WO2018014555A1 - Data transmission control method and apparatus - Google Patents

Data transmission control method and apparatus Download PDF

Info

Publication number
WO2018014555A1
WO2018014555A1 PCT/CN2017/074503 CN2017074503W WO2018014555A1 WO 2018014555 A1 WO2018014555 A1 WO 2018014555A1 CN 2017074503 W CN2017074503 W CN 2017074503W WO 2018014555 A1 WO2018014555 A1 WO 2018014555A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
data
security
evaluation result
transmission channel
Prior art date
Application number
PCT/CN2017/074503
Other languages
French (fr)
Chinese (zh)
Inventor
刘雪原
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018014555A1 publication Critical patent/WO2018014555A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present disclosure relates to the field of communications, for example, to a data transmission control method and apparatus.
  • the mobile terminal device in the related art usually accesses the Internet by connecting to a mobile network or a WIFI (Wireless Fidelity) network. Since the mobile network service provided by the communication service provider has a slow network speed and a relatively high tariff, the terminal device uses a WIFI network with a fast network speed and a low tariff to connect to the Internet.
  • WIFI Wireless Fidelity
  • the mobile data used in the terminal is provided by the operator, and the mobile data is highly secure compared to the public hotspot.
  • the mobile data of most users in the related art is not suitable for transmitting a large amount of video, pictures, applications, and the like, which consumes a lot of resources.
  • the wireless router When connecting to a WIFI hotspot through a wireless router, the wireless router needs to enable the firewall. At the same time, because the mobile terminal and the WIFI hotspot are not trusted, the firewall software should also be preset. Moreover, dangerous hotspots are identified by maintaining a database of untrusted IP (Internet Protocol, network interconnection control) and MAC (Media Access Control). At present, the solution to improve the security of WIFI hotspots must be transformed into a network. Whether it is a hotspot or a mobile terminal, the firewall function must be enabled, which will increase the cost. In addition, fake WIFI hotspots will not open the firewall. To identify the firewall, the mobile terminal must pre-collect a list of IP addresses that store forged WIFI hotspots. Therefore, in the case of transmitting data only through one type of network (for example, a WIFI hotspot), it is vulnerable to attack and the security of data transmission cannot be ensured.
  • IP Internet Protocol, network interconnection control
  • MAC Media Access Control
  • the embodiment provides a data transmission control method and apparatus to solve at least the problem of low security of transmitting data through only one network in the related art.
  • a data transmission control method including: obtaining authentication data through a first network; evaluating security of the second network according to the authentication data, obtaining an evaluation result;
  • the evaluation result control data is transmitted on a transmission channel, wherein the transmission channel includes at least one of the first network and the second network.
  • the security of the second network is evaluated according to the authentication data, and the obtaining the evaluation result includes: determining that an IP address obtained when accessing the predetermined website by using the second network corresponds to the predetermined website Whether the IP addresses carried in the authentication data are consistent; if the determination result is negative, determining that the evaluation result is that the second network is the first security level; or, if the determination result is yes, determining The evaluation result is that the second network is a second security level; wherein the security indicated by the first security level is lower than the security indicated by the second security level.
  • controlling the data to be transmitted on the transmission channel according to the evaluation result includes: sending the indication The prompt information of the security level of the second network is the first security level; the response information is received in response to the prompt information, where the response information is used to indicate that the first network is selected as the transmission channel, or The response information is used to indicate that the first network and the second network are selected as the transmission channel; and when the response information is used to indicate that the first network is selected as the transmission channel, the control station Transmitting the data on the first network; or, if the response information is used to indicate that the first network and the second network are selected as the transmission channel, controlling the data in the A network and the second network are transmitted.
  • controlling the data to be transmitted on the first network and the second network comprises: performing security verification on the second network by using the first network; and in case the verification is successful, the control station The data is transmitted on the second network.
  • controlling the data to be transmitted on the first network and the second network if the preset operation instruction is received, acquiring, by using the first network, the preset operation instruction Server address information; and in case the obtained server address information is consistent with the server address information carried by the authentication data, the data is controlled to be transmitted on the second network.
  • the security of the first network is higher than the security of the second network.
  • the first network includes: a mobile data network; and the second network includes: a WIFI network.
  • a data transmission control apparatus comprising: an acquisition module configured to acquire authentication data through a first network; and an evaluation module configured to perform a second network according to the authentication data The security is evaluated to obtain an evaluation result; and the control module is configured to control the transmission of the data on the transmission channel according to the evaluation result, wherein the transmission channel comprises: at least the first network and the second network One.
  • the evaluation module includes: a determining unit, configured to determine whether an IP address obtained when accessing the predetermined website through the second network is consistent with an IP address carried in the authentication data corresponding to the predetermined website; a determining unit, configured to determine that the evaluation result is that the second network is a first security level if the determination result is negative; or, the second determining unit is configured to determine, in a case that the determination result is yes, The evaluation result is that the second network is a second security level; wherein the security indicated by the first security level is lower than the security indicated by the second security level.
  • a data transmission control apparatus comprising: an authentication data acquisition module configured to obtain authentication data through a mobile data network; and a WIFI security evaluation module configured to be based on the authentication data Evaluating the security of the currently connected WIFI hotspot to obtain an evaluation result; and the data transmission channel control module is configured to control the data to be transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes: the mobile data At least one of a network and the WIFI hotspot.
  • a non-transitory computer readable storage medium storing computer executable instructions for performing the data transfer control method of any of the above.
  • the authentication data is obtained through the first network; the security of the second network is evaluated according to the authentication data, and the evaluation result is obtained; and the control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes: At least one of the network and the second network, it can be seen that the security of the second network is evaluated according to the authentication data acquired from the first network by using the foregoing solution, and the data transmission channel is controlled according to the evaluation result, so The security of the transmitted data is improved, thereby solving the problem that the security of transmitting data through only one network in the related art is low.
  • FIG. 1 is a block diagram showing the hardware structure of a mobile terminal of a data transmission control method according to this embodiment
  • FIG. 3 is a block diagram 1 of a structure of a data transmission control apparatus according to the embodiment.
  • FIG. 4 is a structural block diagram 2 of a data transmission control apparatus according to the embodiment.
  • FIG. 5 is a block diagram showing the structure of another data transmission control apparatus according to the present embodiment.
  • FIG. 6 is a flowchart 1 of a data transmission control method according to this alternative embodiment
  • FIG. 7 is a second flowchart of a data transmission control method according to this alternative embodiment.
  • FIG. 1 is a block diagram of a hardware structure of a mobile terminal according to a data transmission control method of the present embodiment.
  • the mobile terminal 10 may include one or more (only shown in the figure).
  • the processor 102 (the processor 102 may be a processing circuit including a microprocessor MCU or a programmable logic device FPGA, etc.), a memory 104 for storing data, and a transmission circuit 106 for communication functions.
  • FIG. 1 is merely illustrative and does not limit the structure of the above electronic device.
  • the mobile terminal 10 may also include more or fewer components than those shown in FIG. 1, or have a different configuration than that shown in FIG.
  • the memory 104 can be used to store software programs and modules of the application software, such as program instructions/modules corresponding to the data transfer control method in the embodiment, and the processor 102 executes various types by running software programs and modules stored in the memory 104. Functional application and data processing, that is, the above method is implemented.
  • Memory 104 may include high speed random access memory, and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
  • memory 104 may be further memory that is remotely located relative to processor 102, which may be connected to mobile terminal 10 over a network. Examples of the above network may include the Internet, Enterprise intranet, local area network, mobile communication network and combinations thereof.
  • Transmission circuitry 106 is for receiving or transmitting data via a network.
  • the network instance described above may include a wireless network provided by a communication provider of the mobile terminal 10.
  • the transmission circuit 106 includes a Network Interface Controller (NIC) that can be connected to other network devices through a base station to communicate with the Internet.
  • the transmission circuit 106 can be a Radio Frequency (RF) module, and the transmission circuit 106 is configured to communicate with the Internet wirelessly.
  • NIC Network Interface Controller
  • RF Radio Frequency
  • FIG. 2 is a flowchart of a data transmission control method according to the embodiment. As shown in FIG. 2, the process includes the following steps:
  • step S210 the authentication data is obtained through the first network
  • step S220 the security of the second network is evaluated according to the authentication data, and an evaluation result is obtained;
  • control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes at least one of the first network and the second network.
  • the foregoing data transmission control method may be applied to a scenario in which data is transmitted through a network connection.
  • it may be: connecting at least one of a WIFI hotspot transmission data and a connection mobile data transmission data.
  • the foregoing data transmission control method may be applied to a mobile terminal, and may be, for example, a mobile phone, a tablet computer, a notebook computer, a smart wearable device, or the like.
  • the authentication data is obtained through the first network; the security of the second network is evaluated according to the authentication data, and the evaluation result is obtained; and the control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes: At least one of the network and the second network, it can be seen that the security of the second network is evaluated according to the authentication data acquired from the first network by using the foregoing solution, and the data transmission channel is controlled according to the evaluation result, so The security of the transmitted data is improved, thereby solving the problem that the security of transmitting data through only one network in the related art is low.
  • the security of the second network may be evaluated according to the IP address carried in the authentication data. For example, it is determined whether the IP address obtained when accessing the predetermined website through the second network is consistent with the IP address carried in the authentication data corresponding to the predetermined website. If the determination result is negative, the evaluation result is determined to be the second network.
  • the security level or, in the case of the determination result being YES, determining that the evaluation result is that the second network is the second security level, wherein the security indicated by the first security level is lower than the security indicated by the second security level.
  • the security of the second network may be prompted to be lower, and the manner in which the data is transmitted is selected by the user. For example, sending prompt information indicating that the security level of the second network is the first security level, and receiving response information in response to the prompt information, wherein the response information is used to indicate that the first network is selected as the transmission channel, or the response information is used.
  • control data is transmitted on the first network; or, the response information is used to indicate the selection
  • control data is transmitted on the first network and the second network.
  • control data is transmitted on the first network and the second network.
  • the manner in which the control data is transmitted on the first network and the second network may include the following two types:
  • the second network is authenticated by the first network, and in the case that the verification is successful, the control data is transmitted on the second network.
  • the server address information corresponding to the preset operation instruction is obtained through the first network, and the obtained server address information is consistent with the server address information carried in the authentication data, and is controlled.
  • the data is transmitted on the second network.
  • the data may be controlled to be transmitted on the second network.
  • the control data is transmitted on the second network.
  • the security of the first network may be higher than the security of the second network.
  • the first network may include: a mobile data network; and the second network may include: a wireless fidelity WIFI network.
  • a data transmission control device is provided, which is used to implement the above-mentioned embodiments and optional embodiments, and has not been described again.
  • the term “module” may implement a combination of software and/or hardware of a predetermined function.
  • the devices described in the following embodiments may be implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 3 is a structural block diagram 1 of a data transmission control apparatus according to the embodiment. As shown in FIG. 3, the apparatus includes:
  • the obtaining module 32 is configured to obtain the authentication data by using the first network
  • the evaluation module 34 is coupled to the acquisition module 32 and configured to secure the second network according to the authentication data. To conduct an assessment and obtain an assessment result;
  • the control module 36 is coupled to the evaluation module 34 and configured to control data transmission on the transmission channel according to the evaluation result, wherein the transmission channel comprises at least one of the first network and the second network.
  • the above data transmission control device may be applied to a scenario in which data is transmitted through a network connection. For example, connecting a WIFI hotspot to transmit data and connecting to a mobile data network to transmit data.
  • the data transmission control device may be applied to a mobile terminal, such as a mobile phone, a tablet computer, a notebook computer, a smart wearable device, or the like.
  • the obtaining module obtains the authentication data through the first network, the evaluation module evaluates the security of the second network according to the authentication data, and obtains the evaluation result; the control module controls the data to be transmitted on the transmission channel according to the evaluation result, where
  • the transmission channel includes: at least one of the first network and the second network, and thus, the security of the second network is evaluated according to the authentication data acquired from the first network by using the foregoing solution, and the data is compared according to the evaluation result.
  • the transmission channel is controlled, thereby improving the security of transmitting data, thereby solving the problem of low security in transmitting data only through one network in the related art.
  • FIG. 4 is a block diagram showing the structure of a data transmission control apparatus according to the present embodiment.
  • the evaluation module 34 includes:
  • the determining unit 42 is configured to determine whether the IP address obtained when accessing the predetermined website through the second network is consistent with the IP address carried in the authentication data corresponding to the predetermined website;
  • the first determining unit 44 is coupled to the determining unit 42 and configured to determine that the evaluation result is that the second network is the first security level if the determination result is negative; or
  • the second determining unit 46 is coupled to the determining unit 42 and configured to determine that the evaluation result is that the second network is the second security level if the determination result is yes;
  • the security indicated by the first security level is lower than the security indicated by the second security level.
  • the foregoing control module 36 is configured to: send, when the evaluation result is that the security level of the second network is the first security level, prompt information indicating that the security level of the second network is the first security level; And responsive to the response information of the prompt information, wherein the response information is used to indicate that the first network is selected as the transmission channel, or the response information is used to indicate that the first network and the second network are selected as the transmission channel; and the response information is used to indicate the selection
  • the control data is transmitted on the first network; or, in the case where the response information is used to indicate that the first network and the second network are selected as the transmission channel, the control data is in the first network and the second Transmission on the network.
  • control module 36 is configured to perform a security check on the second network by using the first network. In the case where the verification is successful, the control data is transmitted on the second network.
  • control module 36 is configured to: obtain, by using the first network, server address information corresponding to the preset operation instruction, and obtain the server address information and the server carried by the authentication data, when the preset operation instruction is received; In the case where the address information is consistent, the control data is transmitted on the second network.
  • control module 36 is configured to: when the evaluation result is that the security level of the second network is the second security level, the control data is transmitted on the second network.
  • the security of the first network may be higher than the security of the second network.
  • the first network may include: a mobile data network; and the second network may include, but is not limited to, a wireless fidelity WIFI network.
  • the foregoing modules may be implemented by software or hardware.
  • the foregoing modules may be implemented by: the foregoing modules are all located in the same processor; or, the modules are respectively located in multiple processors.
  • FIG. 5 is a structural block diagram of another data transmission control device according to the embodiment. As shown in FIG. 5, the device includes:
  • the authentication data obtaining module 52 is configured to obtain authentication data through the mobile data network
  • the WIFI security evaluation module 54 is coupled to the authentication data obtaining module 52, and is configured to evaluate the security of the currently connected WIFI hotspot according to the authentication data, and obtain an evaluation result;
  • the data transmission channel control module 56 is coupled to the WIFI security evaluation module 54 and configured to control data transmission on the transmission channel according to the evaluation result, wherein the transmission channel includes at least one of a mobile data network and a WIFI hotspot.
  • the authentication data obtaining module is configured to acquire specific authentication data by using the mobile data with higher credibility.
  • the WIFI security evaluation module is configured to determine the security of the current WIFI hotspot after the user connects to the WIFI hotspot, obtain the authentication data through the authentication data obtaining module, and evaluate the security of the current connection in real time when the user performs the security operation. .
  • the data transmission channel control module is configured to adjust the channel of the data transmission according to the current service requirement, and can control the data to be simultaneously transmitted only through the wireless data or only through the WIFI or the mobile data and the WIFI.
  • the module requests a data transmission channel from the system according to the data transmission mode required by the current service.
  • Android Android
  • Android system is set to enable WIFI by default when mobile data is transmitted simultaneously with WIFI. After the data is paused, the module will call the system preset interface to re-open the mobile data and control the data transmission channel through the iptable.
  • modules can be implemented by software or hardware.
  • the modules can be implemented in the following manner: the modules are all located in the same processor; or the modules are respectively located in multiple processors.
  • the optional embodiment provides a method for simultaneously networking using WIFI and mobile data to solve network security problems.
  • a large amount of data transmission is still carried out by means of WIFI, and security inspection is carried out by moving data.
  • the optional embodiment mainly uses the mobile terminal WIFI and mobile data to complete the secure transmission of data, and does not need to modify the wireless public hotspot.
  • the method provided by the optional embodiment can solve the problem that the user's Internet security is greatly improved in a low-cost situation, and only a small amount of mobile data traffic is consumed, which can greatly improve the security of the Internet.
  • FIG. 6 is a flowchart 1 of a data transmission control method according to the present optional embodiment. As shown in FIG. 6, the process includes the following steps:
  • step S601 when the user connects to the WIFI hotspot, the data transmission channel control module simultaneously performs data transmission through the mobile data and the WIFI hotspot.
  • the authentication data obtaining module acquires corresponding authentication data by using the mobile data, and the authentication data may be a domain name, an IP address, a key file MD5 (Message-Digest Algorithm 5) value of the website, and the like. Wait.
  • the authentication data obtained according to the required security level set by the user is different. If the user setting requires the detection of the general security, the authentication data only obtains the user's common website authentication data; if the low security detection is set, only Obtain authentication data of websites required for sensitive operations such as online banking and shopping; if high security detection is set, the authentication data of websites that may be used by users may be increased accordingly.
  • the WIFI security evaluation module evaluates the current WIFI security according to the authentication data acquired in step S601.
  • the evaluation method may be to check whether the IP address obtained by accessing the specific website through the WIFI hotspot is consistent with the record recorded in the authentication data. According to the results of the security assessment, users are reminded to pay attention to Internet security.
  • step S604 the data transmission channel control module controls whether the data is transmitted through WIFI according to the security evaluation result. If the assessment is safe, the data is all transmitted via WIFI, if the evaluation is When there is risk, keep the mobile data and WIFI coexist, and if necessary, re-verify by moving the data.
  • FIG. 7 is a second flowchart of a data transmission control method according to this alternative embodiment. As shown in FIG. 7, the process includes the following steps:
  • step S701 in a network environment where the WIFI hotspot evaluation result is low in security, the sensitive operation that the user needs to perform is reminded. Let the user choose to transmit all data by mobile data during transmission or to perform security verification during transmission.
  • step S702 the data transmission channel control module controls the data transmission channel to transmit only through the mobile data or through the mobile data and the WIFI data according to the user selection.
  • step S703 when the mobile data and the WIFI data are transmitted together, the WIFI security evaluation module obtains the server address information that needs to be accessed through the mobile data when the user needs to access the network, and is not deceived by the DNS (Domain Name System). attack.
  • DNS Domain Name System
  • the security of the user network operation can be greatly improved when a small amount of data traffic is consumed.
  • these security detection operations are performed in the background, and will not affect the user experience. Only when there is a problem in the security of the WIFI network environment will the user be reminded.
  • the user connects to the public WIFI to perform a shopping operation, and according to the security level set by the user, the current WIFI hotspot is authenticated through the disclosure, and the IP address of the shopping website A obtained through the hotspot is tampered with, and actually points to a phishing website. .
  • the data transmission control provided by the alternative embodiment can remind the user to avoid operating at the shopping website A when using the hotspot.
  • the user connects to a public WIFI hotspot to access the Internet, and the online banking transfer request is generated during use. Since the security of the hotspot is not high when the WIFI hotspot is connected through the present disclosure, the data transmission control provided by the alternative embodiment may prompt the user that there may be a risk in the transfer process, and whether the mobile data is only used during the transfer operation. data transmission.
  • a storage medium (such as a ROM/RAM, a magnetic disk, an optical disk) includes a plurality of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in various embodiments of the present disclosure.
  • Embodiments of the present disclosure also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • the authentication data is obtained through the first network
  • control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes at least one of the first network and the second network.
  • the foregoing storage medium may include: a USB flash drive, a read-only memory (ROM), a random access memory (RAM), a mobile hard disk, a magnetic disk, or A variety of media such as optical discs that can store program code.
  • the processor executes the method steps described in the foregoing embodiments according to the stored program code in the storage medium.
  • the embodiment further provides a non-transitory computer readable storage medium storing computer executable instructions for executing the data transmission control method of any of the above embodiments.
  • modules or steps of the present disclosure may be implemented in a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices, optionally They may be implemented by program code executable by a computing device such that they may be stored in a storage device for execution by the computing device and, in some cases, may be performed in a different order than that illustrated herein or
  • the steps described are either made separately into a plurality of integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. As such, the disclosure is not limited to any specific combination of hardware and software.
  • the disclosure obtains the authentication data through the first network; the security of the second network is evaluated according to the authentication data, and the evaluation result is obtained; and the control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes: the first network and At least one of the second networks, it can be seen that the above solution is adopted
  • the security of the second network is evaluated according to the authentication data obtained from the first network, and the data transmission channel is controlled according to the evaluation result, thereby improving the security of the transmitted data, thereby solving the related art only A problem of low security of network transmission data.

Abstract

Provided in present application is a data transmission control method and apparatus, the method comprising: acquiring authentication data by means of a first network; on the basis of the authentication data, assessing the security of a second network to obtain assessment results; on the basis of the assessment results, controlling the transmission of data over a transmission channel, the transmission channel comprising: at least one of the first network and the second network.

Description

数据传输控制方法及装置Data transmission control method and device 技术领域Technical field
本公开涉及通信领域,例如涉及一种数据传输控制方法及装置。The present disclosure relates to the field of communications, for example, to a data transmission control method and apparatus.
背景技术Background technique
相关技术中的移动终端设备通常通过连接移动网络或WIFI(Wireless Fidelity,无线保真)网络进行上网。由于通信服务商提供的移动网络服务网速较慢且资费较贵,所以终端设备更多采用网速快且资费较低的WIFI网络连接互联网。但生活中,尤其是在公共场合,通过公共的WIFI热点访问网络很容易发生由于WIFI热点被他人攻击或者连接到恶意WIFI热点导致访问数据被篡改的风险。不法分子可以很容易的将用户需要访问的网站指向钓鱼网站。并且很多移动终端会自动连接运营商同名的热点,没有任何确认过程。The mobile terminal device in the related art usually accesses the Internet by connecting to a mobile network or a WIFI (Wireless Fidelity) network. Since the mobile network service provided by the communication service provider has a slow network speed and a relatively high tariff, the terminal device uses a WIFI network with a fast network speed and a low tariff to connect to the Internet. However, in life, especially in public places, access to the network through public WIFI hotspots is prone to the risk of tampering with access data due to WIFI hotspots being attacked by others or connected to malicious WIFI hotspots. Criminals can easily point websites that users need to visit to phishing sites. And many mobile terminals will automatically connect to the hotspot of the same name of the operator, without any confirmation process.
终端中使用的移动数据是由运营商提供,相比公共热点移动数据安全性很高。但是由于资费问题,对于相关技术中大多数用户的移动数据并不适合来传输大量视频、图片、应用等等耗费流量较多的资源。The mobile data used in the terminal is provided by the operator, and the mobile data is highly secure compared to the public hotspot. However, due to the tariff problem, the mobile data of most users in the related art is not suitable for transmitting a large amount of video, pictures, applications, and the like, which consumes a lot of resources.
通过无线路由器连接WIFI热点时,无线路由器需要开启防火墙,同时由于移动终端和WIFI热点之间是不可信关系,故也要预置防火墙软件。并且,通过维护不可信IP(Internet Protocol,网络之间互连的协议)、MAC(Media Access Control,介质访问控制)的数据库,来识别危险热点。目前提高WIFI热点的安全性的方案都要改造网络,不管是热点还是移动终端,都要开启防火墙功能,会增加一定成本。另外,伪造的WIFI热点也不会打开防火墙。移动终端要识别防火墙,势必要预先收集存储伪造WIFI热点的IP地址列表。因此,在只通过一种网络(例如:WIFI热点)传输数据的情况下,容易受到攻击,并且无法确保数据传输的安全性。When connecting to a WIFI hotspot through a wireless router, the wireless router needs to enable the firewall. At the same time, because the mobile terminal and the WIFI hotspot are not trusted, the firewall software should also be preset. Moreover, dangerous hotspots are identified by maintaining a database of untrusted IP (Internet Protocol, network interconnection control) and MAC (Media Access Control). At present, the solution to improve the security of WIFI hotspots must be transformed into a network. Whether it is a hotspot or a mobile terminal, the firewall function must be enabled, which will increase the cost. In addition, fake WIFI hotspots will not open the firewall. To identify the firewall, the mobile terminal must pre-collect a list of IP addresses that store forged WIFI hotspots. Therefore, in the case of transmitting data only through one type of network (for example, a WIFI hotspot), it is vulnerable to attack and the security of data transmission cannot be ensured.
针对相关技术中只通过一种网络传输数据的安全性低的问题,目前还没有有效地解决方案。In view of the low security of transmitting data through only one type of network in the related art, there is currently no effective solution.
发明内容Summary of the invention
本实施例提供了一种数据传输控制方法及装置,以至少解决相关技术中只通过一种网络传输数据的安全性低的问题。 The embodiment provides a data transmission control method and apparatus to solve at least the problem of low security of transmitting data through only one network in the related art.
根据本公开的一个实施例,提供了一种数据传输控制方法,包括:通过第一网络获取鉴权数据;根据所述鉴权数据对第二网络的安全性进行评估,得到评估结果;以及根据所述评估结果控制数据在传输通道上传输,其中,所述传输通道包括:所述第一网络和所述第二网络中的至少一个。According to an embodiment of the present disclosure, a data transmission control method is provided, including: obtaining authentication data through a first network; evaluating security of the second network according to the authentication data, obtaining an evaluation result; The evaluation result control data is transmitted on a transmission channel, wherein the transmission channel includes at least one of the first network and the second network.
可选地,根据所述鉴权数据对所述第二网络的安全性进行评估,得到所述评估结果包括:判断通过所述第二网络访问预定网站时获取的IP地址与所述预定网站对应的鉴权数据中携带的IP地址是否一致;在判断结果为否的情况下,确定所述评估结果为所述第二网络为第一安全等级;或者,在判断结果为是的情况下,确定所述评估结果为所述第二网络为第二安全等级;其中,所述第一安全等级所指示的安全性比所述第二安全等级所指示的安全性低。Optionally, the security of the second network is evaluated according to the authentication data, and the obtaining the evaluation result includes: determining that an IP address obtained when accessing the predetermined website by using the second network corresponds to the predetermined website Whether the IP addresses carried in the authentication data are consistent; if the determination result is negative, determining that the evaluation result is that the second network is the first security level; or, if the determination result is yes, determining The evaluation result is that the second network is a second security level; wherein the security indicated by the first security level is lower than the security indicated by the second security level.
可选地,在所述评估结果为所述第二网络的安全等级为第一安全等级的情况下,根据所述评估结果控制所述数据在所述传输通道上传输包括:发送用于指示所述第二网络的安全等级为第一安全等级的提示信息;接收响应于所述提示信息的响应信息,其中,所述响应信息用于指示选择所述第一网络为所述传输通道,或者,所述响应信息用于指示选择所述第一网络和所述第二网络为所述传输通道;在所述响应信息用于指示选择所述第一网络为所述传输通道的情况下,控制所述数据在所述第一网络上传输;或者,在所述响应信息用于指示选择所述第一网络和所述第二网络为所述传输通道的情况下,控制所述数据在所述第一网络和所述第二网络上传输。Optionally, if the evaluation result is that the security level of the second network is the first security level, controlling the data to be transmitted on the transmission channel according to the evaluation result includes: sending the indication The prompt information of the security level of the second network is the first security level; the response information is received in response to the prompt information, where the response information is used to indicate that the first network is selected as the transmission channel, or The response information is used to indicate that the first network and the second network are selected as the transmission channel; and when the response information is used to indicate that the first network is selected as the transmission channel, the control station Transmitting the data on the first network; or, if the response information is used to indicate that the first network and the second network are selected as the transmission channel, controlling the data in the A network and the second network are transmitted.
可选地,控制所述数据在所述第一网络和所述第二网络上传输包括:通过所述第一网络对所述第二网络进行安全验证;以及在验证成功的情况下,控制所述数据在所述第二网络上传输。Optionally, controlling the data to be transmitted on the first network and the second network comprises: performing security verification on the second network by using the first network; and in case the verification is successful, the control station The data is transmitted on the second network.
可选地,控制所述数据在所述第一网络和所述第二网络上传输包括:在接收到预设操作指令的情况下,通过所述第一网络获取所述预设操作指令对应的服务器地址信息;以及在获取的服务器地址信息与所述鉴权数据携带的服务器地址信息一致的情况下,控制所述数据在所述第二网络上传输。Optionally, controlling the data to be transmitted on the first network and the second network, if the preset operation instruction is received, acquiring, by using the first network, the preset operation instruction Server address information; and in case the obtained server address information is consistent with the server address information carried by the authentication data, the data is controlled to be transmitted on the second network.
可选地,根据所述评估结果控制所述数据在所述传输通道上传输包括:在所述评估结果为所述第二网络的安全等级为第二安全等级的情况下,控制数据在所述第二网络上传输。Optionally, controlling, according to the evaluation result, the data to be transmitted on the transmission channel, if the evaluation result is that the security level of the second network is a second security level, the control data is in the Transmission on the second network.
可选地,所述第一网络的安全性高于所述第二网络的安全性。Optionally, the security of the first network is higher than the security of the second network.
可选地,所述第一网络包括:移动数据网;所述第二网络包括:WIFI网。 Optionally, the first network includes: a mobile data network; and the second network includes: a WIFI network.
根据本公开的另一个实施例,提供了一种数据传输控制装置,包括:获取模块,设置为通过第一网络获取鉴权数据;评估模块,设置为根据所述鉴权数据对第二网络的安全性进行评估,得到评估结果;以及控制模块,设置为根据所述评估结果控制数据在传输通道上传输,其中,所述传输通道包括:所述第一网络和所述第二网络中的至少一个。According to another embodiment of the present disclosure, there is provided a data transmission control apparatus, comprising: an acquisition module configured to acquire authentication data through a first network; and an evaluation module configured to perform a second network according to the authentication data The security is evaluated to obtain an evaluation result; and the control module is configured to control the transmission of the data on the transmission channel according to the evaluation result, wherein the transmission channel comprises: at least the first network and the second network One.
可选地,所述评估模块包括:判断单元,设置为判断通过所述第二网络访问预定网站时获取的IP地址与所述预定网站对应的鉴权数据中携带的IP地址是否一致;第一确定单元,设置为在判断结果为否的情况下,确定所述评估结果为所述第二网络为第一安全等级;或者,第二确定单元,设置为在判断结果为是的情况下,确定所述评估结果为所述第二网络为第二安全等级;其中,所述第一安全等级所指示的安全性比所述第二安全等级所指示的安全性低。Optionally, the evaluation module includes: a determining unit, configured to determine whether an IP address obtained when accessing the predetermined website through the second network is consistent with an IP address carried in the authentication data corresponding to the predetermined website; a determining unit, configured to determine that the evaluation result is that the second network is a first security level if the determination result is negative; or, the second determining unit is configured to determine, in a case that the determination result is yes, The evaluation result is that the second network is a second security level; wherein the security indicated by the first security level is lower than the security indicated by the second security level.
根据本公开的另一个实施例,提供了一种数据传输控制装置,包括:鉴权数据获取模块,设置为通过移动数据网获取鉴权数据;WIFI安全评估模块,设置为根据所述鉴权数据对当前连接的WIFI热点的安全性进行评估,得到评估结果;以及数据传输通道控制模块,设置为根据所述评估结果控制数据在传输通道上传输,其中,所述传输通道包括:所述移动数据网和所述WIFI热点中的至少一个。According to another embodiment of the present disclosure, there is provided a data transmission control apparatus, comprising: an authentication data acquisition module configured to obtain authentication data through a mobile data network; and a WIFI security evaluation module configured to be based on the authentication data Evaluating the security of the currently connected WIFI hotspot to obtain an evaluation result; and the data transmission channel control module is configured to control the data to be transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes: the mobile data At least one of a network and the WIFI hotspot.
根据本公开的另一个实施例,提供了一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述任一项所述数据传输控制方法。According to another embodiment of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer executable instructions for performing the data transfer control method of any of the above.
通过本公开,通过第一网络获取鉴权数据;根据鉴权数据对第二网络的安全性进行评估,得到评估结果;根据评估结果控制数据在传输通道上传输,其中,传输通道包括:第一网络和第二网络中的至少一个,由此可见,采用上述方案根据从第一网络获取的鉴权数据对第二网络的安全性进行评估,并根据评估结果对数据的传输通道进行控制,因此,提高了传输数据的安全性,从而解决了相关技术中只通过一种网络传输数据的安全性低的问题。Through the disclosure, the authentication data is obtained through the first network; the security of the second network is evaluated according to the authentication data, and the evaluation result is obtained; and the control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes: At least one of the network and the second network, it can be seen that the security of the second network is evaluated according to the authentication data acquired from the first network by using the foregoing solution, and the data transmission channel is controlled according to the evaluation result, so The security of the transmitted data is improved, thereby solving the problem that the security of transmitting data through only one network in the related art is low.
附图概述BRIEF abstract
此处所说明的附图用来提供对本公开的理解,构成本申请的一部分,本公开的示意性实施例及示意性实施例的说明用于解释本公开,并不构成对本公开的不当限定。在附图中: The accompanying drawings, which are set forth in the claims of the claims In the drawing:
图1是本实施例的一种数据传输控制方法的移动终端的硬件结构框图;1 is a block diagram showing the hardware structure of a mobile terminal of a data transmission control method according to this embodiment;
图2是根据本实施例的一种数据传输控制方法的流程图;2 is a flowchart of a data transmission control method according to the embodiment;
图3是根据本实施例的一种数据传输控制装置的结构框图一;3 is a block diagram 1 of a structure of a data transmission control apparatus according to the embodiment;
图4是根据本实施例的一种数据传输控制装置的结构框图二;4 is a structural block diagram 2 of a data transmission control apparatus according to the embodiment;
图5是根据本实施例的另一种数据传输控制装置的结构框图;FIG. 5 is a block diagram showing the structure of another data transmission control apparatus according to the present embodiment; FIG.
图6是根据本可选实施例的数据传输控制方法流程图一;6 is a flowchart 1 of a data transmission control method according to this alternative embodiment;
图7是根据本可选实施例的数据传输控制方法流程图二。FIG. 7 is a second flowchart of a data transmission control method according to this alternative embodiment.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本公开。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The present disclosure will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本公开的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second", and the like in the specification and claims of the present disclosure are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
实施例1Example 1
本实施例以及下述实施例所提供的数据传输控制方法可以在移动终端、计算机终端或者类似的电子设备中执行。以运行在移动终端上为例,图1是本实施例的一种数据传输控制方法的移动终端的硬件结构框图,如图1所示,移动终端10可以包括一个或多个(图中仅示出一个)处理器102(处理器102可以是包括微处理器MCU或可编程逻辑器件FPGA等的处理电路)、用于存储数据的存储器104、以及用于通信功能的传输电路106。本领域普通技术人员可以理解,图1所示的结构仅为示意,并不对上述电子设备的结构造成限定。例如,移动终端10还可包括比图1中所示更多或者更少的组件,或者具有与图1所示不同的配置。The data transmission control method provided by this embodiment and the following embodiments may be performed in a mobile terminal, a computer terminal or the like. 1 is a block diagram of a hardware structure of a mobile terminal according to a data transmission control method of the present embodiment. As shown in FIG. 1, the mobile terminal 10 may include one or more (only shown in the figure). The processor 102 (the processor 102 may be a processing circuit including a microprocessor MCU or a programmable logic device FPGA, etc.), a memory 104 for storing data, and a transmission circuit 106 for communication functions. It will be understood by those skilled in the art that the structure shown in FIG. 1 is merely illustrative and does not limit the structure of the above electronic device. For example, the mobile terminal 10 may also include more or fewer components than those shown in FIG. 1, or have a different configuration than that shown in FIG.
存储器104可用于存储应用软件的软件程序以及模块,如本实施例中的数据传输控制方法对应的程序指令/模块,处理器102通过运行存储在存储器104内的软件程序以及模块,从而执行多种功能应用以及数据处理,即实现上述的方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可以是还包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至移动终端10。上述网络的实例可以是包括互联网、 企业内部网、局域网、移动通信网及它们的组合。The memory 104 can be used to store software programs and modules of the application software, such as program instructions/modules corresponding to the data transfer control method in the embodiment, and the processor 102 executes various types by running software programs and modules stored in the memory 104. Functional application and data processing, that is, the above method is implemented. Memory 104 may include high speed random access memory, and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, memory 104 may be further memory that is remotely located relative to processor 102, which may be connected to mobile terminal 10 over a network. Examples of the above network may include the Internet, Enterprise intranet, local area network, mobile communication network and combinations thereof.
传输电路106用于经由一个网络接收或者发送数据。上述的网络实例可包括移动终端10的通信供应商提供的无线网络。在一个实例中,传输电路106包括一个网络适配器(Network Interface Controller,NIC),传输电路106可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输电路106可以为射频(Radio Frequency,RF)模块,传输电路106用于通过无线方式与互联网进行通讯。Transmission circuitry 106 is for receiving or transmitting data via a network. The network instance described above may include a wireless network provided by a communication provider of the mobile terminal 10. In one example, the transmission circuit 106 includes a Network Interface Controller (NIC) that can be connected to other network devices through a base station to communicate with the Internet. In one example, the transmission circuit 106 can be a Radio Frequency (RF) module, and the transmission circuit 106 is configured to communicate with the Internet wirelessly.
在本实施例中提供了一种数据传输控制方法,图2是根据本实施例的一种数据传输控制方法的流程图,如图2所示,该流程包括如下步骤:In the embodiment, a data transmission control method is provided. FIG. 2 is a flowchart of a data transmission control method according to the embodiment. As shown in FIG. 2, the process includes the following steps:
在步骤S210中,通过第一网络获取鉴权数据;In step S210, the authentication data is obtained through the first network;
在步骤S220中,根据鉴权数据对第二网络的安全性进行评估,得到评估结果;In step S220, the security of the second network is evaluated according to the authentication data, and an evaluation result is obtained;
在步骤S230中,根据评估结果控制数据在传输通道上传输,其中,传输通道包括:第一网络和第二网络中的至少一个。In step S230, control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes at least one of the first network and the second network.
可选地,上述数据传输控制方法可以是应用于通过网络连接传输数据的场景中。例如可以是:连接WIFI热点传输数据和连接移动数据网传输数据中的至少一个。Optionally, the foregoing data transmission control method may be applied to a scenario in which data is transmitted through a network connection. For example, it may be: connecting at least one of a WIFI hotspot transmission data and a connection mobile data transmission data.
可选地,上述数据传输控制方法可以是应用于移动终端,例如可以是:手机、平板电脑、笔记本电脑、智能穿戴设备等。Optionally, the foregoing data transmission control method may be applied to a mobile terminal, and may be, for example, a mobile phone, a tablet computer, a notebook computer, a smart wearable device, or the like.
通过上述步骤,通过第一网络获取鉴权数据;根据鉴权数据对第二网络的安全性进行评估,得到评估结果;根据评估结果控制数据在传输通道上传输,其中,传输通道包括:第一网络和第二网络中的至少一个,由此可见,采用上述方案根据从第一网络获取的鉴权数据对第二网络的安全性进行评估,并根据评估结果对数据的传输通道进行控制,因此,提高了传输数据的安全性,从而解决了相关技术中只通过一种网络传输数据的安全性低的问题。Through the above steps, the authentication data is obtained through the first network; the security of the second network is evaluated according to the authentication data, and the evaluation result is obtained; and the control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes: At least one of the network and the second network, it can be seen that the security of the second network is evaluated according to the authentication data acquired from the first network by using the foregoing solution, and the data transmission channel is controlled according to the evaluation result, so The security of the transmitted data is improved, thereby solving the problem that the security of transmitting data through only one network in the related art is low.
可选地,在上述步骤S220中,可以根据鉴权数据中携带的IP地址对第二网络的安全性进行评估。例如:判断通过第二网络访问预定网站时获取的IP地址与预定网站对应的鉴权数据中携带的IP地址是否一致,在判断结果为否的情况下,确定评估结果为第二网络为第一安全等级,或者,在判断结果为是的情况下,确定评估结果为第二网络为第二安全等级,其中,第一安全等级所指示的安全性比第二安全等级所指示的安全性低。 Optionally, in the foregoing step S220, the security of the second network may be evaluated according to the IP address carried in the authentication data. For example, it is determined whether the IP address obtained when accessing the predetermined website through the second network is consistent with the IP address carried in the authentication data corresponding to the predetermined website. If the determination result is negative, the evaluation result is determined to be the second network. The security level, or, in the case of the determination result being YES, determining that the evaluation result is that the second network is the second security level, wherein the security indicated by the first security level is lower than the security indicated by the second security level.
可选地,在评估结果为第二网络的安全等级为第一安全等级的情况下,在上述步骤S230中,可以提示用户第二网络的安全性较低,由用户选择传输数据的方式。例如:发送用于指示第二网络的安全等级为第一安全等级的提示信息,接收响应于提示信息的响应信息,其中,响应信息用于指示选择第一网络为传输通道,或者,响应信息用于指示选择第一网络和第二网络为传输通道,在响应信息用于指示选择第一网络为传输通道的情况下,控制数据在第一网络上传输;或者,在响应信息用于指示选择第一网络和第二网络为传输通道的情况下,控制数据在第一网络和第二网络上传输。Optionally, in a case that the security level of the second network is the first security level, in the foregoing step S230, the security of the second network may be prompted to be lower, and the manner in which the data is transmitted is selected by the user. For example, sending prompt information indicating that the security level of the second network is the first security level, and receiving response information in response to the prompt information, wherein the response information is used to indicate that the first network is selected as the transmission channel, or the response information is used. Instructing to select the first network and the second network as the transmission channel, and in case the response information is used to indicate that the first network is selected as the transmission channel, the control data is transmitted on the first network; or, the response information is used to indicate the selection In the case where a network and a second network are transmission channels, control data is transmitted on the first network and the second network.
可选地,控制数据在第一网络和第二网络上传输的方式可以是包括以下两种:Optionally, the manner in which the control data is transmitted on the first network and the second network may include the following two types:
方式一,通过第一网络对第二网络进行安全验证,在验证成功的情况下,控制数据在第二网络上传输。In the first method, the second network is authenticated by the first network, and in the case that the verification is successful, the control data is transmitted on the second network.
方式二,在接收到预设操作指令的情况下,通过第一网络获取预设操作指令对应的服务器地址信息,在获取的服务器地址信息与鉴权数据携带的服务器地址信息一致的情况下,控制数据在第二网络上传输。In the second mode, when the preset operation instruction is received, the server address information corresponding to the preset operation instruction is obtained through the first network, and the obtained server address information is consistent with the server address information carried in the authentication data, and is controlled. The data is transmitted on the second network.
可选地,在上述步骤S230中,如果第二网络的安全等级较高,那么可以控制数据在第二网络上传输。例如:在评估结果为第二网络的安全等级为第二安全等级的情况下,控制数据在第二网络上传输。Optionally, in the foregoing step S230, if the security level of the second network is high, the data may be controlled to be transmitted on the second network. For example, in the case that the evaluation result is that the security level of the second network is the second security level, the control data is transmitted on the second network.
可选地,第一网络的安全性可以是高于第二网络的安全性。Alternatively, the security of the first network may be higher than the security of the second network.
可选地,第一网络可以是包括:移动数据网;第二网络可以是包括:无线保真WIFI网。Optionally, the first network may include: a mobile data network; and the second network may include: a wireless fidelity WIFI network.
实施例2Example 2
在本实施例中还提供了一种数据传输控制装置,该装置用于实现上述实施例及可选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置可以是以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the embodiment, a data transmission control device is provided, which is used to implement the above-mentioned embodiments and optional embodiments, and has not been described again. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the devices described in the following embodiments may be implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图3是根据本实施例的一种数据传输控制装置的结构框图一,如图3所示,该装置包括:FIG. 3 is a structural block diagram 1 of a data transmission control apparatus according to the embodiment. As shown in FIG. 3, the apparatus includes:
获取模块32,设置为通过第一网络获取鉴权数据;The obtaining module 32 is configured to obtain the authentication data by using the first network;
评估模块34,耦合至获取模块32,设置为根据鉴权数据对第二网络的安全 性进行评估,得到评估结果;The evaluation module 34 is coupled to the acquisition module 32 and configured to secure the second network according to the authentication data. To conduct an assessment and obtain an assessment result;
控制模块36,耦合至评估模块34,设置为根据评估结果控制数据在传输通道上传输,其中,传输通道包括:第一网络和第二网络中的至少一个。The control module 36 is coupled to the evaluation module 34 and configured to control data transmission on the transmission channel according to the evaluation result, wherein the transmission channel comprises at least one of the first network and the second network.
可选地,上述数据传输控制装置可以是应用于通过网络连接传输数据的场景中。例如:连接WIFI热点传输数据和连接移动数据网传输数据。Alternatively, the above data transmission control device may be applied to a scenario in which data is transmitted through a network connection. For example, connecting a WIFI hotspot to transmit data and connecting to a mobile data network to transmit data.
可选地,上述数据传输控制装置可以是应用于移动终端,例如:手机、平板电脑、笔记本电脑、智能穿戴设备等。Optionally, the data transmission control device may be applied to a mobile terminal, such as a mobile phone, a tablet computer, a notebook computer, a smart wearable device, or the like.
通过上述装置,获取模块通过第一网络获取鉴权数据;评估模块根据鉴权数据对第二网络的安全性进行评估,得到评估结果;控制模块根据评估结果控制数据在传输通道上传输,其中,传输通道包括:第一网络和第二网络中的至少一个,由此可见,采用上述方案根据从第一网络获取的鉴权数据对第二网络的安全性进行评估,并根据评估结果对数据的传输通道进行控制,因此,提高了传输数据的安全性,从而解决了相关技术中只通过一种网络传输数据的安全性低的问题。The obtaining module obtains the authentication data through the first network, the evaluation module evaluates the security of the second network according to the authentication data, and obtains the evaluation result; the control module controls the data to be transmitted on the transmission channel according to the evaluation result, where The transmission channel includes: at least one of the first network and the second network, and thus, the security of the second network is evaluated according to the authentication data acquired from the first network by using the foregoing solution, and the data is compared according to the evaluation result. The transmission channel is controlled, thereby improving the security of transmitting data, thereby solving the problem of low security in transmitting data only through one network in the related art.
图4是根据本实施例的一种数据传输控制装置的结构框图二,如图4所示,可选地,上述评估模块34包括:FIG. 4 is a block diagram showing the structure of a data transmission control apparatus according to the present embodiment. As shown in FIG. 4, optionally, the evaluation module 34 includes:
判断单元42,设置为判断通过第二网络访问预定网站时获取的IP地址与预定网站对应的鉴权数据中携带的IP地址是否一致;The determining unit 42 is configured to determine whether the IP address obtained when accessing the predetermined website through the second network is consistent with the IP address carried in the authentication data corresponding to the predetermined website;
第一确定单元44,耦合至判断单元42,设置为在判断结果为否的情况下,确定评估结果为第二网络为第一安全等级;或者,The first determining unit 44 is coupled to the determining unit 42 and configured to determine that the evaluation result is that the second network is the first security level if the determination result is negative; or
第二确定单元46,耦合至判断单元42,设置为在判断结果为是的情况下,确定评估结果为第二网络为第二安全等级;The second determining unit 46 is coupled to the determining unit 42 and configured to determine that the evaluation result is that the second network is the second security level if the determination result is yes;
其中,第一安全等级所指示的安全性比第二安全等级所指示的安全性低。The security indicated by the first security level is lower than the security indicated by the second security level.
可选地,上述控制模块36设置为:在评估结果为第二网络的安全等级为第一安全等级的情况下,发送用于指示第二网络的安全等级为第一安全等级的提示信息;接收响应于提示信息的响应信息,其中,响应信息用于指示选择第一网络为传输通道,或者,响应信息用于指示选择第一网络和第二网络为传输通道;在响应信息用于指示选择第一网络为传输通道的情况下,控制数据在第一网络上传输;或者,在响应信息用于指示选择第一网络和第二网络为传输通道的情况下,控制数据在第一网络和第二网络上传输。Optionally, the foregoing control module 36 is configured to: send, when the evaluation result is that the security level of the second network is the first security level, prompt information indicating that the security level of the second network is the first security level; And responsive to the response information of the prompt information, wherein the response information is used to indicate that the first network is selected as the transmission channel, or the response information is used to indicate that the first network and the second network are selected as the transmission channel; and the response information is used to indicate the selection In a case where the network is a transmission channel, the control data is transmitted on the first network; or, in the case where the response information is used to indicate that the first network and the second network are selected as the transmission channel, the control data is in the first network and the second Transmission on the network.
可选地,上述控制模块36设置为:通过第一网络对第二网络进行安全验 证;在验证成功的情况下,控制数据在第二网络上传输。Optionally, the foregoing control module 36 is configured to perform a security check on the second network by using the first network. In the case where the verification is successful, the control data is transmitted on the second network.
可选地,上述控制模块36设置为:在接收到预设操作指令的情况下,通过第一网络获取预设操作指令对应的服务器地址信息;在获取的服务器地址信息与鉴权数据携带的服务器地址信息一致的情况下,控制数据在第二网络上传输。Optionally, the foregoing control module 36 is configured to: obtain, by using the first network, server address information corresponding to the preset operation instruction, and obtain the server address information and the server carried by the authentication data, when the preset operation instruction is received; In the case where the address information is consistent, the control data is transmitted on the second network.
可选地,上述控制模块36设置为:在评估结果为第二网络的安全等级为第二安全等级的情况下,控制数据在第二网络上传输。Optionally, the foregoing control module 36 is configured to: when the evaluation result is that the security level of the second network is the second security level, the control data is transmitted on the second network.
可选地,第一网络的安全性可以是高于第二网络的安全性。Alternatively, the security of the first network may be higher than the security of the second network.
可选地,第一网络可以是包括:移动数据网;第二网络可以但不限于包括:无线保真WIFI网。Optionally, the first network may include: a mobile data network; and the second network may include, but is not limited to, a wireless fidelity WIFI network.
需要说明的是,上述模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现:上述模块均位于同一处理器中;或者,上述模块分别位于多个处理器中。It should be noted that the foregoing modules may be implemented by software or hardware. For the latter, the foregoing modules may be implemented by: the foregoing modules are all located in the same processor; or, the modules are respectively located in multiple processors.
实施例3Example 3
在本实施例中还提供了一种数据传输控制装置,图5是根据本实施例的另一种数据传输控制装置的结构框图,如图5所示,该装置包括:In the embodiment, a data transmission control device is further provided. FIG. 5 is a structural block diagram of another data transmission control device according to the embodiment. As shown in FIG. 5, the device includes:
鉴权数据获取模块52,设置为通过移动数据网获取鉴权数据;The authentication data obtaining module 52 is configured to obtain authentication data through the mobile data network;
WIFI安全评估模块54,耦合至鉴权数据获取模块52,设置为根据鉴权数据对当前连接的WIFI热点的安全性进行评估,得到评估结果;The WIFI security evaluation module 54 is coupled to the authentication data obtaining module 52, and is configured to evaluate the security of the currently connected WIFI hotspot according to the authentication data, and obtain an evaluation result;
数据传输通道控制模块56,耦合至WIFI安全评估模块54,设置为根据评估结果控制数据在传输通道上传输,其中,传输通道包括:移动数据网和WIFI热点中的至少一个。The data transmission channel control module 56 is coupled to the WIFI security evaluation module 54 and configured to control data transmission on the transmission channel according to the evaluation result, wherein the transmission channel includes at least one of a mobile data network and a WIFI hotspot.
可选地,鉴权数据获取模块,设置为通过可信度较高的移动数据,获取特定的鉴权数据。Optionally, the authentication data obtaining module is configured to acquire specific authentication data by using the mobile data with higher credibility.
可选地,WIFI安全评估模块,设置为在用户连接WIFI热点后,通过鉴权数据获取模块获得鉴权数据来判断当前WIFI热点的安全性;在用户进行安全操作时实时评估当前连接的安全性。Optionally, the WIFI security evaluation module is configured to determine the security of the current WIFI hotspot after the user connects to the WIFI hotspot, obtain the authentication data through the authentication data obtaining module, and evaluate the security of the current connection in real time when the user performs the security operation. .
可选地,数据传输通道控制模块,设置为根据当前业务需要,调整数据传输的通道,可以控制数据仅通过无线数据或仅通过WIFI或移动数据与WIFI同时传输。该模块根据当前业务所需要的数据传输模式向系统请求数据传输通道。移动数据与WIFI同时传输时,Android(安卓)系统默认设置为开启WIFI 后暂停移动数据,该模块会调用系统预置接口重新开启移动数据,并通过iptable控制数据传输通道。Optionally, the data transmission channel control module is configured to adjust the channel of the data transmission according to the current service requirement, and can control the data to be simultaneously transmitted only through the wireless data or only through the WIFI or the mobile data and the WIFI. The module requests a data transmission channel from the system according to the data transmission mode required by the current service. Android (Android) system is set to enable WIFI by default when mobile data is transmitted simultaneously with WIFI. After the data is paused, the module will call the system preset interface to re-open the mobile data and control the data transmission channel through the iptable.
上述模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现:上述模块均位于同一处理器中;或者,上述模块分别位于多个处理器中。The above modules can be implemented by software or hardware. For the latter, the modules can be implemented in the following manner: the modules are all located in the same processor; or the modules are respectively located in multiple processors.
下面结合本可选实施例进行详细说明。The following is a detailed description in conjunction with this alternative embodiment.
本可选实施例提供了一种利用WIFI、移动数据同时联网的方法,解决网络安全问题。大量数据传输还是依靠WIFI进行,而安全检验通过移动数据进行。本可选实施例主要利用移动终端WIFI、移动数据,来完成数据的安全传输,不需要无线公共热点做修改。通过本可选实施例提供的方法,可以解决在低成本的情况下大幅提高用户上网安全,所耗费的仅为少量的移动数据流量,就能极大的提高上网安全。The optional embodiment provides a method for simultaneously networking using WIFI and mobile data to solve network security problems. A large amount of data transmission is still carried out by means of WIFI, and security inspection is carried out by moving data. The optional embodiment mainly uses the mobile terminal WIFI and mobile data to complete the secure transmission of data, and does not need to modify the wireless public hotspot. The method provided by the optional embodiment can solve the problem that the user's Internet security is greatly improved in a low-cost situation, and only a small amount of mobile data traffic is consumed, which can greatly improve the security of the Internet.
本可选实施例以终端设备连接公共WIFI热点为例,介绍使用本可选实施例中的数据传输控制方法。图6是根据本可选实施例的数据传输控制方法流程图一,如图6所示,该流程包括如下步骤:The optional embodiment uses the data transmission control method in the alternative embodiment by using a terminal device to connect to a public WIFI hotspot as an example. FIG. 6 is a flowchart 1 of a data transmission control method according to the present optional embodiment. As shown in FIG. 6, the process includes the following steps:
在步骤S601中,用户连接WIFI热点时,数据传输通道控制模块,同时通过移动数据和WIFI热点进行数据传输。In step S601, when the user connects to the WIFI hotspot, the data transmission channel control module simultaneously performs data transmission through the mobile data and the WIFI hotspot.
在步骤S602中,鉴权数据获取模块通过移动数据获取相应的鉴权数据,鉴权数据可以为网站的域名、IP地址、关键文件MD5(Message-Digest Algorithm5(信息-摘要算法5))值等等。根据用户设置的所需要的安全等级获取的鉴权数据有所区别,如用户设置需要常规安全性的检测,则鉴权数据仅获取用户常用网站鉴权数据;如设置低安全性检测,则仅获取常用的网银、购物等敏感操作所需网站的鉴权数据;如设置高安全性检测,则相应增加一些用户可能用到的网站的鉴权数据的获取。In step S602, the authentication data obtaining module acquires corresponding authentication data by using the mobile data, and the authentication data may be a domain name, an IP address, a key file MD5 (Message-Digest Algorithm 5) value of the website, and the like. Wait. The authentication data obtained according to the required security level set by the user is different. If the user setting requires the detection of the general security, the authentication data only obtains the user's common website authentication data; if the low security detection is set, only Obtain authentication data of websites required for sensitive operations such as online banking and shopping; if high security detection is set, the authentication data of websites that may be used by users may be increased accordingly.
在步骤S603中,WIFI安全评估模块根据步骤S601中获取的鉴权数据,对当前WIFI安全性进行评估。评估方法可以为检查通过WIFI热点访问特定网站获取的的IP地址与鉴权数据中所记录是否一致。根据安全评估结果提示用户注意上网安全。In step S603, the WIFI security evaluation module evaluates the current WIFI security according to the authentication data acquired in step S601. The evaluation method may be to check whether the IP address obtained by accessing the specific website through the WIFI hotspot is consistent with the record recorded in the authentication data. According to the results of the security assessment, users are reminded to pay attention to Internet security.
在步骤S604中,数据传输通道控制模块根据安全性进行评估结果控制数据是否通过WIFI传输。若评估为安全时,则数据全部通过WIFI传输,若评估为 有风险时则保持移动数据和WIFI共存,必要时通过移动数据进行再次验证。In step S604, the data transmission channel control module controls whether the data is transmitted through WIFI according to the security evaluation result. If the assessment is safe, the data is all transmitted via WIFI, if the evaluation is When there is risk, keep the mobile data and WIFI coexist, and if necessary, re-verify by moving the data.
对于评估结果安全性较低的WIFI热点,用户在进行敏感操作时可以为用户发送提示信息。本可选实施例还提供了一种在WIFI热点安全性较低的情况下的数据传输控制方法。图7是根据本可选实施例的数据传输控制方法流程图二,如图7所示,该流程包括如下步骤:For WIFI hotspots with low security results, users can send prompts to users when performing sensitive operations. The optional embodiment further provides a data transmission control method in a case where the security of the WIFI hotspot is low. FIG. 7 is a second flowchart of a data transmission control method according to this alternative embodiment. As shown in FIG. 7, the process includes the following steps:
在步骤S701中,在WIFI热点评估结果安全性较低的网络环境下,对用户需要进行的敏感操作进行提醒。让用户选择在传输时是全部通过移动数据传输,或者在传输过程中进行安全验证。In step S701, in a network environment where the WIFI hotspot evaluation result is low in security, the sensitive operation that the user needs to perform is reminded. Let the user choose to transmit all data by mobile data during transmission or to perform security verification during transmission.
在步骤S702中,数据传输通道控制模块根据用户选择,控制数据传输通道为仅通过移动数据,或者通过移动数据和WIFI数据共同传输。In step S702, the data transmission channel control module controls the data transmission channel to transmit only through the mobile data or through the mobile data and the WIFI data according to the user selection.
在步骤S703中,移动数据和WIFI数据共同传输时,WIFI安全评估模块,在用户需要访问网络时通过移动数据获取需要访问的服务器地址信息,就不会被DNS(Domain Name System,域名系统)欺骗攻击。In step S703, when the mobile data and the WIFI data are transmitted together, the WIFI security evaluation module obtains the server address information that needs to be accessed through the mobile data when the user needs to access the network, and is not deceived by the DNS (Domain Name System). attack.
通过移动数据对WIFI热点安全性进行检测,可以在消耗少量数据流量的情况下极大的提高用户网络操作的安全性。同时这些安全检测操作都是在后台进行,并不会影响用户体验,仅在WIFI网络环境安全性存在问题时才会提醒用户。By detecting the security of the WIFI hotspot through the mobile data, the security of the user network operation can be greatly improved when a small amount of data traffic is consumed. At the same time, these security detection operations are performed in the background, and will not affect the user experience. Only when there is a problem in the security of the WIFI network environment will the user be reminded.
本可选实施例中还提供了两种数据传输控制的应用场景。Two alternative scenarios of data transmission control are also provided in this alternative embodiment.
在场景一中,用户连接公共WIFI进行购物操作,根据用户设置的安全等级,通过本公开对当前WIFI热点进行认证,发现通过该热点获取的购物网站A的IP地址被篡改,实际指向一个钓鱼网站。利用本可选实施例提供的数据传输控制可以提醒用户在使用该热点时避免在购物网站A进行操作。In scenario 1, the user connects to the public WIFI to perform a shopping operation, and according to the security level set by the user, the current WIFI hotspot is authenticated through the disclosure, and the IP address of the shopping website A obtained through the hotspot is tampered with, and actually points to a phishing website. . The data transmission control provided by the alternative embodiment can remind the user to avoid operating at the shopping website A when using the hotspot.
在场景二中,用户连接公共WIFI热点上网,使用过程中产生网银转账需求。由于通过本公开在WIFI热点连接时对该热点的安全性判定不高,利用本可选实施例提供的数据传输控制可以提示用户转账过程中可能存在风险,是否在转账操作时仅通过移动数据进行数据传输。In scenario 2, the user connects to a public WIFI hotspot to access the Internet, and the online banking transfer request is generated during use. Since the security of the hotspot is not high when the WIFI hotspot is connected through the present disclosure, the data transmission control provided by the alternative embodiment may prompt the user that there may be a risk in the transfer process, and whether the mobile data is only used during the transfer operation. data transmission.
实施例4Example 4
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,本公开的技术方案本质上或者说对相关技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存 储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本公开多个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product in essence or in a contribution to the related art, and the computer software product is stored in one storage. A storage medium (such as a ROM/RAM, a magnetic disk, an optical disk) includes a plurality of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in various embodiments of the present disclosure. .
本公开的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present disclosure also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
在S1中,通过第一网络获取鉴权数据;In S1, the authentication data is obtained through the first network;
在S2中,根据鉴权数据对第二网络的安全性进行评估,得到评估结果;In S2, the security of the second network is evaluated according to the authentication data, and the evaluation result is obtained;
在S3中,根据评估结果控制数据在传输通道上传输,其中,传输通道包括:第一网络和第二网络中的至少一个。In S3, control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes at least one of the first network and the second network.
可选地,在本实施例中,上述存储介质可以是包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include: a USB flash drive, a read-only memory (ROM), a random access memory (RAM), a mobile hard disk, a magnetic disk, or A variety of media such as optical discs that can store program code.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行上述实施例记载的方法步骤。Optionally, in this embodiment, the processor executes the method steps described in the foregoing embodiments according to the stored program code in the storage medium.
可选地,本实施例中的示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
本实施例还提供了一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述任一实施例所述数据传输控制方法。The embodiment further provides a non-transitory computer readable storage medium storing computer executable instructions for executing the data transmission control method of any of the above embodiments.
本领域的技术人员应该明白,上述的本公开的模块或步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在一些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成多个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本公开不限制于任何特定的硬件和软件结合。Those skilled in the art will appreciate that the above-described modules or steps of the present disclosure may be implemented in a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices, optionally They may be implemented by program code executable by a computing device such that they may be stored in a storage device for execution by the computing device and, in some cases, may be performed in a different order than that illustrated herein or The steps described are either made separately into a plurality of integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. As such, the disclosure is not limited to any specific combination of hardware and software.
以上所述仅为本公开的可选实施例而已,并不用于限制本公开,对于本领域的技术人员来说,本公开可以有多种更改和变化。The above description is only an alternative embodiment of the present disclosure, and is not intended to limit the disclosure, and various changes and modifications may be made to the present disclosure.
工业实用性Industrial applicability
本公开通过第一网络获取鉴权数据;根据鉴权数据对第二网络的安全性进行评估,得到评估结果;根据评估结果控制数据在传输通道上传输,其中,传输通道包括:第一网络和第二网络中的至少一个,由此可见,采用上述方案根 据从第一网络获取的鉴权数据对第二网络的安全性进行评估,并根据评估结果对数据的传输通道进行控制,因此,提高了传输数据的安全性,从而解决了相关技术中只通过一种网络传输数据的安全性低的问题。 The disclosure obtains the authentication data through the first network; the security of the second network is evaluated according to the authentication data, and the evaluation result is obtained; and the control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes: the first network and At least one of the second networks, it can be seen that the above solution is adopted The security of the second network is evaluated according to the authentication data obtained from the first network, and the data transmission channel is controlled according to the evaluation result, thereby improving the security of the transmitted data, thereby solving the related art only A problem of low security of network transmission data.

Claims (12)

  1. 一种数据传输控制方法,包括:A data transmission control method includes:
    通过第一网络获取鉴权数据;Obtaining authentication data through the first network;
    根据所述鉴权数据对第二网络的安全性进行评估,得到评估结果;以及Assessing the security of the second network according to the authentication data, and obtaining an evaluation result;
    根据所述评估结果控制数据在传输通道上传输,其中,所述传输通道包括:所述第一网络和所述第二网络中的至少一个。Control data is transmitted on the transmission channel according to the evaluation result, wherein the transmission channel includes at least one of the first network and the second network.
  2. 根据权利要求1所述的方法,其中,根据所述鉴权数据对所述第二网络的安全性进行评估,得到所述评估结果包括:The method according to claim 1, wherein the security of the second network is evaluated according to the authentication data, and the evaluation result is obtained by:
    判断通过所述第二网络访问预定网站时获取的IP地址与所述预定网站对应的鉴权数据中携带的IP地址是否一致;Determining whether the IP address obtained by accessing the predetermined website through the second network is consistent with the IP address carried in the authentication data corresponding to the predetermined website;
    在判断结果为否的情况下,确定所述评估结果为所述第二网络为第一安全等级;或者,If the determination result is negative, determining that the evaluation result is that the second network is the first security level; or
    在判断结果为是的情况下,确定所述评估结果为所述第二网络为第二安全等级;If the determination result is yes, determining that the evaluation result is that the second network is a second security level;
    其中,所述第一安全等级所指示的安全性比所述第二安全等级所指示的安全性低。The security indicated by the first security level is lower than the security indicated by the second security level.
  3. 根据权利要求2所述的方法,其中,在所述评估结果为所述第二网络的安全等级为第一安全等级的情况下,根据所述评估结果控制所述数据在所述传输通道上传输包括:The method according to claim 2, wherein, in a case where the evaluation result is that the security level of the second network is the first security level, the data is controlled to be transmitted on the transmission channel according to the evaluation result. include:
    发送用于指示所述第二网络的安全等级为第一安全等级的提示信息;Sending prompt information indicating that the security level of the second network is the first security level;
    接收响应于所述提示信息的响应信息,其中,所述响应信息用于指示选择所述第一网络为所述传输通道,或者,所述响应信息用于指示选择所述第一网络和所述第二网络为所述传输通道;Receiving response information in response to the prompt information, wherein the response information is used to indicate that the first network is selected as the transmission channel, or the response information is used to indicate selection of the first network and the The second network is the transmission channel;
    在所述响应信息用于指示选择所述第一网络为所述传输通道的情况下,控制所述数据在所述第一网络上传输;或者,And controlling, when the response information is used to select the first network as the transmission channel, to transmit the data on the first network; or
    在所述响应信息用于指示选择所述第一网络和所述第二网络为所述传输通道的情况下,控制所述数据在所述第一网络和所述第二网络上传输。And controlling the data to be transmitted on the first network and the second network if the response information is used to indicate that the first network and the second network are selected as the transmission channel.
  4. 根据权利要求3所述的方法,其中,控制所述数据在所述第一网络和所述第二网络上传输包括:The method of claim 3 wherein controlling the transmission of the data on the first network and the second network comprises:
    通过所述第一网络对所述第二网络进行安全验证;以及Performing security verification on the second network through the first network;
    在验证成功的情况下,控制所述数据在所述第二网络上传输。In case the verification is successful, the data is controlled to be transmitted on the second network.
  5. 根据权利要求3所述的方法,其中,控制所述数据在所述第一网络和所 述第二网络上传输包括:The method of claim 3 wherein said data is controlled at said first network and said The transmission on the second network includes:
    在接收到预设操作指令的情况下,通过所述第二网络获取所述预设操作指令对应的服务器地址信息;以及Obtaining, by the second network, server address information corresponding to the preset operation instruction, in a case that a preset operation instruction is received;
    在获取的服务器地址信息与所述鉴权数据携带的服务器地址信息一致的情况下,控制所述数据在所述第二网络上传输。And if the obtained server address information is consistent with the server address information carried by the authentication data, the data is controlled to be transmitted on the second network.
  6. 根据权利要求2所述的方法,其中,根据所述评估结果控制所述数据在所述传输通道上传输包括:The method of claim 2, wherein controlling the transmission of the data on the transmission channel based on the evaluation result comprises:
    在所述评估结果为所述第二网络的安全等级为第二安全等级的情况下,控制数据在所述第二网络上传输。In the case where the evaluation result is that the security level of the second network is the second security level, the control data is transmitted on the second network.
  7. 根据权利要求1至6中任一项所述的方法,其中,所述第一网络的安全性高于所述第二网络的安全性。The method of any of claims 1 to 6, wherein the security of the first network is higher than the security of the second network.
  8. 根据权利要求1至6中任一项所述的方法,其中,The method according to any one of claims 1 to 6, wherein
    所述第一网络包括:移动数据网;The first network includes: a mobile data network;
    所述第二网络包括:无线保真WIFI网。The second network includes: a wireless fidelity WIFI network.
  9. 一种数据传输控制装置,包括:A data transmission control device includes:
    获取模块,设置为通过第一网络获取鉴权数据;Obtaining a module, configured to obtain authentication data through the first network;
    评估模块,设置为根据所述鉴权数据对第二网络的安全性进行评估,得到评估结果;以及An evaluation module, configured to evaluate the security of the second network according to the authentication data, to obtain an evaluation result;
    控制模块,设置为根据所述评估结果控制数据在传输通道上传输,其中,所述传输通道包括:所述第一网络和所述第二网络中的至少一个。And a control module configured to control data transmission on the transmission channel according to the evaluation result, wherein the transmission channel comprises: at least one of the first network and the second network.
  10. 根据权利要求9所述的装置,其中,所述评估模块包括:The apparatus of claim 9 wherein said evaluating module comprises:
    判断单元,设置为判断通过所述第二网络访问预定网站时获取的IP地址与所述预定网站对应的鉴权数据中携带的IP地址是否一致;The determining unit is configured to determine whether the IP address obtained when accessing the predetermined website through the second network is consistent with the IP address carried in the authentication data corresponding to the predetermined website;
    第一确定单元,设置为在判断结果为否的情况下,确定所述评估结果为所述第二网络为第一安全等级;或者,a first determining unit, configured to determine, in a case that the determination result is negative, that the evaluation result is that the second network is a first security level; or
    第二确定单元,设置为在判断结果为是的情况下,确定所述评估结果为所述第二网络为第二安全等级;a second determining unit, configured to determine, in a case that the determination result is yes, that the evaluation result is that the second network is a second security level;
    其中,所述第一安全等级所指示的安全性比所述第二安全等级所指示的安全性低。The security indicated by the first security level is lower than the security indicated by the second security level.
  11. 一种数据传输控制装置,包括:A data transmission control device includes:
    鉴权数据获取模块,设置为通过移动数据网获取鉴权数据; The authentication data obtaining module is configured to obtain the authentication data through the mobile data network;
    WIFI安全评估模块,设置为根据所述鉴权数据对当前连接的WIFI热点的安全性进行评估,得到评估结果;以及The WIFI security evaluation module is configured to evaluate the security of the currently connected WIFI hotspot according to the authentication data, and obtain an evaluation result;
    数据传输通道控制模块,设置为根据所述评估结果控制数据在传输通道上传输,其中,所述传输通道包括:所述移动数据网和所述WIFI热点中的至少一个。And a data transmission channel control module, configured to control data transmission on the transmission channel according to the evaluation result, wherein the transmission channel comprises: at least one of the mobile data network and the WIFI hotspot.
  12. 一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1-8任一项所述的方法。 A non-transitory computer readable storage medium storing computer executable instructions for performing the method of any of claims 1-8.
PCT/CN2017/074503 2016-07-18 2017-02-23 Data transmission control method and apparatus WO2018014555A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610571261.8 2016-07-18
CN201610571261.8A CN107635230A (en) 2016-07-18 2016-07-18 Data transfer control method and device

Publications (1)

Publication Number Publication Date
WO2018014555A1 true WO2018014555A1 (en) 2018-01-25

Family

ID=60992823

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/074503 WO2018014555A1 (en) 2016-07-18 2017-02-23 Data transmission control method and apparatus

Country Status (2)

Country Link
CN (1) CN107635230A (en)
WO (1) WO2018014555A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430567A (en) * 2020-10-28 2022-05-03 北京奇艺世纪科技有限公司 Network detection model evaluation method, device and system and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7181530B1 (en) * 2001-07-27 2007-02-20 Cisco Technology, Inc. Rogue AP detection
CN103139768A (en) * 2011-11-28 2013-06-05 上海贝尔股份有限公司 Authentication method and authentication device in integrated wireless network
CN103200150A (en) * 2012-01-04 2013-07-10 深圳市腾讯计算机系统有限公司 Identity authentication method and system
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server
CN103891332A (en) * 2011-08-12 2014-06-25 F-赛酷公司 Detection of suspect wireless access points
CN103891331A (en) * 2011-10-17 2014-06-25 迈可菲公司 Mobile risk assessment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7181530B1 (en) * 2001-07-27 2007-02-20 Cisco Technology, Inc. Rogue AP detection
CN103891332A (en) * 2011-08-12 2014-06-25 F-赛酷公司 Detection of suspect wireless access points
CN103891331A (en) * 2011-10-17 2014-06-25 迈可菲公司 Mobile risk assessment
CN103139768A (en) * 2011-11-28 2013-06-05 上海贝尔股份有限公司 Authentication method and authentication device in integrated wireless network
CN103200150A (en) * 2012-01-04 2013-07-10 深圳市腾讯计算机系统有限公司 Identity authentication method and system
CN103634270A (en) * 2012-08-21 2014-03-12 中国电信股份有限公司 A method for identifying validity of an access point, a system thereof and an access point discriminating server

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430567A (en) * 2020-10-28 2022-05-03 北京奇艺世纪科技有限公司 Network detection model evaluation method, device and system and electronic equipment
CN114430567B (en) * 2020-10-28 2024-02-20 北京奇艺世纪科技有限公司 Network detection model evaluation method, device and system and electronic equipment

Also Published As

Publication number Publication date
CN107635230A (en) 2018-01-26

Similar Documents

Publication Publication Date Title
US11089044B2 (en) Method and system for assessing data security
EP3706022B1 (en) Permissions policy manager to configure permissions on computing devices
US11301569B2 (en) Quarantine of software based on analysis of updated device data
US20210258304A1 (en) Configuring access to a network service based on a security state of a mobile device
RU2622876C2 (en) Method, device and electronic device for connection control
EP3905671B1 (en) Method and device for processing request
US10326730B2 (en) Verification of server name in a proxy device for connection requests made using domain names
CN104144163B (en) Auth method, apparatus and system
US9894630B2 (en) ADSS enabled global roaming system
CN107579966B (en) Control method, device and system for remotely accessing intranet and terminal equipment
US10419431B2 (en) Preventing cross-site request forgery using environment fingerprints of a client device
EP2939493A1 (en) Device-to-device (d2d) discovery without authenticating through cloud
CN103607385A (en) Method and apparatus for security detection based on browser
US11765164B2 (en) Server-based setup for connecting a device to a local area network
CN109167780B (en) Method, device, system and medium for controlling resource access
CN110113747B (en) Method and equipment for connecting hidden wireless access point
CN113341798A (en) Method, system, device, equipment and storage medium for remotely accessing application
US20190044950A1 (en) Detection of Compromised Access Points
WO2017219748A1 (en) Method and device for access permission determination and page access
TW201906433A (en) Wireless network type detection method, device and electronic device
US10341114B2 (en) Providing device, terminal device, providing method, non-transitory computer readable storage medium, and authentication processing system
WO2017084456A1 (en) Wifi hotspot processing method, device and system
US11533622B2 (en) Quarantining fake, counterfeit, jailbroke, or rooted mobile devices in the cloud
US10601864B1 (en) Using disposable profiles for privacy in internet sessions
CN111371817A (en) Equipment control system, method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17830203

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17830203

Country of ref document: EP

Kind code of ref document: A1