CN115514520A - Network transmission method and related equipment - Google Patents

Network transmission method and related equipment Download PDF

Info

Publication number
CN115514520A
CN115514520A CN202210963055.7A CN202210963055A CN115514520A CN 115514520 A CN115514520 A CN 115514520A CN 202210963055 A CN202210963055 A CN 202210963055A CN 115514520 A CN115514520 A CN 115514520A
Authority
CN
China
Prior art keywords
data
node machine
transmission
dynamic path
access gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210963055.7A
Other languages
Chinese (zh)
Other versions
CN115514520B (en
Inventor
王凯峰
王东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yuantek Technology Co ltd
Original Assignee
Beijing Yuantek Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yuantek Technology Co ltd filed Critical Beijing Yuantek Technology Co ltd
Priority to CN202210963055.7A priority Critical patent/CN115514520B/en
Publication of CN115514520A publication Critical patent/CN115514520A/en
Application granted granted Critical
Publication of CN115514520B publication Critical patent/CN115514520B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0061Error detection codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Abstract

The disclosure provides a network transmission method and related equipment. The system comprises a user terminal, a node machine, an access gateway and a user server. The user terminal acquires original data, encrypts the original data through a network transmission protocol and CRC (cyclic redundancy check) data to obtain encrypted data, and sends the encrypted data to the node machine; the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path; and the access gateway acquires the decrypted data, decrypts the transmission data according to the decrypted data to obtain the original data, and sends the original data to the user server through a channel.

Description

Network transmission method and related equipment
Technical Field
The present disclosure relates to the field of network communication technologies, and in particular, to a network transmission method and related devices.
Background
With the rapid development of computer network technology, computer networks carry a lot of important information transmission, and information networks have become important guarantees for social development.
However, in the existing network data transmission process, data is transmitted by simply encrypting the data through a secret key, so that the data has the problems of low security and easy intrusion in the transmission process.
Disclosure of Invention
In view of the above, the present disclosure is directed to a network transmission method and related apparatus for solving or partially solving the above technical problems.
In view of the above object, a first aspect of the present disclosure provides a network transmission method, where the method is applied to a communication system, where the communication system includes a user terminal, a node machine, an access gateway, and a user server, and the method includes:
the user terminal acquires original data, encrypts the original data through a network transmission protocol and CRC data check to obtain encrypted data, and sends the encrypted data to the node machine;
the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path;
and the access gateway acquires decrypted data, decrypts the transmission data according to the decrypted data to obtain the original data, and sends the original data to the user server through a channel.
In some embodiments, the communication system further comprises: an address issuing server;
before the user terminal acquires the original data, the method further comprises the following steps:
and the address issuing server acquires the position and the IP address of the node machine and sends the position and the IP address of the node machine to the user terminal.
In some embodiments, before the address distribution server obtains the location and the IP address of the node machine, the method further includes:
the address issuing server presets the threshold values of the position of the node machine and the service time of the IP address as a first time threshold value;
and in response to the node machine position and the IP address use time of the node machine exceeding the first time threshold, the address issuing server changes the node machine position and the IP address of the node machine.
In some embodiments, the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path, including:
the node machine judges the type of the network transmission protocol according to a UDP protocol port, acquires the original data of the user terminal according to the type of the network transmission protocol, and judges and determines whether the encrypted data comes from the user terminal or not through CRC data check in the original data;
in response to determining that the encrypted data is from the user terminal, the node machine processes the encrypted data through a path selection algorithm, determines an anonymous dynamic path from a path pool from the node machine to an access gateway, and updates the anonymous dynamic path according to the use time of the anonymous dynamic path, wherein the encrypted data comprises at least one of the following data: protocol number, source IP, destination IP, source port, and destination port;
the node machine sets a secret key in advance for each transit node, encrypts a random character string with random length added or reduced for data content in the encrypted data through the secret key, respectively encrypts the random character string through at least one level of transit nodes in the anonymous dynamic path to obtain transmission data, and sends the transmission data to the access gateway, wherein the data content comprises data content after the IP layer of the encrypted data and/or data content of the IP header.
In some embodiments, the updating the anonymous dynamic path according to the usage time of the anonymous dynamic path includes:
presetting a threshold value of the anonymous dynamic path use time as a second time threshold value;
in response to determining that the anonymous dynamic path usage time exceeds the second time threshold, the node machine re-determines an anonymous dynamic path via the path selection algorithm.
In some embodiments, the obtaining, by the access gateway, decrypted data, decrypting the transmission data according to the decrypted data to obtain the original data, and sending the original data to the user server through a channel includes:
the access gateway acquires the secret key and the length of the original data as the decryption data, and decrypts the transmission data according to the decryption data to obtain the original data;
the access gateway establishes a channel pool, selects a channel from the channel pool according to the original data, records a channel ID, binds the channel ID with the anonymous dynamic path, encrypts the original data into a channel message and sends the channel message to the user server through the channel, wherein the channel comprises a channel protocol.
In some embodiments, further comprising:
responding to the user server to receive the original data, and recovering the original data by the user server to obtain the transmission data and sending the transmission data to the access gateway;
the access gateway acquires the anonymous dynamic path according to the channel ID, transmits the transmission data to the transit node through the anonymous dynamic path, decrypts the transmission data through the at least one stage of transit node by using the secret key to obtain the encrypted data, and transmits the encrypted data to the node machine;
and the node machine decrypts the encrypted data through a network transmission protocol and CRC data check to obtain the original data, and sends the original data to the user terminal.
Based on the same inventive concept, a second aspect of the present disclosure provides a network transmission apparatus, where the apparatus is disposed in a communication system, the communication system includes a user terminal, a node machine, an access gateway, and a user server, and the apparatus includes:
the encryption module is configured to acquire original data by the user terminal, encrypt the original data through a network transmission protocol and CRC data check to obtain encrypted data, and send the encrypted data to the node machine;
the node machine is configured to determine an anonymous dynamic path through a path selection algorithm, encrypt the encrypted data to obtain transmission data, and send the transmission data to the access gateway through the anonymous dynamic path;
and the decryption module is configured to acquire decrypted data by the access gateway, decrypt the transmission data according to the decrypted data to obtain the original data, and send the original data to the user server through a channel.
Based on the same inventive concept, a third aspect of the present disclosure proposes an electronic device comprising a memory, a processor and a computer program stored on the memory and executable by the processor, the processor implementing the method as described above when executing the computer program.
Based on the same inventive concept, the fourth aspect of the present disclosure also proposes a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method as described above.
As can be seen from the foregoing, according to the network transmission method and the related device provided by the present disclosure, a user terminal obtains original data, and encrypts the original data through a network transmission protocol and CRC data check to obtain encrypted data, where the network transmission protocol can mask data, and can add other types of data to the original data, so as to ensure the concealment of data; the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path to realize hop forwarding and layer-by-layer encryption of the encrypted data, wherein the anonymous dynamic path can use different transmission paths according to different connections to prevent invasion to the maximum extent; and the access gateway acquires the decrypted data, decrypts the transmission data according to the decrypted data to obtain the original data, and verifies the integrity and the availability of the original data to ensure that the data is real and effective.
Drawings
In order to more clearly illustrate the technical solutions in the present disclosure or related technologies, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1A is a flowchart of a network transmission method according to an embodiment of the disclosure;
FIG. 1B is a schematic diagram of a protocol processing module according to an embodiment of the present disclosure;
fig. 1C is a schematic diagram of a user terminal and node machine traffic masking process according to an embodiment of the present disclosure;
fig. 1D is a schematic diagram of a transit node data encryption process according to an embodiment of the disclosure;
fig. 1E is a flowchart of an access gateway processing node machine data according to an embodiment of the present disclosure;
fig. 1F is a flowchart of an access gateway processing user server data according to an embodiment of the present disclosure;
fig. 1G is a schematic diagram of a transit node data decryption process according to an embodiment of the disclosure;
fig. 1H is a flowchart of an enterprise network transmission method according to an embodiment of the disclosure;
fig. 2 is a flowchart of a network transmission device according to an embodiment of the disclosure;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present disclosure should have a general meaning as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
The terms referred to in this disclosure are to be interpreted as follows:
CRC data checking: cyclic Redundancy Check (CRC) is a channel coding technique for generating a short fixed bit Check code according to data such as a network data packet or a computer file, and is mainly used to detect or Check errors that may occur after data transmission or storage. It uses the principle of division and remainder to detect errors.
RTP protocol: the Real-time Transport Protocol (RTP) is a network Transport Protocol. The RTP protocol specifies a standard packet format for the delivery of audio and video over the internet. It was originally designed as a multicast protocol but was later used in many unicast applications.
The HTTP protocol: the hypertext Transfer Protocol (HTTP) is a simple request-response Protocol that specifies what messages a client may send to a server and what responses it may receive.
UDP protocol: the User Datagram Protocol (UDP) is a transport Protocol that a network Protocol suite supports without connection. UDP provides a way for applications to send encapsulated IP packets without establishing a connection.
TFTP protocol: the Trivial File Transfer Protocol (TFTP) is a Protocol in the TCP/IP Protocol suite used for Trivial File Transfer between a client and a server.
IP: internet Protocol (IP) is a network layer Protocol in the TCP/IP architecture.
Channel ID: an Identity Document (ID) is a kind of identification in a transport channel.
L2TP: a second Layer Tunneling Protocol (L2 TP) is an industry standard network Tunneling Protocol, and may encrypt a network data stream.
IPSEC: internet Protocol Security (IPSEC) is a Protocol packet that protects a network transport Protocol cluster of an IP Protocol by encrypting and authenticating packets of the IP Protocol.
DNS: the Domain Name System (DNS) is a service of the internet.
VPN: a Virtual Private Network (VPN) is a remote access technology, and a Private Network can be established by using a public Network to perform encrypted communication. The method has wide application in enterprise networks. The VPN gateway realizes remote access through encryption of the data packet and conversion of a data packet destination address. A VPN may be implemented in a number of ways, including server, hardware, software, etc.
As described above, how to improve the security of network transmission becomes an important research issue.
Based on the above description, as shown in fig. 1A, the network transmission method proposed in this embodiment is applied to a communication system, where the communication system includes a user terminal, a node machine, an access gateway and a user server, and the method includes:
step 101, the user terminal obtains original data, encrypts the original data through a network transmission protocol and CRC data check to obtain encrypted data, and sends the encrypted data to the node machine.
In specific implementation, when a user terminal receives original data, the user terminal performs data processing on the original data through a network transmission protocol, for example, an RTP network transmission protocol and an HTTP network transmission protocol, and adds CRC check data to the original data to perform data check.
As shown in fig. 1B, fig. 1B is a schematic diagram of a protocol processing module. When the user software of the user terminal acquires the original data, the user software calls a special processing module to carry out encryption processing of a network transmission protocol on the data to obtain the encrypted data, the user software integrates a special processing transceiving interface, when the user software sends the original data, the special processing transceiving interface is used for packaging network transmission protocol format data and carrying out data transmission with the node machine according to a change protocol rule, for example, a UDP protocol is used for carrying out data transmission, CRC (cyclic redundancy check) data is added, and after data verification is completed, the encrypted data is sent to the node machine.
The network transmission protocol is converted into different protocols according to different connections, when the user software is initialized, the special protocol is a TFTP protocol, and the user software normally transmits data with a user server. And when the user software does not receive the data returned by the user server after the data is sent for 5 minutes, the receiving is overtime, the user software needs to negotiate with the user server again, and then the data transmission is carried out. After sensing the reception timeout, the special processing module converts the network transmission protocol, for example, modifies the network transmission protocol into an RTP protocol.
As shown in fig. 1C, fig. 1C is a schematic diagram of a traffic masking process between a user terminal and a node machine. The special processing module can perform the covering processing on the traffic besides providing the data protocol covering function. The special processing module provides a miscellaneous packet packaging interface of a network transmission protocol, and a certain proportion of miscellaneous packets can be transmitted between the user terminal and the node machine in the data transmission process. For example, when the user terminal transmits data, a special protocol packet may be transmitted according to a certain ratio to perform traffic masking. The length of the miscellaneous package is 300-1300, and after the user software calls the miscellaneous package interface, the miscellaneous package with random length of 300-1300 is generated.
In the above solution, the user terminal performs data hiding processing on the original data through a network transmission protocol, and may add other types of data to the original data, for example, add common HTTP network data or other types of video data to the original data, thereby ensuring the concealment of the data.
And 102, the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path.
In specific implementation, after receiving encrypted data, the node machine selects and determines an anonymous dynamic path from a path pool from the node machine to an access gateway through a path selection algorithm, establishes mapping, secondarily encapsulates the encrypted data, uses data containing an IP head behind an IP layer of the encrypted data as data content, encrypts a random character string with increased or decreased random length on the data content, encrypts the encrypted data layer by layer through a transfer node of the determined dynamic path to obtain the transmission data, and sends the transmission data to the access gateway.
In the above scheme, the transmission data is sent to the access gateway through the anonymous dynamic path, so that the hop forwarding and layer-by-layer encryption of the encrypted data are realized, and the anonymous dynamic path can use different transmission paths according to different connections, thereby furthest preventing intrusion.
Step 103, the access gateway obtains decrypted data, decrypts the transmission data according to the decrypted data to obtain the original data, and sends the original data to the user server through a channel.
In specific implementation, after receiving transmission data, the access gateway acquires decrypted data from the node machine, decrypts the transmission data layer by layer according to the decrypted data, performs a layer-by-layer encryption process on the encrypted data according to the transit node, gradually eliminates random character strings in the transmission data to decrypt the transmission data, and recovers to obtain the original data.
In the above scheme, the transmission data is decrypted according to the decrypted data to obtain the original data, and the integrity and the availability of the original data are verified to ensure that the data is real and effective.
In the embodiment, the user terminal acquires original data, and encrypts the original data through a network transmission protocol and CRC (cyclic redundancy check) data check to obtain encrypted data, wherein the network transmission protocol can cover the data, and other types of data can be added to the original data, so that the concealment of the data is ensured; the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path to realize hop forwarding and layer-by-layer encryption of the encrypted data, wherein the anonymous dynamic path can use different transmission paths according to different connections to prevent invasion to the maximum extent; and the access gateway acquires the decrypted data, decrypts the transmission data according to the decrypted data to obtain the original data, and verifies the integrity and the availability of the original data to ensure that the data is real and effective.
In some embodiments, the communication system further comprises: an address issuing server;
step 101 is preceded by:
and step 100, the address publishing server acquires the position and the IP address of the node machine and sends the position and the IP address of the node machine to the user terminal.
In specific implementation, the user terminal communicates with the address server to obtain the position and the IP address of the node machine.
In the above scheme, the user terminal obtains the location and the IP address of the node machine, so as to accurately transmit the data to the node machine when data transmission is performed.
In some embodiments, step 100 is preceded by:
step 100A, the address issuing server presets the threshold values of the node machine position and the IP address use time as a first time threshold value.
And step 100B, in response to the condition that the node machine position and the IP address use time of the node machine exceed the first time threshold, the address issuing server changes the node machine position and the IP address of the node machine.
In specific implementation, the address distribution server updates the position and the IP address of the node machine along with the use of the position and the IP address of the node machine. For example, the location and IP address of the node machine acquired by the address distribution server at 9 am are the location and IP address of the node machine 1, and the location and IP address of the node machine acquired at 9 pm may be updated to the location and IP address of the node machine 2 or the node machine 3.
In the above scheme, the node machine adopts a dynamic publishing mode to publish the IP address, so that the node machine can be hidden. The address publishing server can continuously update the position of the node machine and the IP address according to the preset time, can ensure that the node machine is hidden and the reliability of data transmission is increased in the data transmission process, and furthest prevents invasion.
In some embodiments, step 102 comprises:
step 1021, the node machine judges the type of the network transmission protocol according to a UDP protocol port, obtains the original data of the user terminal according to the type of the network transmission protocol, and determines whether the encrypted data is from the user terminal according to CRC data check in the original data.
In specific implementation, after receiving the encrypted data, the node machine firstly analyzes the encrypted data, judges the type of a network transmission protocol used by the encrypted data according to a UDP protocol port, acquires the original data according to the type of the network transmission protocol, determines that the original data is data sent by the user terminal through CRC check in the original data, and further processes the data.
Step 1022, in response to determining that the encrypted data comes from the user terminal, the node machine processes the encrypted data through a path selection algorithm, determines an anonymous dynamic path from a path pool from the node machine to an access gateway, and updates the anonymous dynamic path according to the use time of the anonymous dynamic path, where the encrypted data includes at least one of the following: protocol number, source IP, destination IP, source port, and destination port.
In specific implementation, after the encrypted data is determined to come from the user terminal, a multi-level transfer node exists between the node machine and the access gateway, a path pool of the anonymous dynamic path is formed by the multi-level transfer node, the encrypted data is processed through a path selection algorithm, an anonymous dynamic path is selected and determined from the path pool, and the encrypted data is encrypted step by step according to the multi-level transfer node in the determined anonymous dynamic path and is transmitted.
Step 1023, the node machine sets secret keys in advance for all transit nodes, encrypts random character strings with random lengths added or reduced to data contents in the encrypted data through the secret keys, respectively encrypts the data contents through at least one level of transit nodes in the anonymous dynamic path to obtain transmission data, and sends the transmission data to the access gateway, wherein the data contents comprise data contents after an IP layer of the encrypted data and/or data contents of an IP header.
When the method is implemented specifically, the encrypted data is encrypted step by step according to multiple transit nodes in a determined anonymous dynamic path and transmitted, a preset secret key exists in each transit node, the encrypted data can be encrypted at each transit node according to the secret key of the transit node, the encryption processing method is that random character strings with random lengths are added or reduced to data contents after an IP layer of the encrypted data and data contents of an IP head, after the encryption processing is completed at the transit node, the data is transmitted to a next transit node and is encrypted continuously according to the secret key of the next transit node, the transit node encrypts the encrypted data layer by layer, and each level of nodes encrypts the encrypted data layer by layer to obtain the transmitted data and transmits the transmitted data to an access gateway.
As shown in fig. 1D, fig. 1D is a schematic diagram of the encryption process of the transit node data. After the node machine receives the encrypted data, the node machine adds a character string with random length to the user encrypted data according to the secret key of the node machine to obtain first encrypted data and sends the first encrypted data to the transfer node 1; the transit node 1 adds a character string with random length to the first encrypted data according to the secret key of the transit node 1 to obtain second encrypted data and sends the second encrypted data to the transit node 2; the transit node 2 adds a character string with a random length to the second encrypted data according to the secret key of the transit node 2, obtains transmission data, and sends the transmission data to the access gateway.
In the above scheme, after receiving the encrypted data, the node machine analyzes and judges the encrypted data, judges whether the encrypted data comes from the user terminal, and ensures that the received data is accurate; determining an anonymous dynamic path from the node machine to a path pool of an access gateway, updating the anonymous dynamic path according to the service time of the anonymous dynamic path, and transmitting data by using different transmission paths, so that the intrusion can be prevented to the maximum extent; the multi-level transit nodes in the anonymous dynamic path are encrypted layer by layer and sent to the access gateway, skip forwarding and layer-by-layer encryption of encrypted data are achieved, skip forwarding of the encrypted data is conducted, each transit node can only know the position of the next-level transit node, tracking of a source can be prevented to the maximum extent, and confidentiality during data transmission can be guaranteed due to the fact that data transmission among the multi-level transit nodes is conducted through stepwise encryption.
In some embodiments, step 1022 includes:
step 10221, the threshold of the anonymous dynamic path usage time is preset as a second time threshold.
Step 10222, in response to determining that the anonymous dynamic path usage time exceeds the second time threshold, the node machine re-determines an anonymous dynamic path via the path selection algorithm.
In specific implementation, when the service time of the anonymous dynamic path exceeds the preset time, one anonymous dynamic path is reselected and determined, and the anonymous dynamic path is updated. For example, after the user terminal sends data to the node machine, the node machine finds that the service time of the anonymous dynamic path exceeds 5 minutes, reselects and determines an anonymous dynamic path through a path selection algorithm, and sends the data to the access gateway through the path, that is, the data transmission data of anonymous transmission dynamically changes according to 5 minutes.
In the scheme, the anonymous dynamic path can be updated according to the path use time, and different transmission paths are used for transmitting data, so that the intrusion can be prevented to the maximum extent.
In some embodiments, step 103 comprises:
step 1031, the access gateway obtains the secret key and the length of the original data as the decrypted data, and decrypts the transmission data according to the decrypted data to obtain the original data.
Step 1032, the access gateway establishes a channel pool, selects a channel from the channel pool according to the original data, records a channel ID, binds the channel ID with the anonymous dynamic path, encrypts the original data into a channel message, and sends the channel message to the user server through the channel, wherein the channel comprises a channel protocol.
In specific implementation, after receiving transmission data, the access gateway decrypts the transmission data in sequence according to the secret keys of the transit nodes at all levels, analyzes the decrypted data to obtain the original data, determines that the original data comes from the user terminal, further processes the data, establishes a channel pool between the access gateway and the user server, wherein the channel pool comprises a plurality of channels, each channel comprises a channel protocol, such as an L2TP protocol, an IPSEC protocol, and the like, and determines one channel in the channel pool to send the original data to the user server.
As shown in fig. 1E, fig. 1E is a flowchart of processing node machine data by an access gateway. When the access gateway receives the transmission data, performing data verification on the received transmission data, if the received data is not the data sent by the user terminal, namely the data verification fails, discarding the message if the data verification fails, if the data verification succeeds, acquiring the number of transit nodes through which the data passes, decrypting the data layer by layer according to the secret keys of the transit nodes to obtain the encrypted data, removing character strings in the encrypted data, acquiring decryption secret keys according to the secret keys of the transit nodes, acquiring the original data of the user terminal after all the transit nodes finish layer by layer decryption processing, and if the transit nodes do not perform decryption processing, returning to continue decrypting the data according to the secret keys.
In the above scheme, the channel ID of the channel is bound to the anonymous dynamic path, so that when data is transmitted from the user server to the user terminal, the corresponding channel and anonymous dynamic path can be used for transmission.
In some embodiments, step 103 is further followed by:
and 104, responding to the original data received by the user server, and recovering the original data by the user server to obtain the transmission data and sending the transmission data to the access gateway.
And 105, the access gateway acquires the anonymous dynamic path according to the channel ID, transmits the transmission data to the transit node through the anonymous dynamic path, decrypts the transmission data through the at least one stage of transit node by using the secret key to obtain the encrypted data, and transmits the encrypted data to the node machine.
And 106, the node machine decrypts the encrypted data through a network transmission protocol and CRC data check to obtain the original data, and sends the original data to the user terminal.
In specific implementation, after receiving the original data, the user server recovers the original data to obtain the transmission data and transmits the transmission data to the access gateway; the access gateway binds the channel ID of the channel with the anonymous dynamic path, and can acquire the corresponding anonymous dynamic path according to the channel ID, sequentially decrypt the transmission data layer by layer through transit nodes at each level in the anonymous dynamic path to obtain the encrypted data and send the encrypted data to the node machine; and the node machine analyzes the encrypted data, judges the type of a network transmission protocol used by the encrypted data according to a UDP (user Datagram protocol) port, recovers the type of the network transmission protocol to obtain the original data and transmits the original data back to the user terminal.
As shown in fig. 1F, fig. 1F is a flowchart of the access gateway processing the user server data. When the access gateway receives the data sent by the user server, the ID of the anonymous dynamic path is obtained according to the channel ID of the access gateway, the number of transit nodes is obtained according to the ID of the anonymous dynamic path, the encryption key of the transit nodes is obtained, the data is covered, the encryption key is used for encrypting the data, when the multi-level transit nodes finish the layer-by-layer encryption of the data, the data is sent to the node machine, and if the transit nodes do not encrypt the data completely, the encryption key for obtaining the transit nodes is returned to encrypt the data.
As shown in fig. 1G, fig. 1G is a schematic diagram of the transit node data decryption process. After the access gateway receives the transmission data, the access gateway reduces a character string with a random length for the second encrypted data according to the secret key of the transit node 2 to obtain first encrypted data and sends the first encrypted data to the transit node 2; the transit node 2 reduces a character string with a random length for the first encrypted data according to the secret key of the transit node 1 to obtain user encrypted data and sends the user encrypted data to the transit node 1; and the transfer node 1 reduces a character string with a random length for the user encrypted data according to the secret key of the node machine to obtain encrypted data and sends the encrypted data to the node machine.
In the above scheme, after the user server receives the data sent by the user terminal, the received data is sequentially recovered and transmitted back to the user terminal through the access gateway and the node machine, so that the whole data transmission process is completed, and the integrity of the data transmission process is ensured.
Through the scheme of the embodiment, the user terminal acquires original data, and encrypts the original data through a network transmission protocol and CRC data check to obtain encrypted data, wherein the network transmission protocol can cover the data, and other types of data can be added to the original data, so that the concealment of the data is ensured; the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path to realize hop forwarding and layer-by-layer encryption of the encrypted data, wherein the anonymous dynamic path can use different transmission paths according to different connections to prevent invasion to the maximum extent; and the access gateway acquires the decrypted data, decrypts the transmission data according to the decrypted data to obtain the original data, and verifies the integrity and the availability of the original data to ensure that the data is real and effective.
It should be noted that the embodiments of the present disclosure can be further described in the following ways:
as shown in fig. 1H, fig. 1H is a flowchart of an enterprise network transmission method, including: the system comprises a user terminal, a DNS (domain name system) server, a node machine, a transit node, an enterprise gateway and an enterprise network.
Step 1: a DNS server is deployed in the Internet, the DNS server updates the position and the IP address of the node machine in a mode of regularly modifying a domain name and an IP, and user terminals such as a user mobile phone and a user computer acquire the position and the IP address of the node machine through configuration of the DNS.
And 2, step: user terminals such as a user mobile phone and a user computer use a network transmission protocol to cover data, encrypt the data and transmit the encrypted data.
And step 3: and data transmission between the enterprise gateway and the node machine adopts a VPN mode, and multi-layer protection is carried out, so that the safety and reliability of data are ensured.
And 4, step 4: the enterprise network and the Internet are physically isolated through an enterprise gateway, data transmission is carried out between the enterprise gateway and the enterprise network through a channel protocol, and other injection information is shielded.
In the above embodiment, the user terminal encrypts the data through the network transmission protocol to obtain encrypted data, where the network transmission protocol can mask the data, and can add other types of data to the original data, so as to ensure the concealment of the data; the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path to realize hop forwarding and layer-by-layer encryption of the encrypted data, wherein the anonymous dynamic path can use different transmission paths according to different connections to prevent invasion to the maximum extent; and the access gateway acquires the decrypted data, decrypts the transmission data according to the decrypted data to obtain the original data, and verifies the integrity and the availability of the original data to ensure that the data is real and effective.
It should be noted that the method of the embodiment of the present disclosure may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may only perform one or more steps of the method of the embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above describes some embodiments of the disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, the invention also provides a network transmission device corresponding to the method of any embodiment.
Referring to fig. 2, the network transmission apparatus is provided in a communication system, where the communication system includes a user terminal, a node machine, an access gateway and a user server, and the apparatus includes:
an encryption module 201, configured to acquire original data by the user terminal, encrypt the original data by a network transmission protocol and CRC data check to obtain encrypted data, and send the encrypted data to the node machine;
a path determining module 202, configured to determine an anonymous dynamic path by using a path selection algorithm, encrypt the encrypted data to obtain transmission data, and send the transmission data to the access gateway through the anonymous dynamic path;
a decryption module 203, configured to obtain decrypted data by the access gateway, decrypt the transmission data according to the decrypted data to obtain the original data, and send the original data to the user server through a channel.
In some embodiments, the encryption module 201 further comprises, before:
and the node machine IP address acquisition unit is configured to acquire the position and the IP address of the node machine by the address publishing server and send the position and the IP address of the node machine to the user terminal.
In some embodiments, the node machine IP address obtaining unit further includes:
a first time threshold presetting subunit configured to preset, by the address distribution server, a threshold of the position of the node machine and the service time of the IP address as a first time threshold;
a node machine IP address updating subunit configured to respond to the node machine position and the IP address use time of the node machine exceeding the first time threshold value, and the address publishing server changes the node machine position and the IP address of the node machine.
In some embodiments, the path determining module 202 specifically includes:
the encrypted data judging unit is configured to judge the type of the network transmission protocol according to a UDP (user Datagram protocol) protocol port, acquire the original data of the user terminal according to the type of the network transmission protocol, and judge and determine whether the encrypted data comes from the user terminal or not through CRC (Cyclic redundancy check) data in the original data;
an anonymous dynamic path determination unit, configured to, in response to determining that the encrypted data is from the user terminal, process the encrypted data by a path selection algorithm, determine an anonymous dynamic path from a pool of paths from the node machine to an access gateway, and update the anonymous dynamic path according to a usage time of the anonymous dynamic path, wherein the encrypted data includes at least one of: protocol number, source IP, destination IP, source port, and destination port;
the data encryption unit is configured to set a secret key in advance for each transit node by the node, encrypt a random character string with a random length added or reduced to data content in the encrypted data by the secret key, encrypt transmission data respectively by at least one level of transit nodes in the anonymous dynamic path, and send the transmission data to the access gateway, where the data content includes data content after the encrypted data IP layer and/or data content of an IP header.
In some embodiments, the anonymous dynamic path determining unit specifically includes:
a second time threshold presetting subunit configured to preset a threshold of the anonymous dynamic path usage time as a second time threshold;
an anonymous dynamic path update subunit configured to, in response to determining that the anonymous dynamic path usage time exceeds the second time threshold, the node machine re-determine an anonymous dynamic path via the path selection algorithm.
In some embodiments, the decryption module 203 specifically includes:
the data decryption unit is configured to obtain the secret key and the length of the original data as the decrypted data by the access gateway, and decrypt the transmission data according to the decrypted data to obtain the original data;
and the channel determining unit is configured to establish a channel pool by the access gateway, select a channel from the channel pool according to the original data, record a channel ID, bind the channel ID with the anonymous dynamic path, encrypt the original data into a channel message, and send the channel message to the user server through the channel, wherein the channel comprises a channel protocol.
In some embodiments, the apparatus further comprises:
the data recovery unit is configured to respond to the user server receiving the original data, and the user server recovers the original data to obtain the transmission data and sends the transmission data to the access gateway;
an anonymous dynamic path obtaining unit, configured to obtain, by the access gateway, the anonymous dynamic path according to a channel ID, send the transmission data to the transit node through the anonymous dynamic path, decrypt, by the at least one stage of transit node, the transmission data with the key to obtain the encrypted data, and send the encrypted data to the node machine;
and the data decryption unit is configured to decrypt the encrypted data through a network transmission protocol and CRC data check to obtain the original data and send the original data to the user terminal.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations of the present disclosure.
The apparatus in the foregoing embodiment is used to implement the corresponding network transmission method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to the method of any embodiment described above, the present disclosure further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the program, the network transmission method described in any embodiment described above is implemented.
Fig. 3 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the device may include: a processor 310, a memory 320, an input/output interface 330, a communication interface 340, and a bus 350. Wherein the processor 310, memory 320, input/output interface 330, and communication interface 340 are communicatively coupled to each other within the device via bus 350.
The processor 310 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present specification.
The Memory 320 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 320 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 320 and called to be executed by the processor 310.
The input/output interface 330 is used for connecting an input/output module to realize information input and output. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 340 is used for connecting a communication module (not shown in the figure) to implement communication interaction between the present device and other devices. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, bluetooth and the like).
Bus 350 includes a path that transfers information between various components of the device, such as processor 310, memory 1020, input/output interface 330, and communication interface 340.
It should be noted that although the above-mentioned device only shows the processor 310, the memory 320, the input/output interface 330, the communication interface 340 and the bus 350, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device of the foregoing embodiment is used to implement the corresponding network transmission method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-described embodiment methods, the present disclosure also provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the network transmission method according to any of the above embodiments.
Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The computer instructions stored in the storage medium of the foregoing embodiment are used to enable the computer to execute the network transmission method according to any one of the foregoing embodiments, and have the beneficial effects of the corresponding method embodiment, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the concept of the present disclosure, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the present disclosure, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the present disclosure are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that the embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures, such as Dynamic RAM (DRAM), may use the discussed embodiments.
The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made without departing from the spirit or scope of the embodiments of the present disclosure are intended to be included within the scope of the disclosure.

Claims (10)

1. A network transmission method, applied to a communication system including a user terminal, a node machine, an access gateway and a user server, the method comprising:
the user terminal acquires original data, encrypts the original data through a network transmission protocol and CRC (cyclic redundancy check) data to obtain encrypted data, and sends the encrypted data to the node machine;
the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path;
and the access gateway acquires decrypted data, decrypts the transmission data according to the decrypted data to obtain the original data, and sends the original data to the user server through a channel.
2. The method of claim 1, wherein the communication system further comprises: an address issuing server;
before the user terminal acquires the original data, the method further comprises the following steps:
and the address issuing server acquires the position and the IP address of the node machine and sends the position and the IP address of the node machine to the user terminal.
3. The method of claim 2, further comprising, before the address publication server obtains the location and the IP address of the node machine:
the address issuing server presets the threshold values of the position of the node machine and the use time of the IP address as a first time threshold value;
and responding to the node machine position and the IP address using time of the node machine exceeding the first time threshold, and changing the node machine position and the IP address of the node machine by the address issuing server.
4. The method of claim 1, wherein the node machine determines an anonymous dynamic path through a path selection algorithm, encrypts the encrypted data to obtain transmission data, and sends the transmission data to the access gateway through the anonymous dynamic path, and the method comprises:
the node machine judges the type of the network transmission protocol according to a UDP protocol port, acquires the original data of the user terminal according to the type of the network transmission protocol, and judges and determines whether the encrypted data comes from the user terminal or not through CRC data check in the original data;
in response to determining that the encrypted data is from the user terminal, the node machine processes the encrypted data through a path selection algorithm, determines an anonymous dynamic path from a path pool from the node machine to an access gateway, and updates the anonymous dynamic path according to the use time of the anonymous dynamic path, wherein the encrypted data comprises at least one of the following data: protocol number, source IP, destination IP, source port, and destination port;
the node machine sets secret keys in advance for all transit nodes, encrypts random character strings with random lengths added or reduced to data contents in the encrypted data through the secret keys, respectively encrypts the random character strings through at least one level of transit nodes in the anonymous dynamic path to obtain transmission data, and sends the transmission data to the access gateway, wherein the data contents comprise data contents after an IP layer of the encrypted data and/or data contents of an IP header.
5. The method of claim 4, wherein the updating the anonymous dynamic path based on a time of use of the anonymous dynamic path comprises:
presetting a threshold value of the anonymous dynamic path use time as a second time threshold value;
in response to determining that the anonymous dynamic path usage time exceeds the second time threshold, the node machine re-determines an anonymous dynamic path via the path selection algorithm.
6. The method of claim 4, wherein the accessing gateway obtains the decrypted data, decrypts the transmission data according to the decrypted data to obtain the original data, and sends the original data to the user server through a channel, and the method comprises:
the access gateway acquires the secret key and the length of the original data as the decryption data, and decrypts the transmission data according to the decryption data to obtain the original data;
the access gateway establishes a channel pool, selects a channel from the channel pool according to the original data, records a channel ID, binds the channel ID with the anonymous dynamic path, encrypts the original data into a channel message, and sends the channel message to the user server through the channel, wherein the channel comprises a channel protocol.
7. The method of claim 6, further comprising:
responding to the user server to receive the original data, recovering the original data by the user server to obtain the transmission data, and sending the transmission data to the access gateway;
the access gateway acquires the anonymous dynamic path according to a channel ID, transmits the transmission data to the transit node through the anonymous dynamic path, decrypts the transmission data through the at least one stage of transit node by the secret key to obtain the encrypted data, and transmits the encrypted data to the node machine;
and the node machine decrypts the encrypted data through a network transmission protocol and CRC data check to obtain the original data, and sends the original data to the user terminal.
8. A network transmission apparatus, wherein the apparatus is disposed in a communication system, the communication system includes a user terminal, a node machine, an access gateway and a user server, and the apparatus includes:
the encryption module is configured to acquire original data by the user terminal, encrypt the original data through a network transmission protocol and CRC data check to obtain encrypted data, and send the encrypted data to the node machine;
the node machine is configured to determine an anonymous dynamic path through a path selection algorithm, encrypt the encrypted data to obtain transmission data, and send the transmission data to the access gateway through the anonymous dynamic path;
and the decryption module is configured to acquire decrypted data by the access gateway, decrypt the transmission data according to the decrypted data to obtain the original data, and send the original data to the user server through a channel.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 7 when the program is executed by the processor.
10. A non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
CN202210963055.7A 2022-08-11 2022-08-11 Network transmission method, device, equipment and medium Active CN115514520B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210963055.7A CN115514520B (en) 2022-08-11 2022-08-11 Network transmission method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210963055.7A CN115514520B (en) 2022-08-11 2022-08-11 Network transmission method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN115514520A true CN115514520A (en) 2022-12-23
CN115514520B CN115514520B (en) 2023-09-22

Family

ID=84501819

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210963055.7A Active CN115514520B (en) 2022-08-11 2022-08-11 Network transmission method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN115514520B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150381487A1 (en) * 2014-06-25 2015-12-31 International Business Machines Corporation Cloud-based anonymous routing
CN109698791A (en) * 2018-11-29 2019-04-30 北京天元特通科技有限公司 A kind of anonymous cut-in method based on dynamic route
CN114584386A (en) * 2022-03-11 2022-06-03 四川邦辰信息科技有限公司 Global multistage encryption network communication method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150381487A1 (en) * 2014-06-25 2015-12-31 International Business Machines Corporation Cloud-based anonymous routing
CN109698791A (en) * 2018-11-29 2019-04-30 北京天元特通科技有限公司 A kind of anonymous cut-in method based on dynamic route
CN114584386A (en) * 2022-03-11 2022-06-03 四川邦辰信息科技有限公司 Global multistage encryption network communication method

Also Published As

Publication number Publication date
CN115514520B (en) 2023-09-22

Similar Documents

Publication Publication Date Title
CN107612909B (en) Information interaction method, device and equipment about Internet of things equipment
US20210007176A1 (en) Wireless connection establishing methods and wireless connection establishing apparatuses
BR112017016047A2 (en) methods of transmitting a packet and packets containing digital data through a cloud and digital data transmission through a cloud.
US10826876B1 (en) Obscuring network traffic characteristics
CN101138218A (en) Security protocols on incompatible transports
US20150113629A1 (en) Monitoring network traffic
KR20180079324A (en) Internet Key Exchange (IKE) for security association between devices
US11784977B2 (en) Methods, apparatus, and systems for an encryption mode via a virtual private network
CN108664395A (en) Applied program testing method, device, equipment and storage medium
CN114553590B (en) Data transmission method and related equipment
CN110771116B (en) Method, device, storage medium and system for identifying encrypted data stream
CN109040059B (en) Protected TCP communication method, communication device and storage medium
WO2018101488A1 (en) Secure network communication method
WO2022087290A1 (en) Homomorphic encryption with quantum key distribution encapsulation
CN102447626A (en) Backbone network with policy driven routing
CN112560003A (en) User authority management method and device
CN116527405B (en) SRV6 message encryption transmission method and device and electronic equipment
CN112437046A (en) Communication method, system, electronic device and storage medium for preventing replay attack
CN115514520B (en) Network transmission method, device, equipment and medium
CN107343001B (en) Data processing method and device
CN110912941A (en) Transmission processing method and device for multicast data
CN111865557A (en) Check code generation method and device
CN112019502B (en) Anonymous protection method for user nodes of ring guard network and electronic equipment
CN107770018B (en) Communication method and device for serial communication system
CN116488812B (en) Service data processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant