CN115766902A - Method, device, equipment and medium for transmitting non-sensitive data through QUIC - Google Patents

Method, device, equipment and medium for transmitting non-sensitive data through QUIC Download PDF

Info

Publication number
CN115766902A
CN115766902A CN202211418172.1A CN202211418172A CN115766902A CN 115766902 A CN115766902 A CN 115766902A CN 202211418172 A CN202211418172 A CN 202211418172A CN 115766902 A CN115766902 A CN 115766902A
Authority
CN
China
Prior art keywords
quic
sensitive data
connection request
preset
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211418172.1A
Other languages
Chinese (zh)
Other versions
CN115766902B (en
Inventor
刘准
陈保军
张晨
黄韬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Network Communication and Security Zijinshan Laboratory
Original Assignee
Network Communication and Security Zijinshan Laboratory
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Network Communication and Security Zijinshan Laboratory filed Critical Network Communication and Security Zijinshan Laboratory
Priority to CN202211418172.1A priority Critical patent/CN115766902B/en
Publication of CN115766902A publication Critical patent/CN115766902A/en
Application granted granted Critical
Publication of CN115766902B publication Critical patent/CN115766902B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)

Abstract

本申请公开了一种通过QUIC发送非敏感数据的方法、装置、设备、介质,涉及通信技术领域,应用于服务端,包括:获取客户端发送的连接请求,并检测连接请求中是否包含目标传输参数;若检测到连接请求存在目标传输参数且服务端也存在所述目标传输参数,则选择预设QUIC协议;基于预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端。通过对连接请求所连接的双方进行检测,以检测是否都包含目标传输参数的方式来确定是否开始预设QUIC协议传输,通过预设QUIC协议进行非敏感数据不加密方式进行传输,提高传输效率、节省资源、并保证安全性,同时不影响原有报文传输。

Figure 202211418172

This application discloses a method, device, device, and medium for sending non-sensitive data through QUIC, which relates to the field of communication technology and is applied to the server, including: obtaining the connection request sent by the client, and detecting whether the connection request contains the target transmission parameter; if it is detected that there is a target transmission parameter in the connection request and the server also has the target transmission parameter, the default QUIC protocol is selected; based on the non-encrypted data transmission method in the default QUIC protocol, the non-sensitive data is transmitted to the client end. By detecting the two parties connected by the connection request, it is determined whether to start the preset QUIC protocol transmission by detecting whether the target transmission parameters are included, and the non-sensitive data is transmitted without encryption through the preset QUIC protocol to improve the transmission efficiency. Save resources and ensure security without affecting the transmission of original messages.

Figure 202211418172

Description

一种通过QUIC发送非敏感数据的方法、装置、设备、介质A method, device, device, and medium for sending non-sensitive data through QUIC

技术领域technical field

本发明涉及通信技术领域,特别涉及一种通过QUIC发送非敏感数据的方法、装置、设备、介质。The present invention relates to the field of communication technology, in particular to a method, device, equipment and medium for sending non-sensitive data through QUIC.

背景技术Background technique

QUIC(Quick UDP Internet Connection,互联网传输层协议)是一种安全信道的传输标准,由于其用户态协议实现、0-RTT重连等优势而受到http服务商的喜爱。在目前的草案规定中,QUIC所有的报文和数据都必须加密,但在非敏感数据传输场景中,数据一般不需要传输层加密,例如:某些视频数据,对于需要版权保护的视频,一般由服务商和应用根据版权保护策略进行加密解密,如果QUIC再次加密解密,会浪费大量CPU,虽然服务端可以将其卸载至硬件,但仍然是一种浪费,需要研发硬件或者在云里买专门的加密服务,而且客户端是手机和电脑的话就没办法卸载了,只有浪费CPU和电量了。对于直播类追求实时性、而不在意版权保护和传输保护的视频来说,加密除了浪费资源,还降低了实时性,无论如何都是不划算的。QUIC (Quick UDP Internet Connection, Internet Transport Layer Protocol) is a transmission standard for secure channels. It is favored by http service providers due to its user-mode protocol implementation and 0-RTT reconnection advantages. In the current draft regulations, all QUIC messages and data must be encrypted, but in non-sensitive data transmission scenarios, data generally does not require transport layer encryption, for example: some video data, for videos that require copyright protection, generally Encryption and decryption are performed by service providers and applications according to the copyright protection strategy. If QUIC encrypts and decrypts again, a lot of CPU will be wasted. Although the server can offload it to hardware, it is still a waste. It is necessary to develop hardware or buy special hardware in the cloud. encryption service, and if the client is a mobile phone and a computer, there is no way to uninstall it, only a waste of CPU and power. For live broadcast videos that pursue real-time performance and do not care about copyright protection and transmission protection, encryption not only wastes resources, but also reduces real-time performance, which is not cost-effective anyway.

现有技术中,在IETF的个人草案中,draft-banks-quic-disable-encryption提出了不加密的场景和方法,增加传输参数disable_1rtt_encryption用于客户端和服务端协商是否可以不加密,如果双方都同意不加密,则使用不加密传输数据。握手消息仍然需要加密,防止被中间人恶意篡改为不加密但除了握手消息,还有很多控制报文会暴露攻击点,比如流控消息,恶意中间人可以篡改流控消息,导致消息收发异常;比如数据报文,可以修改流ID耗尽可用流,导致正常通信双方无法开启新的流;比如地址迁移,恶意中间人可以发起地址迁移,伪装成正常通信方收发报文。这对于数据传输来说是无办法接受的风险。草案draft-banks-quic-disable-encryption中指明适用场景是完全可信任的通信环境或者应用已经加密了应用数据。但随着云环境越来越普遍,多租户使得云中没有完全可信任的通信环境,即使是私有云的东西向流量也并非绝对安全的;而对于用户已经加密的数据,报文中的QUIC协议部分仍然是很容易受到攻击的。In the prior art, in the personal draft of IETF, draft-banks-quic-disable-encryption proposes the scenario and method of non-encryption, and adds the transmission parameter disable_1rtt_encryption for the client and server to negotiate whether encryption can be disabled. Agree to not encrypt, then use unencrypted transmission data. The handshake message still needs to be encrypted to prevent it from being maliciously tampered with by an intermediary. However, in addition to the handshake message, there are many control messages that will expose attack points, such as flow control messages. For messages, the stream ID can be modified to exhaust the available streams, causing normal communication parties to fail to open new streams; for example, address migration, a malicious intermediary can initiate address migration, pretending to be a normal communication party to send and receive messages. This is an unacceptable risk for data transmission. The draft draft-banks-quic-disable-encryption indicates that the applicable scenario is a fully trusted communication environment or the application has encrypted application data. However, as the cloud environment becomes more and more common, multi-tenancy makes there is no completely trusted communication environment in the cloud. Even the east-west traffic of the private cloud is not absolutely safe; and for the encrypted data of the user, the QUIC in the message The protocol part is still vulnerable.

综上,如何实现不加密非敏感数据传输,以降低非敏感数据传输消耗的CPU性能,保障非敏感数据传输的安全是本领域有待解决的技术问题。To sum up, how to realize non-encrypted non-sensitive data transmission to reduce the CPU performance consumed by non-sensitive data transmission and ensure the security of non-sensitive data transmission is a technical problem to be solved in this field.

发明内容Contents of the invention

有鉴于此,本发明的目的在于提供一种通过QUIC发送非敏感数据的方法、装置、设备、介质,能够实现不加密非敏感数据传输,以降低非敏感数据传输消耗的CPU性能,保障非敏感数据传输的安全。其具体方案如下:In view of this, the object of the present invention is to provide a method, device, device, and medium for sending non-sensitive data through QUIC, which can realize non-encrypted non-sensitive data transmission, reduce the CPU performance consumed by non-sensitive data transmission, and ensure non-sensitive data transmission. Security of data transmission. The specific plan is as follows:

第一方面,本申请公开了一种通过QUIC发送非敏感数据的方法,应用于服务端,包括:In the first aspect, this application discloses a method for sending non-sensitive data through QUIC, which is applied to the server, including:

获取客户端发送的连接请求,并检测所述连接请求中是否包含目标传输参数;Obtain the connection request sent by the client, and detect whether the connection request contains target transmission parameters;

若检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择预设QUIC协议;If it is detected that the connection request has the target transmission parameter and the server also has the target transmission parameter, then select the default QUIC protocol;

基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端。The non-sensitive data is transmitted to the client based on the non-encrypted data transmission mode in the preset QUIC protocol.

可选的,所述的通过QUIC发送非敏感数据的方法,还包括:Optionally, the method for sending non-sensitive data through QUIC also includes:

在原始QUIC协议中新增用于非加密数据传输方式的类型字段,以生成预设QUIC协议。A new type field for non-encrypted data transmission is added to the original QUIC protocol to generate the default QUIC protocol.

可选的,所述在原始QUIC协议中新增用于非加密数据传输方式的类型字段,以生成预设QUIC协议,包括:Optionally, adding a type field for non-encrypted data transmission in the original QUIC protocol to generate a preset QUIC protocol includes:

分别对用于非加密数据传输方式的所述类型字段、Stream帧中的Stream ID和Offset Length进行加密处理,以生成预设QUIC协议。The type field used in the non-encrypted data transmission mode, the Stream ID and the Offset Length in the Stream frame are respectively encrypted to generate a preset QUIC protocol.

可选的,所述基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端,包括:Optionally, the transmitting non-sensitive data to the client based on the non-encrypted data transmission mode in the preset QUIC protocol includes:

基于预设加密算法对Stream ID和Offset Length进行加密处理;将非敏感数据分别以非加密方式存放在Stream帧,以便通过传输所述Stream帧将所述非敏感数据传输至所述客户端。Encrypt the Stream ID and Offset Length based on a preset encryption algorithm; store the non-sensitive data in the Stream frame in a non-encrypted manner, so that the non-sensitive data can be transmitted to the client by transmitting the Stream frame.

可选的,所述基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端之后,还包括:Optionally, after transmitting the non-sensitive data to the client based on the non-encrypted data transmission mode in the preset QUIC protocol, it further includes:

通过所述客户端计算mask,利用所述mask对所述Stream ID和所述Offset Length进行解密,若解密成功,则保存所述Stream帧中的非敏感数据。Calculate the mask through the client, use the mask to decrypt the Stream ID and the Offset Length, and save the non-sensitive data in the Stream frame if the decryption is successful.

第二方面,本申请公开了一种通过QUIC协议发送非敏感数据的方法,应用于客户端,包括:In the second aspect, this application discloses a method for sending non-sensitive data through the QUIC protocol, which is applied to the client, including:

发送连接请求至服务端,以便所述服务端检测所述连接请求中是否包含目标传输参数,所述服务端用于在检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择对应的预设QUIC协议;Sending a connection request to the server, so that the server detects whether the connection request contains the target transmission parameter, and the server is used to detect that the connection request has the target transmission parameter and the server also has the target transmission parameter For the target transmission parameter, select the corresponding preset QUIC protocol;

接收所述服务端通过所述预设QUIC协议中的非加密数据传输方式发送的非敏感数据。receiving the non-sensitive data sent by the server through the non-encrypted data transmission mode in the preset QUIC protocol.

第三方面,本申请公开了一种通过QUIC发送非敏感数据的装置,应用于服务端,包括:In the third aspect, this application discloses a device for sending non-sensitive data through QUIC, which is applied to the server, including:

参数检测模块,用于获取客户端发送的连接请求,并检测所述连接请求中是否包含目标传输参数;A parameter detection module, configured to obtain a connection request sent by the client, and detect whether the connection request contains target transmission parameters;

传输开启模块,用于若检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择预设QUIC协议;A transmission enabling module, configured to select a preset QUIC protocol if it is detected that the connection request has the target transmission parameter and the server also has the target transmission parameter;

数据传输模块,用于基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端。A data transmission module, configured to transmit non-sensitive data to the client based on the non-encrypted data transmission mode in the preset QUIC protocol.

第四方面,本申请公开了一种电子设备,包括:In a fourth aspect, the present application discloses an electronic device, comprising:

存储器,用于保存计算机程序;memory for storing computer programs;

处理器,用于执行所述计算机程序,以实现前述公开的通过QUIC发送非敏感数据的方法的步骤。A processor, configured to execute the computer program, so as to implement the steps of the method for sending non-sensitive data through QUIC disclosed above.

第五方面,本申请公开了一种计算机可读存储介质,用于存储计算机程序;其中,所述计算机程序被处理器执行时实现前述公开的通过QUIC发送非敏感数据的方法的步骤。In a fifth aspect, the present application discloses a computer-readable storage medium for storing a computer program; wherein, when the computer program is executed by a processor, the steps of the aforementioned disclosed method for sending non-sensitive data through QUIC are implemented.

由此可见,本申请公开了一种通过QUIC发送非敏感数据的方法,应用于服务端,包括:获取客户端发送的连接请求,并检测所述连接请求中是否包含目标传输参数;若检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择预设QUIC协议;基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端。可见,本申请通过对连接请求所连接的双方进行检测,以检测是否都包含目标传输参数的方式来确定是否开始预设QUIC协议传输,通过预设QUIC协议进行非敏感数据不加密方式进行传输,提高传输效率、节省资源、并保证安全性,同时不影响原有报文传输。It can be seen that this application discloses a method for sending non-sensitive data through QUIC, which is applied to the server, including: obtaining the connection request sent by the client, and detecting whether the connection request contains target transmission parameters; if detected The connection request has the target transmission parameter and the server also has the target transmission parameter, then select the default QUIC protocol; based on the non-encrypted data transmission method in the preset QUIC protocol, the non-sensitive data is transmitted to the client. It can be seen that this application determines whether to start the preset QUIC protocol transmission by detecting both parties connected to the connection request to detect whether the target transmission parameters are included, and the non-sensitive data is transmitted through the preset QUIC protocol without encryption. Improve transmission efficiency, save resources, and ensure security without affecting original message transmission.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1为本申请公开的一种通过QUIC发送非敏感数据的方法流程图;FIG. 1 is a flowchart of a method for sending non-sensitive data through QUIC disclosed in the present application;

图2为本申请公开的一种具体的通过QUIC发送非敏感数据的方法流程图;FIG. 2 is a flow chart of a specific method for sending non-sensitive data through QUIC disclosed in the present application;

图3为本申请公开的另一种具体的通过QUIC发送非敏感数据的方法流程图;FIG. 3 is a flow chart of another specific method for sending non-sensitive data through QUIC disclosed in the present application;

图4为本申请公开的一种通过QUIC发送非敏感数据的装置结构示意图;FIG. 4 is a schematic structural diagram of a device for sending non-sensitive data through QUIC disclosed in the present application;

图5为本申请公开的一种电子设备结构图。FIG. 5 is a structural diagram of an electronic device disclosed in the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

现有技术中,在IETF的个人草案中,draft-banks-quic-disable-encryption提出了不加密的场景和方法,增加传输参数disable_1rtt_encryption用于客户端和服务端协商是否可以不加密,如果双方都同意不加密,则使用不加密传输数据。握手消息仍然需要加密,防止被中间人恶意篡改为不加密但除了握手消息,还有很多控制报文会暴露攻击点,比如流控消息,恶意中间人可以篡改流控消息,导致消息收发异常;比如数据报文,可以修改流ID耗尽可用流,导致正常通信双方无法开启新的流;比如地址迁移,恶意中间人可以发起地址迁移,伪装成正常通信方收发报文。这对于数据传输来说是无办法接受的风险。草案draft-banks-quic-disable-encryption中指明适用场景是完全可信任的通信环境或者应用已经加密了应用数据。但随着云环境越来越普遍,多租户使得云中没有完全可信任的通信环境,即使是私有云的东西向流量也并非绝对安全的;而对于用户已经加密的数据,报文中的QUIC协议部分仍然是很容易受到攻击的。In the prior art, in the personal draft of IETF, draft-banks-quic-disable-encryption proposes the scenario and method of non-encryption, and adds the transmission parameter disable_1rtt_encryption for the client and server to negotiate whether encryption can be disabled. Agree to not encrypt, then use unencrypted transmission data. The handshake message still needs to be encrypted to prevent it from being maliciously tampered with by an intermediary. However, in addition to the handshake message, there are many control messages that will expose attack points, such as flow control messages. For messages, the stream ID can be modified to exhaust the available streams, causing normal communication parties to fail to open new streams; for example, address migration, a malicious intermediary can initiate address migration, pretending to be a normal communication party to send and receive messages. This is an unacceptable risk for data transmission. The draft draft-banks-quic-disable-encryption indicates that the applicable scenario is a fully trusted communication environment or the application has encrypted application data. However, as the cloud environment becomes more and more common, multi-tenancy makes there is no completely trusted communication environment in the cloud. Even the east-west traffic of the private cloud is not absolutely safe; and for the encrypted data of the user, the QUIC in the message The protocol part is still vulnerable.

为此,本申请提出了一种通过QUIC发送非敏感数据的方案,能够实现不加密非敏感数据传输,以降低非敏感数据传输消耗的CPU性能,保障非敏感数据传输的安全。For this reason, this application proposes a scheme for sending non-sensitive data through QUIC, which can realize non-encrypted non-sensitive data transmission, reduce the CPU performance consumed by non-sensitive data transmission, and ensure the security of non-sensitive data transmission.

参照图1所示,本发明实施例公开了一种通过QUIC发送非敏感数据的方法,应用于服务端,包括:Referring to Figure 1, the embodiment of the present invention discloses a method for sending non-sensitive data through QUIC, which is applied to the server, including:

步骤S11:获取客户端发送的连接请求,并检测所述连接请求中是否包含目标传输参数。Step S11: Obtain the connection request sent by the client, and detect whether the connection request contains target transmission parameters.

本实施例中,预先对QUIC协议进行参数配置,在客户端建立连接请求时,除了在连接请求中配置QUIC协议的正常传输参数外,还需增加目标传输参数,也即传输参数big_data,因此,当服务端接收到客户端发送的连接请求之后,对该连接请求进行检测,检测连接请求中是否存在除正常传输参数外的传输参数big_data。所述获取客户端发送的连接请求之后,还包括:通过唯一标识信息并基于所述连接请求与所述客户端建立连接。可以理解的是,QUIC连接是可以通过唯一标识信息进行连接的,这样一来,就可以避免同一个客户端和服务端在进行传输的过程中,若中途出现连接中断的情况,可以通过预先设置一个随机数作为唯一标识信息在二者之间进行连接。In this embodiment, the parameter configuration of the QUIC protocol is performed in advance. When the client establishes a connection request, in addition to configuring the normal transmission parameters of the QUIC protocol in the connection request, it is also necessary to increase the target transmission parameter, that is, the transmission parameter big_data. Therefore, After receiving the connection request sent by the client, the server detects the connection request, and detects whether there is a transmission parameter big_data other than normal transmission parameters in the connection request. After acquiring the connection request sent by the client, the method further includes: establishing a connection with the client based on the connection request through unique identification information. It is understandable that the QUIC connection can be connected through the unique identification information. In this way, it can avoid the same client and server in the process of transmission. If the connection is interrupted in the middle, you can use the preset A random number is used as unique identification information to connect between the two.

步骤S12:若检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择预设QUIC协议传输。Step S12: If it is detected that the connection request has the target transmission parameter and the server also has the target transmission parameter, select a preset QUIC protocol for transmission.

本实施例中,若检测到客户端发送的连接请求中存在目标传输参数,并且服务端也存在该目标传输参数时,则证明可以使用不加密视频传输的功能,也即立即开启预设QUIC协议传输;若检测到所述连接请求不存在所述目标传输参数和/或所述服务端不存在所述目标传输参数,则选择原始QUIC协议。可以理解的是,由于预先设置的目标传输参数的限制,若检测到连接请求不存在目标传输参数,但客户端存在目标传输参数时,不开启预设QUIC协议传输,依旧采用原始QUIC协议传输,也即加密传输;若检测到连接请求存在目标传输参数,但客户端不存在目标传输参数时,也不开启预设QUIC协议传输,依旧采用原始QUIC协议传输,在服务端协商执行客户端时也采用上述相同的逻辑。即只有客户端和服务端都存在传输参数big_data才可以启用预设QUIC协议不加密传输非敏感数据,敏感数据即为隐私数据,而非敏感数据则为非隐私数据,例如:视频点播数据、社会新闻、互联网公开内容、区块链公链交易数据等。In this embodiment, if it is detected that there is a target transmission parameter in the connection request sent by the client, and the server also has the target transmission parameter, it proves that the function of unencrypted video transmission can be used, that is, the preset QUIC protocol is immediately enabled Transmission: if it is detected that the connection request does not have the target transmission parameter and/or the server does not have the target transmission parameter, select the original QUIC protocol. It is understandable that due to the limitation of the preset target transmission parameters, if it is detected that the connection request does not have target transmission parameters, but the client has target transmission parameters, the default QUIC protocol transmission will not be enabled, and the original QUIC protocol will still be used for transmission. That is, encrypted transmission; if it is detected that there are target transmission parameters in the connection request, but the client does not have the target transmission parameters, the default QUIC protocol transmission will not be enabled, and the original QUIC protocol will still be used for transmission. Apply the same logic as above. That is, the default QUIC protocol can be enabled to transmit non-sensitive data without encryption only if the transmission parameter big_data exists on both the client and server. Sensitive data is private data, while non-sensitive data is non-private data, such as: video on demand data, social News, Internet public content, blockchain public chain transaction data, etc.

本实施例中,在原始QUIC协议中新增用于非加密数据传输方式的类型字段,以生成预设QUIC协议,可以理解的是,通过对原始QUIC协议进行修改,得到预设QUIC协议,具体的,原始QUIC协议在进行应用数据传输时,对整个Stream帧进行加密传输,Stream帧中包含Stream ID(数据流标识)、Offset Length(偏移长度)以及data等,若对整个Stream帧加密传输,则对其中的数据data也进行了加密传输,而在本实施例的具体场景下,无需对其中的数据data进行加密传输,所以预设QUIC协议的非敏感数据传输是通过加密QUIC报文,但不加密非敏感数据,也即,当启用预设QUIC协议时,相应的,当传输非敏感数据时对数据帧头部进行加密,不对数据data进行加密操作,也即,对Stream ID、Offset Length等字符串进行加密,而跳过待传输的非敏感数据data,又因为对于传输大量数据来说,0-RTT和1-RTT区别并不大,所以本实施例中的所述非敏感数据仅在1-RTT包中传输,即在短包头中进行传输,通过在短包头中增加类型字段,所述类型字段用于指示是否是指定的大量不需加密数据传输报文。例如:对短包头中的类型字段进行修改,具体如下:In this embodiment, a type field for non-encrypted data transmission mode is added to the original QUIC protocol to generate a preset QUIC protocol. It can be understood that the default QUIC protocol is obtained by modifying the original QUIC protocol, specifically Yes, the original QUIC protocol encrypts the entire Stream frame when transmitting application data. The Stream frame contains the Stream ID (data stream identifier), Offset Length (offset length), and data. If the entire Stream frame is encrypted for transmission , the data data in it is also encrypted and transmitted, and in the specific scenario of this embodiment, the data data in it does not need to be encrypted and transmitted, so the non-sensitive data transmission of the default QUIC protocol is through encrypted QUIC messages, But non-sensitive data is not encrypted, that is, when the default QUIC protocol is enabled, correspondingly, when non-sensitive data is transmitted, the data frame header is encrypted, and data data is not encrypted, that is, Stream ID, Offset Strings such as Length are encrypted, and the non-sensitive data data to be transmitted is skipped, and because the difference between 0-RTT and 1-RTT is not large for transmitting a large amount of data, the non-sensitive data in this embodiment Only transmit in the 1-RTT packet, that is, transmit in the short packet header. By adding a type field in the short packet header, the type field is used to indicate whether it is a specified large number of data transmission messages that do not need to be encrypted. For example: Modify the type field in the short header, as follows:

草案中短包头前8位分别为:The first 8 digits of the short Baotou in the draft are:

|0|1|S|R|R|K|P|P||0|1|S|R|R|K|P|P|

0(明文):固定值,表示短包头。0 (plain text): a fixed value, indicating a short header.

1(明文):固定值,用于校验,必须为1,为0丢弃。1 (plain text): fixed value, used for verification, must be 1, and discarded if it is 0.

S(明文):自旋位,用于延迟测量。S (plaintext): spin bit, used for delay measurement.

RR(密文):固定值,必须为0,其他值视为连接错误。RR (ciphertext): fixed value, must be 0, other values are regarded as connection errors.

K(密文):指示密钥是否更新。K (ciphertext): Indicates whether the key is updated.

PP(密文):包编号长度。PP (ciphertext): Packet number length.

本方案修改为:This plan is amended to:

|0|1|S|T|T|K|P|P||0|1|S|T|T|K|P|P|

0(明文):不变,固定值,表示短包头。0 (plain text): no change, a fixed value, indicating a short header.

1(明文):不变,固定值,用于校验,必须为1,为0丢弃。1 (plain text): unchanged, fixed value, used for verification, must be 1, and discarded if 0.

S(明文):不变,自旋位,用于延迟测量。S (plaintext): constant, spin bit, used for delay measurement.

TT(密文):由RR位修改而来,对应长包头的类型位,00为原始方式加密报文,01为非敏感数据,即本申请中新增数据传输方式,具体内容由使用者规定,本实施例以视频点播数据为例,其他值视为连接错误。TT (cipher text): modified from the RR bit, corresponding to the type bit of the long header, 00 is the original way to encrypt the message, 01 is the non-sensitive data, that is, the new data transmission method in this application, the specific content is specified by the user , this embodiment takes video-on-demand data as an example, and other values are regarded as connection errors.

K(密文):指示密钥是否更新,对于非敏感数据报文此位为0,如果收到值为1的数据包视为连接错误。K (ciphertext): Indicates whether the key is updated. For non-sensitive data packets, this bit is 0. If a data packet with a value of 1 is received, it is regarded as a connection error.

PP(密文):不变,包编号长度。PP (ciphertext): unchanged, the length of the packet number.

其中,短包头修改后,原始方式加密的报文内容没有变化,RR修改为TT后,当TT字符仍为00时,K对加密数据包来说使用方式没有变化,不影响原始报文格式,也不会影响其传输和包处理。可以理解的是,当检测到协议中TT的值为01时,开启对非敏感数据的不加密传输方式,当检测到协议中TT的值为00时,依旧对非敏感数据进行原始加密传输方式,检测短包头中的类型位为01时,说明所述类型位为非敏感数据传输方式,则将视频点播数据打包传输至所述客户端;需要注意的是,当短包头中TT位为01的时候,内部报文为本实施例中指定的大量未加密数据报文,也即QUIC不对视频点播数据加密,但是应用等自己可能会对视频点播数据加密。Among them, after the short header is modified, the content of the message encrypted in the original method remains unchanged. After RR is modified to TT, when the TT character is still 00, the use of K for the encrypted data packet remains unchanged and does not affect the original message format. It will not affect its transmission and packet processing. It is understandable that when the value of TT in the protocol is detected to be 01, the unencrypted transmission mode for non-sensitive data is enabled; when the value of TT in the protocol is detected to be 00, the original encrypted transmission mode is still used for non-sensitive data , when it is detected that the type bit in the short packet header is 01, it means that the type bit is a non-sensitive data transmission method, and then the video-on-demand data is packaged and transmitted to the client; it should be noted that when the TT bit in the short packet header is 01 When the internal message is a large number of unencrypted data messages specified in this embodiment, that is, QUIC does not encrypt the video-on-demand data, but the application itself may encrypt the video-on-demand data.

步骤S13:基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端。Step S13: Transmit non-sensitive data to the client based on the non-encrypted data transmission mode in the preset QUIC protocol.

本实施例中,当确定本次传输非敏感数据的方式为通过预设QUIC协议进行传输之后,通过选择的预设QUIC协议传输非敏感数据至客户端;需要注意的是,由于通过预设QUIC协议的方式进行传输,传输Stream帧的过程是有序且完整的,实现了非敏感数据的可靠性传输。In this embodiment, when it is determined that the non-sensitive data is transmitted through the preset QUIC protocol, the non-sensitive data is transmitted to the client through the selected preset QUIC protocol; it should be noted that due to the default QUIC The protocol is used for transmission, and the process of transmitting the Stream frame is orderly and complete, which realizes the reliable transmission of non-sensitive data.

由此可见,本申请公开了一种通过QUIC发送非敏感数据的方法,应用于服务端,包括:获取客户端发送的连接请求,并检测所述连接请求中是否包含目标传输参数;若检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择预设QUIC协议;基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端。可见,本申请通过对连接请求所连接的双方进行检测,以检测是否都包含目标传输参数的方式来确定是否开始预设QUIC协议传输,通过预设QUIC协议进行非敏感数据不加密方式进行传输,提高传输效率、节省资源、并保证安全性,同时不影响原有报文传输。It can be seen that this application discloses a method for sending non-sensitive data through QUIC, which is applied to the server, including: obtaining the connection request sent by the client, and detecting whether the connection request contains target transmission parameters; if detected The connection request has the target transmission parameter and the server also has the target transmission parameter, then select the default QUIC protocol; based on the non-encrypted data transmission method in the preset QUIC protocol, the non-sensitive data is transmitted to the client. It can be seen that this application determines whether to start the preset QUIC protocol transmission by detecting both parties connected to the connection request to detect whether the target transmission parameters are included, and the non-sensitive data is transmitted through the preset QUIC protocol without encryption. Improve transmission efficiency, save resources, and ensure security without affecting original message transmission.

参照图2所示,本发明实施例公开了一种具体的通过QUIC发送非敏感数据的方法,相对于上一实施例,本实施例对技术方案作了进一步的说明和优化。具体的:Referring to FIG. 2 , the embodiment of the present invention discloses a specific method for sending non-sensitive data through QUIC. Compared with the previous embodiment, this embodiment further explains and optimizes the technical solution. specific:

步骤S21:基于预设加密算法对Stream ID和Offset Length进行加密处理。Step S21: Encrypt the Stream ID and Offset Length based on a preset encryption algorithm.

本实施例中,在原始QUIC协议中新增用于非加密数据传输方式的类型字段,并分别对用于非加密数据传输方式的所述类型字段、Stream帧中的Stream ID和Offset Length进行加密处理,以生成预设QUIC协议。可以理解的是,加密处理首先获取随机数,其中,获取随机数的方式为通过采样固定位数的数据进行确定,具体的从Offset Length结束之后的预设位进行采样操作,采样136位,其中,当采样的Stream ID和Offset不足128位时,跳过一部分非敏感数据data,从固定位置进行采样,这样一来,采样的随机数为固定的随机数,用于加解密时进行密钥的计算,采样的随机数为包括Fin Bit(结束位)、Stream ID length(数据流标识长度)、Offset length在内的位数据。服务端端在跳过非敏感数据data进行采样导致的采样长度不足预设采样长度时,需要补足。客户端端在收到不足采样长度的帧时,需要丢弃。In this embodiment, the type field used for non-encrypted data transmission mode is newly added in the original QUIC protocol, and the type field used for non-encrypted data transmission mode, Stream ID and Offset Length in the Stream frame are encrypted respectively Handle to generate preset QUIC protocols. It can be understood that the encryption process first obtains a random number, wherein the method of obtaining the random number is to determine by sampling data with a fixed number of bits, specifically, the sampling operation is performed from the preset bit after the end of the Offset Length, and 136 bits are sampled, where , when the sampled Stream ID and Offset are less than 128 bits, skip a part of non-sensitive data data, and sample from a fixed position. In this way, the sampled random number is a fixed random number, which is used for key encryption during encryption and decryption For calculation, the sampled random number is bit data including Fin Bit (end bit), Stream ID length (data stream identification length), and Offset length. When the sampling length caused by skipping non-sensitive data for sampling on the server side is less than the preset sampling length, it needs to make up for it. When the client receives a frame with less than the sample length, it needs to discard it.

本实施例中,当获取随机数之后,使用预设加密算法生成mask,具体的,可以利用预设加密算法对短包头密钥或者包密钥、随机数进行计算,生成对应Stream帧的mask(掩码),也即Stream帧的加密密钥,完成对Stream帧的头部加密。其中,所述预设加密算法具体可以包括但不限于:AES(Advanced Encryption Standard,高级加密标准)算法、Chacha2.0算法(流式对称加密)。计算Stream帧的mask的过程为,先取一定长度的sample,也即随机数,之后分别利用预设加密算法生成mask,得到mask。In this embodiment, after the random number is obtained, a preset encryption algorithm is used to generate a mask. Specifically, a preset encryption algorithm can be used to calculate the short header key or packet key, and random numbers to generate a mask corresponding to the Stream frame ( mask), that is, the encryption key of the Stream frame, to complete the encryption of the header of the Stream frame. Wherein, the preset encryption algorithm may specifically include but not limited to: AES (Advanced Encryption Standard, Advanced Encryption Standard) algorithm, Chacha2.0 algorithm (streaming symmetric encryption). The process of calculating the mask of the Stream frame is to first take a sample of a certain length, that is, a random number, and then use a preset encryption algorithm to generate a mask to obtain the mask.

步骤S22:当选择预设QUIC协议传输之后,将非敏感数据分别以非加密方式存放在Stream帧,以便通过传输所述Stream帧将所述非敏感数据传输至所述客户端。Step S22: After the default QUIC protocol is selected for transmission, store the non-sensitive data in the Stream frame in an unencrypted manner, so that the non-sensitive data can be transmitted to the client by transmitting the Stream frame.

本实施例中,当选择预设QUIC协议传输之后,将非敏感数据打包存在Stream帧中,通过传输该Stream帧至客户端的方式完成非敏感数据的传输;其中,需要注意的是,数据包可以有多个帧,可以理解的是,由于本实施例中描述的报文一般用于传输大量数据,所以不涉及包合并、帧合并,一个UDP包内仅一个QUIC包,一个QUIC包仅包含一个Stream帧,所以不需要帧长度字段,长度一直延续到UDP包结束,因为仅用于传输应用数据所以也可以不使用帧类型字段,所以帧类型中的OFF位也不适用,而Stream ID和Offset Length是必须要的,仅保留FIN位用以标识流中数据结束。一般来说,Stream ID Length占用3位,加一后指示Stream ID的长度;Offset Length占用4位,指示Offset的长度,当Length为0时,则不存在Offset字段。In this embodiment, when the preset QUIC protocol is selected for transmission, the non-sensitive data is packaged and stored in the Stream frame, and the transmission of the non-sensitive data is completed by transmitting the Stream frame to the client; where it should be noted that the data packet can There are multiple frames. It can be understood that since the message described in this embodiment is generally used to transmit a large amount of data, it does not involve packet merging and frame merging. There is only one QUIC packet in a UDP packet, and a QUIC packet contains only one Stream frame, so the frame length field is not needed, and the length continues until the end of the UDP packet. Because it is only used to transmit application data, the frame type field may not be used, so the OFF bit in the frame type is not applicable, and the Stream ID and Offset Length is required, and only the FIN bit is reserved to indicate the end of data in the stream. Generally speaking, the Stream ID Length occupies 3 bits and indicates the length of the Stream ID after adding one; the Offset Length occupies 4 bits and indicates the length of the Offset. When the Length is 0, the Offset field does not exist.

步骤S23:通过所述客户端计算mask,利用所述mask对所述Stream ID和所述Offset Length进行解密,若解密成功,则保存所述Stream帧中的非敏感数据。Step S23: Calculate the mask through the client, use the mask to decrypt the Stream ID and the Offset Length, and save the non-sensitive data in the Stream frame if the decryption is successful.

本实施例中,当接收Stream帧之后,再次计算mask,利用计算出的mask对Stream帧头部中的Stream ID和所述Offset Length进行解密,解密成功,即可获取到Stream帧中的非敏感数据,解密失败,无法获取Stream帧中的非敏感数据。因此,若客户端由于一些因素未接收到部分Stream帧,则服务端可以通过客户端反馈的包号和确认应答信息判断当前某一个Stream帧未被客户端成功接收,由于每一个Stream帧存在包号,而包号的顺序又是根据数据在发送过程中的前后顺序单调递增的,因此,在客户端接收到多个Stream帧之后,再次通过解密成功获取的Offset对异步到达的Stream帧进行排序,组合形成完整的非敏感数据。其中,所述Offset为数据偏移量,表示该Stream帧在整个数据中的偏移量。In this embodiment, after receiving the Stream frame, calculate the mask again, use the calculated mask to decrypt the Stream ID and the Offset Length in the Stream frame header, and if the decryption is successful, the non-sensitive ID in the Stream frame can be obtained. Data, the decryption failed, and the non-sensitive data in the Stream frame could not be obtained. Therefore, if the client does not receive some Stream frames due to some factors, the server can judge that a current Stream frame has not been successfully received by the client through the packet number and confirmation response information fed back by the client. number, and the order of the packet number is monotonically increasing according to the order of the data in the sending process. Therefore, after the client receives multiple Stream frames, it sorts the asynchronously arriving Stream frames by decrypting the successfully obtained Offset again. , combined to form complete non-sensitive data. Wherein, the Offset is a data offset, indicating an offset of the Stream frame in the entire data.

由此可见,本实施例中,由于在传输非敏感数据时需要使用Stream ID和Offset,因此对StreamID和Offset使用包头保护或者其他算法加以保护,提高避免该部分的QUIC协议被攻破的可能性,以及提高由于QUIC协议被攻破导致非敏感数据传输过程被暴露,进而产生各种风险的可能性。It can be seen that in this embodiment, since Stream ID and Offset need to be used when transmitting non-sensitive data, StreamID and Offset are protected using header protection or other algorithms to improve the possibility of avoiding this part of the QUIC protocol from being broken. As well as increasing the possibility that the non-sensitive data transmission process will be exposed due to the breach of the QUIC protocol, resulting in various risks.

参照图3所示,本发明实施例还公开了一种通过QUIC发送非敏感数据的方法,应用于客户端,包括:Referring to Figure 3, the embodiment of the present invention also discloses a method for sending non-sensitive data through QUIC, which is applied to the client, including:

步骤S31:发送连接请求至服务端,以便所述服务端检测所述连接请求中是否包含目标传输参数,所述服务端用于在检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择对应的预设QUIC协议;Step S31: Send a connection request to the server, so that the server can detect whether the connection request contains the target transmission parameter, and the server is used to detect that the connection request has the target transmission parameter and the service If the target transmission parameter also exists at the end, select the corresponding preset QUIC protocol;

步骤S32:接收所述服务端通过所述预设QUIC协议中的非加密数据传输方式发送的非敏感数据。Step S32: Receive the non-sensitive data sent by the server through the non-encrypted data transmission mode in the preset QUIC protocol.

其中,步骤S31、S32中更加详细的处理过程请参照前述公开的实施例内容,在此不再进行赘述。Wherein, for more detailed processing procedures in steps S31 and S32, please refer to the content of the aforementioned disclosed embodiments, and details are not repeated here.

由此可见,本申请公开了一种通过QUIC发送非敏感数据的方法,应用于服务端,包括:获取客户端发送的连接请求,并检测所述连接请求中是否包含目标传输参数;若检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择预设QUIC协议;基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端。可见,本申请通过对连接请求所连接的双方进行检测,以检测是否都包含目标传输参数的方式来确定是否开始预设QUIC协议传输,通过预设QUIC协议进行非敏感数据不加密方式进行传输,提高传输效率、节省资源、并保证安全性,同时不影响原有报文传输。It can be seen that this application discloses a method for sending non-sensitive data through QUIC, which is applied to the server, including: obtaining the connection request sent by the client, and detecting whether the connection request contains target transmission parameters; if detected The connection request has the target transmission parameter and the server also has the target transmission parameter, then select the default QUIC protocol; based on the non-encrypted data transmission method in the preset QUIC protocol, the non-sensitive data is transmitted to the client. It can be seen that this application determines whether to start the preset QUIC protocol transmission by detecting both parties connected to the connection request to detect whether the target transmission parameters are included, and the non-sensitive data is transmitted through the preset QUIC protocol without encryption. Improve transmission efficiency, save resources, and ensure security without affecting original message transmission.

参照图4所示,本发明实施例公开了一种通过QUIC发送非敏感数据的装置,应用于服务端,包括:Referring to Figure 4, the embodiment of the present invention discloses a device for sending non-sensitive data through QUIC, which is applied to the server, including:

参数检测模块11,用于获取客户端发送的连接请求,并检测所述连接请求中是否包含目标传输参数;The parameter detection module 11 is used to obtain the connection request sent by the client, and detect whether the connection request contains target transmission parameters;

传输开启模块12,用于若检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择预设QUIC协议传输;The transmission enabling module 12 is configured to select a preset QUIC protocol transmission if it is detected that the connection request has the target transmission parameter and the server also has the target transmission parameter;

数据传输模块13,用于基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端。The data transmission module 13 is configured to transmit non-sensitive data to the client based on the non-encrypted data transmission mode in the preset QUIC protocol.

其中,关于上述各个模块更加具体的工作过程可以参考前述实施例中公开的相应内容,在此不再进行赘述。For the more specific working process of each of the above modules, reference may be made to the corresponding content disclosed in the foregoing embodiments, which will not be repeated here.

由此可见,本申请还公开了一种装置,装置中采用的具体方法为上述实施例中通过QUIC发送非敏感数据的方法,包括:获取客户端发送的连接请求,并检测所述连接请求中是否包含目标传输参数;若检测到所述连接请求存在所述目标传输参数且所述服务端也存在所述目标传输参数,则选择预设QUIC协议;基于所述预设QUIC协议中的非加密数据传输方式将非敏感数据传输至所述客户端。可见,所述装置通过对连接请求所连接的双方进行检测,以检测是否都包含目标传输参数的方式来确定是否开始预设QUIC协议传输,通过预设QUIC协议进行非敏感数据不加密方式进行传输,提高传输效率、节省资源、并保证安全性,同时不影响原有报文传输。It can be seen that the present application also discloses a device. The specific method used in the device is the method of sending non-sensitive data through QUIC in the above embodiment, including: obtaining the connection request sent by the client, and detecting the connection request sent by the client. Whether to include the target transmission parameter; if it is detected that the connection request has the target transmission parameter and the server also has the target transmission parameter, then select the default QUIC protocol; based on the non-encryption in the preset QUIC protocol The data transfer method transfers non-sensitive data to the client. It can be seen that the device determines whether to start the preset QUIC protocol transmission by detecting both parties connected to the connection request to detect whether the target transmission parameters are included, and transmits non-sensitive data without encryption through the preset QUIC protocol , improve transmission efficiency, save resources, and ensure security without affecting original message transmission.

进一步的,本申请实施例还公开了一种电子设备,图5是根据一示例性实施例示出的电子设备20结构图,图中的内容不能认为是对本申请的使用范围的任何限制。Further, the embodiment of the present application also discloses an electronic device. FIG. 5 is a structural diagram of an electronic device 20 according to an exemplary embodiment. The content in the figure should not be regarded as any limitation on the application scope of the present application.

图5为本申请实施例提供的一种电子设备20的结构示意图。该电子设备20,具体可以包括:至少一个处理器21、至少一个存储器22、电源23、通信接口24、输入输出接口25和通信总线26。其中,所述存储器22用于存储计算机程序,所述计算机程序由所述处理器21加载并执行,以实现前述任一实施例公开的通过QUIC发送非敏感数据的方法中的相关步骤。另外,本实施例中的电子设备20具体可以为电子计算机。FIG. 5 is a schematic structural diagram of an electronic device 20 provided in an embodiment of the present application. The electronic device 20 may specifically include: at least one processor 21 , at least one memory 22 , a power supply 23 , a communication interface 24 , an input/output interface 25 and a communication bus 26 . Wherein, the memory 22 is used to store a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the method for sending non-sensitive data through QUIC disclosed in any of the above-mentioned embodiments. In addition, the electronic device 20 in this embodiment may specifically be an electronic computer.

本实施例中,电源23用于为电子设备20上的各硬件设备提供工作电压;通信接口24能够为电子设备20创建与外界设备之间的数据传输通道,其所遵循的通信协议是能够适用于本申请技术方案的任意通信协议,在此不对其进行具体限定;输入输出接口25,用于获取外界输入数据或向外界输出数据,其具体的接口类型可以根据具体应用需要进行选取,在此不进行具体限定。In this embodiment, the power supply 23 is used to provide working voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and external devices, and the communication protocol it follows is applicable Any communication protocol in the technical solution of the present application is not specifically limited here; the input and output interface 25 is used to obtain external input data or output data to the external, and its specific interface type can be selected according to specific application needs, here Not specifically limited.

其中,处理器21可以包括一个或多个处理核心,比如4核心处理器、8核心处理器等。处理器21可以采用DSP(Digital Signal Processing,数字信号处理)、FPGA(Field-Programmable Gate Array,现场可编程门阵列)、PLA(Programmable Logic Array,可编程逻辑阵列)中的至少一种硬件形式来实现。处理器21也可以包括主处理器和协处理器,主处理器是用于对在唤醒状态下的数据进行处理的处理器,也称CPU(Central ProcessingUnit,中央处理器);协处理器是用于对在待机状态下的数据进行处理的低功耗处理器。在一些实施例中,处理器21可以在集成有GPU(Graphics Processing Unit,图像处理器),GPU用于负责显示屏所需要显示的内容的渲染和绘制。一些实施例中,处理器21还可以包括AI(Artificial Intelligence,人工智能)处理器,该AI处理器用于处理有关机器学习的计算操作。Wherein, the processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. Processor 21 can adopt at least one hardware form in DSP (Digital Signal Processing, digital signal processing), FPGA (Field-Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array, programmable logic array) accomplish. Processor 21 may also include a main processor and a coprocessor, and the main processor is a processor for processing data in a wake-up state, also known as a CPU (Central Processing Unit, central processing unit); Low-power processor for processing data in standby state. In some embodiments, the processor 21 may be integrated with a GPU (Graphics Processing Unit, image processor), and the GPU is used for rendering and drawing the content to be displayed on the display screen. In some embodiments, the processor 21 may further include an AI (Artificial Intelligence, artificial intelligence) processor, where the AI processor is used to process computing operations related to machine learning.

另外,存储器22作为资源存储的载体,可以是只读存储器、随机存储器、磁盘或者光盘等,其上所存储的资源可以包括操作系统221、计算机程序222等,存储方式可以是短暂存储或者永久存储。In addition, the memory 22, as a resource storage carrier, can be a read-only memory, random access memory, magnetic disk or optical disk, etc., and the resources stored thereon can include operating system 221, computer program 222, etc., and the storage method can be temporary storage or permanent storage. .

其中,操作系统221用于管理与控制电子设备20上的各硬件设备以及计算机程序222,以实现处理器21对存储器22中海量数据223的运算与处理,其可以是Windows Server、Netware、Unix、Linux等。计算机程序222除了包括能够用于完成前述任一实施例公开的由电子设备20执行的通过QUIC发送非敏感数据的方法的计算机程序之外,还可以进一步包括能够用于完成其他特定工作的计算机程序。数据223除了可以包括电子设备接收到的由外部设备传输进来的数据,也可以包括由自身输入输出接口25采集到的数据等。Wherein, the operating system 221 is used to manage and control each hardware device and computer program 222 on the electronic device 20, so as to realize the calculation and processing of the massive data 223 in the memory 22 by the processor 21, which can be Windows Server, Netware, Unix, Linux, etc. In addition to the computer program 222 including the computer program that can be used to complete the method for sending non-sensitive data through QUIC performed by the electronic device 20 disclosed in any of the foregoing embodiments, it can further include a computer program that can be used to complete other specific tasks . The data 223 may not only include data received by the electronic device and transmitted from an external device, but may also include data collected by its own input and output interface 25 and the like.

进一步的,本申请还公开了一种计算机可读存储介质,用于存储计算机程序;其中,所述计算机程序被处理器执行时实现前述公开的通过QUIC发送非敏感数据的方法。关于该方法的具体步骤可以参考前述实施例中公开的相应内容,在此不再进行赘述。Furthermore, the present application also discloses a computer-readable storage medium for storing a computer program; wherein, when the computer program is executed by a processor, the aforementioned method for sending non-sensitive data through QUIC is implemented. Regarding the specific steps of the method, reference may be made to the corresponding content disclosed in the foregoing embodiments, and details are not repeated here.

本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same or similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for the related information, please refer to the description of the method part.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application. The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。Finally, it should also be noted that in this text, relational terms such as first and second etc. are only used to distinguish one entity or operation from another, and do not necessarily require or imply that these entities or operations, any such actual relationship or order exists. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.

以上对本发明所提供的一种通过QUIC发送非敏感数据的方法、装置、设备、介质进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。A method, device, equipment, and medium for sending non-sensitive data through QUIC provided by the present invention have been introduced in detail above. In this paper, specific examples are used to illustrate the principle and implementation of the present invention. The description of the above embodiments It is only used to help understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and scope of application. In summary, The contents of this description should not be construed as limiting the present invention.

Claims (10)

1. A method for sending non-sensitive data through QUIC is characterized in that the method is applied to a server and comprises the following steps:
acquiring a connection request sent by a client, and detecting whether the connection request contains a target transmission parameter;
if the target transmission parameters exist in the connection request and the target transmission parameters also exist in the server, selecting a preset QUIC protocol;
and transmitting non-sensitive data to the client based on a non-encrypted data transmission mode in the preset QUIC protocol.
2. The method of claim 1, wherein after detecting whether the connection request includes the target transmission parameter, the method further comprises:
and if the connection request does not have the target transmission parameter and/or the server does not have the target transmission parameter, selecting an original QUIC protocol.
3. The method of transmitting non-sensitive data via QUIC according to claim 1, further comprising:
and adding a type field for an unencrypted data transmission mode in the original QUIC protocol to generate a preset QUIC protocol.
4. The method for sending non-sensitive data through QUIC according to claim 3, wherein said adding a type field for non-encrypted data transmission in original QUIC protocol to generate a preset QUIC protocol further comprises:
and respectively carrying out encryption processing on the type field used for the non-encrypted data transmission mode, the Stream ID and the Offset Length in the Stream frame to generate a preset QUIC protocol.
5. The method for transmitting non-sensitive data through QUIC according to claim 4, wherein said transmitting non-sensitive data to said client based on non-encrypted data transmission in said preset QUIC protocol includes:
encrypting the Stream ID and the Offset Length based on a preset encryption algorithm; and respectively storing the non-sensitive data in a Stream frame in a non-encryption mode so as to transmit the non-sensitive data to the client by transmitting the Stream frame.
6. The method of sending non-sensitive data through QUIC according to claim 5, after said transmitting non-sensitive data to said client based on non-encrypted data transmission in said preset QUIC protocol, further comprising:
calculating a mask through the client, decrypting the StreamID and the Offset Length by using the mask, and if the decryption is successful, saving the non-sensitive data in the Stream frame.
7. A method for sending non-sensitive data through QUIC is characterized by being applied to a client and comprising the following steps:
sending a connection request to a server so that the server can detect whether the connection request contains target transmission parameters or not, wherein the server is used for selecting a corresponding preset QUIC protocol when detecting that the connection request contains the target transmission parameters and the server also contains the target transmission parameters;
and receiving non-sensitive data sent by the server side through a non-encrypted data transmission mode in the preset QUIC protocol.
8. An apparatus for transmitting non-sensitive data through QUIC, applied to a server, comprising:
the parameter detection module is used for acquiring a connection request sent by a client and detecting whether the connection request contains a target transmission parameter;
the transmission starting module is used for selecting a preset QUIC protocol if the target transmission parameters exist in the connection request and the target transmission parameters also exist in the server side;
and the data transmission module is used for transmitting non-sensitive data to the client based on a non-encrypted data transmission mode in the preset QUIC protocol.
9. An electronic device, comprising:
a memory for storing a computer program;
processor for executing said computer program for implementing the steps of the method for transmitting non-sensitive data through a QUIC according to any of claims 1 to 6.
10. A computer-readable storage medium for storing a computer program; wherein said computer program, when being executed by a processor, carries out the steps of the method of transmitting non-sensitive data through a QUIC according to any of claims 1 to 6.
CN202211418172.1A 2022-11-14 2022-11-14 A method, device, equipment, and medium for sending non-sensitive data via QUIC Active CN115766902B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211418172.1A CN115766902B (en) 2022-11-14 2022-11-14 A method, device, equipment, and medium for sending non-sensitive data via QUIC

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211418172.1A CN115766902B (en) 2022-11-14 2022-11-14 A method, device, equipment, and medium for sending non-sensitive data via QUIC

Publications (2)

Publication Number Publication Date
CN115766902A true CN115766902A (en) 2023-03-07
CN115766902B CN115766902B (en) 2025-05-23

Family

ID=85370027

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211418172.1A Active CN115766902B (en) 2022-11-14 2022-11-14 A method, device, equipment, and medium for sending non-sensitive data via QUIC

Country Status (1)

Country Link
CN (1) CN115766902B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116233563A (en) * 2023-03-17 2023-06-06 上海哔哩哔哩科技有限公司 Method and system for transmitting audio and video data
CN117097813A (en) * 2023-10-19 2023-11-21 广州宇中网络科技有限公司 Protocol adaptation method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200204519A1 (en) * 2018-12-20 2020-06-25 Check Point Software Technologies Ltd. Method for performing tls/ssl inspection based on verified subject name
CN112738004A (en) * 2019-10-14 2021-04-30 上海哔哩哔哩科技有限公司 Communication method and system based on QUIC transmission protocol
CN113114701A (en) * 2021-04-30 2021-07-13 网络通信与安全紫金山实验室 QUIC data transmission method and device
CN115242560A (en) * 2022-09-23 2022-10-25 浙江大华技术股份有限公司 Multichannel data transmission method and device
CN115334138A (en) * 2021-04-26 2022-11-11 华为技术有限公司 QUIC data transmission method, device, client and server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200204519A1 (en) * 2018-12-20 2020-06-25 Check Point Software Technologies Ltd. Method for performing tls/ssl inspection based on verified subject name
CN112738004A (en) * 2019-10-14 2021-04-30 上海哔哩哔哩科技有限公司 Communication method and system based on QUIC transmission protocol
CN115334138A (en) * 2021-04-26 2022-11-11 华为技术有限公司 QUIC data transmission method, device, client and server
CN113114701A (en) * 2021-04-30 2021-07-13 网络通信与安全紫金山实验室 QUIC data transmission method and device
CN115242560A (en) * 2022-09-23 2022-10-25 浙江大华技术股份有限公司 Multichannel data transmission method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116233563A (en) * 2023-03-17 2023-06-06 上海哔哩哔哩科技有限公司 Method and system for transmitting audio and video data
CN117097813A (en) * 2023-10-19 2023-11-21 广州宇中网络科技有限公司 Protocol adaptation method, device, equipment and storage medium
CN117097813B (en) * 2023-10-19 2024-01-26 广州宇中网络科技有限公司 Protocol adaptation method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN115766902B (en) 2025-05-23

Similar Documents

Publication Publication Date Title
US10069800B2 (en) Scalable intermediate network device leveraging SSL session ticket extension
EP3603003B1 (en) Hardware-accelerated secure communication management
CN106713320B (en) Terminal data transmission method and device
US20230421394A1 (en) Secure authentication of remote equipment
US11070533B2 (en) Encrypted server name indication inspection
CN111628976B (en) Message processing method, device, equipment and medium
US20070245140A1 (en) Communication system and network control apparatus with encryption processing function, and communication control method
US20200228505A1 (en) Private Exchange of Encrypted Data Over A Computer Network
CN115766902B (en) A method, device, equipment, and medium for sending non-sensitive data via QUIC
US20120324090A1 (en) Resource control method, apparatus, and system in peer-to-peer network
CN106487802B (en) The method for detecting abnormal and device of IPSec SA based on DPD agreement
CN104753925A (en) Gateway system and method for encrypting and decoding files
CN116647425B (en) An IPSec-VPN implementation method, device, electronic device and storage medium of OVN architecture
CN105721505A (en) Data secure transmission method, device and system
CN116633582A (en) Secure communication method, apparatus, electronic device and storage medium
CN115174188A (en) Message transmission method and device, electronic equipment and storage medium
CN114679265A (en) Flow obtaining method and device, electronic equipment and storage medium
CN111416791B (en) Data transmission method, equipment and system
WO2016176858A1 (en) Request transmission method and client
CN107770018B (en) Communication method and device for serial communication system
US20220255911A1 (en) Method for Secure Communication and Device
CN117319088B (en) Method, device, equipment and medium for blocking illegal external connection equipment
CN118632051A (en) Video stream transmission method, device, electronic device and storage medium
CN117978447A (en) System and method for cross-network and cross-domain transmission based on physical isolation
CN116938591A (en) Group message forwarding method, electronic device and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Country or region after: China

Address after: No. 9 Mozhou East Road, Nanjing City, Jiangsu Province, 211111

Applicant after: Zijinshan Laboratory

Address before: No. 9 Mozhou East Road, Jiangning Economic Development Zone, Jiangning District, Nanjing City, Jiangsu Province

Applicant before: Purple Mountain Laboratories

Country or region before: China

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant