CN115314242A - Network data security encryption method and device - Google Patents
Network data security encryption method and device Download PDFInfo
- Publication number
- CN115314242A CN115314242A CN202210722810.2A CN202210722810A CN115314242A CN 115314242 A CN115314242 A CN 115314242A CN 202210722810 A CN202210722810 A CN 202210722810A CN 115314242 A CN115314242 A CN 115314242A
- Authority
- CN
- China
- Prior art keywords
- network data
- network
- data
- encryption
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 230000005540 biological transmission Effects 0.000 claims abstract description 66
- 230000008569 process Effects 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 48
- 230000006855 networking Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 2
- 238000012937 correction Methods 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a network data security encryption method and a device thereof, which are applied to the field of network data; acquiring a data transmission process of first network data; judging whether the data transmission process can be connected with other transmission channels or not; if yes, accessing a preset integrated encryption tunnel to the data transmission process to obtain second network data; acquiring a network access address of second network data; judging whether the network access address is matched with an intranet access service; if not, a preset encryption service device is adopted to get through the intranet access service for the second network data; the invention is different from other encryption devices which need complicated connection processes, and the establishment of the encryption tunnel can be automatically carried out only by connecting the device with the Internet; and the mode of connecting the Internet is not limited by network environment, and data security encryption can be carried out by connecting the network cable and the wireless WIFI.
Description
Technical Field
The present invention relates to the field of network data, and in particular, to a method and an apparatus for secure encryption of network data.
Background
With the development of technology, various digital data can be stored in a storage device. One may store or transmit confidential data in a storage device. Once the storage device is lost, the confidential data may be stolen.
Information security is becoming increasingly important. The storage device can store the encrypted data without storing the original data, thereby ensuring the safety of information stealing. If someone wants to retrieve the original data, he has to decrypt the encrypted data with the key. Once a hacker steals the key, the hacker can easily retrieve the original data. At present, the network and the mobile phone software are full of applications, and if the key is hidden in the software or the nonvolatile memory, a hacker or a developer can steal the key. Therefore, how to ensure that network data is not stolen is a big challenge of information security technology.
Disclosure of Invention
The invention aims to solve the problem that network data is not stolen, and provides a network data security encryption method and a network data security encryption device.
The invention adopts the following technical means for solving the technical problems:
the invention provides a network data security encryption method, which comprises the following steps:
acquiring a data transmission process of first network data;
judging whether the data transmission process can be connected with other transmission channels or not;
if yes, accessing a preset integrated encryption tunnel to the data transmission process to obtain second network data;
acquiring a network access address of second network data;
judging whether the network access address is matched with an intranet access service;
and if not, adopting preset encryption service equipment to get through the intranet access service for the second network data.
Further, the step of acquiring the data transmission process of the first network data includes:
acquiring an access mode of the first network data;
judging whether the access mode can be safely encrypted or not;
if yes, a preset encryption service device is arranged to encrypt the first network data.
Further, the step of laying a preset encryption service device to encrypt the network data includes:
acquiring a network access condition of the first network data;
judging whether the network access condition can be normally networked or not;
if yes, encrypting the first network data;
if not, automatically connecting the stored network access address for the first network data.
Further, the step of accessing a preset integrated encrypted tunnel to the data transmission process to obtain second network data includes:
acquiring protocol data of the first network data;
sending the protocol data to a preset encryption server by adopting a preset node to encrypt a protocol;
acquiring encryption protocol data fed back by the encryption server;
and inputting the encrypted protocol data into the first network data to obtain encrypted second network data.
Further, the step of sending the protocol data to a preset encryption server by using a preset node to perform protocol encryption includes:
generating a session key matched with the protocol data;
selecting a function send and a function recv in the session key as a reference for controlling the execution of the session key;
judging whether the function send and the function recv are matched with a redundancy check code of first network data or not;
and if so, carrying out protocol encryption on the first network data through the session key.
Further, the step of obtaining the network access address of the second network data includes:
acquiring an IP address of the second network data;
judging whether the IP address is matched with a preset network access type;
and if so, acquiring the network access address of the second network data.
Further, the step of using a preset encryption service device to get through the intranet access service for the second network data includes:
acquiring a protocol classification of the second network data;
judging whether the protocol classification is matched with a preset network protocol or not;
and if so, opening the intranet access service according to the protocol classification.
The invention also provides a network data security encryption device, which comprises:
the first acquisition module is used for acquiring a data transmission process of first network data;
the first judging module is used for judging whether the data transmission process can be connected with other transmission channels or not;
the first execution module is used for accessing a preset integrated encryption tunnel into the data transmission process if the integrated encryption tunnel can be accessed, so as to obtain second network data;
the second acquisition module is used for acquiring the network access address of the second network data;
the second judgment module is used for judging whether the network access address is matched with the normal intranet access service or not;
and the second execution module is used for communicating the intranet access service for the second network data by adopting preset encryption service equipment if the intranet access service is not provided for the second network data.
Further, the first obtaining module further comprises:
a first obtaining unit, configured to obtain an access mode of the first network data;
the first judgment unit is used for judging whether the access mode can be safely encrypted or not;
and the first execution unit is used for laying preset encryption service equipment to encrypt the first network data if the first execution unit is yes.
Further, the first execution unit further includes:
a first obtaining subunit, configured to obtain a network access status of the first network data;
the first judging subunit is used for judging whether the network access condition can be normally networked;
the first execution subunit is used for encrypting the first network data if the first execution subunit is in the first network data encryption state;
and the second execution subunit is used for automatically connecting the saved network access address for the first network data if the first network data is not the network access address.
The invention provides a network data security encryption method and a device thereof, which have the following beneficial effects:
the invention is different from other encryption devices which need complicated connection processes, and the establishment of the encryption tunnel can be automatically carried out only by connecting the device with the Internet; and the mode of connecting the Internet is not limited by network environment, and data security encryption can be carried out by connecting the network cable and the wireless WIFI.
Drawings
FIG. 1 is a flow chart illustrating a network data security encryption method according to an embodiment of the present invention;
fig. 2 is a block diagram of an embodiment of a network data security encryption apparatus according to the present invention.
Detailed Description
It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention, the objects, features and advantages of which are set forth in the following description, taken in conjunction with the accompanying drawings.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a method for encrypting network data securely in an embodiment of the present invention includes the following steps:
s1: acquiring a data transmission process of first network data;
s2: judging whether the data transmission process can be connected with other transmission channels or not;
s3: if yes, accessing a preset integrated encryption tunnel to the data transmission process to obtain second network data;
s4: acquiring a network access address of second network data;
s5: judging whether the network access address is matched with an intranet access service;
s6: if not, a preset encryption service device is adopted to get through the intranet access service for the second network data.
In this embodiment, through a data transmission process of acquiring first network data that needs to be currently transmitted, according to whether the first network data can be based on an original transmission channel, another transmission channel is connected, and whether data encryption can be performed on the first network data is further determined; for example, the first network data can be connected to other transmission channels on the basis of an original data transmission channel by acquiring the first network data, that is, the first network data can be accessed to encrypted data through other transmission channels, or other data can be transmitted together, at this time, an integrated encryption tunnel can be generated through preset encryption service equipment and connected to the transmission channel of the first network data through a secret key, and the integrated encryption tunnel and the transmission channel are combined to complete encryption of the first network data; for example, the first network book cannot be connected to other transmission channels on the basis of the original data transmission channel by acquiring the first network book, that is, the first network book represents that the first network data can only encrypt the original data transmission channel, for example, a secret key is set for the data transmission channel of the first network data, and the first network data cannot be encrypted by means of external access; acquiring second network data obtained after the first network data is encrypted, acquiring a network access address of the second network data, and judging whether the network access address of the second network data can be matched with the intranet access service according to a preset corresponding intranet access service; for example, the network access address of the acquired second network data is an address of mobile data connection, and the preset corresponding intranet access service is wifi intranet access service, that is, the network access address of the second network data does not match the intranet access service, and a preset encryption service device needs to be adopted to make a call for the second network data to the intranet access service; for example, when the network access address of the acquired second network data is the address of wifi connection, and the corresponding intranet access service set in advance is known to be the wifi intranet access service, that is, the network access address of the second network data matches the intranet access service at this time, it is not necessary to get through to the intranet access service of the second network data.
In this embodiment, the step S1 of acquiring the data transmission process of the first network data includes:
s11: acquiring an access mode of the first network data;
s12: judging whether the access mode can be safely encrypted or not;
s13: if yes, a preset encryption service device is arranged to encrypt the first network data.
In this embodiment, by acquiring the access mode of the first network data, it is determined whether the access mode of the first network data can be matched for security encryption according to the security encryption mode; for example, the access mode for acquiring the first network Data is an IDC (Internet Data Connector) mode, and the access mode set by the security encryption is an ADO (active x Data Objects) mode, that is, the first network Data cannot be securely encrypted at this time, and at this time, a pre-prepared encryption service device needs to be laid, and the first network Data can be securely encrypted by accessing the integrated encryption tunnel to the first network Data; for example, the access mode for acquiring the first network Data is an RDS (Remote Data Service) mode, and the access mode set by the security encryption is also an RDS (Remote Data Service) mode, that is, at this time, the first network Data can be encrypted securely without using a pre-prepared encryption Service device.
In this embodiment, the step S13 of laying a preset encryption service device to encrypt the network data includes:
s131: acquiring a network access condition of the first network data;
s132: judging whether the network access condition can be normally networked or not;
s133: if yes, encrypting the first network data;
s134: if not, automatically connecting the stored network access address for the first network data.
In this embodiment, by acquiring the network access condition of the first network data, whether the first network data can be encrypted is determined according to whether networking is possible or not according to the network access condition; for example, the network access condition for acquiring the first network data is that normal networking is possible, that is, it is determined that the first network data can be encrypted at this time, that is, the first network data can be safely encrypted by accessing the integrated encryption tunnel for the first network data through the preset encryption service device; for example, the network access condition when the first network data is acquired is that normal networking cannot be performed, that is, it is determined that the first network data cannot be encrypted, at this time, a network access address stored in the first network data needs to be passed, the network access address needs to be automatically connected, and the secure encryption can be performed only after the connection is completed.
In this embodiment, the step S3 of accessing a preset integrated encrypted tunnel to the data transmission process to obtain second network data includes:
s31: acquiring protocol data of the first network data;
s32: sending the protocol data to a preset encryption server by adopting a preset node to encrypt a protocol;
s33: acquiring encryption protocol data fed back by the encryption server;
s34: and inputting the encrypted protocol data into the first network data to obtain encrypted second network data.
In this embodiment, protocol data in the first network data is acquired, the protocol data is sent to an encryption server in the encryption service device through a node preset in a transmission channel in the first network data, protocol encryption is performed on the protocol data, and the protocol encryption process specifically includes generating a session key matched with the protocol data, then selecting a function send and a function recv in the session key as standards for controlling execution of the session key, and when the function send and the function recv can be matched with a redundancy check code of the first network data, it represents that the protocol data is successfully encrypted, and at this time, the encryption server of the encryption service device feeds the encrypted protocol data back to the first network data in the transmission channel, so that encrypted second network data is obtained.
In this embodiment, the step S32 of sending the protocol data to a preset encryption server by using a preset node to perform protocol encryption includes:
s321: generating a session key matched with the protocol data;
s322: selecting a function send and a function recv in the session key as a reference for controlling the execution of the session key;
s323: judging whether the function send and the function recv are matched with a redundancy check code of first network data;
s324: and if so, carrying out protocol encryption on the first network data through the session key.
In this embodiment, the encryption server of the encryption service device generates a matching session key, which is called a data encryption key or a working key, for the protocol data of the first network data, and is an encryption and decryption key randomly generated to ensure a secure communication session between the user and another computer or between two computers; whether the protocol encryption is successful or not can be known through whether the function send and the function recv in the session key are matched with the redundancy check code in the first network data or not; for example, after the data sent by the function send and the function recv in the session key are transmitted by the protocol, a corresponding check code may be generated, and if the generated check code is 010100 and the redundant check code in the first network data is 010101, the function send and the function recv at this time cannot match the redundant check code of the first network data, and a vulnerability may occur in the protocol encryption of the session key; for example, after the data sent by the function send and the function recv in the session key is transmitted by the protocol, the corresponding check code may be generated, for example, the generated check code is 010101, and if it is known that the redundancy check code in the first network data is 010101, that is, the function send and the function recv at this time can match the redundancy check code of the first network data, the protocol encryption of the session key is successful.
It should be noted that, the function send directly triggers the event corresponding to the specified window, and returns to the calling application after executing the event handler; when the application program calls the recv function, the function recv firstly waits for the data in the sending buffer of the function send to be transmitted by the protocol, and then encrypts the protocol data; the redundancy check code is a cyclic redundancy check code, which is a commonly used check code with error detection and correction capabilities.
In this embodiment, the step S4 of acquiring the network access address of the second network data includes:
s41: acquiring an IP address of the second network data;
s42: judging whether the IP address is matched with a preset network access type;
s43: and if so, acquiring the network access address of the second network data.
In this embodiment, by acquiring the IP address in the second network data, whether the IP address can be matched is determined according to a preset network access type; for example, the IP address in the obtained second network data is 192.168.1.1, and the preset network access type is 192.168.0 ·, that is, the IP address of the second network data does not match the preset network access type at this time, and a new IP address needs to be reconnected; for example, when the IP address in the acquired second network data is 192.168.0.1 and the predetermined network access type is 192.168.0 ·, that is, the IP address of the second network data matches the predetermined network access type, the network access address of the second network data is acquired.
In this embodiment, the step S6 of using a preset encryption service device to get through the intranet access service for the second network data includes:
s61: acquiring a protocol classification of the second network data;
s62: judging whether the protocol classification is matched with a preset network protocol or not;
s63: and if so, opening the intranet access service according to the protocol classification.
In this embodiment, by acquiring the protocol classification of the second network data, whether the protocol classification of the second data can be matched is judged according to a preset network protocol; for example, the obtained Protocol of the second network data is classified into a UDP Protocol, that is, a User Datagram Protocol (User Datagram Protocol), and the preset network Protocol is a TCP Protocol, that is, a Transmission Control Protocol (Transmission Control Protocol), that is, the Protocol classification of the second network data does not match the preset network Protocol, and at this time, the internet access service can be accessed only by converting the Protocol of the second network data into the matched network Protocol; for example, the protocol classification of the acquired second network data is a TCP protocol, and when the preset network protocol is known to be the TCP protocol, that is, the protocol classification of the second network data can match the preset network protocol, at this time, the access service to the intranet can be directly opened, so that the second network data is connected to the intranet.
Referring to fig. 2, an apparatus for encrypting network data security according to an embodiment of the present invention includes:
a first obtaining module 10, configured to obtain a data transmission process of first network data;
a first judging module 20, configured to judge whether the data transmission process can be connected to another transmission channel;
the first execution module 30 is configured to access a preset integrated encrypted tunnel to the data transmission process if the integrated encrypted tunnel is enabled, so as to obtain second network data;
a second obtaining module 40, configured to obtain a network access address of the second network data;
a second determining module 50, configured to determine whether the network access address matches a normal intranet access service;
and a second execution module 60, configured to, if no, use a preset encryption service device to get through the intranet access service for the second network data.
In this embodiment, the first obtaining module 10 obtains a data transmission process of first network data that needs to be currently transmitted, and the first determining module 20 is further connected to another transmission channel according to whether the first network data can be based on an original transmission channel, so as to determine whether data encryption can be performed on the first network data; for example, the first network data can be connected to other transmission channels on the basis of the original data transmission channel by acquiring that the first network data can access the encrypted data through other transmission channels, or the first network data can be transmitted together with other data, the first execution module 30 can generate an integrated encrypted tunnel through a preset encryption service device at this time, and connect to the transmission channel of the first network data through a secret key, and combine the integrated encrypted tunnel and the transmission channel to complete encryption of the first network data; for example, the first network book cannot be connected to other transmission channels on the basis of the original data transmission channel by acquiring the first network book, that is, the first network book represents that the first network data can only encrypt the original data transmission channel, for example, a secret key is set for the data transmission channel of the first network data, and the first network data cannot be encrypted by means of external access; acquiring second network data obtained by encrypting the first network data, acquiring a network access address of the second network data by the second acquisition module 40, and judging whether the network access address of the second network data can be matched with the intranet access service by the second judgment module 50 according to a preset corresponding intranet access service; for example, by acquiring that the network access address of the second network data is an address of mobile data connection, and the preset corresponding intranet access service is wifi intranet access service, that is, the network access address of the second network data does not match the intranet access service, the second execution module 60 needs to use a preset encryption service device to make a call to the intranet access service for the second network data; for example, by acquiring the network access address of the second network data as a wifi connected address, when it is known that the preset corresponding intranet access service is a wifi intranet access service, that is, the network access address of the second network data matches the intranet access service, it is not necessary to make a call to the intranet access service of the second network data.
In this embodiment, the first obtaining module further includes:
a first obtaining unit, configured to obtain an access mode of the first network data;
the first judgment unit is used for judging whether the access mode can be safely encrypted or not;
and the first execution unit is used for laying preset encryption service equipment to encrypt the first network data if the first execution unit is yes.
In this embodiment, by acquiring the access mode of the first network data, it is determined whether the access mode of the first network data can be matched for security encryption according to the security encryption mode; for example, the access mode for acquiring the first network Data is an IDC (Internet Data Connector) mode, and the access mode set by the security encryption is an ADO (active x Data Objects) mode, that is, the first network Data cannot be securely encrypted at this time, and at this time, a pre-prepared encryption service device needs to be laid, and the first network Data can be securely encrypted by accessing the integrated encryption tunnel to the first network Data; for example, the access mode for acquiring the first network Data is an RDS (Remote Data Service) mode, and the access mode set by the security encryption is also an RDS (Remote Data Service) mode, that is, the first network Data can be securely encrypted at this time, and a pre-prepared encryption Service device is not required.
In this embodiment, the first execution unit further includes:
a first obtaining subunit, configured to obtain a network access status of the first network data;
the first judging subunit is used for judging whether the network access condition can be normally networked;
the first execution subunit is used for encrypting the first network data if the first execution subunit is in the state of encrypting the first network data;
and the second execution subunit is used for automatically connecting the stored network access address for the first network data if the first network data is not the stored network access address.
In this embodiment, by acquiring the network access condition of the first network data, whether the first network data can be encrypted is determined according to whether networking is possible or not according to the network access condition; for example, the network access condition for acquiring the first network data is that normal networking is possible, that is, it is determined that the first network data can be encrypted at this time, that is, the first network data can be safely encrypted by accessing the integrated encryption tunnel for the first network data through the preset encryption service device; for example, the network access condition of the acquired first network data is that normal networking cannot be performed, that is, it is determined that the first network data cannot be encrypted, and at this time, the network access address needs to be automatically connected through the network access address stored in the first network data, and the secure encryption can be performed only after the connection is completed.
In this embodiment, the first executing module further includes:
a second obtaining unit, configured to obtain protocol data of the first network data;
the first sending unit is used for sending the protocol data to a preset encryption server by adopting a preset node for protocol encryption;
a third obtaining unit, configured to obtain encryption protocol data fed back by the encryption server;
and the first input unit is used for inputting the encrypted protocol data into the first network data to obtain encrypted second network data.
In this embodiment, protocol data in the first network data is acquired, the protocol data is sent to an encryption server in the encryption service device through a node preset in a transmission channel in the first network data, protocol encryption is performed on the protocol data, and the protocol encryption process specifically includes generating a session key matched with the protocol data, then selecting a function send and a function recv in the session key as standards for controlling execution of the session key, and when the function send and the function recv can be matched with a redundancy check code of the first network data, it represents that the protocol data is successfully encrypted, and at this time, the encryption server of the encryption service device feeds the encrypted protocol data back to the first network data in the transmission channel, so that encrypted second network data is obtained.
In this embodiment, the first sending unit further includes:
a first generation subunit, configured to generate a session key that matches the protocol data;
the first selection unit is used for selecting the function send and the function recv in the session key as the reference for controlling the execution of the session key;
the second judging subunit is configured to judge whether the function send and the function recv match a redundancy check code of the first network data;
and the third execution subunit is used for carrying out protocol encryption on the first network data through the session key if the first network data is the first network data.
In this embodiment, the encryption server of the encryption service device generates a matching session key, which is called a data encryption key or a working key, for the protocol data of the first network data, and is an encryption and decryption key randomly generated to ensure a secure communication session between the user and another computer or between two computers; whether the protocol encryption is successful or not can be known through whether the function send and the function recv in the session key are matched with the redundancy check code in the first network data or not; for example, after the data sent by the function send and the function recv in the session key is transmitted by the protocol, the corresponding check code may be generated, and if the generated check code is 010100 and the redundancy check code in the first network data is 010101, the function send and the function recv at this time cannot match the redundancy check code of the first network data, and a bug may occur in the protocol encryption of the session key; for example, after the data sent by the function send and the function recv in the session key is transmitted by the protocol, the corresponding check code may be generated, for example, the generated check code is 010101, and if it is known that the redundancy check code in the first network data is 010101, that is, the function send and the function recv at this time can match the redundancy check code of the first network data, the protocol encryption of the session key is successful.
It should be noted that, the function send directly triggers the event corresponding to the specified window, and returns to the calling application after executing the event handler; when the application program calls the recv function, the function recv firstly waits for the data in the sending buffer of the function send to be transmitted by the protocol, and then encrypts the protocol data; the redundancy check code is a cyclic redundancy check code, which is a commonly used check code with error detection and correction capabilities.
In this embodiment, the second obtaining module further includes:
a third obtaining unit, configured to obtain an IP address of the second network data;
the second judging unit is used for judging whether the IP address is matched with a preset network access type or not;
and the second execution unit is used for acquiring the network access address of the second network data if the second execution unit is yes.
In this embodiment, by acquiring the IP address in the second network data, whether the IP address can be matched is determined according to a preset network access type; for example, the IP address in the obtained second network data is 192.168.1.1, and the preset network access type is 192.168.0 ·, that is, the IP address of the second network data does not match the preset network access type at this time, and a new IP address needs to be reconnected; for example, if the IP address in the acquired second network data is 192.168.0.1 and the predetermined network access type is 192.168.0 ·, that is, the IP address of the second network data matches the predetermined network access type at this time, the network access address of the second network data is acquired.
In this embodiment, the second executing module further includes:
a fourth obtaining unit, configured to obtain a protocol classification of the second network data;
a third judging unit, configured to judge whether the protocol classification matches a preset network protocol;
and the third execution unit is used for making a call to the intranet access service according to the protocol classification if the intranet access service is the same as the protocol classification.
In this embodiment, by acquiring the protocol classification of the second network data, whether the protocol classification of the second data can be matched is judged according to a preset network protocol; for example, the Protocol of the acquired second network data is classified into a UDP Protocol, that is, a User Datagram Protocol (User Datagram Protocol), and the preset network Protocol is a TCP Protocol, that is, a Transmission Control Protocol (Transmission Control Protocol), that is, the Protocol classification of the second network data does not match the preset network Protocol, and at this time, the internet access service can be opened only by converting the Protocol of the second network data into the matched network Protocol; for example, the protocol of the acquired second network data is classified into a TCP protocol, and when the predetermined network protocol is known to be the TCP protocol, that is, the protocol classification of the second network data can match the predetermined network protocol, at this time, the access service of the intranet can be directly opened, so that the second network data is connected to the intranet.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A network data security encryption method is characterized by comprising the following steps:
acquiring a data transmission process of first network data;
judging whether the data transmission process can be connected with other transmission channels or not;
if yes, accessing a preset integrated encryption tunnel to the data transmission process to obtain second network data;
acquiring a network access address of second network data;
judging whether the network access address is matched with an intranet access service;
and if not, adopting preset encryption service equipment to get through the intranet access service for the second network data.
2. The method for encrypting the network data security according to claim 1, wherein the step of acquiring the data transmission process of the first network data comprises:
acquiring an access mode of the first network data;
judging whether the access mode can be safely encrypted or not;
if yes, a preset encryption service device is arranged to encrypt the first network data.
3. The method for encrypting the network data safely according to claim 2, wherein the step of laying a preset encryption service device to encrypt the network data comprises:
acquiring a network access condition of the first network data;
judging whether the network access condition can be normally networked or not;
if yes, encrypting the first network data;
if not, automatically connecting the stored network access address for the first network data.
4. The method for encrypting network data safely according to claim 1, wherein the step of accessing the preset integrated encrypted tunnel to the data transmission process to obtain the second network data comprises:
acquiring protocol data of the first network data;
sending the protocol data to a preset encryption server by adopting a preset node to encrypt a protocol;
acquiring encryption protocol data fed back by the encryption server;
and inputting the encrypted protocol data into the first network data to obtain encrypted second network data.
5. The method for encrypting the network data safely according to claim 4, wherein the step of sending the protocol data to a preset encryption server by using a preset node for protocol encryption comprises:
generating a session key matched with the protocol data;
selecting a function send and a function recv in the session key as a reference for controlling the execution of the session key;
judging whether the function send and the function recv are matched with a redundancy check code of first network data;
and if so, carrying out protocol encryption on the first network data through the session key.
6. The method for encrypting the network data safely according to claim 1, wherein the step of obtaining the network access address of the second network data comprises:
acquiring an IP address of the second network data;
judging whether the IP address is matched with a preset network access type or not;
and if so, acquiring the network access address of the second network data.
7. The method according to claim 1, wherein the step of using a preset encryption service device to get through the intranet access service for the second network data comprises:
acquiring a protocol classification of the second network data;
judging whether the protocol classification is matched with a preset network protocol or not;
and if so, opening the intranet access service according to the protocol classification.
8. A network data security encryption apparatus, comprising:
the first acquisition module is used for acquiring a data transmission process of first network data;
the first judging module is used for judging whether the data transmission process can be connected with other transmission channels or not;
the first execution module is used for accessing a preset integrated encryption tunnel into the data transmission process if the integrated encryption tunnel can be accessed, so as to obtain second network data;
the second acquisition module is used for acquiring the network access address of the second network data;
the second judgment module is used for judging whether the network access address is matched with a normal intranet access service or not;
and the second execution module is used for communicating the intranet access service for the second network data by adopting preset encryption service equipment if the intranet access service is not provided for the second network data.
9. The network data security encryption apparatus of claim 8, wherein the first obtaining module further comprises:
a first obtaining unit, configured to obtain an access mode of the first network data;
the first judgment unit is used for judging whether the access mode can be safely encrypted or not;
and the first execution unit is used for laying preset encryption service equipment to encrypt the first network data if the first execution unit is yes.
10. The network data security encryption device of claim 8, wherein the first execution unit further comprises:
a first obtaining subunit, configured to obtain a network access status of the first network data;
the first judging subunit is used for judging whether the network access condition can be normally networked;
the first execution subunit is used for encrypting the first network data if the first execution subunit is in the first network data encryption state;
and the second execution subunit is used for automatically connecting the saved network access address for the first network data if the first network data is not the network access address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210722810.2A CN115314242B (en) | 2022-06-24 | 2022-06-24 | Network data security encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210722810.2A CN115314242B (en) | 2022-06-24 | 2022-06-24 | Network data security encryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115314242A true CN115314242A (en) | 2022-11-08 |
| CN115314242B CN115314242B (en) | 2024-06-21 |
Family
ID=83854536
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210722810.2A Active CN115314242B (en) | 2022-06-24 | 2022-06-24 | Network data security encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115314242B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050046834A (en) * | 2003-11-14 | 2005-05-19 | 주식회사 시큐랩 | Security system and method for internet commumication between client system and sever system of specific domain |
| US20060090074A1 (en) * | 2004-10-22 | 2006-04-27 | Kazumine Matoba | Encryption communication system |
| US20120137123A1 (en) * | 2010-08-05 | 2012-05-31 | Northeastern University Technology Transfer Center | Encryption/decryption communication system |
| CN105827582A (en) * | 2015-09-14 | 2016-08-03 | 维沃移动通信有限公司 | Communication encryption method, device and system |
| CN106170008A (en) * | 2016-05-17 | 2016-11-30 | 北京畅游天下网络技术有限公司 | A kind of inter-network means of communication, device and load equalizer |
| CN106850668A (en) * | 2017-03-03 | 2017-06-13 | 深圳安软信创技术有限公司 | mobile application security network tunnel |
| WO2017113353A1 (en) * | 2015-12-31 | 2017-07-06 | 华为技术有限公司 | Data transmission method, apparatus and device |
| CN107864129A (en) * | 2017-10-31 | 2018-03-30 | 江苏神州信源系统工程有限公司 | A kind of method and apparatus for ensureing network data security |
| US20180205722A1 (en) * | 2017-01-13 | 2018-07-19 | Parallel Wireless, Inc. | Multi-Stage Secure Network Element Certificate Provisioning in a Distributed Mobile Access Network |
| US20190173850A1 (en) * | 2017-12-04 | 2019-06-06 | Nicira, Inc. | Scaling gateway to gateway traffic using flow hash |
| US20200287749A1 (en) * | 2019-03-04 | 2020-09-10 | Cyxtera Cybersecurity, Inc. | Multiple gateway controllers to establish network access |
| CN112688954A (en) * | 2020-12-28 | 2021-04-20 | 上海创能国瑞数据系统有限公司 | Protection method for sensitive data transmission |
| CN113347206A (en) * | 2021-06-30 | 2021-09-03 | 建信金融科技有限责任公司 | Network access method and device |
-
2022
- 2022-06-24 CN CN202210722810.2A patent/CN115314242B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050046834A (en) * | 2003-11-14 | 2005-05-19 | 주식회사 시큐랩 | Security system and method for internet commumication between client system and sever system of specific domain |
| US20060090074A1 (en) * | 2004-10-22 | 2006-04-27 | Kazumine Matoba | Encryption communication system |
| US20120137123A1 (en) * | 2010-08-05 | 2012-05-31 | Northeastern University Technology Transfer Center | Encryption/decryption communication system |
| CN105827582A (en) * | 2015-09-14 | 2016-08-03 | 维沃移动通信有限公司 | Communication encryption method, device and system |
| WO2017113353A1 (en) * | 2015-12-31 | 2017-07-06 | 华为技术有限公司 | Data transmission method, apparatus and device |
| CN106170008A (en) * | 2016-05-17 | 2016-11-30 | 北京畅游天下网络技术有限公司 | A kind of inter-network means of communication, device and load equalizer |
| US20180205722A1 (en) * | 2017-01-13 | 2018-07-19 | Parallel Wireless, Inc. | Multi-Stage Secure Network Element Certificate Provisioning in a Distributed Mobile Access Network |
| CN106850668A (en) * | 2017-03-03 | 2017-06-13 | 深圳安软信创技术有限公司 | mobile application security network tunnel |
| CN107864129A (en) * | 2017-10-31 | 2018-03-30 | 江苏神州信源系统工程有限公司 | A kind of method and apparatus for ensureing network data security |
| US20190173850A1 (en) * | 2017-12-04 | 2019-06-06 | Nicira, Inc. | Scaling gateway to gateway traffic using flow hash |
| US20200287749A1 (en) * | 2019-03-04 | 2020-09-10 | Cyxtera Cybersecurity, Inc. | Multiple gateway controllers to establish network access |
| CN112688954A (en) * | 2020-12-28 | 2021-04-20 | 上海创能国瑞数据系统有限公司 | Protection method for sensitive data transmission |
| CN113347206A (en) * | 2021-06-30 | 2021-09-03 | 建信金融科技有限责任公司 | Network access method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115314242B (en) | 2024-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108762791B (en) | Firmware upgrading method and device | |
| KR101239297B1 (en) | System for protecting information and method thereof | |
| US20040168081A1 (en) | Apparatus and method simplifying an encrypted network | |
| US9544769B2 (en) | Method for providing application service | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| CN108449357B (en) | Authorized login method and device, intelligent device and storage medium | |
| WO2020232854A1 (en) | Vehicle unlocking method and apparatus, and computer device and storage medium | |
| CN111970109B (en) | Data transmission method and system | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| US20240073020A1 (en) | Digital key pairing method, pairing system, and vehicle | |
| WO2022062980A1 (en) | Communication method and apparatus, and electronic device and storage medium | |
| CN108737087B (en) | Protection method for mailbox account password and computer readable storage medium | |
| CN112425116A (en) | Intelligent door lock wireless communication method, intelligent door lock, gateway and communication equipment | |
| CN110890959B (en) | Account encryption method, system and device | |
| CN115801252B (en) | Safe cloud desktop system combined with quantum encryption technology | |
| CN115314242B (en) | Network data security encryption method and device | |
| CN112187726A (en) | Data transmission method, device, storage medium and terminal | |
| CN116032548A (en) | Access authentication method and device of Internet of things, terminal equipment and gateway equipment | |
| US7424739B2 (en) | On-machine communication verification | |
| CN111541642B (en) | Bluetooth encryption communication method and device based on dynamic secret key | |
| CN111431846B (en) | Data transmission method, device and system | |
| CN114116448A (en) | Pressure testing method and device of application program, storage medium and computer equipment | |
| CN114039723A (en) | Method and device for generating shared key, electronic equipment and storage medium | |
| CN110362976B (en) | Biometric security device | |
| CN113839958A (en) | Communication encryption method and device for smart home, control system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |