WO2015043421A1 - Information transmission method, device and system thereof - Google Patents

Information transmission method, device and system thereof Download PDF

Info

Publication number
WO2015043421A1
WO2015043421A1 PCT/CN2014/086897 CN2014086897W WO2015043421A1 WO 2015043421 A1 WO2015043421 A1 WO 2015043421A1 CN 2014086897 W CN2014086897 W CN 2014086897W WO 2015043421 A1 WO2015043421 A1 WO 2015043421A1
Authority
WO
WIPO (PCT)
Prior art keywords
transmission
data packets
tunnel
prepared
packets prepared
Prior art date
Application number
PCT/CN2014/086897
Other languages
French (fr)
Inventor
Sheng Guan
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2015043421A1 publication Critical patent/WO2015043421A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the present disclosure relates to computer information and communication technology field, and more particularly to an information transmission method, a device and a system thereof.
  • information such as images, files, messages and various types of data may be transferred by communication networks, for example, the Internet and/or a service provider such as General Packet Radio Service (GPRS) , almost anytime and anywhere based on user demand.
  • GPRS General Packet Radio Service
  • a method of sending messages by instant messaging application may enable users to edit messages using a user interface provided by the instant messaging application.
  • data packets may be produced or prepared by the instant messaging application.
  • Some communication applications may produce data packets prepared for transmission including, for example, a five tuple including a source IP address, a destination IP address, a port identifier and the edited message.
  • Other communication applications may include other or different information in the data packets prepared for transmission.
  • the data packets that are produced or prepared for transmission may be referred to as transmission data packets.
  • the data packets may be sent to routing devices through a network card and/or other modules.
  • the data packets may be sent to a target server via the routing devices, for example, an instant messaging server, and then on to end users through one or more routing devices, for example, WIFI hot spots, and/or other routing devices.
  • messages may be sent by email applications or web browsers via WIFI hot spots, and/or other routing devices.
  • a user device on a client side may send a message via one or more routing devices to a backend server on a server side.
  • the backend server may provide a communication service and may forward the message to an appropriate server, for example, may forward email messages to an email server or instant messages to an instant messaging server.
  • the appropriate server may then forward the messages to a destination device.
  • illegal or malicious programs may be utilized to analyze the users’ transmission packets and/or monitor users’ online behavior, based on the transmitted data packets. In this manner, sensitive information within the data packets may be intercepted in the routing devices. In this regard, existing information transmission methods may not protect a user’s online behavior, which may result in a loss to the user.
  • Embodiments of the disclosure may include an information transmission method, device and/or system thereof that may provide improvements in effectively hiding a user's online behavior.
  • Embodiments of the present disclosure may provide an information transmission method comprising:
  • obtaining data packets prepared for transmission comprising information to be sent to a destination device
  • embodiments of the present disclosure may provide an information transmission method comprising:
  • a transmission device receiving data packets prepared for transmission that are encrypted and encapsulated and sent by a tunnel transmission client module in a user terminal;
  • an obtaining module in a user terminal may obtain data packets prepared for transmission comprising information to be sent to a destination device;
  • a processing module that may call a tunnel transmission client module that may encrypt the data packets prepared for transmission, and may encapsulate the encrypted data packets prepared for transmission in a predefined format;
  • a transmitting module that may send the data packets prepared for transmission that are encrypted and encapsulated to a transmission device that is indicated by destination ports within the tunnel transmission client module, wherein the transmission device may restore the data packets prepared for transmission by calling a tunnel transmission service module that may correspond to the tunnel transmission client module, and may transmit the data packets prepared for transmission obtained by restoration, to the destination device.
  • Embodiments of the present disclosure may also provide a corresponding information transmission device comprising:
  • a receiving module that may receive data packets prepared for transmission that may be encrypted and/or encapsulated in a predefined format and sent by a terminal tunnel client transmission module in a user terminal;
  • the embodiments of the present disclosure also provide an information transmission system that may include a user terminal and a transmission device, for example, a server, wherein:
  • the user terminal may:
  • a tunnel transmission client module that may:
  • the server may:
  • Embodiments of the present disclosure may include the process of encrypting and encapsulating information or data packets that are already prepared for transmission using the tunnel transmission client module in the user terminal and the corresponding tunnel transmission server module in the server, to extend an information transmission process.
  • WIFI hot spots and other routing devices that may be connected to the user terminal and/or the server may not be used to determine a user’s online behavior.
  • the method, apparatus and system of this disclosure may realize information transmission, guard against monitoring of user’s internet behavior, protect user's privacy, and secure the information being transmitted.
  • Figure 1 is a flowchart of an exemplary method for information transmission in accordance with an embodiment of the present disclosure.
  • Figure 2 is a flowchart of an exemplary method for information transmission in a user terminal in accordance with an embodiment of the present disclosure.
  • FIG. 3 is a flowchart of an exemplary method for information transmission in a server in accordance with an embodiment of the present disclosure.
  • Figure 4 is a diagram of an exemplary system for information transmission in accordance with an embodiment of the present disclosure.
  • Figure 6 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure.
  • Figure 7 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure.
  • FIG. 8 is block diagram of an exemplary processing module in an information transmission device in accordance with an embodiment of the present disclosure.
  • Figure 9 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure.
  • Figure 1 is a flowchart of an exemplary method for information transmission in accordance with an embodiment of the present disclosure.
  • the method may be applied in various terminal devices, for example, smart phones, tablet computers, personal computers, laptops and intelligent wearable devices.
  • the terminal devices may be referred to as a terminal or a user terminal, for example.
  • a device may refer to an apparatus.
  • the method may include the following steps.
  • step S101 data packets prepared for transmission comprising information to be sent to a destination device may be obtained in a terminal device, for example, a user terminal.
  • the data packets prepared for transmission may comprise data packets obtained as a result of the use of various applications in the terminal device, for example, communication applications.
  • the data packets prepared for transmission may be generated by an instant messaging application when a user edits information using the instant messaging application.
  • a user may edit an email message in an email application and the data packets prepared for transmission may be generated by the email application in the terminal device.
  • Step S101 may be performed to obtain the data packets prepared for transmission before sending these data packets through network cards and/or other communications modules to WIFI hot spots and/or other routing devices and prior to performing step S102.
  • a tunnel transmission client module may be called to encrypt the data packets prepared for transmission, and encapsulate the encrypted data packets in a predefined format.
  • the tunnel transmission client module may be referred to as a tunnel transmission module or terminal tunnel transmission module, for example.
  • the data packets may be sent to a transmission device, for example, a server such as a backend server, an instant messaging server or email server, which may be indicated by destination ports identified within the tunnel transmission client module.
  • the data packets prepared for transmission may be restored by the transmission device by calling a tunnel transmission service module that may match or correspond to the tunnel transmission client module in the terminal device.
  • the tunnel transmission service module may be referred to as a tunnel transmission server module.
  • the restored data packets prepared for transmission may be transmitted by the transmission device.
  • the transmission device may be a server.
  • the transmission device may be a backend server or a server of a communications service provider or third party system.
  • the transmission device may comprise a backend server that forwards data packets to an email server or instant messaging server for transmission to a destination device, for example.
  • the transmission device may monitor data packets received from the terminal device during a process of intercepting data packets within the destination port of the transmission device.
  • a tunnel transmission service module may parse, decrypt and restore the data packets prepared for transmission and send the data packets prepared for transmission according to information within the data packet prepared for transmission, for example, the five tuples including the source IP address, the target or destination IP, the port identification, protocol and/or other information in the data packet.
  • Embodiments of the present disclosure not only realize transmission of the information, but also guards against monitoring of users’ Internet behavior, protects user privacy, and ensures information security.
  • FIG. 2 is a flowchart of an exemplary method for information transmission in accordance with an embodiment of the present disclosure.
  • the exemplary method may be applied in various terminal devices, for example, user terminals such as smart phones, tablet computers, personal computers, laptops, intelligent wearable devices and the like.
  • the method may comprise the following steps.
  • step S201 data packets may be obtained, which may be prepared for transmission and that may comprise information that needs to be sent.
  • the data packets may be sent to the tunnel transmission module by redirection.
  • the data packets prepared for transmission may be redirected within the source user terminal device, utilizing a Transmission Control Protocol (TCP) connection and a redirect socket, to a Hypertext Transfer Protocol (HTTP) tunnel client module in the user terminal.
  • TCP Transmission Control Protocol
  • HTTP Hypertext Transfer Protocol
  • the tunnel transmission client module may be controlled to encrypt the data packets prepared for transmission.
  • the tunnel transmission client module may utilize Secure Sockets Layer (SSL) encryption.
  • step S204 the data packets prepared for transmission encrypted by the tunnel transmission client module may be encapsulated in a predefined format.
  • step S204 may be executed by the following steps.
  • step S202 to step S204 correspond to the step S102 described with respect to Figure 1.
  • Step S205 may include, receiving by a user terminal, encrypted data packets prepared for transmission that are encapsulated with a predefined format where the packets were sent by the transmission device, for example, a server, by calling a tunnel transmission service module that corresponds to a tunnel transmission client module in the user terminal.
  • step S206 the tunnel transmission client module may be called for parsing the received data packets according to the predefined format and executing decryption processes to restore the data packets prepared for transmission.
  • steps S205 and S206 may be performed before or after any steps of the embodiments as long as the received encrypted data packets encapsulated within the predefined format were sent by the transmission device by calling the tunnel transmission service module that matches the tunnel transmission client module and then executing step S205 and step S206.
  • encrypted and encapsulated data packets prepared for transmission When encrypted and encapsulated data packets prepared for transmission are sent to a user terminal IP address in a return direction, they may be intercepted and processed according to the corresponding encryption algorithms and the predefined encapsulation format on the side of a transmission device, for example, by a server.
  • the encrypted and encapsulated return data packets may then be sent to the user terminal corresponding to the IP address in the data packets via an appropriate destination port.
  • the user terminal may receive the return packets, call a tunnel transmission module to parse and decrypt the data packets, and then transmit the data packets to a corresponding application in the terminal for processing.
  • the process of transmitting information including encrypting information that may be already prepared for transmission, utilizing the tunnel transmission client module and the tunnel transmission server module that match with each other, impedes malicious activity in WIFI hot spots and other routing devices handling information. In this manner, attempts to determine a user’s online behavior may be hindered or blocked.
  • This disclosure not only realizes transmission of the information, but also guards against monitoring of users’ Internet behavior, protects users’ privacy, and also secures the information.
  • Receiving the data in a terminal from a corresponding transmission device, for example, a server utilizing a corresponding tunnel server module also ensures that received data is not monitored and provides security for the received data.
  • FIG. 3 is a flowchart of an exemplary method for information transmission in accordance with an embodiment of the present disclosure.
  • the exemplary method of Figure 3 may be applied in a server, which may be referred to as a home terminal or a transmission device and may receive and send various types of information data.
  • the method may comprise the following steps.
  • Step S301 may include receiving by a home terminal, transmission data packets sent by a user terminal device utilizing a user terminal tunnel transmission module that may match or correspond to a tunnel transmission service module in the home terminal.
  • the received transmission data packets may be sent by the user terminal device after being processed by the tunnel transmission module in the user terminal device to encrypt and encapsulate the transmission data packets.
  • the user terminal device may comprise, for example, a smart phone, a tablet computer, a personal computer, a laptop, an intelligent wearable device and the like.
  • the transmission data packets may be may be referred to as data packets prepared for transmission.
  • the transmission data packets may comprise, for example, source IP address, target or destination IP address, a port identifier, protocol, an edited message and the like.
  • step S302 the transmission data packets may be parsed according to a predefined format and decrypted by calling the tunnel transmission service module, , restoring the data packets prepared for transmission.
  • step S303 the data packets prepared for transmission may be transmitted according to the destination address of the data packets prepared for transmission.
  • an interception process within a destination port may monitor the data packets received from the user terminal.
  • the process may call the tunnel transmission service module that matches the user terminal tunnel transmission module, which may parse and decrypt the received packets to restore the data packets prepared for transmission.
  • the data packets prepared for transmission may be transmitted according to the information within the data packets that may include, for example, the source IP address, the destination IP address, the port identification, protocol and/or other information.
  • Step S304 may include calling the tunnel service module in the home terminal that matches or corresponds to a terminal tunnel transmission module in a destination user terminal and encrypting and encapsulating in a predefined format, the received data packets prepared for transmission.
  • step S305 the encapsulated data packets may be transmitted to the user terminal comprising the terminal tunnel transmission module.
  • processing data packets prepared for transmission according to matching or corresponding encryption and/or decryption algorithms and matching or corresponding predefined encapsulation formats may include: a server side intercepting encrypted and encapsulated data packets prepared for transmission that were sent to a destination terminal of an IP address within the data packets prepared for transmission, restoring the data packets prepared for transmission, then sending the data packets prepared for transmission again encrypted and encapsulated by a tunnel transmission service module to the destination terminal of the IP address via a destination port.
  • the destination terminal may receive the packets and call a corresponding terminal tunnel transmission module to parse and decrypt the data packets and then transmit the data packets to an application for processing.
  • the process of the transmitting information prepared for transmission by encrypting the information prepared for transmission using the matching or corresponding terminal tunnel transmission module and tunnel transmission server module to complete transmission of the information to a destination terminal hinders or obstructs the use of WIFI hot spots and/or other routing devices for determining users’ online behavior.
  • This disclosure not only realizes the transmission of information but also hinders monitoring of users Internet behavior, protects user's privacy and secures the information.
  • Data received by transmission devices, such as a server may be processed by a corresponding tunnel transmission server module, which may ensure that the received data may not be monitored and may be secure.
  • FIG. 4 is a diagram of an exemplary system for information transmission in accordance with an embodiment of the present disclosure.
  • an exemplary information transmission system 400 may comprise a client module 450, a routing device 456, a transmission device 452 and a server 454. Also shown are a browser application 410, an email application 412, a redirect socket 414, a tunnel transmission module 416, a tunnel service module 420 a web server 422 and an email server 424.
  • the browser application 410 may comprise a software application that may be operable to provide a user interface for displaying web pages and may send and/or fetch information via the Internet or other networks based on user interaction in the user interface.
  • the browser application may be operable to produce or prepare data packets for transmission via a network to a destination device, which may be generated based on user interaction with remote devices or other web browser events.
  • the data packets prepared for transmission may comprise, for example, a source IP address, a destination IP address, a port identifier, a protocol in use and/or content of the message.
  • the content or body of a data packet may comprise information input, edited or selected by a user, for example, text, graphics and/or images, and/or information generated by the browser application.
  • the data packets may be transmitted utilizing Transmission Control Protocol (TCP) , however, the system is not limited in this regard.
  • TCP Transmission Control Protocol
  • the email application 412 may comprise any suitable email software that may be operable to send and receive messages edited by a user and/or may comprise other types of information such as graphics, images or attachments.
  • the email application may be operable to produce or prepare data packets for transmission of email message information via a network to one or more destination devices.
  • the data packets prepared for transmission may comprise, for example, a source address, a destination address, a port identifier, a protocol in use and/or content information.
  • the redirect socket 414 may comprise a local communication endpoint for communication between the email application and the tunnel transmission module or the browser application and the tunnel transmission module in the user terminal.
  • the tunnel transmission module 416 may comprise, for example, an HTTP tunnel client.
  • the tunnel transmission module 416 may be operable to receive the data packets prepared for transmission by the browser application 410 or email application 412 and encrypt the data packets prepared for transmission.
  • SSL encryption may be utilized, however, the system is not limited in this regard.
  • the tunnel transmission module 416 may also be operable to encapsulate or wrap the encrypted data packets prepared for transmission according to a defined format.
  • the client module 450 may transmit the encrypted and encapsulated data packets prepared for transmission processed by the tunnel transmission module 416, to the transmission device 452 on ports identified in the tunnel transmission module.
  • the tunnel transmission module 416 may be referred to as a tunnel transmission client module or terminal tunnel transmission module.
  • the routing device 440 may comprise any suitable one or more routing devices.
  • the routing device 440 may be communicatively coupled to facilitate communication between the client module 450 and the transmission device 452 in a communication network.
  • the routing device 440 may comprise a WiFi hot spot that may be connected to the client module 450, however, the system is not limited to any specific routing device and any suitable network routing device may be utilized. Although only one routing device 440 is shown in Figure 4, there may be a plurality of routing devices coupled between the user terminal 450 and the transmission 452.
  • the system 400 may comprise a transmission device 452 that may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to transmit and receive information, for example data packets, via a network.
  • the transmission device 452 may reside in a communications service provider network or third party network, for example, however, the system is not limited in this regard.
  • the transmission device 452 may comprise a software and/or hardware server, for example, a HTTP tunnel server, a backend server, a reverse proxy server or any other suitable device.
  • the system is not limited to any specific type of transmission device 452.
  • the transmission device 452 may comprise the tunnel transmission service module 420 that may be referred to as a tunnel transmission server module, for example.
  • the transmission device 452 may be operable to intercept and/or receive data packets sent by the client module 450, which are processed by the tunnel transmission module 416.
  • the tunnel transmission service module 420 may parse the data packets according to the defined format utilized by the tunnel transmission module 416 and may decrypt the data packets to restore or recover the data packets prepared for transmission by the browser application 410 or email application 412.
  • the transmission device 452 may transmit the data packets prepared for transmission to the server 454.
  • the transmission device 452 may communicate with the server 454 utilizing TCP connections, however, the system is not limited to any type of communication protocol.
  • the server 454 may comprise the web server 422 and/or email server 424, for example.
  • the web server 422 and/or email server 424 may be operable to receive the data packets prepared for transmission from the transmission device 452, process the data packets and forward them to a target destination via a network, based on the destination information in the data packets prepared for transmission.
  • the system 400 may be operable to perform the methods and apparatus described with respect to Figures 1 through 9.
  • the information transmission system 400 may include a user terminal comprising the client module 450 and the transmission device 452.
  • the client module 450 of the user terminal may obtain data packets prepared for transmission by the browser application 410 or email application 412, comprising information for transmitting the data packets to a destination device.
  • the client module 452 may call the tunnel transmission client module 416 and may redirect the data packets prepared for transmission to the tunnel transmission client module 416 that may encrypt the data packets prepared for transmission and may encapsulate the encrypted data packets prepared for the transmission in a predefined format.
  • the encrypted and encapsulated data packets prepared for transmission may be sent to the transmission device 452 that may be indicated by destination ports within the tunnel transmission client module 416, through the routing device 440.
  • the transmission device 452 may receive the encrypted and encapsulated data packets prepared for transmission, parse the data packets according to the predefined format by calling the tunnel transmission service module 420.
  • the tunnel transmission client module 416 of the user client module 450 may correspond to or match the tunnel transmission service module 420.
  • the tunnel transmission service module 420 may decrypt the data packets prepared for transmission thereby restoring the data packets for prepared for transmission and transmit the data packets according to the destination address of the data packet prepared for transmission.
  • FIG. 5 is an illustration of an exemplary information transmission system in accordance with an embodiment of the present disclosure.
  • an information transmission system 500 that includes a user terminal device 501, a server device 502 and a routing device 503.
  • the user terminal 501 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to transmit and receive information, for example data packets, via a network.
  • the user terminal 501 may be a smart phone, a tablet computer, a personal computer, a laptop, a smart wearable device or any other suitable user terminal device.
  • the user terminal 501 may comprise the client module 450 that may include the browser application 410, the email application 412, the redirect socket 414 and the tunnel transmission module 416 and may be operable to perform the methods described with respect to Figures 1-9.
  • the user terminal 501 may be communicatively coupled to the routing device 503 by a wireless, wireline or optical connection.
  • the user terminal 501 may be operable to produce or prepare data packets for transmission comprising information needed to send the data packets to a destination device, for example, another user terminal or a server.
  • the data packets prepared for transmission may be redirected to a tunnel transmission client module in the user terminal 501 that may encrypt and encapsulate the data packets prepared for transmission in a predefined format, as described with respect to Figures 1-9 and send the data packets to the server device 502, which may be indicated by the destination ports within the tunnel transmission client module.
  • the routing device 503 may be similar or substantially the same as the routing device 456 described with respect to Figure 4 and may be communicatively coupled to the user terminal 501 and the server 502 via one or more wireless, wired and/or optical networks. Although only one routing device 501 is shown in Figure 5, there may be a plurality of routing devices coupled between the user terminal 510 and the server device 502.
  • the server device 502 may be a server for forwarding information and may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to transmit and receive information, for example data packets, via a network.
  • the server device 502 may be referred to as a transmission device or home terminal and may be similar or substantially the same as the transmission device 452.
  • the server device 502 may comprise the tunnel transmission service module 420.
  • the server device 502 may comprise the server 454 including, for example, the web server 422 and/or email server 424.
  • the server 502 is illustrated as a single physical device, a plurality of physical devices may be utilized to perform the server functions and methods described herein.
  • the server 502 may be communicatively coupled to the user terminal 501 via the routing device 503 and one or more wireless, wireline and/or optical networks.
  • the server device 502 may be operable to receive and parse transmission data packets sent by the terminal tunnel transmission module in the user terminal 501, according to a predefined format by calling a tunnel service module in the server 502.
  • the user terminal 501 tunnel transmission module may match and/or correspond to the tunnel service module in the server device 502 as described with respect to Figures 1-9.
  • the server device 502 may be operable to decapsulate and decrypt the transmission data packets and restore the data packets prepared for transmission generated by the user terminal 501.
  • the server device 502 may be operable to transmit the data packets prepared for transmission according to the destination addresses of the data packets for transmission, to an application server and/or destination device.
  • the system 500 may be operable to perform the methods and may comprise the apparatus described with respect to Figures 1 through 9.
  • the user terminal 501 and the server device 502 may communicate via one or more routing devices 503 that may comprise one or more WIFI hot spots or other routing devices.
  • FIG. 6 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure.
  • an information transmission device 600 that may comprise the terminal device 501 of the system 500.
  • the information transmission device 600 may comprise a terminal device such as a smart phone, a tablet computer, a personal computer, a laptop, and a smart wearable device and any other suitable communication device.
  • the information transmission device 600 may comprise an obtaining module 11 that may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to obtain data packets prepared for transmission comprising the information needed to send the data packets to a destination device.
  • the information transmission device 600 may comprise a processing module 12 that may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to call a tunnel transmission client module for encrypting the data packets prepared for transmission, and encapsulating the encrypted data packets prepared for transmission in a predefined format.
  • a processing module 12 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to call a tunnel transmission client module for encrypting the data packets prepared for transmission, and encapsulating the encrypted data packets prepared for transmission in a predefined format.
  • the information transmission device 600 may comprise a transmitting module 13 that may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to send the encrypted and encapsulated data packets prepared for transmission to a transmission device that is indicated by destination ports within the tunnel transmission client module.
  • a transmitting module 13 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to send the encrypted and encapsulated data packets prepared for transmission to a transmission device that is indicated by destination ports within the tunnel transmission client module.
  • the transmission device indicated by the destination ports within the tunnel transmission module may receive the encrypted and encapsulated data packets prepared for transmission and restore the data packets prepared for transmission by calling a tunnel transmission service module that may match or correspond to a tunnel transmission module in the transmission device 600, The transmission device indicated by the destination ports within the tunnel transmission module may transmit the data packets for prepared for transmission that are obtained by restoring.
  • the data packets prepared for transmission received by the obtaining module 11 may be the data packets obtained when users utilize various applications in the information transmission device 600 terminal, for example, the data packets may be generated after a user edits information using an instant communication application or obtained by editing of email in an email application.
  • the corresponding transmission device may be a server transmission device that monitors the specified destination port for the data packets received from the information transmission device 600 terminal.
  • a process intercepts the received data packets within the destination port of the server transmission device and calls the set tunnel transmission service module that matches the tunnel transmission client module.
  • the tunnel transmission service module parses decrypts and restores the data packets prepared for transmission and sends the data packets prepared for transmission according to information within the data packets prepared for transmission that may include a source IP address, a target or destination IP address, the port identifier, a protocol used for communication or any other suitable information.
  • the information within the data packet prepared for transmission utilized for transmitting the packet to the destination IP address may comprise a five tuple.
  • FIG. 7 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure.
  • a transmission device 700 comprising the receiving module 11, the processing module 12 and the transmitting module 13 described with respect to Figure 6.
  • the device 700 comprises a receiving module 14.
  • the receiving module 14 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to receive encrypted and encapsulated data packets prepared for transmission sent by a transmission device and may call a tunnel transmission service module that matches a tunnel transmission client module in the transmission device that sent the received encrypted and encapsulated data packets prepared for transmission.
  • the processing module 12 may call the tunnel transmission service module for parsing received encapsulated and encrypted data packets prepared for transmission according to a predefined format, and then decrypting them to restore the data packets prepared for transmission. Moreover, in some systems the processing module 12 in the transmission device 700 may also function as it does in the transmission device 600 described with respect to Figure 6.
  • the data packets prepared for transmission may be processed according to corresponding encryption and decryption algorithms and a predefined format for encapsulation or decapsulation.
  • return data packets may be intercepted, decapsulated, decrypted and restored to data packets prepared for transmission and then sent to a terminal device corresponding to an IP address in the packets prepared for transmission after encrypting and encapsulating the data packet prepared for transmission.
  • the encrypted and encapsulated data packets prepared for transmission may be received by the terminal device corresponding to the IP address and a destination port in the data packet.
  • the terminal device may receive the encrypted data packets encapsulated with the predefined format that were transmitted by server side.
  • the terminal device may call the tunnel transmission module for parsing and decryption in the processing module 12 and transmit restored data packets to an appropriate application in the terminal device for processing.
  • FIG 8 is block diagram of an exemplary processing module in an information transmission device in accordance with an embodiment of the present disclosure.
  • the processing module 12 may comprise a redirection unit 121, a control unit 122, an encapsulation unit 123 and a selecting unit 124.
  • the redirection unit 121 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to redirect obtained data packets prepared for transmission to a tunnel transmission client module.
  • the control unit 122 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to control the tunnel transmission client module to encrypt the data packets prepared for transmission.
  • the encapsulation unit 123 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to encapsulate the encrypted data packets prepared for transmission in a predefined format.
  • the processing module 12 includes the selecting unit 124 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to select and determine destination ports from the ports defined in the tunnel transmission client module, according to destination addresses of the data packets prepared for transmission.
  • the encapsulation unit 123 may be utilized for encapsulating the determined destination ports and the data packets encrypted by the tunnel transmission client module according to the predefined format, in order to send the transmission data packets to the destination ports.
  • the redirection unit 121 may redirect obtained data packets prepared for transmission to a tunnel transmission client module.
  • the control unit 122 may control the tunnel transmission client module to encrypt the data packets prepared for transmission.
  • the encapsulation unit 123 may encapsulate the encrypted data packets prepared for transmission in a predefined format.
  • selecting unit 124 may select and determine destination ports from the ports defined in the tunnel transmission client module, according to destination addresses of the data packets prepared for transmission and the encapsulation unit 123 may encapsulate the determined destination ports and the data packets encrypted by the tunnel transmission client module according to the predefined format, in order to send the transmission data packets to the destination ports.
  • FIG 9 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure.
  • an information transmission device 900 may comprise a receiving module 21, a processing module 22 and a transmitting module 23.
  • the information transmission device 900 may be a server device and may be included in or comprise the server device 502.
  • the receiving module 21 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to receive encrypted and encapsulated data packets prepared for transmission that are sent by a terminal tunnel transmission module that matches a tunnel transmission service module in the information transmission device 900.
  • the processing module 22 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to parse the received data packets according to the predefined format by calling the tunnel service module in the information transmission device 900, and decrypt the data packets, restoring the data packets for prepared for transmission.
  • the transmitting module 23 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to transmit the data packets prepared for transmission according to a destination address of the data packets prepared for transmission.
  • the receiving module 21 may receive the encrypted and encapsulated data packets prepared for transmission that were sent by a terminal device after processing the data packets prepared for transmission in a tunnel transmission module.
  • the terminal may comprise, for example, a smart phone, a tablet computer, a personal computer, a laptop or and intelligent wearable devices, for example. Methods for processing of the data packets prepared for transmission in a tunnel transmission module in a terminal are described with respect to Figures 1 and 2 and corresponding apparatus are described with respect to Figures 5, 6, 7 and 8.
  • the processing module 22 may also call the tunnel transmission server module in the information transmission device 900 to encrypt the restored data packets prepared for transmission when transmitting the data packets to a terminal device that may include a corresponding tunnel transmission client module, and tunnel transmission server module may encapsulate the encrypted data packets prepared for transmission in the predefined format.
  • the transmitting module 23 may also transmit the encrypted and encapsulated data packets prepared for transmission to a terminal device, for example, the terminal device 501 that may comprise a corresponding or matching terminal tunnel transmission client module.
  • the processing module 22 may process data packets prepared for transmission according to the corresponding encryption and/or decryption algorithms and the encapsulation and/or decapsulation predefined format.
  • the transmitting module 23 may send the encrypted data packets to the corresponding addressed terminal and destination port, such that the terminal may call the tunnel transmission client module for parsing and decryption, and may transmit the packets to the appropriate application in the terminal device for processing.
  • the devices described herein may comprise a processor and memory.
  • the processor may comprise a single processor or multiple processors that may be disposed on a single chip, on multiple devices or distributed over more than one system.
  • the processors may be hardware that executes computer executable instructions or computer code embodied in the memory or in other memory to perform one or more features of the methods, devices and systems described herein.
  • the processor may include a general processor, a central processing unit, a graphics processing unit, an application specific integrated circuit (ASIC) , a digital signal processor, a field programmable gate array (FPGA) , a digital circuit, an analog circuit, a microcontroller, any other type of processor, or any combination thereof.
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array

Abstract

Data packets are prepared for transmission by a communication application, for example, an instant messaging or email application and comprise information utilized to transmit the packets. A first transmission device obtains the data packets that are prepared for transmission and calls a tunnel transmission client module in the first device that encrypts and encapsulates the data packets prepared for transmission. The encrypted and encapsulated data packets prepared for transmission are sent to a second transmission device that is identified by destination ports within the tunnel transmission client module, via a routing device. The second transmission device decrypts, decapsulates and restores the data packets prepared for transmission by calling a tunnel transmission service module that matches the tunnel transmission client module in the first transmission device. The second transmission device further transmits the restored data packets prepared for transmission. In this manner, traffic handled by the routing device may be secured.

Description

INFORMATION TRANSMISSION METHOD, DEVICE AND SYSTEM THEREOF FIELD OF THE INVENTION
The present disclosure relates to computer information and communication technology field, and more particularly to an information transmission method, a device and a system thereof.
BACKGROUND OF THE INVENTION
At present, with the continuous development of computer communication technology, information such as images, files, messages and various types of data may be transferred by communication networks, for example, the Internet and/or a service provider such as General Packet Radio Service (GPRS) , almost anytime and anywhere based on user demand.
In one example, a method of sending messages by instant messaging application may enable users to edit messages using a user interface provided by the instant messaging application. When a user sends a message, for example, by clicking a send button in an instant messaging user interface, data packets may be produced or prepared by the instant messaging application. Some communication applications may produce data packets prepared for transmission including, for example, a five tuple including a source IP address, a destination IP address, a port identifier and the edited message. Other communication applications may include other or different information in the data packets prepared for transmission. The data packets that are produced or prepared for transmission may be referred to as transmission data packets. The data packets may be sent to routing devices through a network card and/or other modules. The data packets may be sent to a target server via the routing devices, for example, an instant messaging server, and then on to end users through one or more routing devices, for example, WIFI hot spots, and/or other routing devices. In a similar manner, messages may be sent by email applications or web browsers via WIFI hot spots, and/or other routing devices. In some systems, a user device on a client side may send a message via one or more routing devices to a backend server on a server side. The backend server may provide a communication service and may forward the message to an appropriate server, for example, may forward email messages to an email server or instant messages to an instant messaging server. The appropriate server may then forward the messages to a destination device.
During the process of sending information or messages from a user terminal via a WIFI hot spot and/or other routing devices, illegal or malicious programs may be utilized to analyze the users’ transmission packets and/or monitor users’ online behavior, based on the  transmitted data packets. In this manner, sensitive information within the data packets may be intercepted in the routing devices. In this regard, existing information transmission methods may not protect a user’s online behavior, which may result in a loss to the user.
SUMMARY
Embodiments of the disclosure may include an information transmission method, device and/or system thereof that may provide improvements in effectively hiding a user's online behavior.
Embodiments of the present disclosure may provide an information transmission method comprising:
in a user terminal, obtaining data packets prepared for transmission comprising information to be sent to a destination device;
calling a tunnel transmission client module for encrypting the data packets prepared for transmission, and encapsulating the encrypted data packets prepared for transmission in a predefined format;
sending the data packets prepared for transmission that are encrypted and encapsulated, to a transmission device that is indicated by destination ports within the tunnel transmission client module, wherein the transmission device restores the data packets prepared for transmission by calling a tunnel transmission service module that corresponds to the tunnel transmission client module, and forwards the data packets prepared for transmission for transmission to the destination device.
Furthermore, embodiments of the present disclosure may provide an information transmission method comprising:
in a transmission device, receiving data packets prepared for transmission that are encrypted and encapsulated and sent by a tunnel transmission client module in a user terminal;
parsing the encrypted and encapsulated data packets prepared for transmission according to a predefined format by calling a tunnel transmission service module that corresponds to the tunnel transmission client module;
decrypting the data packets prepared for transmission;
restoring the data packets prepared for transmission; and
transmitting the data packets prepared for transmission according to a destination address of the data packets prepared for transmission.
Embodiments of the present disclosure may also provide an information transmission device comprising:
an obtaining module in a user terminal that may obtain data packets prepared for transmission comprising information to be sent to a destination device;
a processing module that may call a tunnel transmission client module that may encrypt the data packets prepared for transmission, and may encapsulate the encrypted data packets prepared for transmission in a predefined format;
a transmitting module that may send the data packets prepared for transmission that are encrypted and encapsulated to a transmission device that is indicated by destination ports within the tunnel transmission client module, wherein the transmission device may restore the data packets prepared for transmission by calling a tunnel transmission service module that may correspond to the tunnel transmission client module, and may transmit the data packets prepared for transmission obtained by restoration, to the destination device.
Embodiments of the present disclosure may also provide a corresponding information transmission device comprising:
a receiving module that may receive data packets prepared for transmission that may be encrypted and/or encapsulated in a predefined format and sent by a terminal tunnel client transmission module in a user terminal;
a processing module that may parse the encrypted and encapsulated data packets prepared for transmission, according to the predefined format, by calling a tunnel transmission service module that may correspond to the tunnel transmission client module in the user terminal, and may decrypt the data packets prepared for transmission, restoring the data packets prepared for transmission;
a transmitting module that may transmit the data packets prepared for transmission according to a destination addresses of the data packets prepared for transmission.
The embodiments of the present disclosure also provide an information transmission system that may include a user terminal and a transmission device, for example, a server, wherein:
the user terminal may:
obtain data packets prepared for transmission comprising information, to be sent to a destination device;
call a tunnel transmission client module that may:
encrypt the data packets prepared for transmission, and
encapsulate the encrypted data packets prepared for the transmission in a predefined format; and
send the encrypted and encapsulated data packets prepared for transmission to a server that may be indicated by destination ports within the tunnel transmission client module;
the server may:
receive the encrypted and encapsulated data packets prepared for transmission;
parse the encrypted and encapsulated data packets prepared for transmission, according to the predefined format by calling a tunnel transmission service module wherein the tunnel transmission client module of the user terminal corresponds to the tunnel transmission service module, and
decrypt the data packets prepared for transmission, restoring the data packets for prepared for transmission; and
transmit the data packets prepared for transmission according to the destination address of the data packet prepared for transmission.
Embodiments of the present disclosure may include the process of encrypting and encapsulating information or data packets that are already prepared for transmission using the tunnel transmission client module in the user terminal and the corresponding tunnel transmission server module in the server, to extend an information transmission process. In this manner, WIFI hot spots and other routing devices that may be connected to the user terminal and/or the server may not be used to determine a user’s online behavior. The method, apparatus and system of this disclosure may realize information transmission, guard against monitoring of user’s internet behavior, protect user's privacy, and secure the information being transmitted.
BRIEF DESCRIPTION OF THE DRAWINGS
The present disclosure may be better understood with reference to the following drawings and descriptions which include non-limiting and non-exhaustive embodiments of the disclosure. The drawings described hereinafter include only some embodiments related to the present disclosure. Other drawings may be determined by those skilled in the art based on these drawings, without creative effort.
Figure 1 is a flowchart of an exemplary method for information transmission in accordance with an embodiment of the present disclosure.
Figure 2 is a flowchart of an exemplary method for information transmission in a user terminal in accordance with an embodiment of the present disclosure.
Figure 3 is a flowchart of an exemplary method for information transmission in a server in accordance with an embodiment of the present disclosure.
Figure 4 is a diagram of an exemplary system for information transmission in accordance with an embodiment of the present disclosure.
Figure 5 is an illustration of an exemplary information transmission system in accordance with an embodiment of the present disclosure.
Figure 6 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure.
Figure 7 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure.
Figure 8 is block diagram of an exemplary processing module in an information transmission device in accordance with an embodiment of the present disclosure.
Figure 9 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure.
DETAILED DESCRIPTION
Several embodiments of the disclosure will be described in conjunction with the accompanying drawings. All other embodiments determined by those skilled in the art based on the embodiments of the present disclosure, without creative effort, will fall within the scope of protection of the present disclosure.
Figure 1 is a flowchart of an exemplary method for information transmission in accordance with an embodiment of the present disclosure. The method may be applied in various terminal devices, for example, smart phones, tablet computers, personal computers, laptops and intelligent wearable devices. The terminal devices may be referred to as a terminal or a user terminal, for example. A device may refer to an apparatus. In one embodiment, the method may include the following steps.
In step S101 data packets prepared for transmission comprising information to be sent to a destination device may be obtained in a terminal device, for example, a user terminal.
The data packets prepared for transmission may comprise data packets obtained as a result of the use of various applications in the terminal device, for example, communication applications. In one example, the data packets prepared for transmission may be generated by an instant messaging application when a user edits information using the instant messaging application. In another example, a user may edit an email message in an email application and the data packets prepared for transmission may be generated by the email application in the terminal device. Step S101 may be performed to obtain the data packets prepared for transmission before sending these data packets through network cards and/or other communications modules to WIFI hot spots and/or other routing devices and prior to performing step S102.
In step S102 a tunnel transmission client module may be called to encrypt the data packets prepared for transmission, and encapsulate the encrypted data packets in a predefined format. The tunnel transmission client module may be referred to as a tunnel transmission module or terminal tunnel transmission module, for example.
In step S103 the data packets may be sent to a transmission device, for example, a server such as a backend server, an instant messaging server or email server, which may be  indicated by destination ports identified within the tunnel transmission client module. The data packets prepared for transmission may be restored by the transmission device by calling a tunnel transmission service module that may match or correspond to the tunnel transmission client module in the terminal device. The tunnel transmission service module may be referred to as a tunnel transmission server module. The restored data packets prepared for transmission may be transmitted by the transmission device.
In some embodiments, the tunnel transmission module in the terminal device may encrypt and encapsulate the data packets prepared for transmission, and may send the encrypted and encapsulated data packets to a corresponding transmitting device by assigning a destination port for the corresponding transmitting device. A specified destination port corresponding to the transmission device for forwarding the encrypted and encapsulated data packets may be set or pre-set while assigning or configuring the destination port.
The transmission device may be a server. For example, in some systems, the transmission device may be a backend server or a server of a communications service provider or third party system. In some systems, the transmission device may comprise a backend server that forwards data packets to an email server or instant messaging server for transmission to a destination device, for example. The transmission device may monitor data packets received from the terminal device during a process of intercepting data packets within the destination port of the transmission device. A tunnel transmission service module that may match or correspond to the tunnel transmission client module, may parse, decrypt and restore the data packets prepared for transmission and send the data packets prepared for transmission according to information within the data packet prepared for transmission, for example, the five tuples including the source IP address, the target or destination IP, the port identification, protocol and/or other information in the data packet.
By transmitting encrypting and encapsulating the information that is prepared for transmission in the tunnel transmission client module and further using the corresponding tunnel transmission server module to parse, decrypt and complete transmission of the data packets, WIFI hot spots and/or other routing devices connected between the devices on the client side and the server side may not be able to determine a user’s online behavior. Embodiments of the present disclosure not only realize transmission of the information, but also guards against monitoring of users’ Internet behavior, protects user privacy, and ensures information security.
Figure 2 is a flowchart of an exemplary method for information transmission in accordance with an embodiment of the present disclosure. The exemplary method may be applied in various terminal devices, for example, user terminals such as smart phones, tablet computers, personal computers, laptops, intelligent wearable devices and the like. The method  may comprise the following steps.
In step S201 data packets may be obtained, which may be prepared for transmission and that may comprise information that needs to be sent.
The data packets prepared for transmission may be data packets obtained when users edit information using various applications in a user terminal. For example, the data packets prepared for transmission may be generated after a user edits information using an instant communication application or by editing email messages in an email application.
In step S202 the data packets prepared for transmission may be redirected to a tunnel transmission client module.
In this regard, after obtaining the data packets prepared for transmission, rather than sending the data packets prepared for transmission directly, the data packets may be sent to the tunnel transmission module by redirection. In one example, rather than transmitting the data packets prepared for transmission directly to a server via a WIFI hot spot and/or other routing devices, for further transmission to a destination or target device, the data packets prepared for transmission may be redirected within the source user terminal device, utilizing a Transmission Control Protocol (TCP) connection and a redirect socket, to a Hypertext Transfer Protocol (HTTP) tunnel client module in the user terminal.
In step S203 the tunnel transmission client module may be controlled to encrypt the data packets prepared for transmission. In one example, the tunnel transmission client module may utilize Secure Sockets Layer (SSL) encryption.
In step S204 the data packets prepared for transmission encrypted by the tunnel transmission client module may be encapsulated in a predefined format.
An encryption and/or decryption algorithm and the predefined data format configured for encapsulation in the tunnel transmission client module may correspond to or match an encryption and/or decryption algorithm and a data encapsulation format configured for use in a tunnel transmission service module of a server and/or other transmission devices. In this manner, parsing and decryption operations may be performed on the data packets prepared for transmission by the server and/or other transmission devices. For example, the encryption and/or decryption algorithm and data encapsulation format may be configured for use in a tunnel transmission service module utilized in a backend server of a service provider system, a backend server in a third party system, an instant messaging server, an email server and the like.
In some embodiments, step S204 may be executed by the following steps.
Destination ports may be selected and/or determined from ports set in the tunnel transmission client module according to destination addresses in the data packets prepared for transmission. Encapsulation may be performed using the determined destination ports and the  data packets prepared for transmission encrypted by the tunnel transmission client module according to the predefined format in order to send the data packets prepared for transmission to the destination ports.
The steps S202 to step S204 correspond to the step S102 described with respect to Figure 1.
Step S205 may include, receiving by a user terminal, encrypted data packets prepared for transmission that are encapsulated with a predefined format where the packets were sent by the transmission device, for example, a server, by calling a tunnel transmission service module that corresponds to a tunnel transmission client module in the user terminal.
In step S206 the tunnel transmission client module may be called for parsing the received data packets according to the predefined format and executing decryption processes to restore the data packets prepared for transmission.
It should be noted that steps S205 and S206 may be performed before or after any steps of the embodiments as long as the received encrypted data packets encapsulated within the predefined format were sent by the transmission device by calling the tunnel transmission service module that matches the tunnel transmission client module and then executing step S205 and step S206.
When encrypted and encapsulated data packets prepared for transmission are sent to a user terminal IP address in a return direction, they may be intercepted and processed according to the corresponding encryption algorithms and the predefined encapsulation format on the side of a transmission device, for example, by a server. The encrypted and encapsulated return data packets may then be sent to the user terminal corresponding to the IP address in the data packets via an appropriate destination port. The user terminal may receive the return packets, call a tunnel transmission module to parse and decrypt the data packets, and then transmit the data packets to a corresponding application in the terminal for processing.
In accordance with embodiments of disclosure, the process of transmitting information including encrypting information that may be already prepared for transmission, utilizing the tunnel transmission client module and the tunnel transmission server module that match with each other, impedes malicious activity in WIFI hot spots and other routing devices handling information. In this manner, attempts to determine a user’s online behavior may be hindered or blocked. This disclosure not only realizes transmission of the information, but also guards against monitoring of users’ Internet behavior, protects users’ privacy, and also secures the information. Receiving the data in a terminal from a corresponding transmission device, for example, a server utilizing a corresponding tunnel server module, also ensures that received data is not monitored and provides security for the received data.
Figure 3 is a flowchart of an exemplary method for information transmission in accordance with an embodiment of the present disclosure. The exemplary method of Figure 3 may be applied in a server, which may be referred to as a home terminal or a transmission device and may receive and send various types of information data. The method may comprise the following steps.
Step S301 may include receiving by a home terminal, transmission data packets sent by a user terminal device utilizing a user terminal tunnel transmission module that may match or correspond to a tunnel transmission service module in the home terminal.
The received transmission data packets may be sent by the user terminal device after being processed by the tunnel transmission module in the user terminal device to encrypt and encapsulate the transmission data packets. The user terminal device may comprise, for example, a smart phone, a tablet computer, a personal computer, a laptop, an intelligent wearable device and the like. The transmission data packets may be may be referred to as data packets prepared for transmission. The transmission data packets may comprise, for example, source IP address, target or destination IP address, a port identifier, protocol, an edited message and the like.
Various methods for processing and sending transmission data packets utilizing a tunnel transmission module are described with respect to Figures 1 and 2 and may not be repeated here.
In step S302 the transmission data packets may be parsed according to a predefined format and decrypted by calling the tunnel transmission service module, , restoring the data packets prepared for transmission.
In step S303 the data packets prepared for transmission may be transmitted according to the destination address of the data packets prepared for transmission.
In operation, an interception process within a destination port may monitor the data packets received from the user terminal. The process may call the tunnel transmission service module that matches the user terminal tunnel transmission module, which may parse and decrypt the received packets to restore the data packets prepared for transmission. The data packets prepared for transmission may be transmitted according to the information within the data packets that may include, for example, the source IP address, the destination IP address, the port identification, protocol and/or other information.
Step S304 may include calling the tunnel service module in the home terminal that matches or corresponds to a terminal tunnel transmission module in a destination user terminal and encrypting and encapsulating in a predefined format, the received data packets prepared for transmission.
In step S305 the encapsulated data packets may be transmitted to the user terminal comprising the terminal tunnel transmission module.
In operation, processing data packets prepared for transmission according to matching or corresponding encryption and/or decryption algorithms and matching or corresponding predefined encapsulation formats may include: a server side intercepting encrypted and encapsulated data packets prepared for transmission that were sent to a destination terminal of an IP address within the data packets prepared for transmission, restoring the data packets prepared for transmission, then sending the data packets prepared for transmission again encrypted and encapsulated by a tunnel transmission service module to the destination terminal of the IP address via a destination port. The destination terminal may receive the packets and call a corresponding terminal tunnel transmission module to parse and decrypt the data packets and then transmit the data packets to an application for processing.
The process of the transmitting information prepared for transmission by encrypting the information prepared for transmission using the matching or corresponding terminal tunnel transmission module and tunnel transmission server module to complete transmission of the information to a destination terminal, hinders or obstructs the use of WIFI hot spots and/or other routing devices for determining users’ online behavior. This disclosure not only realizes the transmission of information but also hinders monitoring of users Internet behavior, protects user's privacy and secures the information. Data received by transmission devices, such as a server may be processed by a corresponding tunnel transmission server module, which may ensure that the received data may not be monitored and may be secure.
Figure 4 is a diagram of an exemplary system for information transmission in accordance with an embodiment of the present disclosure. Referring to Figure 4, there is shown an exemplary information transmission system 400 that may comprise a client module 450, a routing device 456, a transmission device 452 and a server 454. Also shown are a browser application 410, an email application 412, a redirect socket 414, a tunnel transmission module 416, a tunnel service module 420 a web server 422 and an email server 424.
The system 400 may comprise a client module 450 that may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to transmit and receive information, for example, data packets via a network. In some systems, the client module 450 may comprise software and/or hardware in a user terminal, for example, a smart phone, tablet computer, personal computer, laptop, smart wearable devices and any other suitable terminal. The client module 450 may comprise the browser application 410, the email application 412, the redirect socket 414 and the tunnel transmission module 416.
The browser application 410 may comprise a software application that may be  operable to provide a user interface for displaying web pages and may send and/or fetch information via the Internet or other networks based on user interaction in the user interface. The browser application may be operable to produce or prepare data packets for transmission via a network to a destination device, which may be generated based on user interaction with remote devices or other web browser events. The data packets prepared for transmission may comprise, for example, a source IP address, a destination IP address, a port identifier, a protocol in use and/or content of the message. The content or body of a data packet may comprise information input, edited or selected by a user, for example, text, graphics and/or images, and/or information generated by the browser application. In some systems, the data packets may be transmitted utilizing Transmission Control Protocol (TCP) , however, the system is not limited in this regard.
The email application 412 may comprise any suitable email software that may be operable to send and receive messages edited by a user and/or may comprise other types of information such as graphics, images or attachments. The email application may be operable to produce or prepare data packets for transmission of email message information via a network to one or more destination devices. The data packets prepared for transmission may comprise, for example, a source address, a destination address, a port identifier, a protocol in use and/or content information.
The redirect socket 414 may comprise a local communication endpoint for communication between the email application and the tunnel transmission module or the browser application and the tunnel transmission module in the user terminal.
The tunnel transmission module 416 may comprise, for example, an HTTP tunnel client. The tunnel transmission module 416 may be operable to receive the data packets prepared for transmission by the browser application 410 or email application 412 and encrypt the data packets prepared for transmission. In some systems, SSL encryption may be utilized, however, the system is not limited in this regard. The tunnel transmission module 416 may also be operable to encapsulate or wrap the encrypted data packets prepared for transmission according to a defined format. The client module 450 may transmit the encrypted and encapsulated data packets prepared for transmission processed by the tunnel transmission module 416, to the transmission device 452 on ports identified in the tunnel transmission module. The tunnel transmission module 416 may be referred to as a tunnel transmission client module or terminal tunnel transmission module.
The routing device 440 may comprise any suitable one or more routing devices. The routing device 440 may be communicatively coupled to facilitate communication between the client module 450 and the transmission device 452 in a communication network. In some  systems, the routing device 440 may comprise a WiFi hot spot that may be connected to the client module 450, however, the system is not limited to any specific routing device and any suitable network routing device may be utilized. Although only one routing device 440 is shown in Figure 4, there may be a plurality of routing devices coupled between the user terminal 450 and the transmission 452.
The system 400 may comprise a transmission device 452 that may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to transmit and receive information, for example data packets, via a network. The transmission device 452 may reside in a communications service provider network or third party network, for example, however, the system is not limited in this regard. In some systems, the transmission device 452 may comprise a software and/or hardware server, for example, a HTTP tunnel server, a backend server, a reverse proxy server or any other suitable device. However, the system is not limited to any specific type of transmission device 452.
The transmission device 452 may comprise the tunnel transmission service module 420 that may be referred to as a tunnel transmission server module, for example. The transmission device 452 may be operable to intercept and/or receive data packets sent by the client module 450, which are processed by the tunnel transmission module 416. The tunnel transmission service module 420 may parse the data packets according to the defined format utilized by the tunnel transmission module 416 and may decrypt the data packets to restore or recover the data packets prepared for transmission by the browser application 410 or email application 412. The transmission device 452 may transmit the data packets prepared for transmission to the server 454. In some systems, the transmission device 452 may communicate with the server 454 utilizing TCP connections, however, the system is not limited to any type of communication protocol.
The server 454 may comprise the web server 422 and/or email server 424, for example. The web server 422 and/or email server 424 may be operable to receive the data packets prepared for transmission from the transmission device 452, process the data packets and forward them to a target destination via a network, based on the destination information in the data packets prepared for transmission.
In operation, the system 400 may be operable to perform the methods and apparatus described with respect to Figures 1 through 9. The information transmission system 400 may include a user terminal comprising the client module 450 and the transmission device 452. The client module 450 of the user terminal may obtain data packets prepared for transmission by the browser application 410 or email application 412, comprising information for transmitting the data packets to a destination device. The client module 452 may call the  tunnel transmission client module 416 and may redirect the data packets prepared for transmission to the tunnel transmission client module 416 that may encrypt the data packets prepared for transmission and may encapsulate the encrypted data packets prepared for the transmission in a predefined format. The encrypted and encapsulated data packets prepared for transmission may be sent to the transmission device 452 that may be indicated by destination ports within the tunnel transmission client module 416, through the routing device 440. The transmission device 452 may receive the encrypted and encapsulated data packets prepared for transmission, parse the data packets according to the predefined format by calling the tunnel transmission service module 420. In this regard, the tunnel transmission client module 416 of the user client module 450 may correspond to or match the tunnel transmission service module 420. The tunnel transmission service module 420 may decrypt the data packets prepared for transmission thereby restoring the data packets for prepared for transmission and transmit the data packets according to the destination address of the data packet prepared for transmission.
The information transmission system and the device of the embodiments of the present disclosure will be described in more detail below.
Figure 5 is an illustration of an exemplary information transmission system in accordance with an embodiment of the present disclosure. Referring to Figure 5, there is shown an information transmission system 500 that includes a user terminal device 501, a server device 502 and a routing device 503.
The user terminal 501 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to transmit and receive information, for example data packets, via a network. For example, the user terminal 501 may be a smart phone, a tablet computer, a personal computer, a laptop, a smart wearable device or any other suitable user terminal device. The user terminal 501 may comprise the client module 450 that may include the browser application 410, the email application 412, the redirect socket 414 and the tunnel transmission module 416 and may be operable to perform the methods described with respect to Figures 1-9. The user terminal 501 may be communicatively coupled to the routing device 503 by a wireless, wireline or optical connection.
The user terminal 501 may be operable to produce or prepare data packets for transmission comprising information needed to send the data packets to a destination device, for example, another user terminal or a server. The data packets prepared for transmission may be redirected to a tunnel transmission client module in the user terminal 501 that may encrypt and encapsulate the data packets prepared for transmission in a predefined format, as described with respect to Figures 1-9 and send the data packets to the server device 502, which may be indicated by the destination ports within the tunnel transmission client module.
The routing device 503 may be similar or substantially the same as the routing device 456 described with respect to Figure 4 and may be communicatively coupled to the user terminal 501 and the server 502 via one or more wireless, wired and/or optical networks. Although only one routing device 501 is shown in Figure 5, there may be a plurality of routing devices coupled between the user terminal 510 and the server device 502.
The server device 502 may be a server for forwarding information and may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to transmit and receive information, for example data packets, via a network. The server device 502 may be referred to as a transmission device or home terminal and may be similar or substantially the same as the transmission device 452. The server device 502 may comprise the tunnel transmission service module 420. Moreover, the server device 502 may comprise the server 454 including, for example, the web server 422 and/or email server 424. Although the server 502 is illustrated as a single physical device, a plurality of physical devices may be utilized to perform the server functions and methods described herein. The server 502 may be communicatively coupled to the user terminal 501 via the routing device 503 and one or more wireless, wireline and/or optical networks.
The server device 502, may be operable to receive and parse transmission data packets sent by the terminal tunnel transmission module in the user terminal 501, according to a predefined format by calling a tunnel service module in the server 502. The user terminal 501 tunnel transmission module may match and/or correspond to the tunnel service module in the server device 502 as described with respect to Figures 1-9. The server device 502 may be operable to decapsulate and decrypt the transmission data packets and restore the data packets prepared for transmission generated by the user terminal 501. The server device 502 may be operable to transmit the data packets prepared for transmission according to the destination addresses of the data packets for transmission, to an application server and/or destination device.
In operation, the system 500 may be operable to perform the methods and may comprise the apparatus described with respect to Figures 1 through 9. The user terminal 501 and the server device 502 may communicate via one or more routing devices 503 that may comprise one or more WIFI hot spots or other routing devices.
Figure 6 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure. Referring to Figure 6, there is shown an information transmission device 600 that may comprise the terminal device 501 of the system 500. For example, the information transmission device 600 may comprise a terminal device such as a smart phone, a tablet computer, a personal computer, a laptop, and a smart wearable device and any other suitable communication device.
The information transmission device 600 may comprise an obtaining module 11 that may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to obtain data packets prepared for transmission comprising the information needed to send the data packets to a destination device.
The information transmission device 600 may comprise a processing module 12 that may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to call a tunnel transmission client module for encrypting the data packets prepared for transmission, and encapsulating the encrypted data packets prepared for transmission in a predefined format.
The information transmission device 600 may comprise a transmitting module 13 that may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to send the encrypted and encapsulated data packets prepared for transmission to a transmission device that is indicated by destination ports within the tunnel transmission client module.
The transmission device indicated by the destination ports within the tunnel transmission module may receive the encrypted and encapsulated data packets prepared for transmission and restore the data packets prepared for transmission by calling a tunnel transmission service module that may match or correspond to a tunnel transmission module in the transmission device 600, The transmission device indicated by the destination ports within the tunnel transmission module may transmit the data packets for prepared for transmission that are obtained by restoring.
The data packets prepared for transmission received by the obtaining module 11 may be the data packets obtained when users utilize various applications in the information transmission device 600 terminal, for example, the data packets may be generated after a user edits information using an instant communication application or obtained by editing of email in an email application.
In some embodiments the tunnel transmission module called by the processing module 12 may encrypt and encapsulate the data packets prepared for transmission and send the encrypted and encapsulated data packets to a corresponding transmission device and assigned destination port. The specified destination port corresponding to the transmission device utilized for forwarding the data packets, may be assigned or set in the tunnel transmission module similarly to setting or assigning a destination port for the communication applications that generate the data packets.
The corresponding transmission device may be a server transmission device that monitors the specified destination port for the data packets received from the information  transmission device 600 terminal. A process intercepts the received data packets within the destination port of the server transmission device and calls the set tunnel transmission service module that matches the tunnel transmission client module. The tunnel transmission service module parses decrypts and restores the data packets prepared for transmission and sends the data packets prepared for transmission according to information within the data packets prepared for transmission that may include a source IP address, a target or destination IP address, the port identifier, a protocol used for communication or any other suitable information. In some systems, the information within the data packet prepared for transmission utilized for transmitting the packet to the destination IP address may comprise a five tuple.
Figure 7 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure. Referring to Figure 7, there is shown a transmission device 700 comprising the receiving module 11, the processing module 12 and the transmitting module 13 described with respect to Figure 6. In addition, the device 700 comprises a receiving module 14.
The receiving module 14 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to receive encrypted and encapsulated data packets prepared for transmission sent by a transmission device and may call a tunnel transmission service module that matches a tunnel transmission client module in the transmission device that sent the received encrypted and encapsulated data packets prepared for transmission.
The processing module 12 may call the tunnel transmission service module for parsing received encapsulated and encrypted data packets prepared for transmission according to a predefined format, and then decrypting them to restore the data packets prepared for transmission. Moreover, in some systems the processing module 12 in the transmission device 700 may also function as it does in the transmission device 600 described with respect to Figure 6. The data packets prepared for transmission may be processed according to corresponding encryption and decryption algorithms and a predefined format for encapsulation or decapsulation. On the server side, return data packets may be intercepted, decapsulated, decrypted and restored to data packets prepared for transmission and then sent to a terminal device corresponding to an IP address in the packets prepared for transmission after encrypting and encapsulating the data packet prepared for transmission. The encrypted and encapsulated data packets prepared for transmission may be received by the terminal device corresponding to the IP address and a destination port in the data packet. The terminal device may receive the encrypted data packets encapsulated with the predefined format that were transmitted by server side. The terminal device may call the tunnel transmission module for parsing and decryption in the processing module 12 and transmit restored data packets to an appropriate application in  the terminal device for processing.
Figure 8 is block diagram of an exemplary processing module in an information transmission device in accordance with an embodiment of the present disclosure. Referring to Figure 8, there is shown the processing module 12 that may comprise a redirection unit 121, a control unit 122, an encapsulation unit 123 and a selecting unit 124.
The redirection unit 121 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to redirect obtained data packets prepared for transmission to a tunnel transmission client module.
The control unit 122 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to control the tunnel transmission client module to encrypt the data packets prepared for transmission.
The encapsulation unit 123 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to encapsulate the encrypted data packets prepared for transmission in a predefined format.
In some systems, the processing module 12 includes the selecting unit 124 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to select and determine destination ports from the ports defined in the tunnel transmission client module, according to destination addresses of the data packets prepared for transmission.
The encapsulation unit 123 may be utilized for encapsulating the determined destination ports and the data packets encrypted by the tunnel transmission client module according to the predefined format, in order to send the transmission data packets to the destination ports.
In operation, in module 12, the redirection unit 121 may redirect obtained data packets prepared for transmission to a tunnel transmission client module. The control unit 122 may control the tunnel transmission client module to encrypt the data packets prepared for transmission. The encapsulation unit 123 may encapsulate the encrypted data packets prepared for transmission in a predefined format. In some systems, selecting unit 124 may select and determine destination ports from the ports defined in the tunnel transmission client module, according to destination addresses of the data packets prepared for transmission and the encapsulation unit 123 may encapsulate the determined destination ports and the data packets encrypted by the tunnel transmission client module according to the predefined format, in order to send the transmission data packets to the destination ports. A tunnel server module that may match with the tunnel transmission client module may be utilized to complete or further transmission of the data packets prepared for transmission. In this manner, WIFI hot spots and other routing devices, for example, the  routing devices  440 or 503 may not be able to determine  a user’s online behavior. Furthermore, not only is the transmission of information realized, but Internet behavior of users may be guarded against monitoring, user's privacy may be protected, and information security may be accomplished. The received data may also be obtained in corresponding transmission devices, such as a server device for setting or controlling the tunnel transmission server module, which may also ensure that received data may not be monitored and may accomplish the security of the received data.
Figure 9 is a block diagram of an exemplary information transmission device in accordance with an embodiment of the present disclosure. Referring to Figure 9 there is shown an information transmission device 900 that may comprise a receiving module 21, a processing module 22 and a transmitting module 23. The information transmission device 900 may be a server device and may be included in or comprise the server device 502.
The receiving module 21 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to receive encrypted and encapsulated data packets prepared for transmission that are sent by a terminal tunnel transmission module that matches a tunnel transmission service module in the information transmission device 900.
The processing module 22 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to parse the received data packets according to the predefined format by calling the tunnel service module in the information transmission device 900, and decrypt the data packets, restoring the data packets for prepared for transmission.
The transmitting module 23 may comprise any suitable circuitry, hardware processors, logic and/or code that may be operable to transmit the data packets prepared for transmission according to a destination address of the data packets prepared for transmission.
The receiving module 21 may receive the encrypted and encapsulated data packets prepared for transmission that were sent by a terminal device after processing the data packets prepared for transmission in a tunnel transmission module. The terminal may comprise, for example, a smart phone, a tablet computer, a personal computer, a laptop or and intelligent wearable devices, for example. Methods for processing of the data packets prepared for transmission in a tunnel transmission module in a terminal are described with respect to Figures 1 and 2 and corresponding apparatus are described with respect to Figures 5, 6, 7 and 8.
The processing module 22, may also call the tunnel transmission server module in the information transmission device 900 to encrypt the restored data packets prepared for transmission when transmitting the data packets to a terminal device that may include a corresponding tunnel transmission client module, and tunnel transmission server module may encapsulate the encrypted data packets prepared for transmission in the predefined format.
The transmitting module 23 may also transmit the encrypted and encapsulated data packets prepared for transmission to a terminal device, for example, the terminal device 501 that may comprise a corresponding or matching terminal tunnel transmission client module.
The processing module 22 may process data packets prepared for transmission according to the corresponding encryption and/or decryption algorithms and the encapsulation and/or decapsulation predefined format. When return data packets are sent to the terminal device corresponding to an IP address in the data packets, the return data packets are intercepted, then the transmitting module 23 may send the encrypted data packets to the corresponding addressed terminal and destination port, such that the terminal may call the tunnel transmission client module for parsing and decryption, and may transmit the packets to the appropriate application in the terminal device for processing.
Persons of ordinary skill in the art should understand that all or a part of the steps and methods described in the above embodiments may be implemented in a device by hardware and/or circuitry, or may be implemented by a program instructing relevant hardware such as one or more processors or firmware, the program may be stored in a computer readable storage medium, and the storage medium may be a read only memory (ROM) , a magnetic disk, an optical disc, a random access memory (RAM) and/or any other suitable storage medium.
The devices described herein may comprise a processor and memory. The processor may comprise a single processor or multiple processors that may be disposed on a single chip, on multiple devices or distributed over more than one system. The processors may be hardware that executes computer executable instructions or computer code embodied in the memory or in other memory to perform one or more features of the methods, devices and systems described herein. The processor may include a general processor, a central processing unit, a graphics processing unit, an application specific integrated circuit (ASIC) , a digital signal processor, a field programmable gate array (FPGA) , a digital circuit, an analog circuit, a microcontroller, any other type of processor, or any combination thereof.
The above comprises exemplary embodiments that include preferred embodiments of the present disclosure, and are not intended to make any formal limitations to the present disclosure. Any person skilled in the art may make some variations or modifications by using the technical content disclosed herein as equivalent embodiments with equivalent changes without departing from the scope of the technical solution of the present disclosure. However, any simple alterations, equivalent changes and modifications made to the embodiments according to the technical essence of the present disclosure without departing from the content of the technical solution of the present disclosure should still fall within the scope of the technical solution of the present disclosure.

Claims (21)

  1. A method for information transmission, the method comprising:
    in a transmission device:
    obtaining data packets prepared for transmission that comprise information utilized for transmitting the data packets;
    calling a tunnel transmission client module for encrypting and encapsulating the data packets prepared for transmission, wherein the tunnel transmission client module:
    encrypts the data packets prepared for transmission;
    encapsulates the encrypted data packets prepared for transmission in a predefined format; and
    sends the encrypted and encapsulated data packets prepared for transmission to asecond transmission device that is indicated by destination ports identified within the tunnel transmission client module, wherein the data packets prepared for transmission are restored by the second transmission device, by calling a tunnel transmission service module that matches the tunnel transmission client module, and then are transmitted by the second transmission device.
  2. The method according to claim 1, wherein calling the tunnel transmission client module for encrypting and encapsulating the data packets prepared for transmission further comprises:
    redirecting the obtained data packets prepared for transmission to the tunnel transmission client module;
    controlling the tunnel transmission client module to encrypt the data packets prepared for transmission; and
    encapsulating the data packets prepared for transmission that are encrypted by the tunnel transmission module to generate a transmission packet in the predefined format.
  3. The method according to claim 2, wherein encapsulating the data packets that are encrypted by the tunnel transmission module to generate the transmission packet in the predefined format further comprises:
    selecting and determining destination ports from ports identified in the tunnel transmission client module, according to a destination address of the data packets prepared for transmission;
    encapsulating the determined destination ports and the encrypted data packets prepared for transmission, by the tunnel transmission client module to generate the transmission data  packets with predefined format;
    sending the encrypted and encapsulated data packets prepared for transmission to the destination ports.
  4. The method according to claim 1, wherein the transmission device comprises a smart phone, a tablet computer, a personal computer, a laptop, an intelligent wearable device or another user terminal device.
  5. The method according to claim 1, wherein the data packets prepared for transmission are generated by an instant messaging application, an email application or another communication application that generates data packets prepared for transmission.
  6. The method according to claim 1, wherein the information utilized for transmitting the data packets in the data packets prepared for transmission includes one or more of:
    a source address,
    a destination address,
    a port identifier,
    a protocol in use.
  7. The method according to claim 3, wherein the second transmission device:
    receives the encrypted and encapsulated data packets prepared for transmission sent by the tunnel transmission client module that matches the tunnel transmission service module in the second transmission device;
    calls the tunnel transmission service module that:
    parses the encrypted and encapsulated data packets prepared for transmission according to the predefined;
    decrypts the data packets prepared for transmission, restoring the data packets prepared for transmission; and
    transmits the data packets prepared for transmission according to a destination addresses in the data packets prepared for transmission.
  8. The method according to claim 7 wherein the second transmission device transmits the data packets prepared for transmission according to the destination address, to an instant messaging server, an email server or another communication application server.
  9. The method according to claim 7, wherein the second transmission device:
    obtains data packets prepared for transmission to a terminal device;
    calls a tunnel service module in the second transmission device that matches a tunnel transmission client module in the terminal device, wherein the tunnel transmission service module:
    encrypts the data packets prepared for transmission;
    encapsulates the encrypted data packets prepared for transmission in a predefined format; and
    transmits the encrypted and encapsulated data packets prepared for transmission to the user terminal that comprises the tunnel transmission client module in the terminal device.
  10. The method according to claim 7, wherein the second transmission device comprises a server device that sends encrypted and encapsulated data packets prepared for transmission to a terminal device via a routing device, or receives encrypted and encapsulated data packets prepared for transmission from a terminal device via a routing device.
  11. A device for information transmission, the device comprising one or more hardware processors and/or circuits that are operable to:
    in an obtaining module, obtain data packets prepared for transmission that comprise information utilized for transmitting the data packets;
    in a processing module, call a tunnel transmission client module for encrypting and encapsulating the data packets prepared for transmission, wherein the tunnel transmission client module:
    encrypts the data packets prepared for transmission;
    encapsulates the encrypted data packets prepared for transmission in a predefined format; and
    in a transmitting module, send the encrypted and encapsulated data packets prepared for transmission to second transmission device that is indicated by destination ports identified within the tunnel transmission client module, wherein the data packets prepared for transmission are restored by the second transmission device, by calling a tunnel transmission service module that matches the tunnel transmission client module, and are transmitted by the second transmission device.
  12. The device according to claim 11, wherein the one or more hardware processors and/or circuits are operable to:
    in a redirection unit, redirect the obtained data packets prepared for transmission to the tunnel transmission client module;
    in a control unit, control the tunnel transmission client module to encrypt the data packets prepared for transmission;
    in an encapsulation unit, encapsulate the data packets prepared for transmission that are encrypted by the tunnel transmission client module to generate a transmission packet in the predefined format.
  13. The device according to claim 12, wherein the one or more hardware processors and/or circuits are operable to:
    in a selecting unit, select and determine destination ports from ports identified in the tunnel transmission client module, according to a destination address of the data packets prepared for transmission;
    in the encapsulation unit, encapsulate the determined destination ports and the encrypted data packets prepared for transmission, to generate the transmission data packets with predefined format, and send the encrypted and encapsulated data packets prepared for transmission to the destination ports.
  14. The device according to claim 11, wherein the one or more hardware processors and/or circuits comprise a smart phone, a tablet computer, a personal computer, a laptop, an intelligent wearable device or another user terminal device.
  15. The device according to claim 11, wherein the data packets prepared for transmission are generated by an instant messaging application, an email application or another communication application that generates data packets prepared for transmission.
  16. The method according to claim 11, wherein the information utilized for transmitting the data packets in the data packets prepared for transmission includes one or more of:
    a source address,
    a destination address,
    a port identifier,
    a protocol in use.
  17. The device according to claim 13, wherein the second transmission device comprises one or more hardware processors and/or circuits are operable to:
    in a receiving module, receive the encrypted and encapsulated data packets prepared for transmission sent by the tunnel transmission client module that matches the tunnel transmission service module in the second transmission device;
    in a processing module, parse the encrypted and encapsulated data packets prepared for transmission according to the predefined format by calling the tunnel transmission service module, and decrypt the data packets prepared for transmission, restoring the data packets prepared for transmission; and
    in a transmitting module, transmit the data packets prepared for transmission according to a destination addresses in the data packets prepared for transmission.
  18. The device according to claim 17 wherein the second transmission device transmits the data packets prepared for transmission according to the destination address in the data packets prepared for transmission to an instant messaging server, an email server or another communication application server.
  19. The device according to claim 17, wherein the second transmission device comprises one or more hardware processors and/or circuits are operable to:
    obtain data packets that are prepared for transmission to a terminal device;
    in a processing module, call a tunnel transmission service module in the other transmission device that matches a tunnel transmission client module in the terminal device, wherein the tunnel transmission service module:
    encrypts data packets prepared for transmission;
    encapsulates the encrypted data packets prepared for transmission in a predefined format; and
    in a transmitting module, transmit the encrypted and encapsulated data packets prepared for transmission to the user terminal that comprises the tunnel transmission client module in the terminal device.
  20. The device according to claim 17, wherein the second transmission device comprises a server device that sends encrypted and encapsulated data packets prepared for transmission to a terminal device via a routing device, or receives encrypted and encapsulated data packets prepared for transmission from a terminal device via a routing device.
  21. A system for information transmission that comprises a user terminal device and a server device wherein:
    the user terminal device comprises one or more hardware processors and/or circuits are operable to:
    obtain data packets prepared for transmission that comprise information utilized for transmitting the data packets;
    call a tunnel transmission client module in the user terminal device that corresponds to a tunnel transmission service module in the server device, wherein the tunnel transmission client module is operable to:
    encrypt the data packets prepared for transmission;
    encapsulate the encrypted data packets prepared for transmission in a predefined format; and
    send the encrypted and encapsulated data packets prepared for transmission to the server device, which is indicated by destination ports identified within the tunnel transmission client module; and
    the server device comprises one or more hardware processors and/or circuits that are operable to:
    receive the encrypted and encapsulated data packets prepared for transmission sent by the tunnel transmission client module in the user terminal device;
    call the tunnel transmission service module in the server device that corresponds to the tunnel transmission client module in the user terminal device, wherein the tunnel transmission service module is operable to:
    parse the encrypted and encapsulated data packets prepared for transmission according to the predefined format;
    decrypt the data packets prepared for transmission, thereby restoring the data packets prepared for transmission; and
    transmit the data packets prepared for transmission according to a destination addresses in the data packets prepared for transmission.
PCT/CN2014/086897 2013-09-29 2014-09-19 Information transmission method, device and system thereof WO2015043421A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310455148.XA CN104519019B (en) 2013-09-29 2013-09-29 A kind of information transferring method, apparatus and system
CN201310455148.X 2013-09-29

Publications (1)

Publication Number Publication Date
WO2015043421A1 true WO2015043421A1 (en) 2015-04-02

Family

ID=52742042

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/086897 WO2015043421A1 (en) 2013-09-29 2014-09-19 Information transmission method, device and system thereof

Country Status (2)

Country Link
CN (1) CN104519019B (en)
WO (1) WO2015043421A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107666474B (en) 2016-07-30 2021-04-20 华为技术有限公司 Network message processing method and device and network server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459517A (en) * 2008-12-18 2009-06-17 上海宝钢钢材贸易有限公司 B2B data exchange system
CN102231707A (en) * 2011-06-27 2011-11-02 中国建设银行股份有限公司 Method and system for reliably transmitting data message in bank outlets
CN102546562A (en) * 2010-12-22 2012-07-04 腾讯科技(深圳)有限公司 Encrypting and decrypting method and system during transmission of data in web

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459517A (en) * 2008-12-18 2009-06-17 上海宝钢钢材贸易有限公司 B2B data exchange system
CN102546562A (en) * 2010-12-22 2012-07-04 腾讯科技(深圳)有限公司 Encrypting and decrypting method and system during transmission of data in web
CN102231707A (en) * 2011-06-27 2011-11-02 中国建设银行股份有限公司 Method and system for reliably transmitting data message in bank outlets

Also Published As

Publication number Publication date
CN104519019B (en) 2019-09-13
CN104519019A (en) 2015-04-15

Similar Documents

Publication Publication Date Title
CN110199508B (en) Secure data distribution of sensitive data across content distribution networks
CN106713320B (en) Terminal data transmission method and device
US10069800B2 (en) Scalable intermediate network device leveraging SSL session ticket extension
US8713305B2 (en) Packet transmission method, apparatus, and network system
JP5744172B2 (en) Proxy SSL handoff via intermediate stream renegotiation
US9219709B2 (en) Multi-wrapped virtual private network
CA2935435C (en) Secure network communication
US20130332724A1 (en) User-Space Enabled Virtual Private Network
US20220353247A1 (en) Secure publish-subscribe communication methods and apparatus
CN106209838B (en) IP access method and device of SSL VPN
CN107046495B (en) Method, device and system for constructing virtual private network
US11470060B2 (en) Private exchange of encrypted data over a computer network
CN107104929B (en) Method, device and system for defending network attack
US11784977B2 (en) Methods, apparatus, and systems for an encryption mode via a virtual private network
CN110620762A (en) RDMA (remote direct memory Access) -based data transmission method, network card, server and medium
US10277562B1 (en) Controlling encrypted traffic flows using out-of-path analysis devices
CN110213346B (en) Encrypted information transmission method and device
CN109379378B (en) Method, device, server, system and storage medium for sending internet short messages
WO2015043421A1 (en) Information transmission method, device and system thereof
CN110557383A (en) Network security data processing method, device, equipment and medium for power monitoring system
CN107343001B (en) Data processing method and device
CN110995730B (en) Data transmission method and device, proxy server and proxy server cluster
CN111211958B (en) Method and device for providing VPN (virtual private network) service, block chain network and node equipment
CN114915583A (en) Message processing method, client device, server device, and medium
KR101837064B1 (en) Apparatus and method for secure communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14847024

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23/08/2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14847024

Country of ref document: EP

Kind code of ref document: A1