CN111865829B - Encryption and decryption method and device for service data - Google Patents
Encryption and decryption method and device for service data Download PDFInfo
- Publication number
- CN111865829B CN111865829B CN201910332871.6A CN201910332871A CN111865829B CN 111865829 B CN111865829 B CN 111865829B CN 201910332871 A CN201910332871 A CN 201910332871A CN 111865829 B CN111865829 B CN 111865829B
- Authority
- CN
- China
- Prior art keywords
- service data
- data frame
- type
- type service
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
- H04L47/62—Queue scheduling characterised by scheduling criteria
- H04L47/625—Queue scheduling characterised by scheduling criteria for service slots or service orders
- H04L47/6275—Queue scheduling characterised by scheduling criteria for service slots or service orders based on priority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The embodiment of the invention provides an encryption and decryption method and equipment for service data, wherein the method comprises the following steps: judging whether a first type service data frame exists or not; if the first type of service data frame does not exist, acquiring a second type of service data frame, and cutting the second type of service data frame into a plurality of data packets according to a set rule; selecting one data packet from the plurality of data packets as a target data packet, encrypting or decrypting the target data packet, and judging whether a first type service data frame sent by a terminal is received or not; if yes, encrypting or decrypting the first type service data frame; and if not, selecting a new data packet from the rest data packets as a target data packet, and continuing to perform the step of encrypting or decrypting the target data packet. The embodiment of the invention can prevent the second type service data frame from blocking the first type service data frame.
Description
Technical Field
The embodiment of the invention relates to the technical field of data encryption, in particular to an encryption and decryption method and equipment for service data.
Background
With the continuous development of internet technology, people pay more and more attention to the protection of information and the protection of data transmitted between networks, and data encryption and decryption technology is used in more and more fields.
At present, an encryption card is used to encrypt or decrypt service data, and when various types of service data need to be encrypted or decrypted, the encryption card is used to encrypt or decrypt different types of service data according to the sequence of receiving the service data.
However, the inventor finds that in the prior art, the manner of encrypting or decrypting the received service data according to the sequence of the received service data causes the service data with low real-time performance to block the service data with high real-time performance, which results in poor user experience.
Disclosure of Invention
The invention provides an encryption and decryption method and equipment for service data, which solve the problem that the service data with high real-time performance is blocked by the service data with low real-time performance when the service data is encrypted or decrypted in the prior art.
In a first aspect, the present invention provides a method for encrypting and decrypting service data, including:
judging whether a first type service data frame exists or not;
if the first type of service data frame does not exist, acquiring a second type of service data frame, and cutting the second type of service data frame into a plurality of data packets according to a set rule;
selecting one data packet from the plurality of data packets as a target data packet, encrypting or decrypting the target data packet, and judging whether a first type service data frame sent by a terminal is received;
if a first type service data frame sent by a terminal is received, encrypting or decrypting the first type service data frame;
and if the first type service data frame sent by the terminal is not received, selecting a new data packet from the rest data packets as a target data packet, continuing to perform encryption or decryption processing on the target data packet, and judging whether the first type service data frame sent by the terminal is received.
In a first possible implementation manner of the first aspect, the method further includes:
and if the first type service data frame exists, encrypting or decrypting the first type service data frame.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner, after the encrypting or decrypting the first type service data frame if the first type service data frame exists, the method further includes:
judging whether a second type service data frame exists or not;
and if the second type service data frame exists, executing the step of acquiring the second type service data frame.
In a third possible implementation manner of the first aspect, before the determining whether there is a first type service data frame, the method further includes:
receiving a plurality of service data frames sent by a terminal, wherein the type of the service data frame is a first type service data frame or a second type service data frame;
and storing the first type service data frames as a first queue according to the receiving time sequence, and storing the second type service data frames as a second queue according to the receiving time sequence.
With reference to the third possible implementation manner of the first aspect, in a fourth possible implementation manner, a plurality of second type service data frames are provided;
the acquiring the second type service data frame includes:
and acquiring the second type service data frames from the stored second queue according to the receiving time sequence.
With reference to the third possible implementation manner of the first aspect, in a fifth possible implementation manner, the method further includes:
if the first type service data frames exist and the number of the first type service data frames is multiple, the first type service data frames are obtained from the stored first queue according to the receiving time sequence, and the obtained first type service data frames are encrypted or decrypted.
In a sixth possible implementation manner of the first aspect, the setting of the cutting rule is: the length L of the data packet satisfies L < M.T-S, wherein M is the throughput rate of encryption or decryption, T is the time interval of the second type service data frame, and S is the length of the second type service data frame.
In a seventh possible implementation manner of the first aspect, after the first type service data frame is decrypted or decrypted if the first type service data frame sent by the terminal is received, the step of determining whether the first type service data frame sent by the terminal is received is performed.
In an eighth possible implementation manner of the first aspect, the method further includes: and after the plurality of data packets are encrypted or decrypted, recombining the encrypted or decrypted data packets into a frame data frame, and returning the recombined data frame to the terminal.
In a second aspect, an embodiment of the present invention provides a method for encrypting and decrypting service data, including:
the judging module is used for judging whether a first type of service data frame exists or not;
the cutting module is used for acquiring a second type of service data frame if the first type of service data frame does not exist, and cutting the second type of service data frame into a plurality of data packets according to a set rule;
the encryption and decryption module is used for selecting one data packet from the plurality of data packets as a target data packet, encrypting or decrypting the target data packet and judging whether a first type of service data frame sent by a terminal is received or not;
if a first type service data frame sent by a terminal is received, the first type service data frame is decrypted or decrypted;
and if the first type service data frame sent by the terminal is not received, selecting a new data packet from the rest data packets as a target data packet, continuing to perform encryption or decryption processing on the target data packet, and judging whether the first type service data frame sent by the terminal is received.
In a third aspect, an embodiment of the present invention provides an apparatus for encrypting and decrypting service data, including: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor executes a method for encrypting and decrypting service data according to any one of the first aspect of the embodiments of the present invention.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer executing instruction is stored in the computer-readable storage medium, and when a processor executes the computer executing instruction, the method for encrypting and decrypting service data according to any one of the first aspect of the embodiments of the present invention is implemented.
The method includes the steps that when a first type service data frame does not exist, a second type service data frame is cut into a plurality of data packets, one data packet is selected as a target data packet, encryption or decryption processing is conducted on the target data packet, after encryption or decryption of the target data packet is completed, if the first type service data frame sent by a terminal is received, encryption or decryption processing is preferentially conducted on the first type service data frame, if the first type service data frame sent by the terminal is not received, a new data packet is selected from the remaining data packets to serve as the target data packet, and encryption or decryption processing is continuously conducted on the target data packet. In the process of encrypting or decrypting the second type service data frame, if the first type service data frame is received, the embodiment of the invention can preferentially encrypt or decrypt the first type service data frame, thereby preventing the second type service data frame with low real-time requirement from blocking the first type service data frame with high real-time requirement.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is an architecture diagram of an encryption and decryption system for service data according to an embodiment of the present invention;
fig. 2 is a first flowchart of a method for encrypting and decrypting service data according to an embodiment of the present invention;
fig. 3 is a second flowchart of an encryption and decryption method for service data according to an embodiment of the present invention;
fig. 4 is a third flowchart of an encryption and decryption method for service data according to an embodiment of the present invention;
fig. 5 is a first schematic structural diagram of an apparatus for encrypting and decrypting service data according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a second apparatus for encrypting and decrypting service data according to an embodiment of the present invention;
fig. 7 is a schematic hardware structure diagram of an encryption and decryption device for service data according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Referring to fig. 1, fig. 1 is an architecture diagram of an encryption and decryption system for service data according to an embodiment of the present invention, as shown in fig. 1, the encryption and decryption system for service data according to the embodiment includes a terminal 101 and a server 102, and the terminal 101 and the server 102 are connected through a network 103.
The terminal 101 includes but is not limited to: desktop computer, notebook computer, panel computer, cell-phone, intelligent wearing equipment etc..
The server 102 includes, but is not limited to: a single server, a server cluster composed of a plurality of servers, a cloud server, etc.
The terminal 101 sends the service data frame to the server 102 through the network 103, and the server 102 encrypts or decrypts the service data frame and returns the encrypted or decrypted service data frame to the terminal 101 through the network 102.
The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 2 is a first flowchart of a method for encrypting and decrypting service data according to an embodiment of the present invention, where an execution main body of the embodiment is the server in fig. 1. As shown in fig. 2, the method of this embodiment may include:
step S201, determining whether there is a first type service data frame, if not, executing step S202.
Step S202, a second type service data frame is obtained, and the second type service data frame is cut into a plurality of data packets according to a set rule.
Step S203, selecting one data packet from the plurality of data packets as a target data packet.
And step S204, encrypting or decrypting the target data packet.
Step S205 determines whether the first type service data frame sent by the terminal is received, if yes, step S206 is executed, and if no, step S207 is executed.
Step S206, performing decryption or decryption processing on the first type service data frame.
In step S207, a new data packet is selected from the remaining data packets as a target data packet, and step S204 is continued.
In the embodiment of the present invention, the first type service data frame is a service data frame with a high requirement on real-time performance, and the first type service data frame has a high requirement on delay and jitter. The second type service data frame is a service data frame with low real-time requirement or a non-real-time service data frame, and the second type service data frame has low requirements on time delay and jitter. That is, the requirement of the first type of service data frame on the real-time property is higher than that of the second type of service data frame. For example, the first type of service data frame is a voice data frame, and the second type of service data frame is a video data frame or a short multimedia message data frame, or the first type of service data frame is a voice data frame or a video data frame, and the second type of service data frame is a short multimedia message data frame.
After receiving the service data frame sent by the terminal, the server judges whether a first type service data frame exists in the service data frame, if the first type service data frame does not exist, the received service data frame is a second type service data frame which has low real-time requirement, and at the moment, the server cuts the second type service data frame into a plurality of data packets according to a set rule. The set rule sets the cutting length of the data packets, and the length of the data packets meets the requirement that the server does not block encryption or decryption processing on the first type service data frame when encrypting or decrypting one of the data packets.
The server cuts the second type service data frame into a plurality of data packets, selects one data packet from the plurality of data packets as a target data packet, encrypts or decrypts the target data packet, judges whether the first type service data frame sent by the terminal is received or not after the encryption or decryption of the target data packet is completed, preferentially encrypts or decrypts the first type service data frame if the server receives the first type service data frame sent by the terminal, and continues to encrypt or encrypt one of the remaining data packets if the server does not receive the first type service data frame sent by the terminal. That is, after completing encryption or decryption processing on one data packet, the server determines whether to receive a first type service data frame sent by the terminal, if the first type service data frame sent by the terminal is received, the server preferentially encrypts or decrypts the first type service data frame, and if the first type service data frame is not received, the server then encrypts or decrypts the next data packet.
The embodiment of the invention cuts the second type service data frame into a plurality of data packets when the first type service data frame does not exist, selects one data packet as a target data packet, encrypts or decrypts the target data packet, preferentially encrypts or decrypts the first type service data frame if the first type service data frame sent by the terminal is received after the target data packet is encrypted or decrypted, and selects a new data packet from the rest data packets as the target data packet if the first type service data frame sent by the terminal is not received, and continues to encrypt or decrypt the target data packet. In the process of encrypting or decrypting the second type service data frame, if the first type service data frame is received, the embodiment of the invention can preferentially encrypt or decrypt the first type service data frame, thereby preventing the second type service data frame with low real-time requirement from blocking the first type service data frame with high real-time requirement.
As an embodiment of the present invention, the set cutting rule is: and the length L of the data packet satisfies L < M.T-S, wherein M is the throughput rate of encryption or decryption, T is the time interval of the second type service data frame, and S is the length of the second type service data frame.
In the embodiment of the invention, the length of the data packet satisfies the relation L < M.T-S, so that the server does not block the encryption or decryption processing of the first type service data frame when the server encrypts or decrypts the data packet of the second type service data frame.
Fig. 3 is a second flowchart of a method for encrypting and decrypting service data according to an embodiment of the present invention, as shown in fig. 3, the method according to the embodiment may include:
step S201, determining whether there is a first type service data frame, if not, performing step S202, and if so, performing step S208.
Step S202, a second type service data frame is obtained, and the second type service data frame is cut into a plurality of data packets according to a set rule.
Step S203, selecting one data packet from the plurality of data packets as a target data packet.
And step S204, encrypting or decrypting the target data packet.
Step S205, determining whether a first type service data frame sent by the terminal is received, if yes, executing step S206, and if no, executing step S207.
Step S206, the first type service data frame is decrypted or decrypted, and step S205 is continuously executed.
In step S207, a new data packet is selected from the remaining data packets as a target data packet, and step S204 is continued.
Step S208, encrypt or decrypt the first type service data frame.
Step S209 determines whether there is a second type of service data frame, if yes, step S202 is executed, and if no, the process is ended.
In the embodiment of the present invention, the implementation manners of step S201 to step S207 are the same as the implementation manners of step S201 to step S207 shown in fig. one, and the embodiment of the present invention is not described again.
In the embodiment of the invention, after receiving a service data frame sent by a terminal, a server judges whether a first type service data frame exists in the service data frame, if so, the server encrypts or decrypts the first type service data frame, and returns the encrypted or decrypted first type service data frame to the terminal. After the encryption or decryption process of the first type of service data frame is completed, whether a second type of service data frame exists is judged, if the second type of service data frame exists, the steps S202 to S207 are executed, the encryption or decryption process is performed on the second type of service data frame, and if the second type of service data frame does not exist, the process is ended.
In the embodiment of the invention, if the first type of service data frame exists, the first type of service data frame is preferentially encrypted or decrypted, and after the encryption or decryption of the first type of service data frame is completed, if the second type of service data frame exists, the second type of service data frame is then encrypted or decrypted, so that the first type of service data frame can be preferentially decrypted or decrypted, and the requirement of the first type of service data frame on the real-time property is ensured.
As an embodiment of the present invention, on the basis of the embodiment shown in fig. 1, the embodiment of the present invention may include:
and after the plurality of data packets are encrypted or decrypted, recombining the encrypted or decrypted data packets into a frame data frame, and returning the recombined data frame to the terminal.
In the embodiment of the invention, after a plurality of data packets are encrypted or decrypted, the encrypted or decrypted data packets are recombined into a frame of data according to the cutting sequence of the data packets, and the frame of data is returned to the terminal to complete the encryption of the service data.
Next, the encryption and decryption method of the service data will be described in detail by using a specific example.
For example, the first type of service data frame is a voice data frame with a high requirement on real-time performance, the second type of service data frame is a video data frame with a low requirement on real-time performance, and the encryption and decryption method of the service data comprises the following steps:
the server receives the service data frame sent by the terminal, judges whether the service data frame has a voice data frame, encrypts or decrypts the voice data frame if the voice data frame exists, and returns the encrypted or decrypted voice data frame to the terminal. After the voice data frame is encrypted or decrypted, whether a video data frame exists is judged, if yes, the video data frame is obtained, and the video data frame is cut into a plurality of data packets according to a set rule. If no video data frame exists, the process ends.
And if the voice data frame does not exist in the service data frame received by the server, acquiring the video data frame, and cutting the video data frame into a plurality of data packets according to a set rule.
After the video data frame is cut into a plurality of data packets, one data packet is selected from the plurality of data packets as a target data packet, and the target data packet is encrypted or decrypted.
After the target data packet is encrypted or decrypted, whether a voice data frame sent by the terminal is received or not is judged, and if the voice data frame sent by the terminal is received, the voice data frame is encrypted or decrypted. And after the voice data frame is encrypted or decrypted, continuing to execute the step of judging whether the voice data frame sent by the terminal is received.
And if the voice data frame sent by the terminal is not received, selecting a new data packet from the rest data packets as a target data packet, and continuing to perform the step of encrypting or decrypting the target data packet until all the data packets are encrypted or decrypted.
And after all the data packets are encrypted or decrypted, recombining the data packets after encryption or decryption into one frame of data, and returning the recombined one frame of data to the terminal.
Fig. 4 is a flow chart of a third method for encrypting and decrypting service data according to an embodiment of the present invention, as shown in fig. 4, on the basis of the embodiment shown in fig. 1, the method of this embodiment may further include, before step S201:
step S401 is to receive a plurality of service data frames sent by a terminal, where the type of the service data frame is a first type service data frame or a second type service data frame.
Step S402, storing the first type service data frame as a first queue according to the receiving time sequence, and storing the second type service data frame as a second queue according to the receiving time sequence.
In the embodiment of the present invention, a server receives a plurality of service data frames sent by a terminal, where the plurality of service data frames may all be first type service data frames, may all be second type service data frames, and may include both the first type service data frames and the second type service data frames. If a plurality of first type service data frames are received, the first type service data frames are stored as a first queue according to the receiving time sequence, and if a plurality of second type service data frames are received, the first type service data frames are stored as a second queue according to the receiving time sequence.
As an embodiment of the present invention, on the basis of the embodiment shown in fig. 4, there are a plurality of the second type service data frames; step S202 acquires a second type service data frame, including:
and acquiring the second type service data frames from the stored second queue according to the receiving time sequence.
In the embodiment of the present invention, when a plurality of second-type data frames are present, the second-type service data frames are encrypted or decrypted according to the receiving time sequence, so that the second-type service data frames received first are preferentially processed.
As an embodiment of the present invention, on the basis of the embodiment shown in fig. 4, before step S202, the method of this embodiment may further include:
if the first type service data frame exists and the number of the first type service data frames is multiple, the first type service data frame is obtained from the stored first queue according to the receiving time sequence, and the obtained first type service data frame is encrypted or decrypted.
In the embodiment of the present invention, when a plurality of first-type service data frames are present, the first-type service data frames are encrypted or decrypted according to the receiving time sequence, so that the first-type service data frames received first are preferentially processed.
The service data frame of the embodiment of the present invention may further include a plurality of service data frames with different requirements for real-time performance, for example, a first type service data frame, a second type service data frame, and a third type service data frame, where the requirements for real-time performance are from high to low, respectively, the first type service data frame, the second type service data frame, and the third type service data frame. For example, the first type of service data frame is a voice data frame, the second type of service data frame is a video data frame, and the third type of service data frame is a short multimedia message data frame. The encryption and decryption method of the service data comprises the following steps:
according to the method of the embodiment shown in fig. 2 or fig. 3, the first type service data frame and the second type service data frame are encrypted or decrypted, and after the encryption or decryption of the second type service data frame is completed, the third service data frame is encrypted or decrypted, wherein the encryption or decryption of the third service data frame includes the following steps:
cutting the third type service data frame into a plurality of cutting packets according to a set rule, selecting one cutting packet from the plurality of cutting packets as a target cutting packet, encrypting or decrypting the target cutting packet, and judging whether the first type service data frame and the second service data frame sent by the terminal are received or not;
if a first type service data frame sent by a terminal is received, encrypting or decrypting the first type service data frame;
if the second type service data frame sent by the terminal is received, the second type service data frame is encrypted or decrypted according to steps S202 to S207 shown in fig. 2 or fig. 3.
If the first type service data frame and the second type service data frame sent by the terminal are not received, selecting a new cutting packet from the rest cutting packets as a target cutting packet, continuously performing encryption or decryption processing on the target cutting packet, and judging whether the first type service data frame and the second type service data frame sent by the terminal are received.
Fig. 5 is a schematic structural diagram of a first apparatus for encrypting and decrypting service data according to an embodiment of the present invention, and as shown in fig. 5, an apparatus 500 for encrypting and decrypting service data according to the present embodiment includes: the system comprises a judging module 501, a cutting module 502 and an encryption and decryption module 503, wherein the specific functions of the modules are as follows:
the determining module 501 is configured to determine whether a first type of service data frame exists.
The cutting module 502 is configured to, if there is no first type of service data frame, obtain a second type of service data frame, and cut the second type of service data frame into a plurality of data packets according to a set rule.
An encryption and decryption module 503, configured to select one data packet from the multiple data packets as a target data packet, encrypt or decrypt the target data packet, and determine whether a first type of service data frame sent by a terminal is received;
if a first type service data frame sent by a terminal is received, the first type service data frame is decrypted or decrypted;
and if the first type service data frame sent by the terminal is not received, selecting a new data packet from the rest data packets as a target data packet, continuing to perform encryption or decryption processing on the target data packet, and judging whether the first type service data frame sent by the terminal is received.
As an embodiment of the present invention, the encryption/decryption module 503 is further configured to encrypt or decrypt the first type service data frame if the first type service data frame exists.
As an embodiment of the present invention, the encryption/decryption module 503 is further configured to determine whether a second type of service data frame exists after performing the encryption or decryption processing step on the first type of service data frame if the first type of service data frame exists;
and if the second type of service data frame exists, executing the step of acquiring the second type of service data frame and cutting the second type of service data frame into a plurality of data packets according to a set rule.
Fig. 6 is a second schematic structural diagram of a device for encrypting and decrypting service data according to an embodiment of the present invention, as shown in fig. 6, based on the embodiment shown in fig. 5, the device 500 for encrypting and decrypting service data according to the present embodiment further includes:
a receiving module 504, configured to receive multiple service data frames sent by a terminal, where the type of the service data frame is a first type service data frame or a second type service data frame;
and storing the first type service data frames as a first queue according to the receiving time sequence, and storing the second type service data frames as a second queue according to the receiving time sequence.
As an embodiment of the present invention, on the basis of the embodiment shown in fig. 6, the cutting module 502 is specifically configured to obtain the second type of service data frames from the stored second queue according to the receiving time sequence.
As an embodiment of the present invention, on the basis of the embodiment shown in fig. 6, if there are multiple first type service data frames, the encryption/decryption module 503 is further configured to obtain the first type service data frames from the stored first queue according to the receiving time sequence, and encrypt or decrypt the obtained first type service data frames.
As an embodiment of the present invention, the set cutting rule is: the length L of the data packet satisfies L < M.T-S, wherein M is the throughput rate of encryption or decryption, T is the time interval of the second type service data frame, and S is the length of the second type service data frame.
As an embodiment of the present invention, after the first type service data frame sent by the terminal is received and decrypted or decrypted, the step of determining whether the first type service data frame sent by the terminal is received is performed.
As an embodiment of the present invention, the system further includes a reassembly module 505, configured to, after all the data packets are encrypted or decrypted, reassemble the encrypted or decrypted data packets into a frame data frame, and return the reassembled data frame to the terminal.
The apparatus of the present embodiment may be used to implement the method embodiments shown in fig. 2 to fig. 4, which have similar implementation principles and technical effects, and are not described herein again.
Fig. 7 is a schematic hardware structure diagram of an encryption and decryption device for service data according to an embodiment of the present invention. As shown in fig. 7, the encryption and decryption apparatus 700 for service data provided in this embodiment includes: at least one processor 701 and a memory 702. The encryption and decryption apparatus 700 for service data further includes a communication section 703. The processor 701, the memory 702, and the communication section 703 are connected by a bus 704.
In a specific implementation process, the at least one processor 701 executes computer-executable instructions stored in the memory 702, so that the at least one processor 701 executes the encryption and decryption method for service data in any one of the above method embodiments. The communication component 703 is used for communicating with the terminal device and/or the server.
For a specific implementation process of the processor 701, reference may be made to the above method embodiments, which implement principles and technical effects similar to each other, and details of this embodiment are not described herein again.
In the embodiment shown in fig. 7, it should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
The memory may comprise high speed RAM memory, and may also include non-volatile storage NVM, such as at least one disk memory.
The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer execution instruction is stored in the computer-readable storage medium, and when a processor executes the computer execution instruction, the method for encrypting and decrypting service data in any of the above method embodiments is implemented.
The computer-readable storage medium described above may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. Readable storage media can be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary readable storage medium is coupled to the processor such the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium may also be an integral part of the processor. The processor and the readable storage medium may reside in an Application Specific Integrated Circuits (ASIC). Of course, the processor and the readable storage medium may also reside as discrete components in the apparatus.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (11)
1. An encryption and decryption method for service data, comprising:
judging whether a first type service data frame exists or not;
if the first type of service data frame does not exist, acquiring a second type of service data frame, and cutting the second type of service data frame into a plurality of data packets according to a set rule; the set rule is as follows: the length L of the data packet satisfies
Wherein, M is the throughput rate of encryption or decryption, T is the time interval of the second type service data frame, and S is the length of the second type service data frame;
selecting one data packet from the plurality of data packets as a target data packet, encrypting or decrypting the target data packet, and judging whether a first type service data frame sent by a terminal is received or not;
if a first type service data frame sent by a terminal is received, encrypting or decrypting the first type service data frame;
and if the first type service data frame sent by the terminal is not received, selecting a new data packet from the rest data packets as a target data packet, continuing to perform encryption or decryption processing on the target data packet, and judging whether the first type service data frame sent by the terminal is received.
2. The method of claim 1, further comprising:
and if the first type service data frame exists, encrypting or decrypting the first type service data frame.
3. The method according to claim 2, wherein if there is a first type service data frame, after encrypting or decrypting the first type service data frame, further comprising:
judging whether a second type service data frame exists or not;
and if the second type of service data frame exists, executing the step of acquiring the second type of service data frame and cutting the second type of service data frame into a plurality of data packets according to a set rule.
4. The method according to any of claims 1 to 3, wherein before determining whether the first type of service data frame exists, further comprising:
receiving a plurality of service data frames sent by a terminal, wherein the type of the service data frame is a first type service data frame or a second type service data frame;
and storing the first type service data frames as a first queue according to the receiving time sequence, and storing the second type service data frames as a second queue according to the receiving time sequence.
5. The method of claim 4, wherein the second type of traffic data frame is plural;
the acquiring the second type service data frame includes:
and acquiring the second type service data frames from the stored second queue according to the receiving time sequence.
6. The method of claim 4, further comprising:
if the first type service data frame exists and the number of the first type service data frames is multiple, the first type service data frame is obtained from the stored first queue according to the receiving time sequence, and the obtained first type service data frame is encrypted or decrypted.
7. The method according to claim 1, wherein if the first type service data frame sent by the terminal is received, after the first type service data frame is decrypted or decrypted, the step of determining whether the first type service data frame sent by the terminal is received is performed.
8. The method of claim 1, further comprising: and after the plurality of data packets are encrypted or decrypted, recombining the encrypted or decrypted data packets into a frame data frame, and returning the recombined data frame to the terminal.
9. An apparatus for encrypting and decrypting service data, comprising:
the judging module is used for judging whether a first type of service data frame exists or not;
the cutting module is used for acquiring a second type of service data frame if the first type of service data frame does not exist, and cutting the second type of service data frame into a plurality of data packets according to a set rule; the set rule is as follows: the length L of the data packet satisfies
Wherein, M is the throughput rate of encryption or decryption, T is the time interval of the second type service data frame, and S is the length of the second type service data frame;
the encryption and decryption module is used for selecting one data packet from the plurality of data packets as a target data packet, encrypting or decrypting the target data packet and judging whether a first type service data frame sent by a terminal is received or not;
if a first type service data frame sent by a terminal is received, the first type service data frame is decrypted or decrypted;
and if the first type service data frame sent by the terminal is not received, selecting a new data packet from the rest data packets as a target data packet, continuing to perform encryption or decryption processing on the target data packet, and judging whether the first type service data frame sent by the terminal is received.
10. An encryption and decryption apparatus for service data, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executes computer-executable instructions stored in the memory, so that the at least one processor executes the encryption and decryption method for the service data according to any one of claims 1 to 8.
11. A computer-readable storage medium, wherein the computer-readable storage medium stores computer-executable instructions, and when the computer-executable instructions are executed by a processor, the method for encrypting and decrypting service data according to any one of claims 1 to 8 is implemented.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910332871.6A CN111865829B (en) | 2019-04-24 | 2019-04-24 | Encryption and decryption method and device for service data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910332871.6A CN111865829B (en) | 2019-04-24 | 2019-04-24 | Encryption and decryption method and device for service data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111865829A CN111865829A (en) | 2020-10-30 |
| CN111865829B true CN111865829B (en) | 2022-08-02 |
Family
ID=72952375
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910332871.6A Active CN111865829B (en) | 2019-04-24 | 2019-04-24 | Encryption and decryption method and device for service data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111865829B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1540916A (en) * | 2003-04-24 | 2004-10-27 | 松下电器产业株式会社 | Encrypted information pack processing appts, method, program and program recording medium |
| CN104104620A (en) * | 2013-04-15 | 2014-10-15 | 国际商业机器公司 | Virtual enhanced transmission selection (VETS) for lossless ethernet |
| CN106372254A (en) * | 2016-09-28 | 2017-02-01 | 广州华多网络科技有限公司 | Business data processing method and device, and terminal |
| CN107360566A (en) * | 2017-07-25 | 2017-11-17 | 深圳市盛路物联通讯技术有限公司 | Upstream data control extension method and device of the internet-of-things terminal based on type |
| CN107809396A (en) * | 2017-12-05 | 2018-03-16 | 郑州云海信息技术有限公司 | A kind of business scheduling method and device |
| CN107959639A (en) * | 2016-10-18 | 2018-04-24 | 中兴通讯股份有限公司 | A kind of method and device for business processing |
| CN108462646A (en) * | 2017-02-17 | 2018-08-28 | 华为技术有限公司 | A kind of message processing method and device |
| CN108768888A (en) * | 2018-04-20 | 2018-11-06 | 北京国电通网络技术有限公司 | A kind of array dispatching method of electric system quantum cryptography business |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050175184A1 (en) * | 2004-02-11 | 2005-08-11 | Phonex Broadband Corporation | Method and apparatus for a per-packet encryption system |
| KR101059181B1 (en) * | 2006-05-16 | 2011-08-25 | 케이디디아이 가부시키가이샤 | Encryption device, decryption device, license issuing device, and method of generating content data |
| US9311500B2 (en) * | 2013-09-25 | 2016-04-12 | Amazon Technologies, Inc. | Data security using request-supplied keys |
-
2019
- 2019-04-24 CN CN201910332871.6A patent/CN111865829B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1540916A (en) * | 2003-04-24 | 2004-10-27 | 松下电器产业株式会社 | Encrypted information pack processing appts, method, program and program recording medium |
| CN104104620A (en) * | 2013-04-15 | 2014-10-15 | 国际商业机器公司 | Virtual enhanced transmission selection (VETS) for lossless ethernet |
| CN106372254A (en) * | 2016-09-28 | 2017-02-01 | 广州华多网络科技有限公司 | Business data processing method and device, and terminal |
| CN107959639A (en) * | 2016-10-18 | 2018-04-24 | 中兴通讯股份有限公司 | A kind of method and device for business processing |
| CN108462646A (en) * | 2017-02-17 | 2018-08-28 | 华为技术有限公司 | A kind of message processing method and device |
| CN107360566A (en) * | 2017-07-25 | 2017-11-17 | 深圳市盛路物联通讯技术有限公司 | Upstream data control extension method and device of the internet-of-things terminal based on type |
| CN107809396A (en) * | 2017-12-05 | 2018-03-16 | 郑州云海信息技术有限公司 | A kind of business scheduling method and device |
| CN108768888A (en) * | 2018-04-20 | 2018-11-06 | 北京国电通网络技术有限公司 | A kind of array dispatching method of electric system quantum cryptography business |
Non-Patent Citations (2)
| Title |
|---|
| 实现粗序分创的加留方法;王小平;《单片机与嵌入式***应用》;20011115;76 * |
| 较小存储空间下物联网隐私保护加密算法;张亚娟,蒋文娟,刘寒冰;《科学技术与工程》;20171231;308-312 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111865829A (en) | 2020-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106850402B (en) | Message transmission method and device | |
| RU2305863C2 (en) | Multi-broadcasting, limited by time window for future delivery of multi-broadcasting | |
| CN108173938B (en) | Server load distribution method and device | |
| US8767727B2 (en) | System, apparatus, and method for modifying captured data packets | |
| CN113032357A (en) | File storage method and device and server | |
| CN111342966B (en) | Data storage method, data recovery method, device and equipment | |
| WO2023124364A1 (en) | Anti-fraud secret sharing methods and apparatuses | |
| CN115208701B (en) | Data packet selective encryption method and device | |
| US20150067066A1 (en) | Provisioning Communication Services using Proxy Server in a Cloud | |
| CN107852324B (en) | Method for encrypting messages and encryption node | |
| CN111865829B (en) | Encryption and decryption method and device for service data | |
| CN111163102B (en) | Data processing method and device, network equipment and readable storage medium | |
| CN115795522B (en) | Multi-core concurrent high-speed cryptographic engine data processing method and device | |
| CN107343001B (en) | Data processing method and device | |
| CN113254989B (en) | Fusion method and device of target data and server | |
| CN116055403A (en) | Message data transmission method, device and server | |
| CN111262837B (en) | Data encryption method, data decryption method, system, equipment and medium | |
| CN111327529A (en) | Service forwarding method and system | |
| CN115348082A (en) | Data desensitization method and device, computer equipment and storage medium | |
| CN115021919A (en) | SSL negotiation method, device, equipment and computer readable storage medium | |
| CN108650249A (en) | POC attack detection methods, device, computer equipment and storage medium | |
| CN115378627A (en) | Data processing method, device, equipment and storage medium | |
| CN113489726B (en) | Flow limiting method and device | |
| CN114691759B (en) | Data query statistical method, device, computer equipment and storage medium | |
| CN115883257B (en) | Password operation method and device based on security chip |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |