CN115378660A - Data transmission method, device, equipment and medium - Google Patents

Data transmission method, device, equipment and medium Download PDF

Info

Publication number
CN115378660A
CN115378660A CN202210903920.9A CN202210903920A CN115378660A CN 115378660 A CN115378660 A CN 115378660A CN 202210903920 A CN202210903920 A CN 202210903920A CN 115378660 A CN115378660 A CN 115378660A
Authority
CN
China
Prior art keywords
data
message
application layer
segment
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210903920.9A
Other languages
Chinese (zh)
Inventor
江峰
程咏阳
秦伯钦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Cloud Technology Co Ltd
Original Assignee
Tianyi Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Cloud Technology Co Ltd filed Critical Tianyi Cloud Technology Co Ltd
Priority to CN202210903920.9A priority Critical patent/CN115378660A/en
Publication of CN115378660A publication Critical patent/CN115378660A/en
Priority to PCT/CN2022/141563 priority patent/WO2024021478A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Abstract

The application discloses a data transmission method, a data transmission device, data transmission equipment and a data transmission medium, which are used for reducing the waste of resources and energy consumption at the transmitting end and the receiving end. According to the method and the device, the sending equipment can generate the message body corresponding to the application layer data according to the encryption type corresponding to the application layer data, wherein the encryption type comprises non-encryption and/or exclusive-or encryption, the sending equipment adds the message header corresponding to the message body, generates the data message, and transmits the data message to the transmission layer, namely, the data is subjected to non-encryption and/or exclusive-or encryption processing between the application layer and the transmission layer, and compared with the condition that the data is subjected to encryption processing only by adopting a TLS/SSL protocol, the method and the device reduce the expenditure of resources and energy consumption at the two transmitting and receiving ends.

Description

Data transmission method, device, equipment and medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data transmission method, apparatus, device, and medium.
Background
According to studies, it is expected that by 2025, the total amount of global data will rise from 16 ze bytes (Zettabyte, ZB) in 2016 to 163ZB. Among these data, picture, video and voice unstructured data account for more than 80%. In order to ensure the security of data transmission in the internet, a user encrypts data at a sending end according to a specific encryption algorithm, and then sends a ciphertext to a receiving end through a network, and the receiving end decrypts the ciphertext and converts the ciphertext into a plaintext, so that the security of the data in the transmission process is ensured. For example, a conventional hypertext transfer protocol over secure socket layer (HTTPS) protocol verifies the identity of a server through a Secure Socket Layer (SSL) certificate and encrypts communication between a browser and the server.
With the development of cloud storage technology, users tend to upload data to the cloud. In order to further protect private data, a user encrypts data itself, the Payload (Payload) of a Hyper Text Transfer Protocol (HTTP) is encrypted data of the user, and the whole HTTP request is encrypted again in a Transport Layer Security (TLS)/SSL protocol. Double encryption causes the data encryption and decryption process to consume a large amount of Central Processing Unit (CPU) resources. Statistically, TLS/SSL offload (offload) takes about 10% of the CPU clock cycle, while the user mode of the whole computing node consumes only 30%, which means that 30% of the computing resources and energy consumption are wasted in the encryption and decryption process. Therefore, the related art wastes a large amount of resources and energy consumption at the data receiving and transmitting ends.
Disclosure of Invention
The application provides a data transmission method, a data transmission device, data transmission equipment and a data transmission medium, which are used for reducing the waste of resources and energy consumption at the transmitting end and the receiving end.
The application provides a data transmission method, which comprises the following steps:
the method comprises the steps that sending equipment obtains application layer data, wherein the application layer data comprises first data to be transmitted;
the sending equipment generates a message body corresponding to the application layer data according to the encryption type corresponding to the application layer data, wherein the encryption type comprises one or more of the following types: not encrypting, XOR encrypting;
the sending equipment adds a message header corresponding to the message body to generate a data message;
the sending device passes the data packet to the transport layer.
Further, before the sending device generates the packet body corresponding to the application layer data according to the encryption type corresponding to the application layer data, the method further includes:
the method comprises the steps that a sending device segments application layer data to obtain at least one segment of data, wherein each segment of data has a corresponding encryption type;
the sending equipment generates a message body corresponding to the application layer data according to the encryption type corresponding to the application layer data, and the message body comprises:
and aiming at each segment of data in at least one segment of data, the sending equipment generates a message body corresponding to the segment of data according to the encryption type corresponding to the segment of data, wherein the message body of each segment of data has a corresponding message header.
Furthermore, an MRP protocol is arranged between the application layer and the transmission layer, the MRP protocol supports the security protocol of the application layer and/or the transmission layer security TLS/secure socket layer SSL protocol, and the MRP protocol is connected with the security protocol of the transmission layer.
Further, the message header includes a coding type field, an offset field and a length field; the encoding type field indicates an encryption type; the offset field indicates an offset of the application layer data; the length field indicates the length of the body of the message.
In another aspect, a data transmission method is provided, and the method includes:
the receiving equipment acquires a data message transmitted by a transmission layer;
the receiving equipment decrypts the message body in the data message according to the encryption type corresponding to the data message, and determines second data of the data message, wherein the encryption type comprises one or more of the following types: not encrypting, XOR encrypting;
the receiving device transmits the second data to the application layer.
Furthermore, the data message is at least one segment of data message, and each segment of data message has a corresponding encryption type;
the receiving equipment decrypts the message body in the data message according to the encryption type corresponding to the data message, and the determining of the second data of the data message comprises the following steps:
for each data message in at least one section of data message, the receiving equipment decrypts the message body in the section of data message according to the encryption type corresponding to the section of data message, and determines the decryption data of the section of data message;
and the receiving equipment sequences and combines the decrypted data of each section of data message to determine the second data of at least one section of data message.
On the other hand, an embodiment of the present application provides a data transmission apparatus, including:
the device comprises an acquisition unit, a transmission unit and a transmission unit, wherein the acquisition unit is used for acquiring application layer data, and the application layer data comprises first data to be transmitted;
the generating unit is used for generating a message body corresponding to the application layer data according to the encryption type corresponding to the application layer data; adding a message header corresponding to the message body to generate a data message, wherein the encryption type comprises one or more of the following types: not encrypting, XOR encrypting;
and the transmission unit is used for transmitting the data message to the transmission layer.
On the other hand, an embodiment of the present application provides a data transmission apparatus, including:
an obtaining unit, configured to obtain a data packet transmitted by a transport layer;
a determining unit, configured to perform decryption processing on a packet body in the data packet according to an encryption type corresponding to the data packet, and determine second data of the data packet, where the encryption type includes one or more of the following: not encrypting, XOR encrypting;
and the transfer unit is used for transmitting the second data to the application layer.
In another aspect, the present application provides an electronic device, which includes a processor and a memory, where the processor is configured to implement the steps of any one of the data transmission methods when executing a computer program stored in the memory.
In another aspect, the present application provides a computer-readable storage medium storing a computer program, which when executed by a processor implements the steps of any of the data transmission methods described above.
According to the method and the device, the sending equipment can generate the message body corresponding to the application layer data according to the encryption type corresponding to the application layer data, wherein the encryption type comprises non-encryption and/or exclusive-or encryption, the sending equipment adds the message header corresponding to the message body, generates the data message, and transmits the data message to the transmission layer, namely, the data is subjected to non-encryption and/or exclusive-or encryption processing between the application layer and the transmission layer, and compared with the method and the device which only adopt a TLS/SSL protocol to carry out encryption processing on the data, the method and the device reduce the expenditure of resources and energy consumption at the two receiving and transmitting ends.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a data transmission process according to some embodiments of the present application;
fig. 2 is a schematic diagram of a message format of a data message according to some embodiments of the present application;
FIG. 3 is a schematic diagram of an MRP protocol provided in some embodiments of the present application;
FIG. 4 is a schematic diagram of a data transmission process according to some embodiments of the present application;
fig. 5 is a schematic diagram of a data transmission process according to some embodiments of the present application;
FIG. 6 is a schematic diagram of a data transmission process according to some embodiments of the present application;
fig. 7 is a schematic structural diagram of a data transmission device according to some embodiments of the present application;
fig. 8 is a schematic structural diagram of a data transmission device according to some embodiments of the present application;
fig. 9 is a schematic structural diagram of an electronic device according to some embodiments of the present application.
Detailed Description
In order to make the purpose, technical solutions and advantages of the present application clearer, the present application will be described in further detail with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Example 1:
fig. 1 is a schematic diagram of a data transmission process provided in an embodiment of the present application, where the data transmission process includes the following steps:
s101: the sending equipment acquires application layer data, wherein the application layer data comprises first data to be transmitted.
The sending device can send the first data to be transmitted to the receiving device through the data transmission method provided by the embodiment of the application. The sending device and/or the receiving device are electronic devices, and an exemplary electronic device may be a server, or a mobile device. For example, in a scenario of downloading video data, the sending device may be a server, the receiving device is a mobile device (e.g., a mobile phone or a computer used by a user), and the first data to be transmitted is video data to be downloaded to a local area of the user. In another example, in a scenario of uploading data to the cloud, the sending device may be a mobile device (e.g., a mobile phone or a computer used by a user), the receiving device may be a server, and the first data to be transmitted is data to be uploaded to the cloud.
The application layer data may be plaintext first data, or may be data obtained by encrypting the first data by using a security protocol of the application layer, where the security protocol of the application layer generally includes, but is not limited to, HTTP, file Transfer Protocol (FTP), real-time transport protocol (RTP), and the like.
S102: and the sending equipment generates a message body corresponding to the application layer data according to the encryption type corresponding to the application layer data.
The encryption types include one or more of: unencrypted, exclusive OR (XOR) encrypted, TLS protocol encrypted, SSL protocol encrypted.
The application layer data has a corresponding encryption type, optionally, the application layer data includes at least one segment of data, and each segment of data has a corresponding encryption type, that is, each segment of data has an independent encryption mode. Taking the downloaded video data as an example, if the video data in the application layer data includes the member video, the application layer data (or the member video in the application layer data) may be processed in a manner that the security is higher and the complexity is higher, such as TLS protocol encryption or SSL protocol encryption, and if the video data in the application layer data includes the free video, the application layer data (or the free video in the application layer data) may be processed in a manner that the security is slightly lower and the complexity is slightly lower, such as no encryption or xor encryption.
The sending equipment adopts the corresponding encryption type of the application layer data to perform corresponding encryption processing or non-encryption processing on the application layer data, so that the message body can be obtained. The message body obtained by the encryption processing is the plaintext data, and the message body obtained by the XOR encryption, TLS protocol encryption or SSL protocol encryption processing is the ciphertext.
S103: and the sending equipment adds a message header corresponding to the message body to generate a data message.
The data message at least comprises a message header and a message body. Wherein the message body is the ciphertext or plaintext data obtained after the processing according to the encryption type in the above S102. The header may be in a header format in the related art, or may be in a new header format provided in the embodiment of the present application, where the new header format provided in the embodiment of the present application will be described in the following embodiments.
S104: the sending device delivers the data message to the transport layer.
After the data message is received by the transmission layer, the transmission layer may directly transmit the data message to a subsequent security protocol layer, or the transmission layer may encrypt the data message using a security protocol of the transmission layer and transmit the encrypted data message to the subsequent security protocol layer. The security protocol of the transport layer generally includes, but is not limited to, a Transmission Control Protocol (TCP), a Stream Control Transmission Protocol (SCTP), and the like.
In some implementations, the subsequent security protocol layer is, in order, a network layer, a data link layer, a physical layer, and the like. The security protocol of the network layer includes, but is not limited to, internet Protocol (IP) and the like.
In the embodiment of the application, the sending device generates the message body corresponding to the application layer data according to the encryption type corresponding to the application layer data, wherein the encryption type includes non-encryption and/or exclusive-or encryption, the sending device adds the message header corresponding to the message body, generates the data message, and transmits the data message to the transmission layer, that is, the data is not encrypted and/or exclusive-or encrypted between the application layer and the transmission layer, so that compared with the case that the data is encrypted only by adopting a TLS/SSL protocol, the overhead of resources and energy consumption at the two transmitting and receiving ends is reduced.
Example 2:
in order to reduce the encryption overhead without damaging the requirement of user security, on the basis of the above embodiment, in this embodiment of the application, before the sending device generates the packet body corresponding to the application layer data according to the encryption type corresponding to the application layer data, the method further includes:
the sending equipment segments the application layer data to obtain at least one segment of data, wherein each segment of data has a corresponding encryption type.
The sending equipment can segment the application layer data according to the encryption type and the encryption configuration, and realize that each segment of data is encrypted according to the requirement, thereby reducing the encryption cost without damaging the safety requirement of a user. For example, the encryption configuration may be used to decide whether the data needs to be encrypted and the level of the security requirement, so that the sending device may divide the data with different security requirements into different segments of data. For another example, the encryption configuration may be used to configure a data location and an encryption type that need to be encrypted, so that the sending device may perform corresponding division on the application layer data according to the data location to obtain at least one piece of data. The encryption configuration may be set by the user or pre-configured in the sending device, and is not limited in this embodiment of the application.
The sending equipment generates a message body corresponding to the application layer data according to the encryption type corresponding to the application layer data, and the message body comprises:
and aiming at each segment of data in at least one segment of data, the sending equipment generates a message body corresponding to the segment of data according to the encryption type corresponding to the segment of data, wherein the message body of each segment of data has a corresponding message header.
Because each piece of data has the corresponding encryption type, the sending device can adopt the corresponding encryption type to process each piece of data respectively to obtain the message body corresponding to each piece of data.
For example, if the encryption type of a piece of data is TLS protocol encryption, the sending device may encrypt the piece of data using TLS/SSL protocol, otherwise, the sending device may encrypt the piece of data using xor encryption, or may not encrypt the piece of data.
The message body of each segment of data has a corresponding message body, so that the sending equipment adds a message header corresponding to the message body to generate a data message, and the method comprises the following steps:
for each segment of data, adding a message body header corresponding to the segment of data to a message body corresponding to the segment of data by the sending equipment to generate a data message corresponding to the segment of data;
the sending device generates a final data packet, that is, a data packet corresponding to the application layer data (or the first data), according to the data packet corresponding to each segment of data.
In the embodiment of the application, the sending device can segment the application layer data, selectively encrypt each segment of data by adopting the encryption type corresponding to each segment of data, and can reduce the encryption overhead without damaging the requirement of user security.
Example 3:
on the basis of the foregoing embodiments, in the embodiment of the present application, the header includes a coding type (codec) field, an offset (offset) field, and a length (length) field;
the encoding type field indicates an encryption type;
the offset field indicates an offset of the application layer data;
the length field indicates the length of the message body.
Optionally, the header may further include a reserved (reserved) field, which is used for subsequent protocol extensions.
The encoding type field may take different values to indicate the corresponding encoding type, for example, the encoding type field is 0 to indicate no encryption, 1 to indicate TLS/SSL encryption, 2 to indicate xor encryption, and 3 or other values may be extended to other encoding types.
For example, the message format of the Data message is as shown in fig. 2, and includes a message header and a message body, where the message header includes a codec field, an offset field, a length field, and a preserve field, and the message body includes Data (Data), which may be ciphertext obtained through encryption or plaintext Data.
Example 4:
in order to be compatible with the TLS/SSL protocol, in the embodiment of the present application, on the basis of the foregoing embodiments, a multiple-codec presentation protocol (MRP) protocol is disposed between an application layer and a transport layer, a security protocol of an upper application layer and/or the TLS/SSL protocol of the MRP protocol, and a security protocol of a lower transport layer are disposed.
The MRP protocol can be compatible with the TLS/SSL protocol, the data can be processed without changing the existing protocol, and the use cost of a user is reduced.
It is worth noting that the MRP protocol is applicable to secure transmission scenarios for structured data, as well as to secure transmission scenarios for unstructured data.
For example, the MRP protocol is shown in fig. 3, and the MRP protocol is located between the application layer and the transport layer, and includes the security protocol of the application layer and the TLS/SSL protocol, and the security protocol of the transport layer. The transmission layer is connected with the network layer, the network layer is connected with the data link layer, and the data link layer is also connected with the physical layer.
Therefore, the above processes of S102 to S103 may be regarded as processing processes of an MRP protocol, and for convenience of description, the data packet generated in S103 may be referred to as an MRP packet, and for example, a packet format of the MRP packet may be as shown in fig. 2.
A data transmission flow shown in fig. 4 is used to describe a processing procedure of the MRP protocol, in the data transmission flow, at a sending end, application layer data is obtained, a sending device (or an application layer of the sending device) segments data, and an encryption type corresponding to each segment of data is distinguished. And for each segment of data, if the encryption type of the segment of data is TLS/SSL protocol encryption, the transmitting equipment gives the segment of data to the TLS/SSL protocol for encryption, otherwise (if the encryption type of the segment of data is non-encryption or XOR encryption), the transmitting equipment gives the segment of data to the MRP protocol for processing, and a message body obtained after processing is added with a corresponding message header to obtain an MRP message. The sending device transfers the MRP message to the transport layer.
Example 5:
fig. 5 is a schematic diagram of a data transmission process provided in an embodiment of the present application, where the data transmission process includes the following steps:
s501: the receiving equipment acquires the data message transmitted by the transmission layer.
The receiving device can receive the data from the sending device through the data transmission method provided by the embodiment of the application. For the description of the receiving device, refer to the above S101, and the similar parts are not repeated.
The data packet transmitted by the transmission layer is a data packet (as the data packet in S103 above) obtained after being processed by the sending device.
The data messages passed by the transport layer may be passed by other security protocol layers. In some implementations, the other security protocol layers are, in turn, a physical layer, a data link layer, a network layer, and the like.
S502: and the receiving equipment decrypts the message body in the data message according to the encryption type corresponding to the data message, and determines second data of the data message.
The encryption types include one or more of: no encryption, exclusive or encryption, TLS protocol encryption, SSL protocol encryption.
The data packet at least includes a packet header and a packet body, where the packet body may be ciphertext or plaintext data obtained after the processing according to the encryption type in S102. Optionally, if the application layer data is segmented during encryption, the message body is a message body corresponding to one segment of data, and each segment of data has an independent encryption mode.
For example, the receiving device may determine the decryption type corresponding to the encryption type according to the encryption type corresponding to the data packet, so as to decrypt the packet body in the data packet, and obtain the second data. Corresponding to the encryption type, the decryption type may include one or more of: not decryption, exclusive-or decryption, TLS protocol decryption, SSL protocol decryption.
S503: the receiving device transmits the second data to the application layer.
In the embodiment of the application, the receiving device decrypts the message body in the data message according to the encryption type corresponding to the data message transmitted by the transmission layer, wherein the encryption type comprises non-encryption and/or exclusive-or encryption, and correspondingly, the receiving device decrypts the data between the application layer and the transmission layer without decryption and/or exclusive-or decryption.
Example 6:
on the basis of the above embodiments, in the embodiment of the present application, the data packet is at least one segment of data packet, and each segment of data packet has a corresponding encryption type.
The receiving equipment decrypts the message body in the data message according to the encryption type corresponding to the data message, and the determining of the second data of the data message comprises the following steps:
for each section of data message in at least one section of data message, the receiving equipment decrypts the message body in the section of data message according to the encryption type corresponding to the section of data message, and determines the decryption data of the section of data message;
and the receiving equipment sequences and combines the decrypted data of each section of the data message and determines the second data of at least one section of the data message.
Because each segment of data has the corresponding encryption type, the receiving device can decrypt the packet body in each segment of data packet by adopting the decryption type corresponding to the encryption type of each segment of data, so as to obtain the decrypted data of each segment of data packet.
For example, if the encryption type of a segment of data is TLS protocol encryption, the receiving device may decrypt using TLS/SSL protocol, otherwise, the receiving device may decrypt the packet body of the segment of data packet using an exclusive-or decryption method, or does not decrypt the packet body of the segment of data packet.
The segment data of the application layer data has a position sequence, and correspondingly, the receiving device performs sequencing combination on the decrypted data of each segment of the data message to determine the second data of at least one segment of the data. Generally, the second data is the application layer data in S101.
The message format of the data message and the applicable MRP protocol in the embodiment of the present application may refer to the above embodiments, and details of the similar parts are not repeated.
The data transmission flow shown in fig. 6 is used to explain the processing procedure of the MRP protocol, in the data transmission flow, at the receiving end, the data transmitted by the transmission layer is obtained, and for each segment of data packet, if the encryption type of the segment of data packet is the TLS/SSL protocol encryption, the receiving device submits the segment of data to the TLS/SSL protocol for decryption, and obtains the decrypted segment data, otherwise (if the encryption type of the segment of data packet is the non-encryption or the xor encryption), the receiving device submits the segment of data packet to the MRP protocol for processing, and obtains the segment data. The sending device reorders and combines all the segments to obtain complete second data, and transmits the second data to the application layer.
The MRP protocol is applicable to secure transmission scenarios of unstructured data, including but not limited to transmission of encrypted pictures, transmission of encrypted video, transmission of encrypted voice.
In the case of uploading an encrypted picture (or a non-encrypted picture, of course), the user stores the picture in JPEG format after encryption on the server. If the traditional method is adopted, the user encrypts the picture firstly; then the client constructs an HTTP head, and constructs an HTTP message by taking the encrypted data as an HTTP body; and then, a TCP connection and a TLS connection are sequentially established between the client and the server, and the HTTP message is delivered to the TLS to be encrypted and sent to the server again. And after receiving the TCP message, the server is decrypted by the TLS to obtain an HTTP message, and finally the HTTP server stores the encrypted data in the HTTP message body on a disk. It can be seen that the encrypted picture data is encrypted for the second time at the client and decrypted for the first time at the server, and redundant encryption and decryption bring additional overhead to the client and the server. If the data transmission method is adopted, the user firstly encrypts the picture by himself; then the client constructs an HTTP header, and constructs an HTTP message by taking the encrypted data as an HTTP body; then, TCP connection, MRP connection and TLS connection are sequentially established between the client and the server, an HTTP message header is handed to the TLS connection, the TLS encrypts the HTTP message header and then hands the encrypted HTTP message header to the MRP to construct and obtain an MRP message with the coding type of 1, the HTTP message body is directly handed to the MRP to construct and obtain an MRP message with the coding type of 0, and the MRP sends the MRP message to the server through the TCP connection. After receiving TCP message, server delivers it to MRP, MRP extracts MRP message from it and processes message according to coding type codec of MRP message head. Wherein, MRP message with coding type 1 is delivered to TLS for decryption, thereby obtaining the plaintext of HTTP head; MRP message with coding type 0 can be directly extracted to obtain HTTP body. And finally, the complete HTTP message is sent to an HTTP server for processing, and the encrypted data in the HTTP message body is stored on a disk. It can be seen that both the HTTP header and the HTTP body are encrypted only once, where the HTTP header is TLS encrypted and the encrypted picture in the HTTP body is encrypted by the user himself. Only the HTTP header is decrypted by TLS on the server, and the encrypted pictures in the HTTP body are stored directly without decryption. Compared with the traditional method, the embodiment of the application reduces the one-time encryption of the encrypted picture data at the client and the one-time decryption at the server, and reduces the overhead.
Similarly, at present, by using the data characteristics of multimedia and streaming media, part of videos, live broadcast websites and the like, each small block of video is encrypted again through the HTTPS communication process by using the streaming media encryption technology at the server side by using a symmetric encryption algorithm, and a user who passes the authority verification obtains a key for decrypting each small block of data to decrypt at the client side. Taking downloading the member video as an example, the user needs to obtain a member video in mp4 format (including a free part only requiring simple encryption and a member part requiring user identity verification) from the server. If the traditional method is adopted, the server encrypts the member part once, then the free part and the member part are both handed to TLS encryption, the user receives the TLS message and then decrypts to obtain the free part and the member part still in an encrypted state, the server sends a secret key of the member part to the client after verifying the user identity, and the client decrypts to obtain the member part by using the secret key. It can be found that, on the server, only the simple encrypted free part is required to be subjected to TLS encryption, and the member part is subjected to twice encryption; the free part at the client is decrypted by TLS, and the member part is decrypted twice. If the data transmission method provided by the application is adopted, the server can randomly generate a section of byte array and carry out XOR encryption on the free part, which can greatly reduce the overhead compared with the symmetric encryption used by TLS and still meet the safety requirement; the member part is encrypted only once. The server sends the byte array for XOR encryption and the member part key to the client through TLS; after the client decrypts the byte array and the key through TLS, the free part is decrypted by using the byte array XOR, the member part is decrypted by using the key, and the complete plaintext video data is delivered to the application layer. Compared with the traditional method, the method reduces the encryption and decryption expenses of the free part of the video, avoids the secondary encryption and decryption of the member part and reduces the expenses.
Therefore, the data transmission method provided by the embodiment of the application reduces the times of encryption and decryption and avoids redundant encryption and decryption, thereby reducing unnecessary calculation resource overhead under the condition of ensuring the safety of data transmission, being applicable to a resource intensive execution environment, and being capable of freely configuring the position and the encryption mode of encrypted data for terminal equipment with less processing resources.
Example 7:
on the basis of the above embodiments, a data transmission device provided in the embodiments of the present application. Fig. 7 is a schematic structural diagram of a data transmission device 700 provided in the present application, and as shown in fig. 7, the data transmission device 700 includes:
an obtaining unit 701, configured to obtain application layer data, where the application layer data includes first data to be transmitted;
a generating unit 702, configured to generate a packet body corresponding to the application layer data according to the encryption type corresponding to the application layer data; adding a message header corresponding to the message body to generate a data message, wherein the encryption type comprises one or more of the following types: not encrypting, XOR encrypting;
a transfer unit 703 is configured to transfer the data packet to the transport layer.
In a possible implementation manner, the generating unit 702 specifically segments the application layer data to obtain at least one segment of data, where each segment of data has a corresponding encryption type; and aiming at each segment of data in at least one segment of data, generating a message body corresponding to the segment of data according to the encryption type corresponding to the segment of data, wherein the message body of each segment of data has a corresponding message header.
In a possible implementation manner, a multi-code representation protocol MRP protocol is provided between the application layer and the transport layer, the MRP protocol supports a security protocol of the application layer and/or a transport layer security TLS/secure socket layer SSL protocol, and a security protocol of the transport layer is provided below the MRP protocol.
In one possible embodiment, the message header includes a coding type field, an offset field, and a length field; the encoding type field indicates an encryption type; the offset field indicates an offset of the application layer data; the length field indicates the length of the body of the message.
The steps implemented in the embodiments of the present application may refer to the other embodiments described above, and repeated details are not described herein.
Example 8:
on the basis of the above embodiments, a data transmission device provided in the embodiments of the present application. Fig. 8 is a schematic structural diagram of a data transmission apparatus 800 according to the present application, and as shown in fig. 8, the data transmission apparatus 800 includes:
an obtaining unit 801, obtaining a data packet transmitted by a transport layer;
a determining unit 802, configured to decrypt a packet body in the data packet according to an encryption type corresponding to the data packet, and determine second data of the data packet, where the encryption type includes one or more of the following: not encrypting, XOR encrypting;
a transfer unit 803, configured to transmit the second data to the application layer.
In one possible embodiment, the data packet is at least one data packet, and each data packet has a corresponding encryption type.
A determining unit 802, configured to perform decryption processing on a packet body in at least one segment of data packet according to an encryption type corresponding to the segment of data packet, and determine decryption data of the segment of data packet; and sequencing and combining the decrypted data of each section of data message to determine the second data of at least one section of data message.
The steps implemented in the embodiments of the present application may refer to the other embodiments described above, and repeated details are not described herein.
Example 9:
fig. 9 is a schematic structural diagram of an electronic device provided in the present application, and on the basis of the foregoing embodiments, an embodiment of the present application further provides an electronic device, as shown in fig. 9, including: a processor 901, a communication interface 902, a memory 903 and a communication bus 904, wherein the processor 901, the communication interface 902 and the memory 903 are communicated with each other through the communication bus 904;
in one example, the memory 903 has stored therein a computer program that, when executed by the processor 901, causes the processor 901 to perform the steps of:
acquiring application layer data, wherein the application layer data comprises first data to be transmitted;
generating a message body corresponding to the application layer data according to the encryption type corresponding to the application layer data, wherein the encryption type comprises one or more of the following: not encrypting, XOR encrypting;
adding a message header corresponding to the message body to generate a data message;
the sending device delivers the data message to the transport layer.
Further, the processor 901 is specifically configured to segment the application layer data to obtain at least one segment of data, where each segment of data has a corresponding encryption type; and aiming at each segment of data in at least one segment of data, generating a message body corresponding to the segment of data according to the encryption type corresponding to the segment of data, wherein the message body of each segment of data has a corresponding message header.
Furthermore, a multi-code presentation protocol MRP is arranged between the application layer and the transmission layer, the MRP protocol supports a security protocol of the application layer and/or a transmission layer security TLS/secure socket layer SSL protocol, and a security protocol of the transmission layer is connected below the MRP protocol.
Further, the message header includes a coding type field, an offset field and a length field; the encoding type field indicates an encryption type; the offset field indicates an offset of the application layer data; the length field indicates the length of the body of the message.
In another example, the memory 903 has stored therein a computer program that, when executed by the processor 901, causes the processor 901 to perform the steps of:
acquiring a data message transmitted by a transmission layer;
according to the encryption type corresponding to the data message, carrying out decryption processing on a message body in the data message, and determining second data of the data message, wherein the encryption type comprises one or more of the following: not encrypting, XOR encrypting;
and transmitting the second data to the application layer.
Further, the data packet is at least one segment of data packet, and each segment of data packet has a corresponding encryption type.
The processor 901 is specifically configured to, for each segment of data packet in at least one segment of data packet, perform decryption processing on a packet body in the segment of data packet according to an encryption type corresponding to the segment of data packet, and determine decryption data of the segment of data packet; and sequencing and combining the decrypted data of each section of data message to determine the second data of at least one section of data message.
The communication interface 902 is used for communication between the electronic apparatus and other apparatuses.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a central processing unit, a Network Processor (NP), and the like; but may also be a Digital instruction processor (DSP), an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, etc.
On the basis of the foregoing embodiments, the present application provides a computer-readable storage medium, in which a computer program executable by a processor is stored, and when the program runs on the processor, the processor is caused to execute the steps shown in fig. 1 or fig. 5.
Since the principle of the computer readable medium provided above for solving the problem is similar to the network access method, after the processor executes the computer program in the computer readable medium, the steps implemented may refer to the other embodiments described above, and repeated details are not repeated.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (10)

1. A method of data transmission, the method comprising:
the method comprises the steps that sending equipment obtains application layer data, wherein the application layer data comprises first data to be transmitted;
the sending equipment generates a message body corresponding to the application layer data according to the encryption type corresponding to the application layer data, wherein the encryption type comprises one or more of the following types: not encrypting, XOR encrypting;
the sending equipment adds a message header corresponding to the message body to generate a data message;
and the sending equipment transmits the data message to a transmission layer.
2. The method according to claim 1, wherein before the sending device generates the packet body corresponding to the application layer data according to the encryption type corresponding to the application layer data, the method further comprises:
the sending equipment segments the application layer data to obtain at least one segment of data, wherein each segment of data has a corresponding encryption type;
the generating, by the sending device, a packet body corresponding to the application layer data according to the encryption type corresponding to the application layer data includes:
and aiming at each segment of data in the at least one segment of data, the sending equipment generates a message body corresponding to the segment of data according to the encryption type corresponding to the segment of data, wherein the message body of each segment of data has a corresponding message header.
3. The method as claimed in claim 1 or 2, wherein a multi-coding representation protocol MRP protocol is provided between the application layer and the transport layer, the MRP protocol supports the security protocol of the application layer and/or the transport layer security TLS/secure sockets layer SSL protocol, and the security protocol of the transport layer is connected below.
4. The method according to claim 1 or 2, wherein the header comprises a coding type field, an offset field and a length field;
the encoding type field indicates an encryption type;
the offset field indicates an offset of the application layer data;
the length field indicates the length of the message body.
5. A method of data transmission, the method comprising:
the receiving equipment acquires a data message transmitted by a transmission layer;
the receiving device decrypts the message body in the data message according to the encryption type corresponding to the data message, and determines second data of the data message, wherein the encryption type includes one or more of the following types: not encrypting, XOR encrypting;
the receiving device transmits the second data to an application layer.
6. The method of claim 5, wherein the datagram is at least one datagram, each datagram having a corresponding encryption type;
the receiving device decrypts the packet body in the data packet according to the encryption type corresponding to the data packet, and determining the second data of the data packet includes:
for each segment of data message in the at least one segment of data message, the receiving device decrypts the message body in the segment of data message according to the encryption type corresponding to the segment of data message, and determines the decryption data of the segment of data message;
and the receiving equipment sequences and combines the decrypted data of each section of data message to determine the second data of the at least one section of data message.
7. A data transmission apparatus, characterized in that the apparatus comprises:
the device comprises an acquisition unit, a transmission unit and a processing unit, wherein the acquisition unit is used for acquiring application layer data, and the application layer data comprises first data to be transmitted;
a generating unit, configured to generate a packet body corresponding to the application layer data according to the encryption type corresponding to the application layer data; adding a message header corresponding to the message body, and generating a data message, wherein the encryption type includes one or more of the following types: not encrypting, XOR encrypting;
and the transmission unit is used for transmitting the data message to a transmission layer.
8. A data transmission apparatus, characterized in that the apparatus comprises:
the device comprises an acquisition unit, a transmission unit and a processing unit, wherein the acquisition unit is used for acquiring a data message transmitted by a transmission layer;
a determining unit, configured to decrypt a packet body in the data packet according to an encryption type corresponding to the data packet, and determine second data of the data packet, where the encryption type includes one or more of the following: not encrypting, XOR encrypting;
and the transfer unit is used for transmitting the second data to the application layer.
9. An electronic device, characterized in that the electronic device comprises a processor and a memory, the processor being adapted to carry out the steps of the data transmission method according to any of claims 1-6 when executing a computer program stored in the memory.
10. A computer-readable storage medium, characterized in that it stores a computer program which, when being executed by a processor, carries out the steps of the data transmission method according to any one of the preceding claims 1 to 6.
CN202210903920.9A 2022-07-29 2022-07-29 Data transmission method, device, equipment and medium Pending CN115378660A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210903920.9A CN115378660A (en) 2022-07-29 2022-07-29 Data transmission method, device, equipment and medium
PCT/CN2022/141563 WO2024021478A1 (en) 2022-07-29 2022-12-23 Data transmission method and apparatus, device, and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210903920.9A CN115378660A (en) 2022-07-29 2022-07-29 Data transmission method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN115378660A true CN115378660A (en) 2022-11-22

Family

ID=84064348

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210903920.9A Pending CN115378660A (en) 2022-07-29 2022-07-29 Data transmission method, device, equipment and medium

Country Status (2)

Country Link
CN (1) CN115378660A (en)
WO (1) WO2024021478A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116032545A (en) * 2022-12-06 2023-04-28 北京中睿天下信息技术有限公司 Multi-stage filtering method and system for ssl or tls flow
WO2024021478A1 (en) * 2022-07-29 2024-02-01 天翼云科技有限公司 Data transmission method and apparatus, device, and medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11451609B2 (en) * 2018-03-16 2022-09-20 Intel Corporation Technologies for accelerated HTTP processing with hardware acceleration
CN111756751B (en) * 2020-06-28 2022-10-21 杭州迪普科技股份有限公司 Message transmission method and device and electronic equipment
CN113438071B (en) * 2021-05-28 2024-04-09 荣耀终端有限公司 Method and device for secure communication
CN114465775B (en) * 2021-12-31 2023-10-20 华为技术有限公司 Secure transmission method and device
CN115378660A (en) * 2022-07-29 2022-11-22 天翼云科技有限公司 Data transmission method, device, equipment and medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024021478A1 (en) * 2022-07-29 2024-02-01 天翼云科技有限公司 Data transmission method and apparatus, device, and medium
CN116032545A (en) * 2022-12-06 2023-04-28 北京中睿天下信息技术有限公司 Multi-stage filtering method and system for ssl or tls flow
CN116032545B (en) * 2022-12-06 2024-03-22 北京中睿天下信息技术有限公司 Multi-stage filtering method and system for ssl or tls flow

Also Published As

Publication number Publication date
WO2024021478A1 (en) 2024-02-01

Similar Documents

Publication Publication Date Title
US10432590B2 (en) Establishing a communication event using secure signalling
US10893076B2 (en) Data compression for communications signalling
JP3819729B2 (en) Data-safety communication apparatus and method
US10362069B2 (en) Protocol fallback
CN115378660A (en) Data transmission method, device, equipment and medium
EP1965538B1 (en) Method and apparatus for distribution and synchronization of cryptographic context information
US9203614B2 (en) Method, apparatus, and system for protecting cloud data security
WO2013178019A1 (en) Method, device and system for implementing media data processing
US20150229621A1 (en) One-time-pad data encryption in communication channels
CN110601825B (en) Ciphertext processing method and device, storage medium and electronic device
CN111211894B (en) Data transmission method, device and system
CN111277802B (en) Video code stream processing method, device, equipment and storage medium
WO2023231817A1 (en) Data processing method and apparatus, and computer device and storage medium
US20220150224A1 (en) Encryption using recursive key
CN112822015B (en) Information transmission method and related device
Jung et al. Securing RTP Packets Using Per‐Packet Key Exchange for Real‐Time Multimedia
CN113708928A (en) Edge cloud communication method and related device
JP2013042331A (en) Unidirectional communication system, method, and program
CN106714150B (en) Method for encrypting communication connection and intelligent terminal
CN105657454A (en) Audio and video terminal network EPG receiving method and system
Shashidhar et al. Design of secure transmission of multimedia data using SRTP on linux platform
CN115460020A (en) Data sharing method, device, equipment and storage medium
CN116962843A (en) Media information transmission method and device, storage medium and electronic device
CN110890968A (en) Instant messaging method, device, equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination