CN114866309B - Data transmission method, system, equipment and medium - Google Patents
Data transmission method, system, equipment and medium Download PDFInfo
- Publication number
- CN114866309B CN114866309B CN202210460427.4A CN202210460427A CN114866309B CN 114866309 B CN114866309 B CN 114866309B CN 202210460427 A CN202210460427 A CN 202210460427A CN 114866309 B CN114866309 B CN 114866309B
- Authority
- CN
- China
- Prior art keywords
- encryption
- data
- gateway
- request data
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 230000005540 biological transmission Effects 0.000 title claims abstract description 50
- 230000015556 catabolic process Effects 0.000 claims description 22
- 238000006731 degradation reaction Methods 0.000 claims description 22
- 230000008569 process Effects 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 10
- 230000006854 communication Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000003032 molecular docking Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a data transmission method, a system, electronic equipment and a computer readable storage medium, wherein the method comprises the following steps: acquiring request data of a user side; if the state of the request data is in a non-encryption state, the request data is sent to a background terminal, and if the state of the request data is in an encryption state, the request data is decrypted according to an encryption mode, and then the decrypted request data is sent to the background terminal; and acquiring the return data generated by the background terminal based on the request data, processing the return data based on a preset encryption rule, and then sending the processed return data to the user terminal. By the mode, data can be encrypted, and safety is improved.
Description
Technical Field
The present invention relates to data transmission, and more particularly, to a data transmission method, system, electronic device, and computer-readable storage medium.
Background
In the current data transmission process in network communication, full plaintext transmission is generally adopted, so that data transmission is not safe enough.
Disclosure of Invention
The invention aims to provide a data transmission method, a system, electronic equipment and a computer readable storage medium, which can encrypt, decrypt and manage transmission data so that the data transmission is safer.
In order to achieve the above purpose, the technical solution adopted in the embodiment of the present application is as follows:
in a first aspect, an embodiment of the present application provides a data transmission method, where the method is applied to a gateway, and the method includes:
acquiring request data of a user side;
if the state of the request data is in a non-encryption state, the request data is sent to a background terminal, and if the state of the request data is in an encryption state, the request data is decrypted in an encryption mode, and then the decrypted request data is sent to the background terminal;
and acquiring the return data generated by the background terminal based on the request data, processing the return data based on a preset encryption rule, and then sending the processed return data to the user terminal.
In an alternative embodiment, the preset encryption rule includes an encryption switch, the encryption mode and an encryption degree;
the step of processing the returned data based on the preset encryption rule and then sending the processed returned data to the user side comprises the following steps:
if the encryption switch is on and the encryption degree is not allowable data degradation, encrypting the returned data by using the encryption mode and then sending the encrypted returned data to the user side;
if the encryption switch is on and the encryption level is such that data degradation is allowed,
the returned data is sent to the user side after being subjected to non-encryption processing; or (b)
When the encryption mode is used for encrypting the return data, the return data is sent to the user side after being subjected to non-encryption processing;
and if the encryption switch is off, sending the returned data to the user terminal after non-encryption processing.
In an optional embodiment, before the obtaining the return data of the background end, processing the return data based on a preset encryption rule, and sending the processed return data to the user end, the method further includes:
acquiring the encryption switch and the encryption degree sent by the management end based on the cache service;
the encryption switch comprises an on or off state;
and reading the pre-configured encryption mode.
In a second aspect, an embodiment of the present application provides a data transmission method, where the method is applied to a user side, and the method includes:
transmitting request data to a gateway, so that the gateway transmits the request data to a background end when the state of the request data is an unencrypted state, and decrypts the request data according to an encryption mode and transmits the request data to the background end when the state of the request data is an encrypted state;
and receiving the return data processed by the gateway based on the preset encryption rule.
In an alternative embodiment, the client includes configuration information, where the configuration information indicates whether the request data needs to be encrypted and a corresponding encryption mode;
the sending request data to the gateway includes:
if the configuration information indicates that the request data needs to be encrypted, the data is encrypted according to a corresponding encryption mode and then sent to a gateway;
and if the configuration information indicates that the request data does not need to be encrypted, the request data is sent to a gateway.
In a third aspect, an embodiment of the present application provides a data transmission method, where the method is applied to a background end, and the method includes:
acquiring request data sent by the gateway, wherein the request data is obtained directly after the request data sent by a user terminal is acquired by the gateway or is obtained after the request data sent by the user terminal is acquired by the gateway and then decrypted in an encryption mode;
and generating return data based on the request data, and sending the return data to the gateway so that the gateway processes the return data based on a preset encryption rule and then sends the processed return data to the user side.
In a fourth aspect, embodiments of the present application provide a data transmission system, including:
the user end is used for sending request data;
the gateway is used for receiving the request data, sending the request data to the background end when the state of the request data is an unencrypted state, decrypting the request data according to an encryption mode when the state of the request data is an encrypted state, and sending the request data to the background end;
the background terminal is used for receiving the request data sent by the gateway and generating return data based on the request data;
the gateway is also used for processing the returned data based on a preset encryption rule after receiving the returned data and sending the processed returned data to the user side.
In an alternative embodiment, the preset encryption rule includes an encryption switch, an encryption mode and an encryption degree; the data transmission system also comprises a management end;
the management end is used for sending the encryption switch to the gateway;
the management end is also used for responding to the input information, setting the encryption switch to be on or off based on the input information, and/or configuring the encryption mode and the encryption degree based on the input information.
In an optional embodiment, the management end is further configured to send configuration information to the user end; and the user terminal processes the request information based on the configuration information.
In a fifth aspect, an embodiment of the present application provides an electronic device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the data transmission method when executing the computer program.
In a sixth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the data transmission method.
The application has the following beneficial effects:
the gateway is utilized to decrypt the request data of the user terminal, the gateway is utilized to realize that the return data sent by the background terminal is processed according to the preset encryption rule and then is sent to the user terminal, so that the encryption and decryption of the data can be realized, the data security is effectively improved (because the encryption of the data transmission is mainly carried out between the client terminal and the gateway), and compared with the mode that the encryption and decryption are realized by matching the user terminal and the background terminal, the gateway is utilized to realize independent configuration effectively, the code of the main part of the program (namely the user terminal and the background terminal) is not required to be modified, and the encryption mode is required to be modified or whether encryption is required to be determined or not is realized through the gateway. That is, the main part of the program is not required to be restarted, and the configuration of the gateway is only required to be modified appropriately.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic block diagram of an electronic device according to an embodiment of the present invention;
fig. 2 is a block diagram of a data transmission system according to an embodiment of the present invention;
fig. 3 is a flowchart of a data transmission method according to an embodiment of the present invention;
FIG. 4 is a second flowchart illustrating a data transmission method according to an embodiment of the present invention;
fig. 5 is a third flowchart of a data transmission method according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
In the description of the present invention, it should be noted that, if the terms "upper", "lower", "inner", "outer", and the like indicate an azimuth or a positional relationship based on the azimuth or the positional relationship shown in the drawings, or the azimuth or the positional relationship in which the inventive product is conventionally put in use, it is merely for convenience of describing the present invention and simplifying the description, and it is not indicated or implied that the system or element referred to must have a specific azimuth, be configured and operated in a specific azimuth, and thus should not be construed as limiting the present invention.
Furthermore, the terms "first," "second," and the like, if any, are used merely for distinguishing between descriptions and not for indicating or implying a relative importance.
In the description of the present application, it should also be noted that, unless explicitly specified and limited otherwise, the terms "disposed," "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the terms in this application will be understood by those of ordinary skill in the art in a specific context.
In the current data transmission process of network communication, a plaintext communication mode is generally directly adopted, so that the security of the whole communication process is poor.
In some existing encryption programs, encryption and decryption are generally realized by matching a background end and a user end, so that on one hand, the whole process is encrypted and can not be switched at any time, and on the other hand, the encryption mode is single, so that the security is insufficient, and after the encoding is finished, if the encryption mode is switched or whether the encryption is switched, the code is required to be reconstructed, so that the main part of the program is required to be updated.
In view of the above-mentioned problems, the present embodiment provides a data transmission method, system, electronic device and computer readable storage medium, which can achieve the effects of the scheme, and the scheme provided in the present embodiment is described in detail below.
The embodiment provides an electronic device capable of data transmission. In one possible implementation, the electronic device may be a user terminal, for example, the electronic device may be, but is not limited to, a server, a smart phone, a personal computer (PersonalComputer, PC), a tablet, a personal digital assistant (Personal Digital Assistant, PDA), a mobile internet device (Mobile Internet Device, MID), an image acquisition system, and the like.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an electronic device 100 according to an embodiment of the disclosure. The electronic device 100 may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
The electronic device 100 includes a data transmission system 200, a memory 120, and a processor 130.
The memory 120 and the processor 130 are electrically connected directly or indirectly to each other to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The data transmission system 200 includes at least one software function module that may be stored in the memory 120 in the form of software or firmware (firmware) or cured in an Operating System (OS) of the electronic device 100. The processor 130 is configured to execute executable modules stored in the memory 120, such as software functional modules and computer programs included in the data transmission system 200.
The Memory 120 may be, but is not limited to, a random access Memory (RandomAccess Memory, RAM), a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable Read Only Memory (Erasable ProgrammableRead-Only Memory, EPROM), an electrically erasable Read Only Memory (Electric Erasable ProgrammableRead-Only Memory, EEPROM), etc. The memory 120 is configured to store a program, and the processor 130 executes the program after receiving an execution instruction.
Referring to fig. 2, an embodiment of a data transmission system 200 is provided, where the data transmission system 200 specifically includes a client 210, a gateway 220, and a background 230.
The client 210 may specifically be an APP, a web, or a WeChat applet, which are not limited herein. The backend 230 may also be referred to as a server side, a database side, etc., and is not limited herein. The gateway 220 is mainly used as a relay end, and can be used for receiving and forwarding data and processing data. And optionally gateway 220 may implement configuration independent of user side 210 and backend 230.
The client 210 may be specifically configured to send the request data, that is, the request data is sent to the gateway 220 first, where the state of the request data may be an encrypted state or an unencrypted state, which is not limited herein.
Gateway 220 is configured to receive the request data sent by client 210 and perform a corresponding operation based on the status of the request data.
In an alternative embodiment, when the state of the request data is in the unencrypted state, the gateway 220 may send the request data directly to the backend 230. That is, if the request data itself is in an unencrypted state, the request data need not be directly sent to the backend 230 without any processing.
In an alternative embodiment, when the state of the request data is an encrypted state, the gateway 220 needs to decrypt the request data in an encrypted manner and then send the decrypted request data to the backend 230.
The background 230 is configured to receive the request data sent from the gateway 220, then generate return data based on the request data 210, and send the return data to the gateway 220, and then the gateway 220 is further configured to process the return data based on a preset encryption rule and send the processed return data to the client 210, thereby completing communication of a data request.
In the above embodiment, the gateway 220 is used to decrypt the request data of the user terminal, and the gateway 220 is used to process the return data sent by the background terminal 230 according to the preset encryption rule, which not only can realize the transmission of encryption and decryption of the data, but also can effectively improve the security of the data (because the disclosure of the transmission of the data is mainly between the client terminal 210 and the gateway 220), and compared with the manner of matching the encryption and decryption with the user terminal 210 and the background terminal 230, the gateway 220 is used to effectively realize independent configuration without modifying the code of the main part of the program (i.e. the user terminal 210 and the background terminal 230), and can be realized by the gateway 220 if the encryption manner needs to be modified or whether encryption is determined. I.e. without restarting the main part of the program, only the configuration of the gateway 220 needs to be modified appropriately.
In an alternative embodiment, the data transmission system 200 further includes a management end 240, where the management end 240 may be specifically configured to configure the gateway 220, that is, specifically configure the preset encryption rule of the gateway 220.
In an alternative embodiment, the preset encryption rules include encryption switch, encryption mode and encryption degree.
The encryption switch specifically includes on or off, and the encryption mode may be, for example, encryption implemented by using AES, RSA/ECC, diffie-hellman, SHA-1/SHA-256, or encryption implemented by other algorithms, which is not limited herein. The encryption level then includes in particular allowing data degradation and not allowing data degradation.
In an alternative embodiment, the management end 240 may be configured to send the encryption switch to the gateway 220, i.e. may control the gateway 220 to turn the encryption switch on or off, which corresponds to turning the encryption switch on or off. In other embodiments, the management end 240 may also send the encryption manner and the encryption degree to the gateway 220 by using a cache service (such as redis), so as to complete the configuration of the gateway 220.
In other embodiments, the encryption mode and the encryption degree and the encryption switch may be stored in the cache service in advance, and after the gateway 220 is started, the gateway 220 may read the encryption mode and the encryption degree and the encryption switch from the cache service as its own configuration.
In other embodiments, the management end 240 may be further provided with a docking station correspondingly, that is, the management end 240 may implement an external input response through the docking station. Optionally, the management terminal 240 may respond to the input information (information input by the user or the management engineer), and set the encryption switch to be on or off based on the input information, and/or configure the encryption mode and the encryption degree based on the input information, such as adding different encryption modes, etc. That is, the user or the management engineer can use the management end 240 to implement configuration and modification of the preset encryption rule, and further can synchronize to the gateway 220, so that the encryption mode of the gateway 220 can be replaced, or whether the whole data communication process needs encryption or not is controlled.
In the above embodiment, by setting the management end 240, the configuration of the preset encryption rule of the gateway 220 can be implemented, so that the encryption mode, whether encryption is performed or not, etc. of the whole communication process can be effectively controlled, so that the whole communication process is more intelligent, and the operability of the communication process is improved.
Referring to fig. 3, fig. 3 is a flowchart of a first embodiment of a data transmission method applied to the electronic device 100 of fig. 1, where the flowchart is specifically applicable to a gateway, and the method includes steps described in detail below.
S11, acquiring request data of a user side.
The request data sent by the user terminal is obtained, and the request data may specifically be data request data, etc., where the request mode may be get mode or post mode, which is not limited herein.
And S12, if the state of the request data is in a non-encrypted state, the request data is sent to the background, and if the state of the request data is in an encrypted state, the request data is decrypted according to an encryption mode, and then the decrypted request data is sent to the background.
And if the state of the request data is in a non-encryption state, sending the request data to a background terminal, and if the state of the request data is in an encryption state, decrypting the request data according to an encryption mode, and then sending the decrypted request data to the background terminal.
In an alternative embodiment, if the requested data is encrypted, then its bytes have a fixed arrangement format based on the encryption scheme, such as a ciphertext with a portion of the bytes being the actual data, a portion of the bytes representing the encryption scheme, etc., so that gateway 220 can determine whether it is encrypted and the encryption scheme, and then decrypt its requested data with the corresponding encryption scheme.
Alternatively, the encryption method mentioned in the present application may not only relate to encryption, but also a binding rule formed by an encryption process and a decryption process generated based on the same encryption algorithm, and may also be a rule including only the encryption process, which is not limited herein.
I.e., the request data, after passing through gateway 220, will all become request data in plain text format.
S13, obtaining the return data generated by the background terminal based on the request data, processing the return data based on a preset encryption rule, and then sending the processed return data to the user terminal.
The back-end 230 may then obtain the return data generated based on the request data, where the return data corresponds to the request data, and if the request data is the data request data, the return data may be the corresponding query data, and if the return data is the login request data, the return data may be the corresponding key or result, which is not limited herein.
Optionally, the return data is plaintext data.
Optionally, the gateway 220 may also obtain the encryption switch and the encryption degree sent by the management end 240 based on the cache service; and using the read pre-configured encryption scheme.
In an alternative embodiment, the gateway 220 processes the returned data based on the preset encryption rule and then sends the processed returned data to the client 210, and performs different processes based on different preset encryption rules, which is specifically the following multiple cases:
in an alternative embodiment, if the encryption switch is on and the encryption degree is not allowable data degradation, the return data is encrypted by using an encryption manner and then sent to the client. And if encryption fails, then either an attempt is made to re-encrypt or an error is sent to the backend 230 or the management side 240.
In an alternative embodiment, if the encryption switch is on and the encryption degree is that data degradation is allowed, the returned data may be sent to the client after being subjected to non-encryption processing, that is, the returned data may be directly sent to the client 210 without any processing. Or the return data may be encrypted by an encryption method, and if the return data is encrypted by an encryption method, the return data may be sent to the client 210 after being unencrypted, that is, the return data in the plaintext may be directly sent to the client 210.
In an alternative embodiment, if the encryption switch is turned off, the returned data is sent to the client 210 after being subjected to non-encryption processing.
If the encryption switch is off, then no additional processing of the return data is required, only forwarding the forwarding data to the client 210.
Referring to fig. 4, fig. 4 is a flowchart of a second embodiment of a data transmission method applied to the electronic device 100 of fig. 1, where the flowchart may be specifically applied to the client 210, and the method includes steps described in detail below.
S21, sending the request data to the gateway so that the gateway can send the request data to the background end when the state of the request data is in a non-encrypted state, and decrypting the request data according to an encryption mode and sending the decrypted request data to the background end when the state of the request data is in an encrypted state.
The request data is sent to the gateway 220, so that the gateway 220 sends the request data to the backend 230 when the state of the request data is in an unencrypted state, and decrypts the request data according to an encryption mode when the state of the request data is in an encrypted state, and then sends the decrypted request data to the backend 230.
The ue 210 further includes configuration information, where the configuration information indicates whether the request data needs to be encrypted and the corresponding encryption mode.
In an alternative embodiment, the configuration information may be specifically sent by the management end 240 to the client 210. For example, the management terminal 240 may directly send the configuration information to the client 210, or the management terminal 240 may send the configuration information to the client 210 through the gateway 220, which is not limited herein.
Alternatively, the configuration information may be directly pre-stored in the client 210, or may be read from the cache service or the management terminal 240 after the start-up, which is not limited herein.
In other embodiments, the configuration information may also be returned during the last request of data, specifically, when the gateway 220 returns the last returned data, the gateway 220 further notifies the caching service to send the configuration information to the client 210, so that the client 210 may update the configuration information. The configuration information indicates whether the request data needs to be encrypted, which may be whether the next request data after the ue 210 receives the configuration information is encrypted, or whether all the request data after the ue 210 receives the configuration information is encrypted, which is not limited herein.
Thus, sending request data to gateway 220 specifically includes the following two cases:
in an alternative embodiment, if the configuration information indicates that the requested data needs to be encrypted, the data is encrypted according to the corresponding encryption method and then sent to the gateway 220.
In an alternative embodiment, the request data is sent to gateway 220 if the configuration information indicates that the request data does not need to be encrypted.
Similarly, if the encryption implemented by the gateway 220 is the encryption implemented by the client 220, the formats are similar, and the cipher text with partial bytes representing the actual data, the encryption mode with partial bytes representing the encryption, etc.
In an alternative embodiment, both the encrypted request data and the return data may be presented in a fixed json format.
S22, the receiving gateway 220 processes the return data based on the preset encryption rule.
The specific steps of the method are described in detail, and are not described in detail here.
Referring to fig. 5, fig. 5 is a flowchart of a second embodiment of a data transmission method applied to the electronic device 100 of fig. 1, where the flowchart may be specifically applied to the backend 230, and the method includes various steps described in detail below.
S31, acquiring the request data sent by the gateway, wherein the request data is obtained directly after the request data sent by the user terminal is acquired by the gateway or is obtained after the request data sent by the user terminal is acquired by the gateway and then decrypted in an encryption mode.
Optionally, the background 230 obtains the request data sent by the gateway 220, and the request data is obtained directly after the request data sent by the user 210 is obtained through the gateway 220, or is obtained after the request data sent by the user 210 is obtained through the gateway 220 and then decrypted in an encryption manner.
The specific steps are described in detail above, and are not repeated here.
S32, generating return data based on the request data, and sending the return data to the gateway so that the gateway processes the return data based on a preset encryption rule and then sends the processed return data to the user side.
Optionally, the backend 230 further generates the return data based on the request data, and sends the return data to the gateway 220, so that the gateway 220 processes the return data based on the preset encryption rule and sends the processed return data to the client 210.
The specific steps are described in detail above, and are not repeated here.
In summary, the present application uses the gateway 220 to decrypt the request data of the user terminal, and uses the gateway 220 to implement that the return data sent by the backend 230 is processed according to the preset encryption rule and then sent to the user terminal 210, so that not only can the encryption and decryption of the data be implemented, but also the security of the data is effectively improved (because the disclosure of the data transmission is mainly between the client terminal 210 and the gateway 220), and compared with the manner that the encryption and decryption are implemented by the cooperation of the user terminal 210 and the backend 230, the gateway 220 can effectively implement independent configuration without modifying the code of the main part of the program (i.e. the user terminal 210 and the backend 230), and if the encryption manner needs to be modified or whether the encryption is determined, the encryption can be implemented by the gateway 220. I.e. without restarting the main part of the program, only the configuration of the gateway 220 needs to be modified appropriately.
Furthermore, by providing the management end 240 and managing the configuration information of the user end 210 by using the management end 240, the preset encryption rule of the gateway 220 is managed, so that whether the whole communication process is encrypted or not and the encryption mode are managed, and the operability of the communication process is effectively improved.
Furthermore, by setting the docking station on the management end 240, the response of the input information can be realized, that is, an interface is provided for the user or the administrator to operate, so that the configuration information or the preset encryption rule can be modified without modifying the codes of the user end 210 and the background end 230, thereby greatly reducing the cost and improving the flexibility.
Furthermore, encryption and decryption are arranged between the client 210 and the gateway 220, so that the calculation amount of the background 230 can be reduced and the response speed can be improved in consideration of the fact that the secret is leaked and intercepted mainly at the client 210.
The present application also provides an electronic device 100, the electronic device 100 comprising a processor 130 and a memory 120. The memory 120 stores computer-executable instructions that, when executed by the processor 130, implement the data transmission method.
The embodiments of the present application also provide a computer readable storage medium storing a computer program, which when executed by the processor 130, implements the data transmission method.
In the embodiments provided in this application, it should be understood that the disclosed systems and methods may be implemented in other ways as well. The system embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part. The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is merely various embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of data transmission, the method being applied to a gateway, the method comprising:
acquiring request data of a user side;
if the state of the request data is in a non-encryption state, the request data is sent to a background terminal, and if the state of the request data is in an encryption state, the request data is decrypted in an encryption mode, and then the decrypted request data is sent to the background terminal;
the method comprises the steps that return data generated by the background terminal based on the request data are obtained, processed based on a preset encryption rule and then sent to the user terminal; the preset encryption rule comprises an encryption switch, an encryption mode and an encryption degree, wherein the encryption degree comprises permission data degradation and non-permission data degradation;
the step of processing the returned data based on the preset encryption rule and then sending the processed returned data to the user side comprises the following steps:
if the encryption switch is on and the encryption degree is not allowable data degradation, encrypting the returned data by using the encryption mode and then sending the encrypted returned data to the user side;
if the encryption switch is on and the encryption level is such that data degradation is allowed,
the returned data is sent to the user side after being subjected to non-encryption processing; or (b)
When the encryption mode is used for encrypting the return data, the return data is sent to the user side after being subjected to non-encryption processing;
and if the encryption switch is off, sending the returned data to the user terminal after non-encryption processing.
2. The method for transmitting data according to claim 1, wherein the step of obtaining the return data of the background terminal, after processing the return data based on a preset encryption rule, before transmitting the processed return data to the user terminal, further comprises:
acquiring the encryption switch and the encryption degree sent by the management end based on the cache service;
the encryption switch comprises an on or off state;
and reading the pre-configured encryption mode.
3. A data transmission method, wherein the method is applied to a user terminal, and the method comprises:
transmitting request data to a gateway, so that the gateway transmits the request data to a background end when the state of the request data is an unencrypted state, and decrypts the request data according to an encryption mode and transmits the request data to the background end when the state of the request data is an encrypted state;
receiving return data processed by the gateway based on a preset encryption rule; the preset encryption rule comprises an encryption switch, an encryption mode and an encryption degree, wherein the encryption degree comprises permission data degradation and non-permission data degradation;
the receiving the return data processed by the gateway based on the preset encryption rule comprises the following steps:
if the encryption switch is on and the encryption degree is not allowable data degradation, receiving return data encrypted by the gateway based on the encryption switch;
if the encryption switch is on and the encryption level is such that data degradation is allowed,
receiving return data after the gateway performs non-encryption processing; or (b)
Receiving the return data after the gateway performs non-encryption processing when the return data is subjected to encryption errors by using the encryption mode;
and if the encryption switch is off, receiving the returned data after the gateway performs non-encryption processing.
4. A data transmission method according to claim 3, wherein the client includes configuration information, the configuration information indicating whether the request data needs encryption and a corresponding encryption mode;
the sending request data to the gateway includes:
if the configuration information indicates that the request data needs to be encrypted, the data is encrypted according to a corresponding encryption mode and then sent to a gateway;
and if the configuration information indicates that the request data does not need to be encrypted, the request data is sent to a gateway.
5. A data transmission method, wherein the method is applied to a background end, the method comprising:
acquiring request data sent by a gateway, wherein the request data is obtained directly after the request data sent by a user terminal is acquired by the gateway or is obtained after the request data sent by the user terminal is acquired by the gateway and then decrypted in an encryption mode;
generating return data based on the request data, and sending the return data to the gateway so that the gateway processes the return data based on a preset encryption rule and then sends the processed return data to the user side; the preset encryption rule comprises an encryption switch, an encryption mode and an encryption degree, wherein the encryption degree comprises permission data degradation and non-permission data degradation;
the step of processing the returned data based on the preset encryption rule and then sending the processed returned data to the user side comprises the following steps:
if the encryption switch is on and the encryption degree is not allowable data degradation, encrypting the returned data by using the encryption mode and then sending the encrypted returned data to the user side;
if the encryption switch is on and the encryption level is such that data degradation is allowed,
the returned data is sent to the user side after being subjected to non-encryption processing; or (b)
When the encryption mode is used for encrypting the return data, the return data is sent to the user side after being subjected to non-encryption processing;
and if the encryption switch is off, sending the returned data to the user terminal after non-encryption processing.
6. A data transmission system, the data transmission system comprising:
the user end is used for sending request data;
the gateway is used for receiving the request data, sending the request data to the background end when the state of the request data is an unencrypted state, decrypting the request data according to an encryption mode when the state of the request data is an encrypted state, and sending the request data to the background end;
the background terminal is used for receiving the request data sent by the gateway and generating return data based on the request data;
the gateway is also used for processing the returned data based on a preset encryption rule after receiving the returned data and then sending the processed returned data to the user side; the preset encryption rule comprises an encryption switch, an encryption mode and an encryption degree, wherein the encryption degree comprises permission data degradation and non-permission data degradation;
the step of processing the returned data based on the preset encryption rule and then sending the processed returned data to the user side comprises the following steps:
if the encryption switch is on and the encryption degree is not allowable data degradation, encrypting the returned data by using the encryption mode and then sending the encrypted returned data to the user side;
if the encryption switch is on and the encryption level is such that data degradation is allowed,
the returned data is sent to the user side after being subjected to non-encryption processing; or (b)
When the encryption mode is used for encrypting the return data, the return data is sent to the user side after being subjected to non-encryption processing;
and if the encryption switch is off, sending the returned data to the user terminal after non-encryption processing.
7. The data transmission system according to claim 6, wherein the preset encryption rule includes an encryption switch, an encryption mode, and an encryption degree; the data transmission system also comprises a management end;
the management end is used for sending the encryption switch to the gateway;
the management end is also used for responding to the input information, setting the encryption switch to be on or off based on the input information, and/or configuring the encryption mode and the encryption degree based on the input information.
8. The data transmission system of claim 7, wherein,
the management end is also used for sending the configuration information to the user end;
and the user terminal processes the request information based on the configuration information.
9. An electronic device comprising a memory storing a computer program and a processor implementing the steps of the method of any one of claims 1-5 when the computer program is executed by the processor.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, carries out the steps of the method according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210460427.4A CN114866309B (en) | 2022-04-28 | 2022-04-28 | Data transmission method, system, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210460427.4A CN114866309B (en) | 2022-04-28 | 2022-04-28 | Data transmission method, system, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114866309A CN114866309A (en) | 2022-08-05 |
| CN114866309B true CN114866309B (en) | 2024-03-08 |
Family
ID=82634357
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210460427.4A Active CN114866309B (en) | 2022-04-28 | 2022-04-28 | Data transmission method, system, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114866309B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1366647A (en) * | 2000-02-23 | 2002-08-28 | Ipdn有限公司 | Methods and devices for storing, distributing and accessing intellectual property in digital form |
| CN102769873A (en) * | 2011-05-03 | 2012-11-07 | 中兴通讯股份有限公司 | Method and system for controlling resource admission |
| CN106302428A (en) * | 2016-08-09 | 2017-01-04 | 杭州华三通信技术有限公司 | The automatic deployment method of a kind of encryption level and device |
| CN110502714A (en) * | 2019-08-27 | 2019-11-26 | 北京达佳互联信息技术有限公司 | Method, apparatus, electronic equipment and the storage medium of infomation detection |
| CN110519203A (en) * | 2018-05-21 | 2019-11-29 | 北京京东尚科信息技术有限公司 | A kind of data encryption and transmission method and device |
| CN110635908A (en) * | 2019-09-29 | 2019-12-31 | 杭州尚尚签网络科技有限公司 | Management method for supporting billions of keys for electronic contract |
| CN112019332A (en) * | 2020-08-26 | 2020-12-01 | 平安国际智慧城市科技股份有限公司 | Encryption and decryption method based on micro-service, API gateway system and equipment |
| CN112217835A (en) * | 2020-10-23 | 2021-01-12 | 中国工商银行股份有限公司 | Message data processing method and device, server and terminal equipment |
| CN112910843A (en) * | 2021-01-15 | 2021-06-04 | 深圳市欢太科技有限公司 | Data transmission method, electronic device, server, mobile terminal and storage medium |
| CN113595982A (en) * | 2021-06-25 | 2021-11-02 | 五八有限公司 | Data transmission method and device, electronic equipment and storage medium |
| CN114090037A (en) * | 2021-11-12 | 2022-02-25 | 北京字节跳动网络技术有限公司 | Service degradation method, device, computer equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7591012B2 (en) * | 2004-03-02 | 2009-09-15 | Microsoft Corporation | Dynamic negotiation of encryption protocols |
-
2022
- 2022-04-28 CN CN202210460427.4A patent/CN114866309B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1366647A (en) * | 2000-02-23 | 2002-08-28 | Ipdn有限公司 | Methods and devices for storing, distributing and accessing intellectual property in digital form |
| CN102769873A (en) * | 2011-05-03 | 2012-11-07 | 中兴通讯股份有限公司 | Method and system for controlling resource admission |
| CN106302428A (en) * | 2016-08-09 | 2017-01-04 | 杭州华三通信技术有限公司 | The automatic deployment method of a kind of encryption level and device |
| CN110519203A (en) * | 2018-05-21 | 2019-11-29 | 北京京东尚科信息技术有限公司 | A kind of data encryption and transmission method and device |
| CN110502714A (en) * | 2019-08-27 | 2019-11-26 | 北京达佳互联信息技术有限公司 | Method, apparatus, electronic equipment and the storage medium of infomation detection |
| CN110635908A (en) * | 2019-09-29 | 2019-12-31 | 杭州尚尚签网络科技有限公司 | Management method for supporting billions of keys for electronic contract |
| CN112019332A (en) * | 2020-08-26 | 2020-12-01 | 平安国际智慧城市科技股份有限公司 | Encryption and decryption method based on micro-service, API gateway system and equipment |
| CN112217835A (en) * | 2020-10-23 | 2021-01-12 | 中国工商银行股份有限公司 | Message data processing method and device, server and terminal equipment |
| CN112910843A (en) * | 2021-01-15 | 2021-06-04 | 深圳市欢太科技有限公司 | Data transmission method, electronic device, server, mobile terminal and storage medium |
| CN113595982A (en) * | 2021-06-25 | 2021-11-02 | 五八有限公司 | Data transmission method and device, electronic equipment and storage medium |
| CN114090037A (en) * | 2021-11-12 | 2022-02-25 | 北京字节跳动网络技术有限公司 | Service degradation method, device, computer equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 损坏容忍的数据查询降级服务机制;李玲;秦小麟;戴华;;计算机科学;20130615(第06期);第1-4页 * |
| 隐私保护数据挖掘算法综述;陈晓明;李军怀;彭军;刘海玲;张;;计算机科学;20070625(第06期);第1-4页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114866309A (en) | 2022-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109583217B (en) | Internet e-commerce platform user privacy data encryption and decryption method | |
| CN107920081B (en) | Login authentication method and device | |
| CN108270739B (en) | Method and device for managing encryption information | |
| EP3860036A1 (en) | Key management method, security chip, service server and information system | |
| CN104412273A (en) | Method and system for activation | |
| CN102685739B (en) | Authentication method and system for Android enterprise applications | |
| CN111427860B (en) | Distributed storage system and data processing method thereof | |
| US11405202B2 (en) | Key processing method and apparatus | |
| CN112669104B (en) | Data processing method of leasing equipment | |
| CN106506479A (en) | The method of cipher authentication, system and client, server and smart machine | |
| CN112822177A (en) | Data transmission method, device, equipment and storage medium | |
| CN111191217A (en) | Password management method and related device | |
| CN113890731A (en) | Key management method, key management device, electronic equipment and storage medium | |
| CN110855616A (en) | Digital key generation system | |
| CN112257121A (en) | Encryption method, decryption method, electronic device, and storage medium | |
| JPWO2019142307A1 (en) | Semiconductor device, update data provision method, update data reception method and program | |
| CN114499836A (en) | Key management method, key management device, computer equipment and readable storage medium | |
| CN114969768A (en) | Data processing method and device and storage medium | |
| CA3052849C (en) | Payment control method and device, electronic device, and storage medium | |
| JP6501701B2 (en) | SYSTEM, TERMINAL DEVICE, CONTROL METHOD, AND PROGRAM | |
| CN114866309B (en) | Data transmission method, system, equipment and medium | |
| CN108629192B (en) | Authorization data processing method and device | |
| US9135449B2 (en) | Apparatus and method for managing USIM data using mobile trusted module | |
| WO2023115195A1 (en) | Protecting sensitive data in internet-of-things (iot) device | |
| CN106972928B (en) | Bastion machine private key management method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |