CN105227569A - The data pack transmission method of application and device - Google Patents

The data pack transmission method of application and device Download PDF

Info

Publication number
CN105227569A
CN105227569A CN201510674341.1A CN201510674341A CN105227569A CN 105227569 A CN105227569 A CN 105227569A CN 201510674341 A CN201510674341 A CN 201510674341A CN 105227569 A CN105227569 A CN 105227569A
Authority
CN
China
Prior art keywords
address
upstream data
data bag
data packet
downlink data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510674341.1A
Other languages
Chinese (zh)
Other versions
CN105227569B (en
Inventor
韩长青
邵军义
王巍巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baidu Online Network Technology Beijing Co Ltd
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201510674341.1A priority Critical patent/CN105227569B/en
Publication of CN105227569A publication Critical patent/CN105227569A/en
Application granted granted Critical
Publication of CN105227569B publication Critical patent/CN105227569B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a kind of data pack transmission method and device of application.The embodiment of the present invention by obtaining the upstream data bag of agreement Network Based to be sent, and then determines application belonging to described upstream data bag, makes it possible to apply belonging to described upstream data bag, sends the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption; upstream data due to the agreement Network Based by different application is surrounded by and optionally carries out a point flow transmission; namely the upstream data bag of the agreement Network Based of part application is encrypted protection transmission; to ensure its network security; the upstream data bag of the agreement Network Based of another part application carries out non-encrypted protection transmission; to reduce network delay; make no longer all to be encrypted protection transmission to the upstream data bag of the agreement Network Based of whole user, thus reduce the overhead of terminal.

Description

The data pack transmission method of application and device
[technical field]
The present invention relates to Internet technology, particularly relate to a kind of data pack transmission method and device of application.
[background technology]
At present, China Mobile's number of users reaches 800,000,000, popularizing simultaneously along with intelligent terminal, and Mobile solution is colorful various, public local area networks network access scene gets more and more, such as, Wireless Fidelity (WirelessFidelity, Wi-Fi) network insertion.But part public local area networks network is incredible, may there is very large security threat, such as, ingress-only packet sniffing, to distort, the abduction of domain name system (DomainNameSystem, DNS), to distort, phishing equivalent risk.In order to solve the problem, escape way can be opened for terminal, such as, VPN (virtual private network) (VirtualPrivateNetwork, VPN) passage etc., by this escape way by the Packet Generation through encryption to security server, by security server by the Packet Generation after decryption processing give application server.
But once open escape way, terminal is sent by escape way, like this, can cause the increase of the overhead of terminal after then needing to be encrypted the packet of the agreement Network Based of the whole application in this terminal.
[summary of the invention]
Many aspects of the present invention provide a kind of data pack transmission method and device of application, in order to reduce the overhead of terminal.
An aspect of of the present present invention, provides a kind of data pack transmission method of application, comprising:
Obtain the upstream data bag of agreement Network Based to be sent;
Determine application belonging to described upstream data bag;
Apply belonging to described upstream data bag, send the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, described procotol comprises IP, ICMP, RIP, DSPF, BGP or IGMP.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, describedly determines application belonging to described upstream data bag, comprising:
From the kernel of operating system, reading the source port number of described upstream data bag and operating system is apply the first mapping relations between the user ID of distributing;
The second mapping relations between the bag name obtaining described user ID and application;
According to described first mapping relations and described second mapping relations, obtain the bag name of application belonging to described upstream data bag.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, describedly applies belonging to described upstream data bag, sends the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption, comprising:
If described in be applied in the encrypted transmission list pre-set, send the described upstream data bag through encryption; Or
If described application is not in the encrypted transmission list pre-set, send not through the described upstream data bag of encryption.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, and described transmission, through the described upstream data bag of encryption, comprising:
By escape way, send the described upstream data bag through encryption.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, and described transmission through the described upstream data bag of encryption, does not comprise,
By transmission agency, send not through the described upstream data bag of encryption.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, and the object IP address of described upstream data bag and destination slogan are IP address and the port numbers of the server of described application; Described by transmission agency, send not through the described upstream data bag of encryption, comprising:
By the object IP address of described upstream data bag and destination slogan, be revised as IP address and the port numbers of described transmission agency;
By the object IP address of the described upstream data bag after the object IP address of the described upstream data bag before the source port number of described upstream data bag, amendment and destination slogan and amendment and destination slogan, be recorded in conversion table;
Described transmission is sent to act on behalf of, to make described upstream data bag
Described transmission agency is according to the source port number of described upstream data bag and described conversion table, obtain that record in described conversion table with the amendment corresponding to source port number that is described upstream data bag before the object IP address of described upstream data bag and destination slogan, using the object IP address of described upstream data bag before amendment and destination slogan as object IP address and destination slogan, using operating system be described application distribute IP address and port numbers as source IP address and source port number, after the net load of described upstream data bag is encapsulated send.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, adopts UDP as transport layer protocol; Described by transmission agency, send not after the described upstream data bag of encryption, also comprise:
Obtain new downlink data packet to be sent, described new downlink data packet, for described transmission agency receives the downlink data packet based on described procotol, the IP address this transmission acted on behalf of and port numbers are as source IP address and source port number, according to the source IP address of described downlink data packet, source port number and described conversion table, obtain source port number that is that record in described conversion table and the described upstream data bag corresponding to source IP address that is described downlink data packet and source port number using as destination slogan, using assigned ip address as object IP address, generate and send after the net load of described downlink data packet is encapsulated,
According to destination slogan and the described conversion table of described new downlink data packet, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes;
Described new downlink data packet is sent to described application.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, adopts TCP as transport layer protocol; Described described upstream data bag is sent to described transmission act on behalf of before, also comprise:
By the source IP address of described upstream data bag, be revised as assigned ip address, for the source port number according to described assigned ip address and described upstream data bag, and described IP address and the port numbers transmitting agency, set up TCP and connect;
Describedly send to described transmission to act on behalf of described upstream data bag, comprising:
Described upstream data bag is connected by described TCP, sends to described transmission to act on behalf of.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, described by transmission agency, sends not after the described upstream data bag of encryption, also comprise:
Obtain new downlink data packet to be sent, described new downlink data packet, for described transmission agency receives the downlink data packet based on described procotol, connected the net load of the described downlink data packet of this TCP connection encapsulation sent by described TCP;
According to destination slogan and the described conversion table of described new downlink data packet, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes;
Described new downlink data packet is sent to described application.
Another aspect of the present invention, provides a kind of data packet transmission device of application, comprising:
Acquiring unit, for obtaining the upstream data bag of agreement Network Based to be sent;
Determining unit, applies belonging to described upstream data bag for determining;
Transmitting element, for applying belonging to described upstream data bag, sends the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, described procotol comprises IP, ICMP, RIP, DSPF, BGP or IGMP.
Aspect as above and arbitrary possible implementation, provide a kind of implementation, described determining unit further, specifically for
From the kernel of operating system, reading the source IP address of described upstream data bag and source port number and operating system is apply the first mapping relations between the user ID of distributing;
The second mapping relations between the bag name obtaining described user ID and application; And
According to described first mapping relations and described second mapping relations, obtain the bag name of application belonging to described upstream data bag.
Aspect as above and arbitrary possible implementation, provide a kind of implementation, described transmitting element further, specifically for
If described in be applied in the encrypted transmission list pre-set, send the described upstream data bag through encryption; Or
If described application is not in the encrypted transmission list pre-set, send not through the described upstream data bag of encryption.
Aspect as above and arbitrary possible implementation, provide a kind of implementation, described transmitting element further, specifically for
By escape way, send the described upstream data bag through encryption.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, and described device also comprises transmission agency; Described transmitting element, specifically for
By described transmission agency, send not through the described upstream data bag of encryption.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, and the object IP address of described upstream data bag and destination slogan are IP address and the port numbers of the server of described application; Described transmitting element, specifically for
By the object IP address of described upstream data bag and destination slogan, be revised as IP address and the port numbers of described transmission agency;
By the object IP address of the described upstream data bag after the object IP address of the described upstream data bag before the source port number of described upstream data bag, amendment and destination slogan and amendment and destination slogan, be recorded in conversion table; And
Described transmission is sent to act on behalf of described upstream data bag;
Described transmission agency, for
Described transmission agency is according to the source port number of described upstream data bag and described conversion table, obtain that record in described conversion table with the amendment corresponding to source port number that is described upstream data bag before the object IP address of described upstream data bag and destination slogan, using the object IP address of described upstream data bag before amendment and destination slogan as object IP address and destination slogan, using operating system be described application distribute IP address and port numbers as source IP address and source port number, after the net load of described upstream data bag is encapsulated send.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, adopts UDP as transport layer protocol;
Described transmission agency, also for
Receive the downlink data packet based on described procotol, the IP address this transmission acted on behalf of and port numbers are as source IP address and source port number, according to the source IP address of described downlink data packet, source port number and described conversion table, obtain source port number that is that record in described conversion table and the described upstream data bag corresponding to source IP address that is described downlink data packet and source port number using as destination slogan, using assigned ip address as object IP address, the net load of described downlink data packet is encapsulated, generate new downlink data packet, and send this new downlink data packet,
Described acquiring unit, also for
Obtain new downlink data packet to be sent;
Transmitting element, also for
According to destination slogan and the described conversion table of described new downlink data packet, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes; And
Described new downlink data packet is sent to described application.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further, adopts TCP as transport layer protocol; Described transmitting element, also for
By the source IP address of described upstream data bag, be revised as assigned ip address, for the source port number according to described assigned ip address and described upstream data bag, and described IP address and the port numbers transmitting agency, set up TCP and connect;
Described transmitting element, specifically for
Described upstream data bag is connected by described TCP, sends to described transmission to act on behalf of.
Aspect as above and arbitrary possible implementation, provide a kind of implementation further,
Described transmission agency, also for
Receive the downlink data packet based on described procotol; And
Connected by described TCP, the new packet that the net load sending downlink data packet described in this TCP connection encapsulation generates, and send this new downlink data packet;
Described acquiring unit, also for
Obtain new downlink data packet to be sent;
Described transmitting element, also for
According to destination slogan and the described conversion table of described new downlink data packet, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes; And
Described new downlink data packet is sent to described application.
As shown from the above technical solution, the embodiment of the present invention is by obtaining the upstream data bag of agreement Network Based to be sent, and then determine application belonging to described upstream data bag, make it possible to apply belonging to described upstream data bag, send the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption; upstream data due to the agreement Network Based by different application is surrounded by and optionally carries out a point flow transmission; namely the upstream data bag of the agreement Network Based of part application is encrypted protection transmission; to ensure its network security; the upstream data bag of the agreement Network Based of another part application carries out non-encrypted protection transmission; to reduce network delay; make no longer all to be encrypted protection transmission to the upstream data bag of the agreement Network Based of whole user, thus reduce the overhead of terminal.
In addition; adopt technical scheme provided by the present invention; upstream data due to the agreement Network Based by different application is surrounded by and optionally carries out a point flow transmission; make no longer all to be encrypted protection transmission to the upstream data bag of the agreement Network Based of whole user, effectively can reduce network traffics and the computing pressure of security server.
In addition; adopt technical scheme provided by the present invention; when escape way is opened; be not the agreement Network Based of whole user upstream data bag all by this escape way be encrypted protection transmission; but the upstream data bag of the agreement Network Based of some application is not pass through opened escape way to be encrypted protection transmission; effectively can reduce network delay, significant increase Consumer's Experience.
[accompanying drawing explanation]
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The schematic flow sheet of the data pack transmission method of the application that Fig. 1 provides for one embodiment of the invention;
The structural representation of the data packet transmission device of the application that Fig. 2 provides for another embodiment of the present invention;
The structural representation of the data packet transmission device of the application that Fig. 3 provides for another embodiment of the present invention.
[embodiment]
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making other embodiments whole obtained under creative work prerequisite, belong to the scope of protection of the invention.
It should be noted that, terminal involved in the embodiment of the present invention can include but not limited to mobile phone, personal digital assistant (PersonalDigitalAssistant, PDA), radio hand-held equipment, panel computer (TabletComputer), PC (PersonalComputer, PC), MP3 player, MP4 player, wearable device (such as, intelligent glasses, intelligent watch, Intelligent bracelet etc.) etc.
In addition, term "and/or" herein, being only a kind of incidence relation describing affiliated partner, can there are three kinds of relations in expression, and such as, A and/or B, can represent: individualism A, exists A and B simultaneously, these three kinds of situations of individualism B.In addition, character "/" herein, general expression forward-backward correlation is to the relation liking a kind of "or".
The schematic flow sheet of the data pack transmission method of the application that Fig. 1 provides for one embodiment of the invention, as shown in Figure 1.
101, the upstream data bag of agreement Network Based to be sent is obtained.
Wherein, described procotol, refer to adopted network layer protocol, Internet protocol (InternetProtocol can be included but not limited to, IP), Internet Control Message Protocol (InternetControlMessageProtocol, ICMP), routing information protocol (RoutinginformationProtocol, RIP), ospf (OpenShortest-PathFirst, OSPF) agreement, Border Gateway Protocol (BorderGatewayProtocol, or the Internet group igmpinternet (InternetGroupManagementProtocol BGP), IGMP).
102, application belonging to described upstream data bag is determined.
103, apply belonging to described upstream data bag, send the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption.
It should be noted that, the executive agent of 101 ~ 103 partly or entirely can for being positioned at the bottom of the operating system of terminal such as, the Native layer of Android operation system, in functional unit.
For Android operation system, apply the upstream data bag of all agreements Network Based such as, network request or network data etc., can the virtual network interface such as TUN interface etc. that creates to Android operation system of policybased routing.In prior art, once open escape way such as VPN passage etc., just can read upstream data bag from TUN interface, this upstream data bag is compressed, to encrypt and after the process such as encapsulation, be sent to vpn server by VPN passage, again upstream data bag sent to the server of application by vpn server.Like this, the increase of the overhead of terminal can be caused.
And in the present invention; the upstream data of the agreement Network Based of different application is surrounded by and optionally carries out a point flow transmission; namely the upstream data bag of the agreement Network Based of part application is encrypted protection transmission; to ensure its network security; the upstream data bag of the agreement Network Based of another part application carries out non-encrypted protection transmission; to reduce network delay; make no longer all to be encrypted protection transmission to the upstream data bag of the agreement Network Based of whole user, thus reduce the overhead of terminal.
Alternatively, in one of the present embodiment possible implementation, in 102, specifically can from the kernel of operating system, reading the source port number of described upstream data bag and operating system is apply the first mapping relations between the user ID of distributing, and the second mapping relations between the bag name obtaining described user ID and application.Then, then can according to described first mapping relations and described second mapping relations, obtain the bag name of application belonging to described upstream data bag such as, the bag name (PackageName) of Android (Android) application package (AndroidPackageKit, APK).
For Android operation system, specifically can from the kernel of Android operation system, such as, from/proc/net/net/tcp file, reading the source port number of described upstream data bag and operating system is apply the first mapping relations between the user ID of distributing.And, specifically can by the Java layer of Android operation system, the second mapping relations between the bag name obtaining described user ID and application.
Alternatively, in one of the present embodiment possible implementation, in 103, if described in be applied in the encrypted transmission list pre-set, then can send the described upstream data bag through encryption.
In a concrete implementation procedure, in this implementation, after TUN interface reads upstream data bag, determine application belonging to described upstream data bag, if described in be applied in the encrypted transmission list pre-set, then can compress this upstream data bag, to encrypt and after the process such as encapsulation, by escape way such as, VPN passage is sent to vpn server, carried out the process such as decapsulation, deciphering, decompression by vpn server after, then upstream data bag is sent to the server of application.
After the server of application receives the described upstream data bag that vpn server sends, dissection process is carried out to described upstream data bag, to carry out the process of being correlated with.If the server of this application has the demand of transmission downlink data such as, return the downlink data etc. that application is asked, this server then can to the downlink data packet of vpn server transmission based on described procotol, by vpn server, this downlink data packet is compressed, to encrypt and after the process such as encapsulation, by escape way such as, VPN passage is write TUN interface, then by TUN interface, downlink data packet is sent to application after carrying out the process such as decapsulation, deciphering, decompression.
Alternatively, in one of the present embodiment possible implementation, in 103, if described application is not in the encrypted transmission list pre-set, then can send not through the described upstream data bag of encryption.
In a concrete implementation procedure, in this implementation, after TUN interface reads upstream data bag, determine application belonging to described upstream data bag, if described application is not in the encrypted transmission list pre-set, then by transmission agency, can send not through the described upstream data bag of encryption.
So-called transmission agency, after processing, then directly can be sent to the server of this application without the need to compress the upstream data bag of the agreement Network Based applied, encrypt and encapsulation etc. by the net load of described upstream data bag.Particularly, the bottom that described transmission agency can be deployed in the operating system of terminal such as, the Native layer of Android operation system, or can also be deployed in terminal operating system application layer such as, the Java layer of Android operation system, the present embodiment is not particularly limited this.
Be deployed in terminal operating system bottom compared with, transmission agency department is deployed in the application layer of the operating system of terminal, effectively can improve exploitation and the debugging difficulty of transmission agency.
In this implementation procedure, the source IP address of described upstream data bag and source port number to be operating system be IP address that described application distributes and port numbers; The object IP address of described upstream data bag and destination slogan are IP address and the port numbers of the server of described application.
Particularly, specifically can by the object IP address of described upstream data bag and destination slogan, be revised as IP address and the port numbers of described transmission agency, and then, then by the object IP address of the described upstream data bag after the object IP address of the described upstream data bag before the source port number of described upstream data bag, amendment and destination slogan and amendment and destination slogan, can be recorded in conversion table.Then, described transmission is sent to act on behalf of described upstream data bag.
In this implementation procedure, stores processor can also be carried out to described conversion table further.Specifically described conversion table can be stored in the memory device of terminal.
Such as, the memory device of described terminal can be memory device at a slow speed, be specifically as follows the hard disk of computer system, or can also be inoperative internal memory and the physical memory of mobile phone, such as, read-only memory (Read-OnlyMemory, ROM) and RAM (random access memory) card etc., the present embodiment is not particularly limited this.
Or, again such as, the memory device of described terminal can also be speedy storage equipment, be specifically as follows the internal memory of computer system, or can also be running memory and the Installed System Memory of mobile phone, such as, random asccess memory (RandomAccessMemory, RAM) etc., the present embodiment is not particularly limited this.
After receiving described upstream data bag, described transmission agency can according to the source port number of described upstream data bag and described conversion table, obtain that record in described conversion table with the amendment corresponding to source port number that is described upstream data bag before the object IP address of described upstream data bag and destination slogan, using the object IP address of described upstream data bag before amendment and destination slogan as object IP address and destination slogan, using operating system be described application distribute IP address and port numbers as source IP address and source port number, the server of described application is sent to after the net load of described upstream data bag is encapsulated.
After the server of application receives the net load of the described upstream data bag that transmission agency sends, carry out the process of being correlated with.If the server of this application has the demand of transmission downlink data such as, return the downlink data etc. that application is asked, this server then can to the downlink data packet of transmission agency transmission based on described procotol.
A kind of situation, suppose to adopt User Datagram Protoco (UDP) (UserDatagramProtocol, UDP) as transport layer protocol, so, after receiving the downlink data packet based on described procotol, the IP address that this transmission can be acted on behalf of by described transmission agency and port numbers are as source IP address and source port number, according to the source IP address of described downlink data packet, source port number and described conversion table, obtain source port number that is that record in described conversion table and the described upstream data bag corresponding to source IP address that is described downlink data packet and source port number using as destination slogan, using assigned ip address as object IP address, new downlink data packet is generated after the net load of described downlink data packet is encapsulated, and send to virtual network interface such as TUN interface etc.
In the present invention, after the read data packet such as virtual network interface such as TUN interface, according to the object IP address of read packet, can determine whether this packet transmits for described the downlink data packet acted on behalf of and send.
If the object IP address of the packet read is assigned ip address, then can determine the downlink data packet that this packet sends for described transmission agency; Otherwise,
If the object IP address of the packet read not is assigned ip address, then can determine that this packet is apply upstream data bag to be sent.
After virtual network interface such as TUN interface etc. reads new downlink data packet, can according to the destination slogan of described new downlink data packet and described conversion table, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes.Then, described new downlink data packet is sent to described application.
Another kind of situation, suppose to adopt transmission control protocol (TransmissionControlProtocol, TCP) as transport layer protocol, so, before described upstream data bag being sent to described transmission agency, also need further by the source IP address of described upstream data bag, be revised as assigned ip address, for the source port number according to described assigned ip address and described upstream data bag, and described IP address and the port numbers transmitting agency, set up TCP and connect.So, then described upstream data bag can be connected by described TCP, send to described transmission to act on behalf of.
For descending, after receiving the downlink data packet based on described procotol, described transmission agency can be connected by described TCP, the new packet that the net load sending downlink data packet described in this TCP connection encapsulation generates, to virtual network interface such as TUN interface etc.
In the present invention, after the read data packet such as virtual network interface such as TUN interface, according to the object IP address of read packet, can determine whether this packet transmits for described the downlink data packet acted on behalf of and send.
If the object IP address of the packet read is assigned ip address, then can determine the downlink data packet that this packet sends for described transmission agency; Otherwise,
If the object IP address of the packet read not is assigned ip address, then can determine that this packet is apply upstream data bag to be sent.
After virtual network interface such as TUN interface etc. reads new downlink data packet, can according to the destination slogan of described new downlink data packet and described conversion table, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes.Then, described new downlink data packet is sent to described application.
In the present embodiment, by obtaining the upstream data bag of agreement Network Based to be sent, and then determining application belonging to described upstream data bag, making it possible to apply belonging to described upstream data bag, sending the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption; upstream data due to the agreement Network Based by different application is surrounded by and optionally carries out a point flow transmission; namely the upstream data bag of the agreement Network Based of part application is encrypted protection transmission; to ensure its network security; the upstream data bag of the agreement Network Based of another part application carries out non-encrypted protection transmission; to reduce network delay; make no longer all to be encrypted protection transmission to the upstream data bag of the agreement Network Based of whole user, thus reduce the overhead of terminal.
In addition; adopt technical scheme provided by the present invention; upstream data due to the agreement Network Based by different application is surrounded by and optionally carries out a point flow transmission; make no longer all to be encrypted protection transmission to the upstream data bag of the agreement Network Based of whole user, effectively can reduce network traffics and the computing pressure of security server.
In addition; adopt technical scheme provided by the present invention; when escape way is opened; be not the agreement Network Based of whole user upstream data bag all by this escape way be encrypted protection transmission; but the upstream data bag of the agreement Network Based of some application is not pass through opened escape way to be encrypted protection transmission; effectively can reduce network delay, significant increase Consumer's Experience.
It should be noted that, for aforesaid each embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and involved action and module might not be that the present invention is necessary.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
The structural representation of the data packet transmission device of the application that Fig. 2 provides for another embodiment of the present invention, as shown in Figure 2.The data packet transmission device of the application of the present embodiment can comprise acquiring unit 21, determining unit 22 and transmitting element 23.Wherein, acquiring unit 21, for obtaining the upstream data bag of agreement Network Based to be sent; Determining unit 22, applies belonging to described upstream data bag for determining; Transmitting element 23, for applying belonging to described upstream data bag, sends the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption.
It should be noted that, the data packet transmission device of the application of the present embodiment partly or entirely can for being positioned at the bottom of the operating system of terminal such as, the Native layer of Android operation system, in functional unit.
Alternatively, in one of the present embodiment possible implementation, described procotol can include but not limited to IP, ICMP, RIP, DSPF, BGP or IGMP.
Alternatively, in one of the present embodiment possible implementation, described determining unit 22, specifically may be used for from the kernel of operating system, and reading the source IP address of described upstream data bag and source port number and operating system is apply the first mapping relations between the user ID of distributing; The second mapping relations between the bag name obtaining described user ID and application; And according to described first mapping relations and described second mapping relations, obtain the bag name of application belonging to described upstream data bag.
Alternatively, in one of the present embodiment possible implementation, described transmitting element 23, if be applied in described in specifically may be used in the encrypted transmission list pre-set, sends the described upstream data bag through encryption.
Alternatively, in one of the present embodiment possible implementation, described transmitting element 23, if specifically may be used for described application not in the encrypted transmission list pre-set, sends not through the described upstream data bag of encryption.
Alternatively, in one of the present embodiment possible implementation, described transmitting element 23, specifically may be used for by escape way, sends the described upstream data bag through encryption.
Alternatively, in one of the present embodiment possible implementation, as shown in Figure 3, the data packet transmission device of the application of the present embodiment can further include transmission agency 31; Described transmitting element 23, specifically may be used for by described transmission agency 31, sends not through the described upstream data bag of encryption.
So-called transmission agency, after processing, then directly can be sent to the server of this application without the need to compress the upstream data bag of the agreement Network Based applied, encrypt and encapsulation etc. by the net load of described upstream data bag.Particularly, the bottom that described transmission agency can be deployed in the operating system of terminal such as, the Native layer of Android operation system, or can also be deployed in terminal operating system application layer such as, the Java layer of Android operation system, the present embodiment is not particularly limited this.
Be deployed in terminal operating system bottom compared with, transmission agency department is deployed in the application layer of the operating system of terminal, effectively can improve exploitation and the debugging difficulty of transmission agency.
In this implementation procedure, the source IP address of described upstream data bag and source port number to be operating system be IP address that described application distributes and port numbers; The object IP address of described upstream data bag and destination slogan are IP address and the port numbers of the server of described application.
Particularly, described transmitting element 23, specifically may be used for the object IP address of described upstream data bag and destination slogan, is revised as IP address and the port numbers of described transmission agency 31; By the object IP address of the described upstream data bag after the object IP address of the described upstream data bag before the source port number of described upstream data bag, amendment and destination slogan and amendment and destination slogan, be recorded in conversion table; And described upstream data bag is sent to described transmission agency 31.
Correspondingly, described transmission agency 31, may be used for the source port number according to described upstream data bag and described conversion table, obtain that record in described conversion table with the amendment corresponding to source port number that is described upstream data bag before the object IP address of described upstream data bag and destination slogan, using the object IP address of described upstream data bag before amendment and destination slogan as object IP address and destination slogan, using operating system be described application distribute IP address and port numbers as source IP address and source port number, send after the net load of described upstream data bag is encapsulated.
After the server of application receives the net load of the described upstream data bag that transmission agency sends, carry out the process of being correlated with.If the server of this application has the demand of transmission downlink data such as, return the downlink data etc. that application is asked, this server then can to the downlink data packet of transmission agency transmission based on described procotol.
A kind of situation, supposes to adopt UDP as transport layer protocol; So,
Described transmission agency 31, can also be further used for receiving the downlink data packet based on described procotol, using this transmission agency 31 IP address and port numbers as source IP address and source port number, according to the source IP address of described downlink data packet, source port number and described conversion table, obtain source port number that is that record in described conversion table and the described upstream data bag corresponding to source IP address that is described downlink data packet and source port number using as destination slogan, using assigned ip address as object IP address, the net load of described downlink data packet is encapsulated, generate new downlink data packet, and send this new downlink data packet,
Described acquiring unit 21, can also be further used for obtaining new downlink data packet to be sent;
Transmitting element 23, the destination slogan according to described new downlink data packet and described conversion table can also be further used for, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes; And described new downlink data packet is sent to described application.
Another kind of situation, supposes to adopt transmission control protocol (TransmissionControlProtocol, TCP) as transport layer protocol, so,
Described transmitting element 23, can also be further used for
By the source IP address of described upstream data bag, be revised as assigned ip address, for the source port number according to described assigned ip address and described upstream data bag, and described IP address and the port numbers transmitting agency 31, set up TCP and connect;
Described transmitting element 23, specifically may be used for
Described upstream data bag is connected by described TCP, sends to described transmission agency 31.
Described transmission agency 31, can also be further used for
Receive the downlink data packet based on described procotol; And
Connected by described TCP, the new packet that the net load sending downlink data packet described in this TCP connection encapsulation generates, and send this new downlink data packet;
Described acquiring unit 21, can also be further used for
Obtain new downlink data packet to be sent;
Described transmitting element 23, can also be further used for
According to destination slogan and the described conversion table of described new downlink data packet, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes; And described new downlink data packet is sent to described application.
It should be noted that, method in the embodiment that Fig. 1 is corresponding, the data packet transmission device of the application that can be provided by the present embodiment realizes.Detailed description see the related content in embodiment corresponding to Fig. 1, can repeat no more herein.
In the present embodiment, the upstream data bag of agreement Network Based to be sent is obtained by acquiring unit, and then determined to apply belonging to described upstream data bag by determining unit, transmitting element can be applied belonging to described upstream data bag, send the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption; upstream data due to the agreement Network Based by different application is surrounded by and optionally carries out a point flow transmission; namely the upstream data bag of the agreement Network Based of part application is encrypted protection transmission; to ensure its network security; the upstream data bag of the agreement Network Based of another part application carries out non-encrypted protection transmission; to reduce network delay; make no longer all to be encrypted protection transmission to the upstream data bag of the agreement Network Based of whole user, thus reduce the overhead of terminal.
In addition; adopt technical scheme provided by the present invention; upstream data due to the agreement Network Based by different application is surrounded by and optionally carries out a point flow transmission; make no longer all to be encrypted protection transmission to the upstream data bag of the agreement Network Based of whole user, effectively can reduce network traffics and the computing pressure of security server.
In addition; adopt technical scheme provided by the present invention; when escape way is opened; be not the agreement Network Based of whole user upstream data bag all by this escape way be encrypted protection transmission; but the upstream data bag of the agreement Network Based of some application is not pass through opened escape way to be encrypted protection transmission; effectively can reduce network delay, significant increase Consumer's Experience.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiment provided by the present invention, should be understood that, disclosed system, apparatus and method, can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, is only a kind of logic function and divides, and actual can have other dividing mode when realizing, such as, multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form that hardware also can be adopted to add SFU software functional unit realizes.
The above-mentioned integrated unit realized with the form of SFU software functional unit, can be stored in a computer read/write memory medium.Above-mentioned SFU software functional unit is stored in a storage medium, comprising some instructions in order to make a computer installation (can be personal computer, server, or network equipment etc.) or processor (processor) perform the part steps of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (Read-OnlyMemory, ROM), random access memory (RandomAccessMemory, RAM), magnetic disc or CD etc. various can be program code stored medium.
Finally it should be noted that above embodiment only in order to technical scheme of the present invention to be described, be not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (20)

1. a data pack transmission method for application, is characterized in that, comprising:
Obtain the upstream data bag of agreement Network Based to be sent;
Determine application belonging to described upstream data bag;
Apply belonging to described upstream data bag, send the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption.
2. method according to claim 1, is characterized in that, described procotol comprises IP, ICMP, RIP, DSPF, BGP or IGMP.
3. method according to claim 1, is characterized in that, describedly determines application belonging to described upstream data bag, comprising:
From the kernel of operating system, reading the source port number of described upstream data bag and operating system is apply the first mapping relations between the user ID of distributing;
The second mapping relations between the bag name obtaining described user ID and application;
According to described first mapping relations and described second mapping relations, obtain the bag name of application belonging to described upstream data bag.
4. method according to claim 1, is characterized in that, describedly applies belonging to described upstream data bag, sends the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption, comprising:
If described in be applied in the encrypted transmission list pre-set, send the described upstream data bag through encryption; Or
If described application is not in the encrypted transmission list pre-set, send not through the described upstream data bag of encryption.
5. method according to claim 1, is characterized in that, described transmission, through the described upstream data bag of encryption, comprising:
By escape way, send the described upstream data bag through encryption.
6. method according to claim 1, is characterized in that, described transmission through the described upstream data bag of encryption, does not comprise,
By transmission agency, send not through the described upstream data bag of encryption.
7. method according to claim 6, is characterized in that, the object IP address of described upstream data bag and destination slogan are IP address and the port numbers of the server of described application; Described by transmission agency, send not through the described upstream data bag of encryption, comprising:
By the object IP address of described upstream data bag and destination slogan, be revised as IP address and the port numbers of described transmission agency;
By the object IP address of the described upstream data bag after the object IP address of the described upstream data bag before the source port number of described upstream data bag, amendment and destination slogan and amendment and destination slogan, be recorded in conversion table;
Described transmission is sent to act on behalf of, to make described upstream data bag
Described transmission agency is according to the source port number of described upstream data bag and described conversion table, obtain that record in described conversion table with the amendment corresponding to source port number that is described upstream data bag before the object IP address of described upstream data bag and destination slogan, using the object IP address of described upstream data bag before amendment and destination slogan as object IP address and destination slogan, using operating system be described application distribute IP address and port numbers as source IP address and source port number, after the net load of described upstream data bag is encapsulated send.
8. method according to claim 7, is characterized in that, adopts UDP as transport layer protocol; Described by transmission agency, send not after the described upstream data bag of encryption, also comprise:
Obtain new downlink data packet to be sent, described new downlink data packet, for described transmission agency receives the downlink data packet based on described procotol, the IP address this transmission acted on behalf of and port numbers are as source IP address and source port number, according to the source IP address of described downlink data packet, source port number and described conversion table, obtain source port number that is that record in described conversion table and the described upstream data bag corresponding to source IP address that is described downlink data packet and source port number using as destination slogan, using assigned ip address as object IP address, generate and send after the net load of described downlink data packet is encapsulated,
According to destination slogan and the described conversion table of described new downlink data packet, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes;
Described new downlink data packet is sent to described application.
9. method according to claim 7, is characterized in that, adopts TCP as transport layer protocol; Described described upstream data bag is sent to described transmission act on behalf of before, also comprise:
By the source IP address of described upstream data bag, be revised as assigned ip address, for the source port number according to described assigned ip address and described upstream data bag, and described IP address and the port numbers transmitting agency, set up TCP and connect;
Describedly send to described transmission to act on behalf of described upstream data bag, comprising:
Described upstream data bag is connected by described TCP, sends to described transmission to act on behalf of.
10. method according to claim 9, is characterized in that, described by transmission agency, sends not after the described upstream data bag of encryption, also comprises:
Obtain new downlink data packet to be sent, described new downlink data packet, for described transmission agency receives the downlink data packet based on described procotol, connected the net load of the described downlink data packet of this TCP connection encapsulation sent by described TCP;
According to destination slogan and the described conversion table of described new downlink data packet, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes;
Described new downlink data packet is sent to described application.
The data packet transmission device of 11. 1 kinds of application, is characterized in that, comprising:
Acquiring unit, for obtaining the upstream data bag of agreement Network Based to be sent;
Determining unit, applies belonging to described upstream data bag for determining;
Transmitting element, for applying belonging to described upstream data bag, sends the described upstream data bag through encryption; Or send not through the described upstream data bag of encryption.
12. devices according to claim 11, is characterized in that, described procotol comprises IP, ICMP, RIP, DSPF, BGP or IGMP.
13. devices according to claim 11, is characterized in that, described determining unit, specifically for
From the kernel of operating system, reading the source IP address of described upstream data bag and source port number and operating system is apply the first mapping relations between the user ID of distributing;
The second mapping relations between the bag name obtaining described user ID and application; And
According to described first mapping relations and described second mapping relations, obtain the bag name of application belonging to described upstream data bag.
14. devices according to claim 11, is characterized in that, described transmitting element, specifically for
If described in be applied in the encrypted transmission list pre-set, send the described upstream data bag through encryption; Or
If described application is not in the encrypted transmission list pre-set, send not through the described upstream data bag of encryption.
15. devices according to claim 11, is characterized in that, described transmitting element, specifically for
By escape way, send the described upstream data bag through encryption.
16. devices according to claim 11, is characterized in that, described device also comprises transmission agency; Described transmitting element, specifically for
By described transmission agency, send not through the described upstream data bag of encryption.
17. devices according to claim 16, is characterized in that, the object IP address of described upstream data bag and destination slogan are IP address and the port numbers of the server of described application; Described transmitting element, specifically for
By the object IP address of described upstream data bag and destination slogan, be revised as IP address and the port numbers of described transmission agency;
By the object IP address of the described upstream data bag after the object IP address of the described upstream data bag before the source port number of described upstream data bag, amendment and destination slogan and amendment and destination slogan, be recorded in conversion table; And
Described transmission is sent to act on behalf of described upstream data bag;
Described transmission agency, for
According to source port number and the described conversion table of described upstream data bag, obtain that record in described conversion table with the amendment corresponding to source port number that is described upstream data bag before the object IP address of described upstream data bag and destination slogan, using the object IP address of described upstream data bag before amendment and destination slogan as object IP address and destination slogan, using operating system be described application distribute IP address and port numbers as source IP address and source port number, after the net load of described upstream data bag is encapsulated send.
18. devices according to claim 17, is characterized in that, adopt UDP as transport layer protocol;
Described transmission agency, also for
Receive the downlink data packet based on described procotol, the IP address this transmission acted on behalf of and port numbers are as source IP address and source port number, according to the source IP address of described downlink data packet, source port number and described conversion table, obtain source port number that is that record in described conversion table and the described upstream data bag corresponding to source IP address that is described downlink data packet and source port number using as destination slogan, using assigned ip address as object IP address, the net load of described downlink data packet is encapsulated, generate new downlink data packet, and send this new downlink data packet,
Described acquiring unit, also for
Obtain new downlink data packet to be sent;
Transmitting element, also for
According to destination slogan and the described conversion table of described new downlink data packet, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes; And
Described new downlink data packet is sent to described application.
19. devices according to claim 17, is characterized in that, adopt TCP as transport layer protocol; Described transmitting element, also for
By the source IP address of described upstream data bag, be revised as assigned ip address, for the source port number according to described assigned ip address and described upstream data bag, and described IP address and the port numbers transmitting agency, set up TCP and connect;
Described transmitting element, specifically for
Described upstream data bag is connected by described TCP, sends to described transmission to act on behalf of.
20. devices according to claim 19, is characterized in that,
Described transmission agency, also for
Receive the downlink data packet based on described procotol; And
Connected by described TCP, the new packet that the net load sending downlink data packet described in this TCP connection encapsulation generates, and send this new downlink data packet;
Described acquiring unit, also for
Obtain new downlink data packet to be sent;
Described transmitting element, also for
According to destination slogan and the described conversion table of described new downlink data packet, obtain IP address that is that record in described conversion table and the server of the described application corresponding to destination slogan that is described new downlink data packet and port numbers, by the source IP address of described new downlink data packet and source port number, be revised as IP address and the port numbers of the server of described application, by the object IP address of described new downlink data packet, being revised as operating system is the IP address that described application distributes; And
Described new downlink data packet is sent to described application.
CN201510674341.1A 2015-10-16 2015-10-16 The data pack transmission method and device of application Active CN105227569B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510674341.1A CN105227569B (en) 2015-10-16 2015-10-16 The data pack transmission method and device of application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510674341.1A CN105227569B (en) 2015-10-16 2015-10-16 The data pack transmission method and device of application

Publications (2)

Publication Number Publication Date
CN105227569A true CN105227569A (en) 2016-01-06
CN105227569B CN105227569B (en) 2019-02-12

Family

ID=54996248

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510674341.1A Active CN105227569B (en) 2015-10-16 2015-10-16 The data pack transmission method and device of application

Country Status (1)

Country Link
CN (1) CN105227569B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106713320A (en) * 2016-12-23 2017-05-24 腾讯科技(深圳)有限公司 Terminal data transmission method and device
CN110224897A (en) * 2019-06-26 2019-09-10 深圳市腾讯信息技术有限公司 Vulnerable network test method, device, mobile device and the storage medium of application program

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242629A (en) * 2007-02-05 2008-08-13 华为技术有限公司 Method, system and device for selection algorithm of user plane
CN101790162A (en) * 2010-01-29 2010-07-28 华为技术有限公司 Security association acquisition method and device
CN103916239A (en) * 2014-04-09 2014-07-09 长春大学 Quantum secret communication gateway system for financial security network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242629A (en) * 2007-02-05 2008-08-13 华为技术有限公司 Method, system and device for selection algorithm of user plane
CN101790162A (en) * 2010-01-29 2010-07-28 华为技术有限公司 Security association acquisition method and device
CN103916239A (en) * 2014-04-09 2014-07-09 长春大学 Quantum secret communication gateway system for financial security network

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106713320A (en) * 2016-12-23 2017-05-24 腾讯科技(深圳)有限公司 Terminal data transmission method and device
CN106713320B (en) * 2016-12-23 2020-07-03 腾讯科技(深圳)有限公司 Terminal data transmission method and device
CN110224897A (en) * 2019-06-26 2019-09-10 深圳市腾讯信息技术有限公司 Vulnerable network test method, device, mobile device and the storage medium of application program
CN110224897B (en) * 2019-06-26 2022-10-04 深圳市腾讯信息技术有限公司 Weak network testing method and device of application program, mobile device and storage medium

Also Published As

Publication number Publication date
CN105227569B (en) 2019-02-12

Similar Documents

Publication Publication Date Title
US11985210B2 (en) System and method for improving internet communication by using intermediate nodes
KR101982960B1 (en) Improving virtualization application performance by disabling unnecessary features
CA2905583C (en) Secure network communication
CN105939239B (en) Data transmission method and device of virtual network card
CN104283853B (en) A kind of method, terminal device and network equipment for improving Information Security
CN101138218A (en) Security protocols on incompatible transports
US20120278611A1 (en) Vpn-based method and system for mobile communication terminal to access data securely
CN105162674A (en) Method and network card for physical machine to access to virtual network
CN104700003B (en) A kind of file shell adding and hulling method, apparatus and system
CN106845256A (en) A kind of method and terminal of encryption and decryption data in the application
CN105227569A (en) The data pack transmission method of application and device
CN103746768A (en) Data packet identification method and equipment thereof
CN116527405B (en) SRV6 message encryption transmission method and device and electronic equipment
CN107343001B (en) Data processing method and device
CN105302617A (en) Method and sever for downloading application program
CN113726768A (en) Data transmission method and device, electronic equipment and readable storage medium
CN107483203A (en) Internet of Things access point receives the encryption method at times and device of data
CN111797417A (en) File uploading method and device, storage medium and electronic device
CN110225010A (en) A kind of processing method and relevant device of PUSH message
CN115086048B (en) Data processing method, device, electronic equipment and readable storage medium
CN104519019B (en) A kind of information transferring method, apparatus and system
Baranov et al. Simulation of DDoS Attacks on LTE and LoRaWAN Protocols in the NS-3 Network Simulator
CN105162796A (en) Data transmission method and equipment
US11108592B2 (en) Systems and methods for implementing a layer two proxy for wireless network data
CN110381209A (en) Processing method, device and the storage medium of pasting boards message

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant