[go: up one dir, main page]

WO2016205998A1 - Data transmission method, device and system - Google Patents

Data transmission method, device and system Download PDF

Info

Publication number
WO2016205998A1
WO2016205998A1 PCT/CN2015/082071 CN2015082071W WO2016205998A1 WO 2016205998 A1 WO2016205998 A1 WO 2016205998A1 CN 2015082071 W CN2015082071 W CN 2015082071W WO 2016205998 A1 WO2016205998 A1 WO 2016205998A1
Authority
WO
WIPO (PCT)
Prior art keywords
connection
server
address
user equipment
encrypted communication
Prior art date
Application number
PCT/CN2015/082071
Other languages
French (fr)
Chinese (zh)
Inventor
王永亮
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2015/082071 priority Critical patent/WO2016205998A1/en
Priority to CN201580029578.2A priority patent/CN106797308A/en
Publication of WO2016205998A1 publication Critical patent/WO2016205998A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols

Definitions

  • the present invention relates to the field of communications, and in particular, to a data transmission method, device, and system.
  • a communication system consisting of a user equipment (English name: User Equipment, UE for short) and a server (English: Server)
  • the user equipment accesses the server through a locally installed client (English: Client) to perform data interaction with the server.
  • client In the process of data interaction, data encryption is often involved to improve data security and prevent data leakage.
  • the existing encryption protocols include the Secure Sockets Layer (English name: SSL) protocol and the Transport Layer Security (English name: TLS) protocol.
  • These encryption protocols are the encryption protocols of the transport layer, which themselves do not distinguish between application layer data.
  • the application layer data is all encrypted.
  • Embodiments of the present invention provide a data transmission method, device, and system, which are capable of selectively encrypting application layer data, reducing resource consumption in a communication process and improving communication efficiency under the premise of ensuring data security.
  • a data transmission method includes:
  • the access address includes the first address and the first a second address, wherein the first address and the second address comprise a network layer address and a transport layer address, and a transport layer address of the first address and a transport layer address of the second address are different;
  • connection request message Sending a connection request message to the first server, establishing a connection with the first server, where the connection request message includes the first address or the second address;
  • Non-encrypted communication and/or encrypted communication with the first server over the connection are non-encrypted communication and/or encrypted communication with the first server over the connection.
  • the sending a connection request message to the first server, and establishing a connection with the first server includes: sending a first connection request message to the first server, and establishing a first connection with the first server, where The first connection request message includes the first address;
  • the performing non-encrypted communication and/or encrypted communication with the first server over the connection includes performing non-encrypted communication with the first server over the first connection.
  • the sending a connection request message to the first server, and establishing a connection with the first server includes: sending a second connection request message to the first server, and establishing a second connection with the first server, where The second connection request message includes the second address;
  • the performing non-encrypted communication and/or encrypted communication with the first server through the connection includes: performing encrypted communication with the first server through the second connection.
  • the method further includes:
  • the method further comprising: receiving an encryption sent by the first server by using the first connection Communication request
  • the encrypting communication with the first server by the second connection comprises: responding to the encrypted communication request, by the second connection Encrypted communication with the first server.
  • the method further includes:
  • the performing non-encrypted communication with the first server by using the first connection includes: sending, by using the first connection, customization information to the first server, where the customization information is used to indicate to the first server Customized encrypted communication content.
  • the performing non-encrypted communication with the first server by using the first connection includes: sending a heartbeat message to the first server by using the first connection, to maintain the first connection.
  • the acquiring an access address of the first server includes:
  • the access address of the first server is obtained from the second server.
  • a data transmission method includes:
  • connection request message sent by the user equipment, establishing a connection with the user equipment, where the connection request message includes a first address or a second address; wherein the first address and the second address comprise a network layer address and a transmission a layer address, the transport layer address of the first address and the transport layer address of the second address are different;
  • Non-encrypted communication and/or encrypted communication with the user equipment over the connection are examples of non-encrypted communication and/or encrypted communication with the user equipment over the connection.
  • the receiving a connection request message sent by the user equipment, and establishing a connection with the user equipment includes:
  • the performing non-encrypted communication and/or encrypted communication with the user equipment through the connection includes: performing non-encrypted communication with the user equipment by using the first connection.
  • Receiving the connection request message sent by the user equipment establishing a connection with the user equipment, including: receiving a second connection request message sent by the user equipment, establishing a second connection with the user equipment, where the second connection The request message includes the second address;
  • the performing non-encrypted communication and/or encrypted communication with the user equipment through the connection includes: performing encrypted communication with the first server by using the second connection.
  • the method further includes:
  • the method further includes: sending, by using the first connection, an encrypted communication request to the user equipment;
  • the method further includes:
  • the performing non-encrypted communication with the user equipment by using the first connection includes:
  • the performing non-encrypted communication with the user equipment by using the first connection includes:
  • the performing non-encrypted communication with the user equipment by using the first connection includes:
  • a user equipment includes:
  • An obtaining unit configured to obtain an access address of the first server, where the access address includes a first address and a second address, where the first address and the second address comprise a network layer address and a transport layer address, The transport layer address of the first address is different from the transport layer address of the second address;
  • connection unit configured to send a connection request message to the first server by using a transceiver unit, to establish a connection with the first server, where the connection request message includes the first address or the second address;
  • the transceiver unit is configured to perform non-encrypted communication and/or encrypted communication with the first server by using the connection.
  • the connecting unit is configured to send a first connection request message to the first server by using the transceiver unit, and establish a first connection with the first server, where the first connection request message includes the first address;
  • the transceiver unit is specifically configured to perform non-encrypted communication with the first server by using the first connection.
  • the connecting unit is further configured to send, by using the transceiver unit, a second connection request message to the first server, to establish a second connection with the first server, where the second connection request message includes the Second address
  • the transceiver unit is specifically configured to perform encrypted communication with the first server by using the second connection.
  • the connecting unit is further configured to disconnect the second connection if the second connection has been established before sending the first connection request message to the first server;
  • the connecting unit is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
  • the transceiver unit is further configured to receive an encrypted communication request sent by the first server by using the first connection;
  • the connecting unit is further configured to disconnect the first connection and establish the second connection according to the encrypted communication request;
  • the transceiver unit is further configured to respond to the encrypted communication request by using the second The connection is in encrypted communication with the first server.
  • the transceiver unit is further configured to receive an indication message that the first server completes the encrypted communication sent by using the second connection;
  • the connecting unit is further configured to disconnect the second connection according to the indication message and establish the first connection.
  • the transceiver unit is further configured to send, by using the first connection, customization information to the first server, where the customization information is used to indicate customized encrypted communication content to the first server.
  • the transceiver unit is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
  • the obtaining unit is specifically configured to obtain an access address of the first server from a preset server list.
  • the obtaining unit is specifically configured to acquire an access address of the first server from a second server.
  • a server is used as the first server, including:
  • connection unit configured to receive, by the transceiver unit, a connection request message sent by the user equipment, to establish a connection with the user equipment, where the connection request message includes a first address or a second address, where the first address and the first
  • the second address includes a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different;
  • the transceiver unit is further configured to perform non-addition with the user equipment by using the connection Confidential communication and/or encrypted communication.
  • the connecting unit is configured to: receive, by the transceiver unit, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address ;
  • the transceiver unit is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
  • the connecting unit is further configured to receive, by the transceiver unit, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address;
  • the transceiver unit is specifically configured to perform encrypted communication with the user equipment by using the second connection.
  • the connecting unit is further configured to: before receiving the first connection request message sent by the user equipment, disconnect the second connection if the second connection has been established; or
  • the connecting unit is further configured to: before receiving the second connection request message sent by the user equipment, if the first connection has been established, disconnect the first connection.
  • the transceiver unit is further configured to send an encrypted communication request to the user equipment by using the first connection;
  • the connecting unit is further configured to disconnect the first connection and establish the second connection
  • the transceiver unit is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
  • the transceiver unit is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment;
  • the connecting unit is further configured to disconnect the second connection and establish the first connection.
  • the transceiver unit is further configured to receive customized information that is sent by the user equipment by using the first connection, where the customized information is used to indicate encrypted communication content customized by the user equipment.
  • the transceiver unit is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
  • a fifth aspect is a user equipment, including a processor, a transceiver, a memory, and a bus, wherein the processor and the memory are connected to each other through the bus;
  • a processor configured to acquire an access address of the first server, where the access address includes a first address and a second address, where the first address and the second address comprise a network layer address and a transport layer address, The transport layer address of the first address is different from the transport layer address of the second address;
  • a processor configured to send a connection request message to the first server by using a transceiver, to establish a connection with the first server, where the connection request message includes the first address or the second address;
  • the transceiver is configured to perform non-encrypted communication and/or encrypted communication with the first server through the connection.
  • the processor is configured to send a first connection request message to the first server by using the transceiver, and establish a first connection with the first server, where the first connection request message includes the first address;
  • the transceiver is specifically configured to enter the first server by using the first connection Line non-encrypted communication.
  • the processor is further configured to send a second connection request message to the first server by using the transceiver, and establish a second connection with the first server, where the second connection request message includes the Second address
  • the transceiver is further configured to perform non-encrypted communication with the first server by using the second connection.
  • the processor is further configured to disconnect the second connection if the second connection has been established before sending the first connection request message to the first server;
  • the processor is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
  • the transceiver is further configured to receive an encrypted communication request sent by the first server by using the first connection;
  • the processor is further configured to disconnect the first connection and establish the second connection according to the encrypted communication request;
  • the transceiver is further configured to perform encrypted communication with the first server by using the second connection in response to the encrypted communication request.
  • the transceiver is further configured to receive an indication message that the first server completes the encrypted communication sent by using the second connection;
  • the transceiver is further configured to disconnect the second connection according to the indication message and establish the first connection.
  • the transceiver is further configured to send, by using the first connection, customization information to the first server, where the customization information is used to indicate customized encrypted communication content to the first server.
  • the transceiver is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
  • the processor is specifically configured to obtain an access address of the first server from a preset server list.
  • the processor is further configured to acquire an access address of the first server from a second server.
  • a server is used as a first server, including a processor, a transceiver, a memory, and a bus, and the processor and the memory are connected to each other through the bus;
  • the processor is configured to receive, by using a transceiver, a connection request message sent by the user equipment, to establish a connection with the user equipment, where the connection request message includes a first address or a second address, where the first address and the The second address includes a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different;
  • the transceiver is further configured to perform non-encrypted communication and/or encrypted communication with the user equipment through the connection.
  • the processor is configured to receive, by using the transceiver, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address ;
  • the transceiver is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
  • the processor is further configured to receive, by the transceiver, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address;
  • the transceiver is further configured to perform encrypted communication with the user equipment by using the second connection.
  • the processor is further configured to: before receiving the first connection request message sent by the user equipment, disconnect the second connection if the second connection has been established; or
  • the processor is further configured to disconnect the first connection if the first connection has been established before receiving the second connection request message sent by the user equipment.
  • the transceiver is further configured to send an encrypted communication request to the user equipment by using the first connection;
  • the processor is further configured to disconnect the first connection and establish the second connection
  • the transceiver is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
  • the transceiver is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment;
  • the processor is further configured to disconnect the second connection and establish the first connection.
  • the transceiver is further configured to receive, by the user equipment, the sending by using the first connection Customized information for indicating encrypted communication content customized by the user device.
  • the transceiver is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
  • a data transmission system includes a user equipment and a server;
  • the user equipment is the user equipment provided by any one of the third aspect to the eighth possible implementation manner of the third aspect;
  • the server is a server provided by any one of the fourth aspect to the seventh possible implementation of the fourth aspect.
  • a data transmission system includes a user equipment and a server
  • the user equipment is the user equipment according to any one of the eighth aspect to the eighth possible implementation manner of the fifth aspect;
  • the server is the server of any one of the seventh aspect to the seventh possible implementation of the sixth aspect.
  • the user equipment obtains an access address of the first server, and performs non-encrypted communication and encrypted communication with the first server according to the first address and the second address. Since the transport layer addresses of the first address and the second address are the same, the non-encrypted communication and the encrypted communication share the same network layer connection while occupying different transport layer connections, so the application layer data can be selected to pass the non-encrypted communication according to the encryption requirement. Or the transport layer connection occupied by the encrypted communication is transmitted, that is, the transport layer data is selectively encrypted.
  • the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency.
  • various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used.
  • FIG. 1 is a schematic flowchart of a data transmission method according to Embodiment 1 of the present invention.
  • FIG. 2 is a schematic flowchart of a data transmission method according to Embodiment 2 of the present invention.
  • FIG. 3 is a schematic flowchart of a data transmission method according to Embodiment 3 of the present invention.
  • FIG. 4 is a schematic structural diagram of a user equipment according to Embodiment 4 of the present invention.
  • FIG. 5 is a schematic structural diagram of a server according to Embodiment 5 of the present invention.
  • FIG. 6 is a schematic structural diagram of a user equipment according to Embodiment 6 of the present invention.
  • FIG. 7 is a schematic structural diagram of a server according to Embodiment 7 of the present invention.
  • the words “first”, “second” and the like are used to distinguish the same or similar items whose functions and functions are substantially the same, in the field.
  • the skilled person will understand that the words “first” and “second” are not intended to limit the number and order of execution.
  • Embodiments of the present invention provide a data transmission method applied to a communication system including a user equipment and a server.
  • the user equipment can log in to the server through a personal account, upload various backup data to the server, and the user can also download the backup data in the server to the local, and the server can also push advertisements, user subscription information, and the like to the user.
  • the data interaction between the user equipment and the server can be accomplished by means of encrypted communication or by means of non-encrypted communication.
  • the advertisement pushed by the server can be sent to the user equipment through non-encrypted communication, and the account and password information transmitted by the user equipment when logging in to the server can be sent to the user equipment through encrypted communication to ensure data security.
  • existing existing ones can be applied.
  • a transport layer encryption protocol such as the SSL protocol, the TLS protocol, and the like.
  • a first embodiment of the present invention provides a data transmission method, which is applied to a user equipment. Referring to FIG. 1, the method includes the following steps:
  • the first server is a server to be accessed by the user equipment, and the access address of the first server includes a first address and a second address, which are used for performing non-encrypted communication and encrypted communication, respectively.
  • the user equipment can access the first server through the first address, or access the first server through the second address.
  • the first address and the second address both include a network layer address and a transport layer address.
  • the network layer address is used to identify the first server in the network
  • the transport layer address is used to identify the transport layer port of the first server.
  • the network layer address of the first address is the same as the network layer address of the second address, and the transport layer address of the first address is different from the transport layer address of the second address.
  • connection request message includes a first address or a second address.
  • the network layer address of the first address and the network layer address of the second address are the same, when the user equipment accesses the first server through the first address and the second address at the same time, only a network layer connection is established with the first server, that is, encryption. Communication and non-encrypted communication share a network layer connection.
  • transport layer address of the first address and the transport layer address of the second address are different, data for encrypted communication and data for non-encrypted communication can be distinguished by the transport layer address when the user equipment simultaneously passes the first address and the second When the address accesses the first server, the user equipment establishes two transport layer connections with the first server by the transport layer address of the first address and the transport layer address of the second address, that is, the encrypted communication and the non-encrypted communication each occupy one transport layer connection.
  • the user equipment can access the first server in a time-sharing manner through the first address and the second address, or access the first server at the same time, that is, the non-encrypted communication and the encrypted communication can be separately entered. Line or at the same time.
  • the user equipment determines that non-encrypted communication is required, establishing a connection with the first server according to the first address, and performing non-encrypted communication with the first server. For example, when the user equipment needs to download an application by using the first server, the user equipment sends a connection request message to the first server, where the connection request message includes the first address. After the connection is established, the download request message sent by the user equipment to the first server and the installation package data sent by the first server to the user equipment are transmitted through non-encrypted communication. Optionally, the user equipment may disconnect the first server after the non-encrypted communication ends.
  • the user equipment determines that the encrypted communication is required, the user establishes a connection with the first server according to the second address, and performs encrypted communication with the first server. Further, the user equipment may disconnect the connection with the first server after the encrypted communication ends.
  • the user equipment obtains an access address of the first server, and performs non-encrypted communication and encrypted communication with the first server according to the first address and the second address.
  • Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selected to be transmitted through the transport layer connection occupied by non-encrypted communication or encrypted communication according to the encryption requirement, that is, the transport layer data Perform selective encryption processing.
  • the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency.
  • various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used.
  • the second embodiment of the present invention provides a data transmission method, which is applied to a first server, as shown in FIG. 2, and includes the following steps:
  • 201 Receive a connection request message sent by the user equipment, and establish a connection with the user equipment, where the connection request message includes a first address or a second address.
  • the first address and the second address include a network layer address and a transport layer address.
  • First The network layer address of an address is the same as the network layer address of the second address, and the transport layer address of the first address is different from the transport layer address of the second address.
  • connection request message sent by the user equipment When receiving the connection request message sent by the user equipment, establishing a connection with the user equipment according to the first address or the second address in the connection request message, so that the user equipment can access the first server by using the first address or the second address.
  • connection request message includes the first address
  • the first server performs non-encrypted communication with the user equipment after the connection between the first server and the user equipment is established.
  • the connection request message includes the second address, after the connection between the first server and the user equipment is established, the first server performs encrypted communication with the user equipment.
  • Non-encrypted communication and encrypted communication can be performed separately or simultaneously.
  • non-encrypted communication and encrypted communication share a network layer connection and each occupies a transmission layer connection, so application layer data can be selected according to encryption requirements.
  • the transport layer connection occupied by the encrypted communication or the encrypted communication is transmitted, that is, the transport layer data is selectively encrypted.
  • the first server establishes a connection with the user equipment according to the first address or the second address by receiving the connection request message sent by the user equipment, and performs non-encrypted communication or encryption with the user equipment through the connection.
  • Communication Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selectively encrypted according to the encryption requirements.
  • various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. Therefore, on the basis of the existing transport layer encryption protocol, the application layer data is selectively encrypted, and under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
  • the third embodiment of the present invention provides a data transmission method, where the user equipment and the first server establish a first connection according to the first address, and perform non-encrypted communication through the first connection, according to The second address establishes a second connection and performs encrypted communication over the second connection.
  • the non-encrypted communication and the encrypted communication can be performed independently, that is, the user equipment and the first server can perform non-encrypted communication through the first connection while performing encrypted communication through the second connection.
  • the third embodiment of the present invention alternates between encrypted communication and non-encrypted communication to reduce the occupation of resources by the user equipment and the first server during communication. That is, when the user equipment and the first server communicate via one of the first connection or the second connection, the other connection can be disconnected.
  • the amount of data that needs to be transmitted through the second connection is much smaller than the amount of data that needs to be transmitted through the first connection. Therefore, in the third embodiment, the first connection is used as a long connection and the second connection is used as a short connection.
  • the communication, that is, the hold time of the first connection is relatively long, and the second connection is established only when encrypted communication is required, and is disconnected after the end of the encrypted communication, so the hold time of the second connection is relatively short.
  • the data transmission method provided in Embodiment 3 specifically includes the following steps:
  • the user equipment acquires an access address of the first server.
  • the user equipment may obtain an access address of the first server from a preset server list.
  • the user equipment may also obtain an access address of the first server from the second server.
  • the user equipment obtains description information about various services through the second server, and sends an indication message of the subscription service to the second server, and after receiving the indication message, the second server is configured according to the The indication message determines that the server providing the subscription service is the first server, and then sends the access address of the first server to the user equipment.
  • the network layer address may be an Internet Protocol (English name: Internet Protocol, English abbreviation: IP) address of the first server, and the transport layer address may be a transmission control protocol (English full name: Transmission Control Protocol, English abbreviation: TCP) )The port number.
  • IP Internet Protocol
  • TCP Transmission Control Protocol
  • the user equipment establishes a network layer connection with the first server by accessing the IP address of 10.11.1.0. Further, the first connection is established by TCP port number 5223 for non-encrypted communication, and the second connection is established by TCP port number 5224 for encrypted communication.
  • the first address or the second address may also be in the form of a domain name.
  • the domain name corresponding to the first address is WWW.xxx.nonencrpt.com
  • the domain name corresponding to the second address is WWW.xxx.encrpt.com.
  • the user equipment sends a first connection request message to the first server, and establishes a first connection with the first server, where the first connection request message includes the first address.
  • the first connection request message includes a first address.
  • the first connection is a TCP connection.
  • the TCP connection is established after the third handshake according to the first address, and the specific process is not described again.
  • the user equipment and the first server perform non-encrypted communication through the first connection.
  • the non-encrypted communication specifically includes the user equipment receiving the non-encrypted information sent by the first server through the first connection. And/or the user equipment sends non-encrypted information to the first server over the first connection.
  • the non-encrypted information may be a request for obtaining a service sent by the user equipment to the first server, and a service information sent by the first server to the user equipment, or may be a heartbeat message (English name: Heartbeat Message), and the user equipment passes the
  • the first server sends a heartbeat message to maintain the first connection to maintain the first connection, preventing the first connection from being disconnected by the firewall or other network element.
  • the user equipment customizes the content of the encrypted communication, that is, determines which data is transmitted by means of encrypted communication, and sends the customized information to the first server through the first connection, and indicates the customized encrypted communication content to the first server.
  • the user equipment can meet the user's differentiated needs for data security, and take into account the user's demand for traffic and communication efficiency.
  • the first server provides a data backup service to the user equipment, and a service of information push.
  • the user device adds the information service to the customized information.
  • the user equipment can upload or download the backup data through the first connection, and for the information content, the first server will push the user equipment through the second connection, thereby selecting the application layer data through the first connection and the second connection according to the customized information.
  • Sexual encryption processing is a data backup service to the user equipment, and a service of information push.
  • the first server sends an encrypted communication request to the user equipment by using the first connection.
  • the first connection is sent to the user equipment.
  • Confidential communication request For example, in combination with the application scenario pushed by the information in step 303, when the first server has new content pushed to the user equipment, the encrypted communication request is sent to the user equipment through the first connection.
  • the user equipment disconnects the first connection.
  • the other connection can be disconnected.
  • the user equipment sends a second connection request message to the first server, and establishes a second connection with the first server.
  • the second connection request message includes a second address.
  • the user equipment After receiving the encrypted communication request sent by the first server, the user equipment disconnects the first connection, and then establishes a second connection, and alternately performs non-encrypted communication and encrypted communication through the first connection and the second connection, while maintaining two In the case of a connection, the occupation of resources by the user equipment and the first server during communication is reduced.
  • the user equipment and the first server perform encrypted communication by using the second connection.
  • the first server can send the encrypted information to the user equipment.
  • the content of the encrypted information may be the content specified by the customized information sent by the user equipment, or may be the content that needs to be encrypted by the first server according to the preset classification list.
  • the user equipment can also request other services from the first server through the second connection.
  • the application layer connection between the user equipment and the first server is established, and the alternate operation of the non-encrypted communication and the encrypted communication does not cause the application layer. Interruption of data transmission.
  • the first server sends an indication message that the encrypted communication is completed to the user equipment by using the second connection.
  • the application scenario that is pushed by the information described in step 304 is taken as an example.
  • the first server indicates to the user equipment that the encrypted information has been sent, so that the user equipment disconnects the second connection after receiving the indication message. .
  • the user equipment disconnects the second connection, and sends a first connection request message to the first server to establish a first connection with the first server.
  • the user equipment maintains the first connection by sending a heartbeat message to the first server.
  • the user equipment and the first server alternately perform non-encrypted communication and encrypted communication through the first connection and the second connection, and only one connection is maintained at one time point, and two connections are maintained.
  • a connection the occupation of resources by the user equipment and the first server during communication is reduced.
  • various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like, can be used. Therefore, on the basis of the existing transport layer encryption protocol, the application layer data is selectively encrypted, and under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
  • the fourth embodiment of the present invention provides a user equipment, which is used to perform the corresponding functions of the user equipment in the data transmission method described in the foregoing embodiments corresponding to FIG. 1 to FIG. 3.
  • the user equipment 40 specifically includes :
  • the obtaining unit 401 is configured to obtain an access address of the first server, where the access address includes a first address and a second address.
  • the first address and the second address include a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different.
  • the connection unit 402 is configured to send a connection request message to the first server by using the transceiver unit 403, and establish a connection with the first server, where the connection request message includes a first address or a second address.
  • the transceiver unit 403 is configured to perform non-encrypted communication and/or encrypted communication with the first server by using a connection.
  • the connecting unit 402 is configured to send a first connection request message to the first server by using the transceiver unit 403, and establish a first connection with the first server, where the first connection request message includes the first address.
  • the transceiver unit 403 is specifically configured to perform non-encrypted communication with the first server by using the first connection.
  • the connecting unit 402 is specifically configured to be used by the transceiver unit 403 to The server sends a second connection request message to establish a second connection with the first server, wherein the second connection request message includes the second address.
  • the transceiver unit 403 is further configured to perform encrypted communication with the first server by using the second connection.
  • the connecting unit 402 is further configured to disconnect the second connection if the second connection has been established before sending the first connection request message to the first server. or,
  • the connecting unit 402 is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
  • the transceiver unit 403 is further configured to receive an encrypted communication request sent by the first server by using the first connection.
  • the connection unit 402 is further configured to disconnect the first connection and establish a second connection according to the encrypted communication request.
  • the transceiver unit 403 is further configured to perform encrypted communication with the first server by using the second connection in response to the encrypted communication request.
  • the transceiver unit 403 is further configured to receive an indication message that the first server completes the encrypted communication sent by using the second connection.
  • the connecting unit 402 is further configured to disconnect the second connection according to the indication message and establish a first connection.
  • the transceiver unit 403 is further configured to send, by using the first connection, customization information to the first server, where the customization information is used to indicate the customized encrypted communication content to the first server.
  • the transceiver unit 403 is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
  • the obtaining unit 401 is specifically configured to obtain an access address of the first server from the preset server list.
  • the obtaining unit 401 is specifically configured to acquire an access address of the first server from the second server.
  • the user equipment acquires an access address of the first server, and performs non-encrypted communication with the first server according to the first address and the second address.
  • Encrypted communication Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selected to be transmitted through the transport layer connection occupied by non-encrypted communication or encrypted communication according to the encryption requirement, that is, the transport layer data Perform selective encryption processing.
  • the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency.
  • various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used.
  • the fifth embodiment of the present invention provides a server for performing the corresponding functions of the first server in the data transmission method described in the foregoing embodiments corresponding to FIG. 1 to FIG.
  • the server 50 specifically includes:
  • the connection unit 501 is configured to receive, by using the transceiver unit 502, a connection request message sent by the user equipment, and establish a connection with the user equipment, where the connection request message includes a first address or a second address.
  • the first address and the second address include a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different.
  • the transceiver unit 502 is further configured to perform non-encrypted communication and/or encrypted communication with the user equipment through the connection.
  • the connecting unit 501 is configured to receive, by the transceiver unit 502, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address.
  • the transceiver unit 502 is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
  • the connecting unit 501 is further configured to receive, by the transceiver unit 502, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address.
  • the transceiver unit 502 is specifically configured to perform encryption with the user equipment by using the second connection. Communication.
  • the connecting unit 501 is further configured to: before receiving the first connection request message sent by the user equipment, if the second connection has been established, disconnect the second connection. or,
  • the connecting unit 501 is further configured to: before receiving the second connection request message sent by the user equipment, disconnect the first connection if the first connection has been established.
  • the transceiver unit 502 is further configured to send an encrypted communication request to the user equipment by using the first connection.
  • the connecting unit 501 is further configured to disconnect the first connection and establish a second connection.
  • the transceiver unit 502 is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
  • the transceiver unit 502 is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment.
  • the connecting unit 501 is further configured to disconnect the second connection and establish a first connection.
  • the transceiver unit 502 is further configured to receive customized information that is sent by the user equipment by using the first connection, where the customized information is used to indicate the encrypted communication content customized by the user equipment.
  • the transceiver unit 502 is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
  • the server provided by the embodiment of the present invention establishes a connection with the user equipment according to the first address or the second address by receiving the connection request message sent by the user equipment, and performs non-encrypted communication or encrypted communication with the user equipment through the connection.
  • Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selectively encrypted according to the encryption requirements.
  • various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. Therefore, on the basis of the existing transport layer encryption protocol, the application layer data is selectively encrypted, and under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
  • the sixth embodiment of the present invention provides a user equipment for performing the corresponding functions of the user equipment in the data transmission method described in the foregoing embodiments corresponding to FIG. 1 to FIG. 3.
  • the user equipment 60 may be embedded. Or itself is a microprocessor computer, such as a general purpose computer, a custom machine, a mobile phone terminal or a tablet device, the user device 60 includes: at least one processor 601, a transceiver 602, a memory 603, and a bus 604, the at least A processor 601, transceiver 602 and memory 603 are connected by bus 604 and communicate with each other.
  • the bus 604 can be an industry standard architecture (English name: Industry Standard Architecture, English abbreviation: ISA) bus, external device interconnection (English full name: Peripheral Component, English abbreviation: PCI) bus or extended industry standard architecture (English full name :Extended Industry Standard Architecture, English abbreviation: EISA) bus.
  • the bus 604 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 6, but it does not mean that there is only one bus or one type of bus. among them:
  • the memory 603 is used to execute the application code of the inventive scheme, and the application code for executing the inventive scheme is stored in a memory and controlled by the processor 601 for execution.
  • the memory can be a read-only memory (English full name: Read Only Memory, English abbreviation: ROM) or other types of static storage devices that can store static information and instructions.
  • Random memory English name: Random Access Memory, English abbreviation: RAM
  • other types of dynamic storage devices that can store information and instructions, or can be electrically erasable programmable read only memory (English full name: Electrically Erasable Programmable Read Only Memory, English abbreviation: EEPROM), read-only optical disc (English full name: Compact Disc Read Only Memory (English: CD-ROM) or other optical disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or can be used Any other medium that carries or stores the desired program code in the form of an instruction or data structure and that can be accessed by a computer, but is not limited thereto.
  • These memories are connected to the processor via a bus.
  • the processor 601 may be a central processing unit (English name: Central Processing Unit, English abbreviation: CPU), or a specific integrated circuit (English name: Application Specific Integrated Circuit, English abbreviation: ASIC), or configured to implement the present invention.
  • CPU Central Processing Unit
  • ASIC Application Specific Integrated Circuit
  • the processor 601 is configured to call the program code in the memory 603. In a possible implementation manner, when the application program is executed by the processor 601, the following functions are implemented.
  • the processor 601 is configured to obtain an access address of the first server, where the access address includes a first address and a second address.
  • the first address and the second address include a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different.
  • the processor 601 is configured to send a connection request message to the first server by using the transceiver 602, and establish a connection with the first server, where the connection request message includes a first address or a second address.
  • the transceiver 602 is configured to perform non-encrypted communication and/or encrypted communication with the first server by using a connection.
  • the processor 601 is configured to send a first connection request message to the first server by using the transceiver 602, and establish a first connection with the first server, where the first connection request message includes the first address.
  • the transceiver 602 is specifically configured to perform non-encrypted communication with the first server by using the first connection.
  • the processor 601 is further configured to send a second connection request message to the first server by using the transceiver 602, and establish a second connection with the first server, where the second connection request message includes the second address.
  • the transceiver 602 is specifically configured to perform non-encrypted communication with the first server by using the second connection.
  • the processor 601 establishes one of the first connection and the second connection through the transceiver 602,
  • the processor 601 is further configured to send the first connection request message to the first server. Previously, if the second connection has been established, the second connection is broken. or,
  • the processor 601 is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
  • the transceiver 602 is further configured to receive an encrypted communication request sent by the first server by using the first connection.
  • the processor 601 is further configured to disconnect the first connection and establish a second connection according to the encrypted communication request.
  • the transceiver 602 is further configured to perform encrypted communication with the first server through the second connection in response to the encrypted communication request.
  • the transceiver 602 is further configured to receive an indication message that the first server completes the encrypted communication sent by the second connection.
  • the processor 601 is further configured to disconnect the second connection according to the indication message and establish a first connection.
  • the transceiver 602 is further configured to send, by using the first connection, the customized information to the first server, where the customized information is used to indicate the customized encrypted communication content to the first server.
  • the transceiver 602 is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
  • the processor 601 is configured to obtain an access address of the first server from a preset server list.
  • the processor 601 is specifically configured to acquire an access address of the first server from the second server.
  • the user equipment acquires an access address of the first server, and performs non-encrypted communication and encrypted communication with the first server according to the first address and the second address.
  • Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selected to be transmitted through the transport layer connection occupied by non-encrypted communication or encrypted communication according to the encryption requirement, that is, the transport layer data Perform selective encryption processing.
  • the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency.
  • the sixth embodiment of the present invention provides a server for performing the corresponding functions of the first server in the data transmission method described in the foregoing embodiments corresponding to FIG. 1 to FIG. 3.
  • the user equipment 70 may be embedded. Or itself is a microprocessor computer, such as a general purpose computer, a custom machine, a mobile phone terminal, or a tablet device, the user device 70 includes: at least one processor 701, a transceiver 702, a memory 703, and a bus 704, the at least one The processor 701, the transceiver 702, and the memory 703 are connected by a bus 704 and complete communication with each other.
  • the bus 704 can be an industry standard architecture (English name: Industry Standard Architecture, English abbreviation: ISA) bus, external device interconnection (English full name: Peripheral Component, English abbreviation: PCI) bus or extended industry standard architecture (English full name :Extended Industry Standard Architecture, English abbreviation: EISA) bus.
  • the bus 704 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 7, but it does not mean that there is only one bus or one type of bus. among them:
  • the memory 703 is used to execute the application code of the inventive scheme, and the application code for executing the inventive scheme is stored in a memory and controlled by the processor 701 for execution.
  • the memory can be a read-only memory (English full name: Read Only Memory, English abbreviation: ROM) or other types of static storage devices that can store static information and instructions.
  • Random memory English name: Random Access Memory, English abbreviation: RAM
  • other types of dynamic storage devices that can store information and instructions, or can be electrically erasable programmable read only memory (English full name: Electrically Erasable Programmable Read Only Memory, English abbreviation: EEPROM), read-only optical disc (English full name: Compact Disc Read Only Memory, English abbreviation: CD-ROM) or other disc storage, CD storage (including compressed discs, laser discs, CDs, digital Universal optical disc, Blu-ray disc, etc.), magnetic storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of an instruction or data structure and accessible by a computer, but is not limited thereto .
  • These memories are connected to the processor via a bus.
  • the processor 701 may be a central processing unit (English name: Central Processing Unit, English abbreviation: CPU), or a specific integrated circuit (English name: Application Specific Integrated Circuit, English abbreviation: ASIC), or configured to implement the present invention.
  • CPU Central Processing Unit
  • ASIC Application Specific Integrated Circuit
  • the processor 701 is configured to call the program code in the memory 703. In a possible implementation manner, when the application program is executed by the processor 701, the following functions are implemented.
  • the processor 701 is configured to receive, by using the transceiver 702, a connection request message sent by the user equipment, and establish a connection with the user equipment, where the connection request message includes a first address or a second address.
  • the first address and the second address include a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different.
  • the transceiver 702 is further configured to perform non-encrypted communication and/or encrypted communication with the user equipment through the connection.
  • the processor 701 is configured to receive, by using the transceiver 702, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address.
  • the processor 701 is further configured to receive, by using the transceiver 702, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address.
  • the transceiver 702 is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
  • the transceiver 702 is specifically configured to perform encrypted communication with the user equipment by using the second connection.
  • the processor 701 is further configured to: before receiving the first connection request message sent by the user equipment, if the second connection has been established, disconnect the second connection. or,
  • the processor 701 is further configured to: before receiving the second connection request message sent by the user equipment, if the first connection has been established, disconnect the first connection.
  • the transceiver 702 is further configured to send an encrypted communication request to the user equipment by using the first connection.
  • the processor 701 is further configured to disconnect the first connection and establish a second connection.
  • the transceiver 702 is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
  • the transceiver 702 is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment.
  • the processor 701 is further configured to disconnect the second connection and establish a first connection.
  • the transceiver 702 is further configured to receive customized information sent by the user equipment by using the first connection, where the customized information is used to indicate the encrypted communication content customized by the user equipment.
  • the transceiver 702 is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
  • the server provided by the embodiment of the present invention establishes a connection with the user equipment according to the first address or the second address by receiving the connection request message sent by the user equipment, and performs non-encrypted communication or encrypted communication with the user equipment through the connection.
  • Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selectively encrypted according to the encryption requirements.
  • various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. Therefore, on the basis of the existing transport layer encryption protocol, the application layer data is selectively encrypted, and under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
  • an embodiment of the present invention provides a data transmission system, including a user equipment and a server.
  • the user equipment is the user equipment described in the embodiment corresponding to FIG. 4, and the server is the server described in the embodiment corresponding to FIG. 5, and is used as the first server.
  • the user equipment is the user equipment described in the embodiment corresponding to FIG. 6, and the server is the server described in the embodiment corresponding to FIG. 7, and is used as the first server.
  • the user equipment obtains an access address of the first server, and performs non-encrypted communication and encrypted communication with the first server according to the first address and the second address. Since the transport layer addresses of the first address and the second address are the same, the non-encrypted communication and the encrypted communication share the same network layer connection while occupying different transport layer connections, so the application layer data can be selected to pass the non-encrypted communication according to the encryption requirement. Or the transport layer connection occupied by the encrypted communication is transmitted, that is, the transport layer data is selectively encrypted.
  • the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency.
  • various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium may be any available media that can be accessed by a computer.
  • the computer readable medium may include random access memory (English name: Random Access Memory, English abbreviation: RAM), read only memory (English full name: Read Only Memory, English abbreviation: ROM), electrically erasable Programmable Read Only Memory (English full name: Electrically Erasable Programmable Read Only Memory, English abbreviation: EEPROM), read-only optical disc (English full name: Compact Disc Read Only Memory, English abbreviation: CD-ROM) or other optical disc storage, disk storage media Or other magnetic storage devices, or can be used to carry or store periods with instructions or data structures Program code and any other medium that can be accessed by a computer. Also. Any connection may suitably be a computer readable medium.
  • the software uses coaxial cable, fiber optic cable, twisted pair, digital subscriber line (English full name: Digital Subscriber Line, English abbreviation: DSL) or wireless technologies such as infrared, radio and microwave from the website, server or Other remote source transmissions, such as coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwave, are included in the fixing of the associated medium.
  • coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwave
  • the disc and the disc include a compact disc (English full name: Compact Disc, English abbreviation: CD), a laser disc, a disc, a digital versatile disc (English full name: Digital Versatile Disc, English abbreviation: DVD), a floppy disk and Blu-ray discs, in which discs are usually magnetically replicated, while discs use lasers to optically replicate data. Combinations of the above should also be included within the scope of the computer readable media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An embodiment of the present invention relates to the field of communications, and provides a data transmission method, device and system. The present invention can selectively encrypt data of an application layer, thereby reducing resource consumption in a communication process and improving communication efficiency while ensuring data security. The specific solution is as follows: acquiring an access address of a first server, the access address comprising a first address and a second address, wherein the first address and the second address comprise a network layer address and a transport layer address, and the transport layer address of the first address is different from the transport layer address of the second address; transmitting a connection request message to the first server, and establishing a connection with the first server, the connection request message comprising the first address or the second address; and performing a non-encrypted communication and/or an encrypted communication with the first server via the connection. The present invention is used for data transmission.

Description

一种数据传输方法、设备及系统Data transmission method, device and system 技术领域Technical field
本发明涉及通信领域,尤其涉及一种数据传输方法、设备及系统。The present invention relates to the field of communications, and in particular, to a data transmission method, device, and system.
背景技术Background technique
在由用户设备(英文全称:User Equipment,简称:UE)和服务器(英文:Server)组成的通信系统中,用户设备通过本地安装的客户端(英文:Client)访问服务器,与服务器进行数据交互。在数据交互过程中,常涉及到对数据的加密处理,以提高数据安全性,防止数据泄密。现有的加密协议包括安全套接层(英文全称:Secure Sockets Layer,英文简称:SSL)协议和传输层安全(英文全称:Transport Layer Security,英文简称:TLS)协议等。In a communication system consisting of a user equipment (English name: User Equipment, UE for short) and a server (English: Server), the user equipment accesses the server through a locally installed client (English: Client) to perform data interaction with the server. In the process of data interaction, data encryption is often involved to improve data security and prevent data leakage. The existing encryption protocols include the Secure Sockets Layer (English name: SSL) protocol and the Transport Layer Security (English name: TLS) protocol.
这些加密协议是传输层的加密协议,其本身对应用层数据并不做区分。现有技术中,在采用以上现有加密协议进行数据加密时,往往是对应用层数据全部进行加密处理。These encryption protocols are the encryption protocols of the transport layer, which themselves do not distinguish between application layer data. In the prior art, when data encryption is performed by using the above existing encryption protocol, the application layer data is all encrypted.
而事实上,在实际的数据交互过程中,有些数据需要进行加密,而有些数据并不需要进行加密。对这些并不需要加密的数据进行加密处理,会导致对用户设备和服务器资源的浪费,而且加密处理后的数据总量大于加密前数据总量,因此传输加密数据需要占用更多网络资源和时间,耗用更多流量,使得用户设备和服务器之间进行数据交互过程时耗时耗能,通信效率低下。In fact, in the actual data interaction process, some data needs to be encrypted, and some data does not need to be encrypted. Encrypting these data that does not need to be encrypted will result in waste of user equipment and server resources, and the total amount of data after encryption processing is greater than the total amount of data before encryption. Therefore, transmission of encrypted data requires more network resources and time. It consumes more traffic, which makes the data interaction process between the user equipment and the server time-consuming and energy-consuming, and the communication efficiency is low.
发明内容Summary of the invention
本发明的实施例提供一种数据传输方法、设备及系统,能够对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低通信过程中的资源耗用,提高通信效率。Embodiments of the present invention provide a data transmission method, device, and system, which are capable of selectively encrypting application layer data, reducing resource consumption in a communication process and improving communication efficiency under the premise of ensuring data security.
为达到上述目的,本发明的实施例采用如下技术方案:In order to achieve the above object, embodiments of the present invention adopt the following technical solutions:
第一方面,一种数据传输方法,包括:In a first aspect, a data transmission method includes:
获取第一服务器的访问地址,所述访问地址包括第一地址和第 二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;Obtaining an access address of the first server, where the access address includes the first address and the first a second address, wherein the first address and the second address comprise a network layer address and a transport layer address, and a transport layer address of the first address and a transport layer address of the second address are different;
向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,所述连接请求消息包括所述第一地址或者所述第二地址;Sending a connection request message to the first server, establishing a connection with the first server, where the connection request message includes the first address or the second address;
通过所述连接与所述第一服务器进行非加密通信和/或加密通信。Non-encrypted communication and/or encrypted communication with the first server over the connection.
结合第一方面,在第一种可能的实现方式中,In combination with the first aspect, in a first possible implementation manner,
所述向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,包括:向所述第一服务器发送第一连接请求消息,与所述第一服务器建立第一连接,其中所述第一连接请求消息包括所述第一地址;The sending a connection request message to the first server, and establishing a connection with the first server, includes: sending a first connection request message to the first server, and establishing a first connection with the first server, where The first connection request message includes the first address;
所述通过所述连接与所述第一服务器进行非加密通信和/或加密通信,包括:通过所述第一连接与所述第一服务器进行非加密通信。The performing non-encrypted communication and/or encrypted communication with the first server over the connection includes performing non-encrypted communication with the first server over the first connection.
结合第一方面或者第一方面的第一种可能的实现方式,在第二种可能的实现方式中,With reference to the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner,
所述向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,包括:向所述第一服务器发送第二连接请求消息,与所述第一服务器建立第二连接,其中所述第二连接请求消息包括所述第二地址;The sending a connection request message to the first server, and establishing a connection with the first server, includes: sending a second connection request message to the first server, and establishing a second connection with the first server, where The second connection request message includes the second address;
所述通过所述连接与所述第一服务器进行非加密通信和/或加密通信,包括:通过所述第二连接与所述第一服务器进行加密通信。The performing non-encrypted communication and/or encrypted communication with the first server through the connection includes: performing encrypted communication with the first server through the second connection.
结合第一方面的第二种可能的实现方式,在第三种可能的实现方式中,在所述第一连接和所述第二连接其中之一建立之后,所述方法还包括:In conjunction with the second possible implementation of the first aspect, in a third possible implementation, after the one of the first connection and the second connection is established, the method further includes:
所述向所述第一服务器发送第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,Before sending the first connection request message to the first server, if the second connection has been established, disconnecting the second connection; or
所述向所述第一服务器发送第二连接请求消息之前,如果所述 第一连接已经建立,则断开所述第一连接。Before sending the second connection request message to the first server, if The first connection has been established and the first connection is broken.
结合第一方面的第三种可能的实现方式,在第四种可能的实现方式中,In conjunction with the third possible implementation of the first aspect, in a fourth possible implementation,
在所述断开所述第一连接之前,通过所述第一连接与所述第一服务器进行非加密通信,所述方法还包括:接收所述第一服务器通过所述第一连接发送的加密通信请求;Performing non-encrypted communication with the first server through the first connection before the disconnecting the first connection, the method further comprising: receiving an encryption sent by the first server by using the first connection Communication request
在断开所述第一连接并建立所述第二连接之后,所述通过所述第二连接与所述第一服务器进行加密通信,包括:响应所述加密通信请求,通过所述第二连接与所述第一服务器进行加密通信。After disconnecting the first connection and establishing the second connection, the encrypting communication with the first server by the second connection comprises: responding to the encrypted communication request, by the second connection Encrypted communication with the first server.
结合第一方面的第三种可能的实现方式,在第五种可能的实现方式中,所述方法还包括:In conjunction with the third possible implementation of the first aspect, in a fifth possible implementation, the method further includes:
接收所述第一服务器通过所述第二连接发送的加密通信完成的指示消息;Receiving an indication message that the first server completes the encrypted communication sent by the second connection;
断开所述第二连接并建立所述第一连接。Disconnecting the second connection and establishing the first connection.
结合第一方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第六种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the first aspect, in a sixth possible implementation,
所述通过所述第一连接与所述第一服务器进行非加密通信,包括:通过所述第一连接向所述第一服务器发送定制信息,所述定制信息用于向所述第一服务器指示定制的加密通信内容。The performing non-encrypted communication with the first server by using the first connection includes: sending, by using the first connection, customization information to the first server, where the customization information is used to indicate to the first server Customized encrypted communication content.
结合第一方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第七种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the first aspect, in a seventh possible implementation,
所述通过所述第一连接与所述第一服务器进行非加密通信,包括:通过所述第一连接向所述第一服务器发送心跳消息,以保持所述第一连接。The performing non-encrypted communication with the first server by using the first connection includes: sending a heartbeat message to the first server by using the first connection, to maintain the first connection.
结合第一方面至第一方面的第七种可能的实现方式中的任一种,在第八种可能的实现方式中,所述获取第一服务器的访问地址,包括:With reference to the first aspect to any one of the seventh possible implementation manners of the first aspect, in the eighth possible implementation manner, the acquiring an access address of the first server includes:
从预设的服务器列表中获取所述第一服务器的访问地址;Obtaining an access address of the first server from a preset server list;
或者,从第二服务器获取所述第一服务器的访问地址。 Alternatively, the access address of the first server is obtained from the second server.
第二方面,一种数据传输方法,包括:In a second aspect, a data transmission method includes:
接收用户设备发送的连接请求消息,与所述用户设备建立连接,所述连接请求消息包括第一地址或者第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;Receiving a connection request message sent by the user equipment, establishing a connection with the user equipment, where the connection request message includes a first address or a second address; wherein the first address and the second address comprise a network layer address and a transmission a layer address, the transport layer address of the first address and the transport layer address of the second address are different;
通过所述连接与所述用户设备进行非加密通信和/或加密通信。Non-encrypted communication and/or encrypted communication with the user equipment over the connection.
结合第二方面,在第一种可能的实现方式中,所述接收用户设备发送的连接请求消息,与所述用户设备建立连接,包括:With reference to the second aspect, in a first possible implementation, the receiving a connection request message sent by the user equipment, and establishing a connection with the user equipment, includes:
接收所述用户设备发送的第一连接请求消息,与所述用户设备建立第一连接,其中所述第一连接请求消息包括所述第一地址;Receiving a first connection request message sent by the user equipment, and establishing a first connection with the user equipment, where the first connection request message includes the first address;
所述通过所述连接与所述用户设备进行非加密通信和/或加密通信,包括:通过所述第一连接与所述用户设备进行非加密通信。The performing non-encrypted communication and/or encrypted communication with the user equipment through the connection includes: performing non-encrypted communication with the user equipment by using the first connection.
结合第二方面或者第二方面的一种可能的实现方式,在第二种可能的实现方式中,With reference to the second aspect or a possible implementation manner of the second aspect, in a second possible implementation manner,
所述接收用户设备发送的连接请求消息,与所述用户设备建立连接,包括:接收所述用户设备发送的第二连接请求消息,与所述用户设备建立第二连接,其中所述第二连接请求消息包括所述第二地址;Receiving the connection request message sent by the user equipment, establishing a connection with the user equipment, including: receiving a second connection request message sent by the user equipment, establishing a second connection with the user equipment, where the second connection The request message includes the second address;
所述通过所述连接与所述用户设备进行非加密通信和/或加密通信,包括:通过所述第二连接与所述第一服务器进行加密通信。The performing non-encrypted communication and/or encrypted communication with the user equipment through the connection includes: performing encrypted communication with the first server by using the second connection.
结合第二方面的第二种可能的实现方式,在第三种可能的实现方式中,在所述第一连接和所述第二连接其中之一建立之后,所述方法还包括:With reference to the second possible implementation of the second aspect, in a third possible implementation, after the one of the first connection and the second connection is established, the method further includes:
所述接收所述用户设备发送的第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,Before receiving the first connection request message sent by the user equipment, if the second connection has been established, disconnecting the second connection; or
所述接收所述用户设备发送的第二连接请求消息之前,如果所述第一连接已经建立,则断开所述第一连接。Before receiving the second connection request message sent by the user equipment, if the first connection has been established, disconnecting the first connection.
结合第二方面的第三种可能的实现方式,在第四种可能的实现方式中, In conjunction with the third possible implementation of the second aspect, in a fourth possible implementation,
在所述断开所述第一连接之前,通过所述第一连接与所述用户设备进行非加密通信,所述方法还包括:通过所述第一连接向所述用户设备发送加密通信请求;Before the disconnecting the first connection, performing non-encrypted communication with the user equipment by using the first connection, the method further includes: sending, by using the first connection, an encrypted communication request to the user equipment;
在断开所述第一连接并建立所述第二连接之后,通过所述第二连接与所述第一服务器进行加密通信。After disconnecting the first connection and establishing the second connection, encrypted communication is performed with the first server through the second connection.
结合第二方面的第三种可能的实现方式,在第五种可能的实现方式中,所述方法还包括:In conjunction with the third possible implementation of the second aspect, in a fifth possible implementation, the method further includes:
通过所述第二连接向所述用户设备发送加密通信完成的指示消息;Sending, by the second connection, an indication message that the encrypted communication is completed to the user equipment;
断开所述第二连接并建立所述第一连接。Disconnecting the second connection and establishing the first connection.
结合第二方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第六种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the second aspect, in a sixth possible implementation,
所述通过所述第一连接与所述用户设备进行非加密通信,包括:The performing non-encrypted communication with the user equipment by using the first connection includes:
所述通过所述第一连接与所述用户设备进行非加密通信,包括:The performing non-encrypted communication with the user equipment by using the first connection includes:
接收所述用户设备通过所述第一连接发送的定制信息,所述定制信息用于指示所述用户设备所定制的加密通信内容。Receiving, by the user equipment, customized information sent by the first connection, where the customized information is used to indicate encrypted communication content customized by the user equipment.
结合第二方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第七种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the second aspect, in a seventh possible implementation,
所述通过所述第一连接与所述用户设备进行非加密通信,包括:The performing non-encrypted communication with the user equipment by using the first connection includes:
接收所述用户设备通过所述第一连接发送的心跳消息,以保持所述第一连接。Receiving a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
第三方面,一种用户设备,包括:In a third aspect, a user equipment includes:
获取单元,用于获取第一服务器的访问地址,所述访问地址包括第一地址和第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;An obtaining unit, configured to obtain an access address of the first server, where the access address includes a first address and a second address, where the first address and the second address comprise a network layer address and a transport layer address, The transport layer address of the first address is different from the transport layer address of the second address;
连接单元,用于通过收发单元向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,所述连接请求消息包括所述第一地址或者所述第二地址; a connection unit, configured to send a connection request message to the first server by using a transceiver unit, to establish a connection with the first server, where the connection request message includes the first address or the second address;
所述收发单元,用于通过所述连接与所述第一服务器进行非加密通信和/或加密通信。The transceiver unit is configured to perform non-encrypted communication and/or encrypted communication with the first server by using the connection.
结合第三方面,在第一种可能的实现方式中,In combination with the third aspect, in a first possible implementation manner,
所述连接单元,具体用于通过所述收发单元向所述第一服务器发送第一连接请求消息,与所述第一服务器建立第一连接,其中所述第一连接请求消息包括所述第一地址;The connecting unit is configured to send a first connection request message to the first server by using the transceiver unit, and establish a first connection with the first server, where the first connection request message includes the first address;
所述收发单元,具体用于通过所述第一连接与所述第一服务器进行非加密通信。The transceiver unit is specifically configured to perform non-encrypted communication with the first server by using the first connection.
结合第三方面或者第三方面的第一种可能的实现方式,在第二种可能的实现方式中,With reference to the third aspect or the first possible implementation manner of the third aspect, in a second possible implementation manner,
所述连接单元,具体还用于通过所述收发单元向所述第一服务器发送第二连接请求消息,与所述第一服务器建立第二连接,其中所述第二连接请求消息包括所述第二地址;The connecting unit is further configured to send, by using the transceiver unit, a second connection request message to the first server, to establish a second connection with the first server, where the second connection request message includes the Second address
所述收发单元,具体还用于通过所述第二连接与所述第一服务器进行加密通信。The transceiver unit is specifically configured to perform encrypted communication with the first server by using the second connection.
结合第三方面的第二种可能的实现方式,在第三种可能的实现方式中,在所述第一连接和所述第二连接其中之一建立之后,In conjunction with the second possible implementation of the third aspect, in a third possible implementation, after one of the first connection and the second connection is established,
所述连接单元,还用于在向所述第一服务器发送第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,The connecting unit is further configured to disconnect the second connection if the second connection has been established before sending the first connection request message to the first server; or
所述连接单元,还用于在向所述第一服务器发送第二连接请求消息之前,如果所述第一连接已经建立,则断开所述第一连接。The connecting unit is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
结合第三方面的第三种可能的实现方式,在第四种可能的实现方式中,In conjunction with the third possible implementation of the third aspect, in a fourth possible implementation,
所述收发单元,还用于接收所述第一服务器通过所述第一连接发送的加密通信请求;The transceiver unit is further configured to receive an encrypted communication request sent by the first server by using the first connection;
所述连接单元还用于根据所述所述加密通信请求断开所述第一连接并建立所述第二连接;The connecting unit is further configured to disconnect the first connection and establish the second connection according to the encrypted communication request;
所述收发单元,还用于响应所述加密通信请求,通过所述第二 连接与所述第一服务器进行加密通信。The transceiver unit is further configured to respond to the encrypted communication request by using the second The connection is in encrypted communication with the first server.
结合第三方面的第三种可能的实现方式,在第五种可能的实现方式中,In conjunction with the third possible implementation of the third aspect, in a fifth possible implementation manner,
所述收发单元,还用于接收所述第一服务器通过所述第二连接发送的加密通信完成的指示消息;The transceiver unit is further configured to receive an indication message that the first server completes the encrypted communication sent by using the second connection;
所述连接单元,还用于根据所述指示消息断开所述第二连接并建立所述第一连接。The connecting unit is further configured to disconnect the second connection according to the indication message and establish the first connection.
结合第三方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第六种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the third aspect, in a sixth possible implementation,
所述收发单元,还用于通过所述第一连接向所述第一服务器发送定制信息,所述定制信息用于向所述第一服务器指示定制的加密通信内容。The transceiver unit is further configured to send, by using the first connection, customization information to the first server, where the customization information is used to indicate customized encrypted communication content to the first server.
结合第三方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第七种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the third aspect, in a seventh possible implementation,
所述收发单元,还用于通过所述第一连接向所述第一服务器发送心跳消息,以保持所述第一连接。The transceiver unit is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
结合第三方面至第三方面的第七种可能的实现方式中的任一种,在第八种可能的实现方式中,With reference to any one of the third aspect to the seventh possible implementation manner of the third aspect, in an eighth possible implementation manner,
所述获取单元,具体用于从预设的服务器列表中获取所述第一服务器的访问地址;The obtaining unit is specifically configured to obtain an access address of the first server from a preset server list.
所述获取单元,具体还用于从第二服务器获取所述第一服务器的访问地址。The obtaining unit is specifically configured to acquire an access address of the first server from a second server.
第四方面,一种服务器,用作第一服务器,包括:In a fourth aspect, a server is used as the first server, including:
连接单元,用于通过收发单元接收用户设备发送的连接请求消息,与所述用户设备建立连接,所述连接请求消息包括第一地址或者第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;a connection unit, configured to receive, by the transceiver unit, a connection request message sent by the user equipment, to establish a connection with the user equipment, where the connection request message includes a first address or a second address, where the first address and the first The second address includes a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different;
所述收发单元,还用于通过所述连接与所述用户设备进行非加 密通信和/或加密通信。The transceiver unit is further configured to perform non-addition with the user equipment by using the connection Confidential communication and/or encrypted communication.
结合第四方面,在第一种可能的实现方式中,In combination with the fourth aspect, in a first possible implementation manner,
所述连接单元,具体用于通过所述收发单元接收所述用户设备发送的第一连接请求消息,与所述用户设备建立第一连接,其中所述第一连接请求消息包括所述第一地址;The connecting unit is configured to: receive, by the transceiver unit, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address ;
所述收发单元,具体用于通过所述第一连接与所述用户设备进行非加密通信。The transceiver unit is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
结合第四方面或者第四方面的一种可能的实现方式,在第二种可能的实现方式中,With reference to the fourth aspect or a possible implementation manner of the fourth aspect, in a second possible implementation manner,
所述连接单元,具体还用于通过所述收发单元接收所述用户设备发送的第二连接请求消息,与所述用户设备建立第二连接,其中所述第二连接请求消息包括所述第二地址;The connecting unit is further configured to receive, by the transceiver unit, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address;
所述收发单元,具体还用于通过所述第二连接与所述用户设备进行加密通信。The transceiver unit is specifically configured to perform encrypted communication with the user equipment by using the second connection.
结合第四方面的第二种可能的实现方式,在第三种可能的实现方式中,在所述第一连接和所述第二连接其中之一建立之后,In conjunction with the second possible implementation of the fourth aspect, in a third possible implementation, after one of the first connection and the second connection is established,
所述连接单元,还用于在接收所述用户设备发送的第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,The connecting unit is further configured to: before receiving the first connection request message sent by the user equipment, disconnect the second connection if the second connection has been established; or
所述连接单元,还用于在接收所述用户设备发送的第二连接请求消息之前,如果所述第一连接已经建立,则断开所述第一连接。The connecting unit is further configured to: before receiving the second connection request message sent by the user equipment, if the first connection has been established, disconnect the first connection.
结合第四方面的第三种可能的实现方式,在第四种可能的实现方式中,In conjunction with the third possible implementation of the fourth aspect, in a fourth possible implementation manner,
所述收发单元,还用于通过所述第一连接向所述用户设备发送加密通信请求;The transceiver unit is further configured to send an encrypted communication request to the user equipment by using the first connection;
所述连接单元,还用于断开所述第一连接并建立所述第二连接;The connecting unit is further configured to disconnect the first connection and establish the second connection;
所述收发单元,还用于根据所述所述加密通信请求通过所述第二连接与所述第一服务器进行加密通信。The transceiver unit is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
结合第四方面的第三种可能的实现方式,在第五种可能的实现 方式中,Combined with the third possible implementation of the fourth aspect, in a fifth possible implementation In the way,
所述收发单元,还用于通过所述第二连接向所述用户设备发送加密通信完成的指示消息;The transceiver unit is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment;
所述连接单元,还用于断开所述第二连接并建立所述第一连接。The connecting unit is further configured to disconnect the second connection and establish the first connection.
结合第四方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第六种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the fourth aspect, in a sixth possible implementation,
所述收发单元,还用于接收所述用户设备通过所述第一连接发送的定制信息,所述定制信息用于指示所述用户设备所定制的加密通信内容。The transceiver unit is further configured to receive customized information that is sent by the user equipment by using the first connection, where the customized information is used to indicate encrypted communication content customized by the user equipment.
结合第四方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第七种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the fourth aspect, in a seventh possible implementation,
所述收发单元,还用于接收所述用户设备通过所述第一连接发送的心跳消息,以保持所述第一连接。The transceiver unit is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
第五方面,一种用户设备,包括处理器、收发器、存储器及总线,所述处理器及所述存储器通过所述总线相互连接;A fifth aspect is a user equipment, including a processor, a transceiver, a memory, and a bus, wherein the processor and the memory are connected to each other through the bus;
处理器,用于获取第一服务器的访问地址,所述访问地址包括第一地址和第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;a processor, configured to acquire an access address of the first server, where the access address includes a first address and a second address, where the first address and the second address comprise a network layer address and a transport layer address, The transport layer address of the first address is different from the transport layer address of the second address;
处理器,用于通过收发器向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,所述连接请求消息包括所述第一地址或者所述第二地址;a processor, configured to send a connection request message to the first server by using a transceiver, to establish a connection with the first server, where the connection request message includes the first address or the second address;
所述收发器,用于通过所述连接与所述第一服务器进行非加密通信和/或加密通信。The transceiver is configured to perform non-encrypted communication and/or encrypted communication with the first server through the connection.
结合第五方面,在第一种可能的实现方式中,In combination with the fifth aspect, in the first possible implementation manner,
所述处理器,具体用于通过所述收发器向所述第一服务器发送第一连接请求消息,与所述第一服务器建立第一连接,其中所述第一连接请求消息包括所述第一地址;The processor is configured to send a first connection request message to the first server by using the transceiver, and establish a first connection with the first server, where the first connection request message includes the first address;
所述收发器,具体用于通过所述第一连接与所述第一服务器进 行非加密通信。The transceiver is specifically configured to enter the first server by using the first connection Line non-encrypted communication.
结合第五方面或者第五方面的第一种可能的实现方式,在第二种可能的实现方式中,With reference to the fifth aspect or the first possible implementation manner of the fifth aspect, in a second possible implementation manner,
所述处理器,具体还用于通过所述收发器向所述第一服务器发送第二连接请求消息,与所述第一服务器建立第二连接,其中所述第二连接请求消息包括所述第二地址;The processor is further configured to send a second connection request message to the first server by using the transceiver, and establish a second connection with the first server, where the second connection request message includes the Second address
所述收发器,具体还用于通过所述第二连接与所述第一服务器进非加密通信。The transceiver is further configured to perform non-encrypted communication with the first server by using the second connection.
结合第五方面的第二种可能的实现方式,在第三种可能的实现方式中,在所述第一连接和所述第二连接其中之一建立之后,With reference to the second possible implementation manner of the fifth aspect, in a third possible implementation manner, after the one of the first connection and the second connection is established,
所述处理器,还用于在向所述第一服务器发送第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,The processor is further configured to disconnect the second connection if the second connection has been established before sending the first connection request message to the first server; or
所述处理器,还用于在向所述第一服务器发送第二连接请求消息之前,如果所述第一连接已经建立,则断开所述第一连接。The processor is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
结合第五方面的第三种可能的实现方式,在第四种可能的实现方式中,In conjunction with the third possible implementation of the fifth aspect, in a fourth possible implementation manner,
所述收发器,还用于接收所述第一服务器通过所述第一连接发送的加密通信请求;The transceiver is further configured to receive an encrypted communication request sent by the first server by using the first connection;
所述处理器,还用于根据所述加密通信请求断开所述第一连接并建立所述第二连接;The processor is further configured to disconnect the first connection and establish the second connection according to the encrypted communication request;
所述收发器,还用于响应所述加密通信请求,通过所述第二连接与所述第一服务器进行加密通信。The transceiver is further configured to perform encrypted communication with the first server by using the second connection in response to the encrypted communication request.
结合第五方面的第三种可能的实现方式,在第五种可能的实现方式中,In conjunction with the third possible implementation of the fifth aspect, in a fifth possible implementation manner,
所述收发器,还用于接收所述第一服务器通过所述第二连接发送的加密通信完成的指示消息;The transceiver is further configured to receive an indication message that the first server completes the encrypted communication sent by using the second connection;
所述收发器,还用于根据所述指示消息断开所述第二连接并建立所述第一连接。The transceiver is further configured to disconnect the second connection according to the indication message and establish the first connection.
结合第五方面的第一种可能的实现方式至第五种可能的实现方 式中的任一种,在第六种可能的实现方式中,Combining the first possible implementation of the fifth aspect with the fifth possible implementation Any one of the formulas, in a sixth possible implementation,
所述收发器,还用于通过所述第一连接向所述第一服务器发送定制信息,所述定制信息用于向所述第一服务器指示定制的加密通信内容。The transceiver is further configured to send, by using the first connection, customization information to the first server, where the customization information is used to indicate customized encrypted communication content to the first server.
结合第五方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第七种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the fifth aspect, in a seventh possible implementation manner,
所述收发器,还用于通过所述第一连接向所述第一服务器发送心跳消息,以保持所述第一连接。The transceiver is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
结合第五方面至第五方面的第七种可能的实现方式中的任一种,在第八种可能的实现方式中,With reference to any one of the fifth aspect to the seventh possible implementation manner of the fifth aspect, in an eighth possible implementation manner,
所述处理器,具体用于从预设的服务器列表中获取所述第一服务器的访问地址;The processor is specifically configured to obtain an access address of the first server from a preset server list.
所述处理器,具体还用于从第二服务器获取所述第一服务器的访问地址。The processor is further configured to acquire an access address of the first server from a second server.
第六方面,一种服务器,用作第一服务器,包括处理器、收发器、存储器及总线,所述处理器及所述存储器通过所述总线相互连接;In a sixth aspect, a server is used as a first server, including a processor, a transceiver, a memory, and a bus, and the processor and the memory are connected to each other through the bus;
所述处理器,用于通过收发器接收用户设备发送的连接请求消息,与所述用户设备建立连接,所述连接请求消息包括第一地址或者第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;The processor is configured to receive, by using a transceiver, a connection request message sent by the user equipment, to establish a connection with the user equipment, where the connection request message includes a first address or a second address, where the first address and the The second address includes a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different;
所述收发器,还用于通过所述连接与所述用户设备进行非加密通信和/或加密通信。The transceiver is further configured to perform non-encrypted communication and/or encrypted communication with the user equipment through the connection.
结合第六方面,在第一种可能的实现方式中,In combination with the sixth aspect, in a first possible implementation manner,
所述处理器,具体用于通过所述收发器接收所述用户设备发送的第一连接请求消息,与所述用户设备建立第一连接,其中所述第一连接请求消息包括所述第一地址;The processor is configured to receive, by using the transceiver, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address ;
所述收发器,具体用于通过所述第一连接与所述用户设备进行非加密通信。 The transceiver is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
结合第六方面或者第六方面的一种可能的实现方式,在第二种可能的实现方式中,With reference to the sixth aspect or a possible implementation manner of the sixth aspect, in a second possible implementation manner,
所述处理器,具体还用于通过所述收发器接收所述用户设备发送的第二连接请求消息,与所述用户设备建立第二连接,其中所述第二连接请求消息包括所述第二地址;The processor is further configured to receive, by the transceiver, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address;
所述收发器,具体还用于通过所述第二连接与所述用户设备进行加密通信。The transceiver is further configured to perform encrypted communication with the user equipment by using the second connection.
结合第六方面的第二种可能的实现方式,在第三种可能的实现方式中,在所述第一连接和所述第二连接其中之一建立之后,With reference to the second possible implementation manner of the sixth aspect, in a third possible implementation manner, after the one of the first connection and the second connection is established,
所述处理器,还用于在接收所述用户设备发送的第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,The processor is further configured to: before receiving the first connection request message sent by the user equipment, disconnect the second connection if the second connection has been established; or
所述处理器,还用于在接收所述用户设备发送的第二连接请求消息之前,如果所述第一连接已经建立,则断开所述第一连接。The processor is further configured to disconnect the first connection if the first connection has been established before receiving the second connection request message sent by the user equipment.
结合第六方面的第三种可能的实现方式,在第四种可能的实现方式中,In conjunction with the third possible implementation of the sixth aspect, in a fourth possible implementation,
所述收发器,还用于通过所述第一连接向所述用户设备发送加密通信请求;The transceiver is further configured to send an encrypted communication request to the user equipment by using the first connection;
所述处理器,还用于断开所述第一连接并建立所述第二连接;The processor is further configured to disconnect the first connection and establish the second connection;
所述收发器,还用于根据所述所述加密通信请求通过所述第二连接与所述第一服务器进行加密通信。The transceiver is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
结合第六方面的第三种可能的实现方式,在第五种可能的实现方式中,In conjunction with the third possible implementation of the sixth aspect, in a fifth possible implementation manner,
所述收发器,还用于通过所述第二连接向所述用户设备发送加密通信完成的指示消息;The transceiver is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment;
所述处理器,还用于断开所述第二连接并建立所述第一连接。The processor is further configured to disconnect the second connection and establish the first connection.
结合第六方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第六种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the sixth aspect, in a sixth possible implementation,
所述收发器,还用于接收所述用户设备通过所述第一连接发送 的定制信息,所述定制信息用于指示所述用户设备所定制的加密通信内容。The transceiver is further configured to receive, by the user equipment, the sending by using the first connection Customized information for indicating encrypted communication content customized by the user device.
结合第六方面的第一种可能的实现方式至第五种可能的实现方式中的任一种,在第七种可能的实现方式中,With reference to any one of the first possible implementation to the fifth possible implementation of the sixth aspect, in a seventh possible implementation,
所述收发器,还用于接收所述用户设备通过所述第一连接发送的心跳消息,以保持所述第一连接。The transceiver is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
第七方面,一种数据传输系统,包括用户设备和服务器;According to a seventh aspect, a data transmission system includes a user equipment and a server;
其中,所述用户设备为第三方面至第三方面的第八种可能的实现方式中的任一种所提供的用户设备;The user equipment is the user equipment provided by any one of the third aspect to the eighth possible implementation manner of the third aspect;
所述服务器为第四方面至第四方面的第七种可能的实现方式中的任一种所提供的服务器。The server is a server provided by any one of the fourth aspect to the seventh possible implementation of the fourth aspect.
第八方面,一种数据传输系统,包括用户设备和服务器;In an eighth aspect, a data transmission system includes a user equipment and a server;
其中,所述用户设备为第五方面至第五方面的第八种可能的实现方式中的任一种所述的用户设备;The user equipment is the user equipment according to any one of the eighth aspect to the eighth possible implementation manner of the fifth aspect;
所述服务器为第六方面至第六方面的第七种可能的实现方式中的任一种所述的服务器。The server is the server of any one of the seventh aspect to the seventh possible implementation of the sixth aspect.
本发明的实施例提供的数据传输方法、设备及系统,用户设备通过获取第一服务器的访问地址,并根据第一地址和第二地址与第一服务器进行非加密通信和加密通信。由于第一地址和第二地址的传输层地址相同,非加密通信和加密通信在共享同一网络层连接同时,各自占用不同的传输层连接,因此应用层数据可以根据加密需求,选择通过非加密通信或加密通信占用的传输层连接进行传输,即对传输层数据进行选择性加密处理。对于通过非加密通信传输的数据,用户设备和第一服务器无需对这些数据进行加密处理,因此减少了资源占用,缩短了通信时间,提高了通信效率。对于通过加密通信传输的数据,可以使用现有的各种传输层加密协议,例如SSL协议、TLS协议等。通过对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低了通信过程中的资源耗用,提高了通信效率。 The data transmission method, device and system provided by the embodiment of the present invention, the user equipment obtains an access address of the first server, and performs non-encrypted communication and encrypted communication with the first server according to the first address and the second address. Since the transport layer addresses of the first address and the second address are the same, the non-encrypted communication and the encrypted communication share the same network layer connection while occupying different transport layer connections, so the application layer data can be selected to pass the non-encrypted communication according to the encryption requirement. Or the transport layer connection occupied by the encrypted communication is transmitted, that is, the transport layer data is selectively encrypted. For data transmitted through non-encrypted communication, the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency. For data transmitted by encrypted communication, various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. By selectively encrypting the application layer data, under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only the present invention. For some embodiments, other drawings may be obtained from those of ordinary skill in the art without departing from the drawings.
图1为本发明的实施例一所提供的一种数据传输方法的流程示意图;1 is a schematic flowchart of a data transmission method according to Embodiment 1 of the present invention;
图2为本发明的实施例二所提供的一种数据传输方法的流程示意图;2 is a schematic flowchart of a data transmission method according to Embodiment 2 of the present invention;
图3为本发明的实施例三所提供的一种数据传输方法的流程示意图;3 is a schematic flowchart of a data transmission method according to Embodiment 3 of the present invention;
图4为本发明的实施例四所提供的一种用户设备的结构示意图;4 is a schematic structural diagram of a user equipment according to Embodiment 4 of the present invention;
图5为本发明的实施例五所提供的一种服务器的结构示意图;FIG. 5 is a schematic structural diagram of a server according to Embodiment 5 of the present invention; FIG.
图6为本发明的实施例六所提供的一种用户设备的结构示意图;FIG. 6 is a schematic structural diagram of a user equipment according to Embodiment 6 of the present invention;
图7为本发明的实施例七所提供的一种服务器的结构示意图。FIG. 7 is a schematic structural diagram of a server according to Embodiment 7 of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
为了便于清楚描述本发明实施例的技术方案,在本发明的实施例中,采用了“第一”、“第二”等字样对功能和作用基本相同的相同项或相似项进行区分,本领域技术人员可以理解“第一”、“第二”等字样并不是在对数量和执行次序进行限定。In order to facilitate the clear description of the technical solutions of the embodiments of the present invention, in the embodiments of the present invention, the words "first", "second" and the like are used to distinguish the same or similar items whose functions and functions are substantially the same, in the field. The skilled person will understand that the words "first" and "second" are not intended to limit the number and order of execution.
本发明的实施例提供一种数据传输方法,应用于包括用户设备和服务器的通信系统中。例如,用户设备可以通过个人账号登陆服务器,向服务器上传各种备份数据,同时用户也可以将服务器内的备份数据下载至本地,服务器也可以向用户推送广告、用户订阅信息等。用户设备和服务器之间的数据交互,可以通过加密通信的方式,也可以通过非加密通信的方式完成。例如,服务器推送的广告可以通过非加密通信发送至用户设备,而用户设备在登陆服务器时所传输的账号、密码信息,则可以通过加密通信发送至用户设备,以保证数据安全。在加密通信过程中,可以应用已有的各 种传输层加密协议,例如SSL协议、TLS协议等。Embodiments of the present invention provide a data transmission method applied to a communication system including a user equipment and a server. For example, the user equipment can log in to the server through a personal account, upload various backup data to the server, and the user can also download the backup data in the server to the local, and the server can also push advertisements, user subscription information, and the like to the user. The data interaction between the user equipment and the server can be accomplished by means of encrypted communication or by means of non-encrypted communication. For example, the advertisement pushed by the server can be sent to the user equipment through non-encrypted communication, and the account and password information transmitted by the user equipment when logging in to the server can be sent to the user equipment through encrypted communication to ensure data security. In the process of encrypted communication, existing existing ones can be applied. A transport layer encryption protocol, such as the SSL protocol, the TLS protocol, and the like.
实施例一Embodiment 1
本发明的实施例一提供一种数据传输方法,应用于用户设备,参照图1所示,包括以下步骤:A first embodiment of the present invention provides a data transmission method, which is applied to a user equipment. Referring to FIG. 1, the method includes the following steps:
101、获取第一服务器的访问地址。101. Obtain an access address of the first server.
其中,第一服务器为用户设备所要访问的服务器,第一服务器的访问地址包括第一地址和第二地址,分别用于进行非加密通信和加密通信。用户设备可以通过第一地址访问第一服务器,也可以通过第二地址访问第一服务器。The first server is a server to be accessed by the user equipment, and the access address of the first server includes a first address and a second address, which are used for performing non-encrypted communication and encrypted communication, respectively. The user equipment can access the first server through the first address, or access the first server through the second address.
第一地址和第二地址均包括网络层地址和传输层地址。网络层地址用于在网络中标识第一服务器,传输层地址用于标识第一服务器的传输层端口。第一地址的网络层地址和第二地址的网络层地址相同,第一地址的传输层地址和第二地址的传输层地址不同。The first address and the second address both include a network layer address and a transport layer address. The network layer address is used to identify the first server in the network, and the transport layer address is used to identify the transport layer port of the first server. The network layer address of the first address is the same as the network layer address of the second address, and the transport layer address of the first address is different from the transport layer address of the second address.
102、向第一服务器发送连接请求消息,与第一服务器建立连接。102. Send a connection request message to the first server to establish a connection with the first server.
其中,连接请求消息包括第一地址或者第二地址。The connection request message includes a first address or a second address.
由于第一地址的网络层地址和第二地址的网络层地址相同,当用户设备同时通过第一地址和第二地址访问第一服务器时,只需同第一服务器建立一个网络层连接,即加密通信和非加密通信共享一个网络层连接。Since the network layer address of the first address and the network layer address of the second address are the same, when the user equipment accesses the first server through the first address and the second address at the same time, only a network layer connection is established with the first server, that is, encryption. Communication and non-encrypted communication share a network layer connection.
由于第一地址的传输层地址和第二地址的传输层地址不同,用于加密通信的数据和用于非加密通信的数据可以通过传输层地址区分,当用户设备同时通过第一地址和第二地址访问第一服务器时,用户设备通过第一地址的传输层地址和第二地址的传输层地址和第一服务器建立两个传输层连接,即加密通信和非加密通信各占用一个传输层连接。Since the transport layer address of the first address and the transport layer address of the second address are different, data for encrypted communication and data for non-encrypted communication can be distinguished by the transport layer address when the user equipment simultaneously passes the first address and the second When the address accesses the first server, the user equipment establishes two transport layer connections with the first server by the transport layer address of the first address and the transport layer address of the second address, that is, the encrypted communication and the non-encrypted communication each occupy one transport layer connection.
103、通过连接与第一服务器进行非加密通信或加密通信。103. Perform non-encrypted communication or encrypted communication with the first server through a connection.
用户设备可以通过第一地址和第二地址分时访问第一服务器,也可以同时访问第一服务器,即非加密通信和加密通信可以单独进 行或者同时进行。The user equipment can access the first server in a time-sharing manner through the first address and the second address, or access the first server at the same time, that is, the non-encrypted communication and the encrypted communication can be separately entered. Line or at the same time.
当用户设备确定需要进行非加密通信时,根据第一地址与第一服务器建立连接,与第一服务器进行非加密通信。例如,用户设备需要通过第一服务器下载一个应用程序时,用户设备向第一服务器发送连接请求消息,连接请求消息包括第一地址。连接建立后,用户设备向第一服务器发送的下载请求消息,以及第一服务器向用户设备发送的安装包数据,均通过非加密通信进行传输。可选的,用户设备可以在非加密通信结束后断开与第一服务器的连接。When the user equipment determines that non-encrypted communication is required, establishing a connection with the first server according to the first address, and performing non-encrypted communication with the first server. For example, when the user equipment needs to download an application by using the first server, the user equipment sends a connection request message to the first server, where the connection request message includes the first address. After the connection is established, the download request message sent by the user equipment to the first server and the installation package data sent by the first server to the user equipment are transmitted through non-encrypted communication. Optionally, the user equipment may disconnect the first server after the non-encrypted communication ends.
当用户设备确定需要进行加密通信时,根据第二地址与第一服务器建立连接,与第一服务器备进行加密通信。进一步地,用户设备可以在加密通信结束后断开与第一服务器的连接。When the user equipment determines that the encrypted communication is required, the user establishes a connection with the first server according to the second address, and performs encrypted communication with the first server. Further, the user equipment may disconnect the connection with the first server after the encrypted communication ends.
本发明的实施例提供的数据传输方法,用户设备通过获取第一服务器的访问地址,并根据第一地址和第二地址与第一服务器进行非加密通信和加密通信。非加密通信和加密通信共享同一网络层连接,各自占用不同的传输层连接,因此应用层数据可以根据加密需求,选择通过非加密通信或加密通信占用的传输层连接进行传输,即对传输层数据进行选择性加密处理。对于通过非加密通信传输的数据,用户设备和第一服务器无需对这些数据进行加密处理,因此减少了资源占用,缩短了通信时间,提高了通信效率。对于通过加密通信传输的数据,可以使用现有的各种传输层加密协议,例如SSL协议、TLS协议等。通过对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低了通信过程中的资源耗用,提高了通信效率。According to the data transmission method provided by the embodiment of the present invention, the user equipment obtains an access address of the first server, and performs non-encrypted communication and encrypted communication with the first server according to the first address and the second address. Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selected to be transmitted through the transport layer connection occupied by non-encrypted communication or encrypted communication according to the encryption requirement, that is, the transport layer data Perform selective encryption processing. For data transmitted through non-encrypted communication, the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency. For data transmitted by encrypted communication, various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. By selectively encrypting the application layer data, under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
实施例二Embodiment 2
结合图1所对应的实施例,本发明的实施例二提供一种数据传输方法,应用于第一服务器,参照图2所示,包括以下步骤:With reference to the embodiment corresponding to FIG. 1, the second embodiment of the present invention provides a data transmission method, which is applied to a first server, as shown in FIG. 2, and includes the following steps:
201、接收用户设备发送的连接请求消息,与用户设备建立连接,连接请求消息包括第一地址或者第二地址。201. Receive a connection request message sent by the user equipment, and establish a connection with the user equipment, where the connection request message includes a first address or a second address.
其中,第一地址和第二地址包括网络层地址和传输层地址。第 一地址的网络层地址和第二地址的网络层地址相同,第一地址的传输层地址和第二地址的传输层地址不同。The first address and the second address include a network layer address and a transport layer address. First The network layer address of an address is the same as the network layer address of the second address, and the transport layer address of the first address is different from the transport layer address of the second address.
当接收到用户设备发送的连接请求消息时,根据连接请求消息中的第一地址或者第二地址,与用户设备建立连接,从而使得用户设备能够通过第一地址或者第二地址访问第一服务器。When receiving the connection request message sent by the user equipment, establishing a connection with the user equipment according to the first address or the second address in the connection request message, so that the user equipment can access the first server by using the first address or the second address.
202、通过连接与用户设备进行非加密通信或加密通信。202. Perform non-encrypted communication or encrypted communication with the user equipment through the connection.
当连接请求消息包括第一地址时,第一服务器与用户设备之间的连接建立后,第一服务器与用户设备进行非加密通信。当连接请求消息包括第二地址时,第一服务器与用户设备之间的连接建立后,第一服务器与用户设备进行加密通信。When the connection request message includes the first address, the first server performs non-encrypted communication with the user equipment after the connection between the first server and the user equipment is established. When the connection request message includes the second address, after the connection between the first server and the user equipment is established, the first server performs encrypted communication with the user equipment.
非加密通信和加密通信可以单独进行或者同时进行,当同时进行时,非加密通信和加密通信共享一个网络层连接,并各自占用一个传输层连接,因此应用层数据可以根据加密需求,选择通过非加密通信或加密通信所占用的传输层连接进行传输,即对传输层数据进行了选择性加密处理。Non-encrypted communication and encrypted communication can be performed separately or simultaneously. When simultaneously, non-encrypted communication and encrypted communication share a network layer connection and each occupies a transmission layer connection, so application layer data can be selected according to encryption requirements. The transport layer connection occupied by the encrypted communication or the encrypted communication is transmitted, that is, the transport layer data is selectively encrypted.
本发明的实施例提供的数据传输方法,第一服务器通过接收用户设备发送的连接请求消息,根据第一地址或者第二地址与用户设备建立连接,并通过连接与用户设备进行非加密通信或加密通信。非加密通信和加密通信共享同一网络层连接,各自占用不同的传输层连接,因此对于应用层数据可以根据加密需求,进行选择性加密处理。在进行加密通信时,可以使用现有的各种传输层加密协议,例如SSL协议、TLS协议等。从而在现有的传输层加密协议的基础上,对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低了通信过程中的资源耗用,提高了通信效率。According to the data transmission method provided by the embodiment of the present invention, the first server establishes a connection with the user equipment according to the first address or the second address by receiving the connection request message sent by the user equipment, and performs non-encrypted communication or encryption with the user equipment through the connection. Communication. Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selectively encrypted according to the encryption requirements. When performing encrypted communication, various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. Therefore, on the basis of the existing transport layer encryption protocol, the application layer data is selectively encrypted, and under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
实施例三Embodiment 3
基于图1及图2所对应的实施例,本发明的实施例三提供一种数据传输方法,用户设备和第一服务器根据第一地址建立第一连接,通过第一连接进行非加密通信,根据第二地址建立第二连接,通过第二连接进行加密通信。 Based on the embodiment corresponding to FIG. 1 and FIG. 2, the third embodiment of the present invention provides a data transmission method, where the user equipment and the first server establish a first connection according to the first address, and perform non-encrypted communication through the first connection, according to The second address establishes a second connection and performs encrypted communication over the second connection.
非加密通信和加密通信可以各自独立进行,即用户设备和第一服务器在通过第二连接进行加密通信同时,可以通过第一连接进行非加密通信。优选地,本发明的实施例三通过加密通信和非加密通信交替进行的方式,以减小用户设备和第一服务器在通信过程中对资源的占用。即在用户设备和第一服务器通过第一连接或者第二连接其中之一进行通信时,可以断开另一个连接。The non-encrypted communication and the encrypted communication can be performed independently, that is, the user equipment and the first server can perform non-encrypted communication through the first connection while performing encrypted communication through the second connection. Preferably, the third embodiment of the present invention alternates between encrypted communication and non-encrypted communication to reduce the occupation of resources by the user equipment and the first server during communication. That is, when the user equipment and the first server communicate via one of the first connection or the second connection, the other connection can be disconnected.
通常,需要通过第二连接传输的数据量,相对于需要通过第一连接传输的数据量要小很多,因此,实施例三中,将第一连接作为长连接,将第二连接作为短连接进行通信,即第一连接的保持时间相对较长,而第二连接只在需要进行加密通信时才建立,并在加密通信结束后断开,因此第二连接的保持时间相对较短。Generally, the amount of data that needs to be transmitted through the second connection is much smaller than the amount of data that needs to be transmitted through the first connection. Therefore, in the third embodiment, the first connection is used as a long connection and the second connection is used as a short connection. The communication, that is, the hold time of the first connection is relatively long, and the second connection is established only when encrypted communication is required, and is disconnected after the end of the encrypted communication, so the hold time of the second connection is relatively short.
参照图3所示,实施例三所提供的数据传输方法,具体包括以下步骤:Referring to FIG. 3, the data transmission method provided in Embodiment 3 specifically includes the following steps:
301、用户设备获取第一服务器的访问地址。301. The user equipment acquires an access address of the first server.
可选的,用户设备可以从预设的服务器列表中获取第一服务器的访问地址。Optionally, the user equipment may obtain an access address of the first server from a preset server list.
可选的,用户设备也可以从第二服务器获取第一服务器的访问地址。例如,在一种具体的应用场景中,用户设备通过第二服务器获取对各种服务的描述信息,并向第二服务器发送订阅服务的指示消息,第二服务器在接收到该指示消息后,根据该指示消息确定提供订阅服务的服务器为第一服务器,然后将第一服务器的访问地址发送至用户设备。Optionally, the user equipment may also obtain an access address of the first server from the second server. For example, in a specific application scenario, the user equipment obtains description information about various services through the second server, and sends an indication message of the subscription service to the second server, and after receiving the indication message, the second server is configured according to the The indication message determines that the server providing the subscription service is the first server, and then sends the access address of the first server to the user equipment.
可选的,网络层地址具体可以是第一服务器的网际协议(英文全称:Internet Protocol,英文简称:IP)地址,传输层地址可以是传输控制协议(英文全称:Transmission Control Protocol,英文简称:TCP)端口号。Optionally, the network layer address may be an Internet Protocol (English name: Internet Protocol, English abbreviation: IP) address of the first server, and the transport layer address may be a transmission control protocol (English full name: Transmission Control Protocol, English abbreviation: TCP) )The port number.
例如,第一地址为10.11.1.0:5223,第二地址为10.11.1.0:5224,则用户设备通过访问10.11.1.0这个IP地址与第一服务器建立网络层连接。进一步地,通过TCP端口号5223建立第一连接以进行非加密通信,通过TCP端口号5224建立第二连接以进行加密通信。 当然,第一地址或者第二地址也可以是域名的形式。例如第一地址对应的域名为WWW.xxx.nonencrpt.com,第二地址对应的域名为WWW.xxx.encrpt.com。For example, if the first address is 10.11.1.0:5223 and the second address is 10.11.1.0:5224, the user equipment establishes a network layer connection with the first server by accessing the IP address of 10.11.1.0. Further, the first connection is established by TCP port number 5223 for non-encrypted communication, and the second connection is established by TCP port number 5224 for encrypted communication. Of course, the first address or the second address may also be in the form of a domain name. For example, the domain name corresponding to the first address is WWW.xxx.nonencrpt.com, and the domain name corresponding to the second address is WWW.xxx.encrpt.com.
302、用户设备向第一服务器发送第一连接请求消息,与第一服务器建立第一连接,其中第一连接请求消息包括第一地址。302. The user equipment sends a first connection request message to the first server, and establishes a first connection with the first server, where the first connection request message includes the first address.
其中,第一连接请求消息包括第一地址。The first connection request message includes a first address.
结合步骤301,传输层地址具体为TCP端口号时,第一连接为TCP连接。本领域技术人员可以理解,根据第一地址经过3次握手建立TCP连接,具体过程不再赘述。In combination with step 301, when the transport layer address is specifically a TCP port number, the first connection is a TCP connection. A person skilled in the art can understand that the TCP connection is established after the third handshake according to the first address, and the specific process is not described again.
303、用户设备和第一服务器通过第一连接进行非加密通信。303. The user equipment and the first server perform non-encrypted communication through the first connection.
非加密通信具体包括用户设备接收第一服务器通过第一连接发送的非加密信息。和/或用户设备通过第一连接向第一服务器发送非加密信息。非加密信息可以是用户设备向第一服务器发送的获取某个服务的请求,以及第一服务器向用户设备发送的服务信息等,也可以是心跳消息(英文全称:Heartbeat Message),用户设备通过向第一服务器发送心跳消息保持第一连接,以保持第一连接,防止第一连接被防火墙或者其它网元断开。The non-encrypted communication specifically includes the user equipment receiving the non-encrypted information sent by the first server through the first connection. And/or the user equipment sends non-encrypted information to the first server over the first connection. The non-encrypted information may be a request for obtaining a service sent by the user equipment to the first server, and a service information sent by the first server to the user equipment, or may be a heartbeat message (English name: Heartbeat Message), and the user equipment passes the The first server sends a heartbeat message to maintain the first connection to maintain the first connection, preventing the first connection from being disconnected by the firewall or other network element.
可选的,用户设备对加密通信的内容进行定制,即确定哪些数据通过加密通信的方式传输,并通过第一连接向第一服务器发送定制信息,向第一服务器指示定制的加密通信内容。Optionally, the user equipment customizes the content of the encrypted communication, that is, determines which data is transmitted by means of encrypted communication, and sends the customized information to the first server through the first connection, and indicates the customized encrypted communication content to the first server.
用户设备通过定制加密通信的内容,可以满足用户对数据安全的差异化需求,兼顾用户对流量、通信效率的需求。例如,在一种具体的应用场景中,第一服务器向用户设备提供资料备份服务,以及资讯推送的服务。用户设备将资讯服务添加到定制信息中。那么用户设备可以通过第一连接上传或者下载备份资料,而对于资讯内容,第一服务器将通过第二连接向用户设备推送,从而根据定制信息通过第一连接和第二连接对应用层数据进行选择性加密处理。By customizing the content of encrypted communication, the user equipment can meet the user's differentiated needs for data security, and take into account the user's demand for traffic and communication efficiency. For example, in a specific application scenario, the first server provides a data backup service to the user equipment, and a service of information push. The user device adds the information service to the customized information. Then, the user equipment can upload or download the backup data through the first connection, and for the information content, the first server will push the user equipment through the second connection, thereby selecting the application layer data through the first connection and the second connection according to the customized information. Sexual encryption processing.
304、第一服务器通过第一连接向用户设备发送加密通信请求。304. The first server sends an encrypted communication request to the user equipment by using the first connection.
当第一服务器需要发起加密通信时,通过第一连接向用户设备发送加 密通信请求。例如,结合步骤303中资讯推送的应用场景,当第一服务器有新的内容向用户设备推送时,就通过第一连接向用户设备发送加密通信请求。When the first server needs to initiate an encrypted communication, the first connection is sent to the user equipment. Confidential communication request. For example, in combination with the application scenario pushed by the information in step 303, when the first server has new content pushed to the user equipment, the encrypted communication request is sent to the user equipment through the first connection.
305、用户设备断开第一连接。305. The user equipment disconnects the first connection.
在用户设备和第一服务器通过第一连接或者第二连接其中之一进行通信时,可以断开另一个连接。When the user device and the first server communicate via one of the first connection or the second connection, the other connection can be disconnected.
306、用户设备向第一服务器发送第二连接请求消息,与第一服务器建立第二连接。306. The user equipment sends a second connection request message to the first server, and establishes a second connection with the first server.
其中第二连接请求消息包括第二地址。The second connection request message includes a second address.
用户设备在接收到第一服务器发送的加密通信请求后,断开第一连接,然后建立第二连接,通过第一连接和第二连接交替地进行非加密通信和加密通信,相对于保持两个连接的情况,降低了对用户设备和第一服务器在通信过程中对资源的占用。After receiving the encrypted communication request sent by the first server, the user equipment disconnects the first connection, and then establishes a second connection, and alternately performs non-encrypted communication and encrypted communication through the first connection and the second connection, while maintaining two In the case of a connection, the occupation of resources by the user equipment and the first server during communication is reduced.
307、用户设备和第一服务器通过第二连接进行加密通信。307. The user equipment and the first server perform encrypted communication by using the second connection.
第二连接建立后,第一服务器就可以向用户设备发送加密信息。其中,加密信息的内容可以是用户设备发送的定制信息所指定的内容,也可以是第一服务器根据预设的分类列表所指定的需要加密的内容。同时,用户设备也可以通过第二连接向第一服务器请求其它服务。After the second connection is established, the first server can send the encrypted information to the user equipment. The content of the encrypted information may be the content specified by the customized information sent by the user equipment, or may be the content that needs to be encrypted by the first server according to the preset classification list. At the same time, the user equipment can also request other services from the first server through the second connection.
从应用层来讲,只要有第一连接和第二连接中的一个连接存在,用户设备和第一服务器的应用层连接就建立了,非加密通信和加密通信的交替进行并不会造成应用层数据传输的中断。From the application layer, as long as one of the first connection and the second connection exists, the application layer connection between the user equipment and the first server is established, and the alternate operation of the non-encrypted communication and the encrypted communication does not cause the application layer. Interruption of data transmission.
308、第一服务器通过第二连接向用户设备发送加密通信完成的指示消息。308. The first server sends an indication message that the encrypted communication is completed to the user equipment by using the second connection.
具体的,以步骤304中描述的资讯推送的应用场景为例,当信息推送结束后,第一服务器向用户设备指示加密信息已经发送结束,以便用户设备在接收到指示消息后断开第二连接。Specifically, the application scenario that is pushed by the information described in step 304 is taken as an example. After the information is pushed, the first server indicates to the user equipment that the encrypted information has been sent, so that the user equipment disconnects the second connection after receiving the indication message. .
309、用户设备断开第二连接,并重新向第一服务器发送第一连接请求消息,与第一服务器建立第一连接。 309. The user equipment disconnects the second connection, and sends a first connection request message to the first server to establish a first connection with the first server.
可选的,重新建立第一连接后,用户设备通过向第一服务器发送心跳消息保持第一连接。Optionally, after the first connection is re-established, the user equipment maintains the first connection by sending a heartbeat message to the first server.
本发明的实施例提供的数据传输方法,用户设备和第一服务器通过第一连接和第二连接交替地进行非加密通信和加密通信,在一个时间点只需保持一个连接,相对于保持两个连接的情况,降低了对用户设备和第一服务器在通信过程中对资源的占用。其中,在进行加密通信时,可以使用现有的各种传输层加密协议,例如SSL协议、TLS协议等。从而在现有的传输层加密协议的基础上,对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低了通信过程中的资源耗用,提高了通信效率。According to the data transmission method provided by the embodiment of the present invention, the user equipment and the first server alternately perform non-encrypted communication and encrypted communication through the first connection and the second connection, and only one connection is maintained at one time point, and two connections are maintained. In the case of a connection, the occupation of resources by the user equipment and the first server during communication is reduced. Among them, when performing encrypted communication, various existing transport layer encryption protocols, such as the SSL protocol, the TLS protocol, and the like, can be used. Therefore, on the basis of the existing transport layer encryption protocol, the application layer data is selectively encrypted, and under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
实施例四Embodiment 4
本发明的实施例四提供一种用户设备,用于执行上述图1至图3对应的实施例所描述的数据传输方法中,用户设备的相应功能,参照图4所示,用户设备40具体包括:The fourth embodiment of the present invention provides a user equipment, which is used to perform the corresponding functions of the user equipment in the data transmission method described in the foregoing embodiments corresponding to FIG. 1 to FIG. 3. Referring to FIG. 4, the user equipment 40 specifically includes :
获取单元401,用于获取第一服务器的访问地址,访问地址包括第一地址和第二地址。其中,第一地址和第二地址包括网络层地址和传输层地址,第一地址的传输层地址和第二地址的传输层地址不同。The obtaining unit 401 is configured to obtain an access address of the first server, where the access address includes a first address and a second address. The first address and the second address include a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different.
连接单元402,用于通过收发单元403向第一服务器发送连接请求消息,与第一服务器建立连接,连接请求消息包括第一地址或者第二地址。The connection unit 402 is configured to send a connection request message to the first server by using the transceiver unit 403, and establish a connection with the first server, where the connection request message includes a first address or a second address.
收发单元403,用于通过连接与第一服务器进行非加密通信和/或加密通信。The transceiver unit 403 is configured to perform non-encrypted communication and/or encrypted communication with the first server by using a connection.
可选的,连接单元402,具体用于通过收发单元403向第一服务器发送第一连接请求消息,与第一服务器建立第一连接,其中第一连接请求消息包括第一地址。Optionally, the connecting unit 402 is configured to send a first connection request message to the first server by using the transceiver unit 403, and establish a first connection with the first server, where the first connection request message includes the first address.
收发单元403,具体用于通过第一连接与第一服务器进行非加密通信。The transceiver unit 403 is specifically configured to perform non-encrypted communication with the first server by using the first connection.
可选的,连接单元402,具体还用于通过收发单元403向第一 服务器发送第二连接请求消息,与第一服务器建立第二连接,其中第二连接请求消息包括第二地址。Optionally, the connecting unit 402 is specifically configured to be used by the transceiver unit 403 to The server sends a second connection request message to establish a second connection with the first server, wherein the second connection request message includes the second address.
收发单元403,具体还用于通过第二连接与第一服务器进行加密通信。The transceiver unit 403 is further configured to perform encrypted communication with the first server by using the second connection.
可选的,在第一连接和第二连接其中之一建立之后,Optionally, after one of the first connection and the second connection is established,
连接单元402,还用于在向第一服务器发送第一连接请求消息之前,如果第二连接已经建立,则断开第二连接。或者,The connecting unit 402 is further configured to disconnect the second connection if the second connection has been established before sending the first connection request message to the first server. or,
连接单元402,还用于在向第一服务器发送第二连接请求消息之前,如果第一连接已经建立,则断开第一连接。The connecting unit 402 is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
可选的,收发单元403,还用于接收第一服务器通过第一连接发送的加密通信请求。Optionally, the transceiver unit 403 is further configured to receive an encrypted communication request sent by the first server by using the first connection.
连接单元402还用于根据加密通信请求断开第一连接并建立第二连接。The connection unit 402 is further configured to disconnect the first connection and establish a second connection according to the encrypted communication request.
收发单元403,还用于响应加密通信请求,通过第二连接与第一服务器进行加密通信。The transceiver unit 403 is further configured to perform encrypted communication with the first server by using the second connection in response to the encrypted communication request.
可选的,收发单元403,还用于接收第一服务器通过第二连接发送的加密通信完成的指示消息。Optionally, the transceiver unit 403 is further configured to receive an indication message that the first server completes the encrypted communication sent by using the second connection.
连接单元402,还用于根据指示消息断开第二连接并建立第一连接。The connecting unit 402 is further configured to disconnect the second connection according to the indication message and establish a first connection.
可选的,收发单元403,还用于通过第一连接向第一服务器发送定制信息,定制信息用于向第一服务器指示定制的加密通信内容。Optionally, the transceiver unit 403 is further configured to send, by using the first connection, customization information to the first server, where the customization information is used to indicate the customized encrypted communication content to the first server.
可选的,收发单元403,还用于通过第一连接向第一服务器发送心跳消息,以保持第一连接。Optionally, the transceiver unit 403 is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
可选的,获取单元401,具体用于从预设的服务器列表中获取第一服务器的访问地址。Optionally, the obtaining unit 401 is specifically configured to obtain an access address of the first server from the preset server list.
获取单元401,具体还用于从第二服务器获取第一服务器的访问地址。The obtaining unit 401 is specifically configured to acquire an access address of the first server from the second server.
本发明的实施例提供的用户设备,通过获取第一服务器的访问地址,并根据第一地址和第二地址与第一服务器进行非加密通信和 加密通信。非加密通信和加密通信共享同一网络层连接,各自占用不同的传输层连接,因此应用层数据可以根据加密需求,选择通过非加密通信或加密通信占用的传输层连接进行传输,即对传输层数据进行选择性加密处理。对于通过非加密通信传输的数据,用户设备和第一服务器无需对这些数据进行加密处理,因此减少了资源占用,缩短了通信时间,提高了通信效率。对于通过加密通信传输的数据,可以使用现有的各种传输层加密协议,例如SSL协议、TLS协议等。通过对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低了通信过程中的资源耗用,提高了通信效率。The user equipment provided by the embodiment of the present invention acquires an access address of the first server, and performs non-encrypted communication with the first server according to the first address and the second address. Encrypted communication. Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selected to be transmitted through the transport layer connection occupied by non-encrypted communication or encrypted communication according to the encryption requirement, that is, the transport layer data Perform selective encryption processing. For data transmitted through non-encrypted communication, the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency. For data transmitted by encrypted communication, various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. By selectively encrypting the application layer data, under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
实施例五Embodiment 5
本发明的实施例五提供一种服务器,用于执行上述图1至图3对应的实施例所描述的数据传输方法中,第一服务器的相应功能。参照图5所示,服务器50具体包括:The fifth embodiment of the present invention provides a server for performing the corresponding functions of the first server in the data transmission method described in the foregoing embodiments corresponding to FIG. 1 to FIG. Referring to FIG. 5, the server 50 specifically includes:
连接单元501,用于通过收发单元502接收用户设备发送的连接请求消息,与用户设备建立连接,连接请求消息包括第一地址或者第二地址。其中,第一地址和第二地址包括网络层地址和传输层地址,第一地址的传输层地址和第二地址的传输层地址不同。The connection unit 501 is configured to receive, by using the transceiver unit 502, a connection request message sent by the user equipment, and establish a connection with the user equipment, where the connection request message includes a first address or a second address. The first address and the second address include a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different.
收发单元502,还用于通过连接与用户设备进行非加密通信和/或加密通信。The transceiver unit 502 is further configured to perform non-encrypted communication and/or encrypted communication with the user equipment through the connection.
可选的,连接单元501,具体用于通过收发单元502接收用户设备发送的第一连接请求消息,与用户设备建立第一连接,其中第一连接请求消息包括第一地址。Optionally, the connecting unit 501 is configured to receive, by the transceiver unit 502, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address.
收发单元502,具体用于通过第一连接与用户设备进行非加密通信。The transceiver unit 502 is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
可选的,连接单元501,具体还用于通过收发单元502接收用户设备发送的第二连接请求消息,与用户设备建立第二连接,其中第二连接请求消息包括第二地址。Optionally, the connecting unit 501 is further configured to receive, by the transceiver unit 502, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address.
收发单元502,具体还用于通过第二连接与用户设备进行加密 通信。The transceiver unit 502 is specifically configured to perform encryption with the user equipment by using the second connection. Communication.
可选的,在第一连接和第二连接其中之一建立之后,Optionally, after one of the first connection and the second connection is established,
连接单元501,还用于在接收用户设备发送的第一连接请求消息之前,如果第二连接已经建立,则断开第二连接。或者,The connecting unit 501 is further configured to: before receiving the first connection request message sent by the user equipment, if the second connection has been established, disconnect the second connection. or,
连接单元501,还用于在接收用户设备发送的第二连接请求消息之前,如果第一连接已经建立,则断开第一连接。The connecting unit 501 is further configured to: before receiving the second connection request message sent by the user equipment, disconnect the first connection if the first connection has been established.
可选的,收发单元502,还用于通过第一连接向用户设备发送加密通信请求。Optionally, the transceiver unit 502 is further configured to send an encrypted communication request to the user equipment by using the first connection.
连接单元501,还用于断开第一连接并建立第二连接。The connecting unit 501 is further configured to disconnect the first connection and establish a second connection.
收发单元502,还用于根据加密通信请求通过第二连接与第一服务器进行加密通信。The transceiver unit 502 is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
可选的,收发单元502,还用于通过第二连接向用户设备发送加密通信完成的指示消息。Optionally, the transceiver unit 502 is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment.
连接单元501,还用于断开第二连接并建立第一连接。The connecting unit 501 is further configured to disconnect the second connection and establish a first connection.
可选的,收发单元502,还用于接收用户设备通过第一连接发送的定制信息,定制信息用于指示用户设备所定制的加密通信内容。Optionally, the transceiver unit 502 is further configured to receive customized information that is sent by the user equipment by using the first connection, where the customized information is used to indicate the encrypted communication content customized by the user equipment.
可选的,收发单元502,还用于接收用户设备通过第一连接发送的心跳消息,以保持第一连接。Optionally, the transceiver unit 502 is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
本发明的实施例提供的服务器,通过接收用户设备发送的连接请求消息,根据第一地址或者第二地址与用户设备建立连接,并通过连接与用户设备进行非加密通信或加密通信。非加密通信和加密通信共享同一网络层连接,各自占用不同的传输层连接,因此对于应用层数据可以根据加密需求,进行选择性加密处理。在进行加密通信时,可以使用现有的各种传输层加密协议,例如SSL协议、TLS协议等。从而在现有的传输层加密协议的基础上,对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低了通信过程中的资源耗用,提高了通信效率。 The server provided by the embodiment of the present invention establishes a connection with the user equipment according to the first address or the second address by receiving the connection request message sent by the user equipment, and performs non-encrypted communication or encrypted communication with the user equipment through the connection. Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selectively encrypted according to the encryption requirements. When performing encrypted communication, various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. Therefore, on the basis of the existing transport layer encryption protocol, the application layer data is selectively encrypted, and under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
实施例六Embodiment 6
本发明的实施例六提供一种用户设备,用于执行上述图1至图3对应的实施例所描述的数据传输方法中,用户设备的相应功能,参照图6所示,用户设备60可以嵌入或本身就是微处理计算机,比如:通用计算机、客户定制机、手机终端或平板机等便携设备,该用户设备60包括:至少一个处理器601、收发器602、存储器603、和总线604,该至少一个处理器601、收发器602和存储器603通过总线604连接并完成相互间的通信。The sixth embodiment of the present invention provides a user equipment for performing the corresponding functions of the user equipment in the data transmission method described in the foregoing embodiments corresponding to FIG. 1 to FIG. 3. Referring to FIG. 6, the user equipment 60 may be embedded. Or itself is a microprocessor computer, such as a general purpose computer, a custom machine, a mobile phone terminal or a tablet device, the user device 60 includes: at least one processor 601, a transceiver 602, a memory 603, and a bus 604, the at least A processor 601, transceiver 602 and memory 603 are connected by bus 604 and communicate with each other.
该总线604可以是工业标准体系结构(英文全称:Industry Standard Architecture,英文简称:ISA)总线、外部设备互连(英文全称:Peripheral Component,英文简称:PCI)总线或扩展工业标准体系结构(英文全称:Extended Industry Standard Architecture,英文简称:EISA)总线等。该总线604可以分为地址总线、数据总线、控制总线等。为便于表示,图6中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。其中:The bus 604 can be an industry standard architecture (English name: Industry Standard Architecture, English abbreviation: ISA) bus, external device interconnection (English full name: Peripheral Component, English abbreviation: PCI) bus or extended industry standard architecture (English full name :Extended Industry Standard Architecture, English abbreviation: EISA) bus. The bus 604 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 6, but it does not mean that there is only one bus or one type of bus. among them:
存储器603用于执行本发明方案的应用程序代码,执行本发明方案的应用程序代码保存在存储器中,并由处理器601来控制执行。The memory 603 is used to execute the application code of the inventive scheme, and the application code for executing the inventive scheme is stored in a memory and controlled by the processor 601 for execution.
该存储器可以是只读存储器(英文全称:Read Only Memory,英文简称:ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存储器(英文全称:Random Access Memory,英文简称:RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(英文全称:Electrically Erasable Programmable Read Only Memory,英文简称:EEPROM)、只读光盘(英文全称:Compact Disc Read Only Memory,英文简称:CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。这些存储器通过总线与处理器相连接。 The memory can be a read-only memory (English full name: Read Only Memory, English abbreviation: ROM) or other types of static storage devices that can store static information and instructions. Random memory (English name: Random Access Memory, English abbreviation: RAM) Or other types of dynamic storage devices that can store information and instructions, or can be electrically erasable programmable read only memory (English full name: Electrically Erasable Programmable Read Only Memory, English abbreviation: EEPROM), read-only optical disc (English full name: Compact Disc Read Only Memory (English: CD-ROM) or other optical disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or can be used Any other medium that carries or stores the desired program code in the form of an instruction or data structure and that can be accessed by a computer, but is not limited thereto. These memories are connected to the processor via a bus.
处理器601可能是一个中央处理器(英文全称:Central Processing Unit,英文简称:CPU),或者是特定集成电路(英文全称:Application Specific Integrated Circuit,英文简称:ASIC),或者是被配置成实施本发明实施例的一个或多个集成电路。The processor 601 may be a central processing unit (English name: Central Processing Unit, English abbreviation: CPU), or a specific integrated circuit (English name: Application Specific Integrated Circuit, English abbreviation: ASIC), or configured to implement the present invention. One or more integrated circuits of an embodiment of the invention.
处理器601,用于调用存储器603中的程序代码,在一种可能的实施方式中,当上述应用程序被处理器601执行时,实现如下功能。The processor 601 is configured to call the program code in the memory 603. In a possible implementation manner, when the application program is executed by the processor 601, the following functions are implemented.
处理器601,用于获取第一服务器的访问地址,访问地址包括第一地址和第二地址。其中,第一地址和第二地址包括网络层地址和传输层地址,第一地址的传输层地址和第二地址的传输层地址不同。The processor 601 is configured to obtain an access address of the first server, where the access address includes a first address and a second address. The first address and the second address include a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different.
处理器601,用于通过收发器602向第一服务器发送连接请求消息,与第一服务器建立连接,连接请求消息包括第一地址或者第二地址。The processor 601 is configured to send a connection request message to the first server by using the transceiver 602, and establish a connection with the first server, where the connection request message includes a first address or a second address.
收发器602,用于通过连接与第一服务器进行非加密通信和/或加密通信。The transceiver 602 is configured to perform non-encrypted communication and/or encrypted communication with the first server by using a connection.
可选的,处理器601,具体用于通过收发器602向第一服务器发送第一连接请求消息,与第一服务器建立第一连接,其中第一连接请求消息包括第一地址。Optionally, the processor 601 is configured to send a first connection request message to the first server by using the transceiver 602, and establish a first connection with the first server, where the first connection request message includes the first address.
可选的,收发器602,具体用于通过第一连接与第一服务器进行非加密通信。Optionally, the transceiver 602 is specifically configured to perform non-encrypted communication with the first server by using the first connection.
可选的,处理器601,具体还用于通过收发器602向第一服务器发送第二连接请求消息,与第一服务器建立第二连接,其中第二连接请求消息包括第二地址。Optionally, the processor 601 is further configured to send a second connection request message to the first server by using the transceiver 602, and establish a second connection with the first server, where the second connection request message includes the second address.
可选的,收发器602,具体还用于通过第二连接与第一服务器进非加密通信。Optionally, the transceiver 602 is specifically configured to perform non-encrypted communication with the first server by using the second connection.
可选的,在处理器601通过收发器602建立第一连接和第二连接其中之一之后,Optionally, after the processor 601 establishes one of the first connection and the second connection through the transceiver 602,
处理器601,还用于在向第一服务器发送第一连接请求消息之 前,如果第二连接已经建立,则断开第二连接。或者,The processor 601 is further configured to send the first connection request message to the first server. Previously, if the second connection has been established, the second connection is broken. or,
处理器601,还用于在向第一服务器发送第二连接请求消息之前,如果第一连接已经建立,则断开第一连接。The processor 601 is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
可选的,收发单器602,还用于接收第一服务器通过第一连接发送的加密通信请求。Optionally, the transceiver 602 is further configured to receive an encrypted communication request sent by the first server by using the first connection.
处理器601还用于根据加密通信请求断开第一连接并建立第二连接。The processor 601 is further configured to disconnect the first connection and establish a second connection according to the encrypted communication request.
收发单器602,还用于响应加密通信请求,通过第二连接与第一服务器进行加密通信。The transceiver 602 is further configured to perform encrypted communication with the first server through the second connection in response to the encrypted communication request.
可选的,收发单器602,还用于接收第一服务器通过第二连接发送的加密通信完成的指示消息。Optionally, the transceiver 602 is further configured to receive an indication message that the first server completes the encrypted communication sent by the second connection.
处理器601,还用于根据指示消息断开第二连接并建立第一连接。The processor 601 is further configured to disconnect the second connection according to the indication message and establish a first connection.
可选的,收发器602,还用于通过第一连接向第一服务器发送定制信息,定制信息用于向第一服务器指示定制的加密通信内容。Optionally, the transceiver 602 is further configured to send, by using the first connection, the customized information to the first server, where the customized information is used to indicate the customized encrypted communication content to the first server.
可选的,收发器602,还用于通过第一连接向第一服务器发送心跳消息,以保持第一连接。Optionally, the transceiver 602 is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
可选的,处理器601,具体用于从预设的服务器列表中获取第一服务器的访问地址。Optionally, the processor 601 is configured to obtain an access address of the first server from a preset server list.
处理器601,具体还用于从第二服务器获取第一服务器的访问地址。The processor 601 is specifically configured to acquire an access address of the first server from the second server.
本发明的实施例提供的用户设备,通过获取第一服务器的访问地址,并根据第一地址和第二地址与第一服务器进行非加密通信和加密通信。非加密通信和加密通信共享同一网络层连接,各自占用不同的传输层连接,因此应用层数据可以根据加密需求,选择通过非加密通信或加密通信占用的传输层连接进行传输,即对传输层数据进行选择性加密处理。对于通过非加密通信传输的数据,用户设备和第一服务器无需对这些数据进行加密处理,因此减少了资源占用,缩短了通信时间,提高了通信效率。对于通过加密通信传输的 数据,可以使用现有的各种传输层加密协议,例如SSL协议、TLS协议等。通过对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低了通信过程中的资源耗用,提高了通信效率。The user equipment provided by the embodiment of the present invention acquires an access address of the first server, and performs non-encrypted communication and encrypted communication with the first server according to the first address and the second address. Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selected to be transmitted through the transport layer connection occupied by non-encrypted communication or encrypted communication according to the encryption requirement, that is, the transport layer data Perform selective encryption processing. For data transmitted through non-encrypted communication, the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency. For transmission via encrypted communication Data, you can use the existing various transport layer encryption protocols, such as SSL protocol, TLS protocol and so on. By selectively encrypting the application layer data, under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
实施例七Example 7
本发明的实施例六提供一种服务器,用于执行上述图1至图3对应的实施例所描述的数据传输方法中,第一服务器的相应功能,参照图7所示,用户设备70可以嵌入或本身就是微处理计算机,比如:通用计算机、客户定制机、手机终端或平板机等便携设备,该用户设备70包括:至少一个处理器701、收发器702、存储器703和总线704,该至少一个处理器701、收发器702和存储器703通过总线704连接并完成相互间的通信。The sixth embodiment of the present invention provides a server for performing the corresponding functions of the first server in the data transmission method described in the foregoing embodiments corresponding to FIG. 1 to FIG. 3. Referring to FIG. 7, the user equipment 70 may be embedded. Or itself is a microprocessor computer, such as a general purpose computer, a custom machine, a mobile phone terminal, or a tablet device, the user device 70 includes: at least one processor 701, a transceiver 702, a memory 703, and a bus 704, the at least one The processor 701, the transceiver 702, and the memory 703 are connected by a bus 704 and complete communication with each other.
该总线704可以是工业标准体系结构(英文全称:Industry Standard Architecture,英文简称:ISA)总线、外部设备互连(英文全称:Peripheral Component,英文简称:PCI)总线或扩展工业标准体系结构(英文全称:Extended Industry Standard Architecture,英文简称:EISA)总线等。该总线704可以分为地址总线、数据总线、控制总线等。为便于表示,图7中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。其中:The bus 704 can be an industry standard architecture (English name: Industry Standard Architecture, English abbreviation: ISA) bus, external device interconnection (English full name: Peripheral Component, English abbreviation: PCI) bus or extended industry standard architecture (English full name :Extended Industry Standard Architecture, English abbreviation: EISA) bus. The bus 704 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 7, but it does not mean that there is only one bus or one type of bus. among them:
存储器703用于执行本发明方案的应用程序代码,执行本发明方案的应用程序代码保存在存储器中,并由处理器701来控制执行。The memory 703 is used to execute the application code of the inventive scheme, and the application code for executing the inventive scheme is stored in a memory and controlled by the processor 701 for execution.
该存储器可以是只读存储器(英文全称:Read Only Memory,英文简称:ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存储器(英文全称:Random Access Memory,英文简称:RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(英文全称:Electrically Erasable Programmable Read Only Memory,英文简称:EEPROM)、只读光盘(英文全称:Compact Disc Read Only Memory,英文简称:CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字 通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。这些存储器通过总线与处理器相连接。The memory can be a read-only memory (English full name: Read Only Memory, English abbreviation: ROM) or other types of static storage devices that can store static information and instructions. Random memory (English name: Random Access Memory, English abbreviation: RAM) Or other types of dynamic storage devices that can store information and instructions, or can be electrically erasable programmable read only memory (English full name: Electrically Erasable Programmable Read Only Memory, English abbreviation: EEPROM), read-only optical disc (English full name: Compact Disc Read Only Memory, English abbreviation: CD-ROM) or other disc storage, CD storage (including compressed discs, laser discs, CDs, digital Universal optical disc, Blu-ray disc, etc.), magnetic storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of an instruction or data structure and accessible by a computer, but is not limited thereto . These memories are connected to the processor via a bus.
处理器701可能是一个中央处理器(英文全称:Central Processing Unit,英文简称:CPU),或者是特定集成电路(英文全称:Application Specific Integrated Circuit,英文简称:ASIC),或者是被配置成实施本发明实施例的一个或多个集成电路。The processor 701 may be a central processing unit (English name: Central Processing Unit, English abbreviation: CPU), or a specific integrated circuit (English name: Application Specific Integrated Circuit, English abbreviation: ASIC), or configured to implement the present invention. One or more integrated circuits of an embodiment of the invention.
处理器701,用于调用存储器703中的程序代码,在一种可能的实施方式中,当上述应用程序被处理器701执行时,实现如下功能。The processor 701 is configured to call the program code in the memory 703. In a possible implementation manner, when the application program is executed by the processor 701, the following functions are implemented.
处理器701,用于通过收发器702接收用户设备发送的连接请求消息,与用户设备建立连接,连接请求消息包括第一地址或者第二地址。其中,第一地址和第二地址包括网络层地址和传输层地址,第一地址的传输层地址和第二地址的传输层地址不同。The processor 701 is configured to receive, by using the transceiver 702, a connection request message sent by the user equipment, and establish a connection with the user equipment, where the connection request message includes a first address or a second address. The first address and the second address include a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different.
收发器702,还用于通过连接与用户设备进行非加密通信和/或加密通信。The transceiver 702 is further configured to perform non-encrypted communication and/or encrypted communication with the user equipment through the connection.
可选的,处理器701,具体用于通过收发器702接收用户设备发送的第一连接请求消息,与用户设备建立第一连接,其中第一连接请求消息包括第一地址。Optionally, the processor 701 is configured to receive, by using the transceiver 702, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address.
处理器701,具体还用于通过收发器702接收用户设备发送的第二连接请求消息,与用户设备建立第二连接,其中第二连接请求消息包括第二地址。The processor 701 is further configured to receive, by using the transceiver 702, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address.
可选的,收发器702,具体用于通过第一连接与用户设备进行非加密通信。Optionally, the transceiver 702 is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
收发器702,具体还用于通过第二连接与用户设备进行加密通信。The transceiver 702 is specifically configured to perform encrypted communication with the user equipment by using the second connection.
可选的,在处理器701通过收发器702建立在第一连接和第二连接其中之一之后, Optionally, after the processor 701 is established by the transceiver 702 in one of the first connection and the second connection,
处理器701,还用于在接收用户设备发送的第一连接请求消息之前,如果第二连接已经建立,则断开第二连接。或者,The processor 701 is further configured to: before receiving the first connection request message sent by the user equipment, if the second connection has been established, disconnect the second connection. or,
处理器701,还用于在接收用户设备发送的第二连接请求消息之前,如果第一连接已经建立,则断开第一连接。The processor 701 is further configured to: before receiving the second connection request message sent by the user equipment, if the first connection has been established, disconnect the first connection.
可选的,收发器702,还用于通过第一连接向用户设备发送加密通信请求。Optionally, the transceiver 702 is further configured to send an encrypted communication request to the user equipment by using the first connection.
处理器701,还用于断开第一连接并建立第二连接。The processor 701 is further configured to disconnect the first connection and establish a second connection.
收发器702,还用于根据加密通信请求通过第二连接与第一服务器进行加密通信。The transceiver 702 is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
可选的,收发器702,还用于通过第二连接向用户设备发送加密通信完成的指示消息。Optionally, the transceiver 702 is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment.
处理器701,还用于断开第二连接并建立第一连接。The processor 701 is further configured to disconnect the second connection and establish a first connection.
可选的,收发器702,还用于接收用户设备通过第一连接发送的定制信息,定制信息用于指示用户设备所定制的加密通信内容。Optionally, the transceiver 702 is further configured to receive customized information sent by the user equipment by using the first connection, where the customized information is used to indicate the encrypted communication content customized by the user equipment.
可选的,收发器702,还用于接收用户设备通过第一连接发送的心跳消息,以保持第一连接。Optionally, the transceiver 702 is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
本发明的实施例提供的服务器,通过接收用户设备发送的连接请求消息,根据第一地址或者第二地址与用户设备建立连接,并通过连接与用户设备进行非加密通信或加密通信。非加密通信和加密通信共享同一网络层连接,各自占用不同的传输层连接,因此对于应用层数据可以根据加密需求,进行选择性加密处理。在进行加密通信时,可以使用现有的各种传输层加密协议,例如SSL协议、TLS协议等。从而在现有的传输层加密协议的基础上,对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低了通信过程中的资源耗用,提高了通信效率。The server provided by the embodiment of the present invention establishes a connection with the user equipment according to the first address or the second address by receiving the connection request message sent by the user equipment, and performs non-encrypted communication or encrypted communication with the user equipment through the connection. Non-encrypted communication and encrypted communication share the same network layer connection, each occupying different transport layer connections, so the application layer data can be selectively encrypted according to the encryption requirements. When performing encrypted communication, various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. Therefore, on the basis of the existing transport layer encryption protocol, the application layer data is selectively encrypted, and under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
基于上述图4至图7所对应的实施例,本发明的实施例提供一种数据传输系统,包括用户设备和服务器。Based on the embodiments corresponding to FIG. 4 to FIG. 7 above, an embodiment of the present invention provides a data transmission system, including a user equipment and a server.
其中,用户设备为图4所对应的实施例中所描述的用户设备,服务器为图5所对应的实施例中所描述的服务器,用作第一服务器。 The user equipment is the user equipment described in the embodiment corresponding to FIG. 4, and the server is the server described in the embodiment corresponding to FIG. 5, and is used as the first server.
或者,用户设备为图6所对应的实施例中所描述的用户设备,服务器为图7所对应的实施例中所描述的服务器,用作第一服务器。Alternatively, the user equipment is the user equipment described in the embodiment corresponding to FIG. 6, and the server is the server described in the embodiment corresponding to FIG. 7, and is used as the first server.
本发明的实施例提供的数据传输方法、设备及系统,用户设备通过获取第一服务器的访问地址,并根据第一地址和第二地址与第一服务器进行非加密通信和加密通信。由于第一地址和第二地址的传输层地址相同,非加密通信和加密通信在共享同一网络层连接同时,各自占用不同的传输层连接,因此应用层数据可以根据加密需求,选择通过非加密通信或加密通信占用的传输层连接进行传输,即对传输层数据进行选择性加密处理。对于通过非加密通信传输的数据,用户设备和第一服务器无需对这些数据进行加密处理,因此减少了资源占用,缩短了通信时间,提高了通信效率。对于通过加密通信传输的数据,可以使用现有的各种传输层加密协议,例如SSL协议、TLS协议等。通过对应用层数据进行选择性加密处理,在保证数据安全的前提下,降低了通信过程中的资源耗用,提高了通信效率。The data transmission method, device and system provided by the embodiment of the present invention, the user equipment obtains an access address of the first server, and performs non-encrypted communication and encrypted communication with the first server according to the first address and the second address. Since the transport layer addresses of the first address and the second address are the same, the non-encrypted communication and the encrypted communication share the same network layer connection while occupying different transport layer connections, so the application layer data can be selected to pass the non-encrypted communication according to the encryption requirement. Or the transport layer connection occupied by the encrypted communication is transmitted, that is, the transport layer data is selectively encrypted. For data transmitted through non-encrypted communication, the user equipment and the first server do not need to encrypt the data, thereby reducing resource occupation, shortening communication time, and improving communication efficiency. For data transmitted by encrypted communication, various existing transport layer encryption protocols such as the SSL protocol, the TLS protocol, and the like can be used. By selectively encrypting the application layer data, under the premise of ensuring data security, the resource consumption in the communication process is reduced, and the communication efficiency is improved.
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本发明可以用硬件实现,或固件实现,或它们的组合方式来实现。当使用软件实现时,可以将上述功能存储在计算机可读介质中或作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是计算机能够存取的任何可用介质。以此为例但不限于:计算机可读介质可以包括随机存储器(英文全称:Random Access Memory,英文简称:RAM)、只读存储器(英文全称:Read Only Memory,英文简称:ROM)、电可擦可编程只读存储器(英文全称:Electrically Erasable Programmable Read Only Memory,英文简称:EEPROM)、只读光盘(英文全称:Compact Disc Read Only Memory,英文简称:CD-ROM)或其他光盘存储、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期 望的程序代码并能够由计算机存取的任何其他介质。此外。任何连接可以适当的成为计算机可读介质。例如,如果软件是使用同轴电缆、光纤光缆、双绞线、数字用户专线(英文全称:Digital Subscriber Line,英文简称:DSL)或者诸如红外线、无线电和微波之类的无线技术从网站、服务器或者其他远程源传输的,那么同轴电缆、光纤光缆、双绞线、DSL或者诸如红外线、无线和微波之类的无线技术包括在所属介质的定影中。如本发明所使用的,盘和碟包括压缩光碟(英文全称:Compact Disc,英文简称:CD)、激光碟、光碟、数字通用光碟(英文全称:Digital Versatile Disc,英文简称:DVD)、软盘和蓝光光碟,其中盘通常磁性的复制数据,而碟则用激光来光学的复制数据。上面的组合也应当包括在计算机可读介质的保护范围之内。Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented in hardware, firmware implementation, or a combination thereof. When implemented in software, the functions described above may be stored in or transmitted as one or more instructions or code on a computer readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another. A storage medium may be any available media that can be accessed by a computer. For example, but not limited to: the computer readable medium may include random access memory (English name: Random Access Memory, English abbreviation: RAM), read only memory (English full name: Read Only Memory, English abbreviation: ROM), electrically erasable Programmable Read Only Memory (English full name: Electrically Erasable Programmable Read Only Memory, English abbreviation: EEPROM), read-only optical disc (English full name: Compact Disc Read Only Memory, English abbreviation: CD-ROM) or other optical disc storage, disk storage media Or other magnetic storage devices, or can be used to carry or store periods with instructions or data structures Program code and any other medium that can be accessed by a computer. Also. Any connection may suitably be a computer readable medium. For example, if the software uses coaxial cable, fiber optic cable, twisted pair, digital subscriber line (English full name: Digital Subscriber Line, English abbreviation: DSL) or wireless technologies such as infrared, radio and microwave from the website, server or Other remote source transmissions, such as coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwave, are included in the fixing of the associated medium. As used in the present invention, the disc and the disc include a compact disc (English full name: Compact Disc, English abbreviation: CD), a laser disc, a disc, a digital versatile disc (English full name: Digital Versatile Disc, English abbreviation: DVD), a floppy disk and Blu-ray discs, in which discs are usually magnetically replicated, while discs use lasers to optically replicate data. Combinations of the above should also be included within the scope of the computer readable media.
以上,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。 The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It is within the scope of the invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims (53)

  1. 一种数据传输方法,其特征在于,包括:A data transmission method, comprising:
    获取第一服务器的访问地址,所述访问地址包括第一地址和第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;Obtaining an access address of the first server, where the access address includes a first address and a second address; wherein the first address and the second address comprise a network layer address and a transport layer address, and the first address is transmitted The layer address is different from the transport layer address of the second address;
    向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,所述连接请求消息包括所述第一地址或者所述第二地址;Sending a connection request message to the first server, establishing a connection with the first server, where the connection request message includes the first address or the second address;
    通过所述连接与所述第一服务器进行非加密通信和/或加密通信。Non-encrypted communication and/or encrypted communication with the first server over the connection.
  2. 根据权利要求1所述的方法,其特征在于,The method of claim 1 wherein
    所述向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,包括:向所述第一服务器发送第一连接请求消息,与所述第一服务器建立第一连接,其中所述第一连接请求消息包括所述第一地址;The sending a connection request message to the first server, and establishing a connection with the first server, includes: sending a first connection request message to the first server, and establishing a first connection with the first server, where The first connection request message includes the first address;
    所述通过所述连接与所述第一服务器进行非加密通信和/或加密通信,包括:通过所述第一连接与所述第一服务器进行非加密通信。The performing non-encrypted communication and/or encrypted communication with the first server over the connection includes performing non-encrypted communication with the first server over the first connection.
  3. 根据权利要求1或2所述的方法,其特征在于,Method according to claim 1 or 2, characterized in that
    所述向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,包括:向所述第一服务器发送第二连接请求消息,与所述第一服务器建立第二连接,其中所述第二连接请求消息包括所述第二地址;The sending a connection request message to the first server, and establishing a connection with the first server, includes: sending a second connection request message to the first server, and establishing a second connection with the first server, where The second connection request message includes the second address;
    所述通过所述连接与所述第一服务器进行非加密通信和/或加密通信,包括:通过所述第二连接与所述第一服务器进行加密通信。The performing non-encrypted communication and/or encrypted communication with the first server through the connection includes: performing encrypted communication with the first server through the second connection.
  4. 根据权利要求3所述的方法,其特征在,在所述第一连接和所述第二连接其中之一建立之后,所述方法还包括:The method of claim 3, wherein after the one of the first connection and the second connection is established, the method further comprises:
    所述向所述第一服务器发送第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,Before sending the first connection request message to the first server, if the second connection has been established, disconnecting the second connection; or
    所述向所述第一服务器发送第二连接请求消息之前,如果所述第 一连接已经建立,则断开所述第一连接。Before the sending the second connection request message to the first server, if the When a connection has been established, the first connection is broken.
  5. 根据权利要求4所述的方法,其特征在于,The method of claim 4 wherein:
    在所述断开所述第一连接之前,通过所述第一连接与所述第一服务器进行非加密通信,所述方法还包括:接收所述第一服务器通过所述第一连接发送的加密通信请求;Performing non-encrypted communication with the first server through the first connection before the disconnecting the first connection, the method further comprising: receiving an encryption sent by the first server by using the first connection Communication request
    在断开所述第一连接并建立所述第二连接之后,所述通过所述第二连接与所述第一服务器进行加密通信,包括:响应所述加密通信请求,通过所述第二连接与所述第一服务器进行加密通信。After disconnecting the first connection and establishing the second connection, the encrypting communication with the first server by the second connection comprises: responding to the encrypted communication request, by the second connection Encrypted communication with the first server.
  6. 根据权利要求4所述的方法,其特征在于,所述方法还包括:The method of claim 4, wherein the method further comprises:
    接收所述第一服务器通过所述第二连接发送的加密通信完成的指示消息;Receiving an indication message that the first server completes the encrypted communication sent by the second connection;
    断开所述第二连接并建立所述第一连接。Disconnecting the second connection and establishing the first connection.
  7. 根据权利要求2-6任一项所述的方法,其特征在于,所述通过所述第一连接与所述第一服务器进行非加密通信,包括:The method according to any one of claims 2-6, wherein the non-encrypted communication with the first server by the first connection comprises:
    通过所述第一连接向所述第一服务器发送定制信息,所述定制信息用于向所述第一服务器指示定制的加密通信内容。Customizing information is transmitted to the first server through the first connection, the customization information being used to indicate customized encrypted communication content to the first server.
  8. 根据权利要求2-6任一项所述的方法,其特征在于,所述通过所述第一连接与所述第一服务器进行非加密通信,包括:The method according to any one of claims 2-6, wherein the non-encrypted communication with the first server by the first connection comprises:
    通过所述第一连接向所述第一服务器发送心跳消息,以保持所述第一连接。Sending a heartbeat message to the first server through the first connection to maintain the first connection.
  9. 根据权利要求1-8任一项所述的方法,其特征在于,所述获取第一服务器的访问地址,包括:The method according to any one of claims 1-8, wherein the obtaining an access address of the first server comprises:
    从预设的服务器列表中获取所述第一服务器的访问地址;Obtaining an access address of the first server from a preset server list;
    或者,从第二服务器获取所述第一服务器的访问地址。Alternatively, the access address of the first server is obtained from the second server.
  10. 一种数据传输方法,其特征在于,包括:A data transmission method, comprising:
    接收用户设备发送的连接请求消息,与所述用户设备建立连接,所述连接请求消息包括第一地址或者第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同; Receiving a connection request message sent by the user equipment, establishing a connection with the user equipment, where the connection request message includes a first address or a second address; wherein the first address and the second address comprise a network layer address and a transmission a layer address, the transport layer address of the first address and the transport layer address of the second address are different;
    通过所述连接与所述用户设备进行非加密通信和/或加密通信。Non-encrypted communication and/or encrypted communication with the user equipment over the connection.
  11. 根据权利要求10所述的方法,其特征在于,所述接收用户设备发送的连接请求消息,与所述用户设备建立连接,包括:The method according to claim 10, wherein the receiving a connection request message sent by the user equipment, establishing a connection with the user equipment, includes:
    接收所述用户设备发送的第一连接请求消息,与所述用户设备建立第一连接,其中所述第一连接请求消息包括所述第一地址;Receiving a first connection request message sent by the user equipment, and establishing a first connection with the user equipment, where the first connection request message includes the first address;
    所述通过所述连接与所述用户设备进行非加密通信和/或加密通信,包括:通过所述第一连接与所述用户设备进行非加密通信。The performing non-encrypted communication and/or encrypted communication with the user equipment through the connection includes: performing non-encrypted communication with the user equipment by using the first connection.
  12. 根据权利要求10或11所述的方法,其特征在于,A method according to claim 10 or 11, wherein
    所述接收用户设备发送的连接请求消息,与所述用户设备建立连接,包括:接收所述用户设备发送的第二连接请求消息,与所述用户设备建立第二连接,其中所述第二连接请求消息包括所述第二地址;Receiving the connection request message sent by the user equipment, establishing a connection with the user equipment, including: receiving a second connection request message sent by the user equipment, establishing a second connection with the user equipment, where the second connection The request message includes the second address;
    所述通过所述连接与所述用户设备进行非加密通信和/或加密通信,包括:通过所述第二连接与所述第一服务器进行加密通信。The performing non-encrypted communication and/or encrypted communication with the user equipment through the connection includes: performing encrypted communication with the first server by using the second connection.
  13. 根据权利要求12所述的方法,其特征在于,在所述第一连接和所述第二连接其中之一建立之后,所述方法还包括:The method of claim 12, wherein after the one of the first connection and the second connection is established, the method further comprises:
    所述接收所述用户设备发送的第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,Before receiving the first connection request message sent by the user equipment, if the second connection has been established, disconnecting the second connection; or
    所述接收所述用户设备发送的第二连接请求消息之前,如果所述第一连接已经建立,则断开所述第一连接。Before receiving the second connection request message sent by the user equipment, if the first connection has been established, disconnecting the first connection.
  14. 根据权利要求13所述的方法,其特征在于,The method of claim 13 wherein:
    在所述断开所述第一连接之前,通过所述第一连接与所述用户设备进行非加密通信,所述方法还包括:通过所述第一连接向所述用户设备发送加密通信请求;Before the disconnecting the first connection, performing non-encrypted communication with the user equipment by using the first connection, the method further includes: sending, by using the first connection, an encrypted communication request to the user equipment;
    在断开所述第一连接并建立所述第二连接之后,通过所述第二连接与所述第一服务器进行加密通信。After disconnecting the first connection and establishing the second connection, encrypted communication is performed with the first server through the second connection.
  15. 根据权利要求13所述的方法,其特征在于,所述方法还包括:The method of claim 13 wherein the method further comprises:
    通过所述第二连接向所述用户设备发送加密通信完成的指示消息; Sending, by the second connection, an indication message that the encrypted communication is completed to the user equipment;
    断开所述第二连接并建立所述第一连接。Disconnecting the second connection and establishing the first connection.
  16. 根据权利要求11-15任一项所述的方法,其特征在于,所述通过所述第一连接与所述用户设备进行非加密通信,包括:The method according to any one of claims 11 to 15, wherein the non-encrypted communication with the user equipment by using the first connection comprises:
    所述通过所述第一连接与所述用户设备进行非加密通信,包括:The performing non-encrypted communication with the user equipment by using the first connection includes:
    接收所述用户设备通过所述第一连接发送的定制信息,所述定制信息用于指示所述用户设备所定制的加密通信内容。Receiving, by the user equipment, customized information sent by the first connection, where the customized information is used to indicate encrypted communication content customized by the user equipment.
  17. 根据权利要求11-15任一项所述的方法,其特征在于,所述通过所述第一连接与所述用户设备进行非加密通信,包括:The method according to any one of claims 11 to 15, wherein the non-encrypted communication with the user equipment by using the first connection comprises:
    接收所述用户设备通过所述第一连接发送的心跳消息,以保持所述第一连接。Receiving a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
  18. 一种用户设备,其特征在于,包括:A user equipment, comprising:
    获取单元,用于获取第一服务器的访问地址,所述访问地址包括第一地址和第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;An obtaining unit, configured to obtain an access address of the first server, where the access address includes a first address and a second address, where the first address and the second address comprise a network layer address and a transport layer address, The transport layer address of the first address is different from the transport layer address of the second address;
    连接单元,用于通过收发单元向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,所述连接请求消息包括所述第一地址或者所述第二地址;a connection unit, configured to send a connection request message to the first server by using a transceiver unit, to establish a connection with the first server, where the connection request message includes the first address or the second address;
    所述收发单元,用于通过所述连接与所述第一服务器进行非加密通信和/或加密通信。The transceiver unit is configured to perform non-encrypted communication and/or encrypted communication with the first server by using the connection.
  19. 根据权利要求18所述的用户设备,其特征在于,User equipment according to claim 18, characterized in that
    所述连接单元,具体用于通过所述收发单元向所述第一服务器发送第一连接请求消息,与所述第一服务器建立第一连接,其中所述第一连接请求消息包括所述第一地址;The connecting unit is configured to send a first connection request message to the first server by using the transceiver unit, and establish a first connection with the first server, where the first connection request message includes the first address;
    所述收发单元,具体用于通过所述第一连接与所述第一服务器进行非加密通信。The transceiver unit is specifically configured to perform non-encrypted communication with the first server by using the first connection.
  20. 根据权利要求18或19所述的用户设备,其特征在于,User equipment according to claim 18 or 19, characterized in that
    所述连接单元,具体还用于通过所述收发单元向所述第一服务器发送第二连接请求消息,与所述第一服务器建立第二连接,其中所述 第二连接请求消息包括所述第二地址;The connecting unit is further configured to send, by using the transceiver unit, a second connection request message to the first server, to establish a second connection with the first server, where the The second connection request message includes the second address;
    所述收发单元,具体还用于通过所述第二连接与所述第一服务器进行加密通信。The transceiver unit is specifically configured to perform encrypted communication with the first server by using the second connection.
  21. 根据权利要求20所述的用户设备,其特征在于,在所述第一连接和所述第二连接其中之一建立之后,The user equipment according to claim 20, after one of the first connection and the second connection is established,
    所述连接单元,还用于在向所述第一服务器发送第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,The connecting unit is further configured to disconnect the second connection if the second connection has been established before sending the first connection request message to the first server; or
    所述连接单元,还用于在向所述第一服务器发送第二连接请求消息之前,如果所述第一连接已经建立,则断开所述第一连接。The connecting unit is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
  22. 根据权利要求21所述的用户设备,其特征在于,A user equipment according to claim 21, wherein
    所述收发单元,还用于接收所述第一服务器通过所述第一连接发送的加密通信请求;The transceiver unit is further configured to receive an encrypted communication request sent by the first server by using the first connection;
    所述连接单元还用于根据所述所述加密通信请求断开所述第一连接并建立所述第二连接;The connecting unit is further configured to disconnect the first connection and establish the second connection according to the encrypted communication request;
    所述收发单元,还用于响应所述加密通信请求,通过所述第二连接与所述第一服务器进行加密通信。The transceiver unit is further configured to perform encrypted communication with the first server by using the second connection in response to the encrypted communication request.
  23. 根据权利要求21所述的用户设备,其特征在于,A user equipment according to claim 21, wherein
    所述收发单元,还用于接收所述第一服务器通过所述第二连接发送的加密通信完成的指示消息;The transceiver unit is further configured to receive an indication message that the first server completes the encrypted communication sent by using the second connection;
    所述连接单元,还用于根据所述指示消息断开所述第二连接并建立所述第一连接。The connecting unit is further configured to disconnect the second connection according to the indication message and establish the first connection.
  24. 根据权利要求19-23任一项所述的用户设备,其特征在于,User equipment according to any one of claims 19-23, characterized in that
    所述收发单元,还用于通过所述第一连接向所述第一服务器发送定制信息,所述定制信息用于向所述第一服务器指示定制的加密通信内容。The transceiver unit is further configured to send, by using the first connection, customization information to the first server, where the customization information is used to indicate customized encrypted communication content to the first server.
  25. 根据权利要求19-23任一项所述的用户设备,其特征在于,User equipment according to any one of claims 19-23, characterized in that
    所述收发单元,还用于通过所述第一连接向所述第一服务器发送心跳消息,以保持所述第一连接。The transceiver unit is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
  26. 根据权利要求18-25任一项所述的用户设备,其特征在于, User equipment according to any one of claims 18-25, characterized in that
    所述获取单元,具体用于从预设的服务器列表中获取所述第一服务器的访问地址;The obtaining unit is specifically configured to obtain an access address of the first server from a preset server list.
    所述获取单元,具体还用于从第二服务器获取所述第一服务器的访问地址。The obtaining unit is specifically configured to acquire an access address of the first server from a second server.
  27. 一种服务器,用作第一服务器,其特征在于,包括:A server for use as a first server, comprising:
    连接单元,用于通过收发单元接收用户设备发送的连接请求消息,与所述用户设备建立连接,所述连接请求消息包括第一地址或者第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;a connection unit, configured to receive, by the transceiver unit, a connection request message sent by the user equipment, to establish a connection with the user equipment, where the connection request message includes a first address or a second address, where the first address and the first The second address includes a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different;
    所述收发单元,还用于通过所述连接与所述用户设备进行非加密通信和/或加密通信。The transceiver unit is further configured to perform non-encrypted communication and/or encrypted communication with the user equipment by using the connection.
  28. 根据权利要求27所述的服务器,其特征在于,The server according to claim 27, wherein
    所述连接单元,具体用于通过所述收发单元接收所述用户设备发送的第一连接请求消息,与所述用户设备建立第一连接,其中所述第一连接请求消息包括所述第一地址;The connecting unit is configured to: receive, by the transceiver unit, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address ;
    所述收发单元,具体用于通过所述第一连接与所述用户设备进行非加密通信。The transceiver unit is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
  29. 根据权利要求27或28所述的服务器,其特征在于,A server according to claim 27 or 28, wherein
    所述连接单元,具体还用于通过所述收发单元接收所述用户设备发送的第二连接请求消息,与所述用户设备建立第二连接,其中所述第二连接请求消息包括所述第二地址;The connecting unit is further configured to receive, by the transceiver unit, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address;
    所述收发单元,具体还用于通过所述第二连接与所述用户设备进行加密通信。The transceiver unit is specifically configured to perform encrypted communication with the user equipment by using the second connection.
  30. 根据权利要求29所述的服务器,其特征在于,在所述第一连接和所述第二连接其中之一建立之后,The server according to claim 29, after one of said first connection and said second connection is established,
    所述连接单元,还用于在接收所述用户设备发送的第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,The connecting unit is further configured to: before receiving the first connection request message sent by the user equipment, disconnect the second connection if the second connection has been established; or
    所述连接单元,还用于在接收所述用户设备发送的第二连接请求 消息之前,如果所述第一连接已经建立,则断开所述第一连接。The connecting unit is further configured to receive a second connection request sent by the user equipment Before the message, if the first connection has been established, the first connection is disconnected.
  31. 根据权利要求30所述的服务器,其特征在于,A server according to claim 30, wherein
    所述收发单元,还用于通过所述第一连接向所述用户设备发送加密通信请求;The transceiver unit is further configured to send an encrypted communication request to the user equipment by using the first connection;
    所述连接单元,还用于断开所述第一连接并建立所述第二连接;The connecting unit is further configured to disconnect the first connection and establish the second connection;
    所述收发单元,还用于根据所述所述加密通信请求通过所述第二连接与所述第一服务器进行加密通信。The transceiver unit is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
  32. 根据权利要求30所述的服务器,其特征在于,A server according to claim 30, wherein
    所述收发单元,还用于通过所述第二连接向所述用户设备发送加密通信完成的指示消息;The transceiver unit is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment;
    所述连接单元,还用于断开所述第二连接并建立所述第一连接。The connecting unit is further configured to disconnect the second connection and establish the first connection.
  33. 根据权利要求28-32任一项所述的服务器,其特征在于,A server according to any of claims 28-32, characterized in that
    所述收发单元,还用于接收所述用户设备通过所述第一连接发送的定制信息,所述定制信息用于指示所述用户设备所定制的加密通信内容。The transceiver unit is further configured to receive customized information that is sent by the user equipment by using the first connection, where the customized information is used to indicate encrypted communication content customized by the user equipment.
  34. 根据权利要求28-32任一项所述的服务器,其特征在于,A server according to any of claims 28-32, characterized in that
    所述收发单元,还用于接收所述用户设备通过所述第一连接发送的心跳消息,以保持所述第一连接。The transceiver unit is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
  35. 一种用户设备,其特征在于,包括处理器、收发器、存储器及总线,所述处理器及所述存储器通过所述总线相互连接;A user equipment, comprising: a processor, a transceiver, a memory, and a bus, wherein the processor and the memory are connected to each other through the bus;
    处理器,用于获取第一服务器的访问地址,所述访问地址包括第一地址和第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;a processor, configured to acquire an access address of the first server, where the access address includes a first address and a second address, where the first address and the second address comprise a network layer address and a transport layer address, The transport layer address of the first address is different from the transport layer address of the second address;
    处理器,用于通过收发器向所述第一服务器发送连接请求消息,与所述第一服务器建立连接,所述连接请求消息包括所述第一地址或者所述第二地址;a processor, configured to send a connection request message to the first server by using a transceiver, to establish a connection with the first server, where the connection request message includes the first address or the second address;
    所述收发器,用于通过所述连接与所述第一服务器进行非加密通信和/或加密通信。 The transceiver is configured to perform non-encrypted communication and/or encrypted communication with the first server through the connection.
  36. 根据权利要求35所述的用户设备,其特征在于,A user equipment according to claim 35, wherein
    所述处理器,具体用于通过所述收发器向所述第一服务器发送第一连接请求消息,与所述第一服务器建立第一连接,其中所述第一连接请求消息包括所述第一地址;The processor is configured to send a first connection request message to the first server by using the transceiver, and establish a first connection with the first server, where the first connection request message includes the first address;
    所述收发器,具体用于通过所述第一连接与所述第一服务器进行非加密通信。The transceiver is specifically configured to perform non-encrypted communication with the first server by using the first connection.
  37. 根据权利要求35或36所述的用户设备,其特征在于,User equipment according to claim 35 or 36, characterized in that
    所述处理器,具体还用于通过所述收发器向所述第一服务器发送第二连接请求消息,与所述第一服务器建立第二连接,其中所述第二连接请求消息包括所述第二地址;The processor is further configured to send a second connection request message to the first server by using the transceiver, and establish a second connection with the first server, where the second connection request message includes the Second address
    所述收发器,具体还用于通过所述第二连接与所述第一服务器进非加密通信。The transceiver is further configured to perform non-encrypted communication with the first server by using the second connection.
  38. 根据权利要求37所述的用户设备,其特征在于,在所述第一连接和所述第二连接其中之一建立之后,The user equipment according to claim 37, after one of the first connection and the second connection is established,
    所述处理器,还用于在向所述第一服务器发送第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,The processor is further configured to disconnect the second connection if the second connection has been established before sending the first connection request message to the first server; or
    所述处理器,还用于在向所述第一服务器发送第二连接请求消息之前,如果所述第一连接已经建立,则断开所述第一连接。The processor is further configured to disconnect the first connection if the first connection has been established before sending the second connection request message to the first server.
  39. 根据权利要求38所述的用户设备,其特征在于,User equipment according to claim 38, characterized in that
    所述收发器,还用于接收所述第一服务器通过所述第一连接发送的加密通信请求;The transceiver is further configured to receive an encrypted communication request sent by the first server by using the first connection;
    所述处理器,还用于根据所述加密通信请求断开所述第一连接并建立所述第二连接;The processor is further configured to disconnect the first connection and establish the second connection according to the encrypted communication request;
    所述收发器,还用于响应所述加密通信请求,通过所述第二连接与所述第一服务器进行加密通信。The transceiver is further configured to perform encrypted communication with the first server by using the second connection in response to the encrypted communication request.
  40. 根据权利要求38所述的用户设备,其特征在于,User equipment according to claim 38, characterized in that
    所述收发器,还用于接收所述第一服务器通过所述第二连接发送的加密通信完成的指示消息;The transceiver is further configured to receive an indication message that the first server completes the encrypted communication sent by using the second connection;
    所述收发器,还用于根据所述指示消息断开所述第二连接并建立 所述第一连接。The transceiver is further configured to disconnect and establish the second connection according to the indication message The first connection.
  41. 根据权利要求36-40任一项所述的用户设备,其特征在于,User equipment according to any one of claims 36 to 40, characterized in that
    所述收发器,还用于通过所述第一连接向所述第一服务器发送定制信息,所述定制信息用于向所述第一服务器指示定制的加密通信内容。The transceiver is further configured to send, by using the first connection, customization information to the first server, where the customization information is used to indicate customized encrypted communication content to the first server.
  42. 根据权利要求36-40任一项所述的用户设备,其特征在于,User equipment according to any one of claims 36 to 40, characterized in that
    所述收发器,还用于通过所述第一连接向所述第一服务器发送心跳消息,以保持所述第一连接。The transceiver is further configured to send a heartbeat message to the first server by using the first connection to maintain the first connection.
  43. 根据权利要求35-42任一项所述的用户设备,其特征在于,User equipment according to any of claims 35-42, characterized in that
    所述处理器,具体用于从预设的服务器列表中获取所述第一服务器的访问地址;The processor is specifically configured to obtain an access address of the first server from a preset server list.
    所述处理器,具体还用于从第二服务器获取所述第一服务器的访问地址。The processor is further configured to acquire an access address of the first server from a second server.
  44. 一种服务器,用作第一服务器,其特征在于,包括处理器、收发器、存储器及总线,所述处理器及所述存储器通过所述总线相互连接;A server for use as a first server, comprising: a processor, a transceiver, a memory, and a bus, wherein the processor and the memory are connected to each other through the bus;
    所述处理器,用于通过收发器接收用户设备发送的连接请求消息,与所述用户设备建立连接,所述连接请求消息包括第一地址或者第二地址;其中,所述第一地址和所述第二地址包括网络层地址和传输层地址,所述第一地址的传输层地址和所述第二地址的传输层地址不同;The processor is configured to receive, by using a transceiver, a connection request message sent by the user equipment, to establish a connection with the user equipment, where the connection request message includes a first address or a second address, where the first address and the The second address includes a network layer address and a transport layer address, and the transport layer address of the first address and the transport layer address of the second address are different;
    所述收发器,还用于通过所述连接与所述用户设备进行非加密通信和/或加密通信。The transceiver is further configured to perform non-encrypted communication and/or encrypted communication with the user equipment through the connection.
  45. 根据权利要求44所述的服务器,其特征在于,A server according to claim 44, wherein
    所述处理器,具体用于通过所述收发器接收所述用户设备发送的第一连接请求消息,与所述用户设备建立第一连接,其中所述第一连接请求消息包括所述第一地址;The processor is configured to receive, by using the transceiver, a first connection request message sent by the user equipment, and establish a first connection with the user equipment, where the first connection request message includes the first address ;
    所述收发器,具体用于通过所述第一连接与所述用户设备进行非加密通信。 The transceiver is specifically configured to perform non-encrypted communication with the user equipment by using the first connection.
  46. 根据权利要求44或45所述的服务器,其特征在于,A server according to claim 44 or 45, wherein
    所述处理器,具体还用于通过所述收发器接收所述用户设备发送的第二连接请求消息,与所述用户设备建立第二连接,其中所述第二连接请求消息包括所述第二地址;The processor is further configured to receive, by the transceiver, a second connection request message sent by the user equipment, to establish a second connection with the user equipment, where the second connection request message includes the second address;
    所述收发器,具体还用于通过所述第二连接与所述用户设备进行加密通信。The transceiver is further configured to perform encrypted communication with the user equipment by using the second connection.
  47. 根据权利要求46所述的服务器,其特征在于,在所述第一连接和所述第二连接其中之一建立之后,The server according to claim 46, after one of said first connection and said second connection is established,
    所述处理器,还用于在接收所述用户设备发送的第一连接请求消息之前,如果所述第二连接已经建立,则断开所述第二连接;或者,The processor is further configured to: before receiving the first connection request message sent by the user equipment, disconnect the second connection if the second connection has been established; or
    所述处理器,还用于在接收所述用户设备发送的第二连接请求消息之前,如果所述第一连接已经建立,则断开所述第一连接。The processor is further configured to disconnect the first connection if the first connection has been established before receiving the second connection request message sent by the user equipment.
  48. 根据权利要求47所述的服务器,其特征在于,A server according to claim 47, wherein
    所述收发器,还用于通过所述第一连接向所述用户设备发送加密通信请求;The transceiver is further configured to send an encrypted communication request to the user equipment by using the first connection;
    所述处理器,还用于断开所述第一连接并建立所述第二连接;The processor is further configured to disconnect the first connection and establish the second connection;
    所述收发器,还用于根据所述所述加密通信请求通过所述第二连接与所述第一服务器进行加密通信。The transceiver is further configured to perform encrypted communication with the first server by using the second connection according to the encrypted communication request.
  49. 根据权利要求47所述的服务器,其特征在于,A server according to claim 47, wherein
    所述收发器,还用于通过所述第二连接向所述用户设备发送加密通信完成的指示消息;The transceiver is further configured to send, by using the second connection, an indication message that the encrypted communication is completed to the user equipment;
    所述处理器,还用于断开所述第二连接并建立所述第一连接。The processor is further configured to disconnect the second connection and establish the first connection.
  50. 根据权利要求45-49任一项所述的服务器,其特征在于,A server according to any one of claims 45 to 49, characterized in that
    所述收发器,还用于接收所述用户设备通过所述第一连接发送的定制信息,所述定制信息用于指示所述用户设备所定制的加密通信内容。The transceiver is further configured to receive customized information that is sent by the user equipment by using the first connection, where the customized information is used to indicate encrypted communication content customized by the user equipment.
  51. 根据权利要求45-49任一项所述的服务器,其特征在于,A server according to any one of claims 45 to 49, characterized in that
    所述收发器,还用于接收所述用户设备通过所述第一连接发送的心跳消息,以保持所述第一连接。 The transceiver is further configured to receive a heartbeat message sent by the user equipment by using the first connection to maintain the first connection.
  52. 一种数据传输系统,其特征在于,A data transmission system, characterized in that
    包括用户设备和服务器;Including user equipment and servers;
    其中,所述用户设备为权利要求18-26任一项所述的用户设备;The user equipment is the user equipment according to any one of claims 18-26;
    所述服务器为权利要求27-34任一项所述的服务器。The server is the server of any one of claims 27-34.
  53. 一种数据传输系统,其特征在于,A data transmission system, characterized in that
    包括用户设备和服务器;Including user equipment and servers;
    其中,所述用户设备为权利要求35-43任一项所述的用户设备;The user equipment is the user equipment according to any one of claims 35-43;
    所述服务器为权利要求44-51任一项所述的服务器。 The server is the server of any of claims 44-51.
PCT/CN2015/082071 2015-06-23 2015-06-23 Data transmission method, device and system WO2016205998A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2015/082071 WO2016205998A1 (en) 2015-06-23 2015-06-23 Data transmission method, device and system
CN201580029578.2A CN106797308A (en) 2015-06-23 2015-06-23 A kind of data transmission method, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/082071 WO2016205998A1 (en) 2015-06-23 2015-06-23 Data transmission method, device and system

Publications (1)

Publication Number Publication Date
WO2016205998A1 true WO2016205998A1 (en) 2016-12-29

Family

ID=57586087

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/082071 WO2016205998A1 (en) 2015-06-23 2015-06-23 Data transmission method, device and system

Country Status (2)

Country Link
CN (1) CN106797308A (en)
WO (1) WO2016205998A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115022032A (en) * 2022-05-31 2022-09-06 中国电信股份有限公司 Communication method, security edge protection agent, and communication system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112437424A (en) * 2020-12-03 2021-03-02 北京慕华信息科技有限公司 Communication method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004036867A1 (en) * 2002-10-18 2004-04-29 The University Of Lancaster Multi-path secured network communication
CN101088245B (en) * 2004-12-07 2013-06-12 思科技术公司 Performing security functions on a message payload in a network element
US8607300B2 (en) * 2006-07-18 2013-12-10 Genband Us Llc Network security policy mediation

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101052034A (en) * 2006-04-19 2007-10-10 华为技术有限公司 Method and system for transmitting network event journal protocol message
US8059817B2 (en) * 2006-06-20 2011-11-15 Motorola Solutions, Inc. Method and apparatus for encrypted communications using IPsec keys
KR101541911B1 (en) * 2008-07-16 2015-08-06 삼성전자주식회사 Devices and methods that provide security services in the user interface
JP2010200300A (en) * 2009-01-28 2010-09-09 Meidensha Corp Tcp communication scheme
CN101778045B (en) * 2010-01-27 2012-07-04 成都市华为赛门铁克科技有限公司 Message transmission method, device and network system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004036867A1 (en) * 2002-10-18 2004-04-29 The University Of Lancaster Multi-path secured network communication
CN101088245B (en) * 2004-12-07 2013-06-12 思科技术公司 Performing security functions on a message payload in a network element
US8607300B2 (en) * 2006-07-18 2013-12-10 Genband Us Llc Network security policy mediation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115022032A (en) * 2022-05-31 2022-09-06 中国电信股份有限公司 Communication method, security edge protection agent, and communication system
CN115022032B (en) * 2022-05-31 2024-12-31 中国电信股份有限公司 Communication method, security edge protection agent and communication system

Also Published As

Publication number Publication date
CN106797308A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
US11140162B2 (en) Response method and system in virtual network computing authentication, and proxy server
JP5293580B2 (en) Web service system, web service method and program
CN108540433B (en) User identity verification method and device
CN104580406B (en) A kind of method and apparatus of synchronous logging state
EP3286889B1 (en) Secure in-band service detection
CN109995713A (en) Service processing method and relevant device in a kind of micro services frame
WO2017024842A1 (en) Internet access authentication method, client, computer storage medium
CN106790420B (en) A kind of more session channel method for building up and system
CN105577632B (en) A kind of safe networking methods and terminal based on Network Isolation
US11070533B2 (en) Encrypted server name indication inspection
US9954825B2 (en) Secure virtual machine
EP2518972A1 (en) System and method for device addressing
US20190312937A1 (en) System and method for improving efficiency of ssl/tls connections
CN110019104B (en) File resource exchange method, file resource server and file exchange system
CN105828454B (en) A method and device for connecting to a network, and a WIFI routing device
CN105162802B (en) Portal authentication method and certificate server
CN105591959A (en) A system and method for load balancing using SSL session reuse
US20170269953A1 (en) Virtual machine safehold
CN103501338B (en) A kind of lock restoration methods, equipment and NFS
CN110417632B (en) Network communication method, system and server
CN105282153A (en) Method for achieving data transmission and terminal equipment
CN111726328B (en) Method, system and related device for remotely accessing a first device
WO2016205998A1 (en) Data transmission method, device and system
CN108898026A (en) Data ciphering method and device
EP2725757A1 (en) TLS protocol extension

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15895898

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15895898

Country of ref document: EP

Kind code of ref document: A1