CN114866527B - Data processing methods, devices and systems - Google Patents

Abstract

The invention provides a data processing method, a device and a system, wherein the method comprises the following steps: receiving a first message encapsulated by a special protocol, and analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, and the first data and the target address information are stored in the data field; performing data processing on the first data to obtain second data; and sending the second data to a target interface corresponding to the target address information. The method, the device, the electronic equipment and the storage medium provided by the invention can realize serial processing of the first data by using the special protocol carrying the first data and the target address in the communication main path, and forward the processed data to the target interface for subsequent processing, thereby reducing a data loop, reducing the calling time and further improving the transmission efficiency.

Description

Data processing methods, devices and systems

Technical field

The present invention relates to the field of Internet of Things and data security, and in particular, to a data processing method, device and system.

Background technique

With the development of technologies such as big data, blockchain, and artificial intelligence, video surveillance systems/spatial geographic information systems are widely used in the Internet of Things and data security fields such as national defense and military, economy and finance, ecological resources, and smart cities, generating massive amounts of high-speed Dimensional, multi-source, heterogeneous surveillance video data/spatial-temporal data. The identification parsing system, considered the "cornerstone" of the Internet of Things, is widely used in the field of massive identification analysis of the Internet of Things.

Along with the widespread application of video surveillance systems, hacker attacks using public video surveillance cameras as springboards have occurred frequently. The issue of privacy protection of massive surveillance video data continues to attract global attention; spatial geographic information systems have achieved Functions such as logical integration, visual expression, and mining analysis of various types of data on a unified spatial basis. With the widespread development of spatiotemporal big data platforms and smart city construction, data security threats to spatial geographic information systems that play the role of "basic floor" are becoming increasingly important. As the situation becomes more and more serious, the security protection of massive high-dimensional, multi-source, heterogeneous spatio-temporal important data, video surveillance privacy data and personal sensitive information has become a top priority. Similarly, in view of the characteristics of cross-domain movement of massive IoT identifiers, dispersed data locations, massive parsing requests, and high concurrency of parsing services, the role of tens of millions of online concurrent parsing of the identity parsing system has become increasingly prominent.

On the one hand, current data protection technology usually works in parallel with cipher machines (cards) and encrypts and decrypts data by bypassing the cipher machines (cards). However, this encryption and decryption method has long data loops and long call time. , leading to low transmission efficiency and being unable to meet high-performance secure access and transmission requirements; on the other hand, the traditional cryptographic machine (card) communication mode cannot meet the requirements of high throughput of massive data and the number of online concurrent services in terms of speed and security. For advanced needs, the use of high-performance cryptographic machines (cards) can increase throughput and concurrency, thereby achieving high-performance requirements for parallel processing of multi-user messages.

Contents of the invention

The present invention provides a data processing method, device and system to solve the problem in the prior art that the circulation node of the main communication path processes data in the form of parallel bypass response. The data loop is far and the calling time is long, resulting in low transmission efficiency. Defects.

The invention provides a data processing method, including:

Receive a first message encapsulated in a dedicated protocol, parse the first message to obtain first data and target address information, the dedicated protocol includes a dedicated protocol header and a data field, the first data and the target address information Address information is stored in the data field;

Perform data processing on the first data to obtain second data;

Send the second data to the target interface corresponding to the target address information.

According to a data processing method provided by the present invention, the dedicated protocol header is used to describe data processing information, and the data processing information includes processing parameters, processing initial vectors, offset lengths and processing algorithm types.

According to a data processing method provided by the present invention, the data field is composed of a data payload and a MAC field;

The data payload includes the target address information and the first data;

The target address information includes destination MAC address, source MAC address, protocol type, IP header, TCP header and HTTP header;

The MAC field is used to verify the integrity of the data payload.

According to a data processing method provided by the present invention, receiving a first message encapsulated in a dedicated protocol includes:

Receive the first message encapsulated in a dedicated protocol sent by the data interface;

The step of performing data processing on the first data to obtain the second data includes:

Encrypt the first data to obtain ciphertext data, and use the ciphertext data as the second data;

The sending of the second data to the target interface corresponding to the target address information includes:

The ciphertext data is sent to a storage interface corresponding to the target address information, and the ciphertext data is stored by the storage interface.

According to a data processing method provided by the present invention, receiving a first message encapsulated in a dedicated protocol includes:

Receive the first message encapsulated in a dedicated protocol and sent by the storage interface;

The step of performing data processing on the first data to obtain the second data includes:

Decrypt the first data to obtain plaintext data, and use the plaintext data as the second data;

The sending of the second data to the target interface corresponding to the target address information includes:

The plaintext data is sent to a data interface corresponding to the target address information, and the data interface parses and encapsulates the plaintext data and sends it to the terminal.

According to a data processing method provided by the present invention, receiving a first message encapsulated in a dedicated protocol includes:

Receive the first message encapsulated in a dedicated protocol sent by the data interface;

The step of performing data processing on the first data to obtain the second data includes:

Parse the first data to obtain the object information server address, and use the object information server address as the second data;

The sending of the second data to the target interface corresponding to the target address information includes:

The object information server address is sent to the identification interface corresponding to the target address information, and the identification interface performs access identification on the object information server address.

According to a data processing method provided by the present invention, parsing the first data to obtain the object information server address includes:

Parse the first data to obtain the identification domain name and object code;

Analyze the identification domain name and the object code to obtain the object code domain name;

The object encoding domain name is parsed to obtain the object information server address.

The invention also provides a data processing device, including:

A receiving module, configured to receive a first message encapsulated in a dedicated protocol, and parse the first message to obtain first data and target address information. The dedicated protocol includes a dedicated protocol header and a data field, and the first Data and the target address information are stored in the data field;

A processing module, used to perform data processing on the first data to obtain second data;

A forwarding module, configured to send the second data to the target interface corresponding to the target address information.

The present invention also provides a data processing system, including: a main communication channel and any one of the above-mentioned data processing devices, and the data processing device is connected to the main communication channel in a serial manner.

The present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the program, it implements any one of the above data processing methods. A step of.

The present invention also provides a non-transitory computer-readable storage medium on which a computer program is stored. When the computer program is executed by a processor, any one of the above data processing methods is implemented.

The present invention also provides a computer program product, which includes a computer program. When the computer program is executed by a processor, it implements any one of the above data processing methods.

The data processing method, device and system provided by the present invention realize serial processing of the first data by using a special protocol carrying the first data and the target address in the main communication channel, and the processed data Forwarding to the target interface for subsequent processing reduces data loops and call time, thereby improving transmission efficiency.

Description of the drawings

In order to more clearly illustrate the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are of the present invention. For some embodiments of the invention, those of ordinary skill in the art can also obtain other drawings based on these drawings without exerting creative efforts.

Figure 1 is a schematic flow chart of the data processing method provided by the present invention;

Figure 2 is a schematic flow chart of the identification data analysis method provided by the present invention;

Figure 3 is a message structure diagram of message data provided by the present invention;

Figure 4 is a schematic structural diagram of the data processing device provided by the present invention;

Figure 5 is a schematic structural diagram of the data processing system provided by the present invention;

Figure 6 is a schematic structural diagram of the data access system provided by the present invention;

Figure 7 is a system physical and logical architecture diagram of the data access system provided by the present invention;

Figure 8 is one of the data storage flow diagrams of the data access system provided by the present invention;

Figure 9 is the second schematic diagram of the data storage flow of the data access system provided by the present invention;

Figure 10 is one of the data reading flow diagrams of the data access system provided by the present invention;

Figure 11 is the second schematic diagram of the data reading flow of the data access system provided by the present invention;

Figure 12 is a schematic diagram of the analysis flow of the encoding analysis system provided by the present invention;

Figure 13 is a schematic structural diagram of the electronic device provided by the present invention.

Detailed ways

In order to make the purpose, technical solutions and advantages of the present invention more clear, the technical solutions in the present invention will be clearly and completely described below in conjunction with the accompanying drawings of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention. , not all examples. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of the present invention.

Currently, existing cryptographic machines or code analysis equipment are used in the data transmission process in a bypass mode, that is, in a parallel manner, they respond to processing requests issued by a node on the main communication road in real time on the non-communication main road. And return the processed data to the node, and then the node will pass the processed data to the next node for subsequent processing of the processed data. However, the data loop is far in the parallel working method, and the calling The time is long, the transmission efficiency is low, and it cannot meet the high-performance data processing and transmission requirements.

Therefore, how to reduce data processing time and thereby improve transmission efficiency is an urgent technical issue in this field that needs to be solved.

Figure 1 is a schematic flow chart of the data processing method provided by the present invention. As shown in Figure 1, an embodiment of the present invention provides a data processing method, the execution subject of which may be a cryptographic machine or a coding parsing device. The method includes:

Step 110: Receive the first message encapsulated in a dedicated protocol, parse the first message to obtain first data and target address information. The dedicated protocol includes a dedicated protocol header and data fields, and the first data and target address information are stored in the Described data field;

Step 120: Perform data processing on the first data to obtain second data;

Step 130: Send the second data to the target interface corresponding to the target address information.

Considering that the current encryption machine or coding analysis equipment processes data in a parallel bypass mode, the encryption machine or coding analysis equipment will return the processed data obtained in response to the request to the node that sent the processing request. The node then sends the processed data to subsequent nodes on the main communication path for subsequent operations. Obviously, this way of working will result in two copy operations of the processed data, one is returned to the node by the cryptographic machine or coding analysis device, and the other is The processed data is sent to the subsequent node once for the node, thereby increasing the transmission time and increasing the calling time. Therefore, in the embodiment of the present invention, the cipher machine or the coding analysis device is connected to the main communication path in a serial manner, that is, the cipher machine or the coding analysis device is used as a node in the main communication path. At this time, the data needs to be executed in a serial manner. Processing and forwarding operations, therefore, the present invention provides a dedicated protocol carrying the first data and the destination address for communication.

Specifically, the first message encapsulated in a special protocol sent by the previous node in the main communication path is received, and the first message is parsed to obtain the first data and target address information. The special protocol includes a special protocol header and In the data field, the first data and target address information are stored in the data field, and then the processing information is applied to the first data to obtain the second data, and the second data is sent to the target interface corresponding to the target address information. The processing information may be preset or carried in a dedicated protocol, which is not limited in the embodiment of the present invention.

It should be noted that applying the processing information to perform data processing on the first data may be to encrypt the first data through the encryption algorithm and encryption parameters (key, key initialization vector) carried in the processing information, or it may be through processing The first data is decrypted using the decryption algorithm and decryption parameters (key, key initial vector) carried in the information, or the first data is parsed by processing the parsing algorithm, parsing parameters and parsing initial vector carried in the information. , the embodiment of the present invention does not limit this. The target interface may be a storage interface used to store the second data, a data interface used to encapsulate the second data and send it to the terminal, or an identification interface used to access and identify the second data. The present invention The embodiment does not limit this.

In addition, the target address information can have multiple target addresses, and each target address will correspond to a target interface. When there are multiple target addresses, the second data will be sent to the target interfaces corresponding to all target addresses in a concurrent manner to achieve High concurrency of data processing.

The data processing method provided by the embodiment of the present invention implements serial processing of the first data by using a dedicated protocol carrying the first data and the target address in the main communication path, and forwards the processed data to The target interface performs subsequent processing, reducing data loops and calling time, thus improving transmission efficiency.

Based on the above embodiment, processing information can also be obtained by parsing the first message in step 110;

Considering that there can be multiple cipher machines or code analysis devices in the main communication channel, and each cipher machine or code analysis device can process data in a different way, take the cipher machine as an example: when encrypting, the encrypted data needs to be The ciphertext data is sent to the storage interface. When decrypting, the decrypted plaintext data needs to be sent to the data interface, or the encryption and decryption information is used to decrypt the encrypted data to be stored and the plaintext data sent to the data interface is encrypted. Decrypting the information is not the same. At this time, configuring multiple sending addresses and multiple encryption methods through preset configuration will make the configuration content very cumbersome and inflexible. Therefore, in this embodiment of the present invention, the sending target address and processing information are included as part of the first message data.

It should be noted that the processing information may include processing parameters, processing algorithm types, etc., and the target address information may include the IP of the target address, the listening port number, the communication protocol type, etc., which are not limited in the embodiment of the present invention.

Based on the above embodiments, the dedicated protocol header is used to describe data processing information, and the data processing information includes processing parameters, processing initial vectors, offset lengths, and processing algorithm types.

It should be noted that the end memory address of the dedicated protocol header memory space and the first memory address of the memory space of the data part to be processed are adjacent memory addresses. Adjacent memory spaces means two memory spaces. The end memory address of the memory space with a small first address is adjacent to the first memory address of the memory space with a large first address, and they are consecutive memory addresses. For example: A's memory space and B's. The memory spaces are adjacent, then the memory end address of A's memory space and the memory first address of B's memory space are adjacent. The memory space for processing parameters in the dedicated protocol header is adjacent to the memory space for processing initial vectors, the memory space for processing initial vectors is adjacent to the memory space for offset length, and the memory space for offset length is adjacent to the memory space for processing algorithm types. .

Based on the above embodiment, the data field consists of a data payload and a MAC field;

The data payload includes the target address information and the first data;

Destination address information includes destination MAC address, source MAC address, protocol type, IP header, TCP header and HTTP header;

The MAC field is used to verify the integrity of the data payload.

It should be noted that the memory space of the data payload in the data part to be processed is adjacent to the memory space of the MAC field, and the memory space of the target address information in the data payload is adjacent to the memory space of the first data. The memory space of the destination MAC address is adjacent to the memory space of the source MAC address. The memory space of the source MAC address is adjacent to the memory space of the protocol type. The memory space of the protocol type is adjacent to the memory space of the IP header. The IP header The memory space of TCP header is adjacent to the memory space of TCP header, and the memory space of TCP header is adjacent to the memory space of HTTP header.

Based on the above embodiments, the present invention provides a preferred embodiment in which the data processing method in the above embodiments is applied to data encryption. The reception of the first message encapsulated in a dedicated protocol in step 110 includes:

Receive the first message encapsulated in a dedicated protocol sent by the data interface;

Step 120 includes:

Encrypt the first data to obtain ciphertext data, and use the ciphertext data as the second data;

Step 130 includes:

Send the ciphertext data to the storage interface corresponding to the target address information, and the storage interface stores the ciphertext data.

Specifically, the terminal sends the data stream to be stored to the data interface. After receiving the data stream to be stored, the data interface parses the stored data stream and performs data reorganization to obtain plaintext data, which is encapsulated into the third data stream using a dedicated protocol. One message. After receiving the first message sent by the data interface, the first message is parsed to obtain the first data and target address information. At this time, the processing parameter in the processing information is the key, the processing initial vector is the key initial vector, and The processing algorithm type is an encryption algorithm type, and the processing information is applied in a serial manner to encrypt the first data, and then the encrypted ciphertext data is sent to the storage interface corresponding to the target address information according to the target address information, where the storage interface After receiving the ciphertext data, the ciphertext data is stored.

It should be noted that before data reorganization in the data interface, decryption operations can be performed when the data stream to be stored is ciphertext, and operations such as data integrity verification can also be performed; ciphertext data can be stored in the storage interface. Previously, the ciphertext data could be divided into data and stored, and operations such as indexing could also be performed. This is not limited in the embodiment of the present invention.

In addition, the target address information can have multiple target addresses, and each target address will correspond to a storage interface. When there are multiple target addresses, the ciphertext data will be sent to the storage interfaces corresponding to all target addresses in a concurrent manner to achieve High concurrency of data encryption processing.

Based on the above embodiments, the present invention provides a preferred embodiment. In this embodiment, the data processing method in the above embodiment is applied to data decryption. The reception of the first message encapsulated in a dedicated protocol in step 110 includes:

Receive the first message encapsulated in a dedicated protocol sent by the storage interface;

Step 120 includes:

Decrypt the first data to obtain plaintext data, and use the plaintext data as the second data;

Step 130 includes:

The plaintext data is sent to the storage interface corresponding to the target address information, and the corresponding data interface parses and encapsulates the plaintext data and sends it to the terminal.

Specifically, after receiving the read request query, the storage interface queries to obtain the ciphertext data, and encapsulates the ciphertext data into a first message using a dedicated protocol. After receiving the first message sent by the storage interface, the ciphertext message is parsed to obtain the first data and target address information. At this time, the processing parameter in the processing information is the key, and the processing initial vector is the key initial vector. and the processing algorithm type is the decryption algorithm type, applying the processing information in a serial manner to decrypt the first data, and then sending the decrypted plaintext data to the data interface corresponding to the target address information according to the target address information, wherein the data interface After receiving the plaintext data, the plaintext data is parsed and encapsulated and sent to the terminal.

It should be noted that the access interface can read multiple data blocks of ciphertext data and splice the multiple data blocks according to the index established when storing to obtain the first data; after the data interface parses the data, it can According to the communication protocol agreement with the terminal, if ciphertext data needs to be transmitted, the plaintext data can be encrypted. This is not limited in the embodiment of the present invention.

In addition, the target address information can have multiple target addresses, and each target address will correspond to a data interface. When there are multiple target addresses, the plaintext data will be sent to the data interfaces corresponding to all target addresses in a concurrent manner, achieving High concurrency of data decryption processing.

Based on the above embodiments, the present invention provides a preferred embodiment. In this embodiment, the data processing method in the above embodiments is applied to encoding analysis. The reception of the first message encapsulated in a dedicated protocol in step 110 includes:

Receive the first message encapsulated in a dedicated protocol sent by the data interface;

Step 120 includes:

Parse the first data to obtain the object information server address, and use the object information server address as the second data;

Step 130 includes:

The object information server address is sent to the identification interface corresponding to the target address information, and the identification interface accesses and identifies the object information server address.

Specifically, the terminal sends the data stream to be parsed to the data interface. After receiving the data stream to be parsed, the data interface preprocesses the data stream to be parsed to obtain identification data, and converts the identification data (first data) to a dedicated protocol. Encapsulated into the first message. After receiving the first message sent by the data interface, the plaintext message is parsed to obtain the first data and target address information. At this time, the processing parameters in the processing information are encoding parsing parameters, the processing initial vector is the encoding parsing initial vector, and The processing algorithm type is a coding parsing algorithm type, which applies processing information in a serial manner to parse the first data, and then sends the parsed object information server address to the identification interface corresponding to the target address information according to the target address information, where, After receiving the object information server address, the identification interface performs access identification on the object information server address.

It should be noted that the target address information can have multiple target addresses, and each target address will correspond to a data interface. When there are multiple target addresses, the object information server address will be sent to all corresponding target addresses in a concurrent manner. The data interface realizes high concurrency in data parsing and processing.

Based on the above embodiments, FIG. 2 is a schematic flowchart of the identification data analysis method provided by the present invention. As shown in Figure 2, the first data is parsed to obtain the object information server address, including:

Step 210, parse the first data to obtain the identification domain name and object code;

Step 220: Parse the identification recognition domain name and object encoding to obtain the object encoding domain name;

Step 230: Analyze the object encoding domain name to obtain the object information server address.

Considering that the received first data may be encoded multiple times, in this case, the first data needs to be decoded multiple times to obtain the required identification data.

Specifically, the first data is first parsed to obtain the first intermediate result identification domain name and object code, and then the identification identification domain name and object code are parsed as a whole to obtain the second intermediate result object code domain name, and finally the object code is The domain name is parsed to obtain the object information service address, that is, the identification data.

It should be noted that these three steps can be completed in one node of the main communication path, or can be completed in three nodes, and the embodiment of the present invention does not limit this. When completed in a node, the memory space where the encoding parsing parameters, the encoding parsing initial vector and the encoding parsing algorithm type are stored in the processing information in the dedicated protocol respectively contains three encoding parsing parameters, three encoding parsing initial vectors and three encoding parsing initial vectors. The encoding parsing algorithm types, and the order of memory addresses from small to large, form three sets of correspondences, which respectively parse the first data, the identification recognition domain name and the object encoding, and the object encoding domain name. Completed in three nodes, then the data in the dedicated protocol of the first message received before step 210 is executed is the first data, and the target address is the address information of the node where step 220 is located. After step 210 is completed, The identification domain name and object encoding are used as the new first data, and the address information of the node in step 230 is used as the target address information and are encapsulated into a new first message using a dedicated protocol, wherein steps may also be encapsulated in the first message. The processing information of step 220 is sent to the node where step 220 is located after the new first message is encapsulated. After receiving the first message sent in step 210, step 220 processes the received first message. Step 220 After the execution is completed, the object encoding domain name is used as the new first message, and the address information identifying the interface is used as the target address information and encapsulated into the new first message using a dedicated protocol, where steps can also be encapsulated in the first message The processing information of step 230 is sent to the node where step 220 is located after the new first message is encapsulated. Step 230 processes the first message sent in step 220 to obtain the object information server address.

Based on the above embodiment, FIG. 3 is a message structure diagram of message data provided by the present invention. As shown in Figure 3, the present invention provides a preferred embodiment. The message structure of the message data is an expanded UDP protocol. The expanded part is a dedicated protocol part. The dedicated protocol part carries a custom part, and the custom part includes Private protocol headers and pending data sections. The dedicated protocol header carries the key, key IV, offset length and encryption algorithm parameters. The data to be processed is the data payload and MAC field. The data payload includes target address information and plaintext/ciphertext data. The target address The message contains multiple destination addresses.

Specifically, the data frame header of the message includes the destination MAC address, source MAC address, type, IP datagram header, UDP header, dedicated protocol header and the data part to be processed.

The private protocol header includes the key, key IV, offset length, and encryption/decryption algorithm. For example: the key occupies 16 bytes, the key IV occupies 16 bytes, the offset length occupies 4 bytes, and the encryption/decryption algorithm occupies 4 bytes.

The data part to be processed includes the data payload (0~1632 bytes) and the MAC field (16 bytes). The data payload includes the target address information (0~N bytes) and the plain/ciphertext data part (0~ (1632-N) bytes). The destination address information contains multiple destination addresses. A single destination address includes destination MAC address, source MAC address, type, IP header, TCP header and HTTP header. For example: the destination MAC address occupies 6 bytes, the source MAC address occupies 6 bytes, the type occupies 2 bytes, the IP header occupies 20 bytes, the TCP header occupies 20 bytes, and the HTTP header occupies (N-54) words section, where N represents the total number of bytes occupied by multiple target addresses in the target address information, and N>54 bytes.

The data processing device provided by the present invention is described below. The data processing methods described below can be referred to each other, and the data processing device and the data processing method described above can be referred to each other correspondingly.

Figure 4 is a schematic structural diagram of the data processing device provided by the present invention. As shown in Figure 4, the device includes: a receiving module 410, a processing module 420 and a forwarding module 430;

in,

The receiving module 410 is configured to receive the first message encapsulated in a dedicated protocol, and parse the first message to obtain the first data and target address information. The dedicated protocol includes a dedicated protocol header and data field, the first data and the target address information. Stored in data field;

The processing module 420 is used to perform data processing on the first data to obtain the second data;

The forwarding module 430 is used to send the second data to the target interface corresponding to the target address information.

In the embodiment of the present invention, the receiving module is used to receive the first message encapsulated with a dedicated protocol, and parse the first message to obtain the first data and target address information. The dedicated protocol includes a dedicated protocol header and a data field, The first data and target address information are stored in the data field; the processing module is used to perform data processing on the first data to obtain the second data; the forwarding module is used to send the second data to the target interface corresponding to the target address information to achieve The first data is serially processed, and the processed data is forwarded to the target interface for subsequent processing, which reduces data loops, reduces call time, and thereby improves transmission efficiency.

Based on any of the above embodiments, the dedicated protocol header in the receiving module 410 is used to describe data processing information. The data processing information includes processing parameters, processing initial vectors, offset lengths, and processing algorithm types.

Based on any of the above embodiments, the data field in the receiving module 410 consists of a data payload and a MAC field;

The data payload includes target address information and first data;

Destination address information includes destination MAC address, source MAC address, protocol type, IP header, TCP header and HTTP header;

The MAC field is used to verify the integrity of the data payload.

Based on any of the above embodiments, when the data processing device is a cryptographic machine used for encryption, the receiving module 410 is configured to receive the first message encapsulated in a dedicated protocol sent by the data interface, and process the first message Perform parsing to obtain the first data and target address information;

The processing module 420 is used to encrypt the first data to obtain ciphertext data, and use the ciphertext data as the second data;

The forwarding module 430 is used to send the ciphertext data to the storage interface corresponding to the target address information, and the storage interface stores the ciphertext data.

Based on any of the above embodiments, when the data processing device is a cryptographic machine for decryption, the receiving module 410 is configured to receive the first message encapsulated in a dedicated protocol sent by the storage interface, and process the first message Perform parsing to obtain the first data and target address information;

The processing module 420 is used to decrypt the first data to obtain plaintext data, and use the plaintext data as the second data;

The forwarding module 430 is used to send the plaintext data to the data interface corresponding to the target address information, and the data interface parses and encapsulates the plaintext data and sends it to the terminal.

Based on any of the above embodiments, when the data processing device is a coding parsing device for parsing, the receiving module 410 is configured to receive the first message encapsulated in a dedicated protocol sent by the data interface, and process the first message. The text is parsed to obtain the first data and target address information;

The processing module 420 is used to parse the first data, obtain the object information server address, and use the object information server address as the second data;

The forwarding module 430 is used to send the object information server address to the identification interface corresponding to the target address information, and the identification interface performs access identification on the object information server address.

Based on the above embodiment, when the data processing device is a coding parsing device for parsing, the processing module 420 includes:

The first parsing module is used to parse the first data to obtain the identification domain name and object code;

The second parsing module is used to parse the identification recognition domain name and object encoding to obtain the object encoding domain name;

The third parsing module is used to parse the object encoding domain name and obtain the object information server address.

Figure 5 is a schematic structural diagram of the data processing system provided by the present invention. As shown in Figure 5, the system includes a main communication path 510 and any of the above-mentioned data processing devices 520. The data processing device is connected to the main communication path in a serial manner. The data processing device xN in the figure indicates that there can be Multiple data processing devices are connected to the main communication channel in a serial manner, and N is a natural number.

In the data processing system provided by the embodiment of the present invention, the data processing device is connected to the main communication path in a serial manner, realizing serial processing of data in the main communication path, reducing data loops, reducing call time, and thus Improved transmission efficiency.

Figure 6 is a schematic structural diagram of the data access system provided by the present invention. As shown in Figure 6, the system includes: a cryptographic machine 610, a data interface 620 and a storage interface 630;

in,

The encryption machine 610 is configured to receive the first plaintext message encapsulated in a dedicated protocol sent by the data interface 620, parse the first plaintext message to obtain the first plaintext data and the first target address information, and then process the first plaintext message in a serial manner. Encrypt the first plaintext data to obtain the first ciphertext data, send the first ciphertext data to the storage interface 630 corresponding to the first target address information; and receive the second ciphertext encapsulated in a dedicated protocol sent by the storage interface 630 message, after parsing the second ciphertext message to obtain the second ciphertext data and the second target address information, decrypt the second ciphertext data in a serial manner to obtain the second plaintext data, and send the second plaintext data To the data interface 620 corresponding to the second target address information;

The data interface 620 is used to receive the data to be stored sent by the first terminal, parse and reorganize the data to be stored, and obtain the first plaintext data. The first plaintext data is encapsulated with a dedicated protocol to obtain the first plaintext message, and the first plaintext message is obtained. Send a plaintext message to the encryption machine 610; and be used to parse and encapsulate the second plaintext data after receiving the second plaintext data sent by the encryption machine 610, and send the parsed and encapsulated data stream to the second terminal;

The storage interface 630 is used to receive the first ciphertext data sent by the encryption machine 610 and store the first ciphertext data; and to obtain the second ciphertext data based on the read request query, and use a dedicated protocol to process the second ciphertext data. The second ciphertext message is obtained by encapsulation, and the second ciphertext message is sent to the encryption machine 610.

Based on any of the above embodiments, the data interface 620 includes: a secure access gateway 621, a communication cryptographic machine 622, a data access subsystem 623 and a first cryptographic processing component 624;

The security access gateway 621 is used to receive the data to be stored sent by the first terminal, parse and verify the data to be stored, and send the parsed and verified parsed data to the communication encryption machine 622; and to receive the data sent by the first terminal. Communicate the target ciphertext data sent by the encryption machine 622, encapsulate the target ciphertext data and send it to the second terminal;

The communication encryption machine 622 is configured to, after receiving the parsed data sent by the secure access gateway 621, decrypt the parsed data in a serial manner using a dedicated protocol to obtain the first communication plaintext data, and send the first communication plaintext data to Data access system 623; and for, after receiving the second communication plaintext data sent by the data access subsystem 623, encrypt the second communication plaintext data in a serial manner using a dedicated protocol to obtain the target ciphertext data, and Send the target ciphertext data to the security access gateway 621;

The data access subsystem 623 is configured to, after receiving the first communication plaintext data sent by the communication encryption machine 622, perform data reorganization on the first communication plaintext data to obtain the first plaintext data, and transfer the first plaintext data to the first The cryptographic processing component 624; and is used to receive the second plaintext data sent by the encryption machine 610, parse and encapsulate the second plaintext data to obtain the second communication plaintext data, and send the second communication plaintext data to the communication encryption machine 622;

The first cryptographic processing component 624 is used to perform encryption preprocessing on the first plaintext data to obtain encrypted information, construct message data based on the first plaintext data and the encrypted information, and send the message data to the cryptographic machine 610.

It should be noted that the system supports asynchronous processing to reduce intermediate memory copies, and the data to be processed is added to the queue by calling the asynchronous interface for serial calls by the communication cryptographic machine 622.

Based on any of the above embodiments, the storage interface 630 includes: a second password processing component 631, a storage component 632 and a cloud storage subsystem 633;

The second cryptographic processing component 631 is used to perform encryption preprocessing on the first plaintext data to obtain encrypted information, construct message data based on the first plaintext data and the encrypted information, and send the message data to the cryptographic machine 610;

The storage component 632 is used to receive the ciphertext data sent by the encryption machine 610, divide the ciphertext data into blocks, obtain a first ciphertext data block set, and create an index according to the first ciphertext data block set, and convert the first ciphertext data into blocks. The data block set is sent to the cloud storage subsystem 633 for storage; and is used to receive a read request query, and after sending a read query request to the cloud storage subsystem 633, receive the second ciphertext data returned by the cloud storage subsystem 633. Block set, splice the second ciphertext data according to the index to obtain the second ciphertext data, and pass the second ciphertext data to the second cryptographic processing component 631;

The cloud storage subsystem 633 is used to receive the first ciphertext data block set sent by the storage component 632 and perform distributed storage; and to respond to the read query request sent from the storage component 632 and return the second ciphertext data block. gather.

Based on any of the above embodiments, Figure 7 is a system physical logical architecture diagram of the data access system provided by the present invention. The system physical logical architecture diagram of the data access system includes: a terminal layer, an application layer and a data layer. The terminal layer includes There are one or more terminals. The application layer includes a secure access gateway, data access subsystem, first/second password processing component, communication cryptographic machine, cryptographic machine and storage component. The data layer includes a cloud storage subsystem, where the cloud The storage subsystem includes a distributed file system and multiple OSDs (Object-based Storage Devices).

Figure 8, which corresponds to the system physical logical architecture diagram of the data access system, is the first data storage flow schematic diagram of the data access system provided by the present invention, and Figure 9 is the second data storage flow schematic diagram of the data access system provided by the present invention. , Figure 10 is the first schematic diagram of the data reading flow of the data access system provided by the present invention, and Figure 11 is the second schematic diagram of the data reading flow of the data access system provided by the present invention. As shown in Figure 8 and Figure 9, its data storage process includes:

Step 810: The security access gateway receives the surveillance video stream/spatio-temporal data stream (encrypted text) sent by the terminal.

Step 811: Perform data packet parsing operations on the surveillance video stream/spatio-temporal data stream (encrypted text);

Step 812: Verify and retransmit the data packets in the parsing process to ensure that the surveillance video stream/spatial-temporal data stream (ciphertext) is complete and available;

Step 813: Remove the TLS/SSL protocol header from the parsed, verified and retransmitted data packets, so that the surveillance video stream/spatio-temporal data stream (ciphertext) data frames entering the communication encryption machine can be directly operated.

Step 820: The communication encryption machine implements data decryption and data forwarding of the surveillance video stream/spatial-temporal data stream (ciphertext) transmitted by the secure access gateway through a dedicated protocol, and transparently transmits the surveillance video stream/spatial-temporal data stream (plaintext) to the data. access subsystem.

It should be noted that at this time, the destination MAC address of the data frame header of the dedicated protocol message is the MAC address of the communication encryption machine, the source MAC address is the MAC address of the security access gateway, the type is 0x0800, and the IP header is filled according to the standard IP frame header ( The destination IP address is the IP address of the communication cipher machine, the source IP address is the IP address of the security access gateway), and the UDP header is filled in according to the standard UDP frame header (the source port number is the security access gateway port number 5000, and the destination port number is the communication cipher machine Port number 6000); the dedicated protocol header key is the video/data decryption key, which is provided by the communication encryption machine, and the encryption/decryption algorithm is the decryption algorithm; the destination MAC address of the destination address information is the MAC address of the data access subsystem, and the source MAC address It is the MAC address of the security access gateway, the type is 0x0800, the IP header is filled according to the standard IP frame header (the destination IP address is the IP address of the data access subsystem, the source IP address is the IP address of the security access gateway), and the TCP header is filled in according to the standard TCP The frame header is filled (the source port number is the security access gateway port number 5000, the destination port number is the data access subsystem port number 4000), and the HTTP header is filled according to the standard HTTP frame header (the lower layer protocol is RTCP/RTSP/RTP protocol).

Step 830: The data access subsystem performs the following operations on the decrypted surveillance video stream/spatio-temporal data stream (plain text):

Step 831: Uniformly convert the encoding/organization formats of various decrypted video streams/spatial data types, such as uniformly converting them to video stream format H.264/spatial-temporal data stream Tile format.

Step 832: Convert various video/data encapsulation formats to achieve compatibility operations of multiple video/data formats.

Step 833: Remove the RTP protocol header from the video/data format converted and re-encapsulated data packet. Since the RTP data packet is in the TLS/SSL protocol payload, it is decapsulated under local storage to save space. For example: video stream format H.264/spatio-temporal data stream Tile format.

Step 834: Perform frame analysis on the header-removed data packet to extract I frames, P frames, B frames or Tile frames.

Step 835: Assemble the extracted I frame, P frame, B frame or Tile frame into GOP data/file (minimum unit).

Step 840: The first cryptographic processing component performs preparatory work for encryption on the reorganized GOP data/file (ie, the first plaintext data) and generates an encryption identifier ENCInfo. Each ENCInfo consists of encryption identification (whether to encrypt or not), encryption password algorithm identification (such as: SM4, AES), integrity password algorithm identification (such as: HAMC, AEAD, Sign), encryption parameters (such as: GCM algorithm mode), EDEK password It consists of text and MAC value.

Step 850: The cryptographic machine implements data encryption and data forwarding on the first plaintext data transmitted from the cryptographic processing component through a dedicated protocol.

It should be noted that at this time, the destination MAC address of the data frame header of the dedicated protocol message is the cipher machine MAC address, the source MAC address is the MAC address of the first cryptographic processing component, the type is 0x0800, and the IP header is filled according to the standard IP frame header ( The destination IP address is the IP address of the cryptographic machine, the source IP address is the IP address of the first cryptographic processing component), and the UDP header is filled in according to the standard UDP frame header (the source port number is the cryptographic processing component port number 3000, and the destination port number is the cryptographic machine port number 6000); the dedicated protocol header key is the video/data encryption key, which is distributed by the KMS key management system. The encryption/decryption algorithm is the encryption algorithm; the destination MAC address of the target address information is the MAC address of the storage component, and the source MAC address is the MAC address of the storage component. A MAC address of the cryptographic processing component, type 0x0800, the IP header is filled according to the standard IP frame header (the destination IP address is the IP address of the storage component, the source IP address is the IP address of the first cryptographic processing component), and the TCP header is filled according to the standard TCP frame header (The source port number is the first password processing component port number 3000, and the destination port number is the storage component port number 1000). The HTTP header is filled in according to the standard HTTP frame header (the lower layer protocol is RTCP/RTSP/RTP protocol).

Step 860: The storage component performs the following operations on the encrypted surveillance video stream/spatial-temporal data stream (ciphertext) GOP data/file (i.e., the first ciphertext data):

Step 861, perform striping processing on the first ciphertext data: the first ciphertext data is evenly divided into K GOP data blocks; here, 4 GOP data blocks are evenly generated, and each GOP data block is fixed at 2MB.

Step 862: The index information consists of start time, end time, total size (within 2G), encoder ID, Bucket and OneGOPInfo storage location, etc. Among them, multiple GOP data/files are spliced together to generate each GOP information OneGOPInfo. OneGOPInfo includes: record data type, timestamp of the GOP package, end time of the GOP package, data size of the GOP package, and storage database (disk).

Step 863: Perform Erasure Code (EC) operation on K GOP data blocks to generate M redundant check blocks. The example is 4+2 mode, that is, four data blocks Data (D1-D4) after EC operations and two redundant check blocks Check (C1-C2) after EC operations are obtained.

Step 870: The cloud storage subsystem performs the following operations on the K+M surveillance video streams/spatio-temporal data streams (ciphertext) GOP data blocks from the storage component through the distributed file system:

Step 871: The distributed file system calculates the load situation through the balancing algorithm, disperses K+M surveillance video streams/spatial-temporal data stream (ciphertext) GOP data blocks from the storage component to each OSD, and records each in the database at the same time. The storage location of the GOP data block; establish cloud storage index information, record the disk number and offset on the disk (ID number), and store it in the database (disk).

Step 872: OSD receives object storage data, where K+M surveillance video streams/spatio-temporal data streams (ciphertext) GOP data blocks are stored in the local disk.

As shown in Figure 10 and Figure 11, the data reading process includes:

Step 1010: Call the cloud storage subsystem through the data access subsystem, and the cloud storage subsystem queries the GOP data/file information by retrieving the video index. The cloud storage subsystem queries the OSD to obtain a Set that meets the conditions, and sends a GOP data block acquisition request to the distributed file system. The distributed file system transfers the surveillance video stream/spatio-temporal data stream (ciphertext) stored in the local disk by calling the cloud storage OSD. )GOP data block returns the storage component.

The specific steps are as follows:

Step 1011, OSD reads the surveillance video stream/spatio-temporal data stream (ciphertext) GOP data block stored on the local disk.

Step 1012: The distributed file system collects surveillance video streams from each OSD/ Spatiotemporal data stream (ciphertext) GOP data block.

Step 1020, the storage component performs the following operations on the surveillance video stream/spatio-temporal data stream (ciphertext) GOP data block

Step 1021 is the inverse operation of the EC operation, that is, discarding the generated M redundant check blocks and retaining K GOP data blocks. The example is 4+2 mode, that is, discarding 2 redundant check blocks Check (C1-C2) after EC operation and retaining 4 data blocks Data (D1-D4).

Step 1022, during video/data retrieval, first retrieve the corresponding OneGOPInfo storage location in the database (disk) through "time + encoder ID"; secondly, retrieve the corresponding segment GOP data/file through OneGOPInfo; finally, return to the search Time range of GOP data/files.

Step 1023, by querying the video/data retrieval index information, splicing each K GOP data blocks to restore the GOP data/file (that is, the second ciphertext data). The example is every 4 GOP data blocks, each GOP data block is fixed at 2MB.

Step 1030: The second cryptographic processing component performs data decryption preprocessing on the second ciphertext data and generates a decryption identification.

Specifically, it includes: data decryption preprocessing: preprocessing the second ciphertext data before decryption, and generating a decryption identifier DECInfo. Each DECInfo consists of decryption identification (whether to decrypt), decryption encryption algorithm identification (such as: SM4, AES), integrity encryption algorithm identification (such as: HAMC, AEAD, Sign), decryption parameters (such as: GCM algorithm mode), M plaintext and MAC value.

Step 1040: The encryption machine implements data decryption and data forwarding of the second ciphertext data transmitted by the cloud storage subsystem through a dedicated protocol, and transparently transmits the surveillance video stream/spatial-temporal data stream (i.e. the second plaintext data) to the GOP data/file. Data access subsystem.

It should be noted that at this time, the destination MAC address of the data frame header of the dedicated protocol message is the MAC address of the encryption machine, the source MAC address is the MAC address of the second encryption processing component, the type is 0x0800, and the IP header is filled according to the standard IP frame header ( The destination IP address is the IP address of the cryptographic machine, the source IP address is the IP address of the second cryptographic processing component), and the UDP header is filled in according to the standard UDP frame header (the source port number is the second cryptographic processing component port number 3000, and the destination port number is the cryptographic machine Port number 6000); the dedicated protocol header key is the video/data decryption key, which is distributed by the KMS key management system. The encryption/decryption algorithm is the decryption algorithm; the destination MAC address of the target address information is the data access subsystem MAC address. The source MAC address is the MAC address of the cryptographic processing component, the type is 0x0800, the IP header is filled according to the standard IP frame header (the destination IP address is the IP address of the data access subsystem, the source IP address is the IP address of the second cryptographic processing component), the TCP header The header is filled according to the standard TCP frame (the source port number is the second password processing component port number 3000, the destination port number is the data access subsystem port number 4000), and the HTTP header is filled according to the standard HTTP frame header (the lower layer protocol is RTCP/RTSP/ RTP protocol).

Step 1050, the data access subsystem performs the following operations:

Step 1051: Perform a frame analysis operation on the second plaintext data to extract an I frame, P frame, B frame or Tile frame.

Step 1052: Restore the frame data packet through I frame, P frame, B frame or Tile frame and add RTP header.

Step 1053: Inversely convert the encapsulation format of the frame data packet after adding the RTP header so that it corresponds to the encoding/organization format of the corresponding video stream/spatial data type.

Step 1060: The communication encryption machine performs data encryption and data forwarding on the surveillance video stream/spatial-temporal data stream (i.e., the second communication plaintext data) transmitted by the data access subsystem through a dedicated protocol, and converts the surveillance video stream/spatial-temporal data stream (i.e., the second communication plaintext data) Target ciphertext data) is transparently transmitted to the secure access gateway.

It should be noted that the destination MAC address of the data frame header is the MAC address of the communication cipher machine, the source MAC address is the MAC address of the data access subsystem, the type is 0x0800, and the IP header is filled in according to the standard IP frame header (the destination IP address is the communication cipher machine IP address, the source IP address is the IP address of the data access subsystem), and the UDP header is filled according to the standard UDP frame header (the source port number is the data access subsystem port number 4000, and the destination port number is the communication encryption machine port number 6000) ; The dedicated protocol header key is the video/data encryption key, which is provided by the communication cipher machine, and the encryption/decryption algorithm is the encryption algorithm; the destination MAC address of the destination address information is the security access gateway MAC address, and the source MAC address is the data access sub- The system MAC address, type is 0x0800, the IP header is filled according to the standard IP frame header (the destination IP address is the IP address of the security access gateway, the source IP address is the IP address of the data access subsystem), and the TCP header is filled according to the standard TCP frame header ( The source port number is the data access subsystem port number 4000, the destination port number is the security access gateway port number 5000), and the HTTP header is filled in according to the standard HTTP frame header (the lower layer protocol is RTCP/RTSP/RTP protocol).

Step 1070: The secure access gateway performs the following operations on the surveillance video stream/spatial-temporal data stream (encrypted text):

Step 1071, add the TLS/SSL protocol header operation to the surveillance video stream/spatio-temporal data stream (ciphertext) data frame;

Step 1071: Completely encapsulate the surveillance video stream/spatio-temporal data stream (ciphertext) data packet with the TLS/SSL header added into a standard data packet format and send it to the second terminal.

Figure 12 is a schematic diagram of the analysis flow of the encoding analysis system provided by the present invention. As shown in Figure 12, the system includes: format conversion node, coded version parsing node, coded data structure parsing node, representation code parsing node and reader.

in,

After receiving the identification data, the format conversion node converts it into the first data in a unified parsable encoding type URL format, and encapsulates it into a first message with a dedicated protocol, in which the target address information in the first message is the encoded data structure parsing node. The address information is sent to the encoded version solution node.

After receiving the first message sent by the format conversion node, the encoding version parsing node parses the first message to obtain the first data and target address information (the address information of the encoding data structure parsing node), and parses the first data. Obtain the identification domain name and the object code, and combine the identification domain name and the object code into a whole as new first data, and encapsulate it into a new first message with a dedicated protocol, in which the target address in the new first message is The information is the address information of the identification code parsing node, and the new first message is sent to the coded data structure parsing node corresponding to the target address information.

After the encoded data structure parsing node receives the first message sent by the encoded version parsing node, it parses the first message to obtain the first data (identification domain name and object code) and target address information (address information of the identification code parsing node). ), parse the first data (identification domain name and object code) to obtain the object code domain name, and use the object code domain name as the first data to encapsulate the first message with a dedicated protocol, in which the new first message The target address information in this article is the address information of the reader, and the new first message is sent to the identification code parsing node corresponding to the target address information.

After the identification code parsing node receives the first message sent by the encoded data structure parsing node, it parses the first message to obtain the first data (object encoding domain name) and target address information (reader address information). Parse a data (object encoding domain name) to obtain the object information server address, and use the object information server address as the first data to encapsulate the first message with a dedicated protocol, in which the target address in the new first message If the information is empty, the new first message is sent to the reader corresponding to the target address information, so that the reader can access the object information server address.

Figure 13 illustrates a schematic diagram of the physical structure of an electronic device. As shown in Figure 13, the electronic device may include: a processor (processor) 1310, a communications interface (Communications Interface) 1320, a memory (memory) 1330 and a communication bus 1340. Among them, the processor 1310, the communication interface 1320, and the memory 1330 complete communication with each other through the communication bus 1340. The processor 1310 can call logical instructions in the memory 1330 to execute a data processing method. The method includes: receiving a first message encapsulated in a dedicated protocol, parsing the first message to obtain the first data and target address information, the dedicated The protocol includes a dedicated protocol header and a data field, in which first data and target address information are stored; data processing is performed on the first data to obtain second data; and the second data is sent to a target interface corresponding to the target address information.

In addition, the above-mentioned logical instructions in the memory 1330 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the technical solution of the present invention essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program code. .

On the other hand, the present invention also provides a computer program product. The computer program product includes a computer program. The computer program can be stored on a non-transitory computer-readable storage medium. When the computer program is executed by a processor, the computer can Execute the data processing method provided by each of the above methods. The method includes: receiving a first message encapsulated in a dedicated protocol, parsing the first message to obtain the first data and target address information. The dedicated protocol includes a dedicated protocol header and data. field, the first data and target address information are stored in the data field; perform data processing on the first data to obtain the second data; and send the second data to the target interface corresponding to the target address information.

On the other hand, the present invention also provides a non-transitory computer-readable storage medium on which a computer program is stored. The computer program is implemented when executed by a processor to perform the data processing method provided by each of the above methods. The method includes: Receive a first message encapsulated in a dedicated protocol, parse the first message to obtain first data and target address information, the dedicated protocol includes a dedicated protocol header and a data field, and the first data and target address information are stored in the data field ; Perform data processing on the first data to obtain second data; send the second data to the target interface corresponding to the target address information.

The device embodiments described above are only illustrative. The units described as separate components may or may not be physically separated. The components shown as units may or may not be physical units, that is, they may be located in One location, or it can be distributed across multiple network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. Persons of ordinary skill in the art can understand and implement the method without any creative effort.

Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and of course, it can also be implemented by hardware. Based on this understanding, the part of the above technical solution that essentially contributes to the existing technology can be embodied in the form of a software product. The computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., including a number of instructions to cause a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods described in various embodiments or certain parts of the embodiments.

Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still be used Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent substitutions are made to some of the technical features; however, these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A method of data processing, comprising:

receiving a first message encapsulated by a special protocol, and analyzing the first message to obtain first data and target address information, wherein the special protocol comprises a special protocol header and a data field, the special protocol header is used for describing data processing information, the data processing information comprises processing parameters, a processing initial vector, an offset length and a processing algorithm type, the data field consists of a data payload and an MAC field, the first data and the target address information are stored in the data payload, and the MAC field is used for checking the integrity of the data payload; in the case that the data processing method is applied to data encryption or data decryption, the processing parameter is a secret key, and the processing initial vector is a secret key initial vector; in the case that the data processing method is applied to coding analysis, the processing parameters are coding analysis parameters, and the processing initial vector is a coding analysis initial vector;

Based on the data processing information, performing data processing on the first data to obtain second data;

and sending the second data to a target interface corresponding to the target address information.

2. A data processing method as claimed in claim 1, wherein,

the destination address information includes a destination MAC address, a source MAC address, a protocol type, an IP header, a TCP header, and an HTTP header.

3. The method according to claim 1 or 2, wherein receiving the first message encapsulated in the dedicated protocol comprises:

receiving the first message which is sent by a data interface and is encapsulated by a special protocol;

and performing data processing on the first data to obtain second data, wherein the data processing comprises the following steps:

encrypting the first data to obtain ciphertext data, and taking the ciphertext data as the second data;

the sending the second data to the target interface corresponding to the target address information includes:

and sending the ciphertext data to a storage interface corresponding to the target address information, and storing the ciphertext data by the storage interface.

4. A data processing method according to claim 1 or 2, wherein said receiving a first message encapsulated in a proprietary protocol comprises:

Receiving the first message which is sent by a storage interface and is packaged by a special protocol;

and performing data processing on the first data to obtain second data, wherein the data processing comprises the following steps:

decrypting the first data to obtain plaintext data, and taking the plaintext data as the second data;

the sending the second data to the target interface corresponding to the target address information includes:

and sending the plaintext data to a data interface corresponding to the target address information, and analyzing and packaging the plaintext data by the data interface and sending the plaintext data to a terminal.

5. A data processing method according to claim 1 or 2, wherein said receiving a first message encapsulated in a proprietary protocol comprises:

receiving the first message which is sent by a data interface and is encapsulated by a special protocol;

and performing data processing on the first data to obtain second data, wherein the data processing comprises the following steps:

analyzing the first data to obtain an object information server address, and taking the object information server address as the second data;

the sending the second data to the target interface corresponding to the target address information includes:

And sending the address of the object information server to an identification interface corresponding to the target address information, and carrying out access identification on the address of the object information server by the identification interface.

6. The method for processing data according to claim 5, wherein the parsing the first data to obtain the address of the object information server includes:

analyzing the first data to obtain an identification domain name and an object code;

resolving the identification domain name and the object code to obtain an object code domain name;

and resolving the object coding domain name to obtain the address of the object information server.

7. A data processing apparatus, comprising:

the device comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a first message packaged by a special protocol, analyzing the first message to obtain first data and target address information, the special protocol comprises a special protocol header and a data field, the special protocol header is used for describing data processing information, the data processing information comprises processing parameters, a processing initial vector, an offset length and a processing algorithm type, the data field consists of a data payload and an MAC field, the first data and the target address information are stored in the data payload in the data field, and the MAC field is used for checking the integrity of the data payload; in the case that the data processing method is applied to data encryption or data decryption, the processing parameter is a secret key, and the processing initial vector is a secret key initial vector; in the case that the data processing method is applied to coding analysis, the processing parameters are coding analysis parameters, and the processing initial vector is a coding analysis initial vector;

The processing module is used for carrying out data processing on the first data based on the data processing information to obtain second data;

and the forwarding module is used for sending the second data to a target interface corresponding to the target address information.

8. A data processing system, comprising: a communication main and the data processing device of claim 7, said data processing device being connected to said communication main in a serial manner.

9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the data processing method according to any one of claims 1 to 6 when executing the program.

10. A non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed by a processor, implements the data processing method according to any one of claims 1 to 6.