WO2016187892A1 - Data transmission method and terminal - Google Patents

Data transmission method and terminal Download PDF

Info

Publication number
WO2016187892A1
WO2016187892A1 PCT/CN2015/080322 CN2015080322W WO2016187892A1 WO 2016187892 A1 WO2016187892 A1 WO 2016187892A1 CN 2015080322 W CN2015080322 W CN 2015080322W WO 2016187892 A1 WO2016187892 A1 WO 2016187892A1
Authority
WO
WIPO (PCT)
Prior art keywords
target data
encryption
module
transceiver module
encrypted
Prior art date
Application number
PCT/CN2015/080322
Other languages
French (fr)
Chinese (zh)
Inventor
董志伟
刘碧波
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2016187892A1 publication Critical patent/WO2016187892A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the present invention relates to the field of electronic technologies, and in particular, to a data transmission method and terminal.
  • the data to be sent on the terminal that needs to interact with other receiving ends, for example, the user inputs an operation instruction on the operation page of the terminal to control the receiving end connected to the terminal, and the operation instruction needs to be sent by the terminal to the receiving end,
  • the receiving end is configured to control the terminal in response to the operation instruction.
  • the existing transmission path of the data to be sent in the terminal is specifically: the acquiring module of the terminal acquires the data to be sent, and the acquiring module does not perform any processing on the data to be sent, and directly sends the data to be sent to the transceiver module of the terminal, so that The transceiver module transmits to the receiving end through an air interface.
  • the user may input data on the application layer, and the data needs to be sent to the receiving end, and the application layer of the terminal may directly transmit the data to the baseband processor (Modem), and the baseband processor passes the data through the air interface.
  • the message is transmitted to the receiving end; or the short message application sends a clear text message to the baseband processor through the interface of the short message sending and receiving, and the baseband processor sends the short message to the corresponding receiving end.
  • the transceiver module can also encrypt the data to be sent, and transmit the encrypted data to the receiving end, in order to improve the security of the data to be sent.
  • the acquiring module sends the data to be sent to the transceiver module without any processing on the data to be sent
  • the data to be sent sent by the acquiring module to the transceiver module is plaintext content
  • the existing third-party Trojan can perform monitoring and acquisition.
  • the interface of the module and the interface of the transceiver module that is, the third-party Trojan can monitor the transmission process of the acquisition module and the transceiver module, so that when the acquisition module sends the plaintext content to the transceiver module, the third-party Trojan can pass the monitoring system.
  • the transceiver module can intercept the data to be sent before the data is to be sent, thereby causing the loss of user data.
  • the receiving data on the terminal interacting with other transmitting ends, for example, the terminal receives an operation instruction sent by the sending end.
  • the existing transmission path of the received data in the terminal is specifically: the transceiver module of the terminal acquires the received data, and when the received data is not the encrypted data, the transceiver module can be docked. Receiving data without any processing, directly sending the received data to the acquisition module of the terminal; when the received data is encrypted data, the transceiver module may decrypt the received data, and send the decrypted received data to the acquisition module of the terminal.
  • the third-party Trojan program currently exists can perform the transmission process of the interception acquisition module and the transceiver module, so that when the transceiver module sends the plaintext content to the acquisition module, The three-party Trojan can intercept and receive data from the receiving module before receiving the data to be sent through the monitoring system broadcast, etc., and also cause the loss of user data.
  • the technical problem to be solved by the embodiments of the present invention is to provide a data transmission method and terminal.
  • the terminal can encrypt the internally transmitted data, thereby preventing the data from being intercepted and being intercepted, thereby improving data security.
  • an embodiment of the present invention provides a data transmission method, including:
  • the acquiring module When the acquiring module acquires the first target data to be sent, the acquiring module encrypts the first target data, generates first encrypted target data, and sends the first encrypted target data to the transceiver module;
  • the transceiver module receives the first encryption target data sent by the acquiring module, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first target data. .
  • the first encryption target data carries a first encryption identifier
  • Receiving, by the transceiver module, the first encryption target data sent by the acquiring module, and performing transmission processing on the first encryption target data includes:
  • the transceiver module sends the first encryption target data to the receiving end, or
  • the transceiver module parses the first encryption target data to obtain the first encryption identifier
  • the transceiver module acquires a first decryption rule corresponding to the first encryption identifier according to the first encryption identifier;
  • the transceiver module decrypts the first encryption target data according to the first decryption rule. Obtaining the first target data.
  • the method further includes:
  • the transceiver module When the transceiver module receives the second target data sent by the sending end connected to the transceiver module, the transceiver module encrypts the second target data to generate second encrypted target data, and the Sending the encrypted target data to the acquiring module;
  • the acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data to obtain the second target data;
  • the acquisition module processes the second target data.
  • the second encryption target data carries a second encryption identifier
  • the acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data, and obtaining the second target data includes:
  • the obtaining module decrypts the second encryption target data according to the second decryption rule to obtain the second target data.
  • the acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data, and the obtaining the second target data includes:
  • the verification module verifies the acquisition module, and determines that the acquisition module is legal.
  • the embodiment of the present invention further provides a terminal, where the terminal includes an obtaining module and a transceiver module connected to the acquiring module, where
  • the acquiring module is configured to: when the first target data to be sent is acquired, encrypt the first target data, generate first encrypted target data, and send the first encrypted target data to the transceiver module;
  • the transceiver module receives the first encryption target data sent by the acquiring module, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first target data. .
  • the first encryption target data carries a first encryption identifier
  • the transceiver module is specifically configured to:
  • the transceiver module is specifically configured to:
  • the obtaining module is specifically configured to:
  • the second encryption target data carries a second encryption identifier
  • the obtaining module is specifically configured to:
  • the terminal further includes a verification module, where
  • the verification module is configured to verify the acquisition module, and determine that the acquisition module is legal.
  • the acquiring module when the acquiring module acquires the first target data to be sent, the acquiring module encrypts the first target data, generates the first encrypted target data, and sends the first encrypted target data to the transceiver module.
  • the transceiver module receives the first encryption target data, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first target data, which enables the terminal to encrypt the internally transmitted data. Thereby avoiding data being intercepted and intercepted, and improving data security.
  • FIG. 1 is a schematic flow chart of a first embodiment of a method for data transmission according to the present invention
  • FIG. 2 is a schematic flow chart of a second embodiment of a method for data transmission according to the present invention.
  • FIG. 3 is a first embodiment structural diagram of a terminal of the present invention.
  • Figure 4 is a block diagram showing a second embodiment of a terminal of the present invention.
  • the acquisition module, the transceiver module and the verification module mentioned in the present invention all belong to modules in the same terminal.
  • the terminal may include: a mobile phone, a tablet computer, a palmtop computer, or a mobile Internet device (MID).
  • MID mobile Internet device
  • FIG. 1 is a schematic flowchart diagram of a first embodiment of a method for data transmission according to the present invention. As shown in FIG. 1, a method for data transmission according to this embodiment includes the following steps:
  • the acquiring module when the acquiring module acquires the first target data to be sent, the acquiring module encrypts the first target data, generates first encrypted target data, and sends the first encrypted target data to the transceiver module. .
  • the acquiring module may be a module for acquiring data to be sent by the terminal, where the terminal needs to send the data to be sent to the receiving end that establishes a network communication connection with the terminal.
  • the obtaining module may be an application layer of the terminal, and the application layer may include an application that provides an application service by the terminal, such as a short message application, an internet application, and an email application.
  • the obtaining module may also be a session layer of the terminal, and the session layer may include an application for providing a session by the terminal, such as a call application.
  • the data to be sent needs to be communicated through the baseband processor (Modem) of the terminal, and the acquiring module may be another module that interacts with the modem, and details are not described herein.
  • Modem baseband processor
  • the first target data may include data that can be sent to the receiving end, such as a short message, a multimedia message, control information, and data service information (email, Internet browsing record).
  • the obtaining module may obtain the first target data, which may be: when the user inputs the short message to be sent through the short message application, the short message application of the application layer acquires the short message; when the user enters the web address through the browser to browse the webpage, the browser This URL is available.
  • the acquiring module may read the preset usage mode of the terminal, and determine whether the first target data needs to be encrypted.
  • the terminal can provide a setting page for the user to select and set the usage mode.
  • the usage mode includes a secure transmission mode and a normal transmission mode, and the terminal can provide a corresponding display interface according to the usage mode selected by the user on the setting page, and the obtaining module is also based on The user selects the usage mode of the setting on the setting page, and performs corresponding processing.
  • the acquiring module When the acquiring module reads that the usage mode set by the user is the secure transmission mode, the acquiring module encrypts the first target data; when the acquiring module reads that the usage mode set by the user is the normal transmission mode, the acquiring module is not correct.
  • the target data is processed, and the first target data is directly sent to the transceiver module.
  • the acquiring module when the acquiring module needs to encrypt the first target data, the acquiring module calls the corresponding first encryption rule to perform encryption processing on the first target data.
  • the terminal may preset a first encryption rule of the acquiring module, where the first encryption rule may include a key, an encryption algorithm, an encryption algorithm type, and the like.
  • the acquiring module may encrypt the first target data according to the preset first encryption rule to generate the first encrypted target data, and perform encryption by using a preset CP_DECODE_SI encryption algorithm; Alternatively, the acquiring module may acquire an important level of the first target data, obtain a corresponding first encryption rule according to the important level, and then encrypt the first target data according to the first encryption rule to generate the first encrypted target data, where the acquiring module
  • the priority level may be determined according to the second target data, and the terminal may preset the correspondence between the important level and the second encryption rule; or the terminal may provide the setting page by the user to select the first encryption rule, so that the acquiring module selects the first according to the user.
  • the encryption rule encrypts the first target data, generates the first encryption target data, and transmits the first encryption target data to the transceiver module.
  • the transceiver module may be a modem of the terminal, where the Modem is responsible for network communication of the terminal.
  • the terminal calls, accesses the Internet, and sends text messages.
  • the process is sent by the upper system to the Modem for processing.
  • a network channel is established between the terminal and the receiving end.
  • the obtaining module can send voice, short message or internet data packets to the modem, and the modem can send the data to the receiving end through the network channel.
  • the third-party application of the terminal monitors the data sent by the acquisition module, and the data monitored by the terminal is encrypted data, thereby improving data security.
  • the obtaining module may further acquire the first encrypted identifier corresponding to the first encryption rule, and obtain the first encryption.
  • the identifier is added to the first encryption target data, wherein the first encryption identifier is used to identify the first encryption rule.
  • the transceiver module receives the first encryption target data sent by the acquiring module, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first Target data.
  • the receiving end may be a receiving end such as a mobile phone, a tablet computer, and a base station, wherein the receiving end may establish a Bluetooth connection, a WIFI (Wireless Fidelity) connection, and a NFC (Near Field Communication).
  • a communication connection such as a communication connection, wherein the receiving end can establish a communication connection with the transceiver module of the terminal.
  • the transceiver module After the transceiver module receives the first encryption target data, the transceiver module can directly forward the first encryption target data to the receiving end through the communication network, so that the receiving end can decrypt the first encrypted target data to obtain the first target data. Thereby processing is performed according to the first target data.
  • the transceiver module may decrypt the first encryption target data to obtain the first target data, so that the first target data is sent to the receiving end through the communication network, so as to receive The terminal processes according to the first target data.
  • the transceiver module decrypts the first encryption target data, the transceiver module decrypts the first encryption target data according to the preset first decryption rule, and obtains the first target data, such as using a preset CP_DECODE_SI decryption algorithm for encryption. . Further, the transceiver module parses the first encryption target data to obtain a first encryption identifier, and the transceiver module obtains a corresponding first decryption rule according to the first encryption identifier, such as the first encryption identifier identifier CP_DECODE_SI encryption algorithm. The transceiver module can find the corresponding CP_DECODE_SI decryption algorithm according to the CP_DECODE_SI encryption algorithm. The transceiver module decrypts the first encryption target data according to the obtained first decryption rule to obtain the first target data.
  • the acquiring module when the acquiring module acquires the first target data to be sent, the acquiring module encrypts the first target data, generates the first encrypted target data, and sends the first encrypted target data to the transceiver module.
  • the transceiver module receives the first encrypted target data and enters the first encrypted target data
  • the line transmission process is such that the receiving end connected to the transceiver module obtains the first target data, which enables the terminal to encrypt the internally transmitted data, thereby preventing the data from being intercepted and intercepted, thereby improving data security.
  • FIG. 2 is a schematic flowchart of a second embodiment of a method for data transmission according to the present invention. As shown in FIG. 2, a method for data transmission according to this embodiment includes the following steps:
  • the transceiver module when the transceiver module receives the second target data sent by the sending end connected to the transceiver module, the transceiver module encrypts the second target data to generate a second encrypted target data, and The second encryption target data is sent to the acquisition module.
  • the sending end may be a sending end that establishes a communication connection with the terminal, and the sending end may be a transmitting end such as a mobile phone, a tablet computer, and a base station.
  • the sending end can establish a communication connection with the terminal, wherein the communication connection can be a network communication connection such as a Bluetooth communication connection, a WIFI communication connection, and an NFC communication connection.
  • the sending end can establish a communication connection with the transceiver module of the terminal.
  • the transceiver module of the terminal receives the second target data.
  • the second target data may include data that the base station can send to the terminal, such as a short message, a multimedia message, control information, and data service information (email) sent by the base station to the terminal.
  • the transceiver module when the transceiver module acquires the second target data, the transceiver module can read the preset usage mode of the terminal, and determine whether the second target data needs to be encrypted.
  • the terminal can provide a setting page for the user to select and set the usage mode.
  • the usage mode includes a secure transmission mode and a normal transmission mode, and the terminal can provide a corresponding display interface according to the usage mode selected by the user on the setting page, and the transceiver module is also based on The user selects the usage mode of the setting on the setting page, and performs corresponding processing.
  • the transceiver module When the transceiver module reads that the usage mode set by the user is the secure transmission mode, the transceiver module encrypts the second target data; when the transceiver module reads that the usage mode set by the user is the normal transmission mode, the transceiver module will not be the second.
  • the target data is processed, and the second target data is directly sent to the acquisition module.
  • the transceiver module when the transceiver module needs to encrypt the second target data, invokes the corresponding second encryption rule to perform encryption processing on the second target data.
  • the terminal may preset a second encryption rule of the transceiver module, where the second encryption rule may include a key, an encryption algorithm, an encryption algorithm type, and the like.
  • the transceiver module may encrypt the second target data according to the preset second encryption rule to generate the second encrypted target data, for example, the transceiver module adopts a preset CP_DECODE_SI encryption calculation.
  • the method performs encryption; or the transceiver module can acquire an important level of the second target data, obtain a corresponding second encryption rule according to the important level, and then encrypt the second target data according to the second encryption rule to generate the second encrypted target data.
  • the second target data may carry an important level, and the terminal may preset a correspondence between the important level and the second encryption rule; or the terminal may set the page to be selected by the user to select an encryption rule, so that the transceiver module selects the second encryption rule according to the user selection.
  • the second target data is encrypted, the second encrypted target data is generated, and the second encrypted target data is sent to the acquisition module.
  • the obtaining module may further acquire the second encryption identifier corresponding to the second encryption rule, and encrypt the second encryption The identifier is added to the second encryption target data, wherein the second encryption identifier is used to identify the second encryption rule.
  • the acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data to obtain the second target data.
  • the terminal may also check whether the acquiring module is legal.
  • the verification module of the terminal may check whether the acquisition module is legal. Specifically, when the acquiring module that receives the second encrypted target data is an application, the verification module determines whether the application includes security information trusted by the verification module, such as an authentication certificate. When the application contains security information that the verification module trusts, the verification module can confirm that the application is legitimate. When the verification module determines that the acquisition module is legal, the verification module may allow the acquisition module to call the second encryption rule to decrypt the second encryption target data, such as providing an API (Application Programming Interface) to decrypt the authorized application. When the verification module determines that the acquisition module is illegal, the verification module will not allow the acquisition module to decrypt the second encryption target data, thereby effectively improving data security.
  • the obtaining module may decrypt the second encryption target data according to the preset second decryption rule, and obtain the first The second target data is encrypted by using a preset CP_DECODE_SI decryption algorithm. Further, the acquiring module parses the second encrypted target data to obtain a second encrypted identifier, and the obtaining module obtains a corresponding second decrypting rule according to the second encrypted identifier, such as the second encrypted identifier identifying the CP_DECODE_SI encryption algorithm.
  • the obtaining module can find the corresponding CP_DECODE_SI decryption algorithm according to the CP_DECODE_SI encryption algorithm. Thereby, the acquiring module calls the second decryption rule to decrypt the second encrypted target data to obtain the second target data.
  • the acquiring module processes the second target data.
  • the acquiring module may perform corresponding processing according to the function of the second component and the attribute of the second target data. For example, when the acquisition module is a short message application and the second target data is a short message, the short message application displays the short message on the user interface to enable the user to read the short message; when the acquisition module is setting the application, the second target data is setting parameters.
  • the setup application will modify its own parameters based on the setup parameters.
  • the transceiver module when the transceiver module receives the second target data sent by the sending end connected to the transceiver module, the transceiver module encrypts the second target data to generate a second encrypted target.
  • Data, and the second encryption target data is sent to the acquisition module, the acquisition module receives the second encryption target data, decrypts the second encryption target data, and obtains the second target data.
  • the acquiring module processes the second target data, which enables the terminal to encrypt the internally transmitted data, thereby preventing the data from being intercepted and intercepted, and improving the security of the data.
  • FIG. 3 is a schematic structural diagram of a first embodiment of a terminal according to an embodiment of the present invention.
  • the terminal described in this embodiment includes:
  • the obtaining module 100 is configured to: when acquiring the first target data to be sent, encrypt the first target data, generate first encrypted target data, and send the first encrypted target data to the transceiver module.
  • the transceiver module 200 is configured to receive the first encryption target data sent by the acquiring module, and perform transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first Target data.
  • the acquiring module 100 may be a module for acquiring data to be sent by the terminal, where the terminal needs to send the data to be sent to the receiving end that establishes a network communication connection with the terminal.
  • the obtaining module 100 may be an application layer of the terminal, and the application layer may include an application that provides an application service by the terminal, such as a short message application, an internet application, and an email application.
  • the obtaining module 100 may also be a session layer of the terminal, and the session layer may include an application for providing a session by the terminal, such as a call application.
  • the data to be sent needs to be communicated through the baseband processor (Modem) of the terminal, and the acquiring module 100 may be another module that interacts with the modem, and details are not described herein.
  • Modem baseband processor
  • the first target data may include data that can be sent to the receiving end, such as a short message, a multimedia message, control information, and data service information (email, Internet browsing record).
  • Acquisition module The obtaining the first target data may be: when the user inputs the short message to be sent through the short message application, the short message application of the application layer acquires the short message; when the user enters the web address through the browser to browse the webpage, the browser may Get the URL.
  • the obtaining module 100 may read the usage mode preset by the terminal, and determine whether the first target data needs to be encrypted.
  • the terminal can provide a setting page for the user to select and use the usage mode.
  • the usage mode includes a secure transmission mode and a normal transmission mode, and the terminal can provide a corresponding display interface according to the usage mode selected by the user on the setting page, and the obtaining module 100 also The corresponding processing is performed according to the usage mode in which the user selects the setting on the setting page.
  • the acquisition module 100 When the acquisition module 100 reads that the usage mode set by the user is the secure transmission mode, the acquisition module 100 encrypts the first target data; when the acquisition module 100 reads that the usage mode set by the user is the normal transmission mode, the acquisition module 100 The first target data will not be processed, and the first target data is directly sent to the transceiver module.
  • the obtaining module 100 invokes the corresponding first encryption rule to perform encryption processing on the first target data.
  • the terminal may preset the first encryption rule of the obtaining module 100, where the first encryption rule may include a key, an encryption algorithm, an encryption algorithm type, and the like.
  • the obtaining module 100 may encrypt the first target data according to the preset first encryption rule to generate the first encrypted target data, such as using a preset CP_DECODE_SI encryption algorithm.
  • the obtaining module 100 may acquire an important level of the first target data, obtain a corresponding first encryption rule according to the important level, and then encrypt the first target data according to the first encryption rule to generate the first encrypted target data, where The obtaining module 100 may determine the importance level according to the second target data, and the terminal may preset the correspondence between the important level and the second encryption rule; or the terminal may provide the setting page by the user to select the first encryption rule, so that the obtaining module 100 is configured according to The first encryption rule selected by the user encrypts the first target data, generates the first encryption target data, and sends the first encryption target data to the transceiver module.
  • the transceiver module may be a modem of the terminal, where the Modem is responsible for network communication of the terminal.
  • the terminal calls, accesses the Internet, and sends text messages.
  • the process is sent by the upper system to the Modem for processing.
  • a network channel is established between the terminal and the receiving end.
  • the obtaining module 100 can send the voice, short message or Internet data packet to the Modem, and the Modem can send the data to the receiving end through the network channel. Therefore, even if the third-party application monitors the data sent by the obtaining module 100, the data monitored by the terminal is the encrypted data, thereby improving the data. Security.
  • the obtaining module 100 may further acquire the first encrypted identifier corresponding to the first encryption rule, and An encryption identifier is added to the first encryption target data, wherein the first encryption identifier is used to identify the first encryption rule.
  • the receiving end may be a receiving end such as a mobile phone, a tablet computer, and a base station, wherein the receiving end may establish a Bluetooth connection, a WIFI (Wireless Fidelity) connection, and the like with the terminal, where The terminal can establish a communication connection with the transceiver module 200 of the terminal.
  • the transceiver module 200 can directly forward the first encryption target data to the receiving end through the communication network, so that the receiving end can decrypt the first encrypted target data to obtain the first target.
  • the data is processed according to the first target data.
  • the transceiver module 200 may decrypt the first encryption target data to obtain the first target data, thereby transmitting the first target data to the receiving end through the communication network, to The receiving end is processed according to the first target data.
  • the transceiver module 200 decrypts the first encryption target data, the transceiver module 200 decrypts the first encryption target data according to the preset first decryption rule, and obtains the first target data, such as adopting a preset CP_DECODE_SI decryption algorithm. Encrypt. Further, the transceiver module 200 parses the first encryption target data to obtain a first encryption identifier, and the transceiver module 200 obtains a corresponding first decryption rule according to the first encryption identifier, such as the first encryption identifier identifier CP_DECODE_SI.
  • the encryption algorithm, the transceiver module 200 can find the corresponding CP_DECODE_SI decryption algorithm according to the CP_DECODE_SI encryption algorithm.
  • the transceiver module 200 decrypts the first encryption target data according to the obtained first decryption rule to obtain the first target data.
  • the acquiring module 100 when the acquiring module 100 acquires the first target data to be sent, the acquiring module 100 encrypts the first target data, generates the first encrypted target data, and sends the first encrypted target data to the transceiver.
  • the module 200, the transceiver module 200 receives the first encryption target data, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module 200 obtains the first target data, which enables the terminal to transmit internally
  • the data is encrypted to prevent data from being intercepted and intercepted, improving data security.
  • FIG. 4 is a schematic structural diagram of a first embodiment of a terminal according to an embodiment of the present invention.
  • the terminal described in this embodiment includes an obtaining module 100 and a transceiver module 200, where
  • the transceiver module 200 is specifically configured to:
  • the obtaining module 100 is specifically configured to:
  • the terminal further includes:
  • the verification module 300 is configured to verify the acquisition module, and determine that the acquisition module is legal.
  • the sending end may be a sending end that establishes a communication connection with the terminal, and the sending end may be a transmitting end such as a mobile phone, a tablet computer, and a base station.
  • the transmitting end can establish a communication connection with the terminal, wherein the communication connection can be a network communication connection such as a Bluetooth communication connection, a WIFI communication connection, and an NFC communication connection.
  • the sending end can establish a communication connection with the transceiver module 200 of the terminal.
  • the transceiver module 200 of the terminal receives the second target data.
  • the second target data may include data that the base station can send to the terminal, such as a short message, a multimedia message, control information, and data service information (email) sent by the base station to the terminal.
  • the transceiver module 200 when the transceiver module 200 acquires the second target data, the transceiver module 200 can read the preset usage mode of the terminal, and determine whether the second target data needs to be encrypted.
  • the terminal can provide a setting page for the user to select and set the usage mode.
  • the usage mode includes a secure transmission mode and a normal transmission mode, and the terminal can provide a corresponding display interface according to the usage mode selected by the user on the setting page, and the transceiver module 200 also The corresponding processing is performed according to the usage mode in which the user selects the setting on the setting page.
  • the transceiver module 200 When the transceiver module 200 reads that the usage mode set by the user is the secure transmission mode, the transceiver module 200 encrypts the second target data; when the transceiver module 200 reads that the usage mode set by the user is the normal transmission mode, the transceiver module 200 The second target data will not be processed, and the second target data is directly sent to the acquisition module.
  • the transceiver module 200 when the transceiver module 200 needs to encrypt the second target data, the transceiver module 200 The module 200 invokes the corresponding second encryption rule to perform encryption processing on the second target data.
  • the terminal may preset the second encryption rule of the transceiver module 200, where the second encryption rule may include a key, an encryption algorithm, an encryption algorithm type, and the like.
  • the transceiver module 200 can encrypt the second target data according to the preset second encryption rule to generate the second encryption target data, for example, the transceiver module 200 encrypts by using a preset CP_DECODE_SI encryption algorithm; or the transceiver module 200 can obtain the second The important level of the target data is obtained according to the important level, and the second target data is encrypted according to the second encryption rule to generate the second encrypted target data, wherein the second target data can carry the important level, the terminal
  • the correspondence between the importance level and the second encryption rule may be preset; or the terminal may set the page to be selected by the user to select an encryption rule, so that the transceiver module 200 encrypts the second target data according to the second encryption rule selected by the user to generate a second The target data is encrypted, and the second encrypted target data is sent to the acquisition module.
  • the acquiring module may further acquire the second encryption identifier corresponding to the second encryption rule, and The encryption identifier is added to the second encryption target data, wherein the second encryption identifier is used to identify the second encryption rule.
  • the terminal may also check whether the acquiring module 100 is legal.
  • the verification module 300 of the terminal may check whether the acquisition module 100 is legal. Specifically, when the obtaining module 100 that receives the second encrypted target data is an application, the verification module 300 determines whether the application includes security information trusted by the verification module, such as an authentication certificate. When the application contains security information that the verification module trusts, the verification module 300 can confirm that the application is legitimate. When the verification module 300 determines that the acquisition module 100 is legal, the verification module 300 may allow the acquisition module 100 to call the second encryption rule to decrypt the second encryption target data, such as providing an API (Application Programming Interface) to the authorized one. The application performs decryption; when the verification module 300 determines that the acquisition module 100 is illegal, the verification module 300 will not allow the acquisition module 100 to decrypt the second encryption target data, thereby effectively improving data security.
  • the application performs decryption; when the verification module 300 determines that the acquisition module 100 is illegal, the verification module 300 will not allow the acquisition module 100 to decrypt the second
  • the obtaining module 100 may decrypt the second encryption target data according to the preset second decryption rule. Obtaining the second target data, such as using a preset CP_DECODE_SI decryption algorithm for encryption. Further, the acquisition module 100 may also be The second encryption target data is obtained, and the second encryption identifier is obtained. The obtaining module 100 obtains a corresponding second decryption rule according to the second encryption identifier. For example, the second encryption identifier identifies the CP_DECODE_SI encryption algorithm, and the obtaining module 100 can perform the encryption algorithm according to the CP_DECODE_SI. Find the corresponding CP_DECODE_SI decryption algorithm. Thereby, the obtaining module 100 calls the second decryption rule to decrypt the second encrypted target data to obtain the second target data.
  • the obtaining module 100 may perform corresponding processing according to the function of the second component and the attribute of the second target data. For example, when the obtaining module 100 is a short message application and the second target data is a short message, the short message application displays the short message on the user interface to enable the user to read the short message; when the obtaining module 100 is the setting application, the second target data is When setting parameters, the setup application will modify its own parameters based on the setup parameters.
  • the transceiver module 200 when the transceiver module 200 receives the second target data sent by the sending end connected to the transceiver module 200, the transceiver module 200 encrypts the second target data to generate a second And encrypting the target data, and sending the second encrypted target data to the acquiring module 100, the acquiring module 100 receiving the second encrypted target data, and decrypting the second encrypted target data to obtain the The second target data, the obtaining module 100 processes the second target data, which enables the terminal to encrypt the internally transmitted data, thereby preventing the data from being intercepted and intercepted, and improving the security of the data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

Disclosed is a data transmission method. The method comprises: when an acquiring module acquires first target data to be sent, the acquiring module encrypts the first target data to generate first encrypted target data, and sends the first encrypted target data to a transceiver module; and the transceiver module receives the first encrypted target data sent by the acquiring module, and transmits the first encrypted target data, so that a reception end connected to the transceiver module obtains the first target data. Also disclosed is a terminal. By using the present invention, a terminal can encrypt internally transmitted data, so as to prevent data from being thieved and improve security of the data.

Description

一种数据传输的方法及终端Method and terminal for data transmission
本申请要求于2015年5月22日提交中国专利局,申请号为201510267013.X、发明名称为“一种数据传输的方法及终端”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201510267013.X, entitled "A Method and Terminal for Data Transmission" on May 22, 2015, the entire contents of which are incorporated by reference. In this application.
技术领域Technical field
本发明涉及电子技术领域,尤其涉及一种数据的传输方法及终端。The present invention relates to the field of electronic technologies, and in particular, to a data transmission method and terminal.
背景技术Background technique
目前,终端上的需与其他接收端进行交互的待发送数据,例如:用户在终端的操作页面上输入操作指令以控制与终端连接的接收端,该操作指令需由终端发送给接收端,以使接收端响应操作指令实现终端的控制。其中,待发送数据在终端内部的现有传输路径具体为:终端的获取模块获取到待发送数据,获取模块对待发送数据不进行任何处理,直接将待发送数据发送给终端的收发模块,以使收发模块通过空口传输给接收端。在具体应用中可以是,用户在应用层上输入数据,该数据需发送给接收端,而终端的应用层可以将该数据直接传输给基带处理器(Modem),基带处理器将该数据通过空口传输给接收端;还可以是,短信应用通过短信收发的接口向基带处理器发送明文短信,基带处理器将短信发送到对应的接收端。其中,为了提高待发送的数据的安全性,收发模块还可对待发送的数据进行加密,并将加密后的数据传输给接收端。At present, the data to be sent on the terminal that needs to interact with other receiving ends, for example, the user inputs an operation instruction on the operation page of the terminal to control the receiving end connected to the terminal, and the operation instruction needs to be sent by the terminal to the receiving end, The receiving end is configured to control the terminal in response to the operation instruction. The existing transmission path of the data to be sent in the terminal is specifically: the acquiring module of the terminal acquires the data to be sent, and the acquiring module does not perform any processing on the data to be sent, and directly sends the data to be sent to the transceiver module of the terminal, so that The transceiver module transmits to the receiving end through an air interface. In a specific application, the user may input data on the application layer, and the data needs to be sent to the receiving end, and the application layer of the terminal may directly transmit the data to the baseband processor (Modem), and the baseband processor passes the data through the air interface. The message is transmitted to the receiving end; or the short message application sends a clear text message to the baseband processor through the interface of the short message sending and receiving, and the baseband processor sends the short message to the corresponding receiving end. The transceiver module can also encrypt the data to be sent, and transmit the encrypted data to the receiving end, in order to improve the security of the data to be sent.
但是,由于获取模块是对待发送数据不进行任何处理即将待发送数据发送给收发模块,这使得获取模块向收发模块发送的待发送数据是明文内容,而目前存在的第三方木马程序可以进行监听获取模块的接口和收发模块的接口,即是,第三方木马程序可以监听获取模块与收发模块的传输过程,这使得当获取模块向收发模块发送的是明文内容时,第三方木马程序可通过监听系统广播等方式在收发模块获取到待发送数据之前,即可从中拦截到待发送数据,从而造成用户数据的丢失。However, since the acquiring module sends the data to be sent to the transceiver module without any processing on the data to be sent, the data to be sent sent by the acquiring module to the transceiver module is plaintext content, and the existing third-party Trojan can perform monitoring and acquisition. The interface of the module and the interface of the transceiver module, that is, the third-party Trojan can monitor the transmission process of the acquisition module and the transceiver module, so that when the acquisition module sends the plaintext content to the transceiver module, the third-party Trojan can pass the monitoring system. In the broadcast mode, the transceiver module can intercept the data to be sent before the data is to be sent, thereby causing the loss of user data.
同样,终端上的与其他发送端进行交互的接收数据,例如:终端接收到发送端发送的操作指令。其中,接收数据在终端内部的现有传输路径具体为:终端的收发模块获取到接收数据,当接收数据不是加密数据时,收发模块可对接 收数据不进行任何处理,直接将接收数据发送给终端的获取模块;当接收数据是加密数据时,收发模块可对接收数据进行解密,并将解密后的接收数据发送给终端的获取模块。Similarly, the receiving data on the terminal interacting with other transmitting ends, for example, the terminal receives an operation instruction sent by the sending end. The existing transmission path of the received data in the terminal is specifically: the transceiver module of the terminal acquires the received data, and when the received data is not the encrypted data, the transceiver module can be docked. Receiving data without any processing, directly sending the received data to the acquisition module of the terminal; when the received data is encrypted data, the transceiver module may decrypt the received data, and send the decrypted received data to the acquisition module of the terminal.
但是,由于收发模块是将明文内容发送给获取模块,而目前存在的第三方木马程序可以进行监听获取模块与收发模块的传输过程,这使得当收发模块向获取模块发送的是明文内容时,第三方木马程序可通过监听系统广播等方式在收发模块获取到待发送数据之前,即可从中拦截到接收数据,也造成用户数据的丢失。However, since the transceiver module sends the plaintext content to the acquisition module, the third-party Trojan program currently exists can perform the transmission process of the interception acquisition module and the transceiver module, so that when the transceiver module sends the plaintext content to the acquisition module, The three-party Trojan can intercept and receive data from the receiving module before receiving the data to be sent through the monitoring system broadcast, etc., and also cause the loss of user data.
因此,现有的获取模块与收发模块之间在进行数据传输时无法保证数据的安全性,从而导致数据丢失,造成数据泄露,给用户带来了不便。Therefore, the data acquisition between the existing acquisition module and the transceiver module cannot guarantee data security, resulting in data loss and data leakage, which brings inconvenience to the user.
发明内容Summary of the invention
本发明实施例所要解决的技术问题在于,提供一种数据传输的方法及终端。可使得终端可对内部传输的数据进行加密,从而避免数据被监听窃取,提高数据的安全性。The technical problem to be solved by the embodiments of the present invention is to provide a data transmission method and terminal. The terminal can encrypt the internally transmitted data, thereby preventing the data from being intercepted and being intercepted, thereby improving data security.
为了解决上述技术问题,本发明实施例提供了一种数据传输的方法,包括:In order to solve the above technical problem, an embodiment of the present invention provides a data transmission method, including:
当获取模块获取到待发送的第一目标数据时,所述获取模块对所述第一目标数据进行加密,生成第一加密目标数据,并将所述第一加密目标数据发送给收发模块;When the acquiring module acquires the first target data to be sent, the acquiring module encrypts the first target data, generates first encrypted target data, and sends the first encrypted target data to the transceiver module;
所述收发模块接收所述获取模块发送的所述第一加密目标数据,并对所述第一加密目标数据进行传输处理,以使与所述收发模块连接的接收端获得所述第一目标数据。The transceiver module receives the first encryption target data sent by the acquiring module, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first target data. .
其中,所述第一加密目标数据携带第一加密标识符;The first encryption target data carries a first encryption identifier;
所述收发模块接收所述获取模块发送的所述第一加密目标数据,并对所述第一加密目标数据进行传输处理包括:Receiving, by the transceiver module, the first encryption target data sent by the acquiring module, and performing transmission processing on the first encryption target data includes:
所述收发模块将所述第一加密目标数据发送给所述接收端,或者,The transceiver module sends the first encryption target data to the receiving end, or
所述收发模块解析所述第一加密目标数据获得所述第一加密标识符;The transceiver module parses the first encryption target data to obtain the first encryption identifier;
所述收发模块根据所述第一加密标识符获取所述第一加密标识符所对应的第一解密规则;The transceiver module acquires a first decryption rule corresponding to the first encryption identifier according to the first encryption identifier;
所述收发模块根据所述第一解密规则对所述第一加密目标数据进行解密, 获得所述第一目标数据。The transceiver module decrypts the first encryption target data according to the first decryption rule. Obtaining the first target data.
其中,所述方法还包括:The method further includes:
当所述收发模块接收到与所述收发模块连接的发送端发送的第二目标数据时,所述收发模块对所述第二目标数据进行加密,生成第二加密目标数据,并将所述第二加密目标数据发送给所述获取模块;When the transceiver module receives the second target data sent by the sending end connected to the transceiver module, the transceiver module encrypts the second target data to generate second encrypted target data, and the Sending the encrypted target data to the acquiring module;
所述获取模块接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据;The acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data to obtain the second target data;
所述获取模块处理所述第二目标数据。The acquisition module processes the second target data.
其中,所述第二加密目标数据携带第二加密标识符;The second encryption target data carries a second encryption identifier;
所述获取模块接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据包括:The acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data, and obtaining the second target data includes:
所述获取模块根据所述第二加密标识符获取所述第二加密标识符对应的第二解密规则;Obtaining, by the acquiring module, the second decryption rule corresponding to the second encrypted identifier according to the second encrypted identifier;
所述获取模块根据所述第二解密规则对所述第二加密目标数据进行解密,获得所述第二目标数据。The obtaining module decrypts the second encryption target data according to the second decryption rule to obtain the second target data.
其中,所述获取模块接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据之前包括:The acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data, and the obtaining the second target data includes:
验证模块对所述获取模块进行验证,确定所述获取模块合法。The verification module verifies the acquisition module, and determines that the acquisition module is legal.
相应地,本发明实施例还提供了一种终端,所述终端包括获取模块和与所述获取模块连接的收发模块,其中,Correspondingly, the embodiment of the present invention further provides a terminal, where the terminal includes an obtaining module and a transceiver module connected to the acquiring module, where
所述获取模块,用于当获取到待发送的第一目标数据时,对所述第一目标数据进行加密,生成第一加密目标数据,并将所述第一加密目标数据发送给收发模块;The acquiring module is configured to: when the first target data to be sent is acquired, encrypt the first target data, generate first encrypted target data, and send the first encrypted target data to the transceiver module;
所述收发模块接收所述获取模块发送的所述第一加密目标数据,并对所述第一加密目标数据进行传输处理,以使与所述收发模块连接的接收端获得所述第一目标数据。The transceiver module receives the first encryption target data sent by the acquiring module, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first target data. .
其中,所述第一加密目标数据携带第一加密标识符;The first encryption target data carries a first encryption identifier;
所述收发模块具体用于:The transceiver module is specifically configured to:
将所述第一加密目标数据发送给所述接收端,或者,Transmitting the first encryption target data to the receiving end, or
解析所述第一加密目标数据获得所述第一加密标识符; Parsing the first encryption target data to obtain the first encryption identifier;
根据所述第一加密标识符获取所述第一加密标识符所对应的第一解密规则;Obtaining, according to the first encryption identifier, a first decryption rule corresponding to the first encryption identifier;
根据所述第一解密规则对所述第一加密目标数据进行解密,获得所述第一目标数据。Decrypting the first encryption target data according to the first decryption rule to obtain the first target data.
其中,among them,
所述收发模块具体用于:The transceiver module is specifically configured to:
当接收到与所述收发模块连接的发送端发送的第二目标数据时,对所述第二目标数据进行加密,生成第二加密目标数据,并将所述第二加密目标数据发送给所述获取模块;When receiving the second target data sent by the transmitting end connected to the transceiver module, encrypting the second target data, generating second encrypted target data, and transmitting the second encrypted target data to the Acquisition module
所述获取模块具体用于:The obtaining module is specifically configured to:
接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据;Receiving the second encryption target data sent by the transceiver module, and decrypting the second encryption target data to obtain the second target data;
处理所述第二目标数据。Processing the second target data.
其中,所述第二加密目标数据携带第二加密标识符;The second encryption target data carries a second encryption identifier;
所述获取模块具体用于:The obtaining module is specifically configured to:
根据所述第二加密标识符获取所述第二加密标识符对应的第二解密规则;Obtaining, according to the second encryption identifier, a second decryption rule corresponding to the second encryption identifier;
根据所述第二解密规则对所述第二加密目标数据进行解密,获得所述第二目标数据。Decrypting the second encryption target data according to the second decryption rule to obtain the second target data.
其中,所述终端还包括验证模块,其中,The terminal further includes a verification module, where
所述验证模块用于对所述获取模块进行验证,确定所述获取模块合法。The verification module is configured to verify the acquisition module, and determine that the acquisition module is legal.
实施本发明实施例,具有如下有益效果:Embodiments of the present invention have the following beneficial effects:
在本发明实施例中,当获取模块获取到待发送的第一目标数据时,获取模块对第一目标数据进行加密,生成第一加密目标数据,并将第一加密目标数据发送给收发模块,收发模块接收第一加密目标数据,并对第一加密目标数据进行传输处理,以使与所收发模块连接的接收端获得所述第一目标数据,这使得终端可对内部传输的数据进行加密,从而避免数据被监听窃取,提高数据的安全性。In the embodiment of the present invention, when the acquiring module acquires the first target data to be sent, the acquiring module encrypts the first target data, generates the first encrypted target data, and sends the first encrypted target data to the transceiver module. The transceiver module receives the first encryption target data, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first target data, which enables the terminal to encrypt the internally transmitted data. Thereby avoiding data being intercepted and intercepted, and improving data security.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施 例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following will be implemented BRIEF DESCRIPTION OF THE DRAWINGS The drawings, which are used in the description or the description of the prior art, are briefly described. It is obvious that the drawings in the following description are only some embodiments of the present invention, and no one skilled in the art Other drawings can also be obtained from these drawings.
图1是本发明一种数据传输的方法的第一实施例流程示意图;1 is a schematic flow chart of a first embodiment of a method for data transmission according to the present invention;
图2是本发明一种数据传输的方法的第二实施例流程示意图;2 is a schematic flow chart of a second embodiment of a method for data transmission according to the present invention;
图3是本发明一种终端的第一实施结构图;3 is a first embodiment structural diagram of a terminal of the present invention;
图4是本发明一种终端的第二实施结构图。Figure 4 is a block diagram showing a second embodiment of a terminal of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明所提及到的获取模块、收发模块和验证模块都属于同一个终端中的模块。其中,终端可包括:手机、平板电脑、掌上电脑或者移动互联网设备(Mobile Internet Device,MID)等,上述终端仅是举例,而非穷举,包含但不限于上述终端。The acquisition module, the transceiver module and the verification module mentioned in the present invention all belong to modules in the same terminal. The terminal may include: a mobile phone, a tablet computer, a palmtop computer, or a mobile Internet device (MID). The foregoing terminals are merely examples, and are not exhaustive, including but not limited to the above terminals.
请参见图1,为本发明一种数据传输的方法的第一实施例流程示意图。如图1所示,本实施例所述的一种数据传输的方法包括步骤:FIG. 1 is a schematic flowchart diagram of a first embodiment of a method for data transmission according to the present invention. As shown in FIG. 1, a method for data transmission according to this embodiment includes the following steps:
S100,当获取模块获取到待发送的第一目标数据时,所述获取模块对所述第一目标数据进行加密,生成第一加密目标数据,并将所述第一加密目标数据发送给收发模块。S100, when the acquiring module acquires the first target data to be sent, the acquiring module encrypts the first target data, generates first encrypted target data, and sends the first encrypted target data to the transceiver module. .
在本发明实施例中,获取模块可以是终端中获取终端的待发送数据的模块,其中,终端需将待发送数据送给与终端建立网络通信连接的接收端。在具体应用中,获取模块可以是终端的应用层,应用层可包括终端提供应用服务的应用程序,如:短信应用程序、互联网应用程序和电子邮件应用程序等。进一步的,获取模块还可以是终端的会话层,会话层可包括终端提供会话的应用程序,如:通话应用程序。进一步的,由于待发送数据需通过终端的基带处理器(Modem)来进行网络交互,获取模块还可以是其他与Modem进行交互的模块,在此不再赘述。 In the embodiment of the present invention, the acquiring module may be a module for acquiring data to be sent by the terminal, where the terminal needs to send the data to be sent to the receiving end that establishes a network communication connection with the terminal. In a specific application, the obtaining module may be an application layer of the terminal, and the application layer may include an application that provides an application service by the terminal, such as a short message application, an internet application, and an email application. Further, the obtaining module may also be a session layer of the terminal, and the session layer may include an application for providing a session by the terminal, such as a call application. Further, the data to be sent needs to be communicated through the baseband processor (Modem) of the terminal, and the acquiring module may be another module that interacts with the modem, and details are not described herein.
在本发明实施例中,第一目标数据可以包括短信、彩信、控制信息和数据业务信息(电子邮件、上网浏览记录)等可以向接收端发送的数据。获取模块获取第一目标数据具体可以是:当用户通过短信应用程序输入需要进行发送的短信时,应用层的短信应用程序将获取该短信;当用户通过浏览器输入网址进行浏览网页时,浏览器可获取该网址。In the embodiment of the present invention, the first target data may include data that can be sent to the receiving end, such as a short message, a multimedia message, control information, and data service information (email, Internet browsing record). The obtaining module may obtain the first target data, which may be: when the user inputs the short message to be sent through the short message application, the short message application of the application layer acquires the short message; when the user enters the web address through the browser to browse the webpage, the browser This URL is available.
在本发明实施例中,当获取模块获取到第一目标数据时,获取模块可以读取终端预设的使用模式,判断是否需对第一目标数据进行加密处理。其中,终端可提供设置页面供用户进行选择设置使用模式,使用模式包括安全传输模式和普通传输模式,终端可根据用户在设置页面选择设置的使用模式,提供相应的显示界面,并且获取模块也根据用户在设置页面选择设置的使用模式,而进行相应的处理。当获取模块读取到用户设置的使用模式为安全传输模式时,获取模块将第一目标数据进行加密;当获取模块读取到用户设置的使用模式为普通传输模式时,获取模块将不对第一目标数据进行处理,直接将第一目标数据发送给收发模块。In the embodiment of the present invention, when the acquiring module acquires the first target data, the acquiring module may read the preset usage mode of the terminal, and determine whether the first target data needs to be encrypted. The terminal can provide a setting page for the user to select and set the usage mode. The usage mode includes a secure transmission mode and a normal transmission mode, and the terminal can provide a corresponding display interface according to the usage mode selected by the user on the setting page, and the obtaining module is also based on The user selects the usage mode of the setting on the setting page, and performs corresponding processing. When the acquiring module reads that the usage mode set by the user is the secure transmission mode, the acquiring module encrypts the first target data; when the acquiring module reads that the usage mode set by the user is the normal transmission mode, the acquiring module is not correct. The target data is processed, and the first target data is directly sent to the transceiver module.
在本发明实施例中,当获取模块需对第一目标数据进行加密时,获取模块了调用相应的第一加密规则对第一目标数据进行加密处理。终端可预置获取模块的第一加密规则,其中,第一加密规则可包括密钥、加密算法、加密算法类型等。当获取模块需将第一目标数据进行加密时,获取模块可以根据预置的第一加密规则对第一目标数据进行加密,生成第一加密目标数据,如采用预置的CP_DECODE_SI加密算法进行加密;或者,获取模块可以获取第一目标数据的重要等级,根据重要等级获取相应的第一加密规则,从而根据第一加密规则对第一目标数据进行加密,生成第一加密目标数据,其中,获取模块可以根据第二目标数据判断重要等级,终端可预置重要等级与第二加密规则的对应关系;或者,终端可提供设置页面由用户进行选择第一加密规则,从而获取模块根据用户选择的第一加密规则对第一目标数据进行加密,生成第一加密目标数据,并将第一加密目标数据发送给收发模块。其中,收发模块可以是终端的Modem,其中,Modem负责终端的网络通信。终端打电话、上网和发短信等,其过程均是由上层系统将指令发送给Modem处理执行,Modem完成处理后就会在终端和接收端建立一条网络通道。获取模块可将话音、短信或上网数据包发送给Modem,Modem可将该数据通过网络通道向接收端发送。从而使得即 使终端存在第三方应用程序对获取模块发送的数据进行监听,其监听到的数据为加密后的数据,从而提高了数据的安全性。In the embodiment of the present invention, when the acquiring module needs to encrypt the first target data, the acquiring module calls the corresponding first encryption rule to perform encryption processing on the first target data. The terminal may preset a first encryption rule of the acquiring module, where the first encryption rule may include a key, an encryption algorithm, an encryption algorithm type, and the like. When the acquiring module needs to encrypt the first target data, the acquiring module may encrypt the first target data according to the preset first encryption rule to generate the first encrypted target data, and perform encryption by using a preset CP_DECODE_SI encryption algorithm; Alternatively, the acquiring module may acquire an important level of the first target data, obtain a corresponding first encryption rule according to the important level, and then encrypt the first target data according to the first encryption rule to generate the first encrypted target data, where the acquiring module The priority level may be determined according to the second target data, and the terminal may preset the correspondence between the important level and the second encryption rule; or the terminal may provide the setting page by the user to select the first encryption rule, so that the acquiring module selects the first according to the user. The encryption rule encrypts the first target data, generates the first encryption target data, and transmits the first encryption target data to the transceiver module. The transceiver module may be a modem of the terminal, where the Modem is responsible for network communication of the terminal. The terminal calls, accesses the Internet, and sends text messages. The process is sent by the upper system to the Modem for processing. After the Modem completes processing, a network channel is established between the terminal and the receiving end. The obtaining module can send voice, short message or internet data packets to the modem, and the modem can send the data to the receiving end through the network channel. Thus making The third-party application of the terminal monitors the data sent by the acquisition module, and the data monitored by the terminal is encrypted data, thereby improving data security.
进一步的,在本发明实施例中,当获取模块获取到第一加密规则对第一目标数据进行加密后,获取模块还可获取第一加密规则对应的第一加密标识符,并将第一加密标识符添加至第一加密目标数据中,其中,第一加密标识符用于标识第一加密规则。Further, in the embodiment of the present invention, after the obtaining module obtains the first encryption rule to encrypt the first target data, the obtaining module may further acquire the first encrypted identifier corresponding to the first encryption rule, and obtain the first encryption. The identifier is added to the first encryption target data, wherein the first encryption identifier is used to identify the first encryption rule.
S101,所述收发模块接收所述获取模块发送的所述第一加密目标数据,并对所述第一加密目标数据进行传输处理,以使与所述收发模块连接的接收端获得所述第一目标数据。S101. The transceiver module receives the first encryption target data sent by the acquiring module, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first Target data.
在本发明实施例中,接收端可以是手机、平板电脑和基站等接收端,其中,接收端可与终端建立蓝牙连接、WIFI(Wireless Fidelity,无线保真技术)连接和NFC(Near Field Communication,近距离无线通信)通信连接等通信连接,其中,接收端可与终端的收发模块建立通信连接。当收发模块接收到第一加密目标数据后,收发模块可直接将第一加密目标数据通过通信网络转发给接收端,以使接收端可对第一加密目标数据进行解密,获得第一目标数据,从而根据第一目标数据进行处理。In the embodiment of the present invention, the receiving end may be a receiving end such as a mobile phone, a tablet computer, and a base station, wherein the receiving end may establish a Bluetooth connection, a WIFI (Wireless Fidelity) connection, and a NFC (Near Field Communication). Short-range wireless communication) A communication connection such as a communication connection, wherein the receiving end can establish a communication connection with the transceiver module of the terminal. After the transceiver module receives the first encryption target data, the transceiver module can directly forward the first encryption target data to the receiving end through the communication network, so that the receiving end can decrypt the first encrypted target data to obtain the first target data. Thereby processing is performed according to the first target data.
进一步的,当收发模块接收到第一加密目标数据后,收发模块可对第一加密目标数据进行解密,获得第一目标数据,从而将第一目标数据通过通信网络发送给接收端,以使接收端根据第一目标数据进行处理。Further, after the transceiver module receives the first encryption target data, the transceiver module may decrypt the first encryption target data to obtain the first target data, so that the first target data is sent to the receiving end through the communication network, so as to receive The terminal processes according to the first target data.
其中,收发模块对第一加密目标数据进行解密可以是:收发模块根据预置的第一解密规则对第一加密目标数据进行解密,获得第一目标数据,如采用预置的CP_DECODE_SI解密算法进行加密。进一步的,还可以是,收发模块解析第一加密目标数据,获得第一加密标识符,收发模块根据该第一加密标识符获得相应的第一解密规则,如第一加密标识符标识CP_DECODE_SI加密算法,收发模块可根据CP_DECODE_SI加密算法查找对应的CP_DECODE_SI解密算法。从而收发模块根据获得的第一解密规则对所述第一加密目标数据进行解密,获得所述第一目标数据。The transceiver module decrypts the first encryption target data, the transceiver module decrypts the first encryption target data according to the preset first decryption rule, and obtains the first target data, such as using a preset CP_DECODE_SI decryption algorithm for encryption. . Further, the transceiver module parses the first encryption target data to obtain a first encryption identifier, and the transceiver module obtains a corresponding first decryption rule according to the first encryption identifier, such as the first encryption identifier identifier CP_DECODE_SI encryption algorithm. The transceiver module can find the corresponding CP_DECODE_SI decryption algorithm according to the CP_DECODE_SI encryption algorithm. The transceiver module decrypts the first encryption target data according to the obtained first decryption rule to obtain the first target data.
在本发明实施例中,当获取模块获取到待发送的第一目标数据时,获取模块对第一目标数据进行加密,生成第一加密目标数据,并将第一加密目标数据发送给收发模块,收发模块接收第一加密目标数据,并对第一加密目标数据进 行传输处理,以使与所收发模块连接的接收端获得所述第一目标数据,这使得终端可对内部传输的数据进行加密,从而避免数据被监听窃取,提高数据的安全性。In the embodiment of the present invention, when the acquiring module acquires the first target data to be sent, the acquiring module encrypts the first target data, generates the first encrypted target data, and sends the first encrypted target data to the transceiver module. The transceiver module receives the first encrypted target data and enters the first encrypted target data The line transmission process is such that the receiving end connected to the transceiver module obtains the first target data, which enables the terminal to encrypt the internally transmitted data, thereby preventing the data from being intercepted and intercepted, thereby improving data security.
请参见图2,为本发明一种数据传输的方法的第二实施例流程示意图。如图2所示,本实施例所述的一种数据传输的方法包括步骤:2 is a schematic flowchart of a second embodiment of a method for data transmission according to the present invention. As shown in FIG. 2, a method for data transmission according to this embodiment includes the following steps:
S200,当所述收发模块接收到与所述收发模块连接的发送端发送的第二目标数据时,所述收发模块对所述第二目标数据进行加密,生成第二加密目标数据,并将所述第二加密目标数据发送给所述获取模块。S200, when the transceiver module receives the second target data sent by the sending end connected to the transceiver module, the transceiver module encrypts the second target data to generate a second encrypted target data, and The second encryption target data is sent to the acquisition module.
在本发明实施例中,发送端可以是与终端建立通信连接的发送端,发送端可以是手机、平板电脑和基站等发送端。其中,发送端可与终端建立通信连接,其中,通信连接可以是蓝牙通信连接、WIFI通信连接和NFC通信连接等网络通信连接,具体的,发送端可以与终端的收发模块建立通信连接。当发送端向终端发送第二目标数据时,终端的收发模块接收到第二目标数据,如当基站向终端发送短信时,终端的收发模块将通过空口接收来自基站发送的短信。其中,第二目标数据可以包括基站向终端发送的短信、彩信、控制信息和数据业务信息(电子邮件)等基站可以向终端发送的数据。In the embodiment of the present invention, the sending end may be a sending end that establishes a communication connection with the terminal, and the sending end may be a transmitting end such as a mobile phone, a tablet computer, and a base station. The sending end can establish a communication connection with the terminal, wherein the communication connection can be a network communication connection such as a Bluetooth communication connection, a WIFI communication connection, and an NFC communication connection. Specifically, the sending end can establish a communication connection with the transceiver module of the terminal. When the sending end sends the second target data to the terminal, the transceiver module of the terminal receives the second target data. For example, when the base station sends a short message to the terminal, the transceiver module of the terminal receives the short message sent by the base station through the air interface. The second target data may include data that the base station can send to the terminal, such as a short message, a multimedia message, control information, and data service information (email) sent by the base station to the terminal.
在本发明实施例中,当收发模块获取到第二目标数据时,收发模块可以读取终端预设的使用模式,判断是否需对第二目标数据进行加密处理。其中,终端可提供设置页面供用户进行选择设置使用模式,使用模式包括安全传输模式和普通传输模式,终端可根据用户在设置页面选择设置的使用模式,提供相应的显示界面,并且收发模块也根据用户在设置页面选择设置的使用模式,而进行相应的处理。当收发模块读取到用户设置的使用模式为安全传输模式时,收发模块将第二目标数据进行加密;当收发模块读取到用户设置的使用模式为普通传输模式时,收发模块将不对第二目标数据进行处理,直接将第二目标数据发送给获取模块。In the embodiment of the present invention, when the transceiver module acquires the second target data, the transceiver module can read the preset usage mode of the terminal, and determine whether the second target data needs to be encrypted. The terminal can provide a setting page for the user to select and set the usage mode. The usage mode includes a secure transmission mode and a normal transmission mode, and the terminal can provide a corresponding display interface according to the usage mode selected by the user on the setting page, and the transceiver module is also based on The user selects the usage mode of the setting on the setting page, and performs corresponding processing. When the transceiver module reads that the usage mode set by the user is the secure transmission mode, the transceiver module encrypts the second target data; when the transceiver module reads that the usage mode set by the user is the normal transmission mode, the transceiver module will not be the second. The target data is processed, and the second target data is directly sent to the acquisition module.
在本发明实施例中,当收发模块需对第二目标数据进行加密时,收发模块了调用相应的第二加密规则对第二目标数据进行加密处理。其中,终端可预置收发模块的第二加密规则,其中,第二加密规则可包括密钥、加密算法、加密算法类型等。收发模块可以根据预置的第二加密规则对第二目标数据进行加密,生成第二加密目标数据,如收发模块采用预置的CP_DECODE_SI加密算 法进行加密;或者,收发模块可以获取第二目标数据的重要等级,根据重要等级获取相应的第二加密规则,从而根据第二加密规则对第二目标数据进行加密,生成第二加密目标数据,其中,第二目标数据可携带重要等级,终端可预置重要等级与第二加密规则的对应关系;或者,终端可以设置页面由用户进行选择加密规则,从而收发模块根据用户选择的第二加密规则对第二目标数据进行加密,生成第二加密目标数据,并将第二加密目标数据发送给获取模块。In the embodiment of the present invention, when the transceiver module needs to encrypt the second target data, the transceiver module invokes the corresponding second encryption rule to perform encryption processing on the second target data. The terminal may preset a second encryption rule of the transceiver module, where the second encryption rule may include a key, an encryption algorithm, an encryption algorithm type, and the like. The transceiver module may encrypt the second target data according to the preset second encryption rule to generate the second encrypted target data, for example, the transceiver module adopts a preset CP_DECODE_SI encryption calculation. The method performs encryption; or the transceiver module can acquire an important level of the second target data, obtain a corresponding second encryption rule according to the important level, and then encrypt the second target data according to the second encryption rule to generate the second encrypted target data. The second target data may carry an important level, and the terminal may preset a correspondence between the important level and the second encryption rule; or the terminal may set the page to be selected by the user to select an encryption rule, so that the transceiver module selects the second encryption rule according to the user selection. The second target data is encrypted, the second encrypted target data is generated, and the second encrypted target data is sent to the acquisition module.
进一步的,在本发明实施例中,当收发模块获取到第二加密规则对第二目标数据进行加密后,获取模块还可获取第二加密规则对应的第二加密标识符,并将第二加密标识符添加至第二加密目标数据中,其中,第二加密标识符用于标识第二加密规则。Further, in the embodiment of the present invention, after the transceiver module obtains the second encryption rule to encrypt the second target data, the obtaining module may further acquire the second encryption identifier corresponding to the second encryption rule, and encrypt the second encryption The identifier is added to the second encryption target data, wherein the second encryption identifier is used to identify the second encryption rule.
S201,所述获取模块接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据。S201. The acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data to obtain the second target data.
在本发明实施例中,在获取模块接收收发模块发送的第二加密目标数据之前,终端还可检验获取模块是否合法。其中,可以是终端的检验模块检验获取模块是否合法。具体的,当接收到第二加密目标数据的获取模块是应用程序时,检验模块判断该应用程序是否包含检验模块所信任的安全信息,如认证证书。当应用程序包含检验模块所信任的安全信息时,检验模块可确认应用程序合法。当检验模块判断获取模块合法时,检验模块可允许获取模块调用第二加密规则对第二加密目标数据进行解密,如提供API(Application Programming Interface,应用程序编程接口)给已经授权的应用程序进行解密;当检验模块判断获取模块不合法时,检验模块将不允许获取模块对第二加密目标数据进行解密,从而有效提高数据的安全性。In the embodiment of the present invention, before the obtaining module receives the second encrypted target data sent by the transceiver module, the terminal may also check whether the acquiring module is legal. Wherein, the verification module of the terminal may check whether the acquisition module is legal. Specifically, when the acquiring module that receives the second encrypted target data is an application, the verification module determines whether the application includes security information trusted by the verification module, such as an authentication certificate. When the application contains security information that the verification module trusts, the verification module can confirm that the application is legitimate. When the verification module determines that the acquisition module is legal, the verification module may allow the acquisition module to call the second encryption rule to decrypt the second encryption target data, such as providing an API (Application Programming Interface) to decrypt the authorized application. When the verification module determines that the acquisition module is illegal, the verification module will not allow the acquisition module to decrypt the second encryption target data, thereby effectively improving data security.
在本发明实施例中,当检验模块允许获取模块调用第二加密规则对第二加密目标数据进行解密时,获取模块可以根据预置的第二解密规则对第二加密目标数据进行解密,获得第二目标数据,如采用预置的CP_DECODE_SI解密算法进行加密。进一步的,还可以是,获取模块解析第二加密目标数据,获得第二加密标识符,获取模块根据第二加密标识符获得相应的第二解密规则,如第二加密标识符标识CP_DECODE_SI加密算法,获取模块可根据CP_DECODE_SI加密算法查找对应的CP_DECODE_SI解密算法。从而获取模块调用第二解密规则对第二加密目标数据进行解密,获得第二目标数据。 In the embodiment of the present invention, when the verification module allows the acquisition module to call the second encryption rule to decrypt the second encryption target data, the obtaining module may decrypt the second encryption target data according to the preset second decryption rule, and obtain the first The second target data is encrypted by using a preset CP_DECODE_SI decryption algorithm. Further, the acquiring module parses the second encrypted target data to obtain a second encrypted identifier, and the obtaining module obtains a corresponding second decrypting rule according to the second encrypted identifier, such as the second encrypted identifier identifying the CP_DECODE_SI encryption algorithm. The obtaining module can find the corresponding CP_DECODE_SI decryption algorithm according to the CP_DECODE_SI encryption algorithm. Thereby, the acquiring module calls the second decryption rule to decrypt the second encrypted target data to obtain the second target data.
S202,所述获取模块处理所述第二目标数据。S202. The acquiring module processes the second target data.
当获取模块获取到第二目标数据后,获取模块可根据本身的功能以及第二目标数据的属性进行相应的处理。例如:当获取模块是短信应用程序,第二目标数据是短信时,短信应用程序将短信显示在用户界面上,以使用户阅读短信;当获取模块是设置应用程序,第二目标数据是设置参数时,设置应用程序将根据设置参数修改自身的参数。After the acquiring module obtains the second target data, the acquiring module may perform corresponding processing according to the function of the second component and the attribute of the second target data. For example, when the acquisition module is a short message application and the second target data is a short message, the short message application displays the short message on the user interface to enable the user to read the short message; when the acquisition module is setting the application, the second target data is setting parameters. The setup application will modify its own parameters based on the setup parameters.
在本发明实施例中,当所述收发模块接收到与所述收发模块连接的发送端发送的第二目标数据时,所述收发模块对所述第二目标数据进行加密,生成第二加密目标数据,并将所述第二加密目标数据发送给所述获取模块,所述获取模块接收所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据,所述获取模块处理所述第二目标数据,这使得终端可对内部传输的数据进行加密,从而避免数据被监听窃取,提高数据的安全性。In the embodiment of the present invention, when the transceiver module receives the second target data sent by the sending end connected to the transceiver module, the transceiver module encrypts the second target data to generate a second encrypted target. Data, and the second encryption target data is sent to the acquisition module, the acquisition module receives the second encryption target data, decrypts the second encryption target data, and obtains the second target data. The acquiring module processes the second target data, which enables the terminal to encrypt the internally transmitted data, thereby preventing the data from being intercepted and intercepted, and improving the security of the data.
参见图3,是本发明实施例的一种终端的第一实施例结构示意图。本实施例中所描述的终端,包括:FIG. 3 is a schematic structural diagram of a first embodiment of a terminal according to an embodiment of the present invention. The terminal described in this embodiment includes:
获取模块100,用于当获取到待发送的第一目标数据时,对所述第一目标数据进行加密,生成第一加密目标数据,并将所述第一加密目标数据发送给收发模块。The obtaining module 100 is configured to: when acquiring the first target data to be sent, encrypt the first target data, generate first encrypted target data, and send the first encrypted target data to the transceiver module.
收发模块200,用于接收所述获取模块发送的所述第一加密目标数据,并对所述第一加密目标数据进行传输处理,以使与所述收发模块连接的接收端获得所述第一目标数据。The transceiver module 200 is configured to receive the first encryption target data sent by the acquiring module, and perform transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first Target data.
在本发明实施例中,获取模块100可以是终端中获取终端的待发送数据的模块,其中,终端需将待发送数据送给与终端建立网络通信连接的接收端。在具体应用中,获取模块100可以是终端的应用层,应用层可包括终端提供应用服务的应用程序,如:短信应用程序、互联网应用程序和电子邮件应用程序等。进一步的,获取模块100还可以是终端的会话层,会话层可包括终端提供会话的应用程序,如:通话应用程序。进一步的,由于待发送数据需通过终端的基带处理器(Modem)来进行网络交互,获取模块100还可以是其他与Modem进行交互的模块,在此不再赘述。In the embodiment of the present invention, the acquiring module 100 may be a module for acquiring data to be sent by the terminal, where the terminal needs to send the data to be sent to the receiving end that establishes a network communication connection with the terminal. In a specific application, the obtaining module 100 may be an application layer of the terminal, and the application layer may include an application that provides an application service by the terminal, such as a short message application, an internet application, and an email application. Further, the obtaining module 100 may also be a session layer of the terminal, and the session layer may include an application for providing a session by the terminal, such as a call application. Further, the data to be sent needs to be communicated through the baseband processor (Modem) of the terminal, and the acquiring module 100 may be another module that interacts with the modem, and details are not described herein.
在本发明实施例中,第一目标数据可以包括短信、彩信、控制信息和数据业务信息(电子邮件、上网浏览记录)等可以向接收端发送的数据。获取模块 100获取第一目标数据具体可以是:当用户通过短信应用程序输入需要进行发送的短信时,应用层的短信应用程序将获取该短信;当用户通过浏览器输入网址进行浏览网页时,浏览器可获取该网址。In the embodiment of the present invention, the first target data may include data that can be sent to the receiving end, such as a short message, a multimedia message, control information, and data service information (email, Internet browsing record). Acquisition module The obtaining the first target data may be: when the user inputs the short message to be sent through the short message application, the short message application of the application layer acquires the short message; when the user enters the web address through the browser to browse the webpage, the browser may Get the URL.
在本发明实施例中,当获取模块100获取到第一目标数据时,获取模块100可以读取终端预设的使用模式,判断是否需对第一目标数据进行加密处理。其中,终端可提供设置页面供用户进行选择设置使用模式,使用模式包括安全传输模式和普通传输模式,终端可根据用户在设置页面选择设置的使用模式,提供相应的显示界面,并且获取模块100也根据用户在设置页面选择设置的使用模式,而进行相应的处理。当获取模块100读取到用户设置的使用模式为安全传输模式时,获取模块100将第一目标数据进行加密;当获取模块100读取到用户设置的使用模式为普通传输模式时,获取模块100将不对第一目标数据进行处理,直接将第一目标数据发送给收发模块。In the embodiment of the present invention, when the acquiring module 100 acquires the first target data, the obtaining module 100 may read the usage mode preset by the terminal, and determine whether the first target data needs to be encrypted. The terminal can provide a setting page for the user to select and use the usage mode. The usage mode includes a secure transmission mode and a normal transmission mode, and the terminal can provide a corresponding display interface according to the usage mode selected by the user on the setting page, and the obtaining module 100 also The corresponding processing is performed according to the usage mode in which the user selects the setting on the setting page. When the acquisition module 100 reads that the usage mode set by the user is the secure transmission mode, the acquisition module 100 encrypts the first target data; when the acquisition module 100 reads that the usage mode set by the user is the normal transmission mode, the acquisition module 100 The first target data will not be processed, and the first target data is directly sent to the transceiver module.
在本发明实施例中,当获取模块100需对第一目标数据进行加密时,获取模块100了调用相应的第一加密规则对第一目标数据进行加密处理。终端可预置获取模块100的第一加密规则,其中,第一加密规则可包括密钥、加密算法、加密算法类型等。当获取模块100需将第一目标数据进行加密时,获取模块100可以根据预置的第一加密规则对第一目标数据进行加密,生成第一加密目标数据,如采用预置的CP_DECODE_SI加密算法进行加密;或者,获取模块100可以获取第一目标数据的重要等级,根据重要等级获取相应的第一加密规则,从而根据第一加密规则对第一目标数据进行加密,生成第一加密目标数据,其中,获取模块100可以根据第二目标数据判断重要等级,终端可预置重要等级与第二加密规则的对应关系;或者,终端可提供设置页面由用户进行选择第一加密规则,从而获取模块100根据用户选择的第一加密规则对第一目标数据进行加密,生成第一加密目标数据,并将第一加密目标数据发送给收发模块。其中,收发模块可以是终端的Modem,其中,Modem负责终端的网络通信。终端打电话、上网和发短信等,其过程均是由上层系统将指令发送给Modem处理执行,Modem完成处理后就会在终端和接收端建立一条网络通道。获取模块100可将话音、短信或上网数据包发送给Modem,Modem可将该数据通过网络通道向接收端发送。从而使得即使终端存在第三方应用程序对获取模块100发送的数据进行监听,其监听到的数据为加密后的数据,从而提高了数据 的安全性。In the embodiment of the present invention, when the acquiring module 100 needs to encrypt the first target data, the obtaining module 100 invokes the corresponding first encryption rule to perform encryption processing on the first target data. The terminal may preset the first encryption rule of the obtaining module 100, where the first encryption rule may include a key, an encryption algorithm, an encryption algorithm type, and the like. When the acquiring module 100 needs to encrypt the first target data, the obtaining module 100 may encrypt the first target data according to the preset first encryption rule to generate the first encrypted target data, such as using a preset CP_DECODE_SI encryption algorithm. Encryption; or, the obtaining module 100 may acquire an important level of the first target data, obtain a corresponding first encryption rule according to the important level, and then encrypt the first target data according to the first encryption rule to generate the first encrypted target data, where The obtaining module 100 may determine the importance level according to the second target data, and the terminal may preset the correspondence between the important level and the second encryption rule; or the terminal may provide the setting page by the user to select the first encryption rule, so that the obtaining module 100 is configured according to The first encryption rule selected by the user encrypts the first target data, generates the first encryption target data, and sends the first encryption target data to the transceiver module. The transceiver module may be a modem of the terminal, where the Modem is responsible for network communication of the terminal. The terminal calls, accesses the Internet, and sends text messages. The process is sent by the upper system to the Modem for processing. After the Modem completes processing, a network channel is established between the terminal and the receiving end. The obtaining module 100 can send the voice, short message or Internet data packet to the Modem, and the Modem can send the data to the receiving end through the network channel. Therefore, even if the third-party application monitors the data sent by the obtaining module 100, the data monitored by the terminal is the encrypted data, thereby improving the data. Security.
进一步的,在本发明实施例中,当获取模块100获取到第一加密规则对第一目标数据进行加密后,获取模块100还可获取第一加密规则对应的第一加密标识符,并将第一加密标识符添加至第一加密目标数据中,其中,第一加密标识符用于标识第一加密规则。Further, in the embodiment of the present invention, after the obtaining module 100 obtains the first encryption rule to encrypt the first target data, the obtaining module 100 may further acquire the first encrypted identifier corresponding to the first encryption rule, and An encryption identifier is added to the first encryption target data, wherein the first encryption identifier is used to identify the first encryption rule.
在本发明实施例中,接收端可以是手机、平板电脑和基站等接收端,其中,接收端可与终端建立蓝牙连接、WIFI(Wireless Fidelity,无线保真技术)连接等通信连接,其中,接收端可与终端的收发模块200建立通信连接。当收发模块200接收到第一加密目标数据后,收发模块200可直接将第一加密目标数据通过通信网络转发给接收端,以使接收端可对第一加密目标数据进行解密,获得第一目标数据,从而根据第一目标数据进行处理。In the embodiment of the present invention, the receiving end may be a receiving end such as a mobile phone, a tablet computer, and a base station, wherein the receiving end may establish a Bluetooth connection, a WIFI (Wireless Fidelity) connection, and the like with the terminal, where The terminal can establish a communication connection with the transceiver module 200 of the terminal. After receiving the first encryption target data, the transceiver module 200 can directly forward the first encryption target data to the receiving end through the communication network, so that the receiving end can decrypt the first encrypted target data to obtain the first target. The data is processed according to the first target data.
进一步的,当收发模块200接收到第一加密目标数据后,收发模块200可对第一加密目标数据进行解密,获得第一目标数据,从而将第一目标数据通过通信网络发送给接收端,以使接收端根据第一目标数据进行处理。Further, after the transceiver module 200 receives the first encryption target data, the transceiver module 200 may decrypt the first encryption target data to obtain the first target data, thereby transmitting the first target data to the receiving end through the communication network, to The receiving end is processed according to the first target data.
其中,收发模块200对第一加密目标数据进行解密可以是:收发模块200根据预置的第一解密规则对第一加密目标数据进行解密,获得第一目标数据,如采用预置的CP_DECODE_SI解密算法进行加密。进一步的,还可以是,收发模块200解析第一加密目标数据,获得第一加密标识符,收发模块200根据该第一加密标识符获得相应的第一解密规则,如第一加密标识符标识CP_DECODE_SI加密算法,收发模块200可根据CP_DECODE_SI加密算法查找对应的CP_DECODE_SI解密算法。从而收发模块200根据获得的第一解密规则对所述第一加密目标数据进行解密,获得所述第一目标数据。The transceiver module 200 decrypts the first encryption target data, the transceiver module 200 decrypts the first encryption target data according to the preset first decryption rule, and obtains the first target data, such as adopting a preset CP_DECODE_SI decryption algorithm. Encrypt. Further, the transceiver module 200 parses the first encryption target data to obtain a first encryption identifier, and the transceiver module 200 obtains a corresponding first decryption rule according to the first encryption identifier, such as the first encryption identifier identifier CP_DECODE_SI. The encryption algorithm, the transceiver module 200 can find the corresponding CP_DECODE_SI decryption algorithm according to the CP_DECODE_SI encryption algorithm. The transceiver module 200 decrypts the first encryption target data according to the obtained first decryption rule to obtain the first target data.
在本发明实施例中,当获取模块100获取到待发送的第一目标数据时,获取模块100对第一目标数据进行加密,生成第一加密目标数据,并将第一加密目标数据发送给收发模块200,收发模块200接收第一加密目标数据,并对第一加密目标数据进行传输处理,以使与所收发模块200连接的接收端获得所述第一目标数据,这使得终端可对内部传输的数据进行加密,从而避免数据被监听窃取,提高数据的安全性。In the embodiment of the present invention, when the acquiring module 100 acquires the first target data to be sent, the acquiring module 100 encrypts the first target data, generates the first encrypted target data, and sends the first encrypted target data to the transceiver. The module 200, the transceiver module 200 receives the first encryption target data, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module 200 obtains the first target data, which enables the terminal to transmit internally The data is encrypted to prevent data from being intercepted and intercepted, improving data security.
参见图4,是本发明实施例的一种终端的第一实施例结构示意图。本实施例中所描述的终端包括获取模块100和收发模块200,其中, FIG. 4 is a schematic structural diagram of a first embodiment of a terminal according to an embodiment of the present invention. The terminal described in this embodiment includes an obtaining module 100 and a transceiver module 200, where
所述收发模块200具体用于:The transceiver module 200 is specifically configured to:
当接收到与所述收发模块连接的发送端发送的第二目标数据时,对所述第二目标数据进行加密,生成第二加密目标数据,并将所述第二加密目标数据发送给所述获取模块;When receiving the second target data sent by the transmitting end connected to the transceiver module, encrypting the second target data, generating second encrypted target data, and transmitting the second encrypted target data to the Acquisition module
所述获取模块100具体用于:The obtaining module 100 is specifically configured to:
接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据;Receiving the second encryption target data sent by the transceiver module, and decrypting the second encryption target data to obtain the second target data;
处理所述第二目标数据。Processing the second target data.
其中,所述终端还包括:The terminal further includes:
验证模块300,其中, Verification module 300, wherein
所述验证模块300用于对所述获取模块进行验证,确定所述获取模块合法。The verification module 300 is configured to verify the acquisition module, and determine that the acquisition module is legal.
在本发明实施例中,发送端可以是与终端建立通信连接的发送端,发送端可以是手机、平板电脑和基站等发送端。其中,发送端可与终端建立通信连接,其中,通信连接可以是蓝牙通信连接、WIFI通信连接和NFC通信连接等网络通信连接,具体的,发送端可以与终端的收发模块200建立通信连接。当发送端向终端发送第二目标数据时,终端的收发模块200接收到第二目标数据,如当基站向终端发送短信时,终端的收发模块200将通过空口接收来自基站发送的短信。其中,第二目标数据可以包括基站向终端发送的短信、彩信、控制信息和数据业务信息(电子邮件)等基站可以向终端发送的数据。In the embodiment of the present invention, the sending end may be a sending end that establishes a communication connection with the terminal, and the sending end may be a transmitting end such as a mobile phone, a tablet computer, and a base station. The transmitting end can establish a communication connection with the terminal, wherein the communication connection can be a network communication connection such as a Bluetooth communication connection, a WIFI communication connection, and an NFC communication connection. Specifically, the sending end can establish a communication connection with the transceiver module 200 of the terminal. When the sending end sends the second target data to the terminal, the transceiver module 200 of the terminal receives the second target data. For example, when the base station sends a short message to the terminal, the transceiver module 200 of the terminal receives the short message sent by the base station through the air interface. The second target data may include data that the base station can send to the terminal, such as a short message, a multimedia message, control information, and data service information (email) sent by the base station to the terminal.
在本发明实施例中,当收发模块200获取到第二目标数据时,收发模块200可以读取终端预设的使用模式,判断是否需对第二目标数据进行加密处理。其中,终端可提供设置页面供用户进行选择设置使用模式,使用模式包括安全传输模式和普通传输模式,终端可根据用户在设置页面选择设置的使用模式,提供相应的显示界面,并且收发模块200也根据用户在设置页面选择设置的使用模式,而进行相应的处理。当收发模块200读取到用户设置的使用模式为安全传输模式时,收发模块200将第二目标数据进行加密;当收发模块200读取到用户设置的使用模式为普通传输模式时,收发模块200将不对第二目标数据进行处理,直接将第二目标数据发送给获取模块。In the embodiment of the present invention, when the transceiver module 200 acquires the second target data, the transceiver module 200 can read the preset usage mode of the terminal, and determine whether the second target data needs to be encrypted. The terminal can provide a setting page for the user to select and set the usage mode. The usage mode includes a secure transmission mode and a normal transmission mode, and the terminal can provide a corresponding display interface according to the usage mode selected by the user on the setting page, and the transceiver module 200 also The corresponding processing is performed according to the usage mode in which the user selects the setting on the setting page. When the transceiver module 200 reads that the usage mode set by the user is the secure transmission mode, the transceiver module 200 encrypts the second target data; when the transceiver module 200 reads that the usage mode set by the user is the normal transmission mode, the transceiver module 200 The second target data will not be processed, and the second target data is directly sent to the acquisition module.
在本发明实施例中,当收发模块200需对第二目标数据进行加密时,收发 模块200了调用相应的第二加密规则对第二目标数据进行加密处理。其中,终端可预置收发模块200的第二加密规则,其中,第二加密规则可包括密钥、加密算法、加密算法类型等。收发模块200可以根据预置的第二加密规则对第二目标数据进行加密,生成第二加密目标数据,如收发模块200采用预置的CP_DECODE_SI加密算法进行加密;或者,收发模块200可以获取第二目标数据的重要等级,根据重要等级获取相应的第二加密规则,从而根据第二加密规则对第二目标数据进行加密,生成第二加密目标数据,其中,第二目标数据可携带重要等级,终端可预置重要等级与第二加密规则的对应关系;或者,终端可以设置页面由用户进行选择加密规则,从而收发模块200根据用户选择的第二加密规则对第二目标数据进行加密,生成第二加密目标数据,并将第二加密目标数据发送给获取模块。In the embodiment of the present invention, when the transceiver module 200 needs to encrypt the second target data, the transceiver module 200 The module 200 invokes the corresponding second encryption rule to perform encryption processing on the second target data. The terminal may preset the second encryption rule of the transceiver module 200, where the second encryption rule may include a key, an encryption algorithm, an encryption algorithm type, and the like. The transceiver module 200 can encrypt the second target data according to the preset second encryption rule to generate the second encryption target data, for example, the transceiver module 200 encrypts by using a preset CP_DECODE_SI encryption algorithm; or the transceiver module 200 can obtain the second The important level of the target data is obtained according to the important level, and the second target data is encrypted according to the second encryption rule to generate the second encrypted target data, wherein the second target data can carry the important level, the terminal The correspondence between the importance level and the second encryption rule may be preset; or the terminal may set the page to be selected by the user to select an encryption rule, so that the transceiver module 200 encrypts the second target data according to the second encryption rule selected by the user to generate a second The target data is encrypted, and the second encrypted target data is sent to the acquisition module.
进一步的,在本发明实施例中,当收发模块200获取到第二加密规则对第二目标数据进行加密后,获取模块还可获取第二加密规则对应的第二加密标识符,并将第二加密标识符添加至第二加密目标数据中,其中,第二加密标识符用于标识第二加密规则。Further, in the embodiment of the present invention, after the transceiver module 200 obtains the second encryption rule to encrypt the second target data, the acquiring module may further acquire the second encryption identifier corresponding to the second encryption rule, and The encryption identifier is added to the second encryption target data, wherein the second encryption identifier is used to identify the second encryption rule.
在本发明实施例中,在获取模块200接收收发模块100发送的第二加密目标数据之前,终端还可检验获取模块100是否合法。其中,可以是终端的检验模块300检验获取模块100是否合法。具体的,当接收到第二加密目标数据的获取模块100是应用程序时,检验模块300判断该应用程序是否包含检验模块所信任的安全信息,如认证证书。当应用程序包含检验模块所信任的安全信息时,检验模块300可确认应用程序合法。当检验模块300判断获取模块100合法时,检验模块300可允许获取模块100调用第二加密规则对第二加密目标数据进行解密,如提供API(Application Programming Interface,应用程序编程接口)给已经授权的应用程序进行解密;当检验模块300判断获取模块100不合法时,检验模块300将不允许获取模块100对第二加密目标数据进行解密,从而有效提高数据的安全性。In the embodiment of the present invention, before the obtaining module 200 receives the second encrypted target data sent by the transceiver module 100, the terminal may also check whether the acquiring module 100 is legal. The verification module 300 of the terminal may check whether the acquisition module 100 is legal. Specifically, when the obtaining module 100 that receives the second encrypted target data is an application, the verification module 300 determines whether the application includes security information trusted by the verification module, such as an authentication certificate. When the application contains security information that the verification module trusts, the verification module 300 can confirm that the application is legitimate. When the verification module 300 determines that the acquisition module 100 is legal, the verification module 300 may allow the acquisition module 100 to call the second encryption rule to decrypt the second encryption target data, such as providing an API (Application Programming Interface) to the authorized one. The application performs decryption; when the verification module 300 determines that the acquisition module 100 is illegal, the verification module 300 will not allow the acquisition module 100 to decrypt the second encryption target data, thereby effectively improving data security.
在本发明实施例中,当检验模块300允许获取模块100调用第二加密规则对第二加密目标数据进行解密时,获取模块100可以根据预置的第二解密规则对第二加密目标数据进行解密,获得第二目标数据,如采用预置的CP_DECODE_SI解密算法进行加密。进一步的,还可以是,获取模块100解 析第二加密目标数据,获得第二加密标识符,获取模块100根据第二加密标识符获得相应的第二解密规则,如第二加密标识符标识CP_DECODE_SI加密算法,获取模块100可根据CP_DECODE_SI加密算法查找对应的CP_DECODE_SI解密算法。从而获取模块100调用第二解密规则对第二加密目标数据进行解密,获得第二目标数据。In the embodiment of the present invention, when the verification module 300 allows the acquisition module 100 to invoke the second encryption rule to decrypt the second encryption target data, the obtaining module 100 may decrypt the second encryption target data according to the preset second decryption rule. Obtaining the second target data, such as using a preset CP_DECODE_SI decryption algorithm for encryption. Further, the acquisition module 100 may also be The second encryption target data is obtained, and the second encryption identifier is obtained. The obtaining module 100 obtains a corresponding second decryption rule according to the second encryption identifier. For example, the second encryption identifier identifies the CP_DECODE_SI encryption algorithm, and the obtaining module 100 can perform the encryption algorithm according to the CP_DECODE_SI. Find the corresponding CP_DECODE_SI decryption algorithm. Thereby, the obtaining module 100 calls the second decryption rule to decrypt the second encrypted target data to obtain the second target data.
当获取模块100获取到第二目标数据后,获取模块100可根据本身的功能以及第二目标数据的属性进行相应的处理。例如:当获取模块100是短信应用程序,第二目标数据是短信时,短信应用程序将短信显示在用户界面上,以使用户阅读短信;当获取模块100是设置应用程序,第二目标数据是设置参数时,设置应用程序将根据设置参数修改自身的参数。After the obtaining module 100 acquires the second target data, the obtaining module 100 may perform corresponding processing according to the function of the second component and the attribute of the second target data. For example, when the obtaining module 100 is a short message application and the second target data is a short message, the short message application displays the short message on the user interface to enable the user to read the short message; when the obtaining module 100 is the setting application, the second target data is When setting parameters, the setup application will modify its own parameters based on the setup parameters.
在本发明实施例中,当所述收发模块200接收到与所述收发模块200连接的发送端发送的第二目标数据时,所述收发模块200对所述第二目标数据进行加密,生成第二加密目标数据,并将所述第二加密目标数据发送给所述获取模块100,所述获取模块100接收所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据,所述获取模块100处理所述第二目标数据,这使得终端可对内部传输的数据进行加密,从而避免数据被监听窃取,提高数据的安全性。In the embodiment of the present invention, when the transceiver module 200 receives the second target data sent by the sending end connected to the transceiver module 200, the transceiver module 200 encrypts the second target data to generate a second And encrypting the target data, and sending the second encrypted target data to the acquiring module 100, the acquiring module 100 receiving the second encrypted target data, and decrypting the second encrypted target data to obtain the The second target data, the obtaining module 100 processes the second target data, which enables the terminal to encrypt the internally transmitted data, thereby preventing the data from being intercepted and intercepted, and improving the security of the data.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。One of ordinary skill in the art can understand that all or part of the process of implementing the foregoing embodiments can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
以上所揭露的仅为本发明较佳实施例而已,当然不能以此来限定本发明之权利范围,因此依本发明权利要求所作的等同变化,仍属本发明所涵盖的范围。 The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited thereto, and thus equivalent changes made in the claims of the present invention are still within the scope of the present invention.

Claims (10)

  1. 一种数据传输的方法,其特征在于,所述方法包括:A method of data transmission, characterized in that the method comprises:
    当获取模块获取到待发送的第一目标数据时,所述获取模块对所述第一目标数据进行加密,生成第一加密目标数据,并将所述第一加密目标数据发送给收发模块;When the acquiring module acquires the first target data to be sent, the acquiring module encrypts the first target data, generates first encrypted target data, and sends the first encrypted target data to the transceiver module;
    所述收发模块接收所述获取模块发送的所述第一加密目标数据,并对所述第一加密目标数据进行传输处理,以使与所述收发模块连接的接收端获得所述第一目标数据。The transceiver module receives the first encryption target data sent by the acquiring module, and performs transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first target data. .
  2. 如权利要求1所述的方法,其特征在于,所述第一加密目标数据携带第一加密标识符;The method of claim 1, wherein the first encrypted target data carries a first encrypted identifier;
    所述收发模块接收所述获取模块发送的所述第一加密目标数据,并对所述第一加密目标数据进行传输处理包括:Receiving, by the transceiver module, the first encryption target data sent by the acquiring module, and performing transmission processing on the first encryption target data includes:
    所述收发模块将所述第一加密目标数据发送给所述接收端,或者,The transceiver module sends the first encryption target data to the receiving end, or
    所述收发模块解析所述第一加密目标数据获得所述第一加密标识符;The transceiver module parses the first encryption target data to obtain the first encryption identifier;
    所述收发模块根据所述第一加密标识符获取所述第一加密标识符所对应的第一解密规则;The transceiver module acquires a first decryption rule corresponding to the first encryption identifier according to the first encryption identifier;
    所述收发模块根据所述第一解密规则对所述第一加密目标数据进行解密,获得所述第一目标数据。The transceiver module decrypts the first encryption target data according to the first decryption rule to obtain the first target data.
  3. 如权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 wherein the method further comprises:
    当所述收发模块接收到与所述收发模块连接的发送端发送的第二目标数据时,所述收发模块对所述第二目标数据进行加密,生成第二加密目标数据,并将所述第二加密目标数据发送给所述获取模块;When the transceiver module receives the second target data sent by the sending end connected to the transceiver module, the transceiver module encrypts the second target data to generate second encrypted target data, and the Sending the encrypted target data to the acquiring module;
    所述获取模块接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据;The acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data to obtain the second target data;
    所述获取模块处理所述第二目标数据。The acquisition module processes the second target data.
  4. 如权利要求3所述的方法,其特征在于,所述第二加密目标数据携带 第二加密标识符;The method of claim 3 wherein said second encrypted target data is carried Second encrypted identifier;
    所述获取模块接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据包括:The acquiring module receives the second encryption target data sent by the transceiver module, and decrypts the second encryption target data, and obtaining the second target data includes:
    所述获取模块根据所述第二加密标识符获取所述第二加密标识符对应的第二解密规则;Obtaining, by the acquiring module, the second decryption rule corresponding to the second encrypted identifier according to the second encrypted identifier;
    所述获取模块根据所述第二解密规则对所述第二加密目标数据进行解密,获得所述第二目标数据。The obtaining module decrypts the second encryption target data according to the second decryption rule to obtain the second target data.
  5. 如权利要求4所述的方法,其特征在于,所述获取模块接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据之前包括:The method of claim 4, wherein the obtaining module receives the second encrypted target data sent by the transceiver module, decrypts the second encrypted target data, and obtains the second target data. Previously included:
    验证模块对所述获取模块进行验证,确定所述获取模块合法。The verification module verifies the acquisition module, and determines that the acquisition module is legal.
  6. 一种终端,其特征在于,所述终端包括获取模块和与所述获取模块连接的收发模块,其中,A terminal, comprising: an obtaining module and a transceiver module connected to the acquiring module, wherein
    所述获取模块,用于当获取到待发送的第一目标数据时,对所述第一目标数据进行加密,生成第一加密目标数据,并将所述第一加密目标数据发送给收发模块;The acquiring module is configured to: when the first target data to be sent is acquired, encrypt the first target data, generate first encrypted target data, and send the first encrypted target data to the transceiver module;
    所述收发模块,用于接收所述获取模块发送的所述第一加密目标数据,并对所述第一加密目标数据进行传输处理,以使与所述收发模块连接的接收端获得所述第一目标数据。The transceiver module is configured to receive the first encryption target data sent by the acquiring module, and perform transmission processing on the first encryption target data, so that the receiving end connected to the transceiver module obtains the first A target data.
  7. 如权利要求6所述的终端,其特征在于,所述第一加密目标数据携带第一加密标识符;The terminal according to claim 6, wherein the first encryption target data carries a first encryption identifier;
    所述收发模块具体用于:The transceiver module is specifically configured to:
    将所述第一加密目标数据发送给所述接收端,或者,Transmitting the first encryption target data to the receiving end, or
    解析所述第一加密目标数据获得所述第一加密标识符;Parsing the first encryption target data to obtain the first encryption identifier;
    根据所述第一加密标识符获取所述第一加密标识符所对应的第一解密规则;Obtaining, according to the first encryption identifier, a first decryption rule corresponding to the first encryption identifier;
    根据所述第一解密规则对所述第一加密目标数据进行解密,获得所述第一 目标数据。Decrypting the first encryption target data according to the first decryption rule to obtain the first Target data.
  8. 如权利要求6所述的终端,其特征在于,The terminal of claim 6 wherein:
    所述收发模块具体用于:The transceiver module is specifically configured to:
    当接收到与所述收发模块连接的发送端发送的第二目标数据时,对所述第二目标数据进行加密,生成第二加密目标数据,并将所述第二加密目标数据发送给所述获取模块;When receiving the second target data sent by the transmitting end connected to the transceiver module, encrypting the second target data, generating second encrypted target data, and transmitting the second encrypted target data to the Acquisition module
    所述获取模块具体用于:The obtaining module is specifically configured to:
    接收所述收发模块发送的所述第二加密目标数据,对所述第二加密目标数据进行解密,获得所述第二目标数据;Receiving the second encryption target data sent by the transceiver module, and decrypting the second encryption target data to obtain the second target data;
    处理所述第二目标数据。Processing the second target data.
  9. 如权利要求8所述的终端,其特征在于,所述第二加密目标数据携带第二加密标识符;The terminal according to claim 8, wherein the second encrypted target data carries a second encrypted identifier;
    所述获取模块具体用于:The obtaining module is specifically configured to:
    根据所述第二加密标识符获取所述第二加密标识符对应的第二解密规则;Obtaining, according to the second encryption identifier, a second decryption rule corresponding to the second encryption identifier;
    根据所述第二解密规则对所述第二加密目标数据进行解密,获得所述第二目标数据。Decrypting the second encryption target data according to the second decryption rule to obtain the second target data.
  10. 如权利要求9所述的终端,其特征在于,所述终端还包括验证模块,其中,The terminal according to claim 9, wherein the terminal further comprises a verification module, wherein
    所述验证模块用于对所述获取模块进行验证,确定所述获取模块合法。 The verification module is configured to verify the acquisition module, and determine that the acquisition module is legal.
PCT/CN2015/080322 2015-05-22 2015-05-29 Data transmission method and terminal WO2016187892A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510267013.X 2015-05-22
CN201510267013.XA CN105577631B (en) 2015-05-22 2015-05-22 data transmission method and terminal

Publications (1)

Publication Number Publication Date
WO2016187892A1 true WO2016187892A1 (en) 2016-12-01

Family

ID=55887293

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/080322 WO2016187892A1 (en) 2015-05-22 2015-05-29 Data transmission method and terminal

Country Status (2)

Country Link
CN (1) CN105577631B (en)
WO (1) WO2016187892A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115776413A (en) * 2023-02-09 2023-03-10 航天宏图信息技术股份有限公司 Data transmission method and system based on iris encryption

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587557B (en) 2019-01-11 2022-03-08 京东方科技集团股份有限公司 Data transmission method and device and display device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064595A (en) * 2006-04-27 2007-10-31 联想(北京)有限公司 Computer network safe input authentication system and method
CN101236591A (en) * 2007-01-31 2008-08-06 联想(北京)有限公司 Method, terminal and safe chip for guaranteeing critical data safety
CN102790676A (en) * 2012-03-20 2012-11-21 黄志军 Remote identity identification or security method utilizing mobile phone with near field communication (NFC) function
CN103974243A (en) * 2014-05-16 2014-08-06 天地融科技股份有限公司 Data processing system of voice communication
CN103986711A (en) * 2014-05-16 2014-08-13 天地融科技股份有限公司 Data processing method for voice communication

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100446018C (en) * 2006-07-11 2008-12-24 北京飞天诚信科技有限公司 Secure information storage method and information security apparatus thereof
CN102495983B (en) * 2011-12-08 2014-08-27 孙紫阳 Method for encrypting and decrypting data of intelligent mobile terminal in real time
CN104244237B (en) * 2014-09-12 2019-03-22 宇龙计算机通信科技(深圳)有限公司 Data sending, receiving method and reception send terminal and data transmitter-receiver set

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064595A (en) * 2006-04-27 2007-10-31 联想(北京)有限公司 Computer network safe input authentication system and method
CN101236591A (en) * 2007-01-31 2008-08-06 联想(北京)有限公司 Method, terminal and safe chip for guaranteeing critical data safety
CN102790676A (en) * 2012-03-20 2012-11-21 黄志军 Remote identity identification or security method utilizing mobile phone with near field communication (NFC) function
CN103974243A (en) * 2014-05-16 2014-08-06 天地融科技股份有限公司 Data processing system of voice communication
CN103986711A (en) * 2014-05-16 2014-08-13 天地融科技股份有限公司 Data processing method for voice communication

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115776413A (en) * 2023-02-09 2023-03-10 航天宏图信息技术股份有限公司 Data transmission method and system based on iris encryption
CN115776413B (en) * 2023-02-09 2023-05-09 航天宏图信息技术股份有限公司 Iris encryption-based data transmission method and system

Also Published As

Publication number Publication date
CN105577631B (en) 2019-12-10
CN105577631A (en) 2016-05-11

Similar Documents

Publication Publication Date Title
US11917054B2 (en) Network key processing method and system and related device
CN105207774B (en) The cryptographic key negotiation method and device of verification information
US9055047B2 (en) Method and device for negotiating encryption information
WO2018014723A1 (en) Key management method, apparatus, device and system
US11736304B2 (en) Secure authentication of remote equipment
WO2019109852A1 (en) Data transmission method and system
JP2015525012A (en) Secure communication for computing devices using proximity services
WO2016008344A1 (en) Wireless connection establishing methods and wireless connection establishing apparatuses
CN107567017B (en) Wireless connection system, device and method
CN103428221A (en) Safety logging method, system and device of mobile application
WO2015164999A1 (en) Virtual card downloading method, terminal and intermediate device
WO2015100974A1 (en) Terminal authentication method, device and system
US20240163133A1 (en) Autoconnect Virtual Private Network
CN110519203B (en) Data encryption transmission method and device
US20180095500A1 (en) Tap-to-dock
KR20160123558A (en) Apparatus and method for Mobile Trusted Module based security of Short Message Service
US10172003B2 (en) Communication security processing method, and apparatus
US20190037614A1 (en) Method, apparatus, storage medium, and terminal for establishing a wi-fi connection
CN104243452B (en) A kind of cloud computing access control method and system
CN108156604B (en) Group calling encryption transmission method and device of cluster system, cluster terminal and system
WO2016187892A1 (en) Data transmission method and terminal
CN107529159B (en) Access layer encryption, decryption and integrity protection method and device for broadband cluster downlink shared channel and security implementation method
US9237441B2 (en) Method and apparatus for configuring signaling radio bearer in a wireless communications system
EP3454583B1 (en) Network connection method, and secure node determination method and device
CN110890968B (en) Instant messaging method, device, equipment and computer readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15892973

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 13.04.2018)

122 Ep: pct application non-entry in european phase

Ref document number: 15892973

Country of ref document: EP

Kind code of ref document: A1