CN114866527B - Data processing method, device and system - Google Patents

Data processing method, device and system Download PDF

Info

Publication number
CN114866527B
CN114866527B CN202210475068.XA CN202210475068A CN114866527B CN 114866527 B CN114866527 B CN 114866527B CN 202210475068 A CN202210475068 A CN 202210475068A CN 114866527 B CN114866527 B CN 114866527B
Authority
CN
China
Prior art keywords
data
processing
address information
message
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210475068.XA
Other languages
Chinese (zh)
Other versions
CN114866527A (en
Inventor
李凤华
李恒
郭云川
张玲翠
耿魁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN202210475068.XA priority Critical patent/CN114866527B/en
Publication of CN114866527A publication Critical patent/CN114866527A/en
Application granted granted Critical
Publication of CN114866527B publication Critical patent/CN114866527B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/06Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a data processing method, a device and a system, wherein the method comprises the following steps: receiving a first message encapsulated by a special protocol, and analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, and the first data and the target address information are stored in the data field; performing data processing on the first data to obtain second data; and sending the second data to a target interface corresponding to the target address information. The method, the device, the electronic equipment and the storage medium provided by the invention can realize serial processing of the first data by using the special protocol carrying the first data and the target address in the communication main path, and forward the processed data to the target interface for subsequent processing, thereby reducing a data loop, reducing the calling time and further improving the transmission efficiency.

Description

Data processing method, device and system
Technical Field
The present invention relates to the field of internet of things and data security, and in particular, to a data processing method, device and system.
Background
With the development of technologies such as big data, blockchain, artificial intelligence and the like, a video monitoring system/space geographic information system and the like are widely applied to the fields of Internet of things and data security such as national defense and military, economic finance, ecological resources, smart cities and the like, and a large amount of high-dimensional, multi-source and heterogeneous monitoring video data/space-time data are generated. The identification analysis system which is considered as the 'foundation stone' of the Internet of things is widely applied to the mass identification analysis field of the Internet of things.
With the wide application of video monitoring systems, hacking events frequently occur by taking a public video monitoring camera as a gangway, and the privacy protection problem of massive monitoring video data continuously causes high attention in the global scope; the space geographic information system realizes the functions of logic integration, visual expression, mining analysis and the like of various data under a unified space base, and the safety protection of massive high-dimensional, multi-source, heterogeneous space-time important data, video monitoring privacy data and personal sensitive information becomes important along with the wide development of space-time large data platforms and smart city construction and more serious data safety threat of the space geographic information system aiming at the foundation slab. In addition, aiming at the characteristics of cross-domain movement of the identification of the mass Internet of things, scattered data positions, mass analysis requests, high concurrency of analysis services and the like, the identification analysis system has more and more prominent tens of millions of online concurrency analysis effects.
On one hand, the existing data protection technology generally works in a parallel mode of a cipher machine (card), and encrypts and decrypts data in a bypass call mode of the cipher machine (card), but the encryption and decryption mode has the disadvantages of long data loop, long call time, low transmission efficiency and incapability of meeting the requirements of high-performance safe access and transmission; on the other hand, the traditional cipher machine (card) communication mode cannot meet the requirements of high mass data throughput rate, high online concurrent service number and the like in terms of speed and safety, and the throughput and the concurrent number can be improved by adopting the high-performance cipher machine (card), so that the requirement of high performance of multi-user message parallel processing is met.
Disclosure of Invention
The invention provides a data processing method, a device and a system, which are used for solving the defects that in the prior art, a circulation node of a communication main path processes data in a parallel bypass response mode, and the transmission efficiency is low due to long calling time and long data loop.
The invention provides a data processing method, which comprises the following steps:
receiving a first message encapsulated by a special protocol, and analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, and the first data and the target address information are stored in the data field;
Performing data processing on the first data to obtain second data;
and sending the second data to a target interface corresponding to the target address information.
According to the data processing method provided by the invention, the special protocol header is used for describing data processing information, and the data processing information comprises processing parameters, processing initial vectors, offset lengths and processing algorithm types.
According to the data processing method provided by the invention, the data field consists of a data payload and an MAC field;
the data payload includes the target address information and the first data;
the target address information comprises a target MAC address, a source MAC address, a protocol type, an IP header, a TCP header and an HTTP header;
the MAC field is used to check the integrity of the data payload.
According to the data processing method provided by the invention, the receiving the first message encapsulated by the special protocol comprises the following steps:
receiving the first message which is sent by a data interface and is encapsulated by a special protocol;
and performing data processing on the first data to obtain second data, wherein the data processing comprises the following steps:
encrypting the first data to obtain ciphertext data, and taking the ciphertext data as the second data;
The sending the second data to the target interface corresponding to the target address information includes:
and sending the ciphertext data to a storage interface corresponding to the target address information, and storing the ciphertext data by the storage interface.
According to the data processing method provided by the invention, the receiving of the first message encapsulated by the special protocol comprises the following steps:
receiving the first message which is sent by a storage interface and is packaged by a special protocol;
and performing data processing on the first data to obtain second data, wherein the data processing comprises the following steps:
decrypting the first data to obtain plaintext data, and taking the plaintext data as the second data;
the sending the second data to the target interface corresponding to the target address information includes:
and sending the plaintext data to a data interface corresponding to the target address information, and analyzing and packaging the plaintext data by the data interface and sending the plaintext data to a terminal.
According to the data processing method provided by the invention, the receiving of the first message encapsulated by the special protocol comprises the following steps:
receiving the first message which is sent by a data interface and is encapsulated by a special protocol;
And performing data processing on the first data to obtain second data, wherein the data processing comprises the following steps:
analyzing the first data to obtain an object information server address, and taking the object information server address as the second data;
the sending the second data to the target interface corresponding to the target address information includes:
and sending the address of the object information server to an identification interface corresponding to the target address information, and carrying out access identification on the address of the object information server by the identification interface.
According to the data processing method provided by the invention, the analyzing the first data to obtain the address of the object information server comprises the following steps:
analyzing the first data to obtain an identification domain name and an object code;
resolving the identification domain name and the object code to obtain an object code domain name;
and resolving the object coding domain name to obtain the address of the object information server.
The invention also provides a data processing device, comprising:
the receiving module is used for receiving a first message packaged by a special protocol, analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, and the first data and the target address information are stored in the data field;
The processing module is used for carrying out data processing on the first data to obtain second data;
and the forwarding module is used for sending the second data to a target interface corresponding to the target address information.
The invention also provides a data processing system, comprising: the data processing device is connected to the communication main path in a serial mode.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of any of the data processing methods described above when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a data processing method as described in any of the above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, implements a data processing method as described in any of the above.
According to the data processing method, device and system provided by the invention, the special protocol carrying the first data and the target address is used for communication in the communication main path, so that the serial processing of the first data is realized, the processed data is forwarded to the target interface for subsequent processing, the data loop is reduced, the calling time is reduced, and the transmission efficiency is further improved.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data processing method provided by the invention;
FIG. 2 is a schematic flow chart of the identification data parsing method provided by the invention;
FIG. 3 is a message structure diagram of message data provided by the present invention;
FIG. 4 is a schematic diagram of a data processing apparatus according to the present invention;
FIG. 5 is a schematic diagram of a data processing system provided by the present invention;
FIG. 6 is a schematic diagram of a data access system according to the present invention;
FIG. 7 is a diagram of a system physical logic architecture of a data access system provided by the present invention;
FIG. 8 is a schematic diagram of a data storage flow of the data access system according to the present invention;
FIG. 9 is a second schematic diagram of a data storage flow of the data access system according to the present invention;
FIG. 10 is a schematic diagram of a data reading flow of the data access system according to the present invention;
FIG. 11 is a second schematic diagram of a data reading flow of the data access system according to the present invention;
FIG. 12 is a schematic diagram of an analysis flow of the code analysis system provided by the present invention;
fig. 13 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The existing cipher machine or coding analysis equipment is applied in the data transmission process in a bypass working mode, namely, a processing request sent by a node on a non-communication main path is responded in real time in a parallel mode, processed data is returned to the node, the node transmits the processed data to a next node for subsequent processing, but the parallel working mode has long data loop, long calling time and low transmission efficiency, and cannot meet the requirements of high-performance data processing and transmission.
Therefore, how to reduce the data processing time and further improve the transmission efficiency is a technical problem to be solved in the art.
Fig. 1 is a schematic flow chart of a data processing method provided by the invention. As shown in fig. 1, an embodiment of the present invention provides a data processing method, where an execution body may be a cryptographic engine, and may also be a code parsing device, and the method includes:
step 110, receiving a first message encapsulated by a special protocol, analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, and the first data and the target address information are stored in the data field;
step 120, performing data processing on the first data to obtain second data;
and 130, sending the second data to a target interface corresponding to the target address information.
Considering that the current cipher machine or code analysis equipment performs data processing in a parallel bypass working mode, the cipher machine or code analysis equipment returns the processed data original path obtained after responding to the request to a node for sending the processing request, the node sends the processed data to a subsequent node of a communication main path for subsequent operation, obviously, the working mode can perform copy operation on the processed data twice, the cipher machine or code analysis equipment returns the node once, and the node sends the processed data to the subsequent node once, thereby increasing transmission time and calling time. Therefore, in the embodiment of the invention, the cryptographic engine or the code analysis device is accessed into the communication main path in a serial mode, namely, the cryptographic engine or the code analysis device is used as a node in the communication main path, and the operations of data processing and forwarding are required to be executed in the serial mode.
Specifically, a first message which is sent by a previous node in a communication main route and is packaged by a special protocol is received, the first message is analyzed to obtain first data and target address information, the special protocol comprises a special protocol header and a data field, wherein the first data and the target address information are stored in the data field, then data processing is carried out on the first data by applying processing information to obtain second data, and the second data is sent to a target interface corresponding to the target address information. The processing information may be preset, or may be carried in a dedicated protocol, which is not limited in the embodiment of the present invention.
It should be noted that, the data processing performed on the first data by applying the processing information may be performed on the first data by using an encryption algorithm and an encryption parameter (a key, a key initial vector) carried in the processing information, or may be performed on the first data by using a decryption algorithm and a decryption parameter (a key, a key initial vector) carried in the processing information, or may be performed on the first data by using an analysis algorithm, an analysis parameter, and an analysis initial vector carried in the processing information. The target interface may be a storage interface for storing the second data, or may be a data interface for encapsulating and sending the second data to the terminal, or an identification interface for identifying access to the second data, which is not limited in this embodiment of the present invention.
In addition, the target address information can have a plurality of target addresses, each target address corresponds to one target interface, and when the target addresses have a plurality of target addresses, second data can be sent to the target interfaces corresponding to all the target addresses in a concurrent mode, so that high concurrency of data processing is realized.
According to the data processing method provided by the embodiment of the invention, the special protocol carrying the first data and the target address is used for communication in the communication main path, so that the serial processing of the first data is realized, the processed data is forwarded to the target interface for subsequent processing, the data loop is reduced, the calling time is reduced, and the transmission efficiency is further improved.
Based on the above embodiment, the processing information may also be obtained by parsing the first message in step 110;
considering that a plurality of cipher machines or code analysis devices can exist in the communication main path, and the processing mode of data by each cipher machine or code analysis device can be different, taking the cipher machine as an example: when encrypting, the encrypted ciphertext data is required to be sent to the storage interface, when decrypting, the decrypted plaintext data is required to be sent to the data interface, or the encryption and decryption information for decrypting the encrypted data to be stored is different from the encryption and decryption information for encrypting the plaintext data sent by the data interface. At this time, the configuration of multiple sending addresses and multiple encryption modes by the preset configuration mode may make the configuration content very tedious and inflexible. Therefore, the embodiment of the invention takes the sending target address and the processing information as a part of the first message data.
It should be noted that, the processing information may include a processing parameter, a processing algorithm type, and the like, and the target address information may include an IP of the target address, a monitored port number, a communication protocol type, and the like, which is not limited in the embodiment of the present invention.
Based on the above embodiments, the dedicated protocol header is used to describe data processing information including processing parameters, processing initial vectors, offset lengths, and processing algorithm types.
It should be noted that, the end memory address of the memory space of the special protocol header and the memory head address of the memory space of the data portion to be processed are adjacent memory addresses. The memory space adjacency represents two memory spaces, and the end memory address of the memory space with the small head address is adjacent to the memory head address of the memory space with the large head address, and is a continuous memory address, for example: and if the memory space A is adjacent to the memory space B, the memory end address of the memory space A is adjacent to the memory head address of the memory space B. The memory space of the processing parameters in the special protocol header is adjacent to the memory space of the processing initial vector, the memory space of the processing initial vector is adjacent to the memory space of the offset length, and the memory space of the offset length is adjacent to the memory space of the processing algorithm type.
Based on the above embodiments, the data field is composed of a data payload and a MAC field;
the data payload comprises the target address information and first data;
the destination address information includes a destination MAC address, a source MAC address, a protocol type, an IP header, a TCP header, and an HTTP header;
the MAC field is used to check the integrity of the data payload.
It should be noted that, the memory space of the data payload in the data portion to be processed is adjacent to the memory space of the MAC field, the memory space of the destination address information in the data payload is adjacent to the memory space of the first data, the memory space of the destination MAC address in the destination address information is adjacent to the memory space of the source MAC address, the memory space of the source MAC address is adjacent to the memory space of the protocol type, the memory space of the protocol type is adjacent to the memory space of the IP header, the memory space of the IP header is adjacent to the memory space of the TCP header, and the memory space of the TCP header is adjacent to the memory space of the HTTP header.
Based on the above embodiment, the present invention provides a preferred embodiment, in which the data processing method in the above embodiment is applied to data encryption, and the receiving the first packet encapsulated in the special protocol in step 110 includes:
Receiving a first message which is sent by a data interface and encapsulated by a special protocol;
step 120 includes:
encrypting the first data to obtain ciphertext data, and taking the ciphertext data as second data;
step 130 includes:
and sending the ciphertext data to a storage interface corresponding to the target address information, and storing the ciphertext data by the storage interface.
Specifically, the terminal sends the data stream to be stored to the data interface, after receiving the data stream to be stored, the data interface analyzes the stored data stream and carries out data recombination to obtain plaintext data, and the plaintext data is packaged into a first message by a special protocol. After a first message sent by a data interface is received, the first message is analyzed to obtain first data and target address information, at the moment, processing parameters in the processing information are keys, a processing initial vector is a key initial vector, a processing algorithm type is an encryption algorithm type, the processing information is applied in a serial mode to encrypt the first data, then the encrypted ciphertext data is sent to a storage interface corresponding to the target address information according to the target address information, and the storage interface stores the ciphertext data after receiving the ciphertext data.
It should be noted that, before data reorganization, the data interface may perform decryption operation in the case that the data stream to be stored is ciphertext, and may also perform operations such as data integrity verification; before the storage interface stores the ciphertext data, the ciphertext data may be stored after being subjected to data segmentation, and operations such as establishing an index may be performed.
In addition, the target address information can have a plurality of target addresses, each target address corresponds to one storage interface, when the target addresses have a plurality of target addresses, ciphertext data can be sent to the storage interfaces corresponding to all the target addresses in a concurrent mode, and high concurrency of data encryption processing is achieved.
Based on the above embodiment, the present invention provides a preferred embodiment, in which the data processing method in the above embodiment is applied to data decryption, and the receiving the first packet encapsulated in the dedicated protocol in step 110 includes:
receiving a first message which is sent by a storage interface and is packaged by a special protocol;
step 120 includes:
decrypting the first data to obtain plaintext data, and taking the plaintext data as second data;
step 130 includes:
And sending the plaintext data to a storage interface corresponding to the target address information, analyzing and packaging the plaintext data by the corresponding data interface, and sending the plaintext data to the terminal.
Specifically, after receiving a read request query, the storage interface queries to obtain ciphertext data, and encapsulates the ciphertext data into a first message by a special protocol. After receiving a first message sent by a storage interface, resolving the ciphertext message to obtain first data and target address information, wherein processing parameters in the processing information are keys, processing initial vectors are key initial vectors, processing algorithm types are decryption algorithm types, processing information is applied in a serial mode to decrypt the first data, and then the decrypted plaintext data are sent to a data interface corresponding to the target address information according to the target address information, wherein the data interface analyzes and encapsulates the plaintext data after receiving the plaintext data and then sends the plaintext data to a terminal.
It should be noted that, the access interface may read a plurality of data blocks of ciphertext data and splice the plurality of data blocks according to an index established when the ciphertext data is stored to obtain first data; after the data interface analyzes the data, if ciphertext data transmission is required, encryption operation can be performed on plaintext data according to a communication protocol contract with the terminal, which is not limited in the embodiment of the present invention.
In addition, the target address information can have a plurality of target addresses, each target address corresponds to one data interface, when the target addresses are a plurality of target addresses, plaintext data can be sent to the data interfaces corresponding to all the target addresses in a concurrent mode, and high concurrency of data decryption processing is realized.
Based on the above embodiment, the present invention provides a preferred embodiment, in which the data processing method in the above embodiment is applied to code parsing, and the receiving the first packet encapsulated in the dedicated protocol in step 110 includes:
receiving a first message which is sent by a data interface and encapsulated by a special protocol;
step 120 includes:
analyzing the first data to obtain an object information server address, and taking the object information server address as second data;
step 130 includes:
and sending the address of the object information server to an identification interface corresponding to the target address information, and performing access identification on the address of the object information server by the identification interface.
Specifically, the terminal sends the data stream to be analyzed to the data interface, and after the data interface receives the data stream to be analyzed, the data interface pre-processes the data stream to be analyzed to obtain identification data, and encapsulates the identification data (first data) into a first message by a special protocol. After receiving a first message sent by a data interface, analyzing the plaintext message to obtain first data and target address information, wherein the processing parameters in the processing information are coding analysis parameters, the processing initial vector is a coding analysis initial vector, the processing algorithm type is a coding analysis algorithm type, analyzing the first data by applying the processing information in a serial mode, and then sending the analyzed object information server address to an identification interface corresponding to the target address information according to the target address information, wherein the identification interface accesses and identifies the object information server address after receiving the object information server address.
It should be noted that, the target address information may have a plurality of target addresses, each target address corresponds to one data interface, and when there are a plurality of target addresses, the target information server address is sent to the data interfaces corresponding to all the target addresses in a concurrent manner, so as to realize high concurrency of the data analysis processing.
Based on the above embodiments, fig. 2 is a flow chart of the identification data parsing method provided by the present invention. As shown in fig. 2, the parsing the first data to obtain the address of the object information server includes:
step 210, resolving the first data to obtain an identification domain name and an object code;
step 220, resolving the identification domain name and the object code to obtain an object code domain name;
and step 230, resolving the object code domain name to obtain an object information server address.
In consideration of the fact that the received first data may be encoded multiple times, multiple times of decoding are needed to obtain the needed identification data.
Specifically, the first data is resolved to obtain a first intermediate result identifier domain name and an object code, then the identifier domain name and the object code are resolved as a whole to obtain a second intermediate result object code domain name, and finally the object code domain name is resolved to obtain an object information service address, namely the identifier data.
It should be noted that, the three steps may be completed in one node of the communication main path, or may be completed in three nodes, which is not limited in this embodiment of the present invention. When the method is completed in one node, the coding analysis parameters, the coding analysis initial vectors and the coding analysis algorithm types in the processing information in the special protocol are stored in the memory space where the three coding analysis parameters, the three coding analysis initial vectors and the three coding analysis algorithm types and the memory addresses are in sequence from small to large to form three groups of corresponding relations, and the first data, the identification domain name, the object code and the object code domain name are analyzed respectively. When the step 210 is completed in three nodes, the data in the special protocol in the first message received before the step 210 is executed is the first data, and the target address is the address information of the node where the step 220 is located, after the step 210 is executed, the identification domain name and the object are coded as new first data, and the address information of the node where the step 230 is executed is packaged as target address information in the new first message in the special protocol, where the first message may further encapsulate the processing information of the step 220, after the new first message is packaged, the processing information is sent to the node where the step 220 is located, after the step 220 receives the first message sent in the step 210, the received first message is processed, after the step 220 is executed, the object is coded as new first message, and the address information of the identification interface is packaged as target address information in the new first message in the special protocol, where the processing information of the step 230 may also be packaged in the first message, after the new first message is packaged, the processing information of the step 230 is sent to the node where the step 220 is located, after the new first message is packaged, the step 220 processes the first message sent in the first message, and the first message sent in the step 220, and the address information of the server is processed to obtain the address of the object.
Based on the above embodiments, fig. 3 is a message structure diagram of the message data provided by the present invention. As shown in fig. 3, the present invention provides a preferred embodiment, in which the message structure of the message data is an extended UDP protocol, and the extended portion is a dedicated protocol portion, in which a custom portion is carried, and the custom portion includes a dedicated protocol header and a data portion to be processed. The special protocol header carries a secret key, a secret key IV, an offset length and encryption algorithm parameters, and the data part to be processed is a data payload and a MAC field, wherein the data payload comprises target address information and plaintext/ciphertext data, and the target address information comprises a plurality of target addresses.
Specifically, the data frame header of the message includes a destination MAC address, a source MAC address, a type, an IP datagram header, a UDP header, a private protocol header, and a portion of data to be processed.
The private protocol header includes the key, key IV, offset length, and encryption/decryption algorithm. For example: the key takes 16 bytes, the key IV takes 16 bytes, the offset length takes 4 bytes, and the encryption/decryption algorithm takes 4 bytes.
The data portion to be processed includes a data payload (0-1632 bytes) and a MAC field (16 bytes), wherein the data payload includes target address information (0-N bytes) and an explicit/ciphertext data portion (0-1632-N bytes). The destination address information contains a plurality of destination addresses, and a single destination address includes a destination MAC 'address, a source MAC' address, a type ', an IP' header, a TCP header, and an HTTP header. For example: the destination MAC address occupies 6 bytes, the source MAC address occupies 6 bytes, the type occupies 2 bytes, the IP header occupies 20 bytes, the TCP header occupies 20 bytes, and the HTTP header occupies (N-54) bytes, wherein N represents the total bytes occupied by a plurality of destination addresses in the destination address information, and N is more than 54 bytes.
The data processing apparatus provided by the present invention will be described below, the data processing methods described below may be referred to correspondingly to each other, and the data processing apparatus and the data processing methods described above may be referred to correspondingly to each other.
Fig. 4 is a schematic structural diagram of a data processing apparatus provided by the present invention. As shown in fig. 4, the apparatus includes: a receiving module 410, a processing module 420 and a forwarding module 430;
wherein,,
the receiving module 410 is configured to receive a first packet encapsulated in a special protocol, parse the first packet to obtain first data and target address information, where the special protocol includes a special protocol header and a data field, and the first data and the target address information are stored in the data field;
the processing module 420 is configured to perform data processing on the first data to obtain second data;
and the forwarding module 430 is configured to send the second data to a target interface corresponding to the target address information.
In the embodiment of the invention, a receiving module is used for receiving a first message packaged by a special protocol, analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, and the first data and the target address information are stored in the data field; the processing module is used for carrying out data processing on the first data to obtain second data; and the forwarding module is used for sending the second data to the target interface corresponding to the target address information, realizing the serial processing of the first data, forwarding the processed data to the target interface for subsequent processing, reducing a data loop, reducing the calling time and further improving the transmission efficiency.
Based on any of the above embodiments, the dedicated protocol header in the receiving module 410 is used to describe data processing information including processing parameters, processing initial vectors, offset lengths, and processing algorithm types.
Based on any of the above embodiments, the data field in the receiving module 410 is composed of a data payload and a MAC field;
the data payload includes target address information and first data;
the destination address information includes a destination MAC address, a source MAC address, a protocol type, an IP header, a TCP header, and an HTTP header;
the MAC field is used to check the integrity of the data payload.
Based on any of the above embodiments, when the data processing apparatus is a cryptographic engine for encryption, the receiving module 410 is configured to receive the first packet encapsulated in a special protocol and sent by the data interface, and parse the first packet to obtain first data and target address information;
the processing module 420 is configured to encrypt the first data to obtain ciphertext data, and take the ciphertext data as second data;
and the forwarding module 430 is configured to send the ciphertext data to a storage interface corresponding to the target address information, where the storage interface stores the ciphertext data.
Based on any of the above embodiments, when the data processing apparatus is a cryptographic engine for decryption, the receiving module 410 is configured to receive the first packet encapsulated in a special protocol and sent by the storage interface, and parse the first packet to obtain first data and target address information;
the processing module 420 is configured to decrypt the first data to obtain plaintext data, and take the plaintext data as second data;
and the forwarding module 430 is configured to send the plaintext data to a data interface corresponding to the target address information, and parse and package the plaintext data by the data interface, and send the plaintext data to the terminal.
Based on any of the above embodiments, when the data processing apparatus is a code parsing device for parsing, the receiving module 410 is configured to receive the first packet encapsulated in a special protocol and sent by the data interface, and parse the first packet to obtain first data and target address information;
the processing module 420 is configured to parse the first data to obtain an object information server address, and take the object information server address as second data;
and the forwarding module 430 is configured to send the address of the object information server to an identification interface corresponding to the target address information, and the identification interface performs access identification on the address of the object information server.
Based on the above embodiment, when the data processing apparatus is an encoding parsing device for parsing, the processing module 420 includes:
the first analysis module is used for analyzing the first data to obtain the identification domain name and the object code;
the second analysis module is used for analyzing the identification domain name and the object code to obtain an object code domain name;
and the third analyzing module is used for analyzing the object coding domain name to obtain an object information server address.
FIG. 5 is a schematic diagram of a data processing system according to the present invention. As shown in fig. 5, the system includes a communication main path 510 and any of the data processing devices 520, where the data processing devices are connected to the communication main path in a serial manner, and xN in the figure indicates that a plurality of data processing devices in the data processing system may be connected to the communication main path in a serial manner, where N is a natural number.
According to the data processing system provided by the embodiment of the invention, the data processing device is connected into the communication main path in a serial mode, so that the serial processing of data in the communication main path is realized, the data loop is reduced, the calling time is reduced, and the transmission efficiency is further improved.
Fig. 6 is a schematic structural diagram of a data access system according to the present invention. As shown in fig. 6, the system includes: a cryptographic engine 610, a data interface 620, and a storage interface 630;
Wherein,,
the crypto engine 610 is configured to, after receiving a first plaintext packet encapsulated in a specific protocol and sent by the data interface 620, parse the first plaintext packet to obtain first plaintext data and first target address information, encrypt the first plaintext data in a serial manner to obtain first ciphertext data, and send the first ciphertext data to the storage interface 630 corresponding to the first target address information; after receiving the second ciphertext message encapsulated by the special protocol and sent by the storage interface 630, analyzing the second ciphertext message to obtain second ciphertext data and second target address information, decrypting the second ciphertext data in a serial manner to obtain second plaintext data, and sending the second plaintext data to the data interface 620 corresponding to the second target address information;
the data interface 620 is configured to receive data to be stored sent by the first terminal, parse the data to be stored, reorganize the data to obtain first plaintext data, encapsulate the first plaintext data with a special protocol to obtain a first plaintext message, and send the first plaintext message to the crypto engine 610; and after receiving the second plaintext data sent by the crypto-engine 610, parsing and packaging the second plaintext data, and sending the parsed and packaged data stream to the second terminal;
A storage interface 630, configured to receive the first ciphertext data sent by the crypto engine 610, and store the first ciphertext data; and acquiring second ciphertext data based on the read request query, packaging the second ciphertext data with a special protocol to obtain a second ciphertext message, and transmitting the second ciphertext message to the crypto engine 610.
Based on any of the above embodiments, the data interface 620 includes: a secure access gateway 621, a communication crypto-engine 622, a data access subsystem 623, and a first crypto-processing component 624;
the secure access gateway 621 is configured to receive data to be stored sent by the first terminal, parse and verify the data to be stored, and send parsed and verified parsed data to the communication crypto 622; and is configured to receive the target ciphertext data sent by the communication crypto-engine 622, encapsulate the target ciphertext data, and send the encapsulated target ciphertext data to the second terminal;
a communication crypto 622 for decrypting the parsed data in a serial manner using a dedicated protocol after receiving the parsed data sent from the security access gateway 621, obtaining first communication plaintext data, and sending the first communication plaintext data to the data access system 623; and is configured to encrypt the second communication plaintext data in a serial manner using a dedicated protocol after receiving the second communication plaintext data transmitted by the data access subsystem 623, obtain target ciphertext data, and transmit the target ciphertext data to the secure access gateway 621;
A data access subsystem 623, configured to, after receiving the first communication plaintext data sent by the communication crypto-engine 622, perform data reorganization on the first communication plaintext data to obtain first plaintext data, and transmit the first plaintext data to the first crypto-processing component 624; and for receiving the second plaintext data transmitted by the crypto-engine 610, parsing and encapsulating the second plaintext data to obtain second communication plaintext data, and transmitting the second communication plaintext data to the communication crypto-engine 622;
the first cryptographic processing component 624 is configured to perform encryption preprocessing on the first plaintext data to obtain encrypted information, construct message data according to the first plaintext data and the encrypted information, and send the message data to the cryptographic engine 610.
It should be noted that the system supports asynchronous processing to reduce intermediate memory copies, and adds the data to be processed to the queue in a manner of calling an asynchronous interface for serial call by the communication crypto machine 622.
Based on any of the above embodiments, the storage interface 630 includes: a second cryptographic processing component 631, a storage component 632, and a cloud storage subsystem 633;
the second crypto processing component 631 is configured to perform encryption preprocessing on the first plaintext data to obtain encrypted information, construct message data according to the first plaintext data and the encrypted information, and send the message data to the crypto engine 610;
The storage component 632 is configured to receive ciphertext data sent by the crypto engine 610, block the ciphertext data to obtain a first ciphertext data block set, establish an index according to the first ciphertext data block set, and send the first ciphertext data block set to the cloud storage subsystem 633 for storage; and the second cipher text data is spliced according to the index to obtain second cipher text data, and the second cipher text data is transmitted to the second cipher text processing component 631;
cloud storage subsystem 633 for receiving the first ciphertext data block set sent by storage component 632 and performing distributed storage; and for responding to read query requests sent from storage component 632 and returning a second set of ciphertext data blocks.
Based on any of the above embodiments, fig. 7 is a system physical logic architecture diagram of a data access system according to the present invention, where the system physical logic architecture diagram of the data access system includes: the terminal layer comprises one or more terminals, the application layer comprises a secure access gateway, a data access subsystem, a first/second password processing component, a communication password machine, a password machine and a storage component, and the data layer comprises a cloud storage subsystem, wherein the cloud storage subsystem comprises a distributed file system and a plurality of OSD (Object-based Storage Device) devices.
Fig. 8 is a schematic diagram of a data storage flow of the data access system according to the present invention, fig. 9 is a schematic diagram of a second data storage flow of the data access system according to the present invention, fig. 10 is a schematic diagram of a data reading flow of the data access system according to the present invention, and fig. 11 is a schematic diagram of a data reading flow of the data access system according to the present invention. As shown in fig. 8 and 9, the data storage flow includes:
at step 810, the secure access gateway receives a surveillance video stream/space-time data stream (ciphertext) transmitted by the terminal.
Step 811, performing data packet analysis operation on the monitoring video stream/space-time data stream (ciphertext);
step 812, check retransmission is performed on the data packet in the analysis process, so as to ensure that the monitoring video stream/space-time data stream (ciphertext) is completely available;
step 813, performing TLS/SSL header removal operation on the parsed and checked and retransmitted data packet, so that the monitoring video stream/spatio-temporal data stream (ciphertext) data frame entering the communication crypto-engine can be directly operated.
In step 820, the communication crypto-engine decrypts and forwards the data of the surveillance video stream/space-time data stream (ciphertext) transmitted by the security access gateway through a special protocol, and transmits the surveillance video stream/space-time data stream (plaintext) to the data access subsystem.
It should be noted that, at this time, the destination MAC address of the data frame header of the dedicated protocol packet is the MAC address of the communication crypto-engine, the source MAC address is the MAC address of the security access gateway, the type is 0x0800, the IP header is filled according to the standard IP frame header (the destination IP address is the IP address of the communication crypto-engine, the source IP address is the IP address of the security access gateway), and the UDP header is filled according to the standard UDP frame header (the source port number is 5000 of the security access gateway port number, and the destination port number is 6000 of the communication crypto-engine); the special protocol header key is a video/data decryption key and is provided by a communication cipher machine, and the encryption/decryption algorithm is a decryption algorithm; destination address information the destination MAC address is a data access subsystem MAC address, the source MAC address is a security access gateway MAC address, the type is 0x0800, the IP header is filled according to standard IP frame header (destination IP address is a data access subsystem IP address, source IP address is a security access gateway IP address), the TCP header is filled according to standard TCP frame header (source port number is security access gateway port number 5000, destination port number is data access subsystem port number 4000), the HTTP header is filled according to standard HTTP frame header (lower layer protocol is RTCP/RTSP/RTP protocol).
In step 830, the data access subsystem performs the following operations on the decrypted surveillance video stream/space-time data stream (plaintext):
In step 831, the coding/organization formats of the decrypted various video code streams/spatial data types are uniformly converted, for example, uniformly converted into a video code stream format h.264/space-time data stream Tile format.
In step 832, the package formats of various video/data are converted to achieve compatibility operations of various video/data formats.
Step 833, performing RTP protocol header removal operation on the video/data format converted and encapsulated data packet. Since the RTP packets are inside the TLS/SSL protocol payload, the packets are decapsulated under local storage conditions to save space. For example: the video code stream format H.264/space-time data stream Tile format.
And 834, performing frame analysis operation on the data packet after header removal, and extracting an I frame, a P frame, a B frame or a Tile frame.
In step 835, the extracted I, P, B, or Tile frames are assembled into GOP data/files (minimum units).
In step 840, the first cryptographic processing component performs pre-encryption preparation on the reassembled GOP data/file (i.e., the first plaintext data) to generate an encrypted identifier ENCInfo. Each encinifo consists of an encryption identifier (whether encrypted or not), an encryption cryptographic algorithm identifier (such as SM4 and AES), an integrity cryptographic algorithm identifier (such as HAMC, AEAD, sign), an encryption parameter (such as GCM algorithm mode), an EDEK ciphertext, a MAC value, and the like.
In step 850, the cryptographic engine performs data encryption and data forwarding on the first plaintext data transmitted by the cryptographic processing component via a dedicated protocol.
It should be noted that, at this time, the destination MAC address of the data frame header of the special protocol packet is the cipher machine MAC address, the source MAC address is the first cipher processing component MAC address, the type is 0x0800, the IP header is filled according to the standard IP frame header (the destination IP address is the cipher machine IP address, the source IP address is the first cipher processing component IP address), and the UDP header is filled according to the standard UDP frame header (the source port number is the cipher processing component port number 3000, the destination port number is the cipher machine port number 6000); the special protocol header key is a video/data encryption key, the KMS key management system is responsible for distribution, and the encryption/decryption algorithm is an encryption algorithm; destination address information the destination MAC address is a storage component MAC address, the source MAC address is a first cryptographic processing component MAC address, the type is 0x0800, the IP header is filled according to standard IP frame header (destination IP address is a storage component IP address, source IP address is a first cryptographic processing component IP address), the TCP header is filled according to standard TCP frame header (source port number is a first cryptographic processing component port number 3000, destination port number is a storage component port number 1000), the HTTP header is filled according to standard HTTP frame header (lower layer protocol is RTCP/RTSP/RTP protocol).
In step 860, the storage component performs the following operations on the encrypted surveillance video stream/spatiotemporal data stream (ciphertext) GOP data/file (i.e., the first ciphertext data):
step 861, banding the first ciphertext data: the first ciphertext data is equally divided into K GOP data blocks; here, 4 GOP data blocks are equally generated, each fixed to 2MB.
In step 862, the index information consists of start time, end time, total size (within 2G), encoder ID, socket, oneGOPInfo storage location, etc. Wherein generating each GOP information OneGOPInfo, oneGOPInfo simultaneously with the splicing of the plurality of GOP data/files includes: the record data type, the time stamp of the GOP packet, the end time of the GOP packet, the data size of the GOP packet, and the storage database (disk).
And step 863, performing an Error Code (EC) operation on the K GOP data blocks to generate M redundancy check blocks. The example is a 4+2 mode, namely, data blocks Data (D1-D4) after 4 EC operations and redundancy Check blocks Check (C1-C2) after 2 EC operations are obtained.
In step 870, the cloud storage subsystem performs the following operations on the k+m surveillance video streams/spatiotemporal data streams (ciphertext) GOP data blocks from the storage component through the distributed file system:
Step 871, calculating load conditions by the distributed file system through a balance algorithm, dispersing K+M monitoring video streams/space-time data streams (ciphertext) GOP data blocks from a storage component into each OSD, and recording storage positions of each GOP data block in a database; and establishing cloud storage index information, recording a disk number and offset (ID number) on a disk, and storing a database (disk).
At step 872, the osd receives object store data, where k+m supervisory video stream/spatiotemporal data stream (ciphertext) GOP data blocks are stored to the local disk.
As shown in fig. 10 and 11, the data reading flow thereof includes:
in step 1010, the cloud storage subsystem is invoked via the data access subsystem, which queries GOP data/file information by retrieving the video index. The cloud storage subsystem inquires the OSD to acquire the Set meeting the condition, sends a GOP data block acquisition request to the distributed file system, and the distributed file system returns the GOP data block of the monitoring video stream/space-time data stream (ciphertext) stored by the local disk to the storage component by calling the cloud storage OSD.
The specific operation steps are as follows:
in step 1011, the osd reads the supervisory video stream/spatiotemporal data stream (ciphertext) GOP data blocks stored on the local disk.
In step 1012, the distributed file system gathers the GOP data blocks from the supervisory video stream/spatiotemporal data stream (ciphertext) in each OSD by querying cloud storage index information such as storage location, disk number, offset (ID number) on the disk, etc. of each GOP data block recorded in the database.
Step 1020, the storage component performs the following operations on the surveillance video stream/spatiotemporal data stream (ciphertext) GOP data blocks
In step 1021, the inverse operation of ec operation, i.e. discarding the generated M redundancy check blocks, reserves K GOP data blocks. An example is the 4+2 mode, i.e., discard 2 redundancy Check blocks Check (C1-C2) after EC operations, preserve 4 Data blocks Data (D1-D4).
Step 1022, during video/data retrieval, firstly, a corresponding OneGOPInfo storage location is retrieved in a database (disk) through "time+encoder ID"; secondly, searching corresponding fragment GOP data/files through OneGOPInfo; finally, the GOP data/file of the retrieval time range is returned.
Step 1023, by querying the video/data retrieval index information, the GOP data/file (i.e. the second ciphertext data) is restored by stitching every K GOP data blocks. An example is every 4 GOP data blocks, each fixed at 2MB.
In step 1030, the second cryptographic processing component performs data decryption preprocessing on the second ciphertext data to generate the decryption identifier.
The data decryption preprocessing method specifically comprises the following steps: and carrying out preprocessing operation before decryption on the second ciphertext data to generate a decryption identifier DECInfo. Each DECInfo consists of a decryption identifier (whether decryption is performed), a decryption cryptographic algorithm identifier (e.g., SM4, AES), an integrity cryptographic algorithm identifier (e.g., HAMC, AEAD, sign), a decryption parameter (e.g., GCM algorithm mode), M plaintext, MAC value, etc.
In step 1040, the crypto-engine performs data decryption and data forwarding on the second ciphertext data transmitted by the cloud storage subsystem through a special protocol, and transmits the GOP data/file of the monitoring video stream/space-time data stream (i.e., the second plaintext data) to the data access subsystem.
It should be noted that, at this time, the destination MAC address of the data frame header of the special protocol packet is the cipher machine MAC address, the source MAC address is the second cipher processing component MAC address, the type is 0x0800, the IP header is filled according to the standard IP frame header (the destination IP address is the cipher machine IP address, the source IP address is the second cipher processing component IP address), and the UDP header is filled according to the standard UDP frame header (the source port number is the second cipher processing component port number 3000, the destination port number is the cipher machine port number 6000); the special protocol header key is a video/data decryption key, the KMS key management system is responsible for distribution, and the encryption/decryption algorithm is a decryption algorithm; destination address information the destination MAC address is a data access subsystem MAC address, the source MAC address is a cryptographic handling element MAC address, the type is 0x0800, the IP header is filled according to standard IP frame header (destination IP address is a data access subsystem IP address, source IP address is a second cryptographic handling element IP address), the TCP header is filled according to standard TCP frame header (source port number is a second cryptographic handling element port number 3000, destination port number is a data access subsystem port number 4000), the HTTP header is filled according to standard HTTP frame header (lower layer protocol is RTCP/RTSP/RTP protocol).
In step 1050, the data access subsystem performs the following operations:
in step 1051, the second plaintext data is subjected to a frame analysis operation to extract an I frame, a P frame, a B frame, or a Tile frame.
At step 1052, the frame packets are restored by I-frames, P-frames, B-frames or Tile frames and RTP headers are added.
In step 1053, the frame packet encapsulation format after adding the RTP header is inversely converted to correspond to the coding/organization format of the corresponding video code stream/spatial data type.
In step 1060, the communication crypto-engine encrypts and forwards the data of the surveillance video stream/space-time data stream (i.e. the second communication plaintext data) transmitted by the data access subsystem through a dedicated protocol, and transmits the surveillance video stream/space-time data stream (i.e. the target ciphertext data) to the security access gateway.
It should be noted that, the destination MAC address of the data frame header is the MAC address of the communication crypto machine, the source MAC address is the MAC address of the data access subsystem, the type is 0x0800, the IP header is filled according to the standard IP frame header (the destination IP address is the IP address of the communication crypto machine, the source IP address is the IP address of the data access subsystem), the UDP header is filled according to the standard UDP frame header (the source port number is the port number 4000 of the data access subsystem, and the destination port number is the port number 6000 of the communication crypto machine); the special protocol header key is a video/data encryption key and is provided by a communication cipher machine, and the encryption/decryption algorithm is an encryption algorithm; the destination MAC address is a security access gateway MAC address, the source MAC address is a data access subsystem MAC address, the type is 0x0800, the IP header is filled according to a standard IP frame header (the destination IP address is a security access gateway IP address, the source IP address is a data access subsystem IP address), the TCP header is filled according to a standard TCP frame header (the source port number is a data access subsystem port number 4000, the destination port number is a security access gateway port number 5000), and the HTTP header is filled according to a standard HTTP frame header (the lower layer protocol is RTCP/RTSP/RTP protocol).
Step 1070, the security access gateway performs the following operations on the surveillance video stream/space-time data stream (ciphertext):
step 1071, adding TLS/SSL protocol header operation to the monitoring video stream/space-time data stream (ciphertext) data frame;
and 1071, completely packaging the monitoring video stream/space-time data stream (ciphertext) data packet with the TLS/SSL header into a standard data packet format and transmitting the standard data packet format to the second terminal.
Fig. 12 is a schematic diagram of an analysis flow of the coding analysis system provided by the present invention. As shown in fig. 12, the system includes: format conversion node, code version analysis node, code data structure analysis node, representation code analysis node and reader.
Wherein,,
the format conversion node converts the identification data into first data in a uniform and resolvable code type URL format after receiving the identification data, and encapsulates the first data into a first message by a special protocol, wherein target address information in the first message is address information of a code data structure resolution node, and sends the address information to a code version resolution node.
After receiving the first message sent by the format conversion node, the code version analysis node analyzes the first message to obtain first data and target address information (address information of the code data structure analysis node), analyzes the first data to obtain an identification domain name and an object code, takes the identification domain name and the object code as a whole as new first data, encapsulates the new first message into a special protocol, wherein the target address information in the new first message is the address information of the identification code analysis node, and sends the new first message to the code data structure analysis node corresponding to the target address information.
After receiving the first message sent by the code version analysis node, the code data structure analysis node analyzes the first message to obtain first data (identification domain name and object code) and target address information (address information of the identification code analysis node), analyzes the first data (identification domain name and object code) to obtain an object code domain name, and encapsulates the object code domain name as the first data to form a first message by using a special protocol, wherein the target address information in the new first message is the address information of the reader, and sends the new first message to the identification code analysis node corresponding to the target address information.
After receiving the first message sent by the code data structure analysis node, the identification code analysis node analyzes the first message to obtain first data (object code domain name) and target address information (address information of a reader), analyzes the first data (object code domain name) to obtain an object information server address, takes the object information server address as the first data, encapsulates the first message formed by a special protocol, wherein the target address information in the new first message is empty, and sends the new first message to the reader corresponding to the target address information for the reader to access the object information server address.
Fig. 13 illustrates a physical structure diagram of an electronic device, as shown in fig. 13, which may include: processor 1310, communication interface (Communications Interface) 1320, memory 1330 and communication bus 1340, wherein processor 1310, communication interface 1320, memory 1330 communicate with each other via communication bus 1340. Processor 1310 may invoke logic instructions in memory 1330 to perform a data processing method, the method comprising: receiving a first message encapsulated by a special protocol, analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, and the first data and the target address information are stored in the data field; performing data processing on the first data to obtain second data; and sending the second data to a target interface corresponding to the target address information.
Further, the logic instructions in the memory 1330 can be implemented in the form of software functional units and can be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, being capable of performing the data processing method provided by the methods described above, the method comprising: receiving a first message encapsulated by a special protocol, analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, and the first data and the target address information are stored in the data field; performing data processing on the first data to obtain second data; and sending the second data to a target interface corresponding to the target address information.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the data processing method provided by the above methods, the method comprising: receiving a first message encapsulated by a special protocol, analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, and the first data and the target address information are stored in the data field; performing data processing on the first data to obtain second data; and sending the second data to a target interface corresponding to the target address information.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A method of data processing, comprising:
receiving a first message encapsulated by a special protocol, and analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, the special protocol header is used for describing data processing information, the data processing information comprises processing parameters, a processing initial vector, an offset length and a processing algorithm type, the data field consists of a data payload and an MAC field, the first data and the target address information are stored in the data payload, and the MAC field is used for checking the integrity of the data payload; in the case that the data processing method is applied to data encryption or data decryption, the processing parameter is a secret key, and the processing initial vector is a secret key initial vector; in the case that the data processing method is applied to coding analysis, the processing parameters are coding analysis parameters, and the processing initial vector is a coding analysis initial vector;
Based on the data processing information, performing data processing on the first data to obtain second data;
and sending the second data to a target interface corresponding to the target address information.
2. A data processing method as claimed in claim 1, wherein,
the destination address information includes a destination MAC address, a source MAC address, a protocol type, an IP header, a TCP header, and an HTTP header.
3. The method according to claim 1 or 2, wherein receiving the first message encapsulated in the dedicated protocol comprises:
receiving the first message which is sent by a data interface and is encapsulated by a special protocol;
and performing data processing on the first data to obtain second data, wherein the data processing comprises the following steps:
encrypting the first data to obtain ciphertext data, and taking the ciphertext data as the second data;
the sending the second data to the target interface corresponding to the target address information includes:
and sending the ciphertext data to a storage interface corresponding to the target address information, and storing the ciphertext data by the storage interface.
4. A data processing method according to claim 1 or 2, wherein said receiving a first message encapsulated in a proprietary protocol comprises:
Receiving the first message which is sent by a storage interface and is packaged by a special protocol;
and performing data processing on the first data to obtain second data, wherein the data processing comprises the following steps:
decrypting the first data to obtain plaintext data, and taking the plaintext data as the second data;
the sending the second data to the target interface corresponding to the target address information includes:
and sending the plaintext data to a data interface corresponding to the target address information, and analyzing and packaging the plaintext data by the data interface and sending the plaintext data to a terminal.
5. A data processing method according to claim 1 or 2, wherein said receiving a first message encapsulated in a proprietary protocol comprises:
receiving the first message which is sent by a data interface and is encapsulated by a special protocol;
and performing data processing on the first data to obtain second data, wherein the data processing comprises the following steps:
analyzing the first data to obtain an object information server address, and taking the object information server address as the second data;
the sending the second data to the target interface corresponding to the target address information includes:
And sending the address of the object information server to an identification interface corresponding to the target address information, and carrying out access identification on the address of the object information server by the identification interface.
6. The method for processing data according to claim 5, wherein the parsing the first data to obtain the address of the object information server includes:
analyzing the first data to obtain an identification domain name and an object code;
resolving the identification domain name and the object code to obtain an object code domain name;
and resolving the object coding domain name to obtain the address of the object information server.
7. A data processing apparatus, comprising:
the device comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a first message packaged by a special protocol, analyzing the first message to obtain first data and target address information, the special protocol comprises a special protocol header and a data field, the special protocol header is used for describing data processing information, the data processing information comprises processing parameters, a processing initial vector, an offset length and a processing algorithm type, the data field consists of a data payload and an MAC field, the first data and the target address information are stored in the data payload in the data field, and the MAC field is used for checking the integrity of the data payload; in the case that the data processing method is applied to data encryption or data decryption, the processing parameter is a secret key, and the processing initial vector is a secret key initial vector; in the case that the data processing method is applied to coding analysis, the processing parameters are coding analysis parameters, and the processing initial vector is a coding analysis initial vector;
The processing module is used for carrying out data processing on the first data based on the data processing information to obtain second data;
and the forwarding module is used for sending the second data to a target interface corresponding to the target address information.
8. A data processing system, comprising: a communication main and the data processing device of claim 7, said data processing device being connected to said communication main in a serial manner.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the data processing method according to any one of claims 1 to 6 when executing the program.
10. A non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed by a processor, implements the data processing method according to any one of claims 1 to 6.
CN202210475068.XA 2022-04-29 2022-04-29 Data processing method, device and system Active CN114866527B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210475068.XA CN114866527B (en) 2022-04-29 2022-04-29 Data processing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210475068.XA CN114866527B (en) 2022-04-29 2022-04-29 Data processing method, device and system

Publications (2)

Publication Number Publication Date
CN114866527A CN114866527A (en) 2022-08-05
CN114866527B true CN114866527B (en) 2023-09-15

Family

ID=82636384

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210475068.XA Active CN114866527B (en) 2022-04-29 2022-04-29 Data processing method, device and system

Country Status (1)

Country Link
CN (1) CN114866527B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109769043A (en) * 2019-03-14 2019-05-17 中国工商银行股份有限公司 Domain name analytic method, apparatus and system
CN110380970A (en) * 2019-07-22 2019-10-25 北京邮电大学 A kind of self-adapting data message forwarding method and device suitable for heterogeneous network
CN113438071A (en) * 2021-05-28 2021-09-24 荣耀终端有限公司 Method and device for secure communication

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100596062C (en) * 2007-08-16 2010-03-24 杭州华三通信技术有限公司 Secure protection device and method for distributed packet transfer
CN101145904A (en) * 2007-11-07 2008-03-19 杭州华三通信技术有限公司 A method, device and system for data packet transmission
CN103929299B (en) * 2014-04-28 2017-05-10 王小峰 Self-securing lightweight network message transmitting method with address as public key
CN111614683B (en) * 2020-05-25 2023-01-06 成都卫士通信息产业股份有限公司 Data processing method, device and system and network card
CN113452686B (en) * 2021-06-23 2022-10-18 中移(杭州)信息技术有限公司 Data processing method, data processing device, proxy server and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109769043A (en) * 2019-03-14 2019-05-17 中国工商银行股份有限公司 Domain name analytic method, apparatus and system
CN110380970A (en) * 2019-07-22 2019-10-25 北京邮电大学 A kind of self-adapting data message forwarding method and device suitable for heterogeneous network
CN113438071A (en) * 2021-05-28 2021-09-24 荣耀终端有限公司 Method and device for secure communication

Also Published As

Publication number Publication date
CN114866527A (en) 2022-08-05

Similar Documents

Publication Publication Date Title
CN110557680B (en) Audio and video data frame transmission method and system
CN105308896A (en) Secure network communication
CN113765713A (en) Data interaction method based on Internet of things equipment acquisition
CN101764825B (en) Data transmission method of virtual private network, system thereof, terminal thereof and gateway equipment thereof
CN110392044B (en) Information transmission method and device based on video networking
CN113507483B (en) Instant messaging method, device, server and storage medium
CN112436936B (en) Cloud storage method and system with quantum encryption function
CN109660568B (en) Method, equipment and system for realizing network talkback security mechanism based on SRTP
US20230208615A1 (en) Online-Streamer Image Model File Transmission in Co-Hosting During Livestreaming
CN111372056A (en) Video data encryption and decryption processing method and device
Huang et al. Implementing publish/subscribe pattern for CoAP in fog computing environment
CN116366740A (en) Data transmission method, device, system, storage medium and processor
CN118054903A (en) Talkback command dispatching system and method based on quantum encryption
Rabieh et al. Privacy-preserving and efficient sharing of drone videos in public safety scenarios using proxy re-encryption
CN113726895A (en) File transmission method and device and network KTV system
CN117579277A (en) Encryption and decryption method, device and equipment of information and storage medium
CN113179229A (en) Verification method, verification device, storage medium and electronic equipment
CN114866527B (en) Data processing method, device and system
CN105246172A (en) Network transmission method for mobile terminals
CN111262837B (en) Data encryption method, data decryption method, system, equipment and medium
CN106685896B (en) Clear data acquisition method and system in a kind of SSH agreement multilevel access
CN117061212A (en) Method, system, equipment and medium for isolating internal and external networks supporting block chain protocol
CN114826748B (en) Audio and video stream data encryption method and device based on RTP, UDP and IP protocols
CN115426627A (en) Industry thing networking data collection box based on 5G network
CN111416791A (en) Data transmission method, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant