WO2019200690A1 - Data protection method, server and computer readable storage medium - Google Patents

Data protection method, server and computer readable storage medium Download PDF

Info

Publication number
WO2019200690A1
WO2019200690A1 PCT/CN2018/091899 CN2018091899W WO2019200690A1 WO 2019200690 A1 WO2019200690 A1 WO 2019200690A1 CN 2018091899 W CN2018091899 W CN 2018091899W WO 2019200690 A1 WO2019200690 A1 WO 2019200690A1
Authority
WO
WIPO (PCT)
Prior art keywords
service request
time point
expired
server
smart device
Prior art date
Application number
PCT/CN2018/091899
Other languages
French (fr)
Chinese (zh)
Inventor
朱秀军
Original Assignee
深圳市网心科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市网心科技有限公司 filed Critical 深圳市网心科技有限公司
Publication of WO2019200690A1 publication Critical patent/WO2019200690A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session

Definitions

  • the present application relates to the field of blockchain technology, and in particular, to a data protection method, a server, and a computer readable storage medium.
  • Cloud service smart devices such as mining machines, are electronic devices that are often used in blockchain networks.
  • the cloud service smart device needs to communicate with the access server to issue a service request, and then the service request is forwarded by the access server to the background processing server to provide the cloud service smart device with the required data and other services.
  • the cloud service smart device can provide the user-side service for the user.
  • the existing service request may be intercepted during the communication between the cloud service smart device and the access server, resulting in information leakage and counterfeiting, and may be copied and replayed, resulting in device status and information being tampered with. risk.
  • the present application proposes a data protection method, a server, and a computer readable storage medium to solve the problem of how to improve the data security of a service request between a cloud service smart device and a server.
  • the present application provides a data protection method, which is applied to a communication process between a cloud service smart device and a server, and the method includes the following steps:
  • the present application further provides a server, including a memory, a processor, and a data protection program executable on the processor, where the data protection program is used by the processor.
  • the present application further provides a computer readable storage medium storing a data protection program, the data protection program being executable by at least one processor to enable the At least one processor performs the steps of the data protection method as described above.
  • the data protection method, the server and the computer readable storage medium proposed by the present application use a dedicated algorithm to encrypt and decrypt the service request, thereby reducing the message being acquired during the communication between the device and the server, resulting in the message being acquired.
  • the risk of information disclosure and counterfeiting is added to the service request, which reduces the risk that the message is copied and the replay causes the device status and information to be tampered with during the communication between the device and the server.
  • FIG. 1 is a schematic diagram of an optional application environment of each embodiment of the present application.
  • FIG. 2 is a schematic diagram of an optional hardware architecture of the access server of FIG. 1;
  • FIG. 3 is a schematic diagram of a program module of a first embodiment and a second embodiment of a data protection system of the present application;
  • FIG. 4 is a schematic flowchart of a first embodiment of a data protection method according to the present application.
  • FIG. 5 is a schematic flowchart of a second embodiment of a data protection method according to the present application.
  • FIG. 1 it is a schematic diagram of an optional application environment of each embodiment of the present application.
  • the present application is applicable to an application environment including, but not limited to, a background processing server 1, an access server 2, and a cloud service smart device 4.
  • the background processing server 1, the access server 2, and the cloud service smart device 4 perform data communication through the network.
  • the cloud service smart device 4 is configured to send a service request, such as a connection request, a data request, to the access server 2, and receive feedback from the access server 2, thereby providing the user with the service of the APP.
  • the cloud service smart device 4 may be a mining machine or the like.
  • the access server 2 is configured to receive the service request sent by the cloud service smart device 4, forward it to the background processing server 1, and then receive the feedback of the background processing server 1 and forward it to the cloud service smart device 4, or according to other servers. The feedback determines whether to remain connected to the cloud service smart device 4.
  • the background processing server 1 and the access server 2 may be a computer, a single network server, a server group composed of a plurality of network servers, or a cloud-based cloud composed of a large number of hosts or network servers.
  • the access server 2 may include, but is not limited to, the memory 11, the processor 12, and the network interface 13 being communicably connected to each other through a system bus. It is noted that Figure 2 only shows the access server 2 with components 11-13, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
  • the memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), and a random access memory (RAM). , static random access memory (SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk, and the like.
  • the memory 11 may be an internal storage unit of the access server 2, such as a hard disk or memory of the access server 2.
  • the memory 11 may also be an external storage device of the access server 2, such as a plug-in hard disk provided on the access server 2, a smart memory card (SMC), Secure Digital (SD) card, Flash Card, etc.
  • the memory 11 may also include both the internal storage unit of the access server 2 and its external storage device.
  • the memory 11 is generally used to store an operating system installed in the access server 2 and various types of application software, such as program code of the data protection system 200. Further, the memory 11 can also be used to temporarily store various types of data that have been output or are to be output.
  • the processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments.
  • the processor 12 is typically used to control the overall operation of the access server 2.
  • the processor 12 is configured to run program code or process data stored in the memory 11, such as running the data protection system 200 and the like.
  • the network interface 13 may comprise a wireless network interface or a wired network interface, which is typically used to establish a communication connection between the access server 2 and other electronic devices.
  • the network interface 13 is mainly used to connect the access server 2 to one or more of the background processing servers 1 and the cloud service smart device 4 through a network, where the access server 2 and the Establishing a data transmission channel and a communication connection between the one or more background processing servers 1 and the cloud service smart device 4.
  • the present application proposes a data protection system 200.
  • FIG. 3 it is a program module diagram of the first embodiment and the second embodiment of the data protection system 200 of the present application.
  • the data protection system 200 includes a series of computer program instructions stored on the memory 11, and when the computer program instructions are executed by the processor 12, the data protection of the embodiments of the present application can be implemented. operating.
  • data protection system 200 can be divided into one or more modules based on the particular operations implemented by the various portions of the computer program instructions. For example, in FIG. 3, the data protection system 200 can be divided into a receiving module 201, a decoding module 202, a determining module 203, and a processing module 204. among them:
  • the receiving module 201 is configured to receive a service request sent by the cloud service smart device 4.
  • a service request such as a connection request, a data request, or the like
  • the service request includes a device MAC address, a device identifier, a device encryption manner, and the like of the cloud service smart device 4.
  • the service request is encrypted by using a predetermined encryption algorithm, and then sent to the access server 2 to reduce the risk of being tampered with.
  • the encryption algorithm may be an AES symmetric encryption algorithm or other similar encryption algorithm.
  • the decoding module 202 is configured to decode the service request.
  • the receiving module 201 decodes the service request by using the same encryption algorithm as the cloud service smart device 4 end.
  • the principle of the encryption algorithm includes: transmitting in a confusing binary encoding manner; the cloud service smart device 4 encrypts data using a key key; the access server 2 decrypts data using the same key key.
  • the determining module 203 is configured to determine whether the decoding of the service request by the decoding module 202 is successful.
  • the decoding module 202 fails to decode the service request by using the same encryption algorithm and key key as the cloud service smart device 4. When it is judged that the decoding is successful, it indicates that the service request has not been tampered with.
  • the processing module 204 is configured to forward the service request to the background processing server 1 when the service request is successfully decoded, or disconnect (or reject) the cloud service intelligence when the service request fails to be decoded. Connection of device 4.
  • the determining module 203 is further configured to: when the service request is successfully decoded, determine whether the timeliness of the service request is expired.
  • the determining module 203 further determines the timeliness of the service request.
  • the service request further includes an effective time point.
  • the determining module 203 determines whether the current time point is earlier than or equal to the valid time point. If the current time point is earlier than or equal to the valid time point, it is determined that the service request has not expired and is valid. If the current time point is later than the valid time point, it is determined that the service request has expired and expired.
  • the cloud service smart device 4 and the access server 2 are long-connected, that is, after the connection is successfully established, the connection is not released for a long time. Therefore, when the cloud service smart device 4 sends a connection request to the access server 3, the access server 3 verifies the timeliness of the connection request. After the verification succeeds, the access server 3 When the other service requests of the cloud service smart device 4 are received, the decoding is successful only, and the timeliness is not verified.
  • the processing module 204 is further configured to: when the service request decoding succeeds and the timeliness of the service request is not expired, forward the service request to the background processing server 1, or when it is determined that the service request decoding fails or When the timeliness of the service request has expired, the connection with the cloud service smart device 4 is disconnected (or rejected).
  • the present application also proposes a data protection method.
  • FIG. 4 it is a schematic flowchart of the first embodiment of the data protection method of the present application.
  • the order of execution of the steps in the flowchart shown in FIG. 4 may be changed according to different requirements, and some steps may be omitted.
  • the method includes the following steps:
  • Step S100 receiving a service request sent by the cloud service smart device 4.
  • a service request such as a connection request, a data request, or the like
  • the service request includes a device MAC address, a device identifier, a device encryption manner, and the like of the cloud service smart device 4.
  • the service request is encrypted by using a predetermined encryption algorithm, and then sent to the access server 2 to reduce the risk of being tampered with.
  • the encryption algorithm may be an AES symmetric encryption algorithm or other similar encryption algorithm.
  • Step S102 decoding the service request.
  • the access server 2 decodes the service request by using the same encryption algorithm as the cloud service smart device 4 end.
  • the principle of the encryption algorithm includes: transmitting in a confusing binary encoding manner; the cloud service smart device 4 encrypts data using a key key; the access server 2 decrypts data using the same key key.
  • step S104 it is determined whether the decoding is successful. If successful, step S106 is performed. If not, step S108 is performed.
  • the access server 2 fails to decode the service request by using the same encryption algorithm and key key as the cloud service smart device 4. When it is judged that the decoding is successful, it indicates that the service request has not been tampered with.
  • step S106 the service request is forwarded to the background processing server 1.
  • the access server 2 when the service request is successfully decoded, the access server 2 maintains a long connection with the cloud service smart device 4, and forwards the service request to the background processing server 1 to make the background
  • the processing server 1 provides corresponding services to the cloud service smart device 4, such as feedback of required data and the like.
  • step S108 the connection with the cloud service smart device 4 is disconnected.
  • the access server 2 disconnects (or rejects) the connection with the cloud service smart device 4.
  • the connection is a TCP (Transmission Control Protocol) connection.
  • the access server 2 removes the cloud service smart device 4 from the TCP connection list.
  • the data protection method provided in this embodiment can use a dedicated algorithm to encrypt and decrypt the service request, which reduces the risk of information leakage and counterfeiting when the device and the server communicate with each other.
  • FIG. 5 it is a schematic flowchart of a second embodiment of the data protection method of the present application.
  • some steps of the data protection method are similar to the steps of the first embodiment, except that the method further includes step S206.
  • the method includes the following steps:
  • Step S200 receiving a service request sent by the cloud service smart device 4.
  • a service request such as a connection request, a data request, or the like
  • the service request includes a device MAC address, a device identifier, a device encryption manner, and the like of the cloud service smart device 4.
  • the service request is encrypted by using a predetermined encryption algorithm, and then sent to the access server 2 to reduce the risk of being tampered with.
  • the encryption algorithm may be an AES symmetric encryption algorithm or other similar encryption algorithm.
  • Step S202 decoding the service request.
  • the access server 2 decodes the service request by using the same encryption algorithm as the cloud service smart device 4 end.
  • the principle of the encryption algorithm includes: transmitting in a confusing binary encoding manner; the cloud service smart device 4 encrypts data using a key key; the access server 2 decrypts data using the same key key.
  • step S204 it is determined whether the decoding is successful. If successful, step S206 is performed. If it is not successful, step S210 is performed.
  • the access server 2 fails to decode the service request by using the same encryption algorithm and key key as the cloud service smart device 4. When it is judged that the decoding is successful, it indicates that the service request has not been tampered with.
  • Step S206 determining whether the timeliness of the service request is expired. If it has not expired, step S208 is performed. If it expires, step S210 is performed.
  • the access server 2 when the service request is successfully decoded, the access server 2 further determines the timeliness of the service request.
  • the service request further includes a timestamp, that is, a valid time point of the service request.
  • the valid time point is obtained therefrom, and then it is determined whether the current time point is earlier than or equal to the valid time point. If the current time point is earlier than or equal to the valid time point, it is determined that the service request has not expired and is valid. If the current time point is later than the valid time point, it is determined that the service request has expired and expired.
  • the cloud service smart device 4 and the access server 2 are long-connected, that is, after the connection is successfully established, the connection is not released for a long time. Therefore, when the cloud service smart device 4 sends a connection request to the access server 3, the access server 3 verifies the timeliness of the connection request. After the verification succeeds, the access server 3 When the other service requests of the cloud service smart device 4 are received, the decoding is successful only, and the timeliness is not verified.
  • Step S208 forwarding the service request to the background processing server 1.
  • the access server 2 maintains a long connection with the cloud service smart device 4, and forwards the service request to the The server 1 is processed in the background to enable the background processing server 1 to provide corresponding services for the cloud service smart device 4, such as feedback of required data and the like.
  • step S210 the connection with the cloud service smart device 4 is disconnected.
  • the access server 2 disconnects (or rejects) the connection with the cloud service smart device 4.
  • the connection is a TCP connection.
  • the access server 2 removes the cloud service smart device 4 from the TCP connection list.
  • the data protection method provided in this embodiment adds a timestamp check to the service request by using a dedicated algorithm to encrypt and decrypt the service request to prevent the phishing attack, thereby reducing the communication between the device and the server.
  • the message is copied and the replay causes the device status and information to be tampered with.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a client (which may be a cell phone, computer, server, air conditioner, or network device, etc.) to perform the methods described in various embodiments of the present application.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Disclosed in the present application is a data protection method. Said method comprises: a server receiving a service request sent by a cloud service smart device, the service request being encrypted using a predetermined encryption algorithm; decoding the service request using the encryption algorithm; determining whether the decoding succeeds; forwarding the service request to a background processing server if the service request is decoded successfully; and disconnecting from the cloud service smart device if the decoding of the service request fails. The present application also provides a server and a computer readable storage medium. The data protection method, the server and the computer readable storage medium provided in the present application can improve the data security of a service request between a cloud service smart device and a server.

Description

数据保护方法、服务器及计算机可读存储介质Data protection method, server and computer readable storage medium
本申请要求于2018年4月17日提交中国专利局、申请号为201810343083.2、发明名称为“数据保护方法、服务器及计算机可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。The present application claims priority to Chinese Patent Application No. 201810343083.2, entitled "Data Protection Method, Server and Computer Readable Storage Media", filed on April 17, 2018, the entire contents of which are incorporated by reference. In the application.
技术领域Technical field
本申请涉及区块链技术领域,尤其涉及一种数据保护方法、服务器及计算机可读存储介质。The present application relates to the field of blockchain technology, and in particular, to a data protection method, a server, and a computer readable storage medium.
背景技术Background technique
云服务智能设备,例如矿机(mining machine)是区块链(Blockchain)网络中经常会使用的电子设备。在实际应用中,云服务智能设备需要与接入服务器进行通信,发出服务请求,然后由接入服务器将所述服务请求转发至后台处理服务器,以为所述云服务智能设备提供需要的数据等服务支持,从而使所述云服务智能设备可以为用户提供APP端的服务。但是,现有的服务请求在所述云服务智能设备与接入服务器通信过程中,很可能被截获,导致信息泄露和仿冒,还有可能被复制和重放,导致设备状态及信息被篡改的风险。Cloud service smart devices, such as mining machines, are electronic devices that are often used in blockchain networks. In a practical application, the cloud service smart device needs to communicate with the access server to issue a service request, and then the service request is forwarded by the access server to the background processing server to provide the cloud service smart device with the required data and other services. Supporting, so that the cloud service smart device can provide the user-side service for the user. However, the existing service request may be intercepted during the communication between the cloud service smart device and the access server, resulting in information leakage and counterfeiting, and may be copied and replayed, resulting in device status and information being tampered with. risk.
发明内容Summary of the invention
有鉴于此,本申请提出一种数据保护方法、服务器及计算机可读存储介质,以解决如何提高云服务智能设备和服务器之间的服务请求的数据安全性的问题。In view of this, the present application proposes a data protection method, a server, and a computer readable storage medium to solve the problem of how to improve the data security of a service request between a cloud service smart device and a server.
首先,为实现上述目的,本申请提出一种数据保护方法,应用于云服务智能设备与服务器的通信过程,该方法包括步骤:First, in order to achieve the above object, the present application provides a data protection method, which is applied to a communication process between a cloud service smart device and a server, and the method includes the following steps:
所述服务器接收所述云服务智能设备发出的服务请求,所述服务请求采 用预先确定的加密算法进行加密;Receiving, by the server, a service request sent by the cloud service smart device, where the service request is encrypted by using a predetermined encryption algorithm;
采用所述加密算法解码所述服务请求;Decoding the service request by using the encryption algorithm;
判断解码是否成功;Determine whether the decoding is successful;
当所述服务请求解码成功时,向后台处理服务器转发所述服务请求;及And when the service request is successfully decoded, forwarding the service request to a background processing server; and
当所述服务请求解码失败时,断开与所述云服务智能设备的连接。When the service request decoding fails, the connection with the cloud service smart device is disconnected.
此外,为实现上述目的,本申请还提供一种服务器,包括存储器、处理器,所述存储器上存储有可在所述处理器上运行的数据保护程序,所述数据保护程序被所述处理器执行时实现如下步骤:In addition, in order to achieve the above object, the present application further provides a server, including a memory, a processor, and a data protection program executable on the processor, where the data protection program is used by the processor The following steps are implemented during execution:
接收云服务智能设备发出的服务请求,所述服务请求采用预先确定的加密算法进行加密;Receiving a service request sent by the cloud service smart device, where the service request is encrypted by using a predetermined encryption algorithm;
采用所述加密算法解码所述服务请求;Decoding the service request by using the encryption algorithm;
判断解码是否成功;Determine whether the decoding is successful;
当所述服务请求解码成功时,向后台处理服务器转发所述服务请求;及And when the service request is successfully decoded, forwarding the service request to a background processing server; and
当所述服务请求解码失败时,断开与所述云服务智能设备的连接。When the service request decoding fails, the connection with the cloud service smart device is disconnected.
进一步地,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质存储有数据保护程序,所述数据保护程序可被至少一个处理器执行,以使所述至少一个处理器执行如上述的数据保护方法的步骤。Further, to achieve the above object, the present application further provides a computer readable storage medium storing a data protection program, the data protection program being executable by at least one processor to enable the At least one processor performs the steps of the data protection method as described above.
相较于现有技术,本申请所提出的数据保护方法、服务器及计算机可读存储介质,采用专用的算法对服务请求进行加解密,降低了设备与服务器通信过程中,报文被获取,导致信息泄露和仿冒的风险。另外,在所述服务请求中增加了时间戳校验,降低了设备与服务器通信过程中,报文被复制,重放导致设备状态及信息被篡改的风险。Compared with the prior art, the data protection method, the server and the computer readable storage medium proposed by the present application use a dedicated algorithm to encrypt and decrypt the service request, thereby reducing the message being acquired during the communication between the device and the server, resulting in the message being acquired. The risk of information disclosure and counterfeiting. In addition, a timestamp check is added to the service request, which reduces the risk that the message is copied and the replay causes the device status and information to be tampered with during the communication between the device and the server.
附图说明DRAWINGS
图1是本申请各个实施例一可选的应用环境示意图;1 is a schematic diagram of an optional application environment of each embodiment of the present application;
图2是图1中接入服务器一可选的硬件架构的示意图;2 is a schematic diagram of an optional hardware architecture of the access server of FIG. 1;
图3是本申请数据保护系统第一实施例及第二实施例的程序模块示意图;3 is a schematic diagram of a program module of a first embodiment and a second embodiment of a data protection system of the present application;
图4是本申请数据保护方法第一实施例的流程示意图;4 is a schematic flowchart of a first embodiment of a data protection method according to the present application;
图5是本申请数据保护方法第二实施例的流程示意图。FIG. 5 is a schematic flowchart of a second embodiment of a data protection method according to the present application.
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features and advantages of the present application will be further described with reference to the accompanying drawings.
具体实施方式detailed description
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the objects, technical solutions, and advantages of the present application more comprehensible, the present application will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
需要说明的是,在本申请中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本申请要求的保护范围之内。It should be noted that the descriptions of "first", "second" and the like in the present application are for the purpose of description only, and are not to be construed as indicating or implying their relative importance or implicitly indicating the number of technical features indicated. . Thus, features defining "first" or "second" may include at least one of the features, either explicitly or implicitly. In addition, the technical solutions between the various embodiments may be combined with each other, but must be based on the realization of those skilled in the art, and when the combination of the technical solutions is contradictory or impossible to implement, it should be considered that the combination of the technical solutions does not exist. Nor is it within the scope of protection required by this application.
参阅图1所示,是本申请各个实施例一可选的应用环境示意图。Referring to FIG. 1 , it is a schematic diagram of an optional application environment of each embodiment of the present application.
在本实施例中,本申请可应用于包括,但不仅限于,后台处理服务器1、接入服务器2、云服务智能设备4的应用环境中。所述后台处理服务器1、接入服务器2、云服务智能设备4之间通过网络进行数据通信。In this embodiment, the present application is applicable to an application environment including, but not limited to, a background processing server 1, an access server 2, and a cloud service smart device 4. The background processing server 1, the access server 2, and the cloud service smart device 4 perform data communication through the network.
其中,云服务智能设备4用于向所述接入服务器2发送服务请求,例如连 接请求、数据请求,并接收所述接入服务器2的反馈,从而为用户提供APP端的服务。所述云服务智能设备4可以是矿机(mining machine)等。The cloud service smart device 4 is configured to send a service request, such as a connection request, a data request, to the access server 2, and receive feedback from the access server 2, thereby providing the user with the service of the APP. The cloud service smart device 4 may be a mining machine or the like.
接入服务器2用于接收所述云服务智能设备4发送的服务请求,并转发给后台处理服务器1,然后接收后台处理服务器1的反馈后转发至所述云服务智能设备4,或者根据其他服务器的反馈确定是否与所述云服务智能设备4保持连接。The access server 2 is configured to receive the service request sent by the cloud service smart device 4, forward it to the background processing server 1, and then receive the feedback of the background processing server 1 and forward it to the cloud service smart device 4, or according to other servers. The feedback determines whether to remain connected to the cloud service smart device 4.
所述后台处理服务器1、接入服务器2可以是计算机、也可以是单个网络服务器、多个网络服务器组成的服务器组或者基于云计算的由大量主机或者网络服务器构成的云。The background processing server 1 and the access server 2 may be a computer, a single network server, a server group composed of a plurality of network servers, or a cloud-based cloud composed of a large number of hosts or network servers.
参阅图2所示,是图1中接入服务器2一可选的硬件架构的示意图。本实施例中,所述接入服务器2可包括,但不仅限于,可通过系统总线相互通信连接存储器11、处理器12、网络接口13。需要指出的是,图2仅示出了具有组件11-13的接入服务器2,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。Referring to FIG. 2, it is a schematic diagram of an optional hardware architecture of the access server 2 in FIG. In this embodiment, the access server 2 may include, but is not limited to, the memory 11, the processor 12, and the network interface 13 being communicably connected to each other through a system bus. It is noted that Figure 2 only shows the access server 2 with components 11-13, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
其中,所述存储器11至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等。在一些实施例中,所述存储器11可以是所述接入服务器2的内部存储单元,例如该接入服务器2的硬盘或内存。在另一些实施例中,所述存储器11也可以是所述接入服务器2的外部存储设备,例如该接入服务器2上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。当然,所述存储器11还可以既包括所述接入服务器2的内部存储单元也包括其外部存储设备。本实施例中,所述存储器11通常用于存储安装于所述接入服务器2的操作系统和各 类应用软件,例如数据保护系统200的程序代码等。此外,所述存储器11还可以用于暂时地存储已经输出或者将要输出的各类数据。The memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), and a random access memory (RAM). , static random access memory (SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk, and the like. In some embodiments, the memory 11 may be an internal storage unit of the access server 2, such as a hard disk or memory of the access server 2. In other embodiments, the memory 11 may also be an external storage device of the access server 2, such as a plug-in hard disk provided on the access server 2, a smart memory card (SMC), Secure Digital (SD) card, Flash Card, etc. Of course, the memory 11 may also include both the internal storage unit of the access server 2 and its external storage device. In this embodiment, the memory 11 is generally used to store an operating system installed in the access server 2 and various types of application software, such as program code of the data protection system 200. Further, the memory 11 can also be used to temporarily store various types of data that have been output or are to be output.
所述处理器12在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器12通常用于控制所述接入服务器2的总体操作。本实施例中,所述处理器12用于运行所述存储器11中存储的程序代码或者处理数据,例如运行所述的数据保护系统200等。The processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 12 is typically used to control the overall operation of the access server 2. In this embodiment, the processor 12 is configured to run program code or process data stored in the memory 11, such as running the data protection system 200 and the like.
所述网络接口13可包括无线网络接口或有线网络接口,该网络接口13通常用于在所述接入服务器2与其他电子设备之间建立通信连接。本实施例中,所述网络接口13主要用于通过网络将所述接入服务器2与一个或多个所述后台处理服务器1、云服务智能设备4相连,在所述接入服务器2与所述一个或多个后台处理服务器1、云服务智能设备4之间的建立数据传输通道和通信连接。The network interface 13 may comprise a wireless network interface or a wired network interface, which is typically used to establish a communication connection between the access server 2 and other electronic devices. In this embodiment, the network interface 13 is mainly used to connect the access server 2 to one or more of the background processing servers 1 and the cloud service smart device 4 through a network, where the access server 2 and the Establishing a data transmission channel and a communication connection between the one or more background processing servers 1 and the cloud service smart device 4.
至此,己经详细介绍了本申请各个实施例的应用环境和相关设备的硬件结构和功能。下面,将基于上述应用环境和相关设备,提出本申请的各个实施例。So far, the application environment of the various embodiments of the present application and the hardware structure and functions of related devices have been described in detail. Hereinafter, various embodiments of the present application will be proposed based on the above-described application environment and related devices.
首先,本申请提出一种数据保护系统200。First, the present application proposes a data protection system 200.
参阅图3所示,是本申请数据保护系统200第一实施例和第二实施例的程序模块图。Referring to FIG. 3, it is a program module diagram of the first embodiment and the second embodiment of the data protection system 200 of the present application.
在第一实施例中,所述的数据保护系统200包括一系列的存储于存储器11上的计算机程序指令,当该计算机程序指令被处理器12执行时,可以实现本申请各实施例的数据保护操作。在一些实施例中,基于该计算机程序指令各部分所实现的特定的操作,数据保护系统200可以被划分为一个或多个模块。例如,在图3中,所述数据保护系统200可以被分割成接收模块201、解码模块202、判断模块203、处理模块204。其中:In the first embodiment, the data protection system 200 includes a series of computer program instructions stored on the memory 11, and when the computer program instructions are executed by the processor 12, the data protection of the embodiments of the present application can be implemented. operating. In some embodiments, data protection system 200 can be divided into one or more modules based on the particular operations implemented by the various portions of the computer program instructions. For example, in FIG. 3, the data protection system 200 can be divided into a receiving module 201, a decoding module 202, a determining module 203, and a processing module 204. among them:
所述接收模块201,用于接收云服务智能设备4发出的服务请求。The receiving module 201 is configured to receive a service request sent by the cloud service smart device 4.
具体地,当所述云服务智能设备4需要向所述接入服务器3请求服务时,向所述接入服务器3发送服务请求,例如连接请求、数据请求等。所述服务请求中包含所述云服务智能设备4的设备MAC地址、设备标识、设备加密方式等。为了保障所述服务请求的数据安全,在本实施例中,所述服务请求要采用预先确定的加密算法进行加密,然后再发送至所述接入服务器2,以降低被篡改的风险。所述加密算法可以为AES对称加密算法或其他类似加密算法。Specifically, when the cloud service smart device 4 needs to request a service from the access server 3, a service request, such as a connection request, a data request, or the like, is sent to the access server 3. The service request includes a device MAC address, a device identifier, a device encryption manner, and the like of the cloud service smart device 4. In order to ensure the data security of the service request, in the embodiment, the service request is encrypted by using a predetermined encryption algorithm, and then sent to the access server 2 to reduce the risk of being tampered with. The encryption algorithm may be an AES symmetric encryption algorithm or other similar encryption algorithm.
所述解码模块202,用于解码所述服务请求。The decoding module 202 is configured to decode the service request.
具体地,接收模块201接收到所述服务请求后,解码模块202采用与所述云服务智能设备4端相同的加密算法解码所述服务请求。Specifically, after receiving the service request, the receiving module 201 decodes the service request by using the same encryption algorithm as the cloud service smart device 4 end.
所述加密算法的原理包括:采用混淆的二进制编码方式传输;所述云服务智能设备4采用密钥key对数据进行加密;所述接入服务器2使用相同的密钥key对数据进行解密。The principle of the encryption algorithm includes: transmitting in a confusing binary encoding manner; the cloud service smart device 4 encrypts data using a key key; the access server 2 decrypts data using the same key key.
所述判断模块203,用于判断所述解码模块202对所述服务请求的解码是否成功。The determining module 203 is configured to determine whether the decoding of the service request by the decoding module 202 is successful.
具体地,如果所述服务请求被篡改,则所述解码模块202采用与所述云服务智能设备4相同的加密算法和密钥key对所述服务请求进行解码时,将解码失败。当判断出解码成功时,表示所述服务请求未被篡改。Specifically, if the service request is tampered with, the decoding module 202 fails to decode the service request by using the same encryption algorithm and key key as the cloud service smart device 4. When it is judged that the decoding is successful, it indicates that the service request has not been tampered with.
所述处理模块204,用于当所述服务请求解码成功时,向后台处理服务器1转发所述服务请求,或者当所述服务请求解码失败时,断开(或者拒绝)与所述云服务智能设备4的连接。The processing module 204 is configured to forward the service request to the background processing server 1 when the service request is successfully decoded, or disconnect (or reject) the cloud service intelligence when the service request fails to be decoded. Connection of device 4.
进一步地,在第二实施例中,所述判断模块203,还用于当所述服务请求解码成功时,判断所述服务请求的时效性是否过期。Further, in the second embodiment, the determining module 203 is further configured to: when the service request is successfully decoded, determine whether the timeliness of the service request is expired.
具体地,当所述服务请求解码成功时,所述判断模块203进一步判断所述服务请求的时效性。在本实施例中,所述服务请求中还包括有效时间点。当所述解码模块202成功对所述服务请求进行解码后,从中获取所述有效时间 点,所述判断模块203判断当前时间点是否早于或者等于所述有效时间点。若当前时间点早于或者等于所述有效时间点,则确定所述服务请求未过期且有效。若当前时间点晚于所述有效时间点,则确定所述服务请求已过期且失效。Specifically, when the service request is successfully decoded, the determining module 203 further determines the timeliness of the service request. In this embodiment, the service request further includes an effective time point. After the decoding module 202 successfully decodes the service request, and obtains the valid time point, the determining module 203 determines whether the current time point is earlier than or equal to the valid time point. If the current time point is earlier than or equal to the valid time point, it is determined that the service request has not expired and is valid. If the current time point is later than the valid time point, it is determined that the service request has expired and expired.
值得注意的是,所述云服务智能设备4与所述接入服务器2之间是长连接,即连接建立成功后,长期不释放。因此,主要在所述云服务智能设备4向所述接入服务器3发出连接请求时,所述接入服务器3验证所述连接请求的时效性,本次验证成功后,所述接入服务器3后续再接收到所述云服务智能设备4的其他服务请求时,只用判断解码是否成功,不用验证时效性。It is to be noted that the cloud service smart device 4 and the access server 2 are long-connected, that is, after the connection is successfully established, the connection is not released for a long time. Therefore, when the cloud service smart device 4 sends a connection request to the access server 3, the access server 3 verifies the timeliness of the connection request. After the verification succeeds, the access server 3 When the other service requests of the cloud service smart device 4 are received, the decoding is successful only, and the timeliness is not verified.
所述处理模块204,还用于当所述服务请求解码成功且所述服务请求的时效性未过期时,向后台处理服务器1转发所述服务请求,或者当判断出所述服务请求解码失败或者所述服务请求的时效性已过期时,断开(或者拒绝)与所述云服务智能设备4的连接。The processing module 204 is further configured to: when the service request decoding succeeds and the timeliness of the service request is not expired, forward the service request to the background processing server 1, or when it is determined that the service request decoding fails or When the timeliness of the service request has expired, the connection with the cloud service smart device 4 is disconnected (or rejected).
此外,本申请还提出一种数据保护方法。In addition, the present application also proposes a data protection method.
参阅图4所示,是本申请数据保护方法第一实施例的流程示意图。在本实施例中,根据不同的需求,图4所示的流程图中的步骤的执行顺序可以改变,某些步骤可以省略。该方法包括以下步骤:Referring to FIG. 4, it is a schematic flowchart of the first embodiment of the data protection method of the present application. In this embodiment, the order of execution of the steps in the flowchart shown in FIG. 4 may be changed according to different requirements, and some steps may be omitted. The method includes the following steps:
步骤S100,接收云服务智能设备4发出的服务请求。Step S100, receiving a service request sent by the cloud service smart device 4.
具体地,当所述云服务智能设备4需要向所述接入服务器3请求服务时,向所述接入服务器3发送服务请求,例如连接请求、数据请求等。所述服务请求中包含所述云服务智能设备4的设备MAC地址、设备标识、设备加密方式等。为了保障所述服务请求的数据安全,在本实施例中,所述服务请求要采用预先确定的加密算法进行加密,然后再发送至所述接入服务器2,以降低被篡改的风险。所述加密算法可以为AES对称加密算法或其他类似加密算法。Specifically, when the cloud service smart device 4 needs to request a service from the access server 3, a service request, such as a connection request, a data request, or the like, is sent to the access server 3. The service request includes a device MAC address, a device identifier, a device encryption manner, and the like of the cloud service smart device 4. In order to ensure the data security of the service request, in the embodiment, the service request is encrypted by using a predetermined encryption algorithm, and then sent to the access server 2 to reduce the risk of being tampered with. The encryption algorithm may be an AES symmetric encryption algorithm or other similar encryption algorithm.
步骤S102,解码所述服务请求。Step S102, decoding the service request.
具体地,所述接入服务器2接收到所述服务请求后,采用与所述云服务智 能设备4端相同的加密算法解码所述服务请求。Specifically, after receiving the service request, the access server 2 decodes the service request by using the same encryption algorithm as the cloud service smart device 4 end.
所述加密算法的原理包括:采用混淆的二进制编码方式传输;所述云服务智能设备4采用密钥key对数据进行加密;所述接入服务器2使用相同的密钥key对数据进行解密。The principle of the encryption algorithm includes: transmitting in a confusing binary encoding manner; the cloud service smart device 4 encrypts data using a key key; the access server 2 decrypts data using the same key key.
步骤S104,判断解码是否成功。若成功,执行步骤S106。若不成功,执行步骤S108。In step S104, it is determined whether the decoding is successful. If successful, step S106 is performed. If not, step S108 is performed.
具体地,如果所述服务请求被篡改,则所述接入服务器2采用与所述云服务智能设备4相同的加密算法和密钥key对所述服务请求进行解码时,将解码失败。当判断出解码成功时,表示所述服务请求未被篡改。Specifically, if the service request is tampered with, the access server 2 fails to decode the service request by using the same encryption algorithm and key key as the cloud service smart device 4. When it is judged that the decoding is successful, it indicates that the service request has not been tampered with.
步骤S106,向后台处理服务器1转发所述服务请求。In step S106, the service request is forwarded to the background processing server 1.
具体地,当所述服务请求解码成功时,所述接入服务器2与所述云服务智能设备4保持长连接,并将所述服务请求转发至所述后台处理服务器1,以使所述后台处理服务器1为所述云服务智能设备4提供相应服务,例如反馈需要的数据等。Specifically, when the service request is successfully decoded, the access server 2 maintains a long connection with the cloud service smart device 4, and forwards the service request to the background processing server 1 to make the background The processing server 1 provides corresponding services to the cloud service smart device 4, such as feedback of required data and the like.
步骤S108,断开与所述云服务智能设备4的连接。In step S108, the connection with the cloud service smart device 4 is disconnected.
具体地,当判断出所述服务请求解码失败时,所述接入服务器2断开(或者拒绝)与所述云服务智能设备4的连接。在本实施例中,所述连接为TCP(Transmission Control Protocol,传输控制协议)连接。所述接入服务器2将所述云服务智能设备4从TCP连接列表中剔除。Specifically, when it is determined that the service request decoding fails, the access server 2 disconnects (or rejects) the connection with the cloud service smart device 4. In this embodiment, the connection is a TCP (Transmission Control Protocol) connection. The access server 2 removes the cloud service smart device 4 from the TCP connection list.
本实施例提供的数据保护方法,可以采用专用的算法对服务请求进行加解密,降低了设备与服务器通信过程中,报文被获取,导致信息泄露和仿冒的风险。The data protection method provided in this embodiment can use a dedicated algorithm to encrypt and decrypt the service request, which reduces the risk of information leakage and counterfeiting when the device and the server communicate with each other.
如图5所示,是本申请数据保护方法的第二实施例的流程示意图。本实施例中,所述数据保护方法的部分步骤与第一实施例的步骤相类似,区别在于该方法还包括步骤S206。As shown in FIG. 5, it is a schematic flowchart of a second embodiment of the data protection method of the present application. In this embodiment, some steps of the data protection method are similar to the steps of the first embodiment, except that the method further includes step S206.
该方法包括以下步骤:The method includes the following steps:
步骤S200,接收云服务智能设备4发出的服务请求。Step S200, receiving a service request sent by the cloud service smart device 4.
具体地,当所述云服务智能设备4需要向所述接入服务器3请求服务时,向所述接入服务器3发送服务请求,例如连接请求、数据请求等。所述服务请求中包含所述云服务智能设备4的设备MAC地址、设备标识、设备加密方式等。为了保障所述服务请求的数据安全,在本实施例中,所述服务请求要采用预先确定的加密算法进行加密,然后再发送至所述接入服务器2,以降低被篡改的风险。所述加密算法可以为AES对称加密算法或其他类似加密算法。Specifically, when the cloud service smart device 4 needs to request a service from the access server 3, a service request, such as a connection request, a data request, or the like, is sent to the access server 3. The service request includes a device MAC address, a device identifier, a device encryption manner, and the like of the cloud service smart device 4. In order to ensure the data security of the service request, in the embodiment, the service request is encrypted by using a predetermined encryption algorithm, and then sent to the access server 2 to reduce the risk of being tampered with. The encryption algorithm may be an AES symmetric encryption algorithm or other similar encryption algorithm.
步骤S202,解码所述服务请求。Step S202, decoding the service request.
具体地,所述接入服务器2接收到所述服务请求后,采用与所述云服务智能设备4端相同的加密算法解码所述服务请求。Specifically, after receiving the service request, the access server 2 decodes the service request by using the same encryption algorithm as the cloud service smart device 4 end.
所述加密算法的原理包括:采用混淆的二进制编码方式传输;所述云服务智能设备4采用密钥key对数据进行加密;所述接入服务器2使用相同的密钥key对数据进行解密。The principle of the encryption algorithm includes: transmitting in a confusing binary encoding manner; the cloud service smart device 4 encrypts data using a key key; the access server 2 decrypts data using the same key key.
步骤S204,判断解码是否成功。若成功,执行步骤S206。若不成功,执行步骤S210。In step S204, it is determined whether the decoding is successful. If successful, step S206 is performed. If it is not successful, step S210 is performed.
具体地,如果所述服务请求被篡改,则所述接入服务器2采用与所述云服务智能设备4相同的加密算法和密钥key对所述服务请求进行解码时,将解码失败。当判断出解码成功时,表示所述服务请求未被篡改。Specifically, if the service request is tampered with, the access server 2 fails to decode the service request by using the same encryption algorithm and key key as the cloud service smart device 4. When it is judged that the decoding is successful, it indicates that the service request has not been tampered with.
步骤S206,判断所述服务请求的时效性是否过期。若未过期,执行步骤S208。若过期,执行步骤S210。Step S206, determining whether the timeliness of the service request is expired. If it has not expired, step S208 is performed. If it expires, step S210 is performed.
具体地,当所述服务请求解码成功时,所述接入服务器2进一步判断所述服务请求的时效性。在本实施例中,所述服务请求中还包括时间戳,即所述服务请求的有效时间点。当所述接入服务器2成功对所述服务请求进行解码后,从中获取所述有效时间点,然后判断当前时间点是否早于或者等于所述有效时间点。若当前时间点早于或者等于所述有效时间点,则确定所述服务请求未过期且有效。若当前时间点晚于所述有效时间点,则确定所述服务请 求已过期且失效。Specifically, when the service request is successfully decoded, the access server 2 further determines the timeliness of the service request. In this embodiment, the service request further includes a timestamp, that is, a valid time point of the service request. After the access server 2 successfully decodes the service request, the valid time point is obtained therefrom, and then it is determined whether the current time point is earlier than or equal to the valid time point. If the current time point is earlier than or equal to the valid time point, it is determined that the service request has not expired and is valid. If the current time point is later than the valid time point, it is determined that the service request has expired and expired.
值得注意的是,所述云服务智能设备4与所述接入服务器2之间是长连接,即连接建立成功后,长期不释放。因此,主要在所述云服务智能设备4向所述接入服务器3发出连接请求时,所述接入服务器3验证所述连接请求的时效性,本次验证成功后,所述接入服务器3后续再接收到所述云服务智能设备4的其他服务请求时,只用判断解码是否成功,不用验证时效性。It is to be noted that the cloud service smart device 4 and the access server 2 are long-connected, that is, after the connection is successfully established, the connection is not released for a long time. Therefore, when the cloud service smart device 4 sends a connection request to the access server 3, the access server 3 verifies the timeliness of the connection request. After the verification succeeds, the access server 3 When the other service requests of the cloud service smart device 4 are received, the decoding is successful only, and the timeliness is not verified.
步骤S208,向后台处理服务器1转发所述服务请求。Step S208, forwarding the service request to the background processing server 1.
具体地,当所述服务请求解码成功且所述服务请求的时效性未过期时,所述接入服务器2与所述云服务智能设备4保持长连接,并将所述服务请求转发至所述后台处理服务器1,以使所述后台处理服务器1为所述云服务智能设备4提供相应服务,例如反馈需要的数据等。Specifically, when the service request decoding is successful and the timeliness of the service request is not expired, the access server 2 maintains a long connection with the cloud service smart device 4, and forwards the service request to the The server 1 is processed in the background to enable the background processing server 1 to provide corresponding services for the cloud service smart device 4, such as feedback of required data and the like.
步骤S210,断开与所述云服务智能设备4的连接。In step S210, the connection with the cloud service smart device 4 is disconnected.
具体地,当判断出所述服务请求解码失败或者所述服务请求的时效性已过期时,所述接入服务器2断开(或者拒绝)与所述云服务智能设备4的连接。在本实施例中,所述连接为TCP连接。所述接入服务器2将所述云服务智能设备4从TCP连接列表中剔除。Specifically, when it is determined that the service request decoding fails or the timeliness of the service request has expired, the access server 2 disconnects (or rejects) the connection with the cloud service smart device 4. In this embodiment, the connection is a TCP connection. The access server 2 removes the cloud service smart device 4 from the TCP connection list.
本实施例提供的数据保护方法,在通过采用专用的算法对服务请求进行加解密,以防止仿冒攻击的基础上,还在所述服务请求中增加了时间戳校验,降低了设备与服务器通信过程中,报文被复制,重放导致设备状态及信息被篡改的风险。The data protection method provided in this embodiment adds a timestamp check to the service request by using a dedicated algorithm to encrypt and decrypt the service request to prevent the phishing attack, thereby reducing the communication between the device and the server. During the process, the message is copied and the replay causes the device status and information to be tampered with.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present application are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体 现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台客户端(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a client (which may be a cell phone, computer, server, air conditioner, or network device, etc.) to perform the methods described in various embodiments of the present application.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above is only a preferred embodiment of the present application, and is not intended to limit the scope of the patent application, and the equivalent structure or equivalent process transformations made by the specification and the drawings of the present application, or directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of this application.

Claims (20)

  1. 一种数据保护方法,应用于云服务智能设备与服务器的通信过程,其特征在于,所述方法包括步骤:A data protection method is applied to a communication process between a cloud service intelligent device and a server, wherein the method includes the following steps:
    所述服务器接收所述云服务智能设备发出的服务请求,所述服务请求采用预先确定的加密算法进行加密;Receiving, by the server, a service request sent by the cloud service smart device, where the service request is encrypted by using a predetermined encryption algorithm;
    采用所述加密算法解码所述服务请求;Decoding the service request by using the encryption algorithm;
    判断解码是否成功;Determine whether the decoding is successful;
    当所述服务请求解码成功时,向后台处理服务器转发所述服务请求;及And when the service request is successfully decoded, forwarding the service request to a background processing server; and
    当所述服务请求解码失败时,断开与所述云服务智能设备的连接。When the service request decoding fails, the connection with the cloud service smart device is disconnected.
  2. 如权利要求1所述的数据保护方法,其特征在于,该方法在所述服务请求解码成功时还包括步骤:The data protection method according to claim 1, wherein the method further comprises the steps of: when the service request is successfully decoded:
    判断所述服务请求的时效性是否过期,若未过期,执行所述向后台处理服务器转发所述服务请求的步骤,若已过期,执行所述断开与所述云服务智能设备的连接的步骤。Determining whether the timeliness of the service request is expired, if not expired, performing the step of forwarding the service request to the background processing server, if the expiration, performing the disconnecting the connection with the cloud service smart device .
  3. 如权利要求1所述的数据保护方法,其特征在于,所述加密算法为AES对称加密算法,所述云服务智能设备和所述服务器采用相同的密钥对所述服务请求进行加密和解码。The data protection method according to claim 1, wherein the encryption algorithm is an AES symmetric encryption algorithm, and the cloud service smart device and the server encrypt and decode the service request by using the same key.
  4. 如权利要求2所述的数据保护方法,其特征在于,所述加密算法为AES对称加密算法,所述云服务智能设备和所述服务器采用相同的密钥对所述服务请求进行加密和解码。The data protection method according to claim 2, wherein the encryption algorithm is an AES symmetric encryption algorithm, and the cloud service smart device and the server encrypt and decode the service request by using the same key.
  5. 如权利要求2所述的数据保护方法,其特征在于,所述服务请求中包 括有效时间点。The data protection method according to claim 2, wherein said service request includes an effective time point.
  6. 如权利要求4所述的数据保护方法,其特征在于,所述服务请求中包括有效时间点。The data protection method according to claim 4, wherein the service request includes an effective time point.
  7. 如权利要求5所述的数据保护方法,其特征在于,所述判断所述服务请求的时效性是否过期的步骤包括:The data protection method according to claim 5, wherein the step of determining whether the timeliness of the service request is expired comprises:
    从解码后的所述服务请求中获取所述有效时间点;Obtaining the valid time point from the decoded service request;
    判断当前时间点是否早于或者等于所述有效时间点;Determining whether the current time point is earlier than or equal to the valid time point;
    若当前时间点早于或者等于所述有效时间点,则确定所述服务请求未过期且有效;Determining that the service request is not expired and valid if the current time point is earlier than or equal to the valid time point;
    若当前时间点晚于所述有效时间点,则确定所述服务请求已过期且失效。If the current time point is later than the valid time point, it is determined that the service request has expired and expired.
  8. 如权利要求6所述的数据保护方法,其特征在于,所述判断所述服务请求的时效性是否过期的步骤包括:The data protection method according to claim 6, wherein the step of determining whether the timeliness of the service request is expired comprises:
    从解码后的所述服务请求中获取所述有效时间点;Obtaining the valid time point from the decoded service request;
    判断当前时间点是否早于或者等于所述有效时间点;Determining whether the current time point is earlier than or equal to the valid time point;
    若当前时间点早于或者等于所述有效时间点,则确定所述服务请求未过期且有效;Determining that the service request is not expired and valid if the current time point is earlier than or equal to the valid time point;
    若当前时间点晚于所述有效时间点,则确定所述服务请求已过期且失效。If the current time point is later than the valid time point, it is determined that the service request has expired and expired.
  9. 一种服务器,其特征在于,所述服务器包括存储器、处理器,所述存储器上存储有可在所述处理器上运行的数据保护程序,所述数据保护程序被所述处理器执行时实现如下步骤:A server, comprising: a memory, a processor, wherein the memory stores a data protection program executable on the processor, and when the data protection program is executed by the processor, the following is implemented as follows step:
    接收云服务智能设备发出的服务请求,所述服务请求采用预先确定的加密算法进行加密;Receiving a service request sent by the cloud service smart device, where the service request is encrypted by using a predetermined encryption algorithm;
    采用所述加密算法解码所述服务请求;Decoding the service request by using the encryption algorithm;
    判断解码是否成功;Determine whether the decoding is successful;
    当所述服务请求解码成功时,向后台处理服务器转发所述服务请求;及And when the service request is successfully decoded, forwarding the service request to a background processing server; and
    当所述服务请求解码失败时,断开与所述云服务智能设备的连接。When the service request decoding fails, the connection with the cloud service smart device is disconnected.
  10. 如权利要求9所述的服务器,其特征在于,所述数据保护程序被所述处理器执行时还实现步骤:The server according to claim 9, wherein said data protection program is further executed by said processor:
    当所述服务请求解码成功时,判断所述服务请求的时效性是否过期,若未过期,执行所述向后台处理服务器转发所述服务请求的步骤,若已过期,执行所述断开与所述云服务智能设备的连接的步骤。When the service request is successfully decoded, determining whether the timeliness of the service request is expired, if not expired, performing the step of forwarding the service request to the background processing server, and if it has expired, executing the disconnection The steps of connecting the cloud service smart device.
  11. 如权利要求9所述的服务器,其特征在于,所述加密算法为AES对称加密算法,所述云服务智能设备和所述服务器采用相同的密钥对所述服务请求进行加密和解码。The server according to claim 9, wherein said encryption algorithm is an AES symmetric encryption algorithm, and said cloud service smart device and said server encrypt and decode said service request using the same key.
  12. 如权利要求10所述的服务器,其特征在于,所述加密算法为AES对称加密算法,所述云服务智能设备和所述服务器采用相同的密钥对所述服务请求进行加密和解码。The server according to claim 10, wherein said encryption algorithm is an AES symmetric encryption algorithm, and said cloud service smart device and said server encrypt and decode said service request using the same key.
  13. 如权利要求10所述的服务器,其特征在于,所述服务请求中包括有效时间点。The server of claim 10 wherein said service request includes a valid point in time.
  14. 如权利要求13所述的服务器,其特征在于,所述判断所述服务请求的时效性是否过期的步骤包括:The server according to claim 13, wherein the step of determining whether the timeliness of the service request is expired comprises:
    从解码后的所述服务请求中获取所述有效时间点;Obtaining the valid time point from the decoded service request;
    判断当前时间点是否早于或者等于所述有效时间点;Determining whether the current time point is earlier than or equal to the valid time point;
    若当前时间点早于或者等于所述有效时间点,则确定所述服务请求未过期且有效;Determining that the service request is not expired and valid if the current time point is earlier than or equal to the valid time point;
    若当前时间点晚于所述有效时间点,则确定所述服务请求已过期且失效。If the current time point is later than the valid time point, it is determined that the service request has expired and expired.
  15. 一种计算机可读存储介质,所述计算机可读存储介质存储有数据保护程序,所述数据保护程序可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:A computer readable storage medium storing a data protection program, the data protection program being executable by at least one processor to cause the at least one processor to perform the following steps:
    接收云服务智能设备发出的服务请求,所述服务请求采用预先确定的加密算法进行加密;Receiving a service request sent by the cloud service smart device, where the service request is encrypted by using a predetermined encryption algorithm;
    采用所述加密算法解码所述服务请求;Decoding the service request by using the encryption algorithm;
    判断解码是否成功;Determine whether the decoding is successful;
    当所述服务请求解码成功时,向后台处理服务器转发所述服务请求;及And when the service request is successfully decoded, forwarding the service request to a background processing server; and
    当所述服务请求解码失败时,断开与所述云服务智能设备的连接。When the service request decoding fails, the connection with the cloud service smart device is disconnected.
  16. 如权利要求15所述的计算机可读存储介质,其特征在于,所述数据保护程序被所述处理器执行时还实现步骤:The computer readable storage medium of claim 15 wherein said data protection program is further implemented when said processor is executed:
    当所述服务请求解码成功时,判断所述服务请求的时效性是否过期,若未过期,执行所述向后台处理服务器转发所述服务请求的步骤,若已过期,执行所述断开与所述云服务智能设备的连接的步骤。When the service request is successfully decoded, determining whether the timeliness of the service request is expired, if not expired, performing the step of forwarding the service request to the background processing server, and if it has expired, executing the disconnection The steps of connecting the cloud service smart device.
  17. 如权利要求15所述的计算机可读存储介质,其特征在于,所述加密算法为AES对称加密算法,所述云服务智能设备和所述服务器采用相同的密钥对所述服务请求进行加密和解码。A computer readable storage medium according to claim 15, wherein said encryption algorithm is an AES symmetric encryption algorithm, said cloud service smart device and said server encrypting said service request using the same key decoding.
  18. 如权利要求16所述的计算机可读存储介质,其特征在于,所述加密算法为AES对称加密算法,所述云服务智能设备和所述服务器采用相同的密 钥对所述服务请求进行加密和解码。The computer readable storage medium according to claim 16, wherein said encryption algorithm is an AES symmetric encryption algorithm, said cloud service smart device and said server encrypting said service request using the same key decoding.
  19. 如权利要求16所述的计算机可读存储介质,其特征在于,所述服务请求中包括有效时间点。The computer readable storage medium of claim 16 wherein the service request includes a valid point in time.
  20. 如权利要求19所述的计算机可读存储介质,其特征在于,所述判断所述服务请求的时效性是否过期的步骤包括:The computer readable storage medium of claim 19, wherein the step of determining whether the timeliness of the service request has expired comprises:
    从解码后的所述服务请求中获取所述有效时间点;Obtaining the valid time point from the decoded service request;
    判断当前时间点是否早于或者等于所述有效时间点;Determining whether the current time point is earlier than or equal to the valid time point;
    若当前时间点早于或者等于所述有效时间点,则确定所述服务请求未过期且有效;Determining that the service request is not expired and valid if the current time point is earlier than or equal to the valid time point;
    若当前时间点晚于所述有效时间点,则确定所述服务请求已过期且失效。If the current time point is later than the valid time point, it is determined that the service request has expired and expired.
PCT/CN2018/091899 2018-04-17 2018-06-20 Data protection method, server and computer readable storage medium WO2019200690A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810343083.2A CN108737377A (en) 2018-04-17 2018-04-17 Data guard method, server and computer readable storage medium
CN201810343083.2 2018-04-17

Publications (1)

Publication Number Publication Date
WO2019200690A1 true WO2019200690A1 (en) 2019-10-24

Family

ID=63938986

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/091899 WO2019200690A1 (en) 2018-04-17 2018-06-20 Data protection method, server and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN108737377A (en)
WO (1) WO2019200690A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11184436B2 (en) 2020-03-02 2021-11-23 International Business Machines Corporation Automated storage selection with blockchain and NLP

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1449617A (en) * 2000-08-25 2003-10-15 捷讯研究有限公司 System and method for implementing an enhanced transport layer security protocol
CN102724207A (en) * 2012-06-28 2012-10-10 上海西本网络科技有限公司 Method and device for transmitting/processing service request, client end and service end
US20160359823A1 (en) * 2014-12-09 2016-12-08 Soha Systems, Inc. Filtering tls connection requests using tls extension and federated tls tickets
CN106357659A (en) * 2016-09-30 2017-01-25 山东浪潮商用系统有限公司 Cloud storage certification system, cloud storage certification method and data transmission method

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100373853C (en) * 2005-10-10 2008-03-05 中兴通讯股份有限公司 Flow media service request authentication method and system
CN102571702B (en) * 2010-12-22 2014-11-05 中兴通讯股份有限公司 Key generation method, system and equipment in Internet of things
CN102571771B (en) * 2011-12-23 2014-06-04 华中科技大学 Safety authentication method of cloud storage system
CN102833253B (en) * 2012-08-29 2015-09-16 五八同城信息技术有限公司 Set up method and server that client is connected with server security
CN103401872B (en) * 2013-08-05 2016-12-28 北京工业大学 The method prevented and detect man-in-the-middle attack based on RDP improved protocol
US9178881B2 (en) * 2013-10-09 2015-11-03 Microsoft Technology Licensing, Llc Proof of device genuineness
CN104009987B (en) * 2014-05-21 2017-02-22 南京邮电大学 Fine-grained cloud platform security access control method based on user identity capacity
CN103986735B (en) * 2014-06-05 2017-04-19 北京赛维安讯科技发展有限公司 CDN (content distribution network) antitheft system and antitheft method
CN105337935B (en) * 2014-07-09 2018-12-21 阿里巴巴集团控股有限公司 A kind of method and apparatus for establishing client and the long connection of server-side
CN105376062B (en) * 2015-10-26 2019-05-31 努比亚技术有限公司 A kind of communication security exchange method, apparatus and system
CN106101133A (en) * 2016-07-14 2016-11-09 观止云(北京)信息技术有限公司 A kind of method and system of Streaming Media door chain
US10003585B2 (en) * 2016-08-02 2018-06-19 Samsung Electronics Co., Ltd. Systems, devices, and methods for preventing unauthorized access to storage devices
CN106603508A (en) * 2016-11-30 2017-04-26 青岛海尔科技有限公司 Wireless encryption communication method, intelligent household electrical appliance, server, and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1449617A (en) * 2000-08-25 2003-10-15 捷讯研究有限公司 System and method for implementing an enhanced transport layer security protocol
CN102724207A (en) * 2012-06-28 2012-10-10 上海西本网络科技有限公司 Method and device for transmitting/processing service request, client end and service end
US20160359823A1 (en) * 2014-12-09 2016-12-08 Soha Systems, Inc. Filtering tls connection requests using tls extension and federated tls tickets
CN106357659A (en) * 2016-09-30 2017-01-25 山东浪潮商用系统有限公司 Cloud storage certification system, cloud storage certification method and data transmission method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11184436B2 (en) 2020-03-02 2021-11-23 International Business Machines Corporation Automated storage selection with blockchain and NLP

Also Published As

Publication number Publication date
CN108737377A (en) 2018-11-02

Similar Documents

Publication Publication Date Title
WO2021196915A1 (en) Encryption and decryption operation-based data transmission methods and systems, and computer device
EP3742696B1 (en) Identity management method, equipment, communication network, and storage medium
WO2019174187A1 (en) Blockchain-based method for message communication between multiple terminals, terminal and storage medium
EP3609121B1 (en) Method and device for managing digital certificate
US8064606B2 (en) Method and apparatus for securely registering hardware and/or software components in a computer system
US20080065777A1 (en) Method and system for establishing a secure over-the-air (ota) device connection
EP3633949A1 (en) Method and system for performing ssl handshake
WO2015085848A1 (en) Security authentication method and bidirectional forwarding detection method
WO2012100677A1 (en) Identity management method and device for mobile terminal
CN109729000B (en) Instant messaging method and device
CN111914291A (en) Message processing method, device, equipment and storage medium
CN112968910B (en) Replay attack prevention method and device
CN113225351B (en) Request processing method and device, storage medium and electronic equipment
CN113225352A (en) Data transmission method and device, electronic equipment and storage medium
US10728045B2 (en) Authentication device, authentication system, authentication method, and program
CN114142995B (en) Key security distribution method and device for block chain relay communication network
CN113377784B (en) Data processing method, system and storage medium based on middleware
CN111314269B (en) Address automatic allocation protocol security authentication method and equipment
EP2930962B1 (en) Encryption/decryption method, system and device
WO2019200690A1 (en) Data protection method, server and computer readable storage medium
KR101971995B1 (en) Method for decryping secure sockets layer for security
US8699710B2 (en) Controlled security domains
CN107623571B (en) Handshake processing method, client and server
CN114143038A (en) Key secure distribution method and device for block chain relay communication network
CN109688158B (en) Financial execution chain authentication method, electronic device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18915764

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 12/02/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18915764

Country of ref document: EP

Kind code of ref document: A1