CN105554001B - Encryption-based communication method and system - Google Patents

Encryption-based communication method and system Download PDF

Info

Publication number
CN105554001B
CN105554001B CN201510982203.XA CN201510982203A CN105554001B CN 105554001 B CN105554001 B CN 105554001B CN 201510982203 A CN201510982203 A CN 201510982203A CN 105554001 B CN105554001 B CN 105554001B
Authority
CN
China
Prior art keywords
service
compression
encryption
link library
dynamic link
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510982203.XA
Other languages
Chinese (zh)
Other versions
CN105554001A (en
Inventor
魏钦刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201510982203.XA priority Critical patent/CN105554001B/en
Publication of CN105554001A publication Critical patent/CN105554001A/en
Application granted granted Critical
Publication of CN105554001B publication Critical patent/CN105554001B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides a communication method and a system based on encryption, wherein the method comprises the following steps: when receiving a service operation instruction, a client determines service data; encrypting the service data by adopting a preset encryption mode, wherein the encryption mode has an encryption identifier; embedding the service data and the encrypted identifier into a service request; and sending the service request to the server through a uniform interface for service processing. The embodiment of the invention reduces the risk of analyzing and cracking the interface pertinently and increases the safety of communication.

Description

一种基于加密的通信方法和系统An encryption-based communication method and system

技术领域technical field

本发明涉及通信技术领域,特别是涉及一种基于加密的通信方法和一种基于加密的通信系统。The present invention relates to the technical field of communication, in particular to an encryption-based communication method and an encryption-based communication system.

背景技术Background technique

随着互联网的发展,许多应用需要连接网络,与服务器进行数据处理,例如,邮箱客户端需要从邮箱服务器中加载电子邮件、即时通讯客户端需要从即时通讯服务器中加载会话消息、浏览器需要从网页服务器加载网页,等等。With the development of the Internet, many applications need to connect to the network and perform data processing with the server. For example, the mailbox client needs to load emails from the mailbox server, the instant messaging client needs to load the session message from the instant messaging server, and the browser needs to load emails from the instant messaging server. The web server loads the web page, and so on.

对于某些重要的业务场景,客户端和服务端的通信一般对第三方保密,即对通信内容做一定的加密。For some important business scenarios, the communication between the client and the server is generally kept secret from the third party, that is, the communication content is encrypted to a certain extent.

传统的方式有增加校验码,验证请求是否合法,或者对参数进行加密,配合公钥和私钥进行参数的加解密,等等。The traditional methods include adding a check code, verifying whether the request is legal, or encrypting parameters, and encrypting and decrypting parameters with the public key and private key, and so on.

但是,针对某个业务请求中,还是需要带上一定的路径信息,这样,不法分子就会恶意抓包的人,分析哪些接口比较重要,然后针对性地分析破解,安全性较低。However, for a certain service request, it is still necessary to bring certain path information, so that criminals will maliciously capture packets, analyze which interfaces are more important, and then analyze and crack them in a targeted manner, which is less secure.

发明内容SUMMARY OF THE INVENTION

鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的一种基于加密的通信方法和相应的一种基于加密的通信系统。In view of the above problems, the present invention is proposed to provide an encryption-based communication method and a corresponding encryption-based communication system that overcome the above problems or at least partially solve the above problems.

依据本发明的一个方面,提供了一种基于加密的通信方法,包括:According to one aspect of the present invention, an encryption-based communication method is provided, comprising:

客户端在接收到业务操作指令时,确定业务数据;When the client receives the business operation instruction, it determines the business data;

采用预设的加密方式对所述业务数据进行加密,所述加密方式具有加密标识;Encrypt the business data by using a preset encryption method, and the encryption method has an encryption identifier;

将所述业务数据和所述加密标识嵌入业务请求中;Embedding the service data and the encrypted identification into the service request;

通过统一接口将所述业务请求发送至所述服务器进行业务处理。The service request is sent to the server through a unified interface for service processing.

可选地,所述采用预设的加密方式对所述业务数据进行加密的步骤包括:Optionally, the step of encrypting the service data by using a preset encryption method includes:

调用预设的加密方式所属的第一动态链接库;calling the first dynamic link library to which the preset encryption method belongs;

通过所述第一动态链接库采用所述加密方式对所述业务数据进行加密。The service data is encrypted in the encryption manner by using the first dynamic link library.

可选地,还包括:Optionally, also include:

采用预设的压缩方式对所述业务数据进行压缩,所述压缩方式具有压缩标识;Compress the service data by using a preset compression mode, and the compression mode has a compression identifier;

将所述压缩标识嵌入业务请求中。The compressed identifier is embedded in the service request.

可选地,所述采用预设的压缩方式对所述业务数据进行压缩的步骤包括:Optionally, the step of compressing the service data by using a preset compression method includes:

调用预设的压缩方式所属的第二动态链接库;calling the second dynamic link library to which the preset compression mode belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行压缩。The service data is compressed in the compression manner by using the second dynamic link library.

可选地,还包括:Optionally, also include:

服务器从所述业务请求中读取业务数据和加密标识;The server reads the service data and the encrypted identifier from the service request;

采用所述加密标识对应的加密方式对所述业务数据进行解密;Decrypt the service data by using the encryption method corresponding to the encryption identifier;

按照所述业务数据进行业务处理。Business processing is performed according to the business data.

可选地,所述采用所述加密标识对应的加密方式对所述业务数据进行解密的步骤包括:Optionally, the step of decrypting the service data by using the encryption method corresponding to the encryption identifier includes:

调用所述加密标识对应的加密方式所属的第一动态链接库;calling the first dynamic link library to which the encryption method corresponding to the encryption identifier belongs;

通过所述第一动态链接库采用所述加密方式对所述业务数据进行解密。The service data is decrypted in the encryption manner by using the first dynamic link library.

可选地,还包括:Optionally, also include:

服务器从所述业务请求中读取压缩标识;The server reads the compression identifier from the service request;

采用所述压缩标识对应的压缩方式对所述业务数据进行解压。The service data is decompressed by using the compression mode corresponding to the compression identifier.

可选地,所述采用所述压缩标识对应的压缩方式对所述业务数据进行解压的步骤包括:Optionally, the step of decompressing the service data by using the compression mode corresponding to the compression identifier includes:

调用所述压缩标识对应的压缩方式所属的第二动态链接库;calling the second dynamic link library to which the compression method corresponding to the compression identifier belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行解压。The service data is decompressed in the compression manner by using the second dynamic link library.

可选地,所述业务数据包括业务路径、请求参数;Optionally, the service data includes service paths and request parameters;

所述按照所述业务数据进行业务处理的步骤包括:The step of performing business processing according to the business data includes:

将所述请求参数按照转发所述业务路径至业务组件进行业务处理。The request parameter is forwarded to the service component for service processing according to the service path.

可选地,还包括:Optionally, also include:

服务器获取业务处理的业务结果;The server obtains the business result of business processing;

采用加密标识对应的加密方式对所述业务结果进行加密;Encrypt the business result by using an encryption method corresponding to the encryption identifier;

通过统一接口将所述业务结果返回客户端。The business result is returned to the client through the unified interface.

可选地,所述采用加密标识对应的加密方式对所述业务数据进行加密的步骤包括:Optionally, the step of encrypting the service data by using an encryption method corresponding to the encryption identifier includes:

调用加密标识对应的加密方式所属的第一动态链接库;calling the first dynamic link library to which the encryption method corresponding to the encryption identifier belongs;

通过所述第一动态链接库采用所述加密方式对所述业务数据进行加密。The service data is encrypted in the encryption manner by using the first dynamic link library.

可选地,在所述将所述业务数据返回客户端的步骤之前,所述方法还包括:Optionally, before the step of returning the service data to the client, the method further includes:

采用压缩标识对应的压缩方式对所述业务数据进行压缩。The service data is compressed in a compression manner corresponding to the compression identifier.

可选地,所述采用所述压缩标识对应的压缩方式对所述业务数据进行压缩的步骤包括:Optionally, the step of compressing the service data by using the compression mode corresponding to the compression identifier includes:

调用压缩标识对应的压缩方式所属的第二动态链接库;calling the second dynamic link library to which the compression method corresponding to the compression identifier belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行压缩。The service data is compressed in the compression manner by using the second dynamic link library.

可选地,还包括:Optionally, also include:

客户端按照所述加密方式对所述业务结果进行解密。The client decrypts the service result according to the encryption method.

可选地,所述按照在先通信时的加密方式对所述业务结果进行解密的步骤包括:Optionally, the step of decrypting the service result according to the encryption method in the previous communication includes:

调用所述加密方式所属的第一动态链接库;calling the first dynamic link library to which the encryption method belongs;

通过所述第一动态链接库采用所述加密方式对所述业务结果进行解密。The business result is decrypted in the encryption manner by using the first dynamic link library.

可选地,还包括:Optionally, also include:

按照所述压缩方式对所述业务结果进行解压。The service result is decompressed according to the compression method.

可选地,所述按照所述压缩方式对所述业务结果进行解压的步骤包括:Optionally, the step of decompressing the service result according to the compression method includes:

调用所述压缩方式所属的第二动态链接库;calling the second dynamic link library to which the compression mode belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行解压。The service data is decompressed in the compression manner by using the second dynamic link library.

根据本发明的另一方面,提供了一种基于加密的通信系统,所述系统包括客户端,其中,所述客户端包括:According to another aspect of the present invention, an encryption-based communication system is provided, the system includes a client, wherein the client includes:

业务数据确定模块,适于在接收到业务操作指令时,确定业务数据;a business data determination module, adapted to determine business data when receiving a business operation instruction;

第一加密模块,适于采用预设的加密方式对所述业务数据进行加密,所述加密方式具有加密标识;a first encryption module, adapted to encrypt the service data by using a preset encryption method, and the encryption method has an encryption identifier;

第一数据嵌入模块,适于将所述业务数据和所述加密标识嵌入业务请求中;a first data embedding module, adapted to embed the service data and the encrypted identifier into a service request;

业务请求发送模块,适于通过统一接口将所述业务请求发送至所述服务器进行业务处理。The service request sending module is adapted to send the service request to the server through a unified interface for service processing.

可选地,所述第一加密模块还适于:Optionally, the first encryption module is further adapted to:

调用预设的加密方式所属的第一动态链接库;calling the first dynamic link library to which the preset encryption method belongs;

通过所述第一动态链接库采用所述加密方式对所述业务数据进行加密。The service data is encrypted in the encryption manner by using the first dynamic link library.

可选地,所述客户端还包括:Optionally, the client further includes:

第一压缩模块,适于采用预设的压缩方式对所述业务数据进行压缩,所述压缩方式具有压缩标识;a first compression module, adapted to compress the service data by using a preset compression mode, the compression mode having a compression identifier;

第二数据嵌入模块,适于将所述压缩标识嵌入业务请求中。The second data embedding module is adapted to embed the compressed identifier into the service request.

可选地,所述第一压缩模块还适于:Optionally, the first compression module is further adapted to:

调用预设的压缩方式所属的第二动态链接库;calling the second dynamic link library to which the preset compression mode belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行压缩。The service data is compressed in the compression manner by using the second dynamic link library.

可选地,所述系统还包括服务器,其中,所述服务器包括:Optionally, the system further includes a server, wherein the server includes:

第一数据读取模块,适于从所述业务请求中读取业务数据和加密标识;a first data reading module, adapted to read service data and encrypted identification from the service request;

第一解密模块,适于采用所述加密标识对应的加密方式对所述业务数据进行解密;a first decryption module, adapted to decrypt the service data by using an encryption method corresponding to the encryption identifier;

业务处理模块,适于按照所述业务数据进行业务处理。The business processing module is adapted to perform business processing according to the business data.

可选地,所述第一解密模块还适于:Optionally, the first decryption module is further adapted to:

调用所述加密标识对应的加密方式所属的第一动态链接库;calling the first dynamic link library to which the encryption method corresponding to the encryption identifier belongs;

通过所述第一动态链接库采用所述加密方式对所述业务数据进行解密。The service data is decrypted in the encryption manner by using the first dynamic link library.

可选地,所述服务器还包括:Optionally, the server further includes:

第二数据读取模块,适于服务器从所述业务请求中读取压缩标识;a second data reading module, adapted for the server to read the compression identifier from the service request;

第一解压模块,适于采用所述压缩标识对应的压缩方式对所述业务数据进行解压。The first decompression module is adapted to decompress the service data by using the compression mode corresponding to the compression identifier.

可选地,所述第一解压模块还适于:Optionally, the first decompression module is further adapted to:

调用所述压缩标识对应的压缩方式所属的第二动态链接库;calling the second dynamic link library to which the compression method corresponding to the compression identifier belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行解压。The service data is decompressed in the compression manner by using the second dynamic link library.

可选地,所述业务数据包括业务路径、请求参数;Optionally, the service data includes service paths and request parameters;

所述业务处理模块还适于:The business processing module is also suitable for:

将所述请求参数按照转发所述业务路径至业务组件进行业务处理。The request parameter is forwarded to the service component for service processing according to the service path.

可选地,所述服务器还包括:Optionally, the server further includes:

业务结果获取模块,适于获取业务处理的业务结果;A business result acquisition module, suitable for acquiring business results of business processing;

第二加密模块,适于采用加密标识对应的加密方式对所述业务结果进行加密;a second encryption module, adapted to encrypt the business result by using an encryption method corresponding to the encryption identifier;

业务结果发送模块,适于通过统一接口将所述业务结果返回客户端。The service result sending module is adapted to return the service result to the client through a unified interface.

可选地,所述第二加密模块还适于:Optionally, the second encryption module is further adapted to:

调用加密标识对应的加密方式所属的第一动态链接库;calling the first dynamic link library to which the encryption method corresponding to the encryption identifier belongs;

通过所述第一动态链接库采用所述加密方式对所述业务数据进行加密。The service data is encrypted in the encryption manner by using the first dynamic link library.

可选地,所述服务器还包括:Optionally, the server further includes:

第二压缩模块,适于采用压缩标识对应的压缩方式对所述业务数据进行压缩。The second compression module is adapted to compress the service data in a compression manner corresponding to the compression identifier.

可选地,所述第二压缩模块还适于:Optionally, the second compression module is further adapted to:

调用压缩标识对应的压缩方式所属的第二动态链接库;calling the second dynamic link library to which the compression method corresponding to the compression identifier belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行压缩。The service data is compressed in the compression manner by using the second dynamic link library.

可选地,所述客户端还包括:Optionally, the client further includes:

第二解密模块,适于按照所述加密方式对所述业务结果进行解密。The second decryption module is adapted to decrypt the service result according to the encryption method.

可选地,所述第二解密模块还适于:Optionally, the second decryption module is further adapted to:

调用所述加密方式所属的第一动态链接库;calling the first dynamic link library to which the encryption method belongs;

通过所述第一动态链接库采用所述加密方式对所述业务结果进行解密。The business result is decrypted in the encryption manner by using the first dynamic link library.

可选地,所述客户端还包括:Optionally, the client further includes:

第二解压模块,适于按照所述压缩方式对所述业务结果进行解压。The second decompression module is adapted to decompress the service result according to the compression method.

可选地,所述第二解压模块还适于:Optionally, the second decompression module is further adapted to:

调用所述压缩方式所属的第二动态链接库;calling the second dynamic link library to which the compression mode belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行解压。The service data is decompressed in the compression manner by using the second dynamic link library.

本发明实施例的服务器通过一个统计的接口与客户端进行通信,即不同的业务都通过一个接口接收和发送数据,增加了通信数据的复杂度,对外而言,可以拦截到的是一个接口和一堆加密之后的数据以及标识,没有更多的数据进行深度分析,降低了针对接口进行针对性分析破解的风险,增加了通信的安全性。The server in the embodiment of the present invention communicates with the client through a statistical interface, that is, different services receive and send data through an interface, which increases the complexity of communication data. Externally, what can be intercepted is an interface and A pile of encrypted data and identification, no more data for in-depth analysis, reduces the risk of targeted analysis and cracking of the interface, and increases the security of communication.

本发明实施例通过静态链接库的方式实现加密方式、压缩方式,由于静态链接库是不可逆向的,并且,静态链接库是独立于主程序的,容易进行更新,从而大大提高了通信的安全性。The embodiment of the present invention implements the encryption method and the compression method by means of a static link library. Since the static link library is irreversible, and the static link library is independent of the main program, it is easy to update, thereby greatly improving the security of communication .

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be considered limiting of the invention. Also, the same components are denoted by the same reference numerals throughout the drawings. In the attached image:

图1示出了根据本发明一个实施例的一种基于加密的通信方法实施例1的步骤流程图;FIG. 1 shows a flow chart of steps of Embodiment 1 of an encryption-based communication method according to an embodiment of the present invention;

图2示出了根据本发明一个实施例的一种基于加密的通信方法实施例2的步骤流程图;FIG. 2 shows a flow chart of steps of Embodiment 2 of an encryption-based communication method according to an embodiment of the present invention;

图3示出了根据本发明一个实施例的一种通信组件的架构示意图;FIG. 3 shows a schematic diagram of the architecture of a communication component according to an embodiment of the present invention;

图4示出了根据本发明一个实施例的一种基于加密的通信方法实施例3的步骤流程图;FIG. 4 shows a flow chart of steps of Embodiment 3 of an encryption-based communication method according to an embodiment of the present invention;

图5示出了根据本发明一个实施例的一种基于加密的通信系统实施例1的结构框图;5 shows a structural block diagram of Embodiment 1 of an encryption-based communication system according to an embodiment of the present invention;

图6示出了根据本发明一个实施例的一种基于加密的通信系统实施例2的结构框图;以及FIG. 6 shows a structural block diagram of Embodiment 2 of an encryption-based communication system according to an embodiment of the present invention; and

图7示出了根据本发明一个实施例的一种基于加密的通信系统实施例3的结构框图。FIG. 7 shows a structural block diagram of Embodiment 3 of an encryption-based communication system according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that the present disclosure will be more thoroughly understood, and will fully convey the scope of the present disclosure to those skilled in the art.

参照图1,示出了根据本发明一个实施例的一种基于加密的通信方法实施例1的步骤流程图,具体可以包括如下步骤:Referring to FIG. 1, it shows a flowchart of steps of Embodiment 1 of an encryption-based communication method according to an embodiment of the present invention, which may specifically include the following steps:

步骤101,客户端在接收到业务操作指令时,确定业务数据;Step 101, the client determines service data when receiving the service operation instruction;

步骤102,采用预设的加密方式对所述业务数据进行加密,所述加密方式具有加密标识;Step 102, using a preset encryption method to encrypt the service data, and the encryption method has an encryption identifier;

步骤103,将所述业务数据和所述加密标识嵌入业务请求中;Step 103, embedding the service data and the encrypted identification in the service request;

步骤104,通过统一接口,将所述业务请求发送至所述服务器进行业务处理。Step 104: Send the service request to the server for service processing through a unified interface.

本发明实施例的服务器通过一个统计的接口与客户端进行通信,即不同的业务都通过一个接口接收和发送数据,增加了通信数据的复杂度,对外而言,可以拦截到的是一个接口和一堆加密之后的数据以及标识,没有更多的数据进行深度分析,降低了针对接口进行针对性分析破解的风险,增加了通信的安全性。The server in the embodiment of the present invention communicates with the client through a statistical interface, that is, different services receive and send data through an interface, which increases the complexity of communication data. Externally, what can be intercepted is an interface and A pile of encrypted data and identification, no more data for in-depth analysis, reduces the risk of targeted analysis and cracking of the interface, and increases the security of communication.

参照图2,示出了根据本发明一个实施例的一种基于加密的通信方法实施例2的步骤流程图,具体可以包括如下步骤:Referring to FIG. 2, it shows a flowchart of steps of Embodiment 2 of an encryption-based communication method according to an embodiment of the present invention, which may specifically include the following steps:

步骤201,客户端在接收到业务操作指令时,确定业务数据;Step 201, the client determines the service data when receiving the service operation instruction;

需要说明的是,本发明实施例可以应用在各种移动设备中,例如,手机、平板电脑、个人数字助理、智能穿戴设备(如智能手环、智能眼镜、智能手表等)等等。It should be noted that the embodiments of the present invention can be applied to various mobile devices, for example, mobile phones, tablet computers, personal digital assistants, smart wearable devices (such as smart bracelets, smart glasses, smart watches, etc.) and the like.

也可以应用在各种固定设备中,例如,个人电脑、智能电视、智能家电(如智能电饭煲、智能空调等)等等,本发明实施例对此不加以限制。It can also be applied to various fixed devices, for example, personal computers, smart TVs, smart home appliances (such as smart rice cookers, smart air conditioners, etc.), etc., which are not limited in this embodiment of the present invention.

这些移动设备、固定设备的操作系统可以包括Android(安卓)、IOS、WindowsPhone、Windows、Linux等等,可以预置有系统应用,也可以安装有第三方应用,可以与服务器通信,相对于服务器而言,该系统应用、第三方应用可以称之为客户端。The operating systems of these mobile devices and fixed devices can include Android (Android), IOS, WindowsPhone, Windows, Linux, etc., which can be preset with system applications, or can be installed with third-party applications, which can communicate with the server. In other words, the system application and the third-party application can be called the client.

在实际应用中,用户可以通过在客户端的操作触发业务处理。In practical applications, users can trigger business processing through operations on the client side.

例如,用户输入账号、密码请求登录即时通讯工具,则相当于接收到业务操作指令,该账号、密码为业务数据之一。For example, if the user requests to log in to the instant messaging tool by entering an account number and password, it is equivalent to receiving a business operation instruction, and the account number and password are one of the business data.

又例如,用户输入账号、密码请求在游戏应用中进行充值,则相当于接收到业务操作指令,该账号、密码、充值的金额为业务数据之一。For another example, if the user inputs an account number and a password to request a recharge in the game application, it is equivalent to receiving a business operation instruction, and the account number, password, and recharge amount are one of the business data.

步骤202,采用预设的加密方式对所述业务数据进行加密;Step 202, using a preset encryption method to encrypt the service data;

应用本发明实施例,如图3所示,可以在服务器和客户端中共同部署一套相同的通信组件,包括一个调制解调器,用于对通信数据进行加密/解密、压缩/解压等处理,N(N为正整数)个加密方式,M(M为正整数)个压缩方式,其中,N和M可以相同,也可以不同,本发明实施例对此不加以限制。Applying the embodiment of the present invention, as shown in FIG. 3 , a set of identical communication components can be jointly deployed in the server and the client, including a modem for encrypting/decrypting, compressing/decompressing the communication data, etc., N( N is a positive integer) encryption modes, and M (M is a positive integer) compression modes, where N and M may be the same or different, which is not limited in this embodiment of the present invention.

通信组件可以由服务器进行维护,其通信组件中约定的加密方式、压缩方式均为服务器可以实现的,通过定期更新或不定期更新的方式分发到客户端中。The communication component can be maintained by the server, and the encryption method and compression method agreed in the communication component can be realized by the server, and are distributed to the client through regular update or irregular update.

为了增加安全性,部署在客户端和服务器的调制解调器可以采用静态链接库的方式实现,加密方式和压缩方式于可以采用静态链接库的方式实现,即通信组件形成一个链接库组。In order to increase security, the modems deployed on the client and server can be implemented in a static link library, and the encryption and compression methods can be implemented in a static link library, that is, the communication components form a link library group.

由于静态链接库的代码是不可逆向的,安全性提高。即使调用静态链接库的方法被恶意用户探测到,由于要理清多个静态链接库的处理关系,也大大增加了探测成本。Since the code of the static link library is irreversible, the security is improved. Even if the method of calling a static link library is detected by a malicious user, the detection cost is greatly increased due to the need to clarify the processing relationship of multiple static link libraries.

另外,由于静态链接库是独立于主程序的,很容易进行更新,通过定期或不定期的更新加密规则、压缩规则,可以增加恶意用户破解通信协议的成本,从而增加通信的安全性。In addition, since the static link library is independent of the main program, it is easy to update. By regularly or irregularly updating the encryption rules and compression rules, it can increase the cost for malicious users to crack the communication protocol, thereby increasing the security of communication.

需要说明的是,静态链接库是一种开发结构,其特点是将逻辑代码打包成二进制文件,在本发明实施例中,相当于将加密方式和压缩方式的代码,制作成动态链接库,供主逻辑调用。It should be noted that the static link library is a development structure, which is characterized in that the logic code is packaged into a binary file. Main logic call.

当然,除了加密方式、压缩方式之外,在实施本发明实施例时,可以根据实际情况设置其他通信方式,例如,增加通信数据的混淆方式,等等,本发明实施例对此不加以限制。另外,除了上述通信方式外,本领域技术人员还可以根据实际需要采用其它通信方式,本发明实施例对此也不加以限制。Of course, in addition to the encryption mode and the compression mode, other communication modes may be set according to actual conditions when implementing the embodiments of the present invention, for example, adding a confusion mode for communication data, etc., which are not limited in the embodiments of the present invention. In addition, in addition to the above communication modes, those skilled in the art may also adopt other communication modes according to actual needs, which are not limited in this embodiment of the present invention.

在具体实现中,客户端的调制解调器可以调用预设的加密方式所属的第一动态链接库,通过该第一动态链接库采用该加密方式对业务数据进行加密。In a specific implementation, the modem of the client can call the first dynamic link library to which the preset encryption method belongs, and use the encryption method to encrypt the service data through the first dynamic link library.

其中,客户端所选取的加密方式可以为其所支持的强度最高的加密方式。The encryption method selected by the client may be the encryption method with the highest strength supported by the client.

此外,该加密方式具有加密标识,即标识加密方式的信息,进一步也可以为标识第一动态链接库的信息。In addition, the encryption method has an encryption identifier, that is, information that identifies the encryption method, and may further be information that identifies the first dynamic link library.

步骤203,采用预设的压缩方式对所述业务数据进行压缩;Step 203, compressing the service data by using a preset compression mode;

在具体实现中,客户端的调制解调器可以调用预设的压缩方式所属的第二动态链接库,通过该第二动态链接库采用该压缩方式对业务数据进行压缩。In a specific implementation, the modem of the client can call the second dynamic link library to which the preset compression mode belongs, and use the compression mode to compress the service data through the second dynamic link library.

其中,客户端所选取的压缩方式可以为其所支持的强度最高的压缩方式。The compression mode selected by the client may be the compression mode with the highest intensity supported by the client.

此外,压缩方式具有压缩标识,即标识压缩方式的信息,进一步也可以为标识第二动态链接库的信息。In addition, the compression mode has a compression identifier, that is, information that identifies the compression mode, and may further be information that identifies the second dynamic link library.

需要说明的是,客户端可以先进行加密、再进行压缩,也可以先进行压缩,再进行加密,本发明实施例对此不加以限制。It should be noted that, the client may perform encryption first and then perform compression, or may perform compression first and then perform encryption, which is not limited in this embodiment of the present invention.

步骤204,将所述业务数据、所述加密标识和所述压缩标识嵌入业务请求中;Step 204, embedding the service data, the encrypted identifier and the compressed identifier into the service request;

在本发明实施例中,可以通过post的方式将业务数据发送至服务器。In this embodiment of the present invention, the service data may be sent to the server in a post manner.

post的数据参数只有一个:param,其包含所有业务数据。There is only one data parameter of post: param, which contains all business data.

此外,可以采用get的方式将加密标识和压缩标识发送至服务器。In addition, the encrypted identification and the compressed identification can be sent to the server in a get manner.

加密标识和压缩标识的编码方式可以采用明文传递,例如,/?c=123&z=325,其中,加密方式的ID为123,压缩方式的ID为325。The encoding method of encrypted identification and compressed identification can be transmitted in clear text, for example, /? c=123&z=325, wherein the ID of the encryption method is 123, and the ID of the compression method is 325.

步骤205,通过统一接口,将所述业务请求发送至所述服务器进行业务处理;Step 205, sending the service request to the server for service processing through a unified interface;

在具体实现中,服务器可以提供一个统一接口,用于统一与客户端进行通信,即通过该统一接口统一接收客户端发送的不同业务类型的业务请求、通过该统一接口统一向客户端发送不同业务类型的响应消息。In the specific implementation, the server can provide a unified interface for unified communication with the client, that is, through the unified interface, the service requests of different service types sent by the client are uniformly received, and different services are sent to the client through the unified interface. type of response message.

所谓统一,即除了该接口外,不存在其他接口与客户端进行通信。The so-called unified, that is, in addition to this interface, there is no other interface to communicate with the client.

此外,客户端与服务器之间的通信可以采用HTTP(Hyper Text TransferProtoco,超文本传送协议)协议,也可以采用HTTPS(Hyper Text Transfer ProtocolSecure,超文本传输安全协议)协议,等等,本发明实施例对此不加以限制。In addition, the communication between the client and the server may use the HTTP (Hyper Text Transfer Protocol, Hyper Text Transfer Protocol) protocol, or may use the HTTPS (Hyper Text Transfer Protocol Secure, Hyper Text Transfer Protocol Secure) protocol, etc., the embodiment of the present invention This is not restricted.

步骤206,服务器从所述业务请求中读取业务数据、加密标识和压缩标识;Step 206, the server reads service data, encrypted identification and compressed identification from the service request;

若服务器接收到客户端发送的业务请求,则可以从该业务请求中读取业务数据、加密标识和压缩标识。If the server receives the service request sent by the client, it can read the service data, the encryption identifier and the compression identifier from the service request.

步骤207,采用所述加密标识对应的加密方式对所述业务数据进行解密;Step 207, decrypt the service data by using the encryption method corresponding to the encryption identifier;

在具体实现中,服务器的调制解调器可以调用加密标识对应的加密方式所属的第一动态链接库,通过第一动态链接库采用加密方式对业务数据进行解密。In a specific implementation, the modem of the server can call the first dynamic link library to which the encryption method corresponding to the encryption identifier belongs, and use the encryption method to decrypt the service data through the first dynamic link library.

步骤208,采用所述压缩标识对应的压缩方式对所述业务数据进行解压;Step 208, decompress the service data by using the compression mode corresponding to the compression identifier;

在具体实现中,服务器的调制解调器可以调用压缩标识对应的压缩方式所属的第二动态链接库,通过第二动态链接库采用压缩方式对业务数据进行解压。In a specific implementation, the modem of the server may call the second dynamic link library to which the compression mode corresponding to the compression identifier belongs, and use the compression mode to decompress the service data through the second dynamic link library.

需要说明的是,若客户端先进行加密、再进行压缩,则服务器可以先进行解压、再进行解密,若客户端先进行压缩,再进行加密,则服务器可以先进行解密、再进行解压,本发明实施例对此不加以限制。It should be noted that if the client encrypts and then compresses, the server can first decompress and then decrypt. If the client compresses and then encrypts, the server can first decrypt and then decompress. The embodiments of the invention do not limit this.

步骤209,按照所述业务数据进行业务处理。Step 209, perform service processing according to the service data.

在实际应用中,业务数据可以包括业务路径、请求参数,服务器可以将请求参数按照转发业务路径至业务组件进行业务处理,如进行登录、支付等等。In practical applications, the service data may include service paths and request parameters, and the server may forward the request parameters to the service components for service processing, such as login, payment, and the like according to the forwarding service path.

本发明实施例通过静态链接库的方式实现加密方式、压缩方式,由于静态链接库是不可逆向的,并且,静态链接库是独立于主程序的,容易进行更新,从而大大提高了通信的安全性。The embodiment of the present invention implements the encryption method and the compression method by means of a static link library. Since the static link library is irreversible, and the static link library is independent of the main program, it is easy to update, thereby greatly improving the security of communication .

参照图4,示出了根据本发明一个实施例的一种基于加密的通信方法实施例3的步骤流程图,具体可以包括如下步骤:Referring to FIG. 4 , a flowchart of steps of Embodiment 3 of an encryption-based communication method according to an embodiment of the present invention is shown, which may specifically include the following steps:

步骤401,服务器获取业务处理的业务结果;Step 401, the server obtains the business result of business processing;

需要说明的是,本发明实施例可以应用在服务器中,例如,应用服务器、web服务器等等。It should be noted that the embodiments of the present invention may be applied in a server, for example, an application server, a web server, and the like.

该服务器可以连接各种移动设备,例如,手机、平板电脑、个人数字助理、智能穿戴设备(如智能手环、智能眼镜、智能手表等)等等。The server can be connected to various mobile devices, for example, mobile phones, tablet computers, personal digital assistants, smart wearable devices (such as smart bracelets, smart glasses, smart watches, etc.) and so on.

也可以连接各种固定设备中,例如,个人电脑、智能电视、智能家电(如智能电饭煲、智能空调等)等等,本发明实施例对此不加以限制。It can also be connected to various fixed devices, for example, personal computers, smart TVs, smart home appliances (such as smart rice cookers, smart air conditioners, etc.), etc., which are not limited in this embodiment of the present invention.

这些移动设备、固定设备的操作系统可以包括Android(安卓)、IOS、WindowsPhone、Windows、Linux等等,可以预置有系统应用,也可以安装有第三方应用,可以与服务器通信,相对于服务器而言,该系统应用、第三方应用可以称之为客户端。The operating systems of these mobile devices and fixed devices can include Android (Android), IOS, WindowsPhone, Windows, Linux, etc., which can be preset with system applications, or can be installed with third-party applications, which can communicate with the server. In other words, the system application and the third-party application can be called the client.

在实际应用中,服务器可以获取业务处理的业务结果发送给客户端,该业务处理可以由服务器主动发起,也可以是响应客户端的业务请求,本发明实施例对此不加以限制。In practical applications, the server may obtain the business result of the business processing and send it to the client. The business processing may be initiated by the server or in response to a client's business request, which is not limited in this embodiment of the present invention.

例如,用户输入账号、密码请求登录即时通讯工具,服务器可以对账号、密码进行验证,验证的结果为业务结果。For example, when a user enters an account and password to request to log in to the instant messaging tool, the server can verify the account and password, and the verification result is the business result.

又例如,在出现重大新闻消息时,服务器可以主动向即时通讯客户端推送新闻消息,该新闻消息为业务结果。For another example, when a major news message appears, the server may actively push the news message to the instant messaging client, where the news message is the business result.

步骤402,采用加密标识对应的加密方式对所述业务结果进行加密;Step 402, encrypting the business result by using an encryption method corresponding to the encryption identifier;

应用本发明实施例,如图3所示,可以在服务器和客户端中共同部署一套相同的通信组件,包括一个调制解调器,用于对通信数据进行加密/解密、压缩/解压等处理,N(N为正整数)个加密方式,M(M为正整数)个压缩方式,其中,N和M可以相同,也可以不同,本发明实施例对此不加以限制。Applying the embodiment of the present invention, as shown in FIG. 3 , a set of identical communication components can be jointly deployed in the server and the client, including a modem for encrypting/decrypting, compressing/decompressing the communication data, etc., N( N is a positive integer) encryption modes, and M (M is a positive integer) compression modes, where N and M may be the same or different, which is not limited in this embodiment of the present invention.

通信组件可以由服务器进行维护,其通信组件中约定的加密方式、压缩方式均为服务器可以实现的,通过定期更新或不定期更新的方式分发到客户端中。The communication component can be maintained by the server, and the encryption method and compression method agreed in the communication component can be realized by the server, and are distributed to the client through regular update or irregular update.

为了增加安全性,部署在客户端和服务器的调制解调器可以采用静态链接库的方式实现,加密方式和压缩方式于可以采用静态链接库的方式实现,即通信组件形成一个链接库组。In order to increase security, the modems deployed on the client and server can be implemented in a static link library, and the encryption and compression methods can be implemented in a static link library, that is, the communication components form a link library group.

由于静态链接库的代码是不可逆向的,安全性提高。即使调用静态链接库的方法被恶意用户探测到,由于要理清多个静态链接库的处理关系,也大大增加了探测成本。Since the code of the static link library is irreversible, the security is improved. Even if the method of calling a static link library is detected by a malicious user, the detection cost is greatly increased due to the need to clarify the processing relationship of multiple static link libraries.

另外,由于使用静态链接库是独立于主程序的,很容易进行更新,通过定期或不定期的更新加密规则、压缩规则,可以增加恶意用户破解通信协议的成本,从而增加通信的安全性。In addition, since the static link library is independent of the main program, it is easy to update. By regularly or irregularly updating the encryption rules and compression rules, it can increase the cost for malicious users to crack the communication protocol, thereby increasing the security of communication.

需要说明的是,静态链接库是一种开发结构,其特点是将逻辑代码打包成二进制文件,在本发明实施例中,相当于将加密方式和压缩方式的代码,制作成动态链接库,供主逻辑调用。It should be noted that the static link library is a development structure, which is characterized in that the logic code is packaged into a binary file. Main logic call.

当然,除了加密方式、压缩方式之外,在实施本发明实施例时,可以根据实际情况设置其他通信方式,例如,增加通信数据的混淆方式,等等,本发明实施例对此不加以限制。另外,除了上述通信方式外,本领域技术人员还可以根据实际需要采用其它通信方式,本发明实施例对此也不加以限制。Of course, in addition to the encryption mode and the compression mode, other communication modes may be set according to actual conditions when implementing the embodiments of the present invention, for example, adding a confusion mode for communication data, etc., which are not limited in the embodiments of the present invention. In addition, in addition to the above communication modes, those skilled in the art may also adopt other communication modes according to actual needs, which are not limited in this embodiment of the present invention.

在具体实现中,服务器的调制解调器可以调用加密标识对应的加密方式所属的第一动态链接库,通过第一动态链接库采用该加密方式对业务数据进行加密。In a specific implementation, the modem of the server may call the first dynamic link library to which the encryption method corresponding to the encryption identifier belongs, and use the encryption method to encrypt the service data through the first dynamic link library.

若客户端在先发起业务请求,该业务请求中约定了加密方式,则服务器所选取的加密方式可以与该业务请求中约定的加密方式相同,也可以与该业务请求中约定的加密方式不同,本发明实施例对此不加以限制。If the client initiates a service request first, and the encryption method is agreed in the service request, the encryption method selected by the server may be the same as the encryption method agreed in the service request, or may be different from the encryption method agreed in the service request. This embodiment of the present invention does not limit this.

若服务器主动推送业务结果,则服务器所选取的加密方式可以为默认的加密方式,可以基于客户端的支持率和强度选取,即选择一个客户端支持率较高、强度较高的加密方式。If the server actively pushes the service results, the encryption method selected by the server can be the default encryption method, which can be selected based on the support rate and strength of the client, that is, an encryption method with a higher client support rate and higher strength is selected.

此外,该加密方式具有加密标识,即标识加密方式的信息,进一步也可以为标识第一动态链接库的信息。In addition, the encryption method has an encryption identifier, that is, information that identifies the encryption method, and may further be information that identifies the first dynamic link library.

步骤403,采用压缩标识对应的压缩方式对所述业务数据进行压缩;Step 403, compressing the service data by using a compression method corresponding to the compression identifier;

在具体实现中,服务器的调制解调器可以调用压缩标识对应的压缩方式所属的第二动态链接库,通过第二动态链接库采用该压缩方式对业务数据进行压缩。In a specific implementation, the modem of the server may call the second dynamic link library to which the compression method corresponding to the compression identifier belongs, and use the compression method to compress the service data through the second dynamic link library.

若客户端在先发起业务请求,该业务请求中约定了压缩方式,则服务器所选取的压缩方式可以与该业务请求中约定的压缩方式相同,也可以与该业务请求中约定的压缩方式不同,本发明实施例对此不加以限制。If the client initiates a service request first, and the compression method is agreed in the service request, the compression method selected by the server may be the same as the compression method agreed in the service request, or may be different from the compression method agreed in the service request. This embodiment of the present invention does not limit this.

若服务器主动推送业务结果,则服务器所选取的压缩方式可以为默认的压缩方式,可以基于客户端的支持率和强度选取,即选择一个客户端支持率较高、强度较高的压缩方式。If the server actively pushes the service results, the compression method selected by the server can be the default compression method, which can be selected based on the support rate and strength of the client, that is, a compression method with a higher client support rate and higher strength is selected.

此外,压缩方式具有压缩标识,即标识压缩方式的信息,进一步也可以为标识第二动态链接库的信息。In addition, the compression mode has a compression identifier, that is, information that identifies the compression mode, and may further be information that identifies the second dynamic link library.

需要说明的是,服务器可以先进行加密、再进行压缩,也可以先进行压缩,再进行加密,本发明实施例对此不加以限制。It should be noted that the server may perform encryption first and then perform compression, or may perform compression first and then perform encryption, which is not limited in this embodiment of the present invention.

步骤404,通过统一接口将所述业务结果返回客户端;Step 404, returning the business result to the client through a unified interface;

在具体实现中,服务器可以提供一个统一接口,用于统一与客户端进行通信,即通过该统一接口统一接收客户端发送的不同业务类型的业务请求、通过该统一接口统一向客户端发送不同业务类型的响应消息。In the specific implementation, the server can provide a unified interface for unified communication with the client, that is, through the unified interface, the service requests of different service types sent by the client are uniformly received, and different services are sent to the client through the unified interface. type of response message.

所谓统一,即除了该接口外,不存在其他接口与客户端进行通信。The so-called unified, that is, in addition to this interface, there is no other interface to communicate with the client.

此外,客户端与服务器之间的通信可以采用HTTP(Hyper Text TransferProtoco,超文本传送协议)协议,也可以采用HTTPS(Hyper Text Transfer ProtocolSecure,超文本传输安全协议)协议,等等,本发明实施例对此不加以限制。In addition, the communication between the client and the server may use the HTTP (Hyper Text Transfer Protocol, Hyper Text Transfer Protocol) protocol, or may use the HTTPS (Hyper Text Transfer Protocol Secure, Hyper Text Transfer Protocol Secure) protocol, etc., the embodiment of the present invention This is not restricted.

需要说明的是,若客户端在先发起业务请求,该业务请求中约定了加密方式、压缩方式,且服务器所选取的加密方式、压缩方式与该业务请求中约定的加密方式、压缩方式相同,则可以不将加密标识、压缩标识返回客户端,否则,与业务结果将加密标识、压缩标识返回客户端。It should be noted that if the client initiates a service request first, the encryption method and compression method are specified in the service request, and the encryption method and compression method selected by the server are the same as those agreed in the service request. Then, the encrypted identification and compression identification may not be returned to the client, otherwise, the encrypted identification and the compressed identification will be returned to the client with the business result.

步骤405,客户端按照所述加密方式对所述业务结果进行解密;Step 405, the client decrypts the service result according to the encryption method;

在具体实现中,服务器的调制解调器可以调用该加密方式所属的第一动态链接库,通过第一动态链接库采用该加密方式对业务结果进行解密。In a specific implementation, the modem of the server can call the first dynamic link library to which the encryption method belongs, and use the encryption method to decrypt the service result through the first dynamic link library.

若服务器未返回加密方式的加密标识,则可以查找在先发起业务请求时约定的加密标识,调用该加密标识所属的第一动态链接库。If the server does not return an encrypted identifier in an encrypted manner, it can search for the encrypted identifier agreed upon when the service request was initiated earlier, and call the first dynamic link library to which the encrypted identifier belongs.

若服务器返回了加密方式的加密标识,则可以直接调用该加密标识所属的第一动态链接库。If the server returns an encrypted identifier in an encrypted manner, the first dynamic link library to which the encrypted identifier belongs can be directly called.

步骤406,按照所述压缩方式对所述业务结果进行解压。Step 406: Decompress the service result according to the compression method.

在具体实现中,服务器的调制解调器可以调用该压缩方式所属的第二动态链接库,通过该第二动态链接库采用该压缩方式对业务数据进行解压。In a specific implementation, the modem of the server can call the second dynamic link library to which the compression mode belongs, and use the compression mode to decompress the service data through the second dynamic link library.

若服务器未返回压缩方式的压缩标识,则可以查找在先发起业务请求时约定的压缩标识,调用该压缩标识所属的第二动态链接库。If the server does not return the compression identifier in the compression mode, the server may search for the compression identifier agreed upon when the service request was initiated first, and call the second dynamic link library to which the compression identifier belongs.

若服务器返回了压缩方式的压缩标识,则可以直接调用该压缩标识所属的第二动态链接库。If the server returns the compression identifier of the compression mode, the second dynamic link library to which the compression identifier belongs can be directly called.

需要说明的是,若服务器先进行加密、再进行压缩,则客户端可以先进行解压、再进行解密,若服务器先进行压缩,再进行加密,则客户端可以先进行解密、再进行解压,本发明实施例对此不加以限制。It should be noted that if the server encrypts and then compresses, the client can first decompress and then decrypt. If the server compresses and then encrypts, the client can first decrypt and then decompress. The embodiments of the invention do not limit this.

对于解密、解压之后获得的业务结果,客户端可以进行进一步处理。The client can further process the business result obtained after decryption and decompression.

例如,户输入账号、密码请求登录即时通讯工具,若服务器验证通过,则可以在即时通讯工具加载分组、好友等数据。For example, a user enters an account number and a password to request to log in to the instant messaging tool, and if the server passes the verification, data such as groups and friends can be loaded in the instant messaging tool.

又例如,在出现重大新闻消息时,服务器可以主动向即时通讯客户端推送新闻消息,则客户端可以生成一弹窗,在该弹窗中加载该新闻消息。For another example, when a major news message appears, the server may actively push the news message to the instant messaging client, and the client may generate a pop-up window and load the news message in the pop-up window.

本发明实施例通过静态链接库的方式实现加密方式、压缩方式,由于静态链接库是不可逆向的,并且,静态链接库是独立于主程序的,容易进行更新,从而大大提高了通信的安全性。The embodiment of the present invention implements the encryption method and the compression method by means of a static link library. Since the static link library is irreversible, and the static link library is independent of the main program, it is easy to update, thereby greatly improving the security of communication .

为使本领域技术人员更好地理解本发明实施例,以下通过具体的通信示例来说明本发明实施例中统一接口的通信方法。In order for those skilled in the art to better understand the embodiments of the present invention, the following describes the communication method of the unified interface in the embodiments of the present invention through specific communication examples.

1、客户端发起请求获取主页数据的业务请求;1. The client initiates a business request to obtain homepage data;

请求地址为http://next.gamebox.***.cn/api/intface,“***”为域名;The request address is http://next.gamebox.***.cn/api/intface, and "***" is the domain name;

使用post方式传递业务数据:Use post to deliver business data:

其中,业务路径为:Among them, the business path is:

7/xgamebox/dashboard;7/xgamebox/dashboard;

请求参数为:The request parameters are:

m1=ed571bf7489ff8d7603c1e3556434322&m2=ed571bf7489ff8d7603c1e3556434322&page=1&ch=100100&v=41301&bir=&nt=1&curqid=&jdata=14472 96790m1=ed571bf7489ff8d7603c1e3556434322&m2=ed571bf7489ff8d7603c1e3556434322&page=1&ch=100100&v=41301&bir=&nt=1&curqid=&jdata=14472 96790

调用第1个加密动态链接库、第2个压缩动态链接库对业务路径和请求参数进行加密(即加密标识为1)、压缩(即压缩标识为2)后,得到一组业务数据:After calling the first encrypted dynamic link library and the second compressed dynamic link library to encrypt the business path and request parameters (that is, the encryption identifier is 1) and compressed (that is, the compression identifier is 2), a set of business data is obtained:

a8tTcdNRZz%2F0tnOiHkdJGkAH62QoR47TdadIeXgS8ut1UF%2FUhSaT7sHLh2WF8xYTMx6NrBtsFp%2BJc6xdh6SuJ5d9NLgPsGGEvD5RIvhwBdFC ApJEB2hiw2oCtVZIWtKjwevS8Gf7O4c9ZDktQZPSCAmbZM03ULR0zByZq9 9XXZE%3Da8tTcdNRZz%2F0tnOiHkdJGkAH62QoR47TdadIeXgS8ut1UF%2FUhSaT7sHLh2WF8xYTMx6NrBtsFp%2BJc6xdh6SuJ5d9NLgPsGGEvD5RIvhwBdFC ApJEB2hiw2oCtVZIWtKjwevS8Gf7O4c9ZDktQZPSCAmbZM03ULR0zByZq9 9XXZE%3D

将业务数据作为post的参数、将加密标识1、压缩标识2传递给服务器。Take the business data as the parameters of the post, and pass the encryption ID 1 and compression ID 2 to the server.

2、服务器接到业务请求之后,读取加密标识1、压缩标识2和业务数据;2. After receiving the service request, the server reads the encryption ID 1, the compression ID 2 and the service data;

调用第1个加密动态链接库、第2个压缩动态链接库对业务数据进行解密和解压,得到业务路径为:Call the first encrypted dynamic link library and the second compressed dynamic link library to decrypt and decompress the business data, and get the business path:

7/xgamebox/dashboard;7/xgamebox/dashboard;

请求参数为:The request parameters are:

m1=ed571bf7489ff8d7603c1e3556434322&m2=ed571bf7489ff8d7603c1e3556434322&page=1&ch=100100&v=41301&bir=&nt=1&curqid=&jdata=14472 96790m1=ed571bf7489ff8d7603c1e3556434322&m2=ed571bf7489ff8d7603c1e3556434322&page=1&ch=100100&v=41301&bir=&nt=1&curqid=&jdata=14472 96790

将请求参数发送至业务路径所处的业务组件,查找(即业务处理)主页数据(即业务结果)。The request parameters are sent to the business component where the business path is located, and the homepage data (that is, the business result) is searched for (ie, business processing).

3、服务器获得主页数据之后,调用第1个加密动态链接库、第2个压缩动态链接库对主页数据进行加密和压缩,返回给客户端。3. After the server obtains the homepage data, it calls the first encrypted dynamic link library and the second compressed dynamic link library to encrypt and compress the homepage data, and return it to the client.

4、客户端接收到业务结果之后,可以调用第1个加密动态链接库、第2个压缩动态链接库对业务结果进行解密和解压,在页面加载主页数据。4. After the client receives the business results, it can call the first encrypted dynamic link library and the second compressed dynamic link library to decrypt and decompress the business results, and load the homepage data on the page.

对于方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明实施例并不受所描述的动作顺序的限制,因为依据本发明实施例,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本发明实施例所必须的。For the method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should know that the embodiments of the present invention are not limited by the described sequence of actions, because according to the embodiments of the present invention , certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions involved are not necessarily required by the embodiments of the present invention.

参照图5,示出了根据本发明一个实施例的一种基于加密的通信系统实施例1的结构框图,所述系统包括客户端,其中,所述客户端具体可以包括如下模块:Referring to FIG. 5, it shows a structural block diagram of Embodiment 1 of an encryption-based communication system according to an embodiment of the present invention. The system includes a client, wherein the client may specifically include the following modules:

业务数据确定模块501,适于在接收到业务操作指令时,确定业务数据;The business data determination module 501 is adapted to determine business data when receiving a business operation instruction;

第一加密模块502,适于采用预设的加密方式对所述业务数据进行加密,所述加密方式具有加密标识;The first encryption module 502 is adapted to encrypt the service data by using a preset encryption method, and the encryption method has an encryption identifier;

第一数据嵌入模块503,适于将所述业务数据和所述加密标识嵌入业务请求中;a first data embedding module 503, adapted to embed the service data and the encrypted identifier into a service request;

业务请求发送模块504,适于通过统一接口将所述业务请求发送至所述服务器进行业务处理。The service request sending module 504 is adapted to send the service request to the server through a unified interface for service processing.

参照图6,示出了根据本发明一个实施例的一种基于加密的通信系统实施例2的结构框图,所述系统包括客户端610和服务器620;Referring to FIG. 6, it shows a structural block diagram of Embodiment 2 of an encryption-based communication system according to an embodiment of the present invention, the system includes a client 610 and a server 620;

其中,所述客户端610具体可以包括如下模块:The client 610 may specifically include the following modules:

业务数据确定模块611,适于在接收到业务操作指令时,确定业务数据;The business data determination module 611 is adapted to determine the business data when receiving the business operation instruction;

第一加密模块612,适于采用预设的加密方式对所述业务数据进行加密,所述加密方式具有加密标识;The first encryption module 612 is adapted to encrypt the service data by using a preset encryption method, and the encryption method has an encryption identifier;

第一压缩模块613,适于采用预设的压缩方式对所述业务数据进行压缩,所述压缩方式具有压缩标识;The first compression module 613 is adapted to compress the service data by using a preset compression mode, and the compression mode has a compression identifier;

第一数据嵌入模块614,适于将所述业务数据和所述加密标识嵌入业务请求中;a first data embedding module 614, adapted to embed the service data and the encrypted identifier into a service request;

第二数据嵌入模块615,适于将所述压缩标识嵌入业务请求中。The second data embedding module 615 is adapted to embed the compressed identifier into the service request.

业务请求发送模块616,适于通过统一接口将所述业务请求发送至所述服务器620进行业务处理。The service request sending module 616 is adapted to send the service request to the server 620 through a unified interface for service processing.

所述服务器620具体可以包括如下模块:The server 620 may specifically include the following modules:

第一数据读取模块621,适于从所述业务请求中读取业务数据和加密标识;a first data reading module 621, adapted to read service data and encrypted identifiers from the service request;

第二数据读取模块622,适于服务器从所述业务请求中读取压缩标识;The second data reading module 622 is adapted for the server to read the compression identifier from the service request;

第一解密模块623,适于采用所述加密标识对应的加密方式对所述业务数据进行解密;The first decryption module 623 is adapted to decrypt the service data by using the encryption method corresponding to the encryption identifier;

第一解压模块624,适于采用所述压缩标识对应的压缩方式对所述业务数据进行解压;a first decompression module 624, adapted to decompress the service data by using a compression mode corresponding to the compression identifier;

业务处理模块625,适于按照所述业务数据进行业务处理。The business processing module 625 is adapted to perform business processing according to the business data.

在本发明的一种可选实施例中,所述第一加密模块612还可以适于:In an optional embodiment of the present invention, the first encryption module 612 may also be adapted to:

调用预设的加密方式所属的第一动态链接库;calling the first dynamic link library to which the preset encryption method belongs;

通过所述第一动态链接库采用所述加密方式对所述业务数据进行加密。The service data is encrypted in the encryption manner by using the first dynamic link library.

在本发明的一种可选实施例中,所述第一压缩模块613还可以适于:In an optional embodiment of the present invention, the first compression module 613 may also be adapted to:

调用预设的压缩方式所属的第二动态链接库;calling the second dynamic link library to which the preset compression mode belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行压缩。The service data is compressed in the compression manner by using the second dynamic link library.

在本发明的一种可选实施例中,所述第一解密模块623还可以适于:In an optional embodiment of the present invention, the first decryption module 623 may also be adapted to:

调用所述加密标识对应的加密方式所属的第一动态链接库;calling the first dynamic link library to which the encryption method corresponding to the encryption identifier belongs;

通过所述第一动态链接库采用所述加密方式对所述业务数据进行解密。The service data is decrypted in the encryption manner by using the first dynamic link library.

在本发明的一种可选实施例中,所述第一解压模块624还适于:In an optional embodiment of the present invention, the first decompression module 624 is further adapted to:

调用所述压缩标识对应的压缩方式所属的第二动态链接库;calling the second dynamic link library to which the compression method corresponding to the compression identifier belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行解压。The service data is decompressed in the compression manner by using the second dynamic link library.

在本发明的一种可选实施例中,所述业务数据可以包括业务路径、请求参数;In an optional embodiment of the present invention, the service data may include service paths and request parameters;

所述业务处理模块625还可以适于:The service processing module 625 may also be adapted to:

将所述请求参数按照转发所述业务路径至业务组件进行业务处理。The request parameter is forwarded to the service component for service processing according to the service path.

参照图7,示出了根据本发明一个实施例的一种基于加密的通信系统实施例3的结构框图,所述系统包括服务器710和客户端720;Referring to FIG. 7, it shows a structural block diagram of Embodiment 3 of an encryption-based communication system according to an embodiment of the present invention, the system includes a server 710 and a client 720;

其中,所述服务器710具体可以包括如下模块:The server 710 may specifically include the following modules:

业务结果获取模块711,适于获取业务处理的业务结果;A business result obtaining module 711, adapted to obtain business results of business processing;

第二加密模块712,适于采用加密标识对应的加密方式对所述业务结果进行加密;The second encryption module 712 is adapted to encrypt the business result by using an encryption method corresponding to the encryption identifier;

第二压缩模块713,适于采用压缩标识对应的压缩方式对所述业务数据进行压缩;The second compression module 713 is adapted to compress the service data by using a compression method corresponding to the compression identifier;

业务结果发送模块714,适于通过统一接口将所述业务结果返回客户端720。The service result sending module 714 is adapted to return the service result to the client 720 through a unified interface.

所述客户端720具体可以包括如下模块:The client 720 may specifically include the following modules:

第二解密模块721,适于按照所述加密方式对所述业务结果进行解密;A second decryption module 721, adapted to decrypt the service result according to the encryption method;

第二解压模块722,适于按照所述压缩方式对所述业务结果进行解压。The second decompression module 722 is adapted to decompress the service result according to the compression method.

在本发明的一种可选实施例中,所述第二加密模块712还可以适于:In an optional embodiment of the present invention, the second encryption module 712 may also be adapted to:

调用加密标识对应的加密方式所属的第一动态链接库;calling the first dynamic link library to which the encryption method corresponding to the encryption identifier belongs;

通过所述第一动态链接库采用所述加密方式对所述业务数据进行加密。The service data is encrypted in the encryption manner by using the first dynamic link library.

在本发明的一种可选实施例中,所述第二压缩模块713还可以适于:In an optional embodiment of the present invention, the second compression module 713 may also be adapted to:

调用压缩标识对应的压缩方式所属的第二动态链接库;calling the second dynamic link library to which the compression method corresponding to the compression identifier belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行压缩。The service data is compressed in the compression manner by using the second dynamic link library.

在本发明的一种可选实施例中,所述第二解密模块721还可以适于:In an optional embodiment of the present invention, the second decryption module 721 may also be adapted to:

调用所述加密方式所属的第一动态链接库;calling the first dynamic link library to which the encryption method belongs;

通过所述第一动态链接库采用所述加密方式对所述业务结果进行解密。The business result is decrypted in the encryption manner by using the first dynamic link library.

在本发明的一种可选实施例中,所述第二解压模块722还可以适于:In an optional embodiment of the present invention, the second decompression module 722 may also be adapted to:

调用所述压缩方式所属的第二动态链接库;calling the second dynamic link library to which the compression mode belongs;

通过所述第二动态链接库采用所述压缩方式对所述业务数据进行解压。The service data is decompressed in the compression manner by using the second dynamic link library.

对于装置实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。As for the apparatus embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for related parts.

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general-purpose systems can also be used with teaching based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not directed to any particular programming language. It should be understood that various programming languages may be used to implement the inventions described herein, and that the descriptions of specific languages above are intended to disclose the best mode for carrying out the invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. It will be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together into a single embodiment, figure, or its description. This disclosure, however, should not be construed as reflecting an intention that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and further they may be divided into multiple sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination, unless at least some of such features and/or procedures or elements are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will appreciate that although some of the embodiments described herein include certain features, but not others, included in other embodiments, that combinations of features of different embodiments are intended to be within the scope of the invention within and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的基于加密的通信设备中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in the encryption-based communication device according to the embodiments of the present invention. The present invention can also be implemented as apparatus or apparatus programs (eg, computer programs and computer program products) for performing part or all of the methods described herein. Such a program implementing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such signals may be downloaded from Internet sites, or provided on carrier signals, or in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-described embodiments illustrate rather than limit the invention, and that alternative embodiments may be devised by those skilled in the art without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. do not denote any order. These words can be interpreted as names.

Claims (30)

1. An encryption-based communication method comprising:
when receiving a service operation instruction, a client determines service data;
calling a first dynamic link library to which a preset encryption mode belongs, wherein the encryption mode has an encryption identifier, and the first dynamic link library is generated by a static link library;
encrypting the service data by the first dynamic link library in the encryption mode;
embedding the service data and the encrypted identifier into a service request;
sending the service request to a server through a uniform interface for service processing;
the server reads service data and an encryption identifier from the service request;
calling a first dynamic link library to which an encryption mode corresponding to the encryption identifier belongs; and decrypting the service data by adopting the encryption mode through the first dynamic link library.
2. The method of claim 1, further comprising:
compressing the service data by adopting a preset compression mode, wherein the compression mode is provided with a compression identifier;
and embedding the compression identification into a service request.
3. The method of claim 2, wherein the step of compressing the service data in a preset compression manner comprises:
calling a second dynamic link library to which a preset compression mode belongs;
and compressing the service data by adopting the compression mode through the second dynamic link library.
4. The method of claim 1, 2 or 3, further comprising:
and carrying out service processing according to the service data.
5. The method of claim 4, further comprising:
the server reads the compression identification from the service request;
and decompressing the service data by adopting a compression mode corresponding to the compression identifier.
6. The method of claim 5, wherein the step of decompressing the service data by using the compression mode corresponding to the compression identifier comprises:
calling a second dynamic link library to which the compression mode corresponding to the compression identifier belongs;
and decompressing the service data by adopting the compression mode through the second dynamic link library.
7. The method of claim 4, wherein the traffic data includes traffic paths, request parameters;
the step of performing service processing according to the service data includes:
and transmitting the request parameters to a service component for service processing according to the service path.
8. The method of claim 1, 2, 3, 5, 6, or 7, further comprising:
the server acquires a service result of service processing;
encrypting the service result by adopting an encryption mode corresponding to the encryption identifier;
and returning the service result to the client through the uniform interface.
9. The method of claim 8, wherein the step of encrypting the service data by using the encryption mode corresponding to the encryption identifier comprises:
calling a first dynamic link library to which an encryption mode corresponding to the encryption identifier belongs;
and encrypting the service data by adopting the encryption mode through the first dynamic link library.
10. The method of claim 8, wherein prior to the step of returning the business data to the client, the method further comprises:
and compressing the service data by adopting a compression mode corresponding to the compression identifier.
11. The method of claim 10, wherein the step of compressing the service data in a compression manner corresponding to the compression identifier comprises:
calling a second dynamic link library to which the compression mode corresponding to the compression identifier belongs;
and compressing the service data by adopting the compression mode through the second dynamic link library.
12. The method of claim 9, 10 or 11, further comprising:
and the client decrypts the service result according to the encryption mode.
13. The method of claim 12, wherein the step of decrypting the service result in accordance with the encryption at the time of the previous communication comprises:
calling a first dynamic link library to which the encryption mode belongs;
and decrypting the service result by the first dynamic link library in the encryption mode.
14. The method of claim 2, 3, 5, 6, 10, or 11, further comprising:
and decompressing the service result according to the compression mode.
15. The method of claim 14, wherein the step of decompressing the service results in the compressed manner comprises:
calling a second dynamic link library to which the compression mode belongs;
and decompressing the service data by adopting the compression mode through the second dynamic link library.
16. An encryption-based communication system, the system comprising a client and a server, wherein the client comprises:
the service data determining module is suitable for determining service data when receiving a service operation instruction;
the first encryption module is suitable for encrypting the service data by adopting a preset encryption mode, and the encryption mode is provided with an encryption identifier;
a first data embedding module adapted to embed the service data and the encrypted identification in a service request;
the service request sending module is suitable for sending the service request to the server through a uniform interface for service processing;
wherein the first encryption module is further adapted to:
calling a first dynamic link library to which a preset encryption mode belongs, wherein the first dynamic link library is generated by a static link library;
encrypting the service data by the first dynamic link library in the encryption mode;
wherein the server comprises:
the first data reading module is suitable for reading the service data and the encrypted identifier from the service request;
the first decryption module is suitable for decrypting the service data by adopting an encryption mode corresponding to the encryption identifier;
wherein the first decryption module is further adapted to:
calling a first dynamic link library to which an encryption mode corresponding to the encryption identifier belongs;
and decrypting the service data by adopting the encryption mode through the first dynamic link library.
17. The system of claim 16, wherein the client further comprises:
the first compression module is suitable for compressing the service data by adopting a preset compression mode, and the compression mode is provided with a compression identifier;
and the second data embedding module is suitable for embedding the compression identification into the service request.
18. The system of claim 17, wherein the first compression module is further adapted to:
calling a second dynamic link library to which a preset compression mode belongs;
and compressing the service data by adopting the compression mode through the second dynamic link library.
19. The system of claim 16, 17 or 18, wherein the server further comprises:
and the service processing module is suitable for performing service processing according to the service data.
20. The system of claim 19, wherein the server further comprises:
the second data reading module is suitable for the server to read the compression identification from the service request;
and the first decompression module is suitable for decompressing the service data by adopting a compression mode corresponding to the compression identifier.
21. The system of claim 20, wherein the first decompression module is further adapted to:
calling a second dynamic link library to which the compression mode corresponding to the compression identifier belongs;
and decompressing the service data by adopting the compression mode through the second dynamic link library.
22. The system of claim 19, wherein the traffic data includes traffic paths, request parameters;
the service processing module is further adapted to:
and transmitting the request parameters to a service component for service processing according to the service path.
23. The system of claim 16, 17, 18, 20, 21, or 22, wherein the server further comprises:
the service result acquisition module is suitable for acquiring a service result of service processing;
the second encryption module is suitable for encrypting the service result by adopting an encryption mode corresponding to the encryption identifier;
and the service result sending module is suitable for returning the service result to the client through the uniform interface.
24. The system of claim 23, wherein the second encryption module is further adapted to:
calling a first dynamic link library to which an encryption mode corresponding to the encryption identifier belongs;
and encrypting the service data by adopting the encryption mode through the first dynamic link library.
25. The system of claim 23, wherein the server further comprises:
and the second compression module is suitable for compressing the service data by adopting a compression mode corresponding to the compression identifier.
26. The system of claim 25, wherein the second compression module is further adapted to:
calling a second dynamic link library to which the compression mode corresponding to the compression identifier belongs;
and compressing the service data by adopting the compression mode through the second dynamic link library.
27. The system of claim 24, 25 or 26, wherein the client further comprises:
and the second decryption module is suitable for decrypting the service result according to the encryption mode.
28. The system of claim 27, wherein the second decryption module is further adapted to:
calling a first dynamic link library to which the encryption mode belongs;
and decrypting the service result by the first dynamic link library in the encryption mode.
29. The system of claim 17 or 18 or 21 or 25 or 26, wherein the client further comprises:
and the second decompression module is suitable for decompressing the service result according to the compression mode.
30. The system of claim 29, wherein the second decompression module is further adapted to:
calling a second dynamic link library to which the compression mode belongs;
and decompressing the service data by adopting the compression mode through the second dynamic link library.
CN201510982203.XA 2015-12-23 2015-12-23 Encryption-based communication method and system Active CN105554001B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510982203.XA CN105554001B (en) 2015-12-23 2015-12-23 Encryption-based communication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510982203.XA CN105554001B (en) 2015-12-23 2015-12-23 Encryption-based communication method and system

Publications (2)

Publication Number Publication Date
CN105554001A CN105554001A (en) 2016-05-04
CN105554001B true CN105554001B (en) 2020-02-11

Family

ID=55832936

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510982203.XA Active CN105554001B (en) 2015-12-23 2015-12-23 Encryption-based communication method and system

Country Status (1)

Country Link
CN (1) CN105554001B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566112A (en) * 2016-06-30 2018-01-09 中国电信股份有限公司 Dynamic encryption and decryption method and server
CN107562813A (en) * 2017-08-11 2018-01-09 环球智达科技(北京)有限公司 Business datum identification code generates system
CN107818265B (en) * 2017-10-23 2020-04-24 中国银行股份有限公司 Encryption method, device and system
CN111586072A (en) * 2020-05-19 2020-08-25 贺斌 Data transmission method and device, electronic equipment and storage medium
CN112469035B (en) * 2020-11-26 2023-05-26 江苏特思达电子科技股份有限公司 Safe activation and control method and communication system of remote equipment of Internet of things
CN112434318B (en) * 2020-11-26 2024-11-01 江苏特思达电子科技股份有限公司 Encryption method and system for remote equipment of Internet of things
CN115225636A (en) * 2022-07-12 2022-10-21 深圳壹账通智能科技有限公司 Request processing method and device, computer equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557411A (en) * 2008-04-09 2009-10-14 北京闻言科技有限公司 Method for uniformly processing request response in hyper text transport protocol (HTTP) communication
CN101621794A (en) * 2009-07-07 2010-01-06 董志 Method for realizing safe authentication of wireless application service system
CN102638579A (en) * 2012-03-29 2012-08-15 深圳市高正软件有限公司 Data processing method and system based on data transmission of mobile equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045718A (en) * 2009-10-23 2011-05-04 中国移动通信集团福建有限公司 Authentication method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557411A (en) * 2008-04-09 2009-10-14 北京闻言科技有限公司 Method for uniformly processing request response in hyper text transport protocol (HTTP) communication
CN101621794A (en) * 2009-07-07 2010-01-06 董志 Method for realizing safe authentication of wireless application service system
CN102638579A (en) * 2012-03-29 2012-08-15 深圳市高正软件有限公司 Data processing method and system based on data transmission of mobile equipment

Also Published As

Publication number Publication date
CN105554001A (en) 2016-05-04

Similar Documents

Publication Publication Date Title
CN105554001B (en) Encryption-based communication method and system
CN105357191B (en) The encryption method and device of user data
JP6548667B2 (en) Method, apparatus and system for providing security checks
US10341093B2 (en) Method, apparatus and system for device identification
CN106533665B (en) Mthods, systems and devices for storing website private key plaintext
CN104283853B (en) A kind of method, terminal device and network equipment for improving Information Security
CN109194625B (en) Client application protection method and device based on cloud server and storage medium
WO2015062378A1 (en) User registration method, mobile terminal and server of client application program
CN104378379B (en) A kind of digital content encrypted transmission method, equipment and system
CN105447715A (en) Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party
CN103327034A (en) Safe login method, system and device
CN119853935A (en) Data transmission method, device, storage medium and equipment
CN105516169A (en) Method and device for detecting website security
US12323808B2 (en) Systems and methods for verified communication between mobile applications
CN106603388A (en) Email sending method, email check method, email view control method and devices
CN108959990A (en) A kind of verification method and device of two dimensional code
CN114978769A (en) Unidirectional lead-in device, method, medium, and apparatus
CN107528820A (en) For the encipher-decipher method of application program, device and method for auditing safely and platform
CN115834101B (en) A login control method, system, storage medium, and electronic device.
CN109962888A (en) A kind of anti-tamper business access method, client and server
JP2016520223A (en) Method and system for exchanging encrypted messages between computing devices in a communication network
CN108881122A (en) The method and apparatus of APP Information Authentication
CN113517982A (en) Password generation method, password execution method and terminal
CN106453069B (en) An instant messaging message sending, viewing, viewing control method and device thereof
CN104993935B (en) Cyberthreat reminding method, equipment and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20240116

Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right