CN106603568B - Data ciphering method, device and access point apparatus - Google Patents
Data ciphering method, device and access point apparatus Download PDFInfo
- Publication number
- CN106603568B CN106603568B CN201611271125.3A CN201611271125A CN106603568B CN 106603568 B CN106603568 B CN 106603568B CN 201611271125 A CN201611271125 A CN 201611271125A CN 106603568 B CN106603568 B CN 106603568B
- Authority
- CN
- China
- Prior art keywords
- data packet
- terminal
- data
- transmission path
- access point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present embodiments relate to field of terminal technology, a kind of data ciphering method, device and access point apparatus are disclosed.Wherein, this method comprises: access point obtains the first data packet that first terminal needs to be sent to second terminal by wireless network;First data packet is parsed to obtain the internet protocol address of the second terminal;Predict that first data packet passes through the prediction transmission path that the wireless network reaches the second terminal according to the IP address of the second terminal;Determine whether to encrypt first data packet according to the safety of the prediction transmission path.Implement the embodiment of the present invention, the work to data encryption that script terminal device can be executed is transferred to access point apparatus progress, reduces the operation burden of terminal device processor, and then reduce the power consumption of terminal device.
Description
Technical field
The present invention relates to field of terminal technology more particularly to a kind of data ciphering methods, device and access point apparatus.
Background technique
Widely available with wireless network, people can access network whenever and wherever possible to entertain, handle official business and exchange
Equal activities, bring great convenience for people's lives.However, the easy access of network and high popularity rate are also brought increasingly sternly
The problem of data safety of weight.
For example, the data that user is sent by wireless network, it is easy to be stolen during transmission by criminal
It takes.For example, stealing user data by pretending AP (Access Point, access point), or the data receiver's acquisition that disguises oneself as
The data etc. that user sends.
Therefore, the data sent in order to prevent, which are stolen, causes leaking data, and carrying out encryption to data becomes especially necessary.
Terminal device encrypts data before sending data, accordingly even when data are stolen during transmission, due to data
It has been be encrypted that, thus the information leakage of user will not be caused.
However, the computational burden that data encryption will increase the processor of terminal device is carried out, to the computing capability of processor
High requirement is proposed, and will increase the power consumption of terminal device.
Summary of the invention
The embodiment of the invention provides a kind of data ciphering method, device and access point apparatus, script terminal can be set
The standby work to data encryption executed is transferred to access point apparatus progress, reduces the operation burden of terminal device processor, into
And reduce the power consumption of terminal device.
First aspect of the embodiment of the present invention discloses a kind of data ciphering method, comprising:
Access point obtains the first data packet that first terminal needs to be sent to second terminal by wireless network;
First data packet is parsed to obtain the internet protocol address of the second terminal;
Predict that first data packet reaches described the by the wireless network according to the IP address of the second terminal
The prediction transmission path of two terminals;
Determine whether to encrypt first data packet according to the safety of the prediction transmission path.
As an alternative embodiment, described predict first data packet according to the IP address of the second terminal
The prediction transmission path of the second terminal is reached by the wireless network, comprising:
Described access point determines the subnet IP of the affiliated subnet of the second terminal according to the IP address of the second terminal;
It is recorded according to the subnet IP query history, to determine whether current time is transmitted across the second data packet to institute before
State the affiliated subnet of second terminal;
The historic transmission path conduct of second data packet to the affiliated subnet of the second terminal is sent if so, obtaining
The prediction transmission path.
As an alternative embodiment, the safety according to the prediction transmission path determines whether to described
First data packet is encrypted, comprising:
The record whether the first transmission node that described access point is inquired in the prediction transmission path has data to be stolen;
If first transmission node has the record that data are stolen, determine that the prediction transmission path is dangerous, needs
First data packet is encrypted.
As an alternative embodiment, the method also includes:
Described access point parses first data packet to obtain the data content in first data packet;
Keyword extraction is carried out to determine whether to encrypt first data packet to the data content.
As an alternative embodiment, described carry out keyword extraction to the data content to determine whether to institute
The first data packet is stated to be encrypted, comprising:
Described access point determines whether the data content in first data packet includes account number cipher information;
If the data content in first data packet includes account number cipher information, first data packet is encrypted.
As an alternative embodiment, being encrypted using the first data packet described in asymmetric key pair, comprising:
Described access point encrypts first data packet using public-key cryptography, so that second terminal utilization pair
The first data packet described in the private cipher key pair of the public-key cryptography is answered to be decrypted to obtain the data content.
Second aspect of the embodiment of the present invention discloses a kind of data encryption device, comprising:
First acquisition unit needs to be sent to the first data of second terminal by wireless network for obtaining first terminal
Packet;
First resolution unit, for parsing first data packet with obtaining the Internet protocol IP of the second terminal
Location;
Predicting unit, for predicting that first data packet passes through the wireless network according to the IP address of the second terminal
Network reaches the prediction transmission path of the second terminal;
Determination unit, for determining whether to carry out first data packet according to the safety of the prediction transmission path
Encryption.
As an alternative embodiment, the predicting unit, comprising:
First determines subelement, for determining the affiliated subnet of the second terminal according to the IP address of the second terminal
Subnet IP;
First inquiry subelement, for being recorded according to the subnet IP query history, with determine before current time whether
The second data packet is transmitted across to the affiliated subnet of the second terminal;
Subelement is obtained, if obtaining for being transmitted across the second data packet to the affiliated subnet of the second terminal and sending institute
The second data packet is stated to the historic transmission path of the affiliated subnet of the second terminal as the prediction transmission path.
As an alternative embodiment, the determination unit, comprising:
Whether the second inquiry subelement, the first transmission node for inquiring in the prediction transmission path have data stolen
The record taken;
Subelement is determined, if determining that the prediction passes for the record that first transmission node there are data to be stolen
Defeated path is dangerous, needs to encrypt first data packet.
As an alternative embodiment, described device further include:
Second resolution unit, for parsing first data packet to obtain the data content in first data packet;
Extraction unit, for the data content carry out keyword extraction with determine whether to first data packet into
Row encryption.
As an alternative embodiment, the extraction unit, comprising:
Second determines subelement, for determining whether the data content in first data packet includes account number cipher letter
Breath;
Encryption sub-unit operable, if including account number cipher information for the data content in first data packet, to described
The encryption of first data packet.
As an alternative embodiment, the encryption sub-unit operable is specifically used for utilizing described in asymmetric key pair first
Data packet is encrypted, comprising:
First data packet is encrypted using public-key cryptography, so that the second terminal utilizes the corresponding disclosure
First data packet described in the private cipher key pair of key is decrypted to obtain the data content.
The third aspect of the embodiment of the present invention discloses a kind of access point apparatus, comprising:
It is stored with the memory of executable program code;
The processor coupled with the memory;
The processor calls the executable program code stored in the memory, executes such as above-mentioned first aspect
Disclosed method.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
In the embodiment of the present invention, access point obtains first terminal and needs to be sent to the first of second terminal by wireless network
Data packet;First data packet is parsed to obtain the internet protocol address of the second terminal;Eventually according to described second
The IP address at end predicts that first data packet reaches the prediction transmission path of the second terminal by the wireless network;Root
Safety according to the prediction transmission path determines whether to encrypt first data packet.Implement the embodiment of the present invention,
The work to data encryption that script terminal device can be executed is transferred to access point apparatus progress, reduces terminal device processing
The operation of device is born, and then reduces the power consumption of terminal device.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without any creative labor, it can also be obtained according to these attached drawings
His attached drawing.
Fig. 1 is a kind of flow diagram of data ciphering method disclosed by the embodiments of the present invention;
Figure 1A is a kind of schematic diagram of determining prediction transmission path disclosed by the embodiments of the present invention;
Fig. 2 is the flow diagram of another data ciphering method disclosed by the embodiments of the present invention;
Fig. 3 is a kind of structural schematic diagram of data encryption device 300 disclosed by the embodiments of the present invention;
Fig. 3 A is a kind of structural schematic diagram of predicting unit 303 disclosed by the embodiments of the present invention;
Fig. 3 B is a kind of structural schematic diagram of determination unit 304 disclosed by the embodiments of the present invention;
Fig. 4 is the structural schematic diagram of another data encryption device 400 disclosed by the embodiments of the present invention;
Fig. 4 A is a kind of structural schematic diagram of extraction unit 306 disclosed by the embodiments of the present invention;
Fig. 5 is a kind of structural schematic diagram of access point apparatus 500 disclosed by the embodiments of the present invention;
Fig. 6 is a kind of structural schematic diagram of terminal device 600 disclosed in the embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into
It is described in detail to one step, it is clear that the described embodiments are only some of the embodiments of the present invention, rather than whole implementation
Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts
All other embodiment, shall fall within the protection scope of the present invention.
Description and claims of this specification and term " first " in above-mentioned attached drawing, " second " etc. are for distinguishing
Different objects, is not use to describe a particular order.In addition, term " includes " and " having " and their any deformations, meaning
Figure, which is to cover, non-exclusive includes.Such as contain the process, method, system, product or equipment of a series of steps or units
It is not limited to listed step or unit, but optionally further comprising the step of not listing or unit, or optionally also
Including other step or units intrinsic for these process, methods or equipment.
The embodiment of the invention provides a kind of data ciphering method, device and access point apparatus, script terminal can be set
The standby work to data encryption executed is transferred to access point apparatus progress, reduces the operation burden of terminal device processor, into
And reduce the power consumption of terminal device.It is described in detail separately below.
Referring to Fig. 1, Fig. 1 is a kind of flow diagram of data ciphering method disclosed by the embodiments of the present invention.Wherein, scheme
Data ciphering method shown in 1 may comprise steps of:
101, access point obtains the first data packet that first terminal needs to be sent to second terminal by wireless network.
In the embodiment of the present invention, first terminal and second terminal may include operation Android operation system, iOS operation
The terminal device of system, Windows operating system or other operating systems, for example, mobile phone, removable computer, tablet computer,
Desktop computer, personal digital assistant (Personal Digital Assistant, PDA), smartwatch, intelligent glasses, intelligence
The terminal devices such as bracelet, the embodiment of the present invention is subsequent not to be repeated.
In the embodiment of the present invention, above-mentioned access point can be simple access point apparatus or router, and first terminal is by connecing
Enter above-mentioned access point to obtain and be wirelessly connected, the first data packet for needing to be sent to second terminal is sent to access by first terminal
Point device, the first data packet reach second terminal after the multiple forwarding of the transmission node in network.
102, the first data packet is parsed to obtain the internet protocol address of second terminal.
In the embodiment of the present invention, the first data packet has certain data frame structure, and access point passes through to the first data packet
Frame decoding is carried out, to obtain the IP address for the data receiver's (i.e. second terminal) for including in the first packet header.
103, predict that the first data packet reaches second terminal by above-mentioned wireless network according to the IP address of second terminal
Predict transmission path.
As shown in Figure 1A, Figure 1A is a kind of schematic diagram of determining prediction transmission path disclosed by the embodiments of the present invention.Wherein,
The access point of first terminal connection is the first access point, and the access point of second terminal connection is the second access point.Second access point
The subnet established is identified with its subnet IP, is reached accordingly, it is determined that issuing data packet from the first access point with above-mentioned subnet IP
The transmission path (in Figure 1A shown in overstriking lines) of the subnet of mark, can be using it as above-mentioned prediction transmission path.Firstly, the
One access point determines the subnet IP of the affiliated subnet of second terminal according to the IP address of second terminal, is gone through later according to subnet IP inquiry
Records of the Historian record, to determine whether current time is transmitted across the second data packet to the affiliated subnet of second terminal before;If so, obtaining hair
Send the second data packet to the historic transmission path of the affiliated subnet of second terminal as above-mentioned prediction transmission path.
104, determine whether to encrypt the first data packet according to the safety of above-mentioned prediction transmission path.
As an alternative embodiment, whether access point inquires each transmission node in above-mentioned prediction transmission path
There is the record that data are stolen;If the record for thering is at least one transmission node to there are data to be stolen in above-mentioned prediction transmission path,
Then determine to predict that transmission path is dangerous, needs to encrypt the first data packet.
It can be seen that using method described in Fig. 1, the work to data encryption that script terminal device can be executed
It is transferred to access point apparatus progress, reduces the operation burden of terminal device processor, and then reduces the power consumption of terminal device.
Referring to Fig. 2, Fig. 2 is the flow diagram of another data ciphering method disclosed by the embodiments of the present invention.Such as Fig. 2
Shown, this method may comprise steps of:
201, access point obtains the first data packet that first terminal needs to be sent to second terminal by wireless network.
202, the first data packet is parsed to obtain the internet protocol address of second terminal.
203, predict that the first data packet reaches second terminal by above-mentioned wireless network according to the IP address of second terminal
Predict transmission path.
As an alternative embodiment, router broadcast request message of the access point into network, so that in network
Router return to routing table, access point calculates according to routing table and obtains above-mentioned prediction transmission path later.
204, determine whether to encrypt the first data packet according to the safety of above-mentioned prediction transmission path;If so,
Execute step 205;If it is not, thening follow the steps 206~207.
205, it is encrypted using the first data packet of asymmetric key pair.
Asymmetric-key encryption algorithm needs two keys: public-key cryptography (Public Key) and private cipher key (Private
Key).Public-key cryptography exists in pairs with private cipher key, if encrypted with public-key cryptography to data, only with corresponding privately owned
Key could be decrypted;If encrypted with private cipher key pair data, could only be decrypted with corresponding public-key cryptography.Cause
Two different keys are used to encrypt and decrypting, so this algorithm is referred to as asymmetric-key encryption algorithm.It is non-right
Claim secret key cryptographic algorithm realize confidential information exchange basic process be: Party A generate a pair of secret keys and by therein one using as
Public-key cryptography is disclosed to other data interaction sides;The Party B for obtaining the disclosure key is encrypted using the key pair confidential information
After be then forwarded to Party A;The encrypted information of corresponding private cipher key pair that Party A is saved with oneself again is decrypted.
In embodiments of the present invention, access point encrypts the first data packet using public-key cryptography, so that second terminal
It is decrypted using the first data packet of private cipher key pair of corresponding public-key cryptography to obtain the data content in the first data packet.
206, above-mentioned access point parses the first data packet to obtain the data content in the first data packet.
207, keyword extraction is carried out to determine whether to encrypt the first data packet to above-mentioned data content.
As an alternative embodiment, access point determines whether the data content in the first data packet includes that account is close
Code information;If the data content in the first data packet includes account number cipher information, the first data packet is encrypted.
It can be seen that using method described in Fig. 2, the work to data encryption that script terminal device can be executed
It is transferred to access point apparatus progress, reduces the operation burden of terminal device processor, and then reduces the power consumption of terminal device.Except this
In addition, access point, can also be according to number in addition to can be according to the safety of transmission path to determine whether encrypt to data
Whether it is related to account number cipher information according to data in packet, to determine whether encrypting to data packet, improves the flexibility of data encryption
And safety.
Referring to Fig. 3, Fig. 3 is a kind of structural schematic diagram of data encryption device 300 disclosed by the embodiments of the present invention.Such as figure
Shown in 3, which may include:
First acquisition unit 301 needs to be sent to the first of second terminal by wireless network for obtaining first terminal
Data packet.
First resolution unit 302, for parsing the first data packet to obtain the internet protocol address of second terminal.
Predicting unit 303, for predicting that the first data packet is arrived by above-mentioned wireless network according to the IP address of second terminal
Up to the prediction transmission path of second terminal.
Determination unit 304, for determining whether to carry out the first data packet according to the safety of above-mentioned prediction transmission path
Encryption.
As shown in Figure 3A, above-mentioned predicting unit 303 may include: that the first determining subelement 3031, first inquires subelement
3032 and obtain subelement 3033.Wherein, first subelement 3031 is determined, for determining second according to the IP address of second terminal
The subnet IP of the affiliated subnet of terminal;First inquiry subelement 3032, for being recorded according to above-mentioned subnet IP query history, with determination
The second data packet whether is transmitted across to the affiliated subnet of second terminal before current time;Subelement 3033 is obtained, if for sending
The second data packet is crossed to the affiliated subnet of second terminal, then obtains the history for sending the second data packet to the affiliated subnet of second terminal and passes
Defeated path is as above-mentioned prediction transmission path.
As shown in Figure 3B, above-mentioned determination unit 304, comprising: the second inquiry subelement 3041 and judgement subelement 3042.Its
In, whether the second inquiry subelement 3041, the first transmission node for inquiring in above-mentioned prediction transmission path has data stolen
The record taken;Subelement 3042 is determined, if determining above-mentioned pre- for the record that above-mentioned first transmission node there are data to be stolen
It is dangerous to survey transmission path, needs to encrypt the first data packet.
It can be seen that using device described in Fig. 3, the work to data encryption that script terminal device can be executed
It is transferred to access point apparatus progress, reduces the operation burden of terminal device processor, and then reduces the power consumption of terminal device.
Referring to Figure 4 together, Fig. 4 is the structural representation of another data encryption device 400 disclosed by the embodiments of the present invention
Figure.Wherein, data encryption device 400 shown in Fig. 4 is that data encryption device 300 as shown in Figure 3 optimizes, with
Device shown in Fig. 3 is compared, device shown in Fig. 4 further include:
Second resolution unit 305, for parsing the first data packet to obtain the data content in the first data packet.
Extraction unit 306, for above-mentioned data content carry out keyword extraction with determine whether to the first data packet into
Row encryption.
As shown in Figure 4 A, said extracted unit 306, comprising: second determines subelement 3061 and encryption sub-unit operable 3062.Its
In, second determines subelement 3061, for determining whether the data content in the first data packet includes account number cipher information;Encryption
Subelement 3062 encrypts the first data packet if including account number cipher information for the data content in the first data packet.
Wherein, above-mentioned encryption sub-unit operable 3062 is specifically used for being encrypted using the first data packet of asymmetric key pair,
Specific implementation are as follows: the first data packet is encrypted using public-key cryptography, so that second terminal is disclosed above using correspondence
The first data packet of private cipher key pair of key is decrypted to obtain above-mentioned data content.
It can be seen that using device described in Fig. 4, the work to data encryption that script terminal device can be executed
It is transferred to access point apparatus progress, reduces the operation burden of terminal device processor, and then reduces the power consumption of terminal device.Except this
In addition, the present apparatus, can also be according to number in addition to can be according to the safety of transmission path to determine whether encrypt to data
Whether it is related to account number cipher information according to data in packet, to determine whether encrypting to data packet, improves the flexibility of data encryption
And safety.
Referring to Fig. 5, Fig. 5 is a kind of structural schematic diagram of access point apparatus 500 disclosed by the embodiments of the present invention.Such as Fig. 5
Shown, which may include:
Input unit 501, processor unit 502, output unit 503, communication unit 504, storage unit 505 and power supply
506 equal components.These components are communicated by one or more bus.It will be understood by those skilled in the art that shown in fig. 5
The structure of terminal does not constitute a limitation of the invention simultaneously, it is also possible to hub-and-spoke configuration either busbar network, can be with
Including components more more or fewer than structure shown in fig. 5, certain components or different component layouts are perhaps combined.At this
In invention embodiment, access point apparatus shown in fig. 5 includes but is not limited to simple access device, router, bridge and exchange
Machine equipment.
Input unit 501 is for realizing the interaction of user and access point apparatus and/or information input into access point apparatus.
In the specific embodiment of the invention, input unit 501 can be touch panel, and touch panel is also referred to as touch screen or touch-control
Screen, collectable user touches on it or close operational motion.For example user uses any suitable objects such as finger, stylus
Or the operational motion of position of the attachment on touch panel or close to touch panel, and driven accordingly according to preset formula
Attachment device.Optionally, touch panel may include both touch detecting apparatus and touch controller.Wherein, inspection is touched
The touch operation of device detection user is surveyed, and the touch operation that will test is converted to electric signal, and electric signal is sent to
Touch controller;Touch controller receives electric signal from touch detecting apparatus, and is converted into contact coordinate, then gives place
Manage device unit 502.Touch controller can also receive the order that processor unit 502 is sent and execution.Furthermore, it is possible to using electricity
The multiple types such as resistive, condenser type, infrared ray (Infrared) and surface acoustic wave realize touch panel.
Processor unit 502 is the control centre of access point apparatus, utilizes various interfaces and the entire access point of connection
The various pieces of equipment, by running or executing the program code being stored in storage unit 505 and/or module, and calling
The data being stored in storage unit 505, to execute the various functions and/or processing data of access point apparatus.Processor unit
It can be made of integrated circuit (Integrated Circuit, abbreviation IC), such as the IC that can be encapsulated by single is formed,
It can be made of the encapsulation IC of more identical functions of connection or different function.For example, processor unit 502 can be wrapped only
Central processing unit (Central ProcessingUnit, abbreviation CPU) is included, CPU, digital signal processor are also possible to
(digital signal processor, abbreviation DSP), graphics processor (Graphic Processing Unit, referred to as
GPU the combination of the control chip (such as baseband chip)) and in communication unit.In embodiments of the present invention, CPU can be list
Arithmetic core also may include multioperation core.
Communication unit 504 is established access point apparatus by communication linkage and intelligent glasses and is connected for establishing communication linkage
It connects, realizes data interaction between the two.Communication unit 504 may include WLAN (Wireless Local Area
Network, abbreviation wireless LAN) module, bluetooth module, wireless near field communication (Near Field
Communication, abbreviation NFC), wireless communication modules and the Ethernet, universal serial bus such as base band (Base Band) module
(Lightning, Apple is set for iPhone6/6s etc. at present for (Universal Serial Bus, abbreviation USB), lightning interface
It is standby) etc. wire communication modules.
Output unit 503 can include but is not limited to image output unit, sound output and sense of touch output unit.Image is defeated
Unit is used for output character, picture and/or video out.Image output unit may include display panel, for example, by using LCD
(Liquid Crystal Display, liquid crystal display), OLED (Organic Light-Emitting Diode, You Jifa
Optical diode), the forms such as Field Emission Display (field emission display, abbreviation FED) are the display panel that configures.
Or image output unit may include reflected displaying device, such as electrophoresis-type (electrophoretic) display, or utilize
The display of interference of light modulation tech (Interferometric Modulation of Light).Image output unit can be with
Including individual monitor or various sizes of multiple displays.In a specific embodiment of the invention, above-mentioned input unit 501
Used touch panel also can simultaneously as output unit 503 display panel.For example, display panel provides QWERTY keyboard
Visual output, user operate touch panel using finger or stylus etc. according to the visual information seen, when touch panel is examined
After measuring touch or close gesture operation on it, determines position indicated by touch or close to gestures, send processing to
Device unit 502 obtains the character of the position on mapping keyboard to form input password.Although in Fig. 5, input unit 501 with it is defeated
Unit 503 is the function that outputs and inputs of realizing access point apparatus as two independent components out, but in certain implementations
In example, can be integrated by touch panel and display panel and that realizes access point apparatus output and input function.For example, shadow
As output unit can show QWERTY keyboard, so that user is operated by touch control manner.
Storage unit 505 can be used for storing program code and module, and processor unit 502 is stored in storage by operation
The program code and module of unit 505, thereby executing the various function application and realization data processing of terminal.Storage unit
505 mainly include program storage area and data storage area, wherein program storage area can storage program area, at least one function
Required program code, for example the character shown on mapping keyboard is obtained to form the program code for inputting password;Data storage
Area, which can be stored, uses created data (such as audio data, phone directory etc.) etc. according to access point apparatus.Have in the present invention
In body embodiment, storage unit 505 may include volatile memory, such as non-volatile dynamic random access memory
(Nonvolatile RandomAccess Memory, abbreviation NVRAM), phase change random access memory (Phase Change
RAM, abbreviation PRAM), magnetic-resistance random access memory (Magetoresistive RAM, abbreviation MRAM) etc., can also include non-
Volatile memory, for example, at least a disk memory, electronics can erase can plan read-only memory (Electrically
Erasable ProgrammableRead-OnlyMemory, abbreviation EEPROM), flush memory device, such as anti-or flash memory (NOR
Flash memory) or anti-and flash memory (NAND flash memory).Nonvolatile storage stores performed by processor unit
Operating system and program code.Processor unit is from nonvolatile storage load operating program and data to memory and will be digital
Content storage is in mass storage.Operating system include for controlling and manage general system tasks, such as memory management,
Equipment control, power management etc. are stored, and facilitates the various assemblies communicated between various software and hardwares and/or driver.?
In embodiment of the present invention, operating system can be the iOS system of the android system of Google company, the exploitation of Apple company
Or this kind of embedded OS of Windows operating system etc. or Vxworks of Microsoft Corporation exploitation.
Power supply 506 is used to be powered to the different components of access point apparatus to maintain its operation.Understand as generality,
Power supply 506 can be built-in battery, such as common lithium ion battery, nickel-metal hydride battery etc., also include directly setting to access point
The external power supply, such as AC adapter etc. of available electricity.In certain embodiments of the present invention, power supply 506 can also be made more
Extensive definition, for example, can also include power-supply management system, charging system, power failure detection circuit, power adapter or
Inverter, power supply status indicator (such as light emitting diode), and it is associated with the generation of the electric energy of mobile terminal, management and distribution
Other any components.
In access point apparatus shown in Fig. 5, processor unit 502 can call the program stored in storage unit 505
Code, for performing the following operations:
Obtain the first data packet that first terminal needs to be sent to second terminal by wireless network;
The first data packet is parsed to obtain the internet protocol address of second terminal;
Prediction of first data packet by above-mentioned wireless network arrival second terminal is predicted according to the IP address of second terminal
Transmission path;
Determine whether to encrypt the first data packet according to the safety of above-mentioned prediction transmission path.
It can be seen that using access point apparatus described in Fig. 5, script terminal device can be executed to data encryption
Work be transferred to access point apparatus progress, reduce terminal device processor operation burden, and then reduce terminal device function
Consumption.
Referring to Fig. 6, Fig. 6 is a kind of structural schematic diagram of terminal device 600 disclosed by the embodiments of the present invention.The terminal is set
It is standby to can be used as first terminal involved in method described in above-mentioned Fig. 1 and Fig. 2 and second terminal.As shown in fig. 6, in order to just
In explanation, only parts related to embodiments of the present invention are shown, disclosed by specific technical details, please refers to implementation of the present invention
Example method part.The terminal can be include mobile phone, tablet computer, PDA (Personal Digital Assistant, it is personal
Digital assistants), POS (Point of Sales, point-of-sale terminal), any terminal device such as vehicle-mounted computer, be by mobile phone of terminal
Example:
Fig. 6 shows the block diagram of the part-structure of mobile phone relevant to terminal provided in an embodiment of the present invention.With reference to figure
6, mobile phone include: radio frequency (Radio Frequency, RF) circuit 601, memory 602, input unit 603, display unit 604,
Sensor 605, voicefrequency circuit 606, Wireless Fidelity (wireless fidelity, WiFi) module 607, processor 608 and
The components such as power supply 609.It will be understood by those skilled in the art that handset structure shown in Fig. 6 does not constitute the restriction to mobile phone,
It may include perhaps combining certain components or different component layouts than illustrating more or fewer components.
It is specifically introduced below with reference to each component parts of the Fig. 6 to mobile phone:
RF circuit 601 can be used for receiving and sending messages or communication process in, signal sends and receivees, particularly, by base station
After downlink information receives, handled to processor 608;In addition, the data for designing uplink are sent to base station.In general, RF circuit 601
Including but not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier (Low Noise
Amplifier, LNA), duplexer etc..In addition, RF circuit 601 can also be communicated with network and other equipment by wireless communication.
Any communication standard or agreement, including but not limited to global system for mobile communications (Global can be used in above-mentioned wireless communication
System of Mobile communication, GSM), general packet radio service (General Packet Radio
Service, GPRS), CDMA (Code Division Multiple Access, CDMA), wideband code division multiple access
(Wideband Code Division Multiple Access, WCDMA), long term evolution (Long Term Evolution,
LTE), Email, short message service (Short Messaging Service, SMS) etc..
Memory 602 can be used for storing software program and module, and processor 608 is stored in memory 602 by operation
Software program and module, thereby executing the various function application and data processing of mobile phone.Memory 602 can mainly include
Storing program area and storage data area, wherein storing program area can application journey needed for storage program area, at least one function
Sequence (such as sound-playing function, image player function etc.) etc.;Storage data area can be stored to be created according to using for mobile phone
Data (such as audio data, phone directory etc.) etc..It, can be in addition, memory 602 may include high-speed random access memory
Including nonvolatile memory, for example, at least a disk memory, flush memory device or other volatile solid-states
Part.
Input unit 603 can be used for receiving the number or character information of input, and generate with the user setting of mobile phone with
And the related key signals input of function control.Specifically, input unit 603 may include that touch panel 6031 and other inputs are set
Standby 6032.Touch panel 6031, also referred to as touch screen, collecting the touch operation of user on it or nearby, (for example user makes
With the operation of any suitable object or attachment such as finger, stylus on touch panel 6031 or near touch panel 6031),
And corresponding attachment device is driven according to preset formula.Optionally, touch panel 6031 may include touch detecting apparatus
With two parts of touch controller.Wherein, the touch orientation of touch detecting apparatus detection user, and detect touch operation bring
Signal transmits a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and it is converted
At contact coordinate, then processor 608 is given, and order that processor 608 is sent can be received and executed.Furthermore, it is possible to adopt
Touch panel 6031 is realized with multiple types such as resistance-type, condenser type, infrared ray and surface acoustic waves.In addition to touch panel
6031, input unit 603 can also include other input equipments 6032.Specifically, other input equipments 6032 may include but
One be not limited in physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, operating stick etc.
Kind is a variety of.
Display unit 604 can be used for showing information input by user or be supplied to user information and mobile phone it is various
Menu.Display unit 604 may include display panel 6041, optionally, can use liquid crystal display (Liquid Crystal
Display, LCD), the forms such as Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) it is aobvious to configure
Show panel 6041.Further, touch panel 6031 can cover display panel 6041, when touch panel 6031 detects on it
Or after neighbouring touch operation, processor 608 is sent to determine the type of touch event, is followed by subsequent processing device 608 according to touch
The type of event provides corresponding visual output on display panel 6041.Although in Fig. 6, touch panel 6031 and display surface
Plate 6041 is the input and input function for realizing mobile phone as two independent components, but in some embodiments it is possible to
It is touch panel 6031 and display panel 6041 is integrated and that realizes mobile phone output and input function.
Mobile phone may also include at least one sensor 605, such as optical sensor, motion sensor and other sensors.
Specifically, optical sensor may include ambient light sensor and proximity sensor, wherein ambient light sensor can be according to ambient light
Light and shade adjust the brightness of display panel 6041, proximity sensor can close display panel when mobile phone is moved in one's ear
6041 and/or backlight.As a kind of motion sensor, accelerometer sensor can detect in all directions (generally three axis) and add
The size of speed can detect that size and the direction of gravity when static, can be used to identify application (such as the horizontal/vertical screen of mobile phone posture
Switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, tap) etc.;Also as mobile phone
The other sensors such as configurable gyroscope, barometer, hygrometer, thermometer, infrared sensor, details are not described herein.
Voicefrequency circuit 606, loudspeaker 6061, microphone 6062 can provide the audio interface between user and mobile phone.Audio
Electric signal after the audio data received conversion can be transferred to loudspeaker 6061, be converted to by loudspeaker 6061 by circuit 606
Voice signal output;On the other hand, the voice signal of collection is converted to electric signal by microphone 6062, is connect by voicefrequency circuit 606
Audio data is converted to after receipts, then by after the processing of audio data output processor 608, is sent to through RF circuit 601 such as another
One mobile phone, or audio data is exported to memory 602 to be further processed.
WiFi belongs to short range wireless transmission technology, and mobile phone can help user's transceiver electronics postal by WiFi module 607
Part, browsing webpage and access streaming video etc., it provides wireless broadband internet access for user.Although Fig. 6 is shown
WiFi module 607, but it is understood that, and it is not belonging to must be configured into for mobile phone, it can according to need do not changing completely
Become in the range of the essence of invention and omits.
Processor 608 is the control centre of mobile phone, using the various pieces of various interfaces and connection whole mobile phone, is led to
It crosses operation or executes the software program and/or module being stored in memory 602, and call and be stored in memory 602
Data execute the various functions and processing data of mobile phone, to carry out integral monitoring to mobile phone.Optionally, processor 608 can wrap
Include one or more processing units;Preferably, processor 608 can integrate application processor and modem processor, wherein answer
With the main processing operation system of processor, user interface and application program etc., modem processor mainly handles wireless communication.
It is understood that above-mentioned modem processor can not also be integrated into processor 608.
Mobile phone further includes the power supply 609 (such as battery) powered to all parts, it is preferred that power supply can pass through power supply pipe
Reason system and processor 608 are logically contiguous, to realize management charging, electric discharge and power managed by power-supply management system
Etc. functions.
Although being not shown, mobile phone can also include camera, bluetooth module etc., and details are not described herein.
In previous embodiment, each step method process can be realized based on the structure of the terminal device.Wherein application layer and
Operating system nucleus can be considered the component part of the abstract structure of processor 608.
It is worth noting that, included is each in above-mentioned data encryption device, access point apparatus and terminal device embodiment
A unit is only divided according to the functional logic, but is not limited to the above division, as long as can be realized corresponding function
Energy;In addition, the specific name of each functional unit is also only for convenience of distinguishing each other, the guarantor being not intended to restrict the invention
Protect range.
In addition, those of ordinary skill in the art will appreciate that realizing all or part of the steps in above-mentioned each method embodiment
It is that relevant hardware can be instructed to complete by program, corresponding program can store in a kind of computer readable storage medium
In, storage medium mentioned above can be read-only memory, disk or CD etc..
The above is only the preferable specific embodiments of the present invention, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art the variation that can readily occur in or replaces in the technical scope that the embodiment of the present invention discloses
It changes, should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of claim
Subject to enclosing.
Claims (8)
1. a kind of data ciphering method characterized by comprising
Access point obtains the first data packet that first terminal needs to be sent to second terminal by wireless network;
First data packet is parsed to obtain the internet protocol address of the second terminal;
Predict that first data packet reaches described second eventually by the wireless network according to the IP address of the second terminal
The prediction transmission path at end;
Determine whether to encrypt first data packet according to the safety of the prediction transmission path;
The safety according to the prediction transmission path determines whether to encrypt first data packet, comprising:
The record whether the first transmission node that described access point is inquired in the prediction transmission path has data to be stolen;
If first transmission node has the record that data are stolen, determine that the prediction transmission path is dangerous, needs pair
First data packet is encrypted.
2. method according to claim 1, which is characterized in that described according to the IP address of second terminal prediction described the
One data packet reaches the prediction transmission path of the second terminal by the wireless network, comprising:
Described access point determines the subnet IP of the affiliated subnet of the second terminal according to the IP address of the second terminal;
It is recorded according to the subnet IP query history, to determine whether be transmitted across the second data packet before current time to described the
The affiliated subnet of two terminals;
It is sent described in second data packet to the historic transmission path of the affiliated subnet of second terminal conduct if so, obtaining
Predict transmission path.
3. the method according to claim 1~any one of 2, which is characterized in that the method also includes:
Described access point parses first data packet to obtain the data content in first data packet;
Keyword extraction is carried out to determine whether to encrypt first data packet to the data content.
4. method according to claim 3, which is characterized in that described to carry out keyword extraction to the data content with determination
Whether first data packet is encrypted, comprising:
Described access point determines whether the data content in first data packet includes account number cipher information;
If the data content in first data packet includes account number cipher information, first data packet is encrypted.
5. a kind of data encryption device characterized by comprising
First acquisition unit needs to be sent to the first data packet of second terminal by wireless network for obtaining first terminal;
First resolution unit, for parsing first data packet to obtain the internet protocol address of the second terminal;
Predicting unit, for predicting that first data packet is arrived by the wireless network according to the IP address of the second terminal
Up to the prediction transmission path of the second terminal;
Determination unit, for determining whether to add first data packet according to the safety of the prediction transmission path
It is close;
The determination unit, comprising:
Whether the second inquiry subelement, the first transmission node for inquiring in the prediction transmission path have data to be stolen
Record;
Judgment sub-unit, if determining prediction transmission road for the record that first transmission node has data to be stolen
Diameter is dangerous, needs to encrypt first data packet.
6. device according to claim 5, which is characterized in that the predicting unit, comprising:
First determines subelement, for determining the subnet of the affiliated subnet of the second terminal according to the IP address of the second terminal
IP;
First inquiry subelement, for being recorded according to the subnet IP query history, to determine whether current time sends before
The second data packet is crossed to the affiliated subnet of the second terminal;
Subelement is obtained, if obtaining for being transmitted across the second data packet to the affiliated subnet of the second terminal and sending described the
Two data packets are to the historic transmission path of the affiliated subnet of the second terminal as the prediction transmission path.
7. the device according to any one of claim 5~6, which is characterized in that described device further include:
Second resolution unit, for parsing first data packet to obtain the data content in first data packet;
Extraction unit, for carrying out keyword extraction to the data content to determine whether to add first data packet
It is close.
8. device according to claim 7, which is characterized in that the extraction unit, comprising:
Second determines subelement, for determining whether the data content in first data packet includes account number cipher information;
Encryption sub-unit operable, if including account number cipher information for the data content in first data packet, to described first
Data packet encryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611271125.3A CN106603568B (en) | 2016-12-30 | 2016-12-30 | Data ciphering method, device and access point apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611271125.3A CN106603568B (en) | 2016-12-30 | 2016-12-30 | Data ciphering method, device and access point apparatus |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106603568A CN106603568A (en) | 2017-04-26 |
| CN106603568B true CN106603568B (en) | 2019-09-17 |
Family
ID=58582125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611271125.3A Active CN106603568B (en) | 2016-12-30 | 2016-12-30 | Data ciphering method, device and access point apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106603568B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107360566B (en) * | 2017-07-25 | 2020-11-27 | 深圳市盛路物联通讯技术有限公司 | Type-based uplink data encryption control method and device for Internet of things terminal |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624722A (en) * | 2012-03-05 | 2012-08-01 | 苏州市职业大学 | Safe transferring method of data based on network |
| CN103916233A (en) * | 2014-03-28 | 2014-07-09 | 小米科技有限责任公司 | Information encryption method and device |
| CN104935593A (en) * | 2015-06-16 | 2015-09-23 | 杭州华三通信技术有限公司 | Data message transmitting method and device |
| US9338092B1 (en) * | 2014-06-20 | 2016-05-10 | Amazon Technologies, Inc. | Overlay networks for application groups |
| CN105847072A (en) * | 2015-01-15 | 2016-08-10 | 华为技术有限公司 | Method and device for detecting transmission path of data stream in software defined network |
-
2016
- 2016-12-30 CN CN201611271125.3A patent/CN106603568B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624722A (en) * | 2012-03-05 | 2012-08-01 | 苏州市职业大学 | Safe transferring method of data based on network |
| CN103916233A (en) * | 2014-03-28 | 2014-07-09 | 小米科技有限责任公司 | Information encryption method and device |
| US9338092B1 (en) * | 2014-06-20 | 2016-05-10 | Amazon Technologies, Inc. | Overlay networks for application groups |
| CN105847072A (en) * | 2015-01-15 | 2016-08-10 | 华为技术有限公司 | Method and device for detecting transmission path of data stream in software defined network |
| CN104935593A (en) * | 2015-06-16 | 2015-09-23 | 杭州华三通信技术有限公司 | Data message transmitting method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106603568A (en) | 2017-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11088836B2 (en) | Key updating method, apparatus, and system | |
| US10880746B2 (en) | Network connection method, apparatus, storage medium and terminal | |
| CN104601207B (en) | A kind of data transmission method, user terminal and system | |
| CN104580167B (en) | A kind of methods, devices and systems transmitting data | |
| CN110417543B (en) | Data encryption method, device and storage medium | |
| RU2628488C2 (en) | Method, terminal device and server for nfc data transfer | |
| CN108809906B (en) | Data processing method, system and device | |
| CN106331372B (en) | Data transmission method and mobile terminal | |
| WO2018049886A1 (en) | Hotspot establishment method and terminal device | |
| CN105681032B (en) | Method for storing cipher key, key management method and device | |
| CN108702623A (en) | A kind of configuration method and equipment of WLAN | |
| CN104901991B (en) | Virtual resource transfer method, device and system | |
| CN107423099B (en) | Key code programming method, server, terminal, key code programming system and storage medium | |
| CN106658354B (en) | A kind of data transmission method and equipment | |
| CN106599698B (en) | A kind of method and apparatus for encrypting picture, decrypting picture | |
| CN107395469A (en) | The location information acquisition method and device of intelligent home device | |
| CN107590397A (en) | A kind of method and apparatus for showing embedded webpage | |
| CN107154935A (en) | service request method and device | |
| CN106658623A (en) | Hotspot network switching method and terminal equipment | |
| CN108702625A (en) | A kind of method, apparatus and terminal for establishing WLAN connection | |
| CN106685948A (en) | Data processing method, terminal, communication device and data processing system | |
| CN106790009A (en) | Information processing method, device and mobile terminal | |
| CN116541865A (en) | Password input method, device, equipment and storage medium based on data security | |
| CN105488433B (en) | Terminal key generation method and device | |
| CN104639394B (en) | Statistical method, the device and system of client number of users |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18 Applicant after: OPPO Guangdong Mobile Communications Co., Ltd. Address before: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18 Applicant before: Guangdong OPPO Mobile Communications Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |