CN114844693B - Lightweight communication data encryption method, device, equipment and storage medium - Google Patents
Lightweight communication data encryption method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114844693B CN114844693B CN202210451881.3A CN202210451881A CN114844693B CN 114844693 B CN114844693 B CN 114844693B CN 202210451881 A CN202210451881 A CN 202210451881A CN 114844693 B CN114844693 B CN 114844693B
- Authority
- CN
- China
- Prior art keywords
- encryption
- request
- lua
- reverse proxy
- response data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000004891 communication Methods 0.000 title claims abstract description 53
- 230000004044 response Effects 0.000 claims abstract description 63
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 47
- 230000002452 interceptive effect Effects 0.000 claims abstract description 6
- 238000004590 computer program Methods 0.000 claims description 9
- 230000003993 interaction Effects 0.000 claims description 5
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 19
- 230000008569 process Effects 0.000 description 8
- 238000007726 management method Methods 0.000 description 5
- 238000013473 artificial intelligence Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/2895—Intermediate processing functionally located close to the data provider application, e.g. reverse proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention relates to a data encryption technology, and discloses a lightweight communication data encryption method, which comprises the following steps: the method comprises the steps of obtaining encryption and decryption parameters sent by a client by utilizing a pre-constructed reverse proxy service, and intercepting an encryption request command sent by the client to a server; calling a LUA compiler to run a pre-built LUA file by utilizing a pre-set LUA interactive mode, and decrypting the encryption request command according to the encryption and decryption parameters by utilizing an encryption algorithm pre-set in the LUA file to obtain a plaintext request; analyzing the plaintext request to obtain a request target and request content, and sending the request content to a processor in a server according to the request target to obtain response data; symmetrically encrypting the response data by utilizing the encryption algorithm to obtain encrypted response data; and transmitting the encrypted response data to the client by using the reverse proxy service. The invention can increase the efficiency of software in developing and maintaining the data encryption function.
Description
Technical Field
The present invention relates to the field of data encryption technologies, and in particular, to a lightweight method, apparatus, device, and computer readable storage medium for encrypting communication data.
Background
Along with increasing importance of digital security, in each software development process, encryption modes of data transmission between a client and a server need to be considered, wherein the current data encryption modes are mainly to encrypt incoming and outgoing data by regulating and controlling various preset micro services through a gateway, but a functional framework of the gateway and the micro services needs to consume a great deal of time to build, the building process is difficult, and some small software development departments have difficulty in building own gateway framework, so that the software development efficiency is greatly reduced.
In addition, the updating speed of the encryption algorithm is high nowadays, so that each established encryption system needs to be maintained, updated or reconstructed, a large amount of development resources are consumed, and the software development efficiency is reduced. Thus, there is an urgent need for a callable lightweight communication data encryption service.
Disclosure of Invention
The invention provides a lightweight communication data encryption method, a lightweight communication data encryption device, lightweight communication data encryption equipment and a lightweight communication data encryption storage medium, which mainly aim to increase the efficiency of software in developing and maintaining a data encryption function by utilizing a lightweight data encryption component which can be directly called by an application.
In order to achieve the above object, the present invention provides a lightweight communication data encryption method, including:
the method comprises the steps of obtaining encryption and decryption parameters sent by a client by utilizing a pre-constructed reverse proxy service, and intercepting an encryption request command sent by the client to a server;
calling a LUA compiler to run a pre-built LUA file by utilizing a pre-set LUA interactive mode, and decrypting the encryption request command according to the encryption and decryption parameters by utilizing an encryption algorithm pre-set in the LUA file to obtain a plaintext request;
analyzing the plaintext request to obtain a request target and request content, and sending the request content to a processor in a server according to the request target to obtain response data;
symmetrically encrypting the response data by utilizing the encryption algorithm to obtain encrypted response data;
and transmitting the encrypted response data to the client by using the reverse proxy service.
Optionally, before the obtaining the encryption and decryption parameters sent by the client and intercepting the encryption request command sent by the client to the server, the method further includes:
acquiring a source code of a SM4 cryptographic algorithm, and compiling the source code by using a java editor to obtain a class file;
utilizing a pre-constructed links-generator script to carry out LUA binding on the class file to obtain a LUA file;
configuring the LUA file into a pre-constructed reverse proxy service, and packaging the configured reverse proxy service to obtain a reverse proxy service encryption component;
and loading the reverse proxy service encryption component onto the server by using an API (application program interface).
Optionally, the decrypting the encryption request command according to the encryption and decryption parameters by using an encryption algorithm preset in the LUA file to obtain a plaintext request includes:
interpreting the LUA file by using a JITLUA editor to obtain a machine code;
executing the machine instruction, and performing decryption operation based on a SM4 cryptographic algorithm on the encryption request command according to the encryption and decryption parameters to obtain a plaintext request.
Optionally, the parsing the plaintext request to obtain a request target and a request content includes:
analyzing the plaintext request to obtain a request message, and extracting a target field from the request message to obtain a request uniform resource locator;
and analyzing the request uniform resource locator to obtain a request target and request content.
Optionally, the symmetrically encrypting the response data by using the encryption algorithm to obtain encrypted response data includes:
grouping the response data according to the preset byte size to obtain a chunk set;
and taking the encryption and decryption parameters as a secret key, and performing 32-time cyclic encryption on each chunk in the chunk set by using a national encryption SM4 encryption algorithm to obtain encryption response data.
In order to solve the above-mentioned problem, the present invention also provides a lightweight communication data encryption apparatus, the apparatus comprising:
the data interception module is used for acquiring encryption and decryption parameters sent by the client by utilizing the pre-constructed reverse proxy service and intercepting an encryption request command sent by the client to the server;
the LUA script decryption module is used for calling a LUA compiler to run a pre-built LUA file by utilizing a pre-set LUA interaction mode, and decrypting the encryption request command according to the encryption and decryption parameters by utilizing an encryption algorithm pre-set in the LUA file to obtain a plaintext request;
the request forwarding module is used for analyzing the plaintext request to obtain a request target and request content, and sending the request content to a processor in a server according to the request target to obtain response data;
the LUA script encryption module is used for symmetrically encrypting the response data by utilizing the encryption algorithm to obtain encrypted response data;
and the response forwarding module is used for sending the encrypted response data to the client by utilizing the reverse proxy service.
Optionally, the parsing the plaintext request to obtain a request target and a request content includes:
analyzing the plaintext request to obtain a request message, and extracting a target field from the request message to obtain a request uniform resource locator;
and analyzing the request uniform resource locator to obtain a request target and request content.
Optionally, the decrypting the encryption request command according to the encryption and decryption parameters by using an encryption algorithm preset in the LUA file to obtain a plaintext request includes:
interpreting the LUA file by using a JITLUA editor to obtain a machine code;
executing the machine instruction, and performing decryption operation based on a SM4 cryptographic algorithm on the encryption request command according to the encryption and decryption parameters to obtain a plaintext request.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the lightweight communication data encryption method described above.
In order to solve the above-mentioned problems, the present invention also provides a computer-readable storage medium having stored therein at least one computer program that is executed by a processor in an electronic device to implement the lightweight communication data encryption method described above.
The embodiment of the invention utilizes a pre-constructed reverse proxy service to acquire an encryption request command sent by a client, and utilizes a preset LUA to interactively call a LUA compiler to execute the LUA file, wherein the reverse proxy service is a lightweight service written by a C language and has the functions of intercepting and forwarding the request; the LUA file is a file which encapsulates a C language encryption algorithm, and the LUA language is a lightweight language and can be called by a reverse proxy service; the embodiment of the invention utilizes a mode of combining reverse proxy service with LUA language to construct a lightweight scheme capable of encrypting communication data, obtains a command of sending an encryption request by a client, decrypts the command, sends a plaintext request to a processor to obtain response data, encrypts the response data to obtain encrypted response data, and finally sends the encrypted response data to the client. Therefore, the lightweight communication data encryption method, device, equipment and storage medium provided by the embodiment of the invention can increase the efficiency of software in developing and maintaining the data encryption function through one component which can be directly called by an application and used for lightweight data encryption.
Drawings
FIG. 1 is a flow chart of a lightweight communication data encryption method according to an embodiment of the present invention;
FIG. 2 is a detailed flowchart of a step in a lightweight encryption method for communication data according to an embodiment of the present invention;
FIG. 3 is a detailed flowchart illustrating a step in a lightweight encryption method for communication data according to an embodiment of the present invention;
FIG. 4 is a functional block diagram of a lightweight communications data encryption device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device implementing the lightweight communication data encryption method according to an embodiment of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides a lightweight communication data encryption method. In the embodiment of the present application, the execution body of the lightweight communication data encryption method includes, but is not limited to, at least one of a server, a terminal, and the like, which can be configured to execute the method provided in the embodiment of the present application. In other words, the lightweight communication data encryption method may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (ContentDelivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Referring to fig. 1, a flow chart of a lightweight communication data encryption method according to an embodiment of the invention is shown. In this embodiment, the lightweight communication data encryption method includes:
s1, acquiring encryption and decryption parameters sent by a client by utilizing a pre-constructed reverse proxy service, and intercepting an encryption request command sent by the client to a server.
In the embodiment of the invention, the reverse proxy service NGINX is a lightweight port service written in the C language, and can intercept an API interface to realize the functions of load balancing, reverse proxy and request filtering. It should be noted that the basic structure of the software is a client and a server. The reverse proxy service is configured on a server and used as a connection tie of the client and the server.
The embodiment of the invention utilizes the reverse proxy service to acquire the encryption and decryption parameters and the encryption request command sent by the client. The encryption and decryption parameters are 128-byte character strings of four groups of characters which are randomly generated by the client according to a specific strategy. The encryption request command refers to a character string after the client encrypts the request command of the user.
In detail, referring to fig. 2, in the embodiment of the present invention, before intercepting and analyzing a request command sent by a client to obtain a request target and a request content, the method further includes:
s11, acquiring a source code of a SM4 cryptographic algorithm of the national password, and compiling the source code by using a java editor to obtain a class file;
s12, utilizing a pre-constructed links-generator script to carry out LUA binding on the class file to obtain a LUA file;
s13, configuring the LUA file into a pre-constructed reverse proxy service, and packaging the configured reverse proxy service to obtain a reverse proxy service encryption component;
s14, loading the reverse proxy service encryption component to the server by using an API (application program interface).
The method comprises the steps that after a source code of the SM4 encryption algorithm of the national secret is obtained, the source code is converted into a java byte code form by using a java editor, and a class file (class file) is obtained;
furthermore, the LUA is a small script language and is constructed by a standard C language, has the characteristics of light weight and multi-platform executable, and is easy to be called by C/C++ functions and call the C/C++ functions.
Furthermore, the links-generator script grasps the initiative of generating tolua++ bridge codes, so that a large number of. Pkg and. H files can be saved, and custom codes can be better inserted.
In the embodiment of the invention, a class of bridging C++ is generated according to the class file by using a links-generator script, and then the class of bridging C++ is added into the project by using Xcode, and a preset bridging method is executed, so that the class of the national secret SM4 in the class file is registered into the LUA environment to obtain the LUA file (.lua file).
Then, the embodiment of the invention uses the C++ function in the NGINX to call the LUA file, so that the encryption function based on the SM4 cryptographic algorithm is expanded in the NGINX. And then, the configured reverse proxy service is encapsulated through an encapsulation tool to obtain a reverse proxy service encryption component, and the reverse proxy service encryption component is loaded onto the server by using an API interface.
In addition, in another embodiment of the present invention, the reverse proxy service encryption component may be used as a component in a zero development environment, and may be invoked by dragging during software development and maintenance.
S2, using a preset LUA interactive mode, calling a LUA compiler to run a preset LUA file, and decrypting the encryption request command according to the encryption and decryption parameters by using an encryption algorithm preset in the LUA file to obtain a plaintext request.
According to the embodiment of the invention, the LUA editor can be controlled through LUA-i interaction and the like in the LUA interaction mode, and the LUA file can be independently packaged and operated by other third-party tools.
In detail, in the embodiment of the present invention, the decrypting the encryption request command according to the encryption and decryption parameters by using an encryption algorithm preset in the LUA file to obtain a plaintext request includes:
interpreting the LUA file by using a JITLUA editor to obtain a machine code;
executing the machine instruction, and performing decryption operation based on a SM4 cryptographic algorithm on the encryption request command according to the encryption and decryption parameters to obtain a plaintext request.
The JIT (Just in time) LUA editor is a just-in-time compiling interpreter, and different from the JVM interpreter of the java virtual machine, the JIT LUA editor interprets the LUA file as a machine code and stores the machine code through a cache, so that when the LUA file needs to be executed next time, the machine code in the cache is directly called without re-interpretation, and the speed of the software data encryption process is greatly increased.
Further, the machine code (also called machine instructions) is a binary code that can be directly executed by a computer. The embodiment of the invention executes the machine instruction, and carries out decryption operation based on a national encryption SM4 algorithm on the encryption request command according to the encryption and decryption parameters to obtain a plaintext request.
The SM4 cryptographic algorithm is a symmetric encryption method, so that the encryption process is reversely calculated for 32 times according to the encryption and decryption parameters, and a plaintext request can be obtained. Because the SM4 cryptographic algorithm is a published algorithm, the specific encryption and decryption process is not described in detail here.
S3, analyzing the plaintext request to obtain a request target and request content, and sending the request content to a processor in a server according to the request target to obtain response data.
In detail, referring to fig. 3, in the embodiment of the present invention, the parsing the plaintext request to obtain a request target and a request content includes:
s31, segmenting the plaintext request, and extracting a target field from the plaintext request to obtain a request uniform resource locator;
s32, analyzing the request uniform resource locator to obtain a request target and request content.
The plaintext request is a request message and comprises a request row, a request head and a request body, wherein the request row comprises a request method, a request uniform resource locator, a protocol name and a version number.
The embodiment of the invention acquires a request uniform resource locator from the request head according to a specific target field, wherein the request uniform resource locator further comprises: hosts, paths, port numbers, query methods, etc.
The embodiment of the invention divides the data through format identification to obtain the request target and the request content.
S4, symmetrically encrypting the response data by utilizing the encryption algorithm to obtain encrypted response data.
The embodiment of the invention adopts the same process of decrypting the LUA script, and encrypts the response data by executing the LUA file.
In detail, in the embodiment of the present invention, the symmetrically encrypting the response data by using the encryption algorithm to obtain encrypted response data includes:
grouping the response data according to the preset byte size to obtain a chunk set;
and taking the encryption and decryption parameters as a secret key, and performing 32-time cyclic encryption on each chunk in the chunk set by using a national encryption SM4 encryption algorithm to obtain encryption response data.
According to the SM4 cryptographic algorithm rule, the embodiment of the invention divides the response data into 128 bytes into blocks, wherein each block is a 32-bit 4-word string. And then, carrying out 32-time circular encryption on the chunk set and the encryption and decryption parameters according to the encryption principle of the SM4 encryption algorithm of the national encryption to obtain encryption response data.
S5, the reverse proxy service is utilized to send the encryption response data to the client.
In the embodiment of the invention, the reverse proxy server is utilized to perform reverse proxy on the client, and the encrypted corresponding data is transmitted to the client.
The reverse proxy service can be used as network acceleration generally, and can be used as a front-end processor of a server to reduce the load of the network and the server and improve the information transmission efficiency.
The embodiment of the invention utilizes a pre-constructed reverse proxy service to acquire an encryption request command sent by a client, and utilizes a preset LUA to interactively call a LUA compiler to execute the LUA file, wherein the reverse proxy service is a lightweight service written by a C language and has the functions of intercepting and forwarding the request; the LUA file is a file which encapsulates a C language encryption algorithm, and the LUA language is a lightweight language and can be called by a reverse proxy service; the embodiment of the invention utilizes a mode of combining reverse proxy service with LUA language to construct a lightweight scheme capable of encrypting communication data, obtains a command of sending an encryption request by a client, decrypts the command, sends a plaintext request to a processor to obtain response data, encrypts the response data to obtain encrypted response data, and finally sends the encrypted response data to the client. Therefore, the lightweight communication data encryption method provided by the embodiment of the invention can increase the efficiency of software in developing and maintaining the data encryption function through the lightweight data encryption component which can be directly called by an application.
Fig. 4 is a functional block diagram of a lightweight communication data encryption device according to an embodiment of the present invention.
The lightweight communication data encryption device 100 of the present invention may be installed in an electronic apparatus. Depending on the functions implemented, the lightweight communication data encryption device 100 may include a data interception module 101, a LUA script decryption module 102, a request forwarding module 103, a LUA script encryption module 104, and a response forwarding module 105. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the data interception module 101 is configured to obtain encryption and decryption parameters sent by a client by using a pre-constructed reverse proxy service, and intercept an encryption request command sent by the client to a server;
the LUA script decryption module 102 is configured to use a preset LUA interaction to call a LUA compiler to run a preset LUA file, and decrypt the encryption request command according to the encryption and decryption parameters by using an encryption algorithm preset in the LUA file to obtain a plaintext request;
the request forwarding module 103 is configured to parse the plaintext request to obtain a request target and request content, and send the request content to a processor in a server according to the request target to obtain response data;
the LUA script encryption module 104 is configured to symmetrically encrypt the response data by using the encryption algorithm to obtain encrypted response data;
the response forwarding module 105 is configured to send the encrypted response data to the client using the reverse proxy service.
In detail, each module in the lightweight communication data encryption device 100 in the embodiment of the present application adopts the same technical means as the lightweight communication data encryption method described in fig. 1 to 3, and can produce the same technical effects, which are not described herein.
Fig. 5 is a schematic structural diagram of an electronic device for implementing a lightweight communication data encryption method according to an embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11, a communication bus 12 and a communication interface 13, and may further comprise a computer program, such as a lightweight communication data encryption program, stored in the memory 11 and executable on the processor 10.
The processor 10 may be formed by an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be formed by a plurality of integrated circuits packaged with the same function or different functions, including one or more central processing units (Central Processing Unit, CPU), a microprocessor, a digital processing chip, a graphics processor, a combination of various control chips, and so on. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various parts of the entire electronic device using various interfaces and lines, executes programs or modules stored in the memory 11 (for example, executes a lightweight communication data encryption program, etc.), and invokes data stored in the memory 11 to perform various functions of the electronic device and process data.
The memory 11 includes at least one type of readable storage medium including flash memory, a removable hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device, such as a mobile hard disk of the electronic device. The memory 11 may in other embodiments also be an external storage device of the electronic device, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device. The memory 11 may be used not only for storing application software installed in an electronic device and various types of data, such as codes of lightweight communication data encryption programs, but also for temporarily storing data that has been output or is to be output.
The communication bus 12 may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
The communication interface 13 is used for communication between the electronic device and other devices, including a network interface and a user interface. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), or alternatively a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.
Fig. 5 shows only an electronic device with components, it being understood by a person skilled in the art that the structure shown in fig. 5 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or may combine certain components, or may be arranged in different components.
For example, although not shown, the electronic device may further include a power source (such as a battery) for supplying power to the respective components, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device may further include various sensors, bluetooth modules, wi-Fi modules, etc., which are not described herein.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The lightweight communication data encryption program stored in the memory 11 of the electronic device 1 is a combination of instructions that, when executed in the processor 10, may implement:
the method comprises the steps of obtaining encryption and decryption parameters sent by a client by utilizing a pre-constructed reverse proxy service, and intercepting an encryption request command sent by the client to a server;
calling a LUA compiler to run a pre-built LUA file by utilizing a pre-set LUA interactive mode, and decrypting the encryption request command according to the encryption and decryption parameters by utilizing an encryption algorithm pre-set in the LUA file to obtain a plaintext request;
analyzing the plaintext request to obtain a request target and request content, and sending the request content to a processor in a server according to the request target to obtain response data;
symmetrically encrypting the response data by utilizing the encryption algorithm to obtain encrypted response data;
and transmitting the encrypted response data to the client by using the reverse proxy service.
In particular, the specific implementation method of the above instructions by the processor 10 may refer to the description of the relevant steps in the corresponding embodiment of the drawings, which is not repeated herein.
Further, the modules/units integrated in the electronic device 1 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
The present invention also provides a computer readable storage medium storing a computer program which, when executed by a processor of an electronic device, can implement:
the method comprises the steps of obtaining encryption and decryption parameters sent by a client by utilizing a pre-constructed reverse proxy service, and intercepting an encryption request command sent by the client to a server;
calling a LUA compiler to run a pre-built LUA file by utilizing a pre-set LUA interactive mode, and decrypting the encryption request command according to the encryption and decryption parameters by utilizing an encryption algorithm pre-set in the LUA file to obtain a plaintext request;
analyzing the plaintext request to obtain a request target and request content, and sending the request content to a processor in a server according to the request target to obtain response data;
symmetrically encrypting the response data by utilizing the encryption algorithm to obtain encrypted response data;
and transmitting the encrypted response data to the client by using the reverse proxy service.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms first, second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.
Claims (8)
1. A lightweight method of encrypting communication data, the method comprising:
configuring a pre-constructed LUA file into a pre-constructed reverse proxy service, packaging the configured reverse proxy service to obtain a reverse proxy service encryption component, loading the reverse proxy service encryption component onto a server by using an API (application program interface), acquiring encryption and decryption parameters sent by a client by using the reverse proxy service, and intercepting an encryption request command sent to the server by the client;
using a preset LUA interactive mode, calling a LUA compiler to run the LUA file, and decrypting the encryption request command according to the encryption and decryption parameters by using an encryption algorithm preset in the LUA file to obtain a plaintext request, wherein the method comprises the following steps: interpreting the LUA file by using a JIT LUA editor to obtain a machine code, executing the machine code, and performing decryption operation based on a national encryption SM4 algorithm on the encryption request command according to the encryption and decryption parameters to obtain the plaintext request;
analyzing the plaintext request to obtain a request target and request content, and sending the request content to a processor in a server according to the request target to obtain response data;
symmetrically encrypting the response data by utilizing the encryption algorithm to obtain encrypted response data;
and transmitting the encrypted response data to the client by using the reverse proxy service.
2. The lightweight method of encrypting communication data according to claim 1, wherein prior to said configuring the pre-built LUA file into the pre-built reverse proxy service, the method further comprises:
acquiring a source code of a SM4 cryptographic algorithm, and compiling the source code by using a java editor to obtain a class file;
and carrying out LUA binding on the class file by utilizing a pre-constructed links-generator script to obtain the LUA file.
3. The lightweight communication data encryption method according to claim 1, wherein said parsing said plaintext request to obtain a request target and a request content comprises:
analyzing the plaintext request to obtain a request message, and extracting a target field from the request message to obtain a request uniform resource locator;
and analyzing the request uniform resource locator to obtain a request target and request content.
4. The lightweight communication data encryption method as set forth in claim 1, wherein said symmetrically encrypting the response data using the encryption algorithm to obtain encrypted response data, comprising:
grouping the response data according to the preset byte size to obtain a chunk set;
and taking the encryption and decryption parameters as a secret key, and performing 32-time cyclic encryption on each chunk in the chunk set by using a national encryption SM4 encryption algorithm to obtain encryption response data.
5. A lightweight communications data encryption device, the device comprising:
the data interception module is used for configuring a pre-built LUA file into a pre-built reverse proxy service, packaging the configured reverse proxy service to obtain a reverse proxy service encryption component, loading the reverse proxy service encryption component onto a server by using an API interface, acquiring encryption and decryption parameters sent by a client by using the reverse proxy service, and intercepting an encryption request command sent to the server by the client;
the LUA script decryption module is configured to use a preset LUA interaction to call a LUA compiler to run the LUA file, and decrypt the encryption request command according to the encryption and decryption parameters by using an encryption algorithm preset in the LUA file to obtain a plaintext request, where the method includes: interpreting the LUA file by using a JIT LUA editor to obtain a machine code, executing the machine code, and performing decryption operation based on a national encryption SM4 algorithm on the encryption request command according to the encryption and decryption parameters to obtain the plaintext request;
the request forwarding module is used for analyzing the plaintext request to obtain a request target and request content, and sending the request content to a processor in a server according to the request target to obtain response data;
the LUA script encryption module is used for symmetrically encrypting the response data by utilizing the encryption algorithm to obtain encrypted response data;
and the response forwarding module is used for sending the encrypted response data to the client by utilizing the reverse proxy service.
6. The lightweight communications data encryption device of claim 5, wherein said parsing the plaintext request to obtain a request target and request content includes:
analyzing the plaintext request to obtain a request message, and extracting a target field from the request message to obtain a request uniform resource locator;
and analyzing the request uniform resource locator to obtain a request target and request content.
7. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the lightweight communication data encryption method as set forth in any one of claims 1 to 4.
8. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the lightweight communication data encryption method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210451881.3A CN114844693B (en) | 2022-04-27 | 2022-04-27 | Lightweight communication data encryption method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210451881.3A CN114844693B (en) | 2022-04-27 | 2022-04-27 | Lightweight communication data encryption method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114844693A CN114844693A (en) | 2022-08-02 |
| CN114844693B true CN114844693B (en) | 2024-03-26 |
Family
ID=82567746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210451881.3A Active CN114844693B (en) | 2022-04-27 | 2022-04-27 | Lightweight communication data encryption method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114844693B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115941352B (en) * | 2022-12-29 | 2024-03-19 | 电子科技大学 | Information security interaction method and device based on big data, electronic equipment and storage medium |
Citations (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580086A (en) * | 2013-10-17 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Information transmission method, client side, server and system |
| US9076004B1 (en) * | 2014-05-07 | 2015-07-07 | Symantec Corporation | Systems and methods for secure hybrid third-party data storage |
| CN107613005A (en) * | 2017-09-20 | 2018-01-19 | 携程旅游信息技术(上海)有限公司 | Reverse proxy method and device, electronic equipment, storage medium |
| CN107742081A (en) * | 2017-09-04 | 2018-02-27 | 京江南数娱(北京)科技有限公司 | Encryption and decryption approaches, device, storage medium and processor |
| CN109067803A (en) * | 2018-10-10 | 2018-12-21 | 深信服科技股份有限公司 | A kind of SSL/TLS encryption and decryption communication means, device and equipment |
| CN109088764A (en) * | 2018-08-15 | 2018-12-25 | 郑州悉知信息科技股份有限公司 | Access request processing method and relevant device |
| CN109992987A (en) * | 2017-12-29 | 2019-07-09 | 深圳市融汇通金科技有限公司 | Script file guard method, device and terminal device based on Nginx |
| CN110311892A (en) * | 2019-05-23 | 2019-10-08 | 视联动力信息技术股份有限公司 | A kind of data capture method and server |
| CN111125653A (en) * | 2019-12-18 | 2020-05-08 | 紫光云(南京)数字技术有限公司 | High-concurrency unified authentication method based on Nginx and Redis |
| CN111666514A (en) * | 2020-04-28 | 2020-09-15 | 平安科技(深圳)有限公司 | Data processing method and device for realizing cross-domain request at webpage end and related equipment |
| CN111698334A (en) * | 2020-06-24 | 2020-09-22 | 昆明东电科技有限公司 | Network service method and system of dual reverse proxy between intranet and extranet |
| CN111740872A (en) * | 2020-05-06 | 2020-10-02 | 北京百度网讯科技有限公司 | Message passing test method and device, electronic equipment and storage medium |
| CN111984289A (en) * | 2020-07-31 | 2020-11-24 | 广州市百果园信息技术有限公司 | Service updating method, device, equipment and storage medium |
| US10887348B1 (en) * | 2017-08-04 | 2021-01-05 | Amazon Technologies, Inc. | Detection of network traffic interception |
| CN112448858A (en) * | 2021-02-01 | 2021-03-05 | 腾讯科技(深圳)有限公司 | Network communication control method and device, electronic equipment and readable storage medium |
| CN112910947A (en) * | 2020-12-31 | 2021-06-04 | 南京联创互联网技术有限公司 | Lua-based high-concurrency current-limiting second killing technology |
| CN113220296A (en) * | 2021-05-08 | 2021-08-06 | 上海数禾信息科技有限公司 | Android system interaction method and device |
| CN113452780A (en) * | 2021-06-26 | 2021-09-28 | 未鲲(上海)科技服务有限公司 | Access request processing method, device, equipment and medium for client |
| CN114221784A (en) * | 2021-11-12 | 2022-03-22 | 招银云创信息技术有限公司 | Data transmission method and computer equipment |
| CN114285659A (en) * | 2021-12-28 | 2022-04-05 | 深圳市酷开网络科技股份有限公司 | Reverse proxy method, device, equipment and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050251856A1 (en) * | 2004-03-11 | 2005-11-10 | Aep Networks | Network access using multiple authentication realms |
| US8245287B2 (en) * | 2007-10-01 | 2012-08-14 | Viasat, Inc. | Server message block (SMB) security signatures seamless session switch |
| US9137222B2 (en) * | 2012-10-31 | 2015-09-15 | Vmware, Inc. | Crypto proxy for cloud storage services |
-
2022
- 2022-04-27 CN CN202210451881.3A patent/CN114844693B/en active Active
Patent Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580086A (en) * | 2013-10-17 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Information transmission method, client side, server and system |
| US9076004B1 (en) * | 2014-05-07 | 2015-07-07 | Symantec Corporation | Systems and methods for secure hybrid third-party data storage |
| US10887348B1 (en) * | 2017-08-04 | 2021-01-05 | Amazon Technologies, Inc. | Detection of network traffic interception |
| CN107742081A (en) * | 2017-09-04 | 2018-02-27 | 京江南数娱(北京)科技有限公司 | Encryption and decryption approaches, device, storage medium and processor |
| CN107613005A (en) * | 2017-09-20 | 2018-01-19 | 携程旅游信息技术(上海)有限公司 | Reverse proxy method and device, electronic equipment, storage medium |
| CN109992987A (en) * | 2017-12-29 | 2019-07-09 | 深圳市融汇通金科技有限公司 | Script file guard method, device and terminal device based on Nginx |
| CN109088764A (en) * | 2018-08-15 | 2018-12-25 | 郑州悉知信息科技股份有限公司 | Access request processing method and relevant device |
| CN109067803A (en) * | 2018-10-10 | 2018-12-21 | 深信服科技股份有限公司 | A kind of SSL/TLS encryption and decryption communication means, device and equipment |
| CN110311892A (en) * | 2019-05-23 | 2019-10-08 | 视联动力信息技术股份有限公司 | A kind of data capture method and server |
| CN111125653A (en) * | 2019-12-18 | 2020-05-08 | 紫光云(南京)数字技术有限公司 | High-concurrency unified authentication method based on Nginx and Redis |
| CN111666514A (en) * | 2020-04-28 | 2020-09-15 | 平安科技(深圳)有限公司 | Data processing method and device for realizing cross-domain request at webpage end and related equipment |
| WO2021218018A1 (en) * | 2020-04-28 | 2021-11-04 | 平安科技(深圳)有限公司 | Data processing method and apparatus for implementing cross-domain request at webpage end, and related device |
| CN111740872A (en) * | 2020-05-06 | 2020-10-02 | 北京百度网讯科技有限公司 | Message passing test method and device, electronic equipment and storage medium |
| CN111698334A (en) * | 2020-06-24 | 2020-09-22 | 昆明东电科技有限公司 | Network service method and system of dual reverse proxy between intranet and extranet |
| CN111984289A (en) * | 2020-07-31 | 2020-11-24 | 广州市百果园信息技术有限公司 | Service updating method, device, equipment and storage medium |
| CN112910947A (en) * | 2020-12-31 | 2021-06-04 | 南京联创互联网技术有限公司 | Lua-based high-concurrency current-limiting second killing technology |
| CN112448858A (en) * | 2021-02-01 | 2021-03-05 | 腾讯科技(深圳)有限公司 | Network communication control method and device, electronic equipment and readable storage medium |
| CN113220296A (en) * | 2021-05-08 | 2021-08-06 | 上海数禾信息科技有限公司 | Android system interaction method and device |
| CN113452780A (en) * | 2021-06-26 | 2021-09-28 | 未鲲(上海)科技服务有限公司 | Access request processing method, device, equipment and medium for client |
| CN114221784A (en) * | 2021-11-12 | 2022-03-22 | 招银云创信息技术有限公司 | Data transmission method and computer equipment |
| CN114285659A (en) * | 2021-12-28 | 2022-04-05 | 深圳市酷开网络科技股份有限公司 | Reverse proxy method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 面向CryptDB的用户身份验证方案;薛金红;田秀霞;宋谦;田福粮;;上海电力大学学报;20200415(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114844693A (en) | 2022-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107682159B (en) | Trusted application management method and trusted application management system of intelligent terminal | |
| CN103403731B (en) | The data encryption treating apparatus of cloud storage system and method | |
| CN110414190B (en) | Signature method of application installation package, related device, storage medium and electronic equipment | |
| CN107292197B (en) | Data encryption method, data decryption method, encryption device and decryption device | |
| WO2020119037A1 (en) | Identity authentication configuration method and device and computer readable storage medium | |
| CN114124502B (en) | Message transmission method, device, equipment and medium | |
| CN114844693B (en) | Lightweight communication data encryption method, device, equipment and storage medium | |
| CN106127059A (en) | The realization of credible password module and method of servicing on a kind of ARM platform | |
| US7281132B2 (en) | Using token-based signing to install unsigned binaries | |
| CN111144878B (en) | Instruction generation method and instruction generation device | |
| CN110662089A (en) | Bullet screen receiving and processing method, storage medium, electronic equipment and system | |
| CN111488169A (en) | Method and device for hot updating of application program, storage medium and electronic equipment | |
| CN114553532A (en) | Data secure transmission method and device, electronic equipment and storage medium | |
| CN109769010B (en) | Method, device, equipment and storage medium for accessing CloudStack server based on SDK | |
| CN112463414B (en) | Multi-client data interaction method and device, electronic equipment and storage medium | |
| CN113221154A (en) | Service password obtaining method and device, electronic equipment and storage medium | |
| CN116070240A (en) | Data encryption processing method and device of multi-chip calling mechanism | |
| CN109408085A (en) | Upgrade method, device, system and the storage medium of hardware wallet | |
| CN113918517A (en) | Multi-type file centralized management method, device, equipment and storage medium | |
| CN112540839B (en) | Information changing method, device, electronic equipment and storage medium | |
| CN113489723A (en) | Data transmission method, system, computer device and storage medium | |
| CN116488931B (en) | Information interaction method and device based on distributed networking equipment | |
| CN108427559B (en) | Script file generation and calling method and device | |
| CN112181308A (en) | Block chain based distributed data storage method and electronic equipment | |
| CN115941352B (en) | Information security interaction method and device based on big data, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |