header with a preset protocol format of a video networking protocol;
and if the protocol packet header is matched with the protocol format of a preset video networking protocol, determining that the second request data packet passes the verification.
Optionally, the first request packet is obtained by encrypting, by the sending-end device, according to a preset encryption rule.
Optionally, the fourth checking module is configured to:
decrypting the verified second request data packet according to a preset decryption rule; wherein the preset decryption rule corresponds to the preset encryption rule;
and if the decryption is successful, determining that the second request data packet is the video networking protocol data packet.
In a third aspect, an embodiment of the present invention provides a terminal device, including: at least one processor and memory;
the memory stores a computer program; the at least one processor executes the computer program stored by the memory to implement the data transmission method provided by the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed, the computer program implements the data transmission method provided in the first aspect.
The embodiment of the invention has the following advantages:
according to the data transmission method, the data transmission device, the terminal equipment and the storage medium provided by the embodiment of the invention, the first request data packet sent by the sending terminal equipment is received; verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period; under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet; carrying out protocol check and content check on the second request data packet in sequence; if the second request data packet passes the protocol check and the content check, the second request data packet is determined to be a video networking protocol data packet, the video networking protocol data packet is sent to receiving end equipment, the number of the data packets received within a preset time period is judged, then the address information, the video networking protocol format and the data packet content of the received data packet are judged, if the judgment of each time is passed, the received data packet is not tampered, and the data transmission safety is improved.
Drawings
FIG. 1 is a flow chart of the steps of one embodiment of a data transmission method of the present invention;
FIG. 2 is a flow chart of steps in another data transmission method embodiment of the present invention;
FIG. 3 is a block diagram of a data transmission system according to an embodiment of the present invention;
FIG. 4 is a block diagram of the structure of yet another data transmission system embodiment of the present invention;
FIG. 5 is a flow chart of the steps of yet another data transmission method embodiment of the present invention;
FIG. 6 is a block diagram of an embodiment of a data transmission apparatus according to the present invention;
fig. 7 is a schematic structural diagram of a terminal device of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
The video networking is an important milestone for network development, is a real-time network, can realize high-definition video real-time transmission, and pushes a plurality of internet applications to high-definition video, and high-definition faces each other.
The video networking adopts a real-time high-definition video exchange technology, can integrate required services such as dozens of services of videos, voices, pictures, characters, communication, data packets and the like on a system platform on a network platform, such as high-definition video conferences, video monitoring, intelligent monitoring analysis, emergency command, digital broadcast televisions, delay televisions, network teaching, live broadcast, VOD on demand, television mails, Personal Video Recorder (PVR), intranet (self-office) channels, intelligent video broadcasting control, information distribution and the like, and realizes high-definition quality video broadcasting through televisions or computers.
An embodiment of the invention provides a data transmission method, which is used for data transmission between an internet terminal and a video network terminal. The execution main body of the embodiment is a data transmission device and is arranged on the server.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a data transmission method of the present invention is shown, where the method may specifically include the following steps:
s101, receiving a first request data packet sent by sending end equipment;
specifically, the sending end device and the receiving end device are video network terminals, a server is arranged between the sending end device and the receiving end device, and the server receives a first request data packet sent by the sending end device.
S102, verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period;
specifically, after receiving a first request data packet, the server checks the first request data packet according to a first check rule, for example, the server receives the first request data packet all the time within a preset time period, and if the number of the received first request data packets is greater than a preset value, it is determined that the first request data packet is an illegal request data packet, that is, the server receives the request data packet all the time within a period of time, determines that the request data packet may be an illegal request, deletes the request data packet, and does not process the request data packet.
And if the number of the first request data packets received by the server in the preset time period is smaller than the preset value, determining that the first request data packets pass the verification.
In order to more accurately check the first request data packet, the server may determine a format of the first request data packet, determine whether the format of the first request data packet matches a preset format, determine that the first request data packet passes the check if the format of the first request data packet matches the preset format, and not process the first request data packet if the format of the first request data packet does not match the preset format.
After the first request data packet passes the first verification, the server acquires address information contained in the first request data packet, and then verifies the address information in the first request data packet, that is, the server and the terminal may belong to different areas, and the server stores the address information corresponding to the terminal in the area, that is, only the request data packet sent by the terminal in the area can be received, but the request data packet sent by the terminal in other areas cannot be received.
S103, under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet;
specifically, a multi-card receiving module and a multi-card sending module are integrated in the server, an internet protocol is used between the multi-card receiving module and the multi-card sending module, the multi-card sending module and the multi-card receiving module can be further connected with the video network terminal or the video network server, and under the condition that the address information of the first request data packet is confirmed to pass the verification, the multi-card receiving module or the multi-card receiving module in the server can perform protocol conversion on the first request data packet, for example, the video network protocol is converted into the internet protocol, or the internet protocol is converted into the video network protocol, so that a second request data packet is obtained.
S104, carrying out protocol check and content check on the second request data packet in sequence;
in the embodiment of the present invention, the server performs protocol verification on the second request data packet, for example, performs protocol verification of a video networking protocol on the second request data packet, and since the second request data packet is transmitted from the internet to the video networking, in order to ensure security of data transmission in the video networking, it is necessary to perform video networking protocol verification on a protocol header of the second request data packet, and if the protocol header of the second request data packet conforms to a video networking protocol format, it is determined that the second request data packet passes the verification.
After the second request data packet is verified through the protocol, the data content in the second request data packet is verified, that is, before the second request data packet is sent, the data content in the data packet is encrypted, so that the security of data transmission can be improved, and thus, the data content in the second request data packet needs to be verified to prevent tampering.
And S105, if the second request data packet passes the protocol check and the content check, determining the second request data packet as a video networking protocol data packet, and sending the video networking protocol data packet to the receiving end equipment.
Specifically, after the server checks the transmission protocol and the data content of the second request data packet, the server determines the second request data packet that passes the check as a video networking protocol data packet, and sends the video networking protocol data packet to the receiving end device.
In the data transmission method provided by the embodiment of the invention, a first request data packet sent by sending end equipment is received; verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the quantity of the received first request data packets in a preset time period; under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet; carrying out protocol check and content check on the second request data packet in sequence; if the second request data packet passes the protocol check and the content check, the second request data packet is determined to be a video networking protocol data packet, the video networking protocol data packet is sent to receiving end equipment, the number of the received data packets in a preset time period is judged, then the address information, the video networking protocol format and the data packet content of the received data packets are judged, if the judgment of each time is passed, the received data packets are not tampered, and the safety of data transmission is improved.
The present invention further provides a supplementary description of the data transmission method provided in the above embodiment.
As shown in fig. 2, a flowchart of steps of another embodiment of a data transmission method according to the present invention is shown, in the embodiment of the present invention, a server may integrate a multi-card receiving module and a multi-card sending module, or the multi-card receiving module, the multi-card sending module, and the server are separate devices, that is, a multi-card receiving device and a multi-card sending device, in the embodiment of the present invention, a separate device is taken as an example, and the data transmission method includes:
s201, receiving a first request data packet sent by sending end equipment; the first request data packet is obtained by encrypting the sending end equipment according to a preset encryption rule.
Specifically, before sending the data packet, the sending end device encrypts the data packet according to a preset encryption rule to obtain a first request data packet, where the preset encryption rule includes a symmetric encryption method or an asymmetric encryption method, for example, an RSA encryption algorithm or an MD5 digest algorithm, which is not specifically limited in the embodiment of the present invention.
And the sending end equipment sends the first request data packet to the multi-card sending equipment.
S202, if the number of the first request data packets received in the preset time period is smaller than the preset value, the first request data packets are determined to pass the verification.
Illustratively, if the multi-card sending device receives 1000 first request data packets within 1ms, it indicates that the first request data packets are illegal requests, and if the number of the first request data packets received by the multi-card sending device within 1ms is less than a preset value, for example, 100, it is determined that the first request data passes the verification.
S203, obtaining Internet address information corresponding to the first request data packet;
specifically, the multi-card receiving device may be connected to a plurality of multi-card sending devices, and in the multi-card receiving device, a correspondence between address information of the multi-card receiving device and address information of the plurality of multi-card sending devices is stored, where the address information may be an IP address of the internet.
S204, matching the corresponding relation between the Internet address information corresponding to the first request data packet and the Internet transmission address;
after receiving the first request data packet, the multi-card sending device sends the first request data packet to the multi-card receiving device, the multi-card receiving device judges the IP address of the multi-card sending device which sends the first request data packet, and if the IP address of the multi-card sending device is found in the corresponding relation of the address information of the multi-card receiving device and the address information of the multi-card sending devices which are stored in advance, the first request data packet is verified. The internet transmission address corresponding relation is the corresponding relation between the address information of the multi-card receiving equipment and the address information of the multi-card sending equipment.
S205, if the internet address information corresponding to the first request data packet is matched with the preset address information in the corresponding relation of the internet transmission addresses, determining that the first request data packet passes the verification.
S206, under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet;
specifically, the multi-card receiving device performs protocol conversion on the first request data packet of the internet protocol to obtain a second request data packet under the condition that the address information of the first request data packet passes the verification, and sends the second request data packet to the server.
S207, acquiring a protocol packet header of the second request data packet;
specifically, after receiving the second request data packet, the server obtains a protocol header of the second request data packet, and determines the protocol header.
S208, comparing the protocol packet header with a protocol format of a preset video networking protocol;
specifically, the protocol format of the video networking protocol is preset, and the server compares the protocol header with the preset protocol format of the video networking protocol.
S209, if the protocol header is matched with the protocol format of the preset video networking protocol, determining that the second request data packet passes the verification.
S210, decrypting the verified second request data packet according to a preset decryption rule; wherein the preset decryption rule corresponds to the preset encryption rule;
and encrypting the data packet at the sending end equipment to obtain a first request data packet, wherein the server needs to decrypt a second request data packet, and the decryption mode corresponds to the encryption mode.
S211, if the decryption is successful, determining that the second request data packet is a video networking protocol data packet, and sending the video networking protocol data packet to the receiving end equipment.
Fig. 3 is a block diagram of a data transmission system according to an embodiment of the present invention, and as shown in fig. 3, the data transmission system according to the embodiment of the present invention can be applied to a single remote terminal video networking scheme a, and specifically includes: the system comprises a plurality of video networking terminals (a video networking terminal 1, a video networking terminal 2 and a video networking terminal 3), a video networking server, a video networking router, a multi-card server (a multi-card receiving device), a multi-card device (a multi-card sending device) and video networking terminals connected with the multi-card device, wherein the multi-card device and the video networking terminals are in one-to-one correspondence, the video networking server is absent in a multi-card device side, namely a remote working domain, the deployment is flexible, and the safety guarantee degree is high.
Fig. 4 is a block diagram of a data transmission system according to another embodiment of the present invention, as shown in fig. 4, the data transmission system according to the embodiment of the present invention can be applied to a video networking scheme of a multiple remote terminals, and two video networking servers are respectively provided on two sides to perform inter-domain communication and protect internal security of each domain, which specifically includes: a plurality of video networking terminals (video networking terminal 1, video networking terminal 2, video networking terminal 3), video networking server, video networking router, many cards server (many cards receiving equipment), many cards equipment (many cards transmitting equipment), the video networking server that links to each other with many cards equipment, video networking server can link to each other with a plurality of video networking terminals (video networking terminal 4, video networking terminal 5 and video networking terminal 6) again.
The multi-card server and multi-card device communication is a process of removing an IP protocol. The multi-card server is used for converting the V2V video networking protocol message and the IP internet message, and establishing a V2V tunnel in the IP network without any operation on the original data, thereby safely and quickly realizing transparent transmission and forwarding of the data.
The multi-card server and the multi-card equipment are respectively provided with a network port to access the video network, the other network port to access the IP network, a rawsocket mechanism is adopted for communication, the Internet data received by the IP network port is converted into a V2V video network message to be sent to the video network port, and otherwise, the video network data is converted into the Internet data to be sent to the Internet network port.
The multi-card server and the multi-card device communicate with each other by adopting a port binding and safety verification mechanism, the multi-card server is configured with an IP address of the multi-card device, monitors an encryption verification packet which is actively sent after starting, and allows data access only after the server passes the verification. The multi-card device will only establish communication if it is actively "requesting". The multi-card equipment is provided with an attack early warning processing mechanism, and when the malicious behavior of invasion is detected, the request can be immediately and actively stopped, information is fed back, and any network attack is blocked.
In the embodiment of the present invention, when data transmission is performed between a sending end device and a receiving end device, multiple security checks are required, which specifically includes:
first layer protection (multi-card device): the multi-card device is used as an outlet of the internet and an inlet of data interaction of the video network and is the first target of an attacker. The multi-card device may be resistant to traditional system bug-based attacks. A protection system based on trusted computing is built in, and traditional attack means such as system bugs, malicious software, trojans, viruses, browser attacks and the like are invalid, so that the safety of a host is effectively protected. The trusted module monitors abnormality and tries to start, and when a large amount of illegal data is received, the data is immediately reported to a video network server through a video network, namely, the first-level early warning is carried out. The server of the visual network executes whether to close the current request according to the protection strategy and the detailed informing information. The "request" once closed will not be able to communicate without a connection and any attack is not effective.
Second tier protection (multi-card server): the multi-card server receives internet data of a designated IP and filters all non-white list IP data. Meanwhile, the internet data is converted into the effective standard of the internet protocol data. When the attacker sends the data to the multi-card server, the video networking format is not satisfied, and the multi-card server directly discards the second request data packet.
Third tier protection (video networking server): assuming the first two layers of protection are breached, an attacker may attempt to attack other devices for a springboard through the multi-card device. The video network server can resist the attack of the traditional IP, resist the flooding attack and resist the node attack. The first is the video network server without IP protocol stack and IP address. The conventional means detects and cannot be found. The video network server is divided into regions, each region is independent of each other and does not influence each other through vlan division, and dangers on one side cannot influence the other side. And the video network server detects that a large amount of illegal data enters the conference to give an early warning, reports early warning information, actively stops the request and provides a second-layer early warning.
And a fourth layer of protection: assuming that the attacker obtains the packet format of the video networking protocol, a legitimate packet is forged. The load stores "danger data" from the entrance through the multi-layer shield. In this case, the data content is decrypted, and after a series of decryption operations, all the "viruses", "malicious programs", "dangerous data", "SQL injection", etc. that reach the terminal become invalid data.
Fig. 5 is a flowchart illustrating steps of another embodiment of a data transmission method according to the present invention, as shown in fig. 5, a complex internet environment is provided between a multi-card server and a multi-card device, which may be communication between different areas and across domains.
The multi-card server and the multi-card equipment are both provided with double network ports, one network port is connected with the Internet, the other network port is connected with the video network, and the Internet is connected in front of the multi-card server and the multi-card equipment, so that the legality of data entering at the Internet network port is guaranteed, whether storm data exist is mainly monitored in real time, and the phenomenon that a large amount of illegal data enter is stopped.
The multi-card device is actively connected with the multi-card server to establish an effective communication tunnel, when the multi-card service receives information (a first request data packet), whether the IP access of the multi-card device is a configuration item is monitored according to a self-configured white list IP (Internet transmission address corresponding relation is the corresponding relation of the address information of the multi-card receiving device and the address information of a plurality of multi-card sending devices), if not, the IP access is filtered and not processed, if the IP access is normal access, the connection between the multi-card server and the multi-card device is established, the multi-card device is informed, the tunnel is established, and data entering the multi-card service is filtered according to the configuration.
The multi-card server carries out IP-V2V conversion on Internet IP data, ensures that the data entering the video network are all in a private protocol format, carries out IP removal operation, detects whether the IP format data exist in the video network server, can resist the attack of the traditional IP, and is the third protection.
After the multi-card equipment and the multi-card server obtain effective data from the internet network port and remove IP, V2V packaging is carried out and is injected into the video network port, and the video network port is simulated to send a packet and then is forwarded to the video network. The multi-card equipment and the multi-card server acquire the video networking data from the video networking, and the video networking data is encapsulated by IP and then is injected into an Internet port.
In the cross-domain communication based on the internet tunnel, the initial data is obtained by encrypting the video network terminal, and the and or operation can be carried out, so that the encryption of data or key data is ensured in the whole tunnel transmission process, which is the fourth protection.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
In the data transmission method provided by the embodiment of the invention, a first request data packet sent by sending end equipment is received; verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period; under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet; carrying out protocol check and content check on the second request data packet in sequence; if the second request data packet passes the protocol check and the content check, the second request data packet is determined to be a video networking protocol data packet, the video networking protocol data packet is sent to receiving end equipment, the number of the received data packets in a preset time period is judged, then the address information, the video networking protocol format and the data packet content of the received data packets are judged, if the judgment of each time is passed, the received data packets are not tampered, and the safety of data transmission is improved.
Another embodiment of the present invention provides a data transmission apparatus, configured to execute the data transmission method provided in the foregoing embodiment.
Referring to fig. 6, a block diagram of a data transmission apparatus according to an embodiment of the present invention is shown, where the apparatus may specifically include the following modules: a receiving module 601, a first check module 602, a second check module 603, a third check module 604 and a fourth check module 605, wherein:
the receiving module 601 is configured to receive a first request data packet sent by sending end equipment;
the first checking module 602 is configured to check the first request data packet according to a first checking rule, and if the first request data packet passes the checking, check address information of the first request data packet; the first check rule at least comprises the judgment of the quantity of the received first request data packets in a preset time period;
the second check module 603 is configured to perform protocol conversion on the first request packet to obtain a second request packet when the address information of the first request packet passes the check;
the third checking module 604 is configured to perform protocol checking and content checking on the second request data packet in sequence;
the fourth checking module 605 is configured to determine the second request data packet as a video networking protocol data packet if the second request data packet passes the protocol check and the content check, and send the video networking protocol data packet to the receiving end device.
The data transmission device provided by the embodiment of the invention receives a first request data packet sent by sending end equipment; verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period; under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet; carrying out protocol check and content check on the second request data packet in sequence; if the second request data packet passes the protocol check and the content check, the second request data packet is determined to be a video networking protocol data packet, the video networking protocol data packet is sent to receiving end equipment, the number of the received data packets in a preset time period is judged, then the address information, the video networking protocol format and the data packet content of the received data packets are judged, if the judgment of each time is passed, the received data packets are not tampered, and the safety of data transmission is improved.
The data transmission device provided by the above embodiment is further described in an additional embodiment of the present invention.
Optionally, the first checking module is configured to:
and if the number of the received first request data packets in the preset time period is smaller than the preset value, determining that the first request data packets pass the verification.
Optionally, the first check module is configured to:
acquiring internet address information corresponding to the first request data packet;
matching the corresponding relation between the internet address information corresponding to the first request data packet and the internet transmission address;
and if the internet address information corresponding to the first request data packet is matched with the preset address information in the corresponding relation of the internet transmission addresses, determining that the first request data packet passes the verification.
Optionally, the third check module is configured to:
acquiring a protocol packet header of a second request data packet;
comparing the protocol packet header with a preset protocol format of a video networking protocol;
and if the protocol packet header is matched with the protocol format of the preset video networking protocol, determining that the second request data packet passes the verification.
Optionally, the first request packet is obtained by encrypting, by the sending end device, according to a preset encryption rule.
Optionally, the fourth check module is configured to:
decrypting the verified second request data packet according to a preset decryption rule; wherein the preset decryption rule corresponds to the preset encryption rule;
and if the decryption is successful, determining that the second request data packet is the video networking protocol data packet.
It should be noted that the respective implementable modes in the present embodiment may be implemented individually, or may be implemented in combination in any combination without conflict, and the present application is not limited thereto.
For the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The data transmission device provided by the embodiment of the invention receives a first request data packet sent by sending end equipment; verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period; under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet; carrying out protocol check and content check on the second request data packet in sequence; if the second request data packet passes the protocol check and the content check, the second request data packet is determined to be a video networking protocol data packet, the video networking protocol data packet is sent to receiving end equipment, the number of the received data packets in a preset time period is judged, then the address information, the video networking protocol format and the data packet content of the received data packets are judged, if the judgment of each time is passed, the received data packets are not tampered, and the safety of data transmission is improved.
Still another embodiment of the present invention provides a terminal device, configured to execute the data transmission method provided in the foregoing embodiment.
Fig. 7 is a schematic structural diagram of a terminal device of the present invention, and as shown in fig. 7, the terminal device includes: at least one processor 701 and memory 702;
the memory stores a computer program; at least one processor executes the computer program stored in the memory to implement the data transmission method provided by the above-described embodiments.
The terminal device provided in this embodiment receives a first request packet sent by a sending end device; verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period; under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet; carrying out protocol check and content check on the second request data packet in sequence; if the second request data packet passes the protocol check and the content check, the second request data packet is determined to be a video networking protocol data packet, the video networking protocol data packet is sent to receiving end equipment, the number of the received data packets in a preset time period is judged, then the address information, the video networking protocol format and the data packet content of the received data packets are judged, if the judgment of each time is passed, the received data packets are not tampered, and the safety of data transmission is improved.
Yet another embodiment of the present application provides a computer-readable storage medium, in which a computer program is stored, and when the computer program is executed, the data transmission method provided in any one of the above embodiments is implemented.
According to the computer-readable storage medium of the embodiment, by receiving a first request packet sent by a sending end device; verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period; under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet; carrying out protocol check and content check on the second request data packet in sequence; if the second request data packet passes the protocol check and the content check, the second request data packet is determined to be a video networking protocol data packet, the video networking protocol data packet is sent to receiving end equipment, the number of the received data packets in a preset time period is judged, then the address information, the video networking protocol format and the data packet content of the received data packets are judged, if the judgment of each time is passed, the received data packets are not tampered, and the safety of data transmission is improved.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, electronic devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable packet processing electronic device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable packet processing electronic device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable packet processing electronics to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data packet processing electronic device to cause a series of operational steps to be performed on the computer or other programmable electronic device to produce a computer implemented process such that the instructions which execute on the computer or other programmable electronic device provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or electronic device that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or electronic device. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or electronic device that comprises the element.
The data transmission method and the data transmission device provided by the invention are described in detail, and the principle and the implementation mode of the invention are explained by applying specific examples, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A method of data transmission, the method comprising:
receiving a first request data packet sent by sending end equipment;
verifying the first request data packet according to a first verification rule, and if the first request data packet passes the verification, verifying the address information of the first request data packet; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period;
under the condition that the address information of the first request data packet passes the verification, performing protocol conversion on the first request data packet to obtain a second request data packet;
carrying out protocol check and content check on the second request data packet in sequence;
and if the second request data packet passes the protocol check and the content check, determining the second request data packet as a video networking protocol data packet, and sending the video networking protocol data packet to receiving end equipment.
2. The data transmission method according to claim 1, wherein the verifying the request packet according to the first verification rule comprises:
and if the number of the received first request data packets in a preset time period is smaller than a preset value, determining that the first request data packets pass the verification.
3. The data transmission method according to claim 2, wherein the verifying the address information of the first request packet if the first request packet passes the verification comprises:
obtaining internet address information corresponding to the first request data packet;
matching the corresponding relation between the internet address information corresponding to the first request data packet and the internet transmission address;
and if the internet address information corresponding to the first request data packet is matched with the preset address information in the corresponding relation of the internet transmission addresses, determining that the first request data packet passes the verification.
4. The data transmission method according to claim 3, wherein the performing protocol check on the second request packet includes:
acquiring a protocol packet header of the second request data packet;
comparing the protocol packet header with a preset protocol format of a video networking protocol;
and if the protocol packet header is matched with the protocol format of a preset video networking protocol, determining that the second request data packet passes the verification.
5. The data transmission method according to claim 4, wherein the first request packet is obtained by encrypting, by the sending end device, according to a preset encryption rule.
6. The data transmission method according to claim 5, wherein the content checking of the request packet of the video networking protocol comprises:
decrypting the verified second request data packet according to a preset decryption rule; wherein the preset decryption rule corresponds to the preset encryption rule;
and if the decryption is successful, determining that the second request data packet is the video networking protocol data packet.
7. A data transmission apparatus, characterized in that the apparatus comprises:
the receiving module is used for receiving a first request data packet sent by sending end equipment;
the first checking module is used for checking the first request data packet according to a first checking rule, and if the first request data packet passes the checking, the address information of the first request data packet is checked; the first check rule at least comprises the judgment of the number of the received first request data packets in a preset time period;
the second check module is used for performing protocol conversion on the first request data packet to obtain a second request data packet under the condition that the address information of the first request data packet passes the check;
the third checking module is used for carrying out protocol checking and content checking on the second request data packet in sequence;
and the fourth checking module is used for determining the second request data packet as a video networking protocol data packet and sending the video networking protocol data packet to receiving end equipment if the second request data packet passes the protocol check and the content check.
8. The data transmission apparatus according to claim 7, wherein the first checking module is configured to:
and if the number of the received first request data packets in a preset time period is smaller than a preset value, determining that the first request data packets pass the verification.
9. A terminal device, comprising: at least one processor and a memory;
the memory stores a computer program; the at least one processor executes the computer program stored by the memory to implement the data transfer method of any of claims 1-6.
10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when executed, implements the data transmission method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210242071.7A CN114666419A (en) | 2022-03-11 | 2022-03-11 | Data transmission method, device, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210242071.7A CN114666419A (en) | 2022-03-11 | 2022-03-11 | Data transmission method, device, terminal equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114666419A true CN114666419A (en) | 2022-06-24 |
Family
ID=82028751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210242071.7A Pending CN114666419A (en) | 2022-03-11 | 2022-03-11 | Data transmission method, device, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666419A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115412601A (en) * | 2022-08-26 | 2022-11-29 | 浙江中控技术股份有限公司 | Data acquisition method and device, electronic equipment and nonvolatile storage medium |
-
2022
- 2022-03-11 CN CN202210242071.7A patent/CN114666419A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115412601A (en) * | 2022-08-26 | 2022-11-29 | 浙江中控技术股份有限公司 | Data acquisition method and device, electronic equipment and nonvolatile storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107566381B (en) | Equipment safety control method, device and system | |
| Almaiah | A new scheme for detecting malicious attacks in wireless sensor networks based on blockchain technology | |
| US20060190997A1 (en) | Method and system for transparent in-line protection of an electronic communications network | |
| WO2016184216A1 (en) | Link-stealing prevention method, link-stealing prevention server, and client side | |
| CN111274578B (en) | Data safety protection system and method for video monitoring system | |
| CN114598540B (en) | Access control system, method, device and storage medium | |
| CN106850690B (en) | Honeypot construction method and system | |
| US20070044155A1 (en) | Port scanning method and device, port scanning detection method and device, port scanning system, computer program and computer program product | |
| KR101972110B1 (en) | security and device control method for fog computer using blockchain technology | |
| US7707424B2 (en) | Secure file transfer | |
| CA2506418C (en) | Systems and apparatuses using identification data in network communication | |
| CN108712364A (en) | A kind of safety defense system and method for SDN network | |
| CN111953656A (en) | Monitoring video encryption transmission method, device, equipment and medium | |
| Park et al. | Watermarking for detecting freeloader misbehavior in software-defined networks | |
| CN114666419A (en) | Data transmission method, device, terminal equipment and storage medium | |
| CN112291072B (en) | Secure video communication method, device, equipment and medium based on management plane protocol | |
| KR20130035600A (en) | Method and apparatus for preventing data loss | |
| CN109587134B (en) | Method, apparatus, device and medium for secure authentication of interface bus | |
| KR20060044049A (en) | Security router system and method for authentication of the user who connects the system | |
| US7526793B2 (en) | Method for authenticating database connections in a multi-tier environment | |
| CN113726748A (en) | Video networking service control method and device, electronic equipment and storage medium | |
| RU2163745C2 (en) | Protective system for virtual channel of corporate network using authentication router and built around shared communication network channels and switching facilities | |
| Affia et al. | Securing an MQTT-based Traffic Light Perception System for Autonomous Driving | |
| CN117319088B (en) | Method, device, equipment and medium for blocking illegal external connection equipment | |
| CN117459763B (en) | Audio and video safety protection method, equipment and system based on dynamic arrangement |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |