[go: up one dir, main page]

CN118803734A - Data transmission method, system, electronic device and storage medium - Google Patents

Data transmission method, system, electronic device and storage medium Download PDF

Info

Publication number
CN118803734A
CN118803734A CN202310827408.5A CN202310827408A CN118803734A CN 118803734 A CN118803734 A CN 118803734A CN 202310827408 A CN202310827408 A CN 202310827408A CN 118803734 A CN118803734 A CN 118803734A
Authority
CN
China
Prior art keywords
data
target
transmission
network
label information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310827408.5A
Other languages
Chinese (zh)
Inventor
关兴洲
韦琳娜
陆文双
朱苏楠
赵妍妍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Heilongjiang Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Heilongjiang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Heilongjiang Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202310827408.5A priority Critical patent/CN118803734A/en
Publication of CN118803734A publication Critical patent/CN118803734A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请涉及通信技术领域,提供一种数据传输方法、系统、电子设备和存储介质,所述方法包括:确定网络异常后,获取待传输数据,对待传输数据进行扰乱处理,得到目标传输数据;对目标传输数据进行签章处理,得到第一待处理签章标签信息,对第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;以第一传输网络将目标传输数据传输至接收端,以第二传输网络将第一目标签章标签信息传输至接收端。本申请将数据和标签信息分开传输,降低传输被截获的风险,即便数据和标签信息被拦截,由于数据是扰乱处理且标签信息是加密处理,因此无法正常获取信息,从而提高了数据传输过程中的安全性及降低了非法行为获取的可能性。

The present application relates to the field of communication technology, and provides a data transmission method, system, electronic device and storage medium, the method comprising: after determining that the network is abnormal, obtaining the data to be transmitted, performing a disruptive process on the data to be transmitted, and obtaining the target transmission data; performing a signature process on the target transmission data, and obtaining the first signature label information to be processed, and performing an encryption process and invisible feature technology process on the first signature label information to be processed, and obtaining the first target signature label information; transmitting the target transmission data to the receiving end via the first transmission network, and transmitting the first target signature label information to the receiving end via the second transmission network. The present application transmits the data and label information separately, and reduces the risk of the transmission being intercepted. Even if the data and label information are intercepted, since the data is disrupted and the label information is encrypted, the information cannot be obtained normally, thereby improving the security of the data transmission process and reducing the possibility of illegal acquisition.

Description

数据传输方法、系统、电子设备和存储介质Data transmission method, system, electronic device and storage medium

技术领域Technical Field

本申请涉及通信技术领域,具体涉及一种数据传输方法、系统、电子设备和存储介质。The present application relates to the field of communication technology, and in particular to a data transmission method, system, electronic device and storage medium.

背景技术Background Art

由于4G网与5G网络架构不一样,因此5G相较于4G在网络安全方向也将新增一些新的威胁,例如MITM攻击,黑客会通过假冒的基站窃取用户设备的国际移动用户身份码,从而获知用户的位置,黑客还可能利用伪造基站篡改用户设备传输的信号内容,引导用户进入恶意网站,进行欺诈和网络攻击以及5G提升了物联网的应用,设备能有多种接入网络的做法,大幅增加了攻击面。然而,现有的网络安全防御技术通常没有如何保证安全数据在传输过程的机密性、完整性,存在安全数据被截获、篡改的风险。Since the network architecture of 4G and 5G is different, 5G will also add some new threats in terms of network security compared to 4G, such as MITM attacks. Hackers will steal the international mobile user identity code of user devices through fake base stations to learn the user's location. Hackers may also use fake base stations to tamper with the signal content transmitted by user devices, guide users to malicious websites, conduct fraud and network attacks, and 5G has improved the application of the Internet of Things. Devices can have multiple ways to access the network, which greatly increases the attack surface. However, existing network security defense technologies usually do not guarantee the confidentiality and integrity of security data during transmission, and there is a risk of security data being intercepted and tampered with.

发明内容Summary of the invention

本申请实施例提供一种数据传输方法、系统、电子设备和存储介质,旨在提高数据传输过程中的安全性及降低非法行为获取的可能性。The embodiments of the present application provide a data transmission method, system, electronic device and storage medium, which are intended to improve the security of data transmission and reduce the possibility of illegal acquisition.

第一方面,本申请实施例提供一种数据传输方法,应用于发送端,包括:In a first aspect, an embodiment of the present application provides a data transmission method, applied to a sending end, comprising:

确定网络异常后,获取待传输数据,并对所述待传输数据进行扰乱处理,得到目标传输数据;After determining that the network is abnormal, obtaining the data to be transmitted, and performing a disruptive process on the data to be transmitted to obtain the target transmission data;

对所述目标传输数据进行签章处理,得到第一待处理签章标签信息,并对所述第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;Performing signature processing on the target transmission data to obtain first signature label information to be processed, and performing encryption processing and invisible feature technology processing on the first signature label information to be processed to obtain first target signature label information;

以第一传输网络将所述目标传输数据传输至接收端,并以第二传输网络将所述第一目标签章标签信息传输至所述接收端;所述第一传输网络和所述第二传输网络为不同的传输网络。The target transmission data is transmitted to the receiving end via a first transmission network, and the first target signature label information is transmitted to the receiving end via a second transmission network; the first transmission network and the second transmission network are different transmission networks.

在一个实施例中,所述以第二传输网络将所述第一目标签章标签信息传输至所述接收端,包括:In one embodiment, the transmitting the first target signature tag information to the receiving end through the second transmission network includes:

通过5G核心网络将所述第一目标签章标签信息传输至5G核心模块,以供所述5G核心模块将所述第一目标签章标签信息传输至所述接收端;Transmitting the first target signature tag information to the 5G core module through the 5G core network, so that the 5G core module transmits the first target signature tag information to the receiving end;

其中,所述5G核心模块将所述第一目标签章标签信息传输至所述接收端具体包括:The 5G core module transmitting the first target signature tag information to the receiving end specifically includes:

所述5G核心模块对所述第一目标签章标签信息的完整性进行验证;若确定所述第一目标签章标签信息的完整性通过验证,所述5G核心模块则通过所述5G核心网络将所述第一目标签章标签信息传输至所述接收端。The 5G core module verifies the integrity of the first target signature tag information; if it is determined that the integrity of the first target signature tag information passes the verification, the 5G core module transmits the first target signature tag information to the receiving end through the 5G core network.

在一个实施例中,所述对所述待传输数据进行扰乱处理,得到目标传输数据,包括:In one embodiment, the scrambling the data to be transmitted to obtain target transmission data includes:

获取所述待传输数据的数据类型;Obtaining the data type of the data to be transmitted;

若确定所述数据类型为文档文字类型,则将所述待传输数据进行打乱处理,得到多段第一子传输数据,并根据第一预设乱码规则对所述多段第一子传输数据进行乱码处理,得到所述目标传输数据;或,If it is determined that the data type is a document text type, the data to be transmitted is scrambled to obtain multiple segments of first sub-transmission data, and the multiple segments of first sub-transmission data are scrambled according to a first preset scrambling rule to obtain the target transmission data; or,

若确定所述数据类型图片视频类型,则将所述待传输数据进行遮挡处理、模糊处理和分切处理,得到多片第二子传输数据,并根据第二预设乱码规则对所述多片第二子传输数据进行乱码处理,得到所述目标传输数据。If the data type is determined to be a picture or video type, the data to be transmitted is subjected to occlusion processing, blurring processing and segmentation processing to obtain multiple pieces of second sub-transmission data, and the multiple pieces of second sub-transmission data are subjected to garbled processing according to a second preset garbled rule to obtain the target transmission data.

在一个实施例中,所述确定网络异常,包括:In one embodiment, determining a network anomaly includes:

若确定服务器主机上存在未连接的TCP连接的数量大于第一预设数量,则确定网络异常;或,If it is determined that the number of unconnected TCP connections on the server host is greater than a first preset number, it is determined that the network is abnormal; or,

若确定后台服务器中未使用的数据包的数量大于第二预设数量,或,后台服务器的IP请求异常且源地址虚假,则确定网络异常;或,If it is determined that the number of unused data packets in the background server is greater than the second preset number, or the IP request of the background server is abnormal and the source address is false, then it is determined that the network is abnormal; or,

若确定连接点的安全性能程度值小于预设阈值,或,连接点的网络存在钓鱼行为,则确定网络异常。If it is determined that the security performance level value of the connection point is less than a preset threshold, or there is phishing behavior in the network of the connection point, the network is determined to be abnormal.

第二方面,本申请实施例提供一种数据传输方法,应用于接收端,包括:In a second aspect, an embodiment of the present application provides a data transmission method, applied to a receiving end, comprising:

接收发送端传输的目标传输数据和第一目标签章标签信息;receiving target transmission data and first target signature tag information transmitted by a sending end;

获取对所述第一目标签章标签信息加密的第一哈希值,并获取对所述第一目标签章标签信息解密的第二哈希值,并确定所述第一哈希值和所述第二哈希值是否相等;Obtaining a first Hash value encrypted from the first target signature label information, obtaining a second Hash value decrypted from the first target signature label information, and determining whether the first Hash value and the second Hash value are equal;

若确定所述第一哈希值和所述第二哈希值相等,则基于解密后的第一目标签章标签信息,对所述目标传输数据进行还原处理,得到待传输数据。If it is determined that the first Hash value and the second Hash value are equal, the target transmission data is restored based on the decrypted first target signature tag information to obtain the data to be transmitted.

在一个实施例中,所述确定所述第一哈希值和所述第二哈希值是否相等之后,还包括:In one embodiment, after determining whether the first Hash value and the second Hash value are equal, the method further includes:

若确定所述第一哈希值和所述第二哈希值不相等,则发送所述第一目标签章标签信息的完整性未通过验证的反馈信息至所述发送端,并接收所述发送端根据反馈信息重新传输的第二目标签章标签信息;If it is determined that the first hash value and the second hash value are not equal, sending feedback information that the integrity of the first target signature label information has not been verified to the sending end, and receiving the second target signature label information retransmitted by the sending end according to the feedback information;

其中,所述发送端重新生成所述第二目标签章标签信息具体包括:The sending end regenerating the second target signature tag information specifically includes:

所述发送端根据所述反馈信息对目标传输数据进行重新签章处理,得到第二待处理签章标签信息,并对所述第二待处理签章标签信息进行重新加密处理,得到所述第二目标签章标签信息;所述第二目标签章标签信息和所述第一目标签章标签信息的加密方式是不同的。The sending end re-signs the target transmission data according to the feedback information to obtain second signature label information to be processed, and re-encrypts the second signature label information to be processed to obtain the second target signature label information; the encryption method of the second target signature label information and the first target signature label information is different.

第三方面,本申请实施例提供一种数据传输系统,包括:In a third aspect, an embodiment of the present application provides a data transmission system, including:

扰乱处理模块,用于确定网络异常后,获取待传输数据,并对所述待传输数据进行扰乱处理,得到目标传输数据;The disturbance processing module is used to obtain the data to be transmitted after determining that the network is abnormal, and perform disturbance processing on the data to be transmitted to obtain the target transmission data;

签章加密模块,用于对所述目标传输数据进行签章处理,得到第一待处理签章标签信息,并对所述第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;A signature encryption module, used to perform signature processing on the target transmission data to obtain first signature label information to be processed, and perform encryption processing and invisible feature technology processing on the first signature label information to be processed to obtain first target signature label information;

数据传输模块,用于以第一传输网络将所述目标传输数据传输至接收端,并以第二传输网络将所述第一目标签章标签信息传输至所述接收端;所述第一传输网络和所述第二传输网络为不同的传输网络;A data transmission module, used to transmit the target transmission data to a receiving end via a first transmission network, and to transmit the first target signature label information to the receiving end via a second transmission network; the first transmission network and the second transmission network are different transmission networks;

签章接收模块,用于接收发送端传输的目标传输数据和第一目标签章标签信息;A signature receiving module, used for receiving target transmission data and first target signature tag information transmitted by a sending end;

签章验证模块,用于获取对所述第一目标签章标签信息加密的第一哈希值,并获取对所述第一目标签章标签信息解密的第二哈希值,并确定所述第一哈希值和所述第二哈希值是否相等;a signature verification module, configured to obtain a first hash value encrypted from the first target signature label information, obtain a second hash value decrypted from the first target signature label information, and determine whether the first hash value and the second hash value are equal;

数据还原模块,用于若确定所述第一哈希值和所述第二哈希值相等,则基于解密后的第一目标签章标签信息,对所述目标传输数据进行还原处理,得到待传输数据。The data restoration module is used to restore the target transmission data based on the decrypted first target signature tag information to obtain the data to be transmitted if it is determined that the first Hash value and the second Hash value are equal.

第四方面,本申请实施例提供一种电子设备,所述电子设备包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现第一方面和第二方面所述的数据传输方法。In a fourth aspect, an embodiment of the present application provides an electronic device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the data transmission method described in the first and second aspects when executing the computer program.

第五方面,本申请实施例提供一种非暂态计算机可读存储介质,非暂态计算机可读存储介质包括计算机程序,所述计算机程序被处理器执行时实现第一方面和第二方面所述的数据传输方法。In a fifth aspect, an embodiment of the present application provides a non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium includes a computer program, and when the computer program is executed by a processor, it implements the data transmission method described in the first aspect and the second aspect.

本申请实施例提供的数据传输方法、系统、电子设备和存储介质,确定网络异常后,获取待传输数据,对待传输数据进行扰乱处理,得到目标传输数据;对目标传输数据进行签章处理,得到第一待处理签章标签信息,对第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;以第一传输网络将目标传输数据传输至接收端,以第二传输网络将第一目标签章标签信息传输至接收端。在数据传输的过程中,将数据和标签信息分开传输,降低传输被截获的风险,即便数据和标签信息被拦截,由于数据是扰乱处理且标签信息是加密处理,因此无法正常获取信息,从而提高了数据传输过程中的安全性及降低了非法行为获取的可能性。The data transmission method, system, electronic device and storage medium provided in the embodiments of the present application, after determining that the network is abnormal, obtains the data to be transmitted, performs a scrambling process on the data to be transmitted, and obtains the target transmission data; performs a signature process on the target transmission data to obtain the first signature label information to be processed, performs encryption processing and invisible feature technology processing on the first signature label information to be processed, and obtains the first target signature label information; transmits the target transmission data to the receiving end via the first transmission network, and transmits the first target signature label information to the receiving end via the second transmission network. In the process of data transmission, the data and label information are transmitted separately to reduce the risk of the transmission being intercepted. Even if the data and label information are intercepted, since the data is scrambled and the label information is encrypted, the information cannot be obtained normally, thereby improving the security of the data transmission process and reducing the possibility of illegal acquisition.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本申请或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the present application or the prior art, a brief introduction will be given below to the drawings required for use in the embodiments or the description of the prior art. Obviously, the drawings described below are some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying any creative work.

图1是本申请实施例提供的数据传输方法的流程示意图之一;FIG1 is a schematic diagram of a data transmission method according to an embodiment of the present invention;

图2是本申请实施例提供的数据传输方法的流程示意图之二;FIG2 is a second flow chart of a data transmission method provided in an embodiment of the present application;

图3是本申请实施例提供的数据传输系统的结构示意图;FIG3 is a schematic diagram of the structure of a data transmission system provided in an embodiment of the present application;

图4是本申请实施例提供的电子设备的结构示意图。FIG. 4 is a schematic diagram of the structure of an electronic device provided in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

为使本申请的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions and advantages of this application clearer, the technical solutions in this application will be clearly and completely described below in conjunction with the drawings in the embodiments of this application. Obviously, the described embodiments are part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this application.

本发明实施例提供了数据传输方法的实施例,需要说明的是,虽然在流程图中示出了逻辑顺序,但是在某些数据下,可以以不同于此处的顺序完成所示出或描述的步骤。The embodiment of the present invention provides an embodiment of the data transmission method. It should be noted that although the logical order is shown in the flow chart, under certain data, the steps shown or described can be completed in an order different from that here.

参照图1,图1是本申请实施例提供的数据传输方法的流程示意图之一。本申请实施例提供一种数据传输方法,应用于发送端,包括:Referring to Figure 1, Figure 1 is a flow chart of a data transmission method provided in an embodiment of the present application. The present application provides a data transmission method, applied to a sending end, comprising:

步骤101,确定网络异常后,获取待传输数据,并对所述待传输数据进行扰乱处理,得到目标传输数据。Step 101, after determining that the network is abnormal, obtain the data to be transmitted, and perform a disturbance process on the data to be transmitted to obtain the target transmission data.

本发明实施例以发送端作为执行主体为例对数据传输方法进行描述,发送端包括但不限制于发送设备,发送端用于将信息转换为适合传输的信号,并将其发送到通信信道的设备或系统。The embodiment of the present invention describes the data transmission method by taking the sending end as the execution subject as an example. The sending end includes but is not limited to a sending device, which is used to convert information into a signal suitable for transmission and send it to a device or system of a communication channel.

具体地,在数据进行传输的过程中,发送端检测网络是否存在异常。进一步地,发送端确定网络异常后,获取待传输数据,对待传输数据进行数据类型分类,并对待传输数据进行扰乱处理,得到目标传输数据。其中,数据类型包括但不限制于文档文字类型和图片视频类型,网络异常包括但不限制于拒绝服务(Denial Of Service,DOS)攻击、分布式拒绝服务(Distributed Denial Of Service,DDOS)攻击和中间人(Man-in-the-Middle,MITM)攻击。Specifically, during the data transmission process, the sender detects whether there is an abnormality in the network. Further, after the sender determines that the network is abnormal, it obtains the data to be transmitted, classifies the data type to be transmitted, and performs disturbance processing on the data to be transmitted to obtain the target transmission data. Among them, the data type includes but is not limited to the document text type and the image video type, and the network abnormality includes but is not limited to the Denial of Service (DOS) attack, the Distributed Denial of Service (DDOS) attack and the Man-in-the-Middle (MITM) attack.

需要说明的是,DOS攻击旨在通过向目标服务器或网络发送大量请求或恶意数据包,使其无法正常提供服务或响应合法用户的请求。DDOS攻击通过控制多个计算机或设备,同时向目标服务器发送大量的请求,以超过服务器处理能力,导致服务器无法正常响应合法用户的请求,从而使目标服务器服务不可用或严重受损。MITM攻击通过伪装成合法的通信终端,与通信双方建立连接,使其能够拦截、篡改或窃取通信双方之间的通信数据。It should be noted that a DOS attack aims to send a large number of requests or malicious data packets to the target server or network, making it unable to provide services normally or respond to requests from legitimate users. A DDOS attack controls multiple computers or devices and sends a large number of requests to the target server at the same time, exceeding the server's processing capacity, causing the server to be unable to respond to legitimate users' requests normally, thereby making the target server service unavailable or severely damaged. A MITM attack disguises itself as a legitimate communication terminal and establishes a connection with the communicating parties, enabling it to intercept, tamper with or steal the communication data between the communicating parties.

步骤102,对所述目标传输数据进行签章处理,得到第一待处理签章标签信息,并对所述第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;Step 102, performing signature processing on the target transmission data to obtain first signature label information to be processed, and performing encryption processing and invisible feature technology processing on the first signature label information to be processed to obtain first target signature label information;

步骤103,以第一传输网络将所述目标传输数据传输至接收端,并以第二传输网络将所述第一目标签章标签信息传输至所述接收端。Step 103: transmit the target transmission data to a receiving end via a first transmission network, and transmit the first target signature tag information to the receiving end via a second transmission network.

具体地,发送端对目标传输数据进行签章处理,得到第一待处理签章标签信息,并对第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息。其中,第一待处理签章标签信息包括但不限制于乱码规则对应的还原规则,对第一待处理签章标签信息进行加密处理采用高级加密标准(Advanced Encryption Standard,AES)算法。Specifically, the sending end performs signature processing on the target transmission data to obtain the first signature tag information to be processed, and performs encryption processing and invisible feature technology processing on the first signature tag information to be processed to obtain the first target signature tag information. The first signature tag information to be processed includes but is not limited to the restoration rule corresponding to the garbled rule, and the encryption processing of the first signature tag information to be processed adopts the Advanced Encryption Standard (AES) algorithm.

需要说明的是,还原规则是用于将待传输数据进行扰乱处理后得到的目标传输数据还原为原始可用形式的规则,AES算法采用分组密码的方式,通过字节替代、行移位、列混淆和轮密钥四个步骤,将明文分成固定长度的数据块,并对每个数据块进行加密。不可见特征技术是一种用于隐藏或模糊文本中特定字符或词语的技术,通过在敏感字符或词语中插入特殊的统一码(Unicode)字符或空格,使其在显示时不可见或难以察觉。It should be noted that the restoration rule is a rule used to restore the target transmission data obtained after the data to be transmitted is disturbed to its original usable form. The AES algorithm uses a block cipher to divide the plaintext into fixed-length data blocks through four steps: byte substitution, row shift, column confusion, and round key, and encrypt each data block. Invisible feature technology is a technology used to hide or obscure specific characters or words in text by inserting special Unicode characters or spaces in sensitive characters or words to make them invisible or difficult to detect when displayed.

进一步地,发送端通过第一传输网络将目标传输数据传输至接收端,同时,发送端通过第二传输网络将第一目标签章标签信息和对第一目标签章标签信息加密的第一哈希值传输至接收端。其中,接收端包括但不限制于接收设备,用于从通信信道中接收到传输的信号,并恢复原始的信息内容;对第一目标签章标签信息加密的第一哈希值是发送端通过对第一待处理签章标签信息的原始明文数据进行哈希函数计算得到的;第一传输网络和第二传输网络为不同的传输网络,传输网络是指用于传输信息的网络基础设施,包括有线网络、无线网络以及互联网,传输网络负责将发送端封装好的信息进行传输,并将其送达到接收端。在本发明实施例中,第二传输网络包括但不限制于5G核心网络。Furthermore, the sending end transmits the target transmission data to the receiving end through the first transmission network, and at the same time, the sending end transmits the first target signature tag information and the first hash value encrypted by the first target signature tag information to the receiving end through the second transmission network. Among them, the receiving end includes but is not limited to a receiving device, which is used to receive the transmitted signal from the communication channel and restore the original information content; the first hash value encrypted by the first target signature tag information is obtained by the sending end by performing a hash function calculation on the original plaintext data of the first signature tag information to be processed; the first transmission network and the second transmission network are different transmission networks, and the transmission network refers to the network infrastructure used to transmit information, including wired networks, wireless networks and the Internet. The transmission network is responsible for transmitting the information encapsulated by the sending end and delivering it to the receiving end. In an embodiment of the present invention, the second transmission network includes but is not limited to a 5G core network.

进一步地,接收端通过第一传输网络接收发送端传输的目标传输数据,同时,接收端通过第二传输网络接收发送端传输的第一目标签章标签信息和对第一目标签章标签信息加密的第一哈希值。Furthermore, the receiving end receives the target transmission data transmitted by the sending end through the first transmission network, and at the same time, the receiving end receives the first target signature tag information and the first hash value encrypted by the first target signature tag information transmitted by the sending end through the second transmission network.

进一步地,接收端通过解密软件开发工具包(Software Development Kit,SDK)、对称密钥以及密文代码,对第一目标签章标签信息进行解密,得到第一目标签章标签信息解密后的明文数据。进一步地,接收端通过第一目标签章标签信息解密后的明文数据进行哈希函数计算,得到对第一目标签章标签信息解密的第二哈希值。Further, the receiving end decrypts the first target signature tag information by decrypting the software development kit (SDK), the symmetric key and the ciphertext code to obtain the decrypted plaintext data of the first target signature tag information. Further, the receiving end performs a hash function calculation on the decrypted plaintext data of the first target signature tag information to obtain a second hash value of the decrypted first target signature tag information.

进一步地,接收端将对第一目标签章标签信息加密的第一哈希值与对第一目标签章标签信息解密的第二哈希值,进行哈希值比较,确定第一哈希值和第二哈希值是否相等。Furthermore, the receiving end compares the first Hash value encrypted by the first target signature tag information with the second Hash value decrypted by the first target signature tag information to determine whether the first Hash value and the second Hash value are equal.

进一步地,若确定第一哈希值和第二哈希值相等,接收端则确定解密后的第一目标签章标签信息通过完整性验证。进一步地,接收端确定目标传输数据的数据类型,根据数据类型,基于解密后的第一目标签章标签信息中的乱码规则对应的还原规则,对目标传输数据进行还原处理,得到待传输数据。Further, if it is determined that the first hash value and the second hash value are equal, the receiving end determines that the decrypted first target signature tag information passes the integrity verification. Further, the receiving end determines the data type of the target transmission data, and according to the data type, based on the restoration rule corresponding to the garbled rule in the decrypted first target signature tag information, restores the target transmission data to obtain the data to be transmitted.

进一步地,若确定第一哈希值和第二哈希值不相等,接收端则确定解密后的第一目标签章标签信息未通过完整性验证,并将第一目标签章标签信息的完整性未通过验证的反馈信息发送至发送端。Furthermore, if it is determined that the first hash value and the second hash value are not equal, the receiving end determines that the decrypted first target signature tag information fails integrity verification, and sends feedback information that the integrity of the first target signature tag information fails to pass the verification to the sending end.

进一步地,发送端接收到接收端发送的反馈信息后,根据反馈信息对目标传输数据进行重新签章处理,得到第二待处理签章标签信息,并对第二待处理签章标签信息进行重新加密处理,得到第二目标签章标签信息。其中,第二目标签章标签信息和第一目标签章标签信息的加密方式是不同的,对第二待处理签章标签信息进行重新加密处理采用非对称加密算法(Rivest-Shamir-Adleman,RSA)。Furthermore, after receiving the feedback information sent by the receiving end, the sending end re-signs the target transmission data according to the feedback information to obtain the second signature tag information to be processed, and re-encrypts the second signature tag information to be processed to obtain the second target signature tag information. The encryption method of the second target signature tag information is different from that of the first target signature tag information, and the re-encryption of the second signature tag information to be processed adopts an asymmetric encryption algorithm (Rivest-Shamir-Adleman, RSA).

进一步地,发送端通过5G核心网络,将加密处理后的第二目标签章标签信息发送至接收端。进一步地,接收端通过5G核心网络接收发送端根据反馈信息重新传输的第二目标签章标签信息,通过RSA算法对第二目标签章标签信息进行解密处理,得到解密后的第二目标签章标签信息。Furthermore, the sending end sends the encrypted second target signature label information to the receiving end through the 5G core network. Furthermore, the receiving end receives the second target signature label information retransmitted by the sending end according to the feedback information through the 5G core network, decrypts the second target signature label information through the RSA algorithm, and obtains the decrypted second target signature label information.

本申请实施例提供的数据传输方法,确定网络异常后,获取待传输数据,对待传输数据进行扰乱处理,得到目标传输数据;对目标传输数据进行签章处理,得到第一待处理签章标签信息,对第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;以第一传输网络将目标传输数据传输至接收端,以第二传输网络将第一目标签章标签信息传输至接收端。在数据传输的过程中,将数据和标签信息分开传输,降低传输被截获的风险,即便数据和标签信息被拦截,由于数据是扰乱处理且标签信息是加密处理,因此无法正常获取信息,从而提高了数据传输过程中的安全性及降低了非法行为获取的可能性。The data transmission method provided in the embodiment of the present application determines that the network is abnormal, obtains the data to be transmitted, performs a scrambling process on the data to be transmitted, and obtains the target transmission data; performs a signature process on the target transmission data to obtain the first signature label information to be processed, performs encryption processing and invisible feature technology processing on the first signature label information to be processed, and obtains the first target signature label information; transmits the target transmission data to the receiving end via the first transmission network, and transmits the first target signature label information to the receiving end via the second transmission network. In the process of data transmission, the data and label information are transmitted separately to reduce the risk of transmission being intercepted. Even if the data and label information are intercepted, since the data is scrambled and the label information is encrypted, the information cannot be obtained normally, thereby improving the security of the data transmission process and reducing the possibility of illegal acquisition.

进一步地,第一目标签章标签信息包括乱码规则对应的还原规则、终端的互联网协议(Internet Protocol,IP)地址、登录账号信息、应用程序标识号(Identity Document,ID)和应用程序密钥ID。Furthermore, the first target signature tag information includes a restoration rule corresponding to the garbled code rule, an Internet Protocol (IP) address of the terminal, login account information, an application identification number (Identity Document, ID) and an application key ID.

需要说明的是,终端的IP地址是指终端设备在网络中的唯一标识,通过IP地址可以实现设备之间的通信;登录账号信息是指用户在使用应用程序时所使用的账号和密码的身份验证信息;应用程序ID是指在开发和使用应用程序时,为了区分不同的应用程序而分配的唯一标识符。应用程序密钥ID是指在使用应用程序接口时,为了验证身份和授权访问而使用的密钥标识符。因此,第一目标签章标签信息可以提供身份验证和追溯数据来源,增加了数据传输的安全性和可信度,并且通过对第一目标签章标签信息进行加密处理,可以防止对第一目标签章标签信息的篡改和伪造,确保传输的第一目标签章标签信息的真实性和完整性。It should be noted that the IP address of the terminal refers to the unique identification of the terminal device in the network, and communication between devices can be achieved through the IP address; the login account information refers to the identity authentication information of the account and password used by the user when using the application; the application ID refers to the unique identifier assigned to distinguish different applications when developing and using applications. The application key ID refers to the key identifier used to verify identity and authorize access when using the application interface. Therefore, the first target signature label information can provide identity authentication and traceability of data sources, increase the security and credibility of data transmission, and by encrypting the first target signature label information, it can prevent tampering and forgery of the first target signature label information, and ensure the authenticity and integrity of the transmitted first target signature label information.

进一步地,步骤101基于所述确定网络异常,包括:Further, step 101, based on the determination of network abnormality, includes:

若确定服务器主机上存在未连接的TCP连接的数量大于第一预设数量,则确定网络异常;或,If it is determined that the number of unconnected TCP connections on the server host is greater than a first preset number, it is determined that the network is abnormal; or,

若确定后台服务器中未使用的数据包的数量大于第二预设数量,或,后台服务器的IP请求异常且源地址虚假,则确定网络异常;或,If it is determined that the number of unused data packets in the background server is greater than the second preset number, or the IP request of the background server is abnormal and the source address is false, then it is determined that the network is abnormal; or,

若确定连接点的安全性能程度值小于预设阈值,或,连接点的网络存在钓鱼行为,则确定网络异常。If it is determined that the security performance level value of the connection point is less than a preset threshold, or there is phishing behavior in the network of the connection point, the network is determined to be abnormal.

具体地,发送端在检测网络是否存在异常的过程中,若确定服务器主机上存在未连接的传输控制协议(Transmission Control Protocol,TCP)连接的数量大于第一预设数量,发送端则确定网络异常,也就是确定网络中存在DOS攻击或DDOS攻击,其中,第一预设数量根据实际情况设定。若确定服务器主机上存在未连接的TCP连接的数量小于或等于第一预设数量,发送端则确定网络中不存在DOS攻击或DDOS攻击。Specifically, during the process of detecting whether there is an abnormality in the network, if the sending end determines that the number of unconnected Transmission Control Protocol (TCP) connections on the server host is greater than a first preset number, the sending end determines that the network is abnormal, that is, determines that a DOS attack or a DDOS attack exists in the network, wherein the first preset number is set according to actual conditions. If it is determined that the number of unconnected TCP connections on the server host is less than or equal to the first preset number, the sending end determines that there is no DOS attack or a DDOS attack in the network.

进一步地,若确定后台服务器中未使用的数据包的数量大于第二预设数量,发送端则确定网络异常,也就是确定网络中存在DOS攻击或DDOS攻击,其中,第二预设数量根据实际情况设定。若确定后台服务器中未使用的数据包的数量小于或等于第二预设数量,发送端则确定网络中不存在DOS攻击或DDOS攻击。Further, if it is determined that the number of unused data packets in the background server is greater than a second preset number, the sending end determines that the network is abnormal, that is, it is determined that there is a DOS attack or a DDOS attack in the network, wherein the second preset number is set according to actual conditions. If it is determined that the number of unused data packets in the background server is less than or equal to the second preset number, the sending end determines that there is no DOS attack or a DDOS attack in the network.

进一步地,若确定后台服务器的IP请求异常且源地址虚假,发送端则确定网络异常,也就是确定网络中存在DOS攻击或DDOS攻击。若确定后台服务器的IP请求正常或源地址真实,发送端则确定网络中不存在DOS攻击或DDOS攻击。Furthermore, if it is determined that the IP request of the backend server is abnormal and the source address is false, the sender determines that the network is abnormal, that is, it determines that there is a DOS attack or DDOS attack in the network. If it is determined that the IP request of the backend server is normal or the source address is real, the sender determines that there is no DOS attack or DDOS attack in the network.

进一步地,若确定连接点的安全性能程度值小于预设阈值,发送端则确定网络异常,也就是确定网络中存在MITM攻击,其中,预设阈值根据实际情况设定。若确定连接点的安全性能程度值大于或等于预设阈值,发送端则确定网络中不存在MITM攻击。Further, if it is determined that the security performance level value of the connection point is less than a preset threshold, the sending end determines that the network is abnormal, that is, it determines that there is a MITM attack in the network, wherein the preset threshold is set according to actual conditions. If it is determined that the security performance level value of the connection point is greater than or equal to the preset threshold, the sending end determines that there is no MITM attack in the network.

进一步地,若确定连接点的网络存在钓鱼行为,发送端则确定网络异常,也就是确定网络中存在MITM攻击。若确定连接点的网络不存在钓鱼行为,发送端则确定网络中不存在MITM攻击。需要说明的是,钓鱼行为通过伪装成合法的通信终端,获取用户的个人信息。Furthermore, if it is determined that there is phishing behavior in the network of the connection point, the sending end determines that the network is abnormal, that is, it determines that there is a MITM attack in the network. If it is determined that there is no phishing behavior in the network of the connection point, the sending end determines that there is no MITM attack in the network. It should be noted that phishing behavior obtains users' personal information by disguising as a legitimate communication terminal.

本发明实施例通过未连接的TCP连接的数量、后台服务器中未使用的数据包的数量以及后台服务器的IP请求异常且源地址虚假,确定网络中是否存在DOS攻击或DDOS攻击,通过连接点的安全性能程度值和连接点的网络中的钓鱼行为,确定网络中是否存在MITM攻击,通过有效地确定网络异常情形,提高网络的安全性能,保护网络和用户的个人信息安全。The embodiment of the present invention determines whether there is a DOS attack or a DDOS attack in the network through the number of unconnected TCP connections, the number of unused data packets in the background server, and the abnormal IP request of the background server with a false source address. It determines whether there is a MITM attack in the network through the security performance level value of the connection point and the phishing behavior in the network of the connection point. By effectively determining the abnormal situation of the network, the security performance of the network is improved, and the security of the network and the personal information of the user is protected.

进一步地,步骤101基于所述对所述待传输数据进行扰乱处理,得到目标传输数据,包括:Further, step 101 obtains target transmission data based on the scrambling of the data to be transmitted, including:

获取所述待传输数据的数据类型;Obtaining the data type of the data to be transmitted;

若确定所述数据类型为文档文字类型,则将所述待传输数据进行打乱处理,得到多段第一子传输数据,并根据第一预设乱码规则对所述多段第一子传输数据进行乱码处理,得到所述目标传输数据;或,If it is determined that the data type is a document text type, the data to be transmitted is scrambled to obtain multiple segments of first sub-transmission data, and the multiple segments of first sub-transmission data are scrambled according to a first preset scrambling rule to obtain the target transmission data; or,

若确定所述数据类型图片视频类型,则将所述待传输数据进行遮挡处理、模糊处理和分切处理,得到多片第二子传输数据,并根据第二预设乱码规则对所述多片第二子传输数据进行乱码处理,得到所述目标传输数据。If the data type is determined to be a picture or video type, the data to be transmitted is subjected to occlusion processing, blurring processing and segmentation processing to obtain multiple pieces of second sub-transmission data, and the multiple pieces of second sub-transmission data are subjected to garbled processing according to a second preset garbled rule to obtain the target transmission data.

具体地,发送端获取待传输数据的数据类型,其中,待传输数据的数据类型包括但不限制于文档文字类型和图片视频类型。Specifically, the sending end obtains the data type of the data to be transmitted, wherein the data type of the data to be transmitted includes but is not limited to a document text type and a picture or video type.

进一步地,若确定数据类型为文档文字类型,发送端则将待传输数据进行打乱处理,得到多段第一子传输数据,因此可以理解为,发送端将待传输的文档文字类型数据进行打乱处理,并通过打乱处理形成多段文档文字数据。进一步地,发送端根据第一预设乱码规则对多段第一子传输数据进行乱码处理,通过乱码处理将多段第一子传输数据转换为乱码形式,得到目标传输数据,其中,第一预设乱码规则根据实际情况设定。Furthermore, if the data type is determined to be a document text type, the sending end scrambles the data to be transmitted to obtain multiple segments of first sub-transmission data. Therefore, it can be understood that the sending end scrambles the document text type data to be transmitted and forms multiple segments of document text data through scrambling. Further, the sending end performs scrambling on the multiple segments of first sub-transmission data according to a first preset scrambling rule, converts the multiple segments of first sub-transmission data into scrambled form through scrambling to obtain target transmission data, wherein the first preset scrambling rule is set according to actual conditions.

进一步地,若确定数据类型为图片视频类型,发送端则将待传输数据进行遮挡处理、模糊处理和分切处理,得到多片第二子传输数据,因此可以理解为,发送端将待传输的图片视频类型数据进行打乱处理,并通过打乱处理形成多片图片视频数据。进一步地,发送端根据第二预设乱码规则对多片第二子传输数据进行乱码处理,通过乱码处理将多片第二子传输数据转换为乱码形式,得到目标传输数据,其中,第二预设乱码规则根据实际情况设定。Furthermore, if the data type is determined to be a picture or video type, the transmitting end performs occlusion processing, blur processing, and segmentation processing on the data to be transmitted to obtain multiple pieces of second sub-transmission data. Therefore, it can be understood that the transmitting end performs scrambling processing on the picture or video type data to be transmitted, and forms multiple pieces of picture or video data through scrambling processing. Furthermore, the transmitting end performs scrambling processing on the multiple pieces of second sub-transmission data according to the second preset scrambling rule, converts the multiple pieces of second sub-transmission data into scrambled form through scrambling processing, and obtains the target transmission data, wherein the second preset scrambling rule is set according to the actual situation.

本发明实施例通过获取待传输数据的数据类型,将待传输数据进行打乱处理,得到子传输数据,并根据不同的数据类型对应的预设乱码规则,对子传输数据进行乱码处理,得到目标传输数据,通过打乱处理和乱码处理,有效地隐藏传输数据的真实内容,使得传输数据在传输过程中难以被解读和破解,并且在传输数据被截获或窃取时,难以被还原出原始数据,提高了传输数据的安全性和抵御攻击的能力。The embodiment of the present invention obtains the data type of the data to be transmitted, scrambles the data to be transmitted to obtain sub-transmission data, and scrambles the sub-transmission data according to preset scrambling rules corresponding to different data types to obtain target transmission data. The scrambling and scrambling processes effectively hide the real content of the transmission data, making it difficult to interpret and crack the transmission data during the transmission process, and it is difficult to restore the original data when the transmission data is intercepted or stolen, thereby improving the security of the transmission data and the ability to resist attacks.

进一步地,步骤103基于所述以第二传输网络将所述第一目标签章标签信息传输至所述接收端,包括:Furthermore, step 103 transmits the first target signature label information to the receiving end based on the second transmission network, including:

通过5G核心网络将所述第一目标签章标签信息传输至5G核心模块,以供所述5G核心模块将所述第一目标签章标签信息传输至所述接收端;Transmitting the first target signature tag information to the 5G core module through the 5G core network, so that the 5G core module transmits the first target signature tag information to the receiving end;

其中,所述5G核心模块将所述第一目标签章标签信息传输至所述接收端具体包括:The 5G core module transmitting the first target signature tag information to the receiving end specifically includes:

所述5G核心模块对所述第一目标签章标签信息的完整性进行验证;若确定所述第一目标签章标签信息的完整性通过验证,所述5G核心模块则通过所述5G核心网络将所述第一目标签章标签信息传输至所述接收端。The 5G core module verifies the integrity of the first target signature tag information; if it is determined that the integrity of the first target signature tag information passes the verification, the 5G core module transmits the first target signature tag information to the receiving end through the 5G core network.

需要说明的是,在第一待处理签章标签信息进行加密处理和不可见特征技术处理之前,发送端通过对第一待处理签章标签信息的原始明文数据进行哈希函数计算,得到对第一目标签章标签信息加密的第一哈希值,进一步地,发送端将第一哈希值和第一目标签章标签信息进行打包,通过5G网络将打包后的第一哈希值和第一目标签章标签信息发送至接收端。It should be noted that before the first signature tag information to be processed is encrypted and processed by invisible feature technology, the sending end performs a hash function calculation on the original plaintext data of the first signature tag information to be processed to obtain the first hash value encrypted for the first target signature tag information. Furthermore, the sending end packages the first hash value and the first target signature tag information, and sends the packaged first hash value and first target signature tag information to the receiving end through the 5G network.

具体地,发送端通过5G核心网络将对第一目标签章标签信息加密的第一哈希值和第一目标签章标签信息传输至5G核心模块。5G核心模块接收到发送端发送的对第一目标签章标签信息加密的第一哈希值和第一目标签章标签信息后,将第一哈希值和第一目标签章标签信息传输至接收端,其中,5G核心模块包括但不限制于5G基站,通过5G核心网络进行数据传输,实现与终端设备之间的通信,提供数据传输和网络连接管理的功能。Specifically, the sending end transmits the first hash value and the first target signature tag information encrypted by the first target signature tag information to the 5G core module through the 5G core network. After receiving the first hash value and the first target signature tag information encrypted by the sending end, the 5G core module transmits the first hash value and the first target signature tag information to the receiving end, wherein the 5G core module includes but is not limited to a 5G base station, performs data transmission through the 5G core network, realizes communication with the terminal device, and provides data transmission and network connection management functions.

需要说明的是,哈希值是一个固定长度的字符串,用于唯一标识数据,并且哈希值的计算是不可逆的过程,哈希值具有唯一性、不可逆性,因此,在验证第一目标签章标签信息完整性的过程中,可以通过对第一目标签章标签信息解密的第二哈希值,与对第一目标签章标签信息加密的第一哈希值进行哈希值比较,以验证第一目标签章标签信息是否被篡改或伪造。It should be noted that the hash value is a string of fixed length that is used to uniquely identify data, and the calculation of the hash value is an irreversible process. The hash value is unique and irreversible. Therefore, in the process of verifying the integrity of the first target signature label information, the second hash value decrypted from the first target signature label information can be compared with the first hash value encrypted from the first target signature label information to verify whether the first target signature label information has been tampered with or forged.

进一步地,5G核心模块将第一哈希值和第一目标签章标签信息传输至接收端具体包括:5G核心模块接收到发送端传输的第一目标签章信息后,通过解密软件开发工具包、对称密钥以及密文代码,对第一目标签章标签信息进行解密,得到第一目标签章标签信息解密后的明文数据。进一步地,5G核心模块通过第一目标签章标签信息解密后的明文数据进行哈希函数计算,得到对第一目标签章标签信息解密的哈希值。Further, the 5G core module transmits the first hash value and the first target signature tag information to the receiving end, specifically including: after the 5G core module receives the first target signature information transmitted by the sending end, the first target signature tag information is decrypted by decrypting the software development kit, the symmetric key and the ciphertext code to obtain the decrypted plaintext data of the first target signature tag information. Further, the 5G core module performs a hash function calculation on the decrypted plaintext data of the first target signature tag information to obtain the decrypted hash value of the first target signature tag information.

进一步地,5G核心模块将对第一目标签章标签信息加密的第一哈希值与对第一目标签章标签信息解密的哈希值,进行哈希值比较,确定对第一目标签章标签信息加密的第一哈希值和对第一目标签章标签信息解密的哈希值是否相等。Furthermore, the 5G core module compares the first hash value encrypted for the first target signature tag information with the hash value decrypted for the first target signature tag information to determine whether the first hash value encrypted for the first target signature tag information and the hash value decrypted for the first target signature tag information are equal.

进一步地,若确定对第一目标签章标签信息加密的第一哈希值和对第一目标签章标签信息解密的哈希值相等,也就是确定第一目标签章标签信息的完整性通过验证,5G核心模块则通过5G核心网络将对第一目标签章标签信息加密的第一哈希值和第一目标签章标签信息传输至接收端。Further, if it is determined that the first hash value encrypted for the first target signature tag information and the hash value decrypted for the first target signature tag information are equal, that is, it is determined that the integrity of the first target signature tag information is verified, the 5G core module transmits the first hash value encrypted for the first target signature tag information and the first target signature tag information to the receiving end through the 5G core network.

本发明实施例通过5G核心网络实现发送端与接收端之间第一目标签章标签信息的传输,并且在进行第一目标签章标签信息的传输过程中,对第一目标签章标签信息的完整性进行验证,通过5G核心网络安全强化传输第一目标签章标签信息的方法,并且在攻击发生之前,检测网络异常情形,通过5G核心模块对与设备相关的程序库进行验证,确保传输的第一目标签章标签信息的完整性和机密性,同时对用户的个人信息进行模糊化和虚拟化,减少潜藏的网络安全风险。The embodiment of the present invention realizes the transmission of the first target signature tag information between the sending end and the receiving end through the 5G core network, and verifies the integrity of the first target signature tag information during the transmission of the first target signature tag information. The method of securely strengthening the transmission of the first target signature tag information through the 5G core network is used, and before the attack occurs, the network abnormality is detected, and the program library related to the device is verified through the 5G core module to ensure the integrity and confidentiality of the transmitted first target signature tag information, and at the same time, the user's personal information is blurred and virtualized to reduce potential network security risks.

进一步地,参照图2,图2是本申请实施例提供的数据传输方法的流程示意图之一。本申请实施例提供一种数据传输方法,应用于接收端,包括:Further, referring to Figure 2, Figure 2 is one of the flow charts of the data transmission method provided in the embodiment of the present application. The embodiment of the present application provides a data transmission method, applied to a receiving end, comprising:

步骤201,接收发送端传输的目标传输数据和第一目标签章标签信息;Step 201, receiving target transmission data and first target signature tag information transmitted by a sending end;

步骤202,获取对所述第一目标签章标签信息加密的第一哈希值,并获取对所述第一目标签章标签信息解密的第二哈希值,并确定所述第一哈希值和所述第二哈希值是否相等;Step 202, obtaining a first Hash value encrypted from the first target signature label information, obtaining a second Hash value decrypted from the first target signature label information, and determining whether the first Hash value and the second Hash value are equal;

步骤203,若确定所述第一哈希值和所述第二哈希值相等,则基于解密后的第一目标签章标签信息,对所述目标传输数据进行还原处理,得到待传输数据。Step 203: If it is determined that the first Hash value and the second Hash value are equal, the target transmission data is restored based on the decrypted first target signature tag information to obtain the data to be transmitted.

具体地,接收端接收发送端传输的目标传输数据、第一目标签章标签信息和第一哈希值,也就是说,接收端通过5G核心网络接收发送端传输的第一目标签章标签信息和第一哈希值,同时,接收端通过第一传输网络接收发送端传输的目标传输数据。Specifically, the receiving end receives the target transmission data, the first target signature tag information and the first hash value transmitted by the sending end. That is, the receiving end receives the first target signature tag information and the first hash value transmitted by the sending end through the 5G core network. At the same time, the receiving end receives the target transmission data transmitted by the sending end through the first transmission network.

进一步地,接收端通过解密软件开发工具包、对称密钥以及密文代码,对第一目标签章标签信息进行解密,得到第一目标签章标签信息解密后的明文数据。进一步地,接收端通过第一目标签章标签信息解密后的明文数据进行哈希函数计算,得到对第一目标签章标签信息解密的第二哈希值,并获取对第一目标签章标签信息加密的第一哈希值。Further, the receiving end decrypts the first target signature tag information by decrypting the software development kit, the symmetric key and the ciphertext code, and obtains the plaintext data of the first target signature tag information after decryption. Further, the receiving end performs a hash function calculation on the plaintext data of the first target signature tag information after decryption, obtains the second hash value of the first target signature tag information decrypted, and obtains the first hash value of the first target signature tag information encrypted.

进一步地,接收端将对第一目标签章标签信息加密的第一哈希值与对第一目标签章标签信息解密的第二哈希值,进行哈希值比较,确定第一哈希值和第二哈希值是否相等。Furthermore, the receiving end compares the first Hash value encrypted by the first target signature tag information with the second Hash value decrypted by the first target signature tag information to determine whether the first Hash value and the second Hash value are equal.

进一步地,若确定第一哈希值和第二哈希值相等,接收端则确定解密后的第一目标签章标签信息通过完整性验证。进一步地,接收端确定目标传输数据的数据类型,根据数据类型,基于解密后的第一目标签章标签信息中的乱码规则对应的还原规则,对目标传输数据进行还原处理,得到待传输数据。Further, if it is determined that the first hash value and the second hash value are equal, the receiving end determines that the decrypted first target signature tag information passes the integrity verification. Further, the receiving end determines the data type of the target transmission data, and according to the data type, based on the restoration rule corresponding to the garbled rule in the decrypted first target signature tag information, restores the target transmission data to obtain the data to be transmitted.

因此可以理解为,若确定目标传输数据的数据类型为文档文字类型,接收端则基于解密后的第一目标签章标签信息中的乱码规则对应的还原规则,对目标传输数据进行乱码还原,并按照打乱顺序反向组合排布,得到待传输数据。若确定目标传输数据的数据类型为图片视频类型,接收端则基于解密后的第一目标签章标签信息中的乱码规则对应的还原规则,对目标传输数据进行乱码还原,并将分切的图片视频进行还原、组合、去模糊和去遮挡,得到待传输数据。Therefore, it can be understood that if the data type of the target transmission data is determined to be a document text type, the receiving end will restore the target transmission data based on the restoration rule corresponding to the garbled rule in the decrypted first target signature label information, and reversely combine and arrange it in the scrambled order to obtain the data to be transmitted. If the data type of the target transmission data is determined to be a picture or video type, the receiving end will restore the target transmission data based on the restoration rule corresponding to the garbled rule in the decrypted first target signature label information, and restore, combine, deblur and de-occlude the cut pictures and videos to obtain the data to be transmitted.

本发明实施例通过获取对第一目标签章标签信息加密的第一哈希值和对第一目标签章标签信息解密的第二哈希值,将第一哈希值和第二哈希值进行哈希值比较,确定第一哈希值和第二哈希值相等,基于解密后的第一目标签章标签信息中的乱码规则对应的还原规则,对目标传输数据进行还原处理,得到待传输数据,通过哈希值比较,确保第一目标签章标签信息的完整性和安全性,防止第一目标签章标签信息被篡改或者伪造,进而基于还原规则,将签章标签信息还原为原始可读形式,提高了信息的可读性和可理解性。The embodiment of the present invention obtains a first hash value encrypted by the first target signature label information and a second hash value decrypted by the first target signature label information, performs hash value comparison on the first hash value and the second hash value, determines that the first hash value and the second hash value are equal, and restores the target transmission data based on a restoration rule corresponding to the garbled rule in the decrypted first target signature label information to obtain the data to be transmitted. Through hash value comparison, the integrity and security of the first target signature label information are ensured to prevent the first target signature label information from being tampered with or forged, and then based on the restoration rule, the signature label information is restored to its original readable form, thereby improving the readability and comprehensibility of the information.

进一步地,所述确定所述第一哈希值和所述第二哈希值是否相等之后,还包括:Further, after determining whether the first Hash value and the second Hash value are equal, the method further includes:

若确定所述第一哈希值和所述第二哈希值不相等,则发送所述第一目标签章标签信息的完整性未通过验证的反馈信息至所述发送端,并接收所述发送端根据反馈信息重新传输的第二目标签章标签信息;If it is determined that the first hash value and the second hash value are not equal, sending feedback information that the integrity of the first target signature label information has not been verified to the sending end, and receiving the second target signature label information retransmitted by the sending end according to the feedback information;

其中,所述发送端重新生成所述第二目标签章标签信息具体包括:The sending end regenerating the second target signature tag information specifically includes:

所述发送端根据所述反馈信息对目标传输数据进行重新签章处理,得到第二待处理签章标签信息,并对所述第二待处理签章标签信息进行重新加密处理,得到所述第二目标签章标签信息;所述第二目标签章标签信息和所述第一目标签章标签信息的加密方式是不同的。The sending end re-signs the target transmission data according to the feedback information to obtain second signature label information to be processed, and re-encrypts the second signature label information to be processed to obtain the second target signature label information; the encryption method of the second target signature label information and the first target signature label information is different.

具体地,若确定第一哈希值和第二哈希值不相等,接收端则确定解密后的第一目标签章标签信息未通过完整性验证,并将第一目标签章标签信息的完整性未通过验证的反馈信息发送至发送端。Specifically, if it is determined that the first hash value and the second hash value are not equal, the receiving end determines that the decrypted first target signature tag information fails the integrity verification, and sends feedback information that the integrity of the first target signature tag information fails the verification to the sending end.

进一步地,发送端接收到接收端发送的反馈信息后,根据反馈信息对目标传输数据进行重新签章处理,得到第二待处理签章标签信息,并对第二待处理签章标签信息进行重新加密处理,得到第二目标签章标签信息,其中,第二目标签章标签信息和第一目标签章标签信息的加密方式是不同的,对第二待处理签章标签信息进行重新加密处理采用RSA算法。需要说明的是,对第二目标签章标签信息进行解密处理时,由于RSA算法是非对称加密算法,因此需要采用RSA算法进行解密。Furthermore, after receiving the feedback information sent by the receiving end, the sending end re-signs the target transmission data according to the feedback information to obtain the second signature label information to be processed, and re-encrypts the second signature label information to be processed to obtain the second target signature label information, wherein the encryption method of the second target signature label information is different from that of the first target signature label information, and the RSA algorithm is used to re-encrypt the second signature label information to be processed. It should be noted that when decrypting the second target signature label information, since the RSA algorithm is an asymmetric encryption algorithm, the RSA algorithm needs to be used for decryption.

进一步地,发送端通过5G核心网络,将加密处理后的第二目标签章标签信息发送至接收端。进一步地,接收端通过5G核心网络接收发送端根据反馈信息重新传输的第二目标签章标签信息,通过RSA算法对第二目标签章标签信息进行解密处理,得到解密后的第二目标签章标签信息。Furthermore, the sending end sends the encrypted second target signature label information to the receiving end through the 5G core network. Furthermore, the receiving end receives the second target signature label information retransmitted by the sending end according to the feedback information through the 5G core network, decrypts the second target signature label information through the RSA algorithm, and obtains the decrypted second target signature label information.

本发明实施例接收端通过反馈信息告知发送端第一目标签章标签信息的完整性未通过验证,以使发送端重新生成第二目标签章标签信息,确保了第二目标签章标签信息的安全性和机密性,由于第二目标签章标签信息是加密处理的,因此无法正常获取信息,从而提高了数据传输过程中的安全性及降低了非法行为获取的可能性。In the embodiment of the present invention, the receiving end informs the sending end through feedback information that the integrity of the first target signature label information has not passed the verification, so that the sending end regenerates the second target signature label information, thereby ensuring the security and confidentiality of the second target signature label information. Since the second target signature label information is encrypted, the information cannot be obtained normally, thereby improving the security of the data transmission process and reducing the possibility of illegal acquisition.

下面对本申请实施例提供的数据传输系统进行描述,下文描述的数据传输系统与上文描述的数据传输方法可相互对应参照。The data transmission system provided in an embodiment of the present application is described below. The data transmission system described below and the data transmission method described above can be referenced to each other.

参考图3,图3是本申请实施例提供的数据传输系统的结构示意图,本申请实施例提供的数据传输系统包括扰乱处理模块301、签章加密模块302、数据传输模块303、签章接收模块304、签章验证模块305和数据还原模块306。Refer to Figure 3, which is a structural diagram of the data transmission system provided in an embodiment of the present application. The data transmission system provided in an embodiment of the present application includes a disturbance processing module 301, a signature encryption module 302, a data transmission module 303, a signature receiving module 304, a signature verification module 305 and a data restoration module 306.

扰乱处理模块301,用于确定网络异常后,获取待传输数据,并对所述待传输数据进行扰乱处理,得到目标传输数据;The disturbance processing module 301 is used to obtain the data to be transmitted after determining that the network is abnormal, and perform disturbance processing on the data to be transmitted to obtain the target transmission data;

签章加密模块302,用于对所述目标传输数据进行签章处理,得到第一待处理签章标签信息,并对所述第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;The signature encryption module 302 is used to perform signature processing on the target transmission data to obtain first signature label information to be processed, and perform encryption processing and invisible feature technology processing on the first signature label information to be processed to obtain first target signature label information;

数据传输模块303,用于以第一传输网络将所述目标传输数据传输至接收端,并以第二传输网络将所述第一目标签章标签信息传输至所述接收端;所述第一传输网络和所述第二传输网络为不同的传输网络;The data transmission module 303 is used to transmit the target transmission data to the receiving end through a first transmission network, and to transmit the first target signature label information to the receiving end through a second transmission network; the first transmission network and the second transmission network are different transmission networks;

签章接收模块304,用于接收发送端传输的目标传输数据和第一目标签章标签信息;The signature receiving module 304 is used to receive the target transmission data and the first target signature tag information transmitted by the sending end;

签章验证模块305,用于获取对所述第一目标签章标签信息加密的第一哈希值,并获取对所述第一目标签章标签信息解密的第二哈希值,并确定所述第一哈希值和所述第二哈希值是否相等;The signature verification module 305 is used to obtain a first hash value encrypted from the first target signature label information, obtain a second hash value decrypted from the first target signature label information, and determine whether the first hash value and the second hash value are equal;

数据还原模块306,用于若确定所述第一哈希值和所述第二哈希值相等,则基于解密后的第一目标签章标签信息,对所述目标传输数据进行还原处理,得到待传输数据。The data restoration module 306 is configured to restore the target transmission data based on the decrypted first target signature tag information to obtain the data to be transmitted if it is determined that the first hash value is equal to the second hash value.

在一个实施例中,扰乱处理模块301还用于:In one embodiment, the disturbance processing module 301 is further configured to:

若确定服务器主机上存在未连接的TCP连接的数量大于第一预设数量,则确定网络异常;或,If it is determined that the number of unconnected TCP connections on the server host is greater than a first preset number, it is determined that the network is abnormal; or,

若确定后台服务器中未使用的数据包的数量大于第二预设数量,或,后台服务器的IP请求异常且源地址虚假,则确定网络异常;或,If it is determined that the number of unused data packets in the background server is greater than the second preset number, or the IP request of the background server is abnormal and the source address is false, then it is determined that the network is abnormal; or,

若确定连接点的安全性能程度值小于预设阈值,或,连接点的网络存在钓鱼行为,则确定网络异常。If it is determined that the security performance level value of the connection point is less than a preset threshold, or there is phishing behavior in the network of the connection point, the network is determined to be abnormal.

在一个实施例中,扰乱处理模块301还用于:In one embodiment, the disturbance processing module 301 is further configured to:

获取所述待传输数据的数据类型;Obtaining the data type of the data to be transmitted;

若确定所述数据类型为文档文字类型,则将所述待传输数据进行打乱处理,得到多段第一子传输数据,并根据第一预设乱码规则对所述多段第一子传输数据进行乱码处理,得到所述目标传输数据;或,If it is determined that the data type is a document text type, the data to be transmitted is scrambled to obtain multiple segments of first sub-transmission data, and the multiple segments of first sub-transmission data are scrambled according to a first preset scrambling rule to obtain the target transmission data; or,

若确定所述数据类型图片视频类型,则将所述待传输数据进行遮挡处理、模糊处理和分切处理,得到多片第二子传输数据,并根据第二预设乱码规则对所述多片第二子传输数据进行乱码处理,得到所述目标传输数据。If the data type is determined to be a picture or video type, the data to be transmitted is subjected to occlusion processing, blurring processing and segmentation processing to obtain multiple pieces of second sub-transmission data, and the multiple pieces of second sub-transmission data are subjected to garbled processing according to a second preset garbled rule to obtain the target transmission data.

在一个实施例中,数据传输模块303还用于:In one embodiment, the data transmission module 303 is further used to:

通过5G核心网络将所述第一目标签章标签信息传输至5G核心模块,以供所述5G核心模块将所述第一目标签章标签信息传输至所述接收端;Transmitting the first target signature tag information to the 5G core module through the 5G core network, so that the 5G core module transmits the first target signature tag information to the receiving end;

其中,所述5G核心模块将所述第一目标签章标签信息传输至所述接收端具体包括:The 5G core module transmitting the first target signature tag information to the receiving end specifically includes:

所述5G核心模块对所述第一目标签章标签信息的完整性进行验证;若确定所述第一目标签章标签信息的完整性通过验证,所述5G核心模块则通过所述5G核心网络将所述第一目标签章标签信息传输至所述接收端。The 5G core module verifies the integrity of the first target signature tag information; if it is determined that the integrity of the first target signature tag information passes the verification, the 5G core module transmits the first target signature tag information to the receiving end through the 5G core network.

在一个实施例中,签章验证模块305还用于:In one embodiment, the signature verification module 305 is further used to:

若确定所述第一哈希值和所述第二哈希值不相等,则发送所述第一目标签章标签信息的完整性未通过验证的反馈信息至所述发送端,并接收所述发送端根据反馈信息重新传输的第二目标签章标签信息;If it is determined that the first hash value and the second hash value are not equal, sending feedback information that the integrity of the first target signature label information has not been verified to the sending end, and receiving the second target signature label information retransmitted by the sending end according to the feedback information;

其中,所述发送端重新生成所述第二目标签章标签信息具体包括:The sending end regenerating the second target signature tag information specifically includes:

所述发送端根据所述反馈信息对目标传输数据进行重新签章处理,得到第二待处理签章标签信息,并对所述第二待处理签章标签信息进行重新加密处理,得到所述第二目标签章标签信息;所述第二目标签章标签信息和所述第一目标签章标签信息的加密方式是不同的。The sending end re-signs the target transmission data according to the feedback information to obtain second signature label information to be processed, and re-encrypts the second signature label information to be processed to obtain the second target signature label information; the encryption method of the second target signature label information and the first target signature label information is different.

本申请实施例提供的数据传输系统,确定网络异常后,获取待传输数据,对待传输数据进行扰乱处理,得到目标传输数据;对目标传输数据进行签章处理,得到第一待处理签章标签信息,对第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;以第一传输网络将目标传输数据传输至接收端,以第二传输网络将第一目标签章标签信息传输至接收端。在数据传输的过程中,将数据和标签信息分开传输,降低传输被截获的风险,即便数据和标签信息被拦截,由于数据是扰乱处理且标签信息是加密处理,因此无法正常获取信息,从而提高了数据传输过程中的安全性及降低了非法行为获取的可能性。The data transmission system provided by the embodiment of the present application determines that the network is abnormal, obtains the data to be transmitted, performs a scrambling process on the data to be transmitted, and obtains the target transmission data; performs a signature process on the target transmission data to obtain the first signature label information to be processed, performs encryption processing and invisible feature technology processing on the first signature label information to be processed, and obtains the first target signature label information; transmits the target transmission data to the receiving end via the first transmission network, and transmits the first target signature label information to the receiving end via the second transmission network. In the process of data transmission, the data and label information are transmitted separately to reduce the risk of transmission being intercepted. Even if the data and label information are intercepted, since the data is scrambled and the label information is encrypted, the information cannot be obtained normally, thereby improving the security of the data transmission process and reducing the possibility of illegal acquisition.

图4示例了一种电子设备的实体结构示意图,如图4所示,该电子设备可以包括:处理器(processor)410、通信接口(Communication Interface)420、存储器(memory)430和通信总线440,其中,处理器410,通信接口420,存储器430通过通信总线440完成相互间的通信。处理器410可以调用存储器430中的计算机程序,以执行数据传输方法的步骤,例如包括:FIG4 illustrates a schematic diagram of the physical structure of an electronic device. As shown in FIG4 , the electronic device may include: a processor 410, a communication interface 420, a memory 430, and a communication bus 440, wherein the processor 410, the communication interface 420, and the memory 430 communicate with each other through the communication bus 440. The processor 410 may call a computer program in the memory 430 to execute the steps of the data transmission method, for example, including:

确定网络异常后,获取待传输数据,并对所述待传输数据进行扰乱处理,得到目标传输数据;After determining that the network is abnormal, obtaining the data to be transmitted, and performing a disruptive process on the data to be transmitted to obtain the target transmission data;

对所述目标传输数据进行签章处理,得到第一待处理签章标签信息,并对所述第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;Performing signature processing on the target transmission data to obtain first signature label information to be processed, and performing encryption processing and invisible feature technology processing on the first signature label information to be processed to obtain first target signature label information;

以第一传输网络将所述目标传输数据传输至接收端,并以第二传输网络将所述第一目标签章标签信息传输至所述接收端;所述第一传输网络和所述第二传输网络为不同的传输网络。The target transmission data is transmitted to the receiving end via a first transmission network, and the first target signature label information is transmitted to the receiving end via a second transmission network; the first transmission network and the second transmission network are different transmission networks.

此外,上述的存储器430中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the logic instructions in the above-mentioned memory 430 can be implemented in the form of a software functional unit and can be stored in a computer-readable storage medium when it is sold or used as an independent product. Based on this understanding, the technical solution of the present application can be essentially or partly embodied in the form of a software product that contributes to the prior art, and the computer software product is stored in a storage medium, including several instructions to enable a computer device (which can be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage medium includes: various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a disk or an optical disk.

另一方面,本申请实施例还提供一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质包括计算机程序,所述计算机程序可存储在非暂态计算机可读存储介质上,所述计算机程序被处理器执行时,计算机能够执行上述各实施例所提供的数据传输方法的步骤,例如包括:On the other hand, an embodiment of the present application further provides a non-transitory computer-readable storage medium, wherein the non-transitory computer-readable storage medium includes a computer program, and the computer program can be stored on the non-transitory computer-readable storage medium. When the computer program is executed by a processor, the computer can perform the steps of the data transmission method provided in the above embodiments, for example, including:

确定网络异常后,获取待传输数据,并对所述待传输数据进行扰乱处理,得到目标传输数据;After determining that the network is abnormal, obtaining the data to be transmitted, and performing a disruptive process on the data to be transmitted to obtain the target transmission data;

对所述目标传输数据进行签章处理,得到第一待处理签章标签信息,并对所述第一待处理签章标签信息进行加密处理和不可见特征技术处理,得到第一目标签章标签信息;Performing signature processing on the target transmission data to obtain first signature label information to be processed, and performing encryption processing and invisible feature technology processing on the first signature label information to be processed to obtain first target signature label information;

以第一传输网络将所述目标传输数据传输至接收端,并以第二传输网络将所述第一目标签章标签信息传输至所述接收端;所述第一传输网络和所述第二传输网络为不同的传输网络。The target transmission data is transmitted to the receiving end via a first transmission network, and the first target signature label information is transmitted to the receiving end via a second transmission network; the first transmission network and the second transmission network are different transmission networks.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the scheme of this embodiment. Ordinary technicians in this field can understand and implement it without paying creative labor.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that each implementation method can be implemented by means of software plus a necessary general hardware platform, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solution is essentially or the part that contributes to the prior art can be embodied in the form of a software product, and the computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, a disk, an optical disk, etc., including a number of instructions for a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods described in each embodiment or some parts of the embodiments.

最后应说明的是:以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present application, rather than to limit it. Although the present application has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that they can still modify the technical solutions described in the aforementioned embodiments, or make equivalent replacements for some of the technical features therein. However, these modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. The data transmission method is characterized by being applied to a transmitting end and comprising the following steps:
after determining network abnormality, acquiring data to be transmitted, and performing scrambling processing on the data to be transmitted to obtain target transmission data;
performing signature processing on the target transmission data to obtain first signature label information to be processed, and performing encryption processing and invisible feature technical processing on the first signature label information to be processed to obtain first target signature label information;
transmitting the target transmission data to a receiving end through a first transmission network, and transmitting the first target signature label information to the receiving end through a second transmission network; the first transport network and the second transport network are different transport networks.
2. The data transmission method according to claim 1, wherein the transmitting the first target signature tag information to the receiving end via the second transmission network includes:
Transmitting the first target signature tag information to a 5G core module through a 5G core network so that the 5G core module can transmit the first target signature tag information to the receiving end;
the transmitting, by the 5G core module, the first target signature tag information to the receiving end specifically includes:
The 5G core module verifies the integrity of the first target signature tag information; and if the integrity of the first target signature label information is confirmed to pass verification, the 5G core module transmits the first target signature label information to the receiving end through the 5G core network.
3. The data transmission method according to claim 1, wherein the scrambling the data to be transmitted to obtain target transmission data includes:
acquiring the data type of the data to be transmitted;
if the data type is determined to be the document text type, scrambling the data to be transmitted to obtain multiple sections of first sub-transmission data, and scrambling the multiple sections of first sub-transmission data according to a first preset scrambling rule to obtain the target transmission data; or alternatively, the first and second heat exchangers may be,
If the data type picture video type is determined, carrying out shielding processing, blurring processing and slitting processing on the data to be transmitted to obtain a plurality of pieces of second sub-transmission data, and carrying out scrambling processing on the plurality of pieces of second sub-transmission data according to a second preset scrambling rule to obtain the target transmission data.
4. The data transmission method according to claim 1, wherein the determining of the network anomaly comprises:
if the number of the unconnected TCP connections on the server host is determined to be larger than the first preset number, determining that the network is abnormal; or alternatively, the first and second heat exchangers may be,
If the number of unused data packets in the background server is determined to be larger than the second preset number, or if the IP request of the background server is abnormal and the source address is false, determining that the network is abnormal; or alternatively, the first and second heat exchangers may be,
If the security performance degree value of the connection point is smaller than the preset threshold value, or the network of the connection point has fishing behavior, determining that the network is abnormal.
5. The data transmission method according to any one of claims 1 to 4, wherein the first target signature tag information includes a restore rule corresponding to a scrambling code rule, an IP address of a terminal, login account information, an application ID, and an application key ID.
6. A data transmission method, applied to a receiving end, comprising:
receiving target transmission data and first target signature label information transmitted by a transmitting end;
Acquiring a first hash value for encrypting the first target signature tag information, acquiring a second hash value for decrypting the first target signature tag information, and determining whether the first hash value and the second hash value are equal;
And if the first hash value is equal to the second hash value, restoring the target transmission data based on the decrypted first target signature label information to obtain the data to be transmitted.
7. The method of data transmission according to claim 6, wherein after determining whether the first hash value and the second hash value are equal, further comprising:
if the first hash value and the second hash value are determined to be unequal, sending feedback information that the integrity of the first target signature label information is not verified to the sending end, and receiving second target signature label information retransmitted by the sending end according to the feedback information;
The step of the sender regenerating the second target signature label information specifically includes:
The sending end performs re-signing processing on the target transmission data according to the feedback information to obtain second to-be-processed signature tag information, and performs re-encryption processing on the second to-be-processed signature tag information to obtain second target signature tag information; the second target signature tag information and the first target signature tag information are encrypted in different manners.
8. A data transmission system, comprising:
the disturbing processing module is used for acquiring data to be transmitted after network abnormality is determined, and disturbing the data to be transmitted to obtain target transmission data;
the signature encryption module is used for performing signature processing on the target transmission data to obtain first signature label information to be processed, and performing encryption processing and invisible feature technology processing on the first signature label information to be processed to obtain first target signature label information;
The data transmission module is used for transmitting the target transmission data to a receiving end through a first transmission network and transmitting the first target signature label information to the receiving end through a second transmission network; the first transmission network and the second transmission network are different transmission networks;
the signature receiving module is used for receiving the target transmission data and the first target signature label information transmitted by the transmitting end;
The signature verification module is used for obtaining a first hash value for encrypting the first target signature label information, obtaining a second hash value for decrypting the first target signature label information and determining whether the first hash value and the second hash value are equal;
And the data restoration module is used for restoring the target transmission data based on the decrypted first target signature label information if the first hash value is equal to the second hash value, so as to obtain the data to be transmitted.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the data transmission method of any of claims 1 to 5, or 6 to 7 when executing the computer program.
10. A non-transitory computer readable storage medium comprising a computer program, characterized in that the computer program, when executed by a processor, implements the data transmission method of any one of claims 1 to 5, or 6 to 7.
CN202310827408.5A 2023-07-06 2023-07-06 Data transmission method, system, electronic device and storage medium Pending CN118803734A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310827408.5A CN118803734A (en) 2023-07-06 2023-07-06 Data transmission method, system, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310827408.5A CN118803734A (en) 2023-07-06 2023-07-06 Data transmission method, system, electronic device and storage medium

Publications (1)

Publication Number Publication Date
CN118803734A true CN118803734A (en) 2024-10-18

Family

ID=93022169

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310827408.5A Pending CN118803734A (en) 2023-07-06 2023-07-06 Data transmission method, system, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN118803734A (en)

Similar Documents

Publication Publication Date Title
CN105450406B (en) The method and apparatus of data processing
US8037295B2 (en) Hardware-bonded credential manager method and system
CN103079200B (en) The authentication method of a kind of wireless access, system and wireless router
US10594479B2 (en) Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device
CN113806772A (en) Information encryption transmission method and device based on block chain
US20130103944A1 (en) Hypertext Link Verification In Encrypted E-Mail For Mobile Devices
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
CN109274644A (en) Data processing method, terminal and watermark server
CN114385987A (en) Dynamic multi-factor identity authentication and certification method and storage medium
CN115442132A (en) Method, device and storage medium for client and server data encryption transmission
CN116743470A (en) Service data encryption processing method and device
CN108141353B (en) Method and device for upgrading cryptographic algorithm
CN116743460A (en) Data exchange isolation method, system, equipment and storage medium for internal and external network
CN112291248A (en) Method and equipment for protecting HTTPS DDoS attack
CN110572392A (en) Identity authentication method based on HyperLegger network
CN112398832B (en) Service end user data encryption method and decryption method
CN113672973A (en) Database system of embedded equipment based on RISC-V architecture of trusted execution environment
CN113726752A (en) Encryption method for network security
CN117156213A (en) Method and system for realizing safe transmission of internet television content
CA2793422A1 (en) Hypertext link verification in encrypted e-mail for mobile devices
CN118803734A (en) Data transmission method, system, electronic device and storage medium
CN113411347B (en) Transaction message processing method and processing device
CN113037490A (en) WEB access verification method, WEB access method, computer device, and storage medium
Caytiles et al. ECC based authentication scheme for securing data contents over open wireless network systems
CN119814297B (en) Data processing method, service side, client, storage medium and computer program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination