本申請涉及計算機領域,尤其涉及數據傳輸控制方法、系統、控制設備及可讀存儲介質。This application relates to the field of computers, and more particularly to a data transmission control method, system, control device, and readable storage medium.
隨著通信技術的發展,通過網絡傳輸數據信息已成為人們進行信息交流的重要方式。目前,網絡中如客戶端和服務端等不同端間的數據傳輸多採用TCP/IP(Transmission Control Protocol/Internet Protocol,傳輸控制協議/網際協議(也叫網絡通信協議))來實現,但由於TCP/IP協議在設計時缺乏傳輸安全的考慮,為此存在無法對傳輸的數據內容進行安全性管理;且因其是開放的、雙向的,還存在網絡中的設備容易遭到惡意攻擊、數據易洩露的問題。With the advancement of communication technology, transmitting data and information over networks has become a crucial means of exchanging information. Currently, data transmission between different endpoints in a network, such as clients and servers, is mostly implemented using TCP/IP (Transmission Control Protocol/Internet Protocol, also known as the network communication protocol). However, due to its lack of transmission security considerations during its design, TCP/IP lacks security management capabilities for the content of transmitted data. Furthermore, its open, two-way nature leaves networked devices vulnerable to malicious attacks and data leaks.
鑒於上述問題,本申請實施例提供能至少部分改善或解決現有問題的數據傳輸控制方法、系統、控制設備及可讀存儲介質。In view of the above problems, the embodiments of the present application provide a data transmission control method, system, control device and readable storage medium that can at least partially improve or solve the existing problems.
在本申請的一個實施例中,提供了一種數據傳輸控制方法,適於基於第一通信協議與第一端通信連接的控制設備,第一通信協議包含的多個通信節點中部分通信節點為單向通信節點;該方法包括:In one embodiment of the present application, a data transmission control method is provided, applicable to a control device that is communicatively connected to a first end based on a first communication protocol, wherein some of the multiple communication nodes included in the first communication protocol are unidirectional communication nodes; the method comprises:
響應於針對第一端觸發的控制設備上通信節點配置操作,確定第一配置信息;其中,第一配置信息中包含的通信節點為第一通信協議中的通信節點;In response to a communication node configuration operation on the control device triggered by the first end, determining first configuration information; wherein the communication node included in the first configuration information is a communication node in the first communication protocol;
在與第一端非握手連接數據傳輸過程中,根據第一配置信息,針對第一端啟動的至少一個第一通信節點;第一通信節點為與第一端通信協議中的通信節點,用於非握手連接過程中與第一端的數據交互;第一通信節點所屬的節點類型能反映第一通信節點對第一端使能的數據傳輸功能;During a non-handshake data transmission process with a first end, at least one first communication node is activated for the first end according to first configuration information; the first communication node is a communication node in a communication protocol with the first end, and is used to exchange data with the first end during the non-handshake connection process; the node type of the first communication node can reflect the data transmission function enabled by the first communication node for the first end;
根據每個第一通信節點所屬的節點類型,控制第一端通過每個第一通信節點所能進行的數據傳輸能力。According to the node type of each first communication node, the data transmission capability of the first end through each first communication node is controlled.
在本申請的另一個實施例中,還提供了一種數據傳輸控制系統,該系統包括:In another embodiment of the present application, a data transmission control system is provided, comprising:
第一端;First end;
第一控制設備,基於第一通信協議與第一端通信連接,第一通信協議包含的多個通信節點中部分通信節點為單向通信節點;第一控制設備用於響應於針對第一端觸發的控制設備上通信節點配置操作,確定第一配置信息;其中,第一配置信息中包含的通信節點為第一通信協議中的通信節點;在與第一端非握手連接數據傳輸過程中,根據第一配置信息,針對第一端啟動至少一個第一通信節點;第一通信節點所屬的節點類型能反映第一通信節點對第一端使能的數據傳輸功能;根據每個第一通信節點所屬的節點類型,控制第一端通過每個第一通信節點所能進行的數據傳輸能力。A first control device is communicatively connected to a first end based on a first communication protocol, wherein some of the multiple communication nodes included in the first communication protocol are unidirectional communication nodes; the first control device is configured to determine first configuration information in response to a communication node configuration operation on the control device triggered for the first end; wherein the communication nodes included in the first configuration information are communication nodes in the first communication protocol; during a non-handshake data transmission process with the first end, at least one first communication node is activated for the first end according to the first configuration information; the node type to which the first communication node belongs can reflect the data transmission function enabled by the first communication node to the first end; and according to the node type to which each first communication node belongs, the data transmission capability of the first end through each first communication node is controlled.
在本申請的又一個實施例中,還提供了一種數據傳輸控制系統,該系統包括:In another embodiment of the present application, a data transmission control system is provided, comprising:
第一端;First end;
第一控制設備,基於第一通信協議與第一端通信連接,第一通信協議包含的多個通信節點中部分通信節點為單向通信節點;第一控制設備用於響應於針對第一端觸發的控制設備上通信節點配置操作,確定第一配置信息;其中,第一配置信息中包含的通信節點為第一通信協議中的通信節點;在與第一端非握手連接數據傳輸過程中,根據第一配置信息,針對第一端啟動至少一個第一通信節點;第一通信節點所屬的節點類型能反映第一通信節點對第一端使能的數據傳輸功能;根據每個第一通信節點所屬的節點類型,控制第一端通過每個第一通信節點所能進行的數據傳輸能力;A first control device is communicatively connected to a first end based on a first communication protocol, wherein some of the multiple communication nodes included in the first communication protocol are unidirectional communication nodes; the first control device is configured to determine first configuration information in response to a communication node configuration operation triggered on the control device for the first end; wherein the communication nodes included in the first configuration information are communication nodes in the first communication protocol; during data transmission in a non-handshake connection with the first end, at least one first communication node is activated for the first end based on the first configuration information; the node type of the first communication node can reflect a data transmission function enabled by the first communication node to the first end; and based on the node type of each first communication node, the data transmission capability of the first end through each first communication node is controlled;
第二控制設備,與第一控制設備和第二端通信連接,用於在接收到第一控制設備發送過來的數據時,對數據進行校驗;校驗通過後,將數據發送至第二端;The second control device is communicatively connected to the first control device and the second end, and is configured to verify the data when receiving the data sent by the first control device; after passing the verification, the data is sent to the second end;
第二端,用於接收第二控制設備發送的數據。The second end is used to receive data sent by the second control device.
在本申請的又一個實施例中,還提供了一種控制設備,該控制設備包括:處理器及存儲器,其中,存儲器,用於存儲一條或多條計算機指令;處理器,與存儲器耦合,用於執行一條或多條計算機指令,以用於實現上述本申請實施例提供的數據傳輸控制方法中的步驟。In another embodiment of the present application, a control device is provided, which includes: a processor and a memory, wherein the memory is used to store one or more computer instructions; the processor is coupled to the memory and is used to execute one or more computer instructions to implement the steps in the data transmission control method provided in the above-mentioned embodiment of the present application.
在本申請的又一個實施例中,還提供了一種計算機可讀存儲介質,該計算機可讀存儲介質包括:計算機程序或指令,當計算機程序或指令被處理器執行時,能實現上述本申請實施例提供的數據傳輸控制方法中的步驟。In another embodiment of the present application, a computer-readable storage medium is provided, which includes a computer program or instruction. When the computer program or instruction is executed by a processor, the steps of the data transmission control method provided in the above embodiment of the present application can be implemented.
綜上本申請提供的所有實施例,可見:Taking into account all the embodiments provided in this application, it can be seen that:
本申請實施例提供的技術方案,控制設備基於第一通信協議與第一端通信連接,第一通信協議包含的多個通信節點中部分通信節點為單向通信節點。以及與第一端通信連接的控制設備會先響應於針對第一端觸發的控制設備上通信節點配置操作,確定第一配置信息,第一配置信息中包含的通信節點為第一通信協議中的通信節點;之後,根據第一配置信息,會先針對第一端啟動至少一個第一通信節點,第一通信節點所屬的節點類型能反映第一通信節點對第一端使能的數據傳輸功能;進一步地,可根據每個第一通信節點所屬的節點類型,控制第一端通過每個第一通信節點所能進行的數據傳輸能力。本方案基於通信協議的約束,通過軟件控制的方式針對第一端實現了通信節點啟動控制,從而借助通信節點實現了對第一端的數據傳輸能力控制,比如控制第一端能單向上行數據、或能單向下行數據、或能上行數據和下行數據,構建簡單、實現成本低,且利於根據第一端上不同的應用服務需求,靈活配置第一端的上下行數據傳輸能力,而無需同現有方案中的光閘等,需進一步佈設相應的物理接口才能實現按需進行傳輸控制。The technical solution provided by the embodiment of this application is that a control device is communicatively connected to a first end based on a first communication protocol, wherein some of the multiple communication nodes included in the first communication protocol are unidirectional communication nodes. Furthermore, the control device communicatively connected to the first end first responds to a communication node configuration operation triggered on the control device for the first end and determines first configuration information. The communication nodes included in the first configuration information are communication nodes in the first communication protocol. Subsequently, based on the first configuration information, at least one first communication node is activated for the first end. The node type of the first communication node can reflect the data transmission function enabled by the first communication node to the first end. Furthermore, based on the node type of each first communication node, the data transmission capability of the first end through each first communication node can be controlled. Based on the constraints of the communication protocol, this solution implements communication node startup control for the first end through software control. This, in turn, uses the communication node to control the first end's data transmission capabilities. For example, the first end can be controlled to transmit uplink data unilaterally, downlink data unilaterally, or both uplink and downlink data. This solution is simple to construct and has low implementation costs. It also facilitates flexible configuration of the first end's uplink and downlink data transmission capabilities based on the different application service requirements of the first end. It does not require the further deployment of corresponding physical interfaces such as optical gates in existing solutions to achieve on-demand transmission control.
目前,不同端間在通過網絡傳輸數據信息時,多是採用TCP/IP協議並借助於部署在不同端間的網絡設備(如交換機、路由器)來實現。例如,參見圖1,第一端與第二端間採用TCP/IP協議進行傳輸數據的過程如下:以第一端為客戶端、第二端為服務端、客戶端請求服務端上的數據資源為例,客戶端輸入部署在服務端的網站的域名www.####.com,並針對域名www.####.com向DNS(Domain Name System,域名解析服務器)(圖中未示出)發送一個請求,DNS將域名www.####.com解析成服務端的IP地址(為目標IP地址)反饋給客戶端;客戶端根據自身的IP地址(為源IP地址)、目標IP地址及請求參數(即為具體待傳輸的一數據塊)生成一個請求報文,由於該請求報文需要發送給服務端所處的另一個子網(為目標子網)中以發送至服務端,所以請求報文常會先發送至交換機,交換機再將自身的MAC(Medium/Media Access Control)地址和相應網關的MAC地址寫入請求數據包,並寫入完成後,進一步地會根據網關的MAC地址將請求報文發送至網關(為一種特殊的路由器),然後通過路由算法,經過路由器的不斷轉發最終將請求報文發送到目標子網,達到服務端。由上示例可見,現有不同端之間直接採用TCP/IP協議進行數據傳輸,僅是簡單地根據數據傳輸所需用到的如源IP地址、目標IP地址、源MAC地址、目標MCA地址等一些通用信息,來結合待傳輸的數據,生成相應的報文以實現數據傳輸,並未考慮數據傳輸安全性問題,其中,報文中包含的具體內容可參見圖1中示出的報文A包含的具體內容。綜上,從網絡通信協議角度來看,上述所述的不同端之間直接採用TCP/IP協議進行傳輸數據的方案,因TCP/IP協議在設計時缺乏安全性問題的考慮,導致會存在以下幾個問題:Currently, when different terminals transmit data information through the network, they mostly use the TCP/IP protocol and rely on network devices (such as switches and routers) deployed between the different terminals to achieve this. For example, referring to Figure 1, the process of using the TCP/IP protocol to transmit data between the first and second terminals is as follows: For example, the first terminal is the client and the second terminal is the server. The client requests data resources on the server. The client enters the domain name www.####.com of the website deployed on the server, and sends a request to the DNS (Domain Name Server) for the domain name www.####.com. System, domain name resolution server (not shown in the figure) sends a request, DNS resolves the domain name www.####.com into the server's IP address (the target IP address) and feeds it back to the client; the client generates a request message based on its own IP address (the source IP address), the target IP address and the request parameter (that is, a specific data block to be transmitted). Since the request message needs to be sent to another subnet (the target subnet) where the server is located in order to be sent to the server, the request message is often sent to the switch first, and the switch then sends its own MAC (Medium/Media Access The request packet is written with the TCP/IP protocol, along with the TCP/IP control address and the corresponding gateway's MAC address. Once written, the request message is sent to the gateway (a special router) based on the gateway's MAC address. Then, through a routing algorithm, the request message is continuously forwarded by the router, ultimately reaching the target subnet and the server. As can be seen from the above example, existing data transmission between different endpoints directly uses the TCP/IP protocol. This simply combines the data to be transmitted based on some common information required for data transmission, such as the source IP address, destination IP address, source MAC address, and destination MCA address, to generate the corresponding message to achieve data transmission. Data transmission security is not considered. The specific content of the message can be seen in Message A shown in Figure 1. In summary, from the perspective of network communication protocols, the aforementioned solution of directly using the TCP/IP protocol to transmit data between different terminals will have the following problems due to the lack of security considerations in the TCP/IP protocol design:
1、無法對傳輸的數據內容進行安全管理1. Unable to securely manage the content of transmitted data
TCP/IP協議是用於在多個不同網絡間實現數據信息傳輸的協議族,其往往只負責數據的傳輸,並不負責數據傳輸的結果,也無法識別傳輸數據的內容或者類型,這致使了惡意應用可以發起網絡攻擊流量,數據安全無法保證。例如,繼續參見圖1,採用TCP/IP協議的的客戶端和服務端是直接進行通信連接,若客戶端和服務端中的一個端發送了惡意的指令數據,另一個端則也會自動接收並執行(或處理)該指令數據。The TCP/IP protocol is a suite of protocols used to transmit data across multiple networks. It typically only handles data transmission, not the results of that transmission. It also cannot identify the content or type of the data being transmitted. This allows malicious applications to launch network attack traffic, compromising data security. For example, referring to Figure 1, a client and server using the TCP/IP protocol communicate directly. If one client or server sends malicious command data, the other automatically receives and executes (or processes) the command data.
2、無法阻擋惡意攻擊、網絡服務難以管理2. Unable to prevent malicious attacks and difficult to manage network services
由於TCP/IP協議是開放的,同一個網絡內的不同設備是能相互訪問的,這導致了惡意攻擊端(黑客端)可通過控制網絡內的一台設備,將其控制的設備作為跳板機,發起對網絡內其他設備的掃描、攻擊等惡意行為。此外,只要網絡內的一設備開啟了網絡服務端口,就可以被網絡內其他設備訪問,這導致了網絡服務難以管理。例如,繼續參見圖1,若服務端開啟了網絡服務端口,服務端就能被客戶端訪問,進而可能會存在私自搭建FTP(File Transfer Protocol,文件傳輸協議)、文件共享等服務,或開放的服務端可能被惡意客戶端進行訪問、攻擊,或存有惡意行為的服務端攻擊、訪問客戶端,等等。Because the TCP/IP protocol is open, different devices on the same network can access each other. This allows malicious attackers (hackers) to control a single device on the network and use it as a springboard to launch malicious attacks, such as scanning and attacks, against other devices on the network. Furthermore, as long as a device on the network has a network service port open, it can be accessed by other devices on the network, making network services difficult to manage. For example, referring to Figure 1, if a server opens a network service port, the server can be accessed by clients, which may lead to the private establishment of FTP (File Transfer Protocol) and file sharing services. Alternatively, the open server may be accessed and attacked by malicious clients, or a malicious server may attack and access the client, etc.
3、TCP/IP協議的驅動程序是通用的,易導致設備被控制3. The TCP/IP protocol driver is universal, which can easily lead to the device being controlled
TCP/IP協議的驅動程序,一般為計算機設備操作系統的網絡通信通用公共接口(網絡訪問API)程序。該通用公共接口程序一般不受限制,任何程序(如計算機的網絡接口)均可調用,為此常易網絡內的設備被控。例如,若網絡內的一計算機設備被木馬、病毒等惡意軟件控制後,可以直接使用該計算機設備的網卡接口進行通信,導致該計算機設備被控制,甚至該計算機設備可能被控制地向網絡內上的其他設備發起惡意攻擊。TCP/IP protocol drivers are typically the network communication general public interface (API) programs of computer operating systems. These APIs are generally unrestricted and can be called by any program (e.g., a computer's network interface), making it easy for networked devices to be compromised. For example, if a computer on a network is controlled by malicious software such as a Trojan horse or virus, it can directly communicate using the computer's network interface, leading to its control and potential malicious attacks against other devices on the network.
4、存在數據洩露的風險4. There is a risk of data leakage
由於TCP/IP協議是雙向的,採用TCP/IP協議直接通信連接的不同端均能接收和發送數據,為此對於只有接收數據需求的設備端也是可以對外發送數據的,從而易存在數據洩露風險。例如,繼續參見圖1,採用TCP/IP協議直接通信的客戶端和服務端二者是均能接收數據和發送數據的,若假設服務端只有接收數據需求,那麼客戶端在對服務端進行訪問以獲取服務端上的數據時,服務端也是可以響應該客戶端的訪問,向客戶端發送相應數據的,相應地,如果服務端遭到惡意程序控制,也就會造成服務端的數據洩露。Because the TCP/IP protocol is bidirectional, both ends of a direct TCP/IP connection can send and receive data. Therefore, even devices that only need to receive data can send data, creating a risk of data leakage. For example, referring to Figure 1, a client and server communicating directly using the TCP/IP protocol can both send and receive data. If the server only needs to receive data, then when the client accesses the server to obtain data, the server can respond and send data to the client. Consequently, if the server is controlled by malicious software, data leakage on the server could occur.
為解決或部分解決上述不同端直接採用TCP/IP協議進行數據傳輸存在的一些問題,目前主要存有以下幾種解決方案:To partially resolve or solve some of the problems mentioned above when directly using the TCP/IP protocol for data transmission between different ends, there are currently several solutions:
第一種是通過通信硬件保護方案,具體地是:在網絡內部署網絡安全防火牆。現有的各類網絡安全防火牆主要分為如下兩類:訪問控制型防火牆、內容安全型防火牆。訪問控制型防火牆,是通過設置黑白名單(如源IP地址和源端口、目標IP地址(也稱宿IP地址)和目標端口)等策略方式,設置網絡內的不同設備之間能否進行通信。上述訪問控制型防火牆的設置方式,在大型網絡環境下,維護技術人員是難以充分進行訪問控制的,難免會存有疏忽,導致策略設置有漏洞,從而易使惡意者非法訪問網絡內設備。內容安全型防火牆,是以木馬、病毒等惡意程序的樣本數據庫、威脅IP數據庫、可疑行為數據庫等識別方式,對具有的通信內容(如源IP地址和源端口、目標IP地址(也稱宿IP地址)和目標端口、通信數據內容)進行檢測,阻止惡意通信訪問。上述內容安全型防火牆存在的問題是:由於惡意程序、威脅IP等樣本庫往往是對已有的攻擊行為進行分析後的結果,為此會導致發現比較滯後且需要更新,這使得惡意者可以利用更新前對應的時間差進行發起攻擊;此外,也無法對未知的惡意行為進行檢測發現。而且,由於防火牆一般為公開售賣或公開下載,這使得惡意者可基於防火牆的樣本庫等進行分析,通過對惡意程序的程序特徵、數據流量特徵等進行修改方式,繞過防火牆(「兔殺」技術)實施攻擊。另外,網絡系統的應用程序之間的傳輸協議是私有的,由開發商自行約定,由於開發商眾多,網絡系統複雜多變,防火牆難以一一進行協議分析,導致幾乎無法對通訊內容進行有效的解析、審計或攔截。The first method involves implementing a communication hardware protection solution, specifically deploying a network security firewall within the network. Existing network security firewalls are primarily categorized into two types: access-controlled firewalls and content-security firewalls. Access-controlled firewalls control communication between devices within the network by setting policies such as blacklists and whitelists (e.g., source IP addresses and source ports, destination IP addresses (also known as sink IP addresses) and destination ports). However, in large networks, this access-controlled firewall setup makes it difficult for maintenance technicians to fully implement access control. This inevitably leads to oversights, resulting in loopholes in policy settings and potentially allowing malicious actors to illegally access devices within the network. Content security firewalls use databases of malware samples, threat IP addresses, and suspicious behavior to detect and block malicious communications (such as source IP addresses and ports, destination IP addresses (also known as sink IP addresses) and ports, and data content). These databases are based on samples of malware, such as Trojans and viruses, threat IP addresses, and suspicious behavior databases. However, these content security firewalls often rely on analysis of existing attack patterns. This leads to delayed detection and the need for updates, allowing malicious actors to exploit the time difference between updates and launch attacks. Furthermore, these firewalls are unable to detect unknown malicious activity. Furthermore, since firewalls are generally sold or downloaded publicly, malicious actors can analyze them based on their sample libraries and modify the malicious program's program features and data flow characteristics to circumvent the firewall ("rabbit-killing" techniques) and launch attacks. Furthermore, the transmission protocols between applications on network systems are proprietary and independently agreed upon by the developers. Due to the large number of developers and the complexity and variability of network systems, firewalls are unable to perform protocol analysis on a per-protocol basis, making it nearly impossible to effectively analyze, audit, or intercept communication content.
第二種是通過對設備進行安全保護方案,具體地為:可在設備上安裝安全保護軟件。例如,繼續參見圖1,可使用在服務端或客戶端上安裝殺毒軟件、部署安全控制管理系統或域控配置等方式,來保證服務端或客戶端的安全。上述採用殺毒軟件的方式存在的問題為內容安全型防火牆存在的問題類似,只能查殺已有的病毒或惡意行為,並也能被惡意者通過修改惡意程序的程序特徵、數據流量特徵等方式,繞過殺毒軟件實施攻擊。佈署安全控制管理系統或域控配置等方式,是將網絡內的普通設備的操作權限交由主控設備來控制,以實現普通設備的接入控制、訪問資源控制或下發軟件更新包等等。但是,當主控設備被惡意者攻擊控制後,所有的普通設備存在可能被全部惡意控制的風險。The second approach is to implement device security solutions. Specifically, security software can be installed on the device. For example, referring to Figure 1, this can be achieved by installing antivirus software on the server or client, deploying a security control management system, or configuring a domain controller. The problems associated with using antivirus software are similar to those of content security firewalls. They can only detect and eliminate existing viruses or malicious activity, and malicious actors can also circumvent antivirus software by modifying the malware's program characteristics or data traffic patterns to launch attacks. Deploying a security control management system or domain controller configuration delegates the operational permissions of common network devices to a master control device, enabling access control, resource control, and software update distribution. However, if a malicious actor were to compromise the master control device, all common devices could be compromised.
第三種是通過物理隔絕的控制方式來滿足網絡內存在數據單向傳輸需求的設備。例如,在一些對網絡安全有較高需求的數據傳輸應用場景中常要求網絡數據單向傳輸,針對此場景,目前便常採用物理隔絕的控制方式來控制實現網絡數據單向傳輸,但這種方式需要借助的諸如單向光閘、光碼(二維碼)等物理上的單向傳輸控制設備,這會涉及到通信的物理層面上的改造,此外還存有以下幾個問題:The third type is devices that meet the need for unidirectional data transmission within the network through physical isolation control methods. For example, in some data transmission application scenarios with high network security requirements, unidirectional network data transmission is often required. To address this scenario, physical isolation control methods are currently often used to control and achieve unidirectional network data transmission. However, this method requires the use of physical unidirectional transmission control devices such as one-way optical gates and optical codes (QR codes). This involves modifications to the physical layer of communication and also has the following problems:
1)利用諸如單向傳輸控制設備(比如光閘、光碼(二維碼))等來實現數據單向傳輸控制時,由於是通過物理隔絕的控制方式實現數據單向傳輸,為此在物理上僅能單一性地控制實現數據的單向接收或單向發送,並無法實現根據不同的服務需求進行數據的單向發送、或者單向接收、或者雙向傳輸等的靈活配置。例如,單向光閘等往往是根據數據傳輸控制需求,佈設相應的物理接口,以此通過物理接口來實現單向傳輸控制,該物理上的限制,使得單向光閘等出廠很難再改變其功能,為此難以通過單向光閘等根據實際數據傳輸控制需求,靈活控制第一端所能進行的數據傳輸能力。1) When using one-way transmission control devices (such as optical gates and optical codes (QR codes)) to implement unidirectional data transmission control, this is achieved through physical isolation. Therefore, they can only physically control one-way data reception or transmission, and cannot be flexibly configured to support unidirectional transmission, reception, or bidirectional transmission based on different service requirements. For example, one-way optical gates often have corresponding physical interfaces configured based on data transmission control requirements to implement unidirectional transmission control. This physical limitation makes it difficult to modify the function of one-way optical gates after they leave the factory, making it difficult to flexibly control the data transmission capacity of the first end based on actual data transmission control requirements.
2)上述所述的單向傳輸控制設備往往構造比較複雜(比如設備需要光模塊、分光模塊、或者需要圖片的顯示或接收模塊等),設備製造成本高、設備體積大、配置複雜、適用範圍具有局限性(適用範圍較小),同時也需要多台服務器進行配合,一般僅部署在大型網絡的交換機接入邊界(網絡級部署)。例如,需要數據從內網傳出和從外網傳入,並還需要部署兩套包括外網服務器、單向光閘設備、內網交換服務器的傳輸系統,部署成本高;同時由於是網絡級部署,對數據交換的需求進行調整時較為複雜;並且由於是網絡級部署,只負責內外網間的數據交換,對網絡內的單台終端設備並起不到數據安全控制的作用。進一步的,受限於成本、設備體積等因素限制,在單台客戶端或服務端(單機級部署)使用場景基本上不會配備單向傳輸控制設備(如員工的辦公計算機、應用服務器等),為此這常導致難以對單個終端數據的安全進行有效的控制管理。2) The one-way transmission control equipment described above is often complex in structure (for example, the equipment requires optical modules, splitter modules, or image display or reception modules, etc.), with high manufacturing costs, large equipment size, complex configuration, and limited applicability (a small scope of application). It also requires multiple servers for coordination and is generally only deployed at the switch access edge of large networks (network-level deployment). For example, if data needs to be transferred both from the intranet and from the extranet, two transmission systems, including extranet servers, one-way optical gateways, and intranet switching servers, need to be deployed, resulting in high deployment costs. Furthermore, since this is a network-level deployment, adjusting data exchange requirements is complex. Furthermore, since this is a network-level deployment, it only manages data exchange between the intranet and extranet, and cannot provide data security control for individual end-point devices within the network. Furthermore, due to factors such as cost and device size, one-way transmission control devices are rarely deployed on single client or server devices (such as employee office computers or application servers). This often makes it difficult to effectively control the security of individual end-point data.
上述所述的單向光閘是一種可將數據信息從低密網(公網)單向可靠地傳輸到高密網(內網/專網)的設備。The one-way optical gate mentioned above is a device that can reliably transmit data information from a low-density network (public network) to a high-density network (intranet/private network) in one direction.
綜上分析,為解決現有的網絡通信協議(TCP/IP協議)、網絡安全保護措施、安全防護軟件等存在的問題,本申請各實施例提供了新的數據傳輸技術方案。具體地如下:Based on the above analysis, in order to solve the problems existing in existing network communication protocols (TCP/IP protocol), network security protection measures, and security protection software, each embodiment of this application provides a new data transmission technology solution. Specifically, it is as follows:
一技術方案為:利用基於待傳輸數據所屬的傳輸事務的事務信息,為待傳輸數據所確定出的目標頭信息,對待傳輸數據進行結構化,使用結構化後的待傳輸數據在網絡中進行傳輸。通過上述方案,可保障只有符合特定結構化規則要求的數據才允許在網絡中傳輸交換,能夠以較為簡單、低成本的方式來實現對傳輸數據內容的安全性管理、可有效增強數據傳輸過程中數據安全的防護和控制能力。One technical solution utilizes transaction information from the transaction to which the data belongs to determine the target header information for the data to be transmitted. This structured data is then used for network transmission. This solution ensures that only data that meets specific structuring rules is allowed to be transmitted and exchanged on the network. This approach enables simple and cost-effective security management of transmitted data content, effectively enhancing data security protection and control capabilities during transmission.
另一技術方案為:利用預置字符串(或預置標識)來隱藏相應端的地址信息,使得數據發起端無法獲知目標端的地址,能保護目標端的地址信息;且既使發起端被惡意控制後,也無法對網絡上的其他設備進行掃描、探測等,可有效避免惡意攻擊。Another technical solution is to use a preset string (or preset identifier) to hide the address information of the corresponding end. This prevents the data originator from knowing the address of the target end, thus protecting the target end's address information. Even if the originator is maliciously controlled, it cannot scan or detect other devices on the network, effectively preventing malicious attacks.
又一技術方案為:控制設備基於與某一端間的通信協議,實現該某一端對另一目標端所能進行的數據傳輸能力控制,比如控制僅能單向上行數據傳輸、或僅能單向下行數據傳輸、或能雙向的上行和下行數據傳輸。相比於現存的採用物理隔絕的控制方式來控制實現不同端間的數據單向傳輸,採用本申請提供的方案實現如數據的單向傳輸等功能,構建簡單、實現成本低,而且還能靈活調整不同端間的通信方向(也即數據傳輸方向),換句話也就是說,能根據不同的服務需求進行數據的單向發送、或者單向接收、或者雙向傳輸等的靈活配置,可應用於單向數據傳輸、安全性要求較強的場景。Another technical solution is that the control device controls the data transmission capabilities of a certain end to another target end based on the communication protocol between the control device and the other end, such as controlling only unidirectional uplink data transmission, only unidirectional downlink data transmission, or bidirectional uplink and downlink data transmission. Compared with the existing control method that uses physical isolation to control and achieve unidirectional data transmission between different ends, the solution provided by this application to achieve functions such as unidirectional data transmission is simple to construct and has low implementation costs. It can also flexibly adjust the communication direction (i.e., data transmission direction) between different ends. In other words, it can be flexibly configured to perform unidirectional data transmission, unidirectional reception, or bidirectional transmission according to different service requirements. It can be applied to scenarios with unidirectional data transmission and strong security requirements.
需補充說明的是:上述三種技術方案的其各個實施例中,基於本發明的構思,可以單獨使用,也可以混合使用,也可以互相合併使用,也可以重新拆分組合使用,本申請對此不作限定。此外,本申請方案實現低成本的安全控制,適用範圍廣,除TCP/IP協議外,還可以應用於各類數據傳輸協議。It should be noted that, based on the concepts of the present invention, the above three technical solutions in their respective embodiments can be used individually, mixed, combined, or re-split and combined, and this application does not impose any limitations thereto. Furthermore, this application solution achieves low-cost security control and has a wide range of applicability. In addition to the TCP/IP protocol, it can also be applied to various data transmission protocols.
為了使所屬技術領域中具有通常知識者更好地理解本申請方案,下面將結合本申請實施例中的圖式,對本申請實施例中的技術方案進行清楚、完整地描述。In order to enable people with general knowledge in the relevant technical field to better understand the solution of this application, the technical solution in the embodiment of this application will be clearly and completely described below in combination with the drawings in the embodiment of this application.
在介紹本申請方案之前,先對本申請整體上涉及的一些名稱進行解釋聲明一下:Before introducing this application, we would like to explain some of the terms involved in this application:
「預置標識」和「預置字符串」都是通信標識符,只是在不同實施例中對「通信標識符」採用了不同的表述而已。主要用於指示目標地址信息,根據不同的實施例,其具體的表現形式可以為字符串、二進制值等,其生成方式可以為隨機值、特定規則值、或者直接為目標地址信息等,此處不進行限定,主要作用可以起到隱藏目標地址,在不隱藏目標地址效果的情況下,也可以為目標地址的相關信息。為此,「預置標識」和「預置字符串」互為等同,有關二者相關內容可相互參考,為避免贅述,本申請一般不對兩者進行同時表述。此外,在一些實施例中,基於「預置標識」的情況下,也和傳輸事務屬性(具有指示目標地址信息)等同,例如,控制設備基於與某一端間的通信協議方案的部分實施例中,雖然是基於「預置標識」進行表述的,但實際上也可以為「傳輸事務屬性」等作為等同,為避免贅述,使用「預置標識」作為代替說明。Both "preset identifier" and "preset string" are communication identifiers, but different expressions are used for "communication identifier" in different embodiments. They are mainly used to indicate target address information. Depending on the embodiment, their specific form can be a string, a binary value, etc., and their generation method can be a random value, a specific rule value, or directly the target address information, etc., which is not limited here. Their main function is to hide the target address. If the target address is not hidden, they can also be related information of the target address. For this reason, "preset identifier" and "preset string" are equivalent to each other, and the relevant content of the two can be referenced to each other. To avoid redundancy, this application generally does not describe the two at the same time. In addition, in some embodiments, based on the "preset identifier", it is also equivalent to the transmission transaction attribute (with information indicating the target address). For example, in some embodiments of the control device based on the communication protocol scheme with a certain end, although it is expressed based on the "preset identifier", it can actually be equivalent to the "transmission transaction attribute" and so on. To avoid redundancy, "preset identifier" is used as an alternative explanation.
在介紹本申請提供的方法實施例之前,先對本申請提供的技術方案可基於的系統架構進行說明。Before introducing the method embodiments provided by this application, the system architecture on which the technical solution provided by this application can be based is explained.
具體的,本申請實施例提供的方法可基於圖3a-1至圖5e所示的系統架構實現。如圖3a-1所示的本申請一實施例提供的數據傳輸系統的結構示意圖,所述數據傳輸系統包括:第一端10和第二端20,其中,Specifically, the method provided in the embodiment of the present application can be implemented based on the system architecture shown in Figures 3a-1 to 5e. As shown in Figure 3a-1, the structure diagram of the data transmission system provided in the first embodiment of the present application includes: a first end 10 and a second end 20, wherein:
第一端10,用於確定第一數據流對應第一傳輸事務的第一事務信息;在需向所述第二端20傳輸所述第一數據流的第一數據塊時,基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;將所述第一報文發送至所述第二端20;其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求;The first end 10 is configured to determine first transaction information of a first transmission transaction corresponding to a first data stream; when transmitting a first data block of the first data stream to the second end 20, determine first destination header information corresponding to the first data block based on the first transaction information; generate a first message to be sent based on the first data block and the first destination header information; and send the first message to the second end 20; wherein the first destination header information is used to verify whether the first message meets requirements;
第二端20,用於對接收到的所述第一報文包含的第一目標頭信息進行校驗,確定所述第一報文是否符合要求;符合要求時,從所述第一報文中獲取並緩存所述第一數據塊。The second end 20 is configured to verify the first destination header information included in the received first message to determine whether the first message meets the requirements; if it meets the requirements, obtain and cache the first data block from the first message.
具體實施時,上述第一端10和第二端20為需進行數據交換的數據端,二者類型可以相同,也可以不同。例如,第一端10和第二端20中的一個可為客戶端,另一個可為服務端;或者,第一端10和第二端20均為客戶端;或者,第一端10和第二端20均為服務端,此處不作限定。圖3a-1中示意性的示出了第一端10為客戶端、第二端20為服務端的示例。其中,上述客戶端可以是帶有操作系統(或不帶操作系統)的臺式計算機、智能手機、筆記本電腦、平板電腦、工業控制設備、嵌入式設備、智能穿戴設備(如智能手錶)、智能物聯網(Internet of Things,IOT)設備等任意設備,智能物聯網設備可包括但不限於:智能家電設備(如智能音箱、智能冰箱等)、自動駕駛車輛等。上述服務端可以是實體服務器、虛擬服務器、容器服務器、雲端服務平臺等等,本實施例對此不作具體限定。In a specific implementation, the first end 10 and the second end 20 are data ends that need to exchange data. They can be of the same or different types. For example, one of the first end 10 and the second end 20 can be a client and the other can be a server; or both the first end 10 and the second end 20 can be clients; or both the first end 10 and the second end 20 can be servers, without limitation. Figure 3a-1 schematically illustrates an example in which the first end 10 is a client and the second end 20 is a server. The client can be any device, including desktop computers with or without an operating system, smartphones, laptops, tablets, industrial control equipment, embedded devices, smart wearable devices (such as smart watches), and smart Internet of Things (IoT) devices. Smart IoT devices may include, but are not limited to, smart home appliances (such as smart speakers and smart refrigerators) and autonomous vehicles. The server can be a physical server, a virtual server, a container server, a cloud service platform, and so on, and this embodiment does not impose specific limitations on this.
如圖3a-1所示,在第一種可實現的技術方案中,第一端10與第二端20之間仍是採用TCP/IP協議,通過交換機、路由器等中間網絡設備直接通信連接,具體地,第一端10和第二端20各自可通過自身的網絡接口使用TCP/IP協議與相應中間網絡設備通信連接,以此實現二者的通信連接,其中,網絡接口可以是但不限於以太網接口。但是,不同於現有採用TCP/IP協議傳輸數據時,僅簡單地根據數據傳輸所需用到的源IP地址、目標IP地址、源MAC地址、目標MAC地址等一些通用信息及待傳輸的數據塊,生成相應的報文以此實現數據傳輸(具體可參見與圖1相關的內容),本實施例為保障數據傳輸安全性,在需要向第二端20傳輸一個如數據塊a時,會基於該數據塊a所屬的傳輸事務的事務信息,為該數據塊a確定出相應的目標頭信息,進而基於該目標頭信息及數據塊a生成相應待發送的報文以實現數據塊a的傳輸。上述中,數據塊a所屬的傳輸事務是指數據塊a所屬的數據流對應的傳輸事務。上述目標頭信息在報文中所處的位置,可為如下中的任一種:位於報文首(如圖3a-1中示出的通用報文頭)與報文尾(如圖3a-1中示出通用報文尾)之間,位於報文首,位於報文尾。上述所述的目標頭信息位於報文首與報文尾之間,更具體的也就是說,目標頭信息位於報文中的數據區位置(如圖3a-1所示),或者從傳輸協議角度來說,即目標頭信息位於傳輸協議的數據區位置。有關數據塊a在報文中的位置,本申請實施例不作具體限定,一般地,數據塊a是位於報文中的數據區位置。As shown in Figure 3a-1, in the first possible technical solution, the first end 10 and the second end 20 still use the TCP/IP protocol to communicate directly through intermediate network devices such as switches and routers. Specifically, the first end 10 and the second end 20 can each use the TCP/IP protocol to communicate with the corresponding intermediate network device through their own network interfaces to achieve communication between the two. The network interface may be but is not limited to an Ethernet interface. However, unlike conventional data transmission using the TCP/IP protocol, which simply generates a corresponding message based on some common information required for data transmission, such as the source IP address, destination IP address, source MAC address, and destination MAC address, as well as the data block to be transmitted (see Figure 1 for details), this embodiment, to ensure data transmission security, determines corresponding destination header information for data block a based on the transaction information of the transmission transaction to which data block a belongs. Furthermore, based on this destination header information and data block a, a corresponding message to be sent is generated to transmit data block a. In the above description, the transmission transaction to which data block a belongs refers to the transmission transaction corresponding to the data stream to which data block a belongs. The aforementioned destination header information can be located in any of the following locations within the message: between the message header (e.g., the generic message header shown in FIG. 3a-1 ) and the message trailer (e.g., the generic message trailer shown in FIG. 3a-1 ), at the message header, or at the message trailer. The aforementioned location of the destination header information between the message header and the message trailer more specifically means that the destination header information is located in the data area of the message (e.g., FIG. 3a-1 ), or, from the perspective of the transmission protocol, in the data area of the transmission protocol. The present embodiment does not impose any specific restrictions on the location of data block a within the message; generally, data block a is located in the data area of the message.
其中,上述所述的報文首除包括通用報文頭(如以太網首部、TCP/IP協議首部)之外,在其他一些實施例中還可包括自定義首部;以及,和/或上述所述的報文尾除包括通用報文尾(如以太網尾部)之外,在其他一些實施例中還可包括自定義尾部。自定義首部以及自定義尾部,可是用戶根據實際所需自定義的。The message header described above may include not only a common message header (e.g., an Ethernet header or a TCP/IP protocol header) but, in some other embodiments, may also include a custom header. Furthermore, and/or the message trailer described above may include not only a common message trailer (e.g., an Ethernet trailer) but, in some other embodiments, may also include a custom trailer. Custom headers and trailers can be customized by the user based on actual needs.
圖3a-1中示出了數據塊a和對應的目標頭信息均位於報文首與報文尾之間(即均位於數據區位置)的一示例。且在該圖3a-1中示出的示例中,目標頭信息靠近報文首並在數據塊a的左側,當然在其他實例中,目標頭信息也可靠近報文尾並在數據塊a的右側。Figure 3a-1 shows an example where data block a and the corresponding destination header information are both located between the message header and the message footer (i.e., both are located in the data area). In this example, the destination header information is located near the message header and to the left of data block a. However, in other examples, the destination header information may also be located near the message footer and to the right of data block a.
結合圖1可獲知,通用報文頭包括以太網首部、TCP/IP協議首部。其中,TCP/IP協議首部的格式如下表0所示: 表0:TCP/IP協議首部格式
上述保留字段:主要是為以後的新功能或擴展使用的,一般為設置為0,當需要對TCP協議進行擴展以添加新功能時,該保留設置則不為0。The above reserved fields are mainly used for future new functions or extensions and are generally set to 0. When the TCP protocol needs to be extended to add new functions, the reserved setting is not 0.
上述可選選項字段,主要是用於發送方和接收方協商最大報文長度時或在高速網絡環境下作用調節因子時使用,還可用於存放一些其他數據,比如時間戳等數據。The optional option fields are primarily used when the sender and receiver negotiate the maximum message length or when applying a throttling factor in a high-speed network environment. They can also be used to store other data, such as timestamps.
有關TCP/IP協議首部中包含的除保留位、可選選項之外的其他內容詳述,可參見現有相關內容。For details on the contents of the TCP/IP protocol header other than reserved bits and optional options, please refer to the existing related content.
基於此內容,再結合上述所描述的報文首和報文尾可包含的內容以及圖3a-2所示,舉幾個示例,進行解釋說明一下目標頭信息在報文中可位於報文首或報文尾中的原因。具體地:Based on this content, combined with the above description of the content that can be included in the message header and message trailer and Figure 3a-2, we give several examples to explain why the destination header information can be located in the message header or message trailer. Specifically:
示例0A1:可通過對TCP/IP協議首部中包含的一些可被自定義的字段進行協議定義,使得數據塊a的目標頭信息插入報文首。比如,可設置TCP/IP協議首部中的保留字段不為0以擴展得到一新功能,使得可在該保留字段位置處插入數據塊a的目標頭信息。再比如,可根據數據塊a的目標頭信息的數據長度,對TCP/IP協議首部中包含的可選選項字段進行定義,使得可在該可選選項的填充數據位置處插入數據塊a的目標頭信。由此,通過上述可使得數據塊a的目標頭信息位於TCP/IP協議首部,從而達到位於報文首的目的。Example 0A1: By defining customizable fields within the TCP/IP protocol header, the destination header information for data block a can be inserted into the message header. For example, a reserved field within the TCP/IP protocol header can be set to non-zero to expand a new function, allowing the destination header information for data block a to be inserted into the reserved field. For another example, an optional option field within the TCP/IP protocol header can be defined based on the data length of the destination header information for data block a, allowing the destination header information for data block a to be inserted into the padding data position of the optional option. Thus, through the above, the destination header information for data block a can be located within the TCP/IP protocol header, thereby achieving its purpose of being located at the message header.
示例0A2:若報文首中包含自定義首部、且在自定義首部預留有用於插入數據塊a的目標頭信息的字段,可將數據塊a的目標頭信息插入該自定義首部,從而達到使數據塊a的目標頭信息位於報文首的目的。當然,同理,和/或也可令數據塊a插入該自定義首部,從而達到使數據塊a和/或對應的目標頭信息位於報文首的目的。Example 0A2: If the message header includes a custom header, and the custom header reserves a field for inserting data block a's destination header information, data block a's destination header information can be inserted into the custom header, thereby achieving the goal of placing data block a's destination header information at the beginning of the message. Similarly, of course, data block a can also be inserted into the custom header, thereby achieving the goal of placing data block a and/or the corresponding destination header information at the beginning of the message.
示例0A3:若報文尾中包括自定義尾部、且在自定義尾部預留有用於插入數據塊a的目標頭信息的字段,可將數據塊a的目標頭信息插入該自定義尾部,從而達使得數據塊a的目標頭信息位於報文尾的目的。當然,同理,和/或也可令數據塊a插入該自定義首部,從而達到使數據塊a和/或對應的目標頭信息位於報文首的目的。Example 0A3: If the message trailer includes a custom trailer, and a field is reserved in the custom trailer for inserting data block a's destination header information, data block a's destination header information can be inserted into the custom trailer, thereby placing data block a's destination header information at the end of the message. Similarly, data block a can also be inserted into the custom header, thereby placing data block a and/or the corresponding destination header information at the beginning of the message.
這裡需要補充說的是:同通過上述示例0A1~0A3所描述的目標頭信息插入報文首或報文尾的原理,也可將數據塊a插入報文首或報文尾。例如,在上述示例0A1中,也可以同時對上述TCP/IP協議首部中包含的保留字段和可選選項字段進行定義,以實現一個用於插入數據塊a、另一個用於實現插入數據塊a對應的目標頭信息,以此還可實現令數據塊a位於報文首。再例如:可通過定義TCP/IP協議首部中的保留字段或者可選選項字段,實現令數據塊a的目標頭信息插入TCP/IP協議首部;以及,若報文尾中包括自定義尾部、且在自定義尾部預留有用於插入數據塊a的字段,則可將數據塊a插入該自定義尾部,從而達使得數據塊a和對應的目標頭信息一個位於報文首,另一個位於報文尾的目的;而若報文尾中僅包含以太網尾部、或者雖還包含自定義尾部但在該自定義尾部中沒有預留有用於插入數據塊a的字段,這種情況下,數據塊a位於報文首和報文尾之間(即位於報文的數據區位置),達到了使數據塊a和對應的目標頭信息一個位於報文首,另一個位於報文首和報文尾之間的目的。It should be noted that, similar to the principle of inserting destination header information at the beginning or end of a message as described in Examples 0A1-0A3 above, data block a can also be inserted at the beginning or end of a message. For example, in Example 0A1, the reserved fields and optional option fields contained in the TCP/IP protocol header can be defined simultaneously, with one field for inserting data block a and another for inserting the destination header information corresponding to data block a. This can also achieve the goal of placing data block a at the beginning of the message. For another example: by defining a reserved field or an optional option field in the TCP/IP protocol header, the destination header information of data block a can be inserted into the TCP/IP protocol header; and, if the message tail includes a custom tail, and a field for inserting data block a is reserved in the custom tail, data block a can be inserted into the custom tail, thereby achieving the goal of having data block a and the corresponding destination header information be located at the beginning of the message and the other at the end. One is located at the end of the message; if the message tail only contains the Ethernet tail, or if it also contains a custom tail but there is no field reserved in the custom tail for inserting data block a, in this case, data block a is located between the message head and the message tail (that is, located in the data area of the message), achieving the purpose of having data block a and the corresponding target header information be located at the message head and between the message head and the message tail, respectively.
綜上示例可見,只要在報文的報文首和/或報文尾有可選的空位(該空位可是自定義、或相關協議可兼容(如TCP/IP協議首部中的保留字段或可選選項字段),都可以實現將數據(如待傳輸的數據塊a和/或對應的目標頭信息)插入相應的報文首或報文尾。As can be seen from the above examples, as long as there are optional spaces at the beginning and/or end of a message (the spaces can be customized or compatible with relevant protocols (such as reserved fields or optional option fields in the TCP/IP protocol header), data (such as the data block a to be transmitted and/or the corresponding destination header information) can be inserted into the corresponding message beginning or end.
數據流表示一個數據序列,該數據序列中包含一個或多個數據塊,例如,在需傳輸一個較大的文件、或音視頻流、或不特定長度的多媒體流等數據時,往往是將該文件數據劃分成若干個數據塊並將該若干個數據塊組成一個數據序列,以流的方式實現文件、或音視頻流、或不特定長度的多媒體流等傳輸。A data stream represents a data sequence consisting of one or more data blocks. For example, when transmitting a large file, an audio or video stream, or a multimedia stream of indefinite length, the file data is often divided into several data blocks and then combined into a data sequence. This is then streamed.
在本實施例中,傳輸事務是單方向的通信傳輸行為,其表示用於完成一項具體的傳輸工作。具體地,傳輸事務可理解為是一組邏輯上相關聯的傳輸操作,執行一個傳輸操作用於傳輸一個待傳輸的數據塊,其中,傳輸一個待傳輸的數據塊時,會利用本實施例提供的方案針對待傳輸的數據塊生成相應的報文以進行傳輸,有關生成的報文的具體結構格式將在下文展開詳述。例如,參見圖3a-1,第一端10需向第二端20傳輸一個文件數據流(如「財務報表.xls」文件對應的數據流),傳輸該文件數據流便對應一個傳輸事務,執行該傳輸事務中的一個傳輸操作只能傳輸文件數據流中的一個數據塊;進一步地,第二端20在完成文件數據流的接收後,向第一端10返回成功接收到文件數據流的響應信息,便為另一個傳輸事務。由上示例可見,傳輸事務同時還有不同端(如客戶端和服務端)的區別。In this embodiment, a transfer transaction is a unidirectional communication transmission behavior that is used to complete a specific transmission task. Specifically, a transfer transaction can be understood as a set of logically related transfer operations. Each transfer operation is executed to transmit a data block to be transmitted. When transmitting a data block to be transmitted, the solution provided by this embodiment is used to generate a corresponding message for the data block to be transmitted. The specific structure format of the generated message is described in detail below. For example, referring to Figure 3a-1, a first end 10 needs to transmit a file data stream (e.g., the data stream corresponding to the "Financial Report.xls" file) to a second end 20. Transmitting this file data stream corresponds to a transfer transaction, and a transfer operation within this transfer transaction can only transmit a single data block within the file data stream. Furthermore, after receiving the file data stream, the second end 20 returns a response to the first end 10 indicating successful receipt of the file data stream, which constitutes another transfer transaction. As can be seen from the above example, transfer transactions also differ depending on the end (e.g., client and server).
當然可選地,在其他一些實施例中,傳輸事務也可以是雙向的通信傳輸行為,沒有客戶端、服務端等區別,此處不進行限定。Of course, optionally, in some other embodiments, the transmission transaction can also be a two-way communication transmission behavior without distinction between client and server, and this is not limited here.
圖2a示出了傳輸事務的原理性示意圖,其中,示出的報文中包含的結構化頭即為本實施例上下文所述的為相應待傳輸的數據塊確定的目標頭信息,只是在不同描述場景下採用了不同表達方式。圖2b針對圖2a示出了三種不同傳輸方式(第一方式、第二方式、第三方式),有關此三種傳輸方式以及結構化頭可包括的內容的具體介紹,將在下文描述「目標頭信息」時展開詳述。Figure 2a illustrates a schematic diagram of a transmission transaction. The structured header included in the message shown is the destination header information for the corresponding data block to be transmitted, as described in the context of this embodiment. It is expressed differently in different scenarios. Figure 2b illustrates three different transmission methods (the first method, the second method, and the third method) for Figure 2a. These three transmission methods and the content that the structured header may include will be discussed in detail below when describing "destination header information."
本實施例在針對第一端10與第二端20間的數據傳輸交換進行配置時,同時會針對第一端10與第二端20間的數據傳輸交換配置相對應傳輸事務的相關信息,如傳輸事務的傳輸事務屬性信息、事務種類與事務屬性標識(也叫事務屬性唯一標識)的對應關係等。其中,一傳輸事務的傳輸事務屬性信息包括的內容如下表1a所示。下表1b則示出了申請實施例提供的所預置的傳輸事務屬性信息集合示例。 表1a
上述表1a中,傳輸事務屬性信息中事務屬性名稱、事務標注及校驗信息等字段的字段值類型均為String(代表字符串,為數據長度不確定的字符或字符串,長度根據實際需要進行變化)類型,事務關聯的預置字符串(或預置標識符)及事務屬性標識等字段的字段值類型為32位(代表二進制數,長度為32個比特位的二進制值),事務使用角色、事務屬性類型信息及校驗信息等字段的字段值類型為16位(代表二進制數,長度為16個比特位的二進制值)。具體地,In Table 1a above, the field value types of the transaction attribute name, transaction annotation, and verification information fields in the transmission transaction attribute information are all String (representing a character string, which is a character or string of uncertain data length, and the length varies according to actual needs). The field value type of the transaction-associated preset string (or preset identifier) and transaction attribute identifier fields is 32 bits (representing a binary number, a binary value with a length of 32 bits). The field value type of the transaction usage role, transaction attribute type information, and verification information fields is 16 bits (representing a binary number, a binary value with a length of 16 bits). Specifically,
事務屬性名稱字段,用於指示傳輸事務的事務屬性名稱。例如,參見圖2a,第一端10需向第二端20請求網絡文件資源,針對該「請求網絡文件資源」傳輸事務,可將事務屬性名稱字段的字段值配置為「請求網絡文件資源」;再例如,第一端10需向第二端上傳如jpg文件,針對該「上傳jpg文件」傳輸事務,可將事務屬性名稱字段的字段值配置為「上傳jpg文件」,等等。在執行一數據塊傳輸時,可以對該數據塊所屬的傳輸事務的事務屬性名稱進行顯示,以便用戶通過顯示出的事務屬性名稱可以清晰的瞭解當前所進行的數據傳輸。The Transaction Attribute Name field is used to indicate the transaction attribute name of the transfer transaction. For example, referring to Figure 2a, if the first end 10 needs to request a network file resource from the second end 20, the value of the Transaction Attribute Name field can be configured as "Request Network File Resource" for this "Request Network File Resource" transfer transaction. For another example, if the first end 10 needs to upload a .jpg file to the second end, the value of the Transaction Attribute Name field can be configured as "Upload .jpg File" for this "Upload .jpg File" transfer transaction, and so on. When executing a data block transfer, the transaction attribute name of the transfer transaction to which the data block belongs can be displayed, so that users can clearly understand the current data transfer through the displayed transaction attribute name.
需補充說明的是,為傳輸事務配置事務屬性名稱時,可基於傳輸事務種類來進行配置,以使事務屬性名稱可透傳出相應傳輸事務的事務種類。當然也可以採用其他方式進行配置,本實施例對此並不作限定。It should be noted that when configuring the transaction attribute name for the transmission transaction, the configuration can be performed based on the transmission transaction type so that the transaction attribute name can transparently convey the transaction type of the corresponding transmission transaction. Of course, other configuration methods can also be used, and this embodiment does not limit this.
事務標注字段,用於指示傳輸事務的備註信息(或說標注信息,也即下文其他實施例中涉及的第一標注信息)。例如,承接上述針對事務屬性名稱字段的舉例,針對「請求網絡資源」傳輸事務,可將事務標注字段的字段值配置為「第一端請求」;針對「上傳jpg文件」傳輸事務,可將事務標注字段的字段值配置為「第二端響應」,等等。The transaction annotation field is used to indicate the transfer transaction's notes (or annotation information, also referred to as the first annotation information in other embodiments below). For example, following the example above for the transaction attribute name field, for a "Request Network Resource" transfer transaction, the transaction annotation field's value can be configured as "First-End Request"; for a "Upload jpg File" transfer transaction, the transaction annotation field's value can be configured as "Second-End Response," and so on.
事務關聯的預置字符串(也叫通信標識符)字段,用於指示傳輸事務關聯的預置字符串。在一些實施例中,預置字符串為相應端的地址信息對應的字符串(如IP地址對應的具有規律性的字符串),即預置字符串不具有隱藏相應端的地址信息的作用;或者,在另一些實施例,預置字符串具有隱藏相應端的地址信息的作用,比如,預置字符串為隨機生成的不具有規律性的隨機字符串,其關聯的關聯信息包含相應端的地址信息。有關預置字符串的相關描述,將會在下文展開具體介紹。The transaction-associated preset string (also called a communication identifier) field is used to indicate the preset string associated with the transmission transaction. In some embodiments, the preset string is a string corresponding to the corresponding end's address information (e.g., a regular string corresponding to an IP address), meaning the preset string does not conceal the corresponding end's address information. Alternatively, in other embodiments, the preset string does conceal the corresponding end's address information, for example, by randomly generating a random, irregular string, and the associated information includes the corresponding end's address information. Preset strings are described in detail below.
事務屬性標識字段,用於指示傳輸事務的傳輸事務屬性信息的唯一標識(如上表1b中給出的事務唯一標識,為傳輸事務屬性信息ID),本實施例中簡稱為事務屬性標識,其一般為隨機字符串或二進制值。字符串一般由數字、字母及下劃線中的至少一項組成,優選地,在本實施例中事務屬性標識及事務關聯的預置字符串由數字和字母中的至少一項組成。The Transaction Attribute Identifier field is used to indicate the unique identifier of the transmission transaction attribute information (e.g., the unique transaction identifier given in Table 1b above is the transmission transaction attribute information ID). In this embodiment, this is referred to as the transaction attribute identifier and is typically a random string or binary value. The string typically consists of at least one of numbers, letters, and underscores. Preferably, in this embodiment, the transaction attribute identifier and the preset string associated with the transaction consist of at least one of numbers and letters.
事務使用角色字段,用於指示可使用(或創建)此傳輸事務的創建端(如第一端或第二端等數據端)的身份信息。具體實施時,該事務使用角色字段對應的字段值為16位二進制數,不同的位具有不同的表徵含義,具體地,以從右至左的角度看16位二進制數,令第1位至第8位為低八位為例,低八位中的第1位至第4位可用於表徵傳輸事務創建端的角色,比如,將16位二進制數的低八位採用16進制表示,若低八位為0x01,則表徵傳輸事務需由第一端(如客戶端)創建;若低八位為0x00,則表徵傳輸事務需由第二端(如服務端)創建。剩餘的其他位用於表徵傳輸事務創建端的更具體角色,如可表徵傳輸事務只能由A類(高級會員)或B類(普通會員)的客戶端創建、執行等,或只能由A類或B類的服務端進行創建、執行等。承接上述「請求網絡文件資源」對應的傳輸事務示例,具體舉一示例,假設「請求網絡文件資源」對應傳輸事務的事務使用角色對應的值為0x00 0x01,則可表示「請求網絡文件資源」對應的傳輸事務具體可由B類的客戶端創建及執行等。The transaction usage role field indicates the identity of the end-point (e.g., the first or second end-point) that can use (or create) this transfer transaction. In specific implementations, the value corresponding to this transaction usage role field is a 16-bit binary number, with different bits representing different meanings. Specifically, viewing the 16-bit binary number from right to left, with bits 1 through 8 representing the lower eight bits, bits 1 through 4 of the lower eight bits represent the role of the end-point that created the transfer transaction. For example, if the lower eight bits of the 16-bit binary number are represented in hexadecimal, a value of 0x01 indicates that the transfer transaction must be created by the first end-point (e.g., the client); a value of 0x00 indicates that the transfer transaction must be created by the second end-point (e.g., the server). The remaining bits are used to represent the more specific role of the transfer transaction creator. For example, this can indicate that the transfer transaction can only be created and executed by clients of type A (premium members) or type B (normal members), or can only be created and executed by servers of type A or type B. Continuing with the above example of the transfer transaction corresponding to "Requesting a Network File Resource," let's take a specific example. Assuming the transaction usage role corresponding to the transfer transaction "Requesting a Network File Resource" has a value of 0x00 0x01, this means that the transfer transaction corresponding to "Requesting a Network File Resource" can be created and executed by clients of type B.
事務屬性類型字段,用於指示傳輸事務的事務屬性類型信息,比如,控制傳輸事務(一般與應用系統運行相關,如發送網絡測試、發起心跳包)、下載傳輸事務(如讀取網絡數據資源)、上傳傳輸事務(如發送網絡數據)等一些基本操作類型。具體實施時,事務屬性類型字段對應的字段值可為16位二進制數,不同的位具有不同的表徵含義。具體地,仍以從右至左的角度看16位二進制數,令第1位至第8位為低八位為例:The transaction attribute type field is used to indicate the transaction attribute type information of a transmission transaction. Examples include control transmission transactions (generally related to application system operation, such as sending network tests and initiating heartbeat packets), download transmission transactions (such as reading network data resources), and upload transmission transactions (such as sending network data). In practice, the value corresponding to the transaction attribute type field can be a 16-bit binary number, with different bits having different meanings. Specifically, consider the 16-bit binary number from right to left, with bits 1 through 8 representing the lower eight bits:
低八位中的第1位至第4位可用於表徵待傳輸數據的傳輸方向,換句話也可說,用於表徵待傳輸數據所屬數據流的傳輸方向,比如第1位至4位若為「0001」,可表徵數據從第一端(如客戶端)向第二端(如服務端)傳輸;若為「0000」,則可表徵數據從第二端向第一端傳輸。以及,低八位中的第5位至第8位可用於表徵數據的類型,換句話也可說,用於表徵待傳輸數據所屬的數據流的類型,比如第5位至第8位若為「0001」,則表示數據流為文件數據流,若為「0000」,則表示為普通數據流。由上示例,若將16位二進制數的低八位採用16進制表示,若低八位為0x01,則表徵待傳輸數據所屬的數據流為普通數據流、且數據流從第一端(如客戶端)向第二端(如服務端)傳輸;若低八位為0x10,則表徵待傳輸數據所屬的數據流為文件數據流、且數據流從第二端向第一端傳輸。Bits 1 through 4 of the lower eight bits can be used to indicate the direction of data transmission, or in other words, the direction of the data stream to which the data belongs. For example, if bits 1 through 4 are "0001," it indicates data transmission from a first end (e.g., the client) to a second end (e.g., the server); if they are "0000," it indicates data transmission from the second end to the first end. Furthermore, bits 5 through 8 of the lower eight bits can be used to indicate the type of data, or in other words, the type of data stream to which the data belongs. For example, if bits 5 through 8 are "0001," it indicates a file data stream, while "0000" indicates a normal data stream. In the above example, if the lower eight bits of the 16-bit binary number are represented in hexadecimal, if the lower eight bits are 0x01, it indicates that the data being transmitted belongs to a normal data stream and is transmitted from the first end (such as the client) to the second end (such as the server). If the lower eight bits are 0x10, it indicates that the data being transmitted belongs to a file data stream and is transmitted from the second end to the first end.
剩餘的高八位(第9位至16位),則可用於指示出執行數據傳輸時,是否需要為數據添加數據頭以及需為數據添加何種格式類型的數據頭。例如,同上述低八位,在將16位二進制數的高八位採用16進制表示的情況下,若高八位為0x00,則可表示無需為數據添加數據頭(即無需使用數據頭);若高八位為0x01,則可表示需為數據添加普通數據頭格式的普通數據頭;若高八位為0x02,則可表示需為數據添加文件數據頭格式的文件數據頭;若高八位為0x03,則可表示需為數據添加郵件數據頭格式的郵件數據頭;若為0x04,則可表示需為數據添加數據庫操作數據頭格式的數據庫操作數據頭,等等。有上,上述高八位可理解為需為數據添加的數據頭對應的數據頭格式標識,以便在確定需要為數據添加數據頭時,可按相應的數據頭格式標識調用對應的數據頭模板,然後對調出的數據頭模板包含的多個字段進行配置以實現為數據添加數據頭。考慮到通過上述高八位來表示數據頭格式標識,能夠表示出的數據頭格式的個數具有較大限制性(如最多只能夠表示出253個左右的數據頭格式),為了可以容納更多自定義擴展的數據頭格式,本實施例中,當上述高八位為0xFF,則表示需為數據添加擴展的數據頭格式的數據頭,相應地,上述傳輸事務屬性信息中還可包括擴展的數據頭格式唯一標識字段(上述表1a中未示出),用於指示擴展的數據頭格式的唯一標識(如編號),當在確定需為數據添加擴展的數據頭格式的數據頭情況下,進一步地可以按照對應擴展的數據頭格式唯一標識字段的字段值來調用相應擴展的數據頭格式模板。例如,參見表1b,針對「即時通訊發送文本消息」這一服務場景下,服務端需要針對客戶端發送的文本消息返回相應的發送狀態,為該「返回發送狀態」傳輸事務配置的傳輸事務屬性信息中事務屬性類型字段的字段值為「0xFF 0x00」、擴展的數據頭格式唯一標識為「0x01 0x00 0x00 0x01」,則在服務端啟動「返回發送狀態」傳輸事務以向客戶端返回相應的發送狀態數據時,基於「返回發送狀態」傳輸事務的傳輸事務屬性信息中的事務屬性類型信息,會先確定出需為發送狀態數據添加的數據頭為擴展的數據頭格式,進一步地,按照擴展的數據頭格式唯一標識「0x01 0x00 0x00 0x01」,可從預置的多個數據格式頭中調用出相應擴展的數據頭格式模板,並基於發送狀態數據的數據信息配置調用出的數據頭格式模板包含的多個字段的字段值,以實現為發送狀態數據添加數據頭。擴展的數據頭格式唯一標識的數據類型可以根據實際需要進行變化,以上為4字節,還可以為單字節、雙字節、8字節等等。The remaining eight high bits (bits 9 to 16) can be used to indicate whether a data header needs to be added to the data when performing data transmission and what format type of data header needs to be added to the data. For example, similar to the above lower eight bits, when the upper eight bits of a 16-bit binary number are expressed in hexadecimal, if the upper eight bits are 0x00, it may indicate that no data header needs to be added to the data (i.e., no data header needs to be used); if the upper eight bits are 0x01, it may indicate that a normal data header in a normal data header format needs to be added to the data; if the upper eight bits are 0x02, it may indicate that a file data header in a file data header format needs to be added to the data; if the upper eight bits are 0x03, it may indicate that a mail data header in a mail data header format needs to be added to the data; if it is 0x04, it may indicate that a database operation data header in a database operation data header format needs to be added to the data, and so on. Therefore, the upper eight bits can be understood as the data header format identifier corresponding to the data header that needs to be added to the data, so that when it is determined that a data header needs to be added to the data, the corresponding data header template can be called according to the corresponding data header format identifier, and then the multiple fields contained in the called data header template can be configured to achieve the addition of a data header to the data. Taking into account that the number of data header formats that can be represented by using the upper eight bits to represent the data header format identifier is relatively limited (for example, only about 253 data header formats can be represented at most), in order to accommodate more customized extended data header formats, in this embodiment, when the upper eight bits are 0xFF, it means that a data header with an extended data header format needs to be added to the data. Accordingly, the above The transmission transaction attribute information may also include an extended data header format unique identification field (not shown in Table 1a above), which is used to indicate the unique identification of the extended data header format (such as a number). When it is determined that an extended data header format needs to be added to the data header, the corresponding extended data header format template can be further called according to the field value of the corresponding extended data header format unique identification field. For example, see Table 1b. For the "Instant Messaging Text Message" service scenario, the server needs to return the corresponding delivery status for the text message sent by the client. The value of the transaction attribute type field in the transmission transaction attribute information configured for the "Return Delivery Status" transmission transaction is "0xFF 0x00", and the extended header format unique identifier is "0x01 0x00 0x00 0x01", when the server initiates the "Return Send Status" transmission transaction to return the corresponding send status data to the client, based on the transaction attribute type information in the transmission transaction attribute information of the "Return Send Status" transmission transaction, it is first determined that the data header to be added to the send status data is an extended data header format. Furthermore, according to the extended header format unique identifier "0x01 0x00 0x00 0x01", the corresponding extended data header format template can be called from multiple preset data format headers. Based on the data information of the send status data, the field values of the multiple fields contained in the called data header format template are configured to implement the addition of a data header to the send status data. The data type uniquely identified by the extended data header format can be changed according to actual needs. The above is 4 bytes, but it can also be 1 byte, 2 bytes, 8 bytes, etc.
綜上,上述事務屬性類型字段指示的傳輸事務的事務屬性類型信息可包含但不限於如下中至少一項內容:數據傳輸方向、數據類型、數據頭使用信息。In summary, the transaction attribute type information of the transmission transaction indicated by the transaction attribute type field may include but is not limited to at least one of the following: data transmission direction, data type, and data header usage information.
以下表2a至表2d分別示出了上述所述的普通數據頭、文件數據頭、郵件數據頭及數據庫操作數據頭等這幾種數據頭的具體數據頭格式,以及表2e示出了一擴展的數據頭的具體數據頭格式。 表2a 普通數據頭的數據頭格式
其中,上述數據頭長度字段,用於指示數據頭的字節長度(為32位+標注信息的字節數)。標注信息字段,用於指示如服務端、客戶端等各端或下文其他實施例中所述的控制設備進行識別、判斷的標記,或者用於閱讀的字符串,比如,創建時間、修改時間、更新時間、數據完整性校驗值(hash值)等等。 表2b 文件數據頭的數據頭格式
其中,上述文件頭長度字段,用於指示文件頭的總字節長度,可用於劃分文件頭與文件數據。文件大小字段,用於指示文件數據的總字節長度。發送人信息字段,用於指示發送文件的發送人的信息,如用戶ID、用戶暱稱等。發送時間字段,用於指示發送文件的時間戳。文件屬性字段,用於指示文件的屬性。擴展名字段,用於指示文件類型,如擴展名字段的字段值可為文件後綴。文件名字段,用於指示文件的名稱(如test)。文件名長度字段,用於指示文件名的字節長度(也即字節數,例如test為4字節,可以兼容長文件名)。標注信息字段,用於指示如客戶端、服務端等各端或或下文其他實施例中所述的控制設備進行識別、判斷的標記(即標注(備註)信息);或者用於閱讀的字符串,比如,創建時間、修改時間、更新時間等等。標注信息長度字段,用於記錄標注信息的字節數。 表2c 郵件文件數據頭的數據頭格式
其中,文件頭長度字段,用於指示郵件文件頭的總長度。主題字段,用於指示郵件的主題。發送人地址字段,用於指示發送人的地址,如為發送人的郵箱地址。接收人地址字段,用於指示接收人的地址,如接收人的郵箱地址。發送時間字段,用於指示發送郵件的時間戳。附件文件類型字段,用於指示郵件中攜帶的附加文件的類型,如為壓縮包。有關標注信息字段,可參見上述針對表2a或表2b進行介紹時所述的相關內容。 表2d 數據庫操作數據頭的數據頭格式
其中,操作類型字段,用於指示針對數據庫進行的操作,如刪除、增加、修改、查詢等操作。操作數據庫地址標識符字段,用於指示數據庫的地址,如數據庫對應的IP地址。操作數據庫標識字段,用於指示操作的數據庫的名稱。操作表標識符字段,用於指示操作的數據庫中數據表的名稱。操作影響字段,用於指示操作影響的數據表中的字段,如若對應的字段值為*,可表示影響數據表中的所有字段。有關文件頭長度字段、標注信息字段,可參見上述針對表2a或表2b進行介紹時所述的相關內容。 表2e 即時通訊消息內容特徵數據頭的數據頭格式
上述表2e中,消息類型字段,可用於指示消息的重要性。比如,若消息類型字段對應的字段值為0x01,表示為普通消息;若消息類型字段對應的字段值為0x02,表示為重要消息。消息關鍵詞字段,用於指示消息中命中預設的關鍵詞或分詞等。有關文件頭長度字段,可參見上述針對表2a或表2b進行介紹時所述的相關內容。In Table 2e above, the Message Type field indicates the importance of the message. For example, a value of 0x01 indicates a normal message; a value of 0x02 indicates an important message. The Message Keyword field indicates whether a message contains pre-defined keywords or participles. For information on the File Header Length field, please refer to the descriptions of Table 2a or Table 2b above.
繼續參見表1a,表1a中的分組編碼(為一種字典)字段,具體可分為一類編碼字段、二類編碼字段及三類編碼字段,是用於指示不同場景下的數據傳輸操作。當一類編碼字段、二類編碼字段及三類編碼字段各自的字段值均為相同的設定值(如均為「0x00 0x00」)時,表示暫不進行分類。這裡設置分組編碼字段對應要實現的分組功能類似於社交軟件中的好友分組功能,以便於在需要管理的傳輸事務較多(比如,但客戶端這一上層應用為一個複雜的系統或者多個複雜的系統,便可能會出現較多需要管理的傳輸事務)的情況下,可對傳輸事務進行分組進行區分。在利用上述一類編碼字段、二類編碼字段及三類編碼字段對傳輸事務進行分組劃分時,可採用類似於省、市、縣的有上至下的劃分方式,一類編碼字段用於指示一級分類、二類編碼字段用於指示基於一級分類下的二級分類,三類編碼字段用於指示基於二級分類下的三級分類,這樣便於管理傳輸事務。例如,一類編碼字段的字段值可為某一公司的公司代碼A,二類編碼字段的字段值可為該公司開發的上層應用a1以及上層應用a2,基於上層應用a1的三類編碼字段的字段值可為具體操作的動作(如HTTP請求、即時通訊發送數據、接收數據、上傳數據等等),以此便於維護人員對傳輸事務進行查看、編輯和授權等各種管理,同時也便於預設相應的控制設備對某個編碼字段的字段值進行允許\禁止傳輸,實現直接作用於該編碼字段的字段值關聯的傳輸事務。上述是從隸屬關聯的角度來介紹一類編碼字段、二類編碼字段及三類編碼字段的,當然,也可以從其他角度對一類編碼字段、二類編碼字段及三類編碼字段進行劃分,比如,可以按協議類型、應用類型、傳輸方向、客戶端或服務端等數據端的重要程度、數據重要程度等進行劃分,本實施例對此不作限定。Continuing with Table 1a, the group coding field (a dictionary) in Table 1a is specifically categorized into Type 1, Type 2, and Type 3 coding fields, which indicate data transmission operations in different scenarios. When the values of the Type 1, Type 2, and Type 3 coding fields are all set to the same value (e.g., "0x00 0x00"), no classification is performed. The grouping functionality implemented by setting the group coding field is similar to the friend grouping feature in social media apps. This facilitates grouping and differentiation of transmission transactions when there are many transmission transactions to manage (for example, if the client-side application is a complex system or multiple complex systems, resulting in a large number of transmission transactions). When using the aforementioned first-, second-, and third-level coding fields to group transmission transactions, a top-down division similar to provinces, cities, and counties can be adopted. The first-level coding field is used to indicate the first-level classification, the second-level coding field is used to indicate the second-level classification based on the first-level classification, and the third-level coding field is used to indicate the third-level classification based on the second-level classification. This facilitates the management of transmission transactions. For example, the field value of a first-class coding field can be the company code A of a certain company; the field value of a second-class coding field can be upper-level applications a1 and a2 developed by the company; and the field value of a third-class coding field based on upper-level application a1 can be specific operations (such as HTTP requests, sending data via instant messaging, receiving data, uploading data, etc.). This facilitates maintenance personnel to view, edit, and authorize transmission transactions, and also facilitates the preset corresponding control device to allow or prohibit transmission of the field value of a certain coding field, thereby directly affecting the transmission transaction associated with the field value of the coding field. The above describes the first-category coding field, the second-category coding field, and the third-category coding field from the perspective of affiliation. Of course, the first-category coding field, the second-category coding field, and the third-category coding field can also be divided from other perspectives. For example, they can be divided according to the protocol type, application type, transmission direction, the importance of the data end such as the client or server end, the importance of the data, etc. This embodiment does not limit this.
校驗信息字段,指示用於校驗數據的校驗信息,校驗信息可以為但不限於校驗碼,校驗碼可用於校驗具體傳輸的數據是否符合相應傳輸事務的要求(如校驗數據格式或數據內容等是否符合要求)。例如,參見圖3a-1,繼續承接上述針對事務屬性名稱列舉的示例,針對「請求網絡文件資源」傳輸事務,可將數據校驗碼字段的字段值配置為但不限於GET(或GETFIL);針對「上傳jpg文件」傳輸事務,可將數據校驗碼字段的字段值配置為但不限於0xFF 0xD8 0xFF 0xE0,等等。校驗傳輸的數據內容是否為限定的值,用於數據傳輸的安全控制。有關使用數據校驗碼對傳輸的數據進行校驗的介紹,將會在本申請下文所列舉的具體實施例中進行詳細介紹,此處不作贅述。The checksum field indicates the checksum information used to verify the data. This checksum can be, but is not limited to, a checksum. The checksum can be used to verify that the specific transmitted data conforms to the requirements of the corresponding transmission transaction (such as whether the data format or data content meets the requirements). For example, referring to Figure 3a-1, continuing with the example of transaction attribute names above, for the "Request Network File Resource" transmission transaction, the value of the data checksum field can be configured to, but is not limited to, GET (or GETFIL); for the "Upload jpg File" transmission transaction, the value of the data checksum field can be configured to, but is not limited to, 0xFF 0xD8 0xFF 0xE0, and so on. Verifying that the transmitted data content conforms to specified values is used for data transmission security control. The use of data verification codes to verify transmitted data will be described in detail in the specific embodiments listed below in this application and will not be elaborated here.
表1b示出了本實施例以第一端10為客戶端、第二端20為服務端為例,從第一端10的角度,針對第一端10與第二端20間的數據傳輸交換,預設的多個傳輸事務的傳輸事務屬性信息的示例。圖8為示出的傳輸事務屬性信息中事務屬性類型字段的字段值的高八位配置原理流程示意圖。Table 1b shows an example of preset transmission transaction attribute information for multiple transmission transactions, from the perspective of the first end 10, regarding data transmission and exchange between the first end 10 and the second end 20, in this embodiment, using the first end 10 as the client and the second end 20 as the server. FIG8 is a schematic diagram illustrating the principle flow for configuring the upper eight bits of the transaction attribute type field value in the transmission transaction attribute information.
這裡需要補充說明的是,本申請上下文各表(如上述表1a或表2a至2e,或者下文中所述的表3)中的字段值對應的數值類型、長度大小等,可根據實際需要靈活自行調整。例如,數據頭長度(或文件頭長度)可為32字節或32比特位,根據實際需要,也可以採用8、16、64、128、256字節或比特位等,還可以採用String等不特定長度的數據類型,對此不作限定。It should be noted that the numerical types and lengths corresponding to the field values in the various tables in the context of this application (such as Table 1a or Tables 2a through 2e, or Table 3 described below) can be flexibly adjusted based on actual needs. For example, the data header length (or file header length) can be 32 bytes or 32 bits, but can also be 8, 16, 64, 128, or 256 bytes or bits, depending on actual needs. Data types of unspecified lengths, such as String, can also be used, and this is not a limitation.
本實施例提供的技術方案中,為保證數據傳輸安全,在對待傳輸的數據進行處理以生成相應符合結構規則要求的結構化數據(即下文所述的報文(如第一報文、第二報文))時,便是利用待傳輸的數據塊所屬的傳輸事務的傳輸事務屬性信息實現的,此外,還可能會利用到傳輸事務的事務標識,其中,事務標識可自主生成。基於此,綜合上文內容,一具體可實現方案中,上述第一端10,在用於確定第一數據流對應第一傳輸事務的第一事務信息時,可具體用於:In the technical solution provided by this embodiment, to ensure data transmission security, when processing the data to be transmitted to generate structured data (i.e., the messages (e.g., the first message and the second message) described below) that conform to structural rules, this is achieved by utilizing the transmission transaction attribute information of the transmission transaction to which the data block to be transmitted belongs. Furthermore, the transaction identifier of the transmission transaction may also be utilized, wherein the transaction identifier can be generated independently. Based on this, in summary of the above, in one specific implementation, the first end 10, when used to determine the first transaction information of the first transmission transaction corresponding to the first data stream, can specifically be used to:
S10、為所述第一傳輸事務生成相應的事務標識;S10. Generate a corresponding transaction identifier for the first transmission transaction;
S11、獲取所述第一傳輸事務的傳輸事務屬性信息。S11. Obtain transmission transaction attribute information of the first transmission transaction.
即,第一傳輸事務的第一事務信息包括:第一傳輸事務的事務標識、第一傳輸事務的傳輸事務屬性信息。其中,事務標識為第一端針對此次第一傳輸事務自主生成的,其可為順序性的編號或也可為隨機的字符串或二進制值(如隨機數)等。一實施例中,上述S11「獲取所述第一傳輸事務的傳輸事務屬性信息」,可包括如下步驟:That is, the first transaction information of the first transmission transaction includes: a transaction identifier of the first transmission transaction and transmission transaction attribute information of the first transmission transaction. The transaction identifier is autonomously generated by the first end for this first transmission transaction and can be a sequential number, a random string, or a binary value (e.g., a random number). In one embodiment, the above-mentioned S11 "obtaining transmission transaction attribute information of the first transmission transaction" may include the following steps:
S111、確定所述第一傳輸事務的事務屬性標識;S111. Determine a transaction attribute identifier of the first transmission transaction;
S112、基於所述第一傳輸事務的事務屬性標識,從預置的多個傳輸事務屬性信息中查詢所述第一傳輸事務的傳輸事務屬性信息。S112: Based on the transaction attribute identifier of the first transmission transaction, query transmission transaction attribute information of the first transmission transaction from a plurality of preset transmission transaction attribute information.
具體實施時,第一數據流可以為第一端10上的第一應用(如瀏覽器應用、社交應用、辦公應用等)的數據流,更具體地,第一數據流可以為文件數據流(如jpg文件二進制數據、excel表格文件二進制數據(如「財務報表.xls」))、請求數據流(如請求網絡資源)、郵件收發數據流(如發送或接收的郵件)等,此處不作限定。根據第一數據流的傳輸需求信息,可確定第一數據流對應第一傳輸事務所屬的事務種類,其中,傳輸需求信息可包含但不限於數據傳輸的方向、數據類型、傳輸目的(如數據存儲、查詢數據、操作數據庫)等等。然後,根據預置的事務種類與事務屬性標識的對應關係,便能夠確定出第一數據流對應第一傳輸事務的事務屬性標識。即,In a specific implementation, the first data stream can be the data stream of a first application (e.g., a browser application, a social application, an office application, etc.) on the first terminal 10. More specifically, the first data stream can be a file data stream (e.g., binary data of a .jpg file, binary data of an excel spreadsheet file (e.g., "financial report.xls")), a request data stream (e.g., a request for a network resource), an email sending and receiving data stream (e.g., sent or received emails), etc., without limitation herein. Based on the transmission requirement information of the first data stream, the transaction type to which the first transmission transaction corresponding to the first data stream belongs can be determined. The transmission requirement information may include, but is not limited to, the data transmission direction, data type, and transmission purpose (e.g., data storage, data query, database operation), etc. Then, based on the preset correspondence between the transaction type and the transaction attribute identifier, the transaction attribute identifier of the first data stream corresponding to the first transmission transaction can be determined.
上述S111「確定所述第一傳輸事務的事務屬性標識」的一可實現方案為:One possible implementation of the above-mentioned S111 "determining the transaction attribute identifier of the first transmission transaction" is:
S1111、根據所述第一數據流對應的傳輸需求信息,確定所述第一傳輸事務所屬的事務種類;S1111. Determine the transaction type to which the first transmission transaction belongs based on the transmission requirement information corresponding to the first data flow.
S1112、根據預置的事務種類與事務屬性標識的對應關係(如可參見與下文表5相關內容),確定與所述第一傳輸事務所屬的事務種類存在對應關係的事務屬性標識。S1112. Based on the preset correspondence between transaction types and transaction attribute identifiers (see Table 5 below), determine a transaction attribute identifier that corresponds to the transaction type to which the first transmission transaction belongs.
具體實施時,若根據預置的事務種類與事務屬性標識的對應關係,確定無與第一數據流對應第一傳輸事務所屬的事務種類存在對應關係的事務屬性標識,那麼也即說明無法在預置的多個傳輸事務屬性信息中查找到第一數據流對應第一傳輸事務的事務屬性信息,這種情況下,則表明根據本實施例所配置的第一端與第二端間的數據傳輸安全控制信息,是不允許對第一數據流中的數據塊進行傳輸的,數據傳輸失敗。有關對所配置的第一端與第二端間的數據傳輸安全控制的具體介紹,將在下文展開說明。In a specific implementation, if, based on the preset correspondence between transaction types and transaction attribute identifiers, it is determined that no transaction attribute identifier corresponds to the transaction type of the first transmission transaction corresponding to the first data stream, then the transaction attribute information corresponding to the first transmission transaction of the first data stream cannot be found within the plurality of preset transmission transaction attribute information. In this case, the data transmission security control information configured between the first and second ends according to this embodiment does not permit the transmission of data blocks in the first data stream, and the data transmission fails. A detailed description of the configured data transmission security control between the first and second ends will be provided below.
上述S112中,第一傳輸事務的事務屬性信息,可包括:事務屬性名稱、事務標注信息(第一標識信息)、事務屬性標識、第二端對應的第一預置字符串、事務屬性類型信息、校驗信息。第一預置字符串可為所述第二端的地址信息對應的字符串,或者第一預置字符串為用於隱藏第二端的地址信息的字符串。事務屬性類型信息包含如下中至少一項信息:數據傳輸方向(更具體地為第一數據流的傳輸方向,如將第一數據流(具體為第一數據流中的數據)從第一端發送至第二端)、數據類型(更具體地為第一數據流的數據類型,如為文件數據流等)、數據頭使用信息(如數據傳輸時需為數據添加數據頭等)。有關對上述第一預置字符串的介紹,將在本申請其它實施例中展開詳細述。此外,事務屬性信息中除了可包括上述內容之外,還可包括其它內容,有關事務屬性信息可包括的具體內容介紹,可參見上文相關內容。In the above S112, the transaction attribute information of the first transmission transaction may include: transaction attribute name, transaction annotation information (first identification information), transaction attribute identification, a first preset string corresponding to the second end, transaction attribute type information, and verification information. The first preset string may be a string corresponding to the address information of the second end, or the first preset string is a string used to hide the address information of the second end. The transaction attribute type information includes at least one of the following information: data transmission direction (more specifically, the transmission direction of the first data stream, such as sending the first data stream (specifically, the data in the first data stream) from the first end to the second end), data type (more specifically, the data type of the first data stream, such as a file data stream, etc.), and data header usage information (such as whether a data header needs to be added to the data during data transmission, etc.). The introduction of the first preset character string will be described in detail in other embodiments of this application. In addition, the transaction attribute information may include other content in addition to the above content. For an introduction to the specific content that the transaction attribute information may include, please refer to the relevant content above.
進一步地,為了能夠以低成本的方式有效對數據傳輸進行安全保護,防止惡意攻擊等,當第一端10需向第二端20傳輸第一數據流的第一數據塊時,本實施例會基於第一數據流對應第一傳輸事務的事務信息,為第一數據塊確定相應需添加的第一目標頭信息,比如符合預設報文頭格式的報文頭,進而對第一目標頭信息及第一數據塊進行整合,以此生成符合預設數據結構規則的結構化第一數據塊(即下文所述的報文)。基於此,一具體可實現方案中,上述第一端20,在用於基於所述第一數據流對應第一傳輸事務的事務信息,為所述第一數據塊確定相應的第一目標頭信息時,可具體用於:Furthermore, to effectively and cost-effectively secure data transmission and prevent malicious attacks, when the first end 10 needs to transmit a first data block of a first data stream to the second end 20, this embodiment determines corresponding first destination header information to be added to the first data block based on transaction information corresponding to the first transmission transaction of the first data stream, such as a message header that conforms to a preset message header format. The first destination header information and the first data block are then integrated to generate a structured first data block (i.e., a message described below) that conforms to preset data structure rules. Based on this, in one specific implementation, the first end 20, when determining the corresponding first destination header information for the first data block based on transaction information corresponding to the first transmission transaction of the first data stream, can specifically:
S20、獲取所述第一數據流中數據塊對應的頭信息傳輸方式;S20: Obtaining a header information transmission mode corresponding to a data block in the first data stream;
S21、根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;S21. Determine a target header field for the first data block from a plurality of header fields included in a preset message header format according to the header information transmission mode and relevant information of the first data block;
S22、根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段的字段值,得到為所述第一數據塊確定的報文頭。S22. Configure the field value of the target header field according to at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block.
上述S20中,頭信息傳輸方式也即是指如圖2b中示出的四種頭信息傳輸方式(第一方式、第二方式、第三方式及第四方式)中的任一種。其中,第一方式為全量結構化頭的傳輸方案,第二方式和第三方式為部分全量結構化頭、部分簡要化結構頭的傳輸方案,第四方式為只保留一個全量結構化頭。以結構化頭(也即本實施例中涉及的目標頭信息(如第一目標頭信息))包括結構化的報文頭為例,結構化的報文頭是基於預設報文頭格式生成的,全量化結構頭指的是包含預設報文頭格式中相應的所有參數(即下文表3中示出的所有參數),簡要化結構頭指的是包含預設報文頭格式中相應的部分參數(如參見下文表3,可包含當前需傳輸的數據塊的塊號(也即圖2b中示出的當前塊號)、傳輸事務的事務標識(也即圖2b中示出的傳輸事務ID)),其中,圖2b中示出的傳輸事務屬性ID即是指下文涉及的事務屬性標識。In S20 above, the header information transmission method refers to any of the four header information transmission methods (first method, second method, third method, and fourth method) shown in Figure 2b. The first method transmits the full structured header, the second and third methods transmit a partial full structured header and a partial simplified structured header, and the fourth method retains only the full structured header. Taking the structured header (i.e., the target header information involved in this embodiment (e.g., the first target header information)) including the structured message header as an example, the structured message header is generated based on the default message header format. The fully quantized structured header refers to a header that includes all corresponding parameters in the default message header format (i.e., all parameters shown in Table 3 below). The simplified structured header refers to a header that includes some corresponding parameters in the default message header format (as shown in Table 3 below, which may include the block number of the data block currently to be transmitted (i.e., the current block number shown in Figure 2b) and the transaction identifier of the transmission transaction (i.e., the transmission transaction ID shown in Figure 2b)). The transmission transaction attribute ID shown in Figure 2b refers to the transaction attribute identifier involved below.
由於數據流中的數據塊在進行可靠傳輸和順序傳輸的正常傳輸(如網絡正常、未出現阻塞等不良現象)情況下,相應接收方首先接收到的數據塊往往為數據流中排序第一的數據塊,基於此,上述第一方式和第三方式,在需對一數據流中排序第一的數據塊(如圖2b中示出的數據塊0)進行傳輸時,均採用的是全量結構化頭對數據塊0進行結構化(也及針對數據塊0生成本申請涉及的報文),這可使得接收方在接收到數據流對應的第一個結構化數據塊(數據塊0對應的結構化數據塊0),便可針對數據流進行校驗等處理,無需進行等待。若採用第二方式,則接收方需要等待接收到具有全量結構化頭的結構化數據塊時,才能執行校驗等處理。Because when data blocks in a data stream are transmitted reliably and in order (e.g., when the network is normal and there are no adverse phenomena such as congestion), the first data block received by the corresponding receiver is often the data block ranked first in the data stream. Based on this, when the first data block ranked first in a data stream (such as data block 0 shown in Figure 2b) needs to be transmitted, the first and third methods above both use the full structured header to structure data block 0 (and also generate the message involved in this application for data block 0). This allows the receiver to perform verification and other processing on the data stream upon receiving the first structured data block corresponding to the data stream (structured data block 0 corresponding to data block 0) without having to wait. If the second method is used, the receiver needs to wait until it receives the structured data block with the full structured header before performing verification and other processing.
此外,上述第一方式中,對數據流中的每個數據塊,均採用全量結構化頭的傳輸方案,可使得接收方基於任意接收到的數據流對應的結構化數據塊,均可進行如校驗等處理,利於應對網絡阻塞等不良現象,提高傳輸可靠性。In addition, in the first method described above, a full structured header transmission scheme is adopted for each data block in the data stream. This allows the receiver to perform processing such as verification based on the structured data block corresponding to any received data stream, which is helpful in dealing with adverse phenomena such as network congestion and improving transmission reliability.
對於上述第二方式,其實際上能很好的適用於一些非順序或非可靠傳輸。例如,繼續參見圖2b,假設一數據流包括3個數據塊,即數據塊0、數據塊1及數據塊2,其中,數據塊0、數據塊3分別為數據流的首個數據塊、最後一個數據塊;發送方(如客戶端)按照第二方式,順序性的先後向接收方發送了數據塊0至數據塊2各自對應的結構化數據塊,雖第3個發送的數據塊2對應的結構化數據塊2具有全量化結構頭,但由於網絡原因(如網絡阻塞、網絡抖動),使得接收方實際接收到的結構化數據塊順序與發送方發送的順序不同,比如接收方實際接收到的結構化數據塊的先後順序為:數據塊2對應的結構化數據塊2、數據塊1對應的結構化數據塊1、數據塊0對應的結構化數據0,這種情況下,接收方第一次接收到結構後數據塊(即結構化數據塊2)便可進行如校驗等處理,無需等待。有上可見,上述第二方式實際上可理解為第三方式的實際應用擴展,用於提高可靠性和解決阻塞等的問題。The second method mentioned above is actually well-suited for some non-sequential or unreliable transmissions. For example, referring to Figure 2b, assume that a data stream includes three data blocks, namely data block 0, data block 1, and data block 2, where data block 0 and data block 3 are the first and last data blocks of the data stream respectively; the sender (such as the client) sequentially sends the structured data blocks corresponding to data blocks 0 to 2 to the receiver in accordance with the second method. Although the structured data block 2 corresponding to the third data block sent has a fully quantized structure header, due to network reasons, the data block 2 is not received by the receiver. Due to factors such as network congestion or jitter, the order of structured data blocks received by the receiver may differ from the order sent by the sender. For example, the order of structured data blocks received by the receiver may be: data block 2 corresponds to structured data block 2, data block 1 corresponds to structured data block 1, and data block 0 corresponds to structured data block 0. In this case, the receiver can perform processing such as verification after receiving the first structured data block (i.e., structured data block 2) without waiting. As can be seen from the above, the second method can actually be understood as a practical application extension of the third method, used to improve reliability and solve problems such as congestion.
上述第四方式中,只對數據流中排序第一的數據塊(如圖2b中示出的數據塊0),採用全量結構化頭進行結構化以傳輸,後續其他數據塊(如數據塊1、數據塊2、...、數據塊N)傳輸時則不再進行結構化,直接按普通方式(如圖1示出的方式)打包成報文進行傳輸。即,對數據流中的數據塊傳輸時,只有第一次傳輸的是結構化數據塊(即經採用全量結構頭對排序第一的數據塊進行結構化後得到的結構化數據塊),後續其他數據塊則不再結構化,按普通方式進行傳輸,不過傳輸後續其他數據塊時可自動關聯第一次所傳輸的結構化數據塊對應的結構化頭,並在滿足關聯結束條件時結束關聯,判定此次傳輸完成。其中,滿足關聯結束條件包括:若數據流為數據塊的總數量已獲知的流,換一種表述為,若數據流為有特定大小的數據(如文件等等),則在傳輸過程中可統計所傳輸的數據塊的塊數,塊數達到數據流中數據塊的總數量時,滿足關聯結束條件;若數據流為數據塊的總數量未獲知的流,換一種表述為,若數據流為沒有特定大小的數據(如實時音視頻流),則可在接收到特定指令數據(如表示數據塊已發送完的指令)、或者接收到報文中含有結束傳輸事務標誌(如接收到包含有數據塊N的報文中,其的報文頭內含有結束傳輸事務標誌)、或者在設定時長內未再接收到數據塊,判定滿足關聯結束條件。In the fourth method described above, only the first data block in the data stream (such as data block 0 shown in Figure 2b) is structured using the full structured header for transmission. Subsequent data blocks (such as data block 1, data block 2, ..., data block N) are no longer structured during transmission and are directly packaged into messages in the ordinary manner (such as the method shown in Figure 1) for transmission. That is, when transmitting data blocks in a data stream, only the first data block transmitted is a structured data block (i.e., the structured data block obtained by structuring the first-order data block using the full structure header). Subsequent data blocks are no longer structured and are transmitted in the normal manner. However, when transmitting subsequent data blocks, they can be automatically associated with the structured header corresponding to the structured data block transmitted for the first time. When the association end condition is met, the association is terminated, and the transmission is determined to be complete. The associated end condition is satisfied when: if the total number of data blocks in the data stream is known, in other words, if the data stream is data of a specific size (such as a file, etc.), the number of transmitted data blocks can be counted during the transmission process. When the number of blocks reaches the total number of data blocks in the data stream, the associated end condition is satisfied. If the total number of data blocks in the data stream is unknown, in other words, If the data stream does not have a specific size (such as a real-time audio or video stream), the associated end condition can be determined to be met when specific command data is received (such as a command indicating that a data block has been sent), or when a message containing an end transmission transaction flag is received (such as a message containing data block N with an end transmission transaction flag in its message header), or when no data blocks are received within a set time.
針對上述第四方式,還存在一些擴展方案。具體地如下:There are some extensions to the fourth method mentioned above. They are as follows:
第一種擴展方案為:在開始向傳輸數據流中的數據塊之前,單純地先將一個僅包含有全量結構化頭這一數據的初始報文(不包含數據流中的數據塊)發送至相應的端(如第二端等),後續在傳輸數據流中的所有數據塊時,可直接按普通方式(如圖1示出的方式)打包成報文進行傳輸至相應的端。相應的端可將後續接收到的報文中包含的數據塊,與第一次所收到的初始包含中包含的全量結構化頭進行對應關聯。其中,初始報文中包含的全量結構化頭是根據數據流的流信息及對應的傳輸事務確定,對於該全量化結構頭中包含的當前塊號字段的字段值可為一個預設數值或直接為空值。The first expansion scheme is to send an initial message containing only the full structured header (excluding the data blocks in the data stream) to the corresponding end (such as the second end) before starting to transmit data blocks in the data stream. Subsequently, when transmitting all data blocks in the data stream, they can be directly packaged into messages in a normal manner (such as the method shown in Figure 1) and transmitted to the corresponding end. The corresponding end can associate the data blocks contained in subsequent received messages with the full structured header contained in the first received initial message. The full structured header contained in the initial message is determined based on the data stream flow information and the corresponding transmission transaction. The field value of the current block number field contained in the full structured header can be a default value or simply a null value.
第二種擴展方案為:對數據流中排序第一的數據塊(如圖2b中示出的數據塊0),採用全量結構化頭進行結構化後,可將結構化的數據塊0(即包含有全量結構化頭)傳輸到相應端(如第二端)的第一通信接口。後續在傳輸數據流中其他數據塊時,則是向相應端的第二通信接口進行發送,相應端可將後續通過第二通信接口收到的數據塊與通過第一通信接口收到的全量結構化頭(從收到的結構化的數據塊0中獲得)對應關聯。上述所述的第一通信接口、第二通信接口可理解為相應端的不同網絡通信服務,如第一通信接口為相應端上專用於接收數據流中排序第一的數據塊的網絡通信服務,第二通信接口則為用於後續接收數據流中其他數據塊(除排序第一的數據塊之外的數據塊)的網絡通信服務。The second expansion scheme is to structure the first data block in the data stream (such as data block 0 in Figure 2b) using a full structured header. This structured data block 0 (i.e., including the full structured header) can then be transmitted to the first communication interface of the corresponding end (e.g., the second end). Subsequent data blocks in the data stream are then sent to the second communication interface of the corresponding end. The corresponding end can then associate subsequent data blocks received via the second communication interface with the full structured header (obtained from the structured data block 0) received via the first communication interface. The first communication interface and the second communication interface described above can be understood as different network communication services on the corresponding end. For example, the first communication interface is a network communication service on the corresponding end dedicated to receiving the first-ranked data block in the data stream, while the second communication interface is a network communication service used to subsequently receive other data blocks in the data stream (data blocks other than the first-ranked data block).
採用上述第四方式的益處為:可節省網絡流量。The benefit of adopting the fourth method mentioned above is that it can save network traffic.
需補充說明的是,圖2b中示出的「當前塊號」為可選項,在對數據流的多個數據塊進行可靠傳輸、或順序傳輸、或對數據完整性不敏感的情況下,也可不使用塊號。可靠傳輸是指採用一系列技術來保證信息(數據塊)在發送方和接收方準確、精確的傳輸。It should be noted that the "current block number" shown in Figure 2b is optional. Block numbers can be omitted when reliable or sequential transmission of multiple data blocks in a data stream is required, or when data integrity is not a concern. Reliable transmission refers to the use of a series of techniques to ensure the accurate and precise transmission of information (data blocks) between the sender and receiver.
上述S21中,第一數據塊的相關信息,可包括但不限於:第一數據塊所屬的第一數據流、第一數據流的流信息(如流類型、流大小等)、第一數據塊的大小、第一數據塊在第一數據流中的排列順序等。預設報文頭格式如下表3示出的報文頭格式: 表3 預設報文頭格式
其中,上述發送方對應的第二預置字符串字段,為可選的,用於指示發送方對應的第二預置字符串,其可為表示發送方的地址信息的字符串(如公網IP地址、私網IP地址、或MAC地址、或主機名稱對應的字符串),用於控制設備、網絡中間設備進行監測、審計或攔截;或者為用於隱藏發送方的地址信息的字符串。接收方對應的第一預置字符串字段,為可選的,用於指示接收方對應的第一預置字符串,其可為表示接收方的地址信息的字符串,或者為用於隱藏接收方的地址信息。在本實施例中,由於是第一端10需向第二端10發送數據,故第一端10為發送方,第二端20為接收方。上述預置字符串,也可稱為通信標識,為不同端進行通信的標識符,有關對預置字符串的具體介紹,將會在下文本申請提供的其它實施例中展開詳述。The second preset string field corresponding to the sender is optional and is used to indicate the second preset string corresponding to the sender. This string can be a string representing the sender's address information (such as a public IP address, private IP address, MAC address, or a string corresponding to the host name), which is used to control devices or network intermediate devices for monitoring, auditing, or interception; or it can be a string used to hide the sender's address information. The first preset string field corresponding to the receiver is optional and is used to indicate the first preset string corresponding to the receiver. This string can be a string representing the receiver's address information, or it can be a string used to hide the receiver's address information. In this embodiment, since the first end 10 needs to send data to the second end 20, the first end 10 is the sender and the second end 20 is the receiver. The above-mentioned preset character string, which can also be called a communication identifier, is an identifier for communication between different ends. The specific introduction of the preset character string will be detailed in other embodiments provided in the following application.
有關事務屬性標識字段的描述,可參見上文相關內容。For a description of the transaction attribute identification fields, please refer to the relevant content above.
事務標識字段,用於指示傳輸事務的事務標識(如為傳輸事務的ID);其中,事務標識可以為隨機字符串,或者也可以為順序性的數字編號等。例如,參見圖3a-1,第一端10當前需針對其上一應用的數據流啟動一次傳輸事務,則可隨機生成一字符串,作為此次啟動的傳輸事務的事務標識。The transaction identifier field is used to indicate the transaction identifier of the transmission transaction (e.g., the transmission transaction ID). The transaction identifier can be a random string or a sequential numeric number. For example, referring to Figure 3a-1 , if the first end 10 currently needs to initiate a transmission transaction for the data stream of its previous application, it can randomly generate a string as the transaction identifier for the initiated transmission transaction.
報文大小字段,優選選取用於指示當前傳輸的一個結構化數據(如下文所述的針對第一數據塊生成的待發送的第一報文)的大小(或稱字節長度)。例如,以第一數據塊為例,在僅需為第一數據塊確定相應的報文頭情況下,報文大小字段的字段值便為報文頭與第一數據塊的總大小(即報文頭的大小+第一數據塊的大小)。當然在其他實施例中,報文大小字段也可以單純用於指示當前待傳輸的數據塊(如第一數據塊)的大小,本實施例對此不再限定。這裡需要補充說明的是,上述表3中的「報文大小」在本申請下文其他實施例中也被稱為「數據包大小」(如可參見下文涉及的表6或表72等)。The message size field is preferably selected to indicate the size (or byte length) of a structured data currently being transmitted (such as the first message to be sent generated for the first data block as described below). For example, taking the first data block as an example, if only the corresponding message header needs to be determined for the first data block, the field value of the message size field is the total size of the message header and the first data block (i.e., the size of the message header + the size of the first data block). Of course, in other embodiments, the message size field can also be used simply to indicate the size of the data block currently to be transmitted (such as the first data block), and this embodiment is not limited to this. It should be noted here that the "message size" in Table 3 above is also referred to as the "packet size" in other embodiments of this application below (such as Table 6 or Table 72 mentioned below).
塊總數字段,用於指示傳輸事務對應的數據流中數據塊的總數量;其中,總數量為設定值時,表示所述數據流為數據塊的數量未獲知的流。比如,若本實施例中的第一數據流是由對固定大小的文件數據或超文本數據進行劃分得到的多個數據塊組成,那麼相應地,塊總數字段的字段值便為多個數據塊的總數量(大於0);反之,若塊總數字段的字段值為設定值,比如為0時,表示第一數據流為無限大的流,比如第一數據流為監控設備的監控視頻、直播音視頻等數據流;再比如為-1時,則表示第一數據流為有限大但其包含的數據塊的數量暫時未知。需說明的是:由於一個數據塊對應一個報文,這裡的塊總數字段,也可理解為用於指示傳輸事務中需傳輸的報文的總數量。例如,以圖2a中示出的傳輸事務為例,則塊總數字段也可理解為報文0至報文N的總數量(即為N+1)。相應地,下述所述的當前塊號字段,也可理解為用於指示當前傳輸的報文的報文號。The Total Number of Blocks field is used to indicate the total number of data blocks in the data stream corresponding to the transmission transaction. A set value for the total number of blocks indicates that the data stream has an unknown number of data blocks. For example, if the first data stream in this embodiment is composed of multiple data blocks obtained by partitioning fixed-size file data or hypertext data, then the corresponding value of the Total Number of Blocks field is the total number of multiple data blocks (greater than 0). Conversely, if the value of the Total Number of Blocks field is a set value, such as 0, it indicates that the first data stream is an infinite stream, such as a surveillance video stream, live audio and video stream, or the like from a monitoring device. For another example, a value of -1 indicates that the first data stream is finite, but the number of data blocks it contains is currently unknown. It should be noted that since one data block corresponds to one message, the Total Blocks field can also be understood as indicating the total number of messages to be transmitted in the transmission transaction. For example, using the transmission transaction shown in Figure 2a, the Total Blocks field can also be understood as the total number of messages 0 through N (i.e., N+1). Correspondingly, the Current Block Number field described below can also be understood as indicating the message number of the message currently being transmitted.
當前塊號字段(也叫數據塊序列號字段),用於指示當前傳輸的數據塊的塊號(也即序列號)。The current block number field (also called the data block sequence number field) is used to indicate the block number (also known as the sequence number) of the data block currently being transmitted.
標注信息字段,可選的,用於指示傳輸事務相應的標注信息(備註信息),如傳輸事務對應的數據流的備註信息,比如備註為「重要」、備註數據流為文件流或者普通數據流等,或者標注傳輸的數據、文件的數據完整性校驗的哈希值,以便於如第二端(如服務端)等各端以及下文本其它實施例中所述的控制設備進行識別、閱讀、解析或安全控制等。The annotation information field is optional and is used to indicate the annotation information (remark information) corresponding to the transmission transaction, such as the remark information of the data stream corresponding to the transmission transaction, such as the remark as "important", the remark data stream as a file stream or a normal data stream, etc., or the hash value of the data integrity check of the marked transmitted data or file, so as to facilitate identification, reading, parsing or security control by various ends such as the second end (such as the server end) and the control device described in other embodiments of the text below.
基於上述在S21中對頭信息傳輸方式的相關介紹,一實施例中,上述S21「根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段」,可包括:Based on the above description of the header information transmission method in S21, in one embodiment, the above S21 "determining a target header field for the first data block from multiple header fields included in a default message header format based on the header information transmission method and relevant information of the first data block" may include:
S211、根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在所述第一數據流中的排序;S211: Determine the order of the first data block in the first data stream according to the block number of the first data block included in the relevant information;
S212、若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段;S212: If the header information transmission mode is the first mode, or the header information transmission mode is the second mode and the first data block is sorted last in the first data stream, or the header information transmission mode is the third mode and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields.
S213、若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。S213. If the header information transmission mode is the second mode and the data block is not sorted last in the first data stream, or if the header information transmission mode is the third mode and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
在上述S212的情況下,即如上述表3示出的預設報文頭格式包含的所有報頭字段(多個報頭字段),是為第一數據塊確定的目標報頭字段,則上述S22「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括如下步驟:In the case of S212 above, that is, all header fields (or multiple header fields) included in the default message header format shown in Table 3 above are target header fields determined for the first data block, then the above S22 "configuring the field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may specifically include the following steps:
S221、為所述第一傳輸事務確定第一端對應的第二預置字符串;S221. Determine a second preset character string corresponding to the first end for the first transmission transaction;
S222、根據所述第二預置字符串、所述第一事務信息包含的事務標識及傳輸事務屬性信息、以及所述第一數據塊的相關信息,配置所述目標報頭字段的字段值,得到為所述第一數據塊確定的第一報文頭;S222: Configure a field value of the target header field based on the second preset character string, the transaction identifier and transmission transaction attribute information included in the first transaction information, and relevant information of the first data block to obtain a first message header determined for the first data block.
其中,基於上述對預設報文頭格式的描述,上述為第一數據塊確定出的第一報文頭,可包括如下內容:第一端對應的第二預置字符串、第二端對應的第一預置字符串、傳輸事務的事務屬性標識、傳輸事務的事務標識、第一數據流中數據塊的總數量,第一數據塊的塊號、第一目標頭信息與第一數據塊的總大小、標注信息。Among them, based on the above description of the default message header format, the first message header determined for the first data block may include the following content: the second preset string corresponding to the first end, the first preset string corresponding to the second end, the transaction attribute identifier of the transmission transaction, the transaction identifier of the transmission transaction, the total number of data blocks in the first data stream, the block number of the first data block, the first target header information and the total size of the first data block, and annotation information.
上述第一端對應的第二預置字符串,為基於預置的第二預置字符串與事務種類的對應關係(可參見下文示出的表5),確定出的與第一數據流對應傳輸事務所屬的事務種類存有對應關係的第二預置字符串。第一端對應的第二預置字符串可為第一端的地址信息對應的字符串,或者第一端對應的第二預置字符串為用於隱藏第二端的地址信息的字符串。The second preset string corresponding to the first end is a second preset string determined to correspond to the transaction type of the transmission transaction corresponding to the first data stream based on the preset mapping between second preset strings and transaction types (see Table 5 below). The second preset string corresponding to the first end can be a string corresponding to the address information of the first end, or a string used to conceal the address information of the second end.
上述第二端對應的第一預置字符串,可直接從第一數據流對應第一傳輸事務的傳輸事務屬性信息中獲取。The first preset character string corresponding to the second end can be directly obtained from the transmission transaction attribute information of the first transmission transaction corresponding to the first data stream.
進一步地,若基於第一數據流對應第一傳輸事務的傳輸事務屬性信息,更具體地,如基於傳輸事務屬性信息中的事務屬性類型信息,確定在傳輸第一數據流中的數據塊時,需為數據塊添加相應的數據頭,此種情況下,可以僅為第一數據流中的第一個數據塊添加數據頭,若第一數據流包含多個數據塊,對多個數據塊中位於第一個數據塊之後的其它數據塊則可以無需添加數據頭。基於此,上述第一數據塊在所述第一數據流中排序第一或排序最後時,上述步驟S22中還可包括如下步驟:Furthermore, if, based on the transmission transaction attribute information of the first data stream corresponding to the first transmission transaction, more specifically, based on the transaction attribute type information in the transmission transaction attribute information, it is determined that a corresponding data header needs to be added to the data block when transmitting the data block in the first data stream, in this case, the data header can be added only to the first data block in the first data stream. If the first data stream includes multiple data blocks, the data header does not need to be added to the other data blocks located after the first data block in the multiple data blocks. Based on this, when the first data block is sorted first or last in the first data stream, the above-mentioned step S22 may further include the following steps:
S223、根據所述第一事務信息中所述第一傳輸事務的傳輸事務屬性信息,確定是否需要為所述第一數據塊添加數據頭;S223: Determine whether a data header needs to be added to the first data block based on the transmission transaction attribute information of the first transmission transaction in the first transaction information;
S224、確定需要時,根據所述第一數據流的流信息,為所述第一數據塊確定相應的數據頭;其中,所述數據頭與所述第一數據流適配、且符合預設數據頭格式要求。S224: When necessary, determine a corresponding data header for the first data block based on the stream information of the first data stream; wherein the data header is adapted to the first data stream and meets the preset data header format requirements.
上述S223中,具體是根據傳輸事務屬性信息中的事務屬性類型信息,來確定是否需要為第一數據塊添加數據頭,其中,事務屬性類型信息包含有但不限於如下內容:數據頭使用信息、第一數據流的傳輸方向、第一數據流的數據類型等,數據頭使用信息包括使用的數據頭的數據頭格式標識。有關對事務屬性類型信息包含的內容的具體介紹,可參見上文相關內容。更具體地,是根據事務屬性類型信息中的數據頭使用信息,來確定是否需要為第一數據塊添加數據頭。In S223 above, whether a data header needs to be added to the first data block is specifically determined based on the transaction attribute type information in the transmission transaction attribute information. The transaction attribute type information includes, but is not limited to, the following: data header usage information, the transmission direction of the first data stream, the data type of the first data stream, etc. The data header usage information includes a header format identifier for the data header used. For a detailed description of the content included in the transaction attribute type information, please refer to the relevant content above. More specifically, whether a data header needs to be added to the first data block is determined based on the data header usage information in the transaction attribute type information.
上述S224中,確定需要為第一數據塊添加數據頭時,進一步地可根據事務屬性類型信息中的數據頭使用信息,從預設的多個數據頭格式中選擇出適配的一個數據頭格式,以此基於第一數據流的流信息,按照選擇出的數據頭格式為第一數據塊生成相應的數據頭。即,上述S224“根據所述第一數據流的流信息,為所述第一數據塊確定相應的數據頭”的一具體可實現方案,可包括如下步驟:In S224 above, when it is determined that a data header needs to be added to the first data block, a suitable data header format may be further selected from multiple preset data header formats based on the data header usage information in the transaction attribute type information. Based on the flow information of the first data stream, a corresponding data header is generated for the first data block in accordance with the selected data header format. That is, a specific implementation of S224 above, "determining a corresponding data header for the first data block based on the flow information of the first data stream," may include the following steps:
S2241、基於所述傳輸事務屬性信息包含的數據頭使用信息,從預設的多個數據頭格式中選擇一個適配的數據頭格式;S2241. Select an adapted data header format from a plurality of preset data header formats based on the data header usage information included in the transmission transaction attribute information.
S2242、根據所述第一數據流的流信息,按照選擇出的數據頭格式生成所述數據頭。S2242. Generate the data header according to the selected data header format based on the flow information of the first data flow.
有關數據頭格式的描述,可參見上文通過表2a至表2e示出的若干個預設的數據頭格式。以及,有關上述S2241的具體實現,可參見上文對事務屬性類型信息詳述時所涉及到的相關內容,此處不作贅述。For a description of the data header format, please refer to the several default data header formats shown above in Tables 2a to 2e. Furthermore, for the specific implementation of S2241, please refer to the relevant content involved in the detailed description of the transaction attribute type information above, which will not be further described here.
上述S242中,第一數據流的流信息可包括但不限於:第一數據流的發送時間、第一數據流的屬性信息(如數據類型、第一數據流的大小、第一數據流的名稱等)、發送方地址、接收方地址等等。基於第一數據流的流信息,可以為選擇出的數據頭格式包含的多個字段配置相應的字段值,以此也就實現了為第一數據生成相應的數據頭。In S242 above, the flow information of the first data stream may include, but is not limited to: the transmission time of the first data stream, attribute information of the first data stream (such as data type, size of the first data stream, name of the first data stream, etc.), sender address, receiver address, etc. Based on the flow information of the first data stream, corresponding field values can be configured for the multiple fields included in the selected data header format, thereby generating a corresponding data header for the first data.
有上述內容,為第一數據塊確定出相應的第一目標頭信息(如報文頭,或者報文頭和數據頭)後,第一端10,可以對第一目標頭信息及第一數據進行整合,生成符合預設數據結構規則的待發送的第一報文。具體整合時,如參見圖3a-1中示出通過本實施例生成的一待發送的報文A1示例,若第一目標頭信息包含報文頭,可以將報文頭(即圖中示出的結構化的報文頭)添加在TCP/IP報文頭與第一數據塊之間;進一步地,若第一目標頭信息中還含有數據頭,則可將數據頭添加在報文頭與第一數據塊之間。上述第一目標頭信息,可用於校驗第一報文是否符合要求。With the above information, after determining the corresponding first destination header information (e.g., a message header, or a message header and data header) for the first data block, the first terminal 10 can integrate the first destination header information and the first data to generate a first message to be sent that conforms to the preset data structure rules. Specifically, as shown in Figure 3a-1, which illustrates an example of a message A1 to be sent generated by this embodiment, if the first destination header information includes a message header, the message header (i.e., the structured message header shown in the figure) can be added between the TCP/IP message header and the first data block. Furthermore, if the first destination header information also includes a data header, the data header can be added between the message header and the first data block. This first destination header information can be used to verify whether the first message meets the requirements.
針對圖3a-1中示出的報文A1,下表41示出了報文A1的報文結構格式示例: 表41
需說明的是:上述報文A1的報文結構格式除了包括上述表41示出的內容外,還可包括如圖3a-1中示出的TCP/IP報文頭、TCP/IP報文尾等,表41中未示出。It should be noted that the message structure format of the above message A1, in addition to the content shown in the above Table 41, may also include the TCP/IP message header, TCP/IP message tail, etc. as shown in Figure 3a-1, which are not shown in Table 41.
在上述S213的情況下,即如上述表3示出的預設報文頭格式包含的所有報頭字段(多個報頭字段)中的部分報頭字段(如事務標識字段),是為第一數據塊確定的目標報頭字段,則,上述S22「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括如下步驟:In the case of S213 above, that is, some header fields (such as the transaction identification field) among all header fields (or multiple header fields) included in the default message header format shown in Table 3 above are target header fields determined for the first data block, then S22 above, "configuring a field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block," may specifically include the following steps:
S221’、基於所述第一事務信息中所述第一傳輸事務的事務標識,配置所述目標報頭字段的字段值,得到為所述第一數據塊確定的第二報文頭;S221′: Based on the transaction identifier of the first transmission transaction in the first transaction information, configure the field value of the target header field to obtain a second message header determined for the first data block;
其中,所述第二報文頭包括所述事務標識。Wherein, the second message header includes the transaction identifier.
具體實施時,上述第一數據塊確定的目標報頭字段除了可包括預設報文格式中的事務標識字段外,還可包括其他報頭字段,如當前塊號字段,此情況下,可以根據第一傳輸事務的事務標識及第一數據塊的相關信息(具體第一數據塊的塊號),來配置目標報頭字段的字段值,相應得到的為第一數據塊確定的第二報文頭包含第一傳輸事務的事務標識、第一數據塊的塊號。另外,在本實例情況下,可不執行為第一數據塊添加數據頭。In a specific implementation, the target header field identified by the first data block may include not only the transaction identifier field in the default message format but also other header fields, such as the current block number field. In this case, the value of the target header field may be configured based on the transaction identifier of the first transmission transaction and relevant information about the first data block (specifically, the block number of the first data block). Accordingly, the second message header identified by the first data block includes the transaction identifier of the first transmission transaction and the block number of the first data block. Furthermore, in this example, adding a header to the first data block is not required.
有上內容,此實例下,第一端10,通過對為第一數據塊確定的第一目標頭信息(報文頭(包含事務標識、第一數據塊的塊號(可選)))及第一數據進行整合,生成的第一報文的報文格式可參見下表42。 表42
第一端10生成待發送的第一報文後,可以根據第二端對應的第一預置字符串所確定出的第二端的地址信息,將第一報文發送至第二端20。第二端20接收到第一端發送過來的第一報文後,可基於本實施例所配置的第一端與第二端間的數據傳輸安全控制信息,對接收到的第一報文進行校驗。校驗時,具體是校驗第一報文中包含的目標頭信息(如報文頭、數據頭)是否符合預設要求,例如,第一報文的報文頭的格式是否符合預設要求、報文頭中的事務屬性標識是否已註冊等等,有關數據傳輸安全控制信息及根據數據傳輸安全控制信息校驗報文的具體實現,將會在本申請提供的其他實施例中展開詳述,此處不作贅述。第二端20經校驗確定接收到的報文符合要求時,可執行從第一報文中獲取並緩存第一數據塊。After the first end 10 generates the first message to be sent, it can send the first message to the second end 20 based on the address information of the second end determined by the first preset character string corresponding to the second end. After the second end 20 receives the first message sent by the first end, it can verify the received first message based on the data transmission security control information between the first end and the second end configured in this embodiment. During the verification, it is specifically to verify whether the target header information (such as the message header, data header) contained in the first message meets the preset requirements, for example, whether the format of the message header of the first message meets the preset requirements, whether the transaction attribute identifier in the message header has been registered, etc. The specific implementation of the data transmission security control information and the verification of the message based on the data transmission security control information will be expanded in detail in other embodiments provided in this application and will not be repeated here. When the second end 20 verifies that the received message meets the requirements, it can obtain and cache the first data block from the first message.
上述描述的方案,在如圖3a-1示出的第一端10與第二端20採用TCP/IP協議直接進行通信這個場景下,主要是從對需傳輸的數據進行結構化角度來實現數據安全防護的,相對於現存的採用TCP/IP協議進行傳輸數據方案,實現了對傳輸數據內容的安全性管理。The above-described solution, in the scenario where the first end 10 and the second end 20 communicate directly using the TCP/IP protocol as shown in Figure 3a-1, mainly implements data security protection from the perspective of structuring the data to be transmitted. Compared with existing solutions that use the TCP/IP protocol for data transmission, it realizes security management of the content of the transmitted data.
為了第一端10能夠實現上述所述的方案,以及進一步地可提高對傳輸數據內容的安全性管理,防止第一端10上第一應用可隨意調用第一端上的網絡接口,以任意地直接向第二端20發送數據,基於上述圖3a-1示出的場景,可以採用如下兩種技術方案來達到上述所述的進一步想要達到的效果:In order for the first end 10 to implement the above-described solution and further improve the security management of the transmitted data content, thereby preventing the first application on the first end 10 from arbitrarily calling the network interface on the first end to arbitrarily send data directly to the second end 20, based on the scenario shown in FIG. 3a-1 , the following two technical solutions can be adopted to achieve the above-described further desired effect:
一具體可實現技術方案為:在第一端10上安裝「控制軟件」(其功能類似於下文所述的第二種方案中的控制設備的功能)。具體實施時,根據上文所述的預置字符串的兩種情況,可以在第一端10上安裝不同類型的「控制軟件」。具體地,A specific technical solution that can be implemented is to install "control software" on the first end 10 (its function is similar to the function of the control device in the second solution described below). In specific implementation, different types of "control software" can be installed on the first end 10 according to the two situations of the preset character strings described above. Specifically,
情況11、預置字符串(如第二端對應的第一預置字符串、第一端10對應的第二預置字符串)不具有隱藏相應端的地址信息(如預置字符串為相應端的IP地址)作用Case 11: The preset string (such as the first preset string corresponding to the second end, the second preset string corresponding to the first end 10) does not have the function of hiding the address information of the corresponding end (such as the preset string is the IP address of the corresponding end).
如參見圖3b,在上述情況11下,可以在第一端10上應用內安裝第一控制模塊11,用於完成針對應用需向第二端20傳輸的數據生成相應待傳輸的第一報文並進行發送、以及對接收到的報文(如從第二端20發送過來的第二報文)進行識別、校驗(審計)等各種控制功能。在上述第一控制模塊11中,會事先預置有上文所述的多個傳輸事務屬性信息(如表1b所示)、預設的報文頭格式、預設的數據頭格式等各種預置信息,第一端10向第二端20傳輸第一數據流(為第一端上第一應用的數據流)中的第一數據塊時,第一數據塊會先發送至相應第一應用中的第一控制模塊11,由第一控制模塊11針對第一數據塊生成相應待發送的第一報文,並根據第二端20的地址信息,將第一報文通過中間網絡設備發送至第二端20。有關第一控制模塊11生成第一報文的具體實現,可參見本申請上下文中相關內容。As shown in Figure 3b, in the above-described scenario 11, a first control module 11 can be installed within the application on the first end 10 to perform various control functions, such as generating and sending a corresponding first message to be transmitted in response to data to be transmitted by the application to the second end 20, as well as identifying and verifying (auditing) received messages (such as the second message sent from the second end 20). The first control module 11 is pre-configured with various preset information, including the multiple transmission transaction attribute information (as shown in Table 1b), a preset message header format, and a preset data header format. When the first end 10 transmits a first data block in a first data stream (the data stream of the first application on the first end) to the second end 20, the first data block is first sent to the first control module 11 in the corresponding first application. The first control module 11 then generates a corresponding first message to be sent based on the first data block and, based on the address information of the second end 20, sends the first message to the second end 20 via an intermediate network device. For details on how the first control module 11 generates the first message, please refer to the relevant content in the context of this application.
進一步地,同時也可以在中間網絡設備(如交換機、路由器、防火牆等)安裝第四控制模塊(圖中未示出),以進一步地對第一報文進行識別、校驗(或說監測與攔截)。上述第四控制模塊內預置的信息以及相應可實現的功能,可類似於上述所述的第一控制模塊11或下文所述的第二控制模塊12。具體實施時,第一應用內的第一控制模塊11生成待發送的第一報文後,可調用第一端10上的網絡接口,根據第二端的地址信息(為第二端對應的第一預置字符串),按TCP/IP協議會先將第一報文發送至中間網絡設備。中間網絡設備內的第四控制模塊根據自身內存儲的預置信息(如多個傳輸事務屬性信息、報文頭格式等),對第一報文中包含的第一目標頭信息進行校驗,確定第一報文是否符合要求,並在符合要求時才執行根據第二端的地址信息,將第一報文發送至第二端20。Furthermore, a fourth control module (not shown) can also be installed on an intermediate network device (such as a switch, router, firewall, etc.) to further identify and verify (or monitor and intercept) the first message. The preset information and corresponding achievable functions within the aforementioned fourth control module can be similar to those of the first control module 11 described above or the second control module 12 described below. In specific implementations, after the first control module 11 within the first application generates the first message to be sent, it can call the network interface on the first end 10 and, based on the address information of the second end (the first preset string corresponding to the second end), send the first message to the intermediate network device according to the TCP/IP protocol. The fourth control module within the intermediate network device verifies the first destination header information contained in the first message based on preset information stored therein (such as multiple transmission transaction attribute information, message header format, etc.) to determine whether the first message meets the requirements. Only when the requirements are met does the fourth control module execute the first message to be sent to the second end 20 based on the address information of the second end.
或者,中間網絡設備上的第四控制模塊,也可以不具有如第一控制模塊11所具有的生成報文、校驗、攔截等功能,僅單純具有日誌審計功能,用於對接收到的報文進行記錄、分析,以生成相應傳輸事務的日誌信息。例如,中間網絡設備接收到第一端發送過來的第一報文後,可利用自身內的第四控制模塊對第一報文進行解析,以根據解析出第一數據塊以及第一數據塊的第一目標頭信息,生成第一數據塊對應的日誌並記錄在第一傳輸事務的日誌表中,其中,日誌表中每個日誌的日誌內容可包括但不限於:相應數據塊的報文頭、數據頭(可選)、第一傳輸事務的傳輸事務屬性信息等。通過第一傳輸事務的日誌表,可以直觀分析第一傳輸事務相關的網絡數據流量。Alternatively, the fourth control module on the intermediate network device may not have the message generation, verification, and interception functions of the first control module 11, but may simply have a log auditing function for recording and analyzing received messages to generate log information for the corresponding transmission transaction. For example, after receiving a first message sent by the first end, the intermediate network device may utilize its own fourth control module to parse the first message. Based on the parsed first data block and the first destination header information of the first data block, it may generate a log corresponding to the first data block and record it in the log table of the first transmission transaction. The log content of each log in the log table may include, but is not limited to, the message header and data header (optional) of the corresponding data block, and transmission transaction attribute information of the first transmission transaction. Through the log table of the first transmission transaction, you can intuitively analyze the network data traffic related to the first transmission transaction.
由上內容,在圖3b示出的情況下,上述第一端10上的第一控制模塊11在用於根據所述第二端的地址信息,將生成的第一報文發送至第二端20時,具體可用於:From the above, in the case shown in FIG3b, the first control module 11 on the first end 10, when used to send the generated first message to the second end 20 according to the address information of the second end, can be specifically used to:
根據所述第二端的地址信息,將所述第一報文發送至中間網絡設備,以通過所述中間網絡設備發送至所述第二端;sending the first message to an intermediate network device according to the address information of the second end, so as to be sent to the second end through the intermediate network device;
其中,所述中間網絡設備在將所述第一報文發送至所述第二端之前,還執行如下中的任一項:對所述第一報文包含的第一目標頭信息進行校驗;根據所述第一報文,生成所述第一傳輸事務的日誌信息。Before sending the first message to the second end, the intermediate network device further performs any one of the following: verifying the first destination header information contained in the first message; generating log information of the first transmission transaction based on the first message.
有關日誌信息的描述,可參見上文對日誌表的敘述。具體對第一目標頭信息校驗的具體實現,可參見本申請上下文其他實施例中相關內容,此處不作贅述。For a description of the log information, please refer to the description of the log table above. For the specific implementation of the first target header information verification, please refer to the relevant content in other embodiments in the context of this application and will not be repeated here.
這裡需要補充說明的是,上述第一控制模塊11需由應用程序的開發人員進行開發,以實現上述所述的功能,且在上述圖3b所示的場景下,只有應用單獨參與通信活動。It should be noted that the first control module 11 needs to be developed by the application developer to implement the above functions, and in the scenario shown in FIG3b , only the application participates in the communication activities.
情況下12、預置字符串用於隱藏相應端的地址信息(如預置字符串為隨機生成的隨機字符串,其關聯的關聯信息包含相應端的地址信息)In case 12, the preset string is used to hide the address information of the corresponding end (for example, the preset string is a randomly generated random string, and its associated information contains the address information of the corresponding end)
在上述情況下,如參見圖3c,可在第一端10上應用外部安裝獨立的第二控制模塊12,用於完成針對需向第二端20傳輸的數據生成相應待傳輸的報文並進行發送、以及對接收到的報文(如從第二端20發送過來的報文)進行識別、校驗(監測、攔截)等各種控制功能。在這種方式下,第一端10上應用的通信均需要經第二控制模塊12進行,可以用預置字符串(如隨機字符串)隱藏相應端的地址信息(如IP地址),並預設在第二控制模塊12中。比如,第二控制模塊12中預置的多個傳輸事務屬性信息中包含的第二端對應的第一預置字符串,用於隱藏第二端的地址信息。當第一端10需向第二端20傳輸應用的第一數據流的第一數據塊時,第一數據塊會先發送至第二控制模塊12。第二控制模塊12根據自身內預置的預置信息(如多個傳輸事務屬性信息、報文頭格式等),針對接收到的第一數據塊生成相應待發送的報文,並將生成的報文發送至第二端。有關第一控制模塊12生成報文的具體實現,可參見本申請上下文中相關內容。In the above scenario, as shown in FIG3c , a second control module 12 can be externally installed and independently installed on the first end 10 to perform various control functions, such as generating and sending messages corresponding to data to be transmitted to the second end 20, as well as identifying and verifying (monitoring, intercepting) received messages (e.g., messages sent from the second end 20). In this manner, all communications applied on the first end 10 must pass through the second control module 12. A preset string (e.g., a random string) can be used to hide the address information (e.g., IP address) of the corresponding end, and this string can be preset in the second control module 12. For example, the first preset string corresponding to the second end, included in the multiple transmission transaction attribute information preset in the second control module 12, is used to hide the address information of the second end. When the first end 10 needs to transmit a first data block of a first data stream of an application to the second end 20, the first data block is first sent to the second control module 12. Based on its own preset information (such as multiple transmission transaction attributes and message header formats), the second control module 12 generates a corresponding message to be sent for the received first data block and sends the generated message to the second end. For details on how the first control module 12 generates the message, please refer to the relevant content in the context of this application.
或者,如參見圖3d,可以在第一端10上應用內安裝第一控制模塊11的同時,在應用外部也安裝有第二控制模塊12。當第一端10需向第二端20傳輸應用的第一數據流的第一數據塊時,第一控制模塊11可用於根據自身內預置信息確定第一數據流對應傳輸事務的事務屬性標識,並將事務屬性標識及第一數據塊發送至第二控制模塊12,由第二控模塊12根據事務屬性標識及第一數據塊,生成待發送的第一報文以發送至第二端20。有關第二控制模塊12生成第一報文的具體實現,可參見本申請上下文中相關內容。Alternatively, as shown in FIG3d , a first control module 11 can be installed within the application on the first end 10 while a second control module 12 can also be installed outside the application. When the first end 10 needs to transmit a first data block of a first data stream of the application to the second end 20, the first control module 11 can be configured to determine the transaction attribute identifier of the transmission transaction corresponding to the first data stream based on its own preset information, and send the transaction attribute identifier and the first data block to the second control module 12. The second control module 12 then generates a first message to be sent based on the transaction attribute identifier and the first data block, and sends it to the second end 20. For details on how the second control module 12 generates the first message, please refer to the relevant content in the context of this application.
這裡需要補充說明的是,針對上述情況12,結合圖3c及圖3d描述的兩種方案,進一步地,均可同上述情況11,也可以在中間網絡設備(如交換機、路由器、防火牆等)安裝上述所述的第四控制模塊,以進一步地對第一報文進行識別、校驗(或說監測與攔截),有關具體實現可參見情況11相關內容。或者,上述中間網絡設備也可以不具有校驗功能,只單純具有日誌審計功能(作為用於分析傳輸事務數據的日誌審計的軟件應用)。It should be noted that, in conjunction with the two solutions described in Figures 3c and 3d , for Situation 12, similar to Situation 11, the aforementioned fourth control module can also be installed on an intermediate network device (such as a switch, router, firewall, etc.) to further identify and verify (or monitor and intercept) the first message. For specific implementation details, please refer to the relevant content of Situation 11. Alternatively, the intermediate network device may not have a verification function and may simply have a log audit function (as a log audit software application for analyzing transmitted transaction data).
另外,上述第二控制模塊12為獨立的控制程序,其能夠根據自身內預置的預置信息,獲取到第二端對應的第一預置字符串,並根據第一預置字符串,獲取第二端真實的地址信息;然後,調用第一端10對應的網絡接口,按照第二端真實的地址信息,通過TCP/IP協議將第一報文轉發至第二端20。關於上述第二控制模塊12將第一報文發送第二端20的具體實現原理,可參見下文其他實施例中結合圖4a所描述的第一控制設備31A將第一報文發送至第二端20的原理。上述第二控制模塊12類似於如軟件防火牆、殺毒軟件的網絡控制功能,能對諸如普通權限的應用進行網絡流量控制,使普通權限的應用無法直接調用通用第一端的網絡接口進行訪問網絡,必須需經過第二控制模塊12提供的接口進行訪問網絡。Furthermore, the second control module 12 is an independent control program that, based on pre-configured information within itself, can obtain a first pre-configured string corresponding to the second end and, based on the first pre-configured string, obtain the actual address information of the second end. It then calls the network interface corresponding to the first end 10 and, based on the actual address information of the second end, forwards the first message to the second end 20 via the TCP/IP protocol. For details on the specific implementation of the second control module 12 sending the first message to the second end 20, please refer to the principle of the first control device 31A sending the first message to the second end 20 described in conjunction with FIG. 4a in other embodiments below. The second control module 12 is similar to the network control function of a software firewall or antivirus software, and can control the network traffic of applications with ordinary permissions, so that applications with ordinary permissions cannot directly call the network interface of the universal first end to access the network. They must access the network through the interface provided by the second control module 12.
另一具體可實現技術方案為:在第一端10與第二端20之間增設相應的控制設備,採用物理特殊控制等方式來更進一步地提高數據安全的防護和控制能力等。其中,在一些實施例中,控制設備可以為第一端10與第二端20的外部設備,此情況下,參見圖7a和圖7b所示,控制設備30的具體形態可以是如圖7a示出的臺式形態,或者也可以是如圖7b示出的便攜式形態,此處不作限定。具體實施時,如圖7a或圖7b所示,控制設備30具體可包括但不限於如下結構部件:顯示觸摸屏(或顯示屏)、無線模塊(如在物理層上部署的WiFi(Wireless Fidelity,無線網絡技術)模塊、移動蜂窩網絡(3G、4G、5G)模塊、藍牙模塊、LoRa(為一種基於擴頻技術的遠距離無線傳輸技術)模塊)、等,圖7a和圖7b中未示出,可參見圖7c中示出的無線模塊32)、操作按鈕33、天線34以及外設接口31。天線34用於如藍牙、wifi、移動蜂窩網絡(如3G、4G、5G)等無線通信的網絡信號收發。外設接口31為有線傳輸的接口,用於使控制設備通過數據線與其它設備連接。由上,外設接口31也可稱為有線接口。具體實施時,外設接口31可包括用於連接網絡的網線接口311(也叫局域網接口,如以太網接口、光纖接口、雙絞線接口等)、用於總線通信的總線接口312(如USB(Universal Serial Bus,通用串行總線)接口、SPI(Serial Peripheral Interface,串行外設接口)接口等)。有關上述所述的控制設備30包括的結構部件的具體作用,可參見下文相關內容。Another specific technical solution is to add a corresponding control device between the first end 10 and the second end 20, and adopt physical special control methods to further enhance data security protection and control capabilities. In some embodiments, the control device can be an external device between the first end 10 and the second end 20. In this case, referring to Figures 7a and 7b, the specific form of the control device 30 can be a desktop device as shown in Figure 7a, or a portable device as shown in Figure 7b, without limitation. In a specific implementation, as shown in FIG7a or FIG7b , the control device 30 may specifically include but is not limited to the following structural components: a display touch screen (or display screen), a wireless module (such as a WiFi (Wireless Fidelity, wireless network technology) module deployed on the physical layer, a mobile cellular network (3G, 4G, 5G) module, a Bluetooth module, a LoRa (a long-distance wireless transmission technology based on spectrum expansion technology) module), etc., not shown in FIG7a and FIG7b , refer to the wireless module 32 shown in FIG7c ), an operation button 33, an antenna 34, and a peripheral interface 31. Antenna 34 is used for transmitting and receiving network signals for wireless communications such as Bluetooth, Wi-Fi, and mobile cellular networks (e.g., 3G, 4G, and 5G). Peripheral interface 31 is a wired transmission interface used to connect the control device to other devices via a data cable. Therefore, peripheral interface 31 can also be referred to as a wired interface. In specific implementations, peripheral interface 31 may include a network cable interface 311 (also called a local area network interface, such as an Ethernet interface, an optical fiber interface, or a twisted pair interface) for connecting to a network, and a bus interface 312 (such as a USB (Universal Serial Bus) interface or an SPI (Serial Peripheral Interface) interface) for bus communication. For details on the specific functions of the structural components of the control device 30 described above, please refer to the relevant content below.
在其他一些實施例中,控制設備還可以為能夠集成於第一端10和/或第二端20內部的設備,此種情況下,控制設備的具體形態可以為類似於集成顯卡的單一芯片或擴展卡形態,可集成於第一端10或第二端20的主板中;或者,控制設備的具體形態也可以是類似於獨立顯卡形態,能夠集成於第一端10或第二端20的主機中,此處不作限定。具體實施時,如參見圖7c所示,在控制設備的形態為芯片或擴展卡形態情況下,控制設備30可具體包括但不限於如下結構部件:無線模塊32、板間接口313、天線34、外設接口31’。板間接口313可以為但不限於PCIE(peripheral component interconnect express)接口,PCIE接口是一種高速串行計算機擴展總線標準接口,在本實施例中,通過PCIE接口可將控制設備30與如第一端10的主板連接。外設接口31’可包括第一類型外設接口311’和第二類型外設接口312’。第一類型外設接口311’可以為USB複合設備接口,通過該接口能夠將控制設備與如第一端的顯示屏連接並進行控制操作,以通過如第一端的顯示屏顯示相應的一些內容(如顯示詢問信息、顯示傳輸事務的名稱等等),並進行操作。通過在控制設備進行獨立的顯示與操作,可以與計算機的驅動程序進行有效隔離,避免重要操作在計算機上進行(計算機可能被惡意控制)。第二類型外設接口312’可為但不限於USB接口、網線接口等。有關無線模塊32、天線34及網線接口的具體介紹,可參見上文相關內容。In other embodiments, the control device can also be a device that can be integrated within the first end 10 and/or the second end 20. In this case, the control device can be in the form of a single chip or expansion card similar to an integrated graphics card, which can be integrated into the motherboard of the first end 10 or the second end 20. Alternatively, the control device can be in the form of a standalone graphics card, which can be integrated into the host computer of the first end 10 or the second end 20. This is not limited here. In a specific implementation, as shown in Figure 7c, if the control device is in the form of a chip or expansion card, the control device 30 can specifically include, but is not limited to, the following structural components: a wireless module 32, an inter-board interface 313, an antenna 34, and a peripheral interface 31'. The inter-board interface 313 may be, but is not limited to, a PCIE (Peripheral Component Interconnect Express) interface. The PCIE interface is a high-speed serial computer expansion bus standard interface. In this embodiment, the control device 30 can be connected to a motherboard, such as the first end 10, via the PCIE interface. The peripheral interface 31' may include a first-type peripheral interface 311' and a second-type peripheral interface 312'. The first-type peripheral interface 311' may be a USB composite device interface, through which the control device can be connected to a display, such as the first end, and control operations can be performed, so that corresponding content (such as query information, the name of the transmission transaction, etc.) can be displayed on the display, such as the first end, and operations can be performed. By performing independent display and operation on the control device, it can be effectively isolated from the computer's driver, preventing critical operations from being performed on the computer (which could potentially be maliciously controlled). The second type of peripheral interface 312' can be, but is not limited to, a USB interface, a network cable interface, etc. For a detailed description of the wireless module 32, antenna 34, and network cable interface, please refer to the relevant content above.
在以下介紹本實施例提供的另一具體可實現技術方案時,將以控制設備30為第一端10和第二端20的外部設備為例進行詳述本方案。When introducing another specific achievable technical solution provided by this embodiment below, the control device 30 will be taken as an example to describe this solution in detail, as an external device with a first end 10 and a second end 20.
這裡需要補充說的是,在採用增設控制設備來提高不同端間數據傳輸安全的防護和控制的情況下,不同端上是部署有相應控制設備的設備驅動(也可叫設備驅動程序)或API(Application Programming Interface,應用程序編程接口)接口或SDK(Software Development Kit)的。端上的應用通過API(或SDK)接口可訪問相應控制設備的設備驅動。圖6a中示出了在第一端10和第二端20上分別部署的相應控制設備的設備驅動及API接口的示例,此示例為針對下文所述的第二可能實施例(即在第一端10和第二端20間增設兩個控制設備)示出的。It's important to note that when adding control devices to enhance the security and control of data transmission between different endpoints, each endpoint is equipped with a device driver (also called a device driver), an API (Application Programming Interface), or an SDK (Software Development Kit) for the corresponding control device. Applications on the endpoints access the device driver for the corresponding control device via the API (or SDK). Figure 6a shows an example of the device driver and API interface for the corresponding control device deployed on the first endpoint 10 and the second endpoint 20, respectively. This example is for the second possible embodiment described below (i.e., adding two control devices between the first endpoint 10 and the second endpoint 20).
基於上述內容,第一可能實施例中,可以在第一端與第二端之間增設一個第一控制設備,第一端10可通過該第一控制設備實現將第一報文發送至第二端20。即,如參見圖4a至圖4c所示,本實施例提供的所述系統還可包括:第一控制設備31A,第一控制設備31A與第一端10和第二端20均通信連接。Based on the above, in a first possible embodiment, a first control device can be added between the first and second ends. The first end 10 can use this first control device to send the first message to the second end 20. Specifically, as shown in Figures 4a to 4c, the system provided in this embodiment may further include a first control device 31A, which is communicatively connected to both the first end 10 and the second end 20.
具體實施時,第一控制設備31A與第一端10和第二端20進行通信連接的場景,可包括但不限於如下給出的幾個較為具體場景:In a specific implementation, the scenarios in which the first control device 31A communicates with the first end 10 and the second end 20 may include but are not limited to the following more specific scenarios:
場景11:如參見圖4a和圖4b,假設第一端10與第二端20互為遠端、第一控制設備31A部署在如第一端10所在的場地,則第一端10可通過非網絡連接的通信接口與第一控制設備31A連接,進行近距離通信;其中,非網絡連接的通信接口,可為總線接口(如USB接口、SPI接口)或者也可為無線接口(如通過Wifi模塊、藍牙模塊等實現的接口)。為減少遠端通信成本,第二端20可通過網絡接口、並借助於中間網絡設備(如交換機、路由器),仍採用TCP/IP協議與第一控制設備31A連接,進行遠距離通信。上述網絡接口可為有線接口,比如雙絞線以太網接口、光纖接口等網線接口;或者也可為無線接口,比如通過3G模塊、4G模塊、5G模塊或衛星通訊模塊等實現的接口。Scenario 11: As shown in Figures 4a and 4b, assuming that first end 10 and second end 20 are remote from each other and first control device 31A is deployed at a location similar to first end 10, first end 10 can connect to first control device 31A via a non-network communication interface for short-range communication. The non-network communication interface can be a bus interface (such as a USB interface or SPI interface) or a wireless interface (such as an interface implemented via a Wi-Fi module or Bluetooth module). To reduce remote communication costs, second end 20 can connect to first control device 31A via a network interface and, with the aid of an intermediate network device (such as a switch or router), still utilize the TCP/IP protocol for remote communication. The above-mentioned network interface can be a wired interface, such as a twisted-pair Ethernet interface, an optical fiber interface, or other network cable interface; or it can also be a wireless interface, such as an interface implemented by a 3G module, a 4G module, a 5G module, or a satellite communication module.
在該場景11下,第一端可徹底不使用網絡通信(不使用網卡),當然也可以使用網絡與其他端(如第三端)進行正常網絡通信。針對此,下面針對場景11做一個補充場景描述:如參見圖4e,第一端在與控制設備進行非網絡連接的同時,還可與第三端進行正常的網絡連接(同時還使用網卡情況),以此使得第一端既能通過非網絡連接和控制設備隱藏與第二端的通訊,同時第一端又能通過網絡連接與第三端通訊,不影響正常的網絡通訊。In this scenario 11, the first end can completely bypass network communication (not using a network card), while still being able to communicate normally with other ends (such as a third end) using the network. To address this, the following supplementary scenario description for scenario 11 is provided: As shown in Figure 4e, the first end can simultaneously establish a non-network connection with the control device and a normal network connection with the third end (while also using a network card). This allows the first end to conceal its communication with the second end through the non-network connection and the control device, while simultaneously communicating with the third end through the network connection, without affecting normal network communication.
有關此場景11的相關益處詳述,可參見下文中結合圖6a和圖6b所描述的相關內容。For a detailed description of the benefits of this scenario 11, please refer to the following description in conjunction with FIG. 6a and FIG. 6b.
場景12:如參見圖4c,假設第一端10與第二端20互為近端,比如二者均在同一場地,第一控制設備31A部署在第一端10和第二端20所在場地,則可利用第一端10、第一控制設備31A及第二端20各自上的有線接口(如USB接口等總線接口、雙絞線以太網接口等網線接口),採用有線方式使第一控制設備31A分別與第一端10和第二端20進行通信連接。當然在其他實施例中,也可利用第一端10、第一控制設備31A及第二端20各自上的無線模塊,採用如WiFi、藍牙等近場通信的無線方式,使第一控制設備31A分別與第一端10和第二端20進行通信連接。Scenario 12: As shown in Figure 4c, assuming that first end 10 and second end 20 are near each other, for example, they are located in the same location, and first control device 31A is deployed at the same location as first end 10 and second end 20, first control device 31A can be connected to first end 10 and second end 20 via a wired communication method using wired interfaces (e.g., bus interfaces such as USB interfaces, network interfaces such as twisted-pair Ethernet interfaces) on each of first end 10, first control device 31A, and second end 20. Of course, in other embodiments, wireless modules on each of first end 10, first control device 31A, and second end 20 can also be used to connect first control device 31A to first end 10 and second end 20 using a wireless near-field communication method such as WiFi or Bluetooth.
場景13:如參見圖4d或圖5a,假設第一端10與第二端20互為遠端、第一控制設備31A部署在距離第一端10及第二端20均比較遠的場地,則:第一控制設備31A分別與第一端10和第二端20均採用TCP/IP協議進行網絡連接。Scenario 13: As shown in Figure 4d or Figure 5a, assume that first end 10 and second end 20 are remote from each other, and first control device 31A is deployed at a location relatively far from both first end 10 and second end 20. In this case, first control device 31A establishes a network connection with both first end 10 and second end 20 using the TCP/IP protocol.
下面以第一端10通過USB接口與第一控制設備31A連接為例,詳述一下第一端10接入第一控制設備31A的具體實現。The following takes the case where the first end 10 is connected to the first control device 31A via a USB interface as an example to describe in detail the specific implementation of the first end 10 connecting to the first control device 31A.
在介紹第一端10接入第一控制設備31A的具體實現之前,先介紹說明一下需針對第一端10預先創建的配置文件。如參見圖9所示,為第一端10預先創建的配置文件中至少包含如下的內容信息:設備接入配置信息、數據傳輸交換配置信息、及數據傳輸安全控制信息;其中,Before introducing the specific implementation of the first terminal 10 accessing the first control device 31A, we first introduce the configuration file that needs to be pre-created for the first terminal 10. As shown in Figure 9, the configuration file pre-created for the first terminal 10 includes at least the following content information: device access configuration information, data transmission exchange configuration information, and data transmission security control information;
一、設備接入配置信息,可包括但不限於如下內容項:1. Device access configuration information may include but is not limited to the following:
1)控制設備的描述符集合,其中,描述符集合中包括但不限於如下內容:1) A descriptor set for controlling the device, including but not limited to the following:
①設備描述符,比如:控制設備所使用的的類代碼、協議(如TCP/IP協議、USB協議、藍牙協議等),控制設備的廠商ID、設備ID、產品型號ID等。① Device descriptors, such as the class code and protocol used by the control device (such as TCP/IP protocol, USB protocol, Bluetooth protocol, etc.), the manufacturer ID, device ID, and product model ID of the control device.
②配置描述符,比如:控制設備的接口數量、控制設備的屬性(如電流需求)等。② Configuration descriptors, such as the number of interfaces of the control device, the properties of the control device (such as current requirements), etc.
③接口描述符,比如接口類型、接口使用的協議(如USB接口使用的為USB協議,網絡接口如使用的為TCP/IP協議等)。③Interface descriptors, such as the interface type and the protocol used by the interface (for example, a USB interface uses the USB protocol, a network interface uses the TCP/IP protocol, etc.).
④端點描述符,比如:使能的傳輸方向為IN、OUT或IN/OUT的端點集合,以及各端點的屬性信息(或說配置信息,如端點號、端點類型等)、傳輸方式(如以USB協議為例,可包括控制傳輸、批量傳輸、中斷傳輸、等時傳輸等)。需說明的是,一台控制設備,其IN/OUT端點可以有多組,例如5組,5個IN端點(輸入端點)、5個OUT端點(輸出端點),或者不對稱,例如3個IN端點、7個OUT端點,用於數據的高速傳輸;同時也可以只有IN端點或者只有OUT端點的情況,用於數據的單向傳輸,此處不作限定。④ Endpoint descriptors, such as: a set of endpoints with enabled transmission directions of IN, OUT, or IN/OUT, as well as attribute information (or configuration information, such as endpoint number and endpoint type) for each endpoint, and transmission methods (for example, in the case of the USB protocol, this may include control transmission, bulk transmission, interrupt transmission, isochronous transmission, etc.). It should be noted that a control device can have multiple sets of IN/OUT endpoints, such as five, with five IN endpoints (input endpoints) and five OUT endpoints (output endpoints), or an asymmetric set, such as three IN endpoints and seven OUT endpoints, for high-speed data transmission. It is also possible to have only IN endpoints or only OUT endpoints for unidirectional data transmission, but this is not limited here.
⑤字符串描述符,為相關用於顯示的字符串,比如顯示的控制設備對應的廠商名稱、設備名稱、設備產品名稱等。⑤String descriptor, which is a string used for display, such as the manufacturer name, device name, and device product name corresponding to the displayed control device.
2)連接校驗信息(或叫接入校驗信息)2) Connection verification information (or access verification information)
連接校驗信息包括:第一校驗值(校驗值1)和第二校驗值(校驗值2),用於相應的端(如第一端)連接對應控制設備時的交互校驗。例如,參見圖4a,第一端10與第一控制設備31A建立通信連接過程中,第一端10向第一控制設備31A發送第一校驗值,第一校驗值用於校驗匹配;相應地,第一控制設備31A確定接收到的第一校驗值符合預設要求時,會向第一端10反饋第二校驗值。Connection verification information includes a first verification value (verification value 1) and a second verification value (verification value 2), which are used for mutual verification when the corresponding end (e.g., the first end) connects to the corresponding control device. For example, referring to Figure 4a, when the first end 10 establishes a communication connection with the first control device 31A, the first end 10 sends the first verification value to the first control device 31A for verification and matching. In response, when the first control device 31A determines that the received first verification value meets the preset requirements, it feeds the second verification value back to the first end 10.
3)登錄憑證信息。登錄憑證信息包括如下內容項:3) Login credential information. Login credential information includes the following items:
與控制設備的設備驅動相應的驗證信息,比如設備驅動的賬號、密碼等,用於當相應的端與對應的控制設備建立通信連接時,對相應的端自動發送的登錄憑證(即設備驅動相應的驗證信息)進行校驗。The authentication information corresponding to the device driver of the control device, such as the device driver account number and password, is used to verify the login certificate (i.e., the authentication information corresponding to the device driver) automatically sent by the corresponding end when the corresponding end establishes a communication connection with the corresponding control device.
與用戶進入控制設備的應用程序相關的驗證信息,比如用戶的用戶賬號、密碼,或者用戶的指紋、聲紋、人像等生物特徵數據等,以便能夠對相應端的使用人輸入的登錄憑證進行校驗。Verification information related to user access to the application of the control device, such as the user's user account and password, or the user's biometric data such as fingerprint, voiceprint, and portrait, so as to verify the login credentials entered by the user on the corresponding end.
二、數據傳輸交換配置信息,可包括但不限於如下內容項:2. Data transmission and exchange configuration information may include but is not limited to the following:
1)所支持的多個傳輸事務的傳輸事務屬性信息集合,用於相應的端在需向其對端傳輸數據時,創建相應的傳輸事務。有關傳輸事務屬性信息集合,可參見表1b。1) The set of transport transaction attribute information for the multiple transport transactions supported, used by the corresponding end to create the corresponding transport transaction when transmitting data to its peer. For details on the set of transport transaction attribute information, see Table 1b.
2)預置字符串的傳輸事務集合,可理解為,預置字符串關聯(或綁定)的傳輸事務集合,換句話也就是說,預置字符串與傳輸事務的對應關係,一個預置字符串可與一個或多個(兩個及以上)傳輸事務對應,用於數據傳輸交互和校驗。其中,預置字符串,是針對相應端上的預先註冊的服務(或者說能夠提供的服務)進行預置的字符串。2) A preset string transmission transaction set can be understood as a set of transmission transactions associated (or bound) with a preset string. In other words, a preset string corresponds to one or more (two or more) transmission transactions, used for data transmission interaction and verification. A preset string is a string preset for a pre-registered service (or service that can be provided) on the corresponding end.
在一實例中,上述預置字符串可以為隨機生成的、不具有規律性(或特定規律的)的隨機字符串或二進制值,其具有隱藏相應端的地址信息、或無法推測目標地址訪問方式等作用。例如,參見圖4b並以第一端10通過USB接口與第一控制設備31A通信連接為例,假設第一端10上預先註冊有一個文件交換服務,該文件交換服務指向網絡地址為192.***.1.2、端點號為1的第一控制設備31A,且此文件交換服務授權第二端20訪問,則針對上述所述的第一端10上預先註冊的服務,可預置一個第一端10對應的第二預置字符串C,該第二預置字符串C關聯的關聯信息可包括但不限於:第一端10的地址信息、文件交換服務、允許訪問信息(如第二端的IP地址),其中,第一端10的地址信息指向第一控制設備31A的IP地址(為192.***.1.2:1)。進一步地,若在上述文件交換服務下允許進行的數據交互包括向第二端請求網絡文件資源、向第二端上傳jpg文件,也即可理解為交換文件服務下包含有「請求網絡文件資源」傳輸事務、「上傳jpg文件」傳輸事務,則第一端10對應的第二預置字符串C綁定的傳輸事務為「請求網絡文件資源」傳輸事務和「上傳jpg文件」傳輸事務,換句話也就是說,第一端10對應的預置字符串C與「請求網絡文件資源」傳輸事務和「上傳jpg文件」傳輸事務這兩個傳輸事務存在對應關係。In one example, the preset character string may be a randomly generated, irregular (or irregular) random character string or binary value, which has the effect of hiding the address information of the corresponding end or making it impossible to infer the target address access method. For example, referring to FIG. 4b , and taking the example of the first end 10 being communicatively connected to the first control device 31A via a USB interface, it is assumed that a file exchange service is pre-registered on the first end 10, and that the file exchange service points to the first control device 31A with a network address of 192.***.1.2 and an endpoint number of 1, and that the file exchange service authorizes access by the second end 20. For the service pre-registered on the first end 10, a second preset string C corresponding to the first end 10 may be preset. The associated information associated with the second preset string C may include, but is not limited to: the address information of the first end 10, the file exchange service, and access permission information (such as the IP address of the second end). The address information of the first end 10 points to the IP address of the first control device 31A (192.***.1.2:1). Furthermore, if the data interaction allowed under the above-mentioned file exchange service includes requesting network file resources from the second end and uploading jpg files to the second end, it can be understood that the file exchange service includes a "request network file resources" transmission transaction and a "upload jpg file" transmission transaction. Then, the transmission transactions bound to the second preset string C corresponding to the first end 10 are the "request network file resources" transmission transaction and the "upload jpg file" transmission transaction. In other words, there is a correspondence between the preset string C corresponding to the first end 10 and the two transmission transactions, namely, the "request network file resources" transmission transaction and the "upload jpg file" transmission transaction.
在另一實例中,如參見圖4a,預置字符串也可以不具有隱藏相應端的地址信息作用,直接為相應端的地址信息(如IP地址)。比如,承接上述2)中例子,第一端10對應的第二預置字符串C也可指的是192.***.1.2:1。作為優選實例,本實施例優選選取預置字符串為隨機生成的隨機字符串,能用於隱藏相應端的地址信息。In another example, as shown in FIG. 4a , the preset string may not conceal the corresponding end's address information and may directly represent the corresponding end's address information (e.g., IP address). For example, continuing with the example in 2) above, the second preset string C corresponding to the first end 10 may also be 192.***.1.2:1. As a preferred example, this embodiment preferably selects a randomly generated preset string as the preset string, which can be used to conceal the corresponding end's address information.
綜上示例,將第一端對應的預置字符串稱為第二預置字符串。以第一端為例,則針對第一端,第二預置字符串的傳輸事務集合(或者說第二預置字符串與傳輸事務的對應關係),可參見如下表5示例: 表5 第二預置字符串的傳輸事務集合
這裡需要補充說明的是,為了便於相應傳輸事務屬性信息的查詢,上述表5示出的第二預置字符串的傳輸事務集合中還可包括傳輸事務的事務屬性標識,即第二預置字符串的傳輸事務集合中數據存儲格式可以為但不限於如下格式:It should be noted that, in order to facilitate the query of the corresponding transmission transaction attribute information, the transmission transaction set of the second preset string shown in Table 5 above may also include the transaction attribute identifier of the transmission transaction. That is, the data storage format in the transmission transaction set of the second preset string can be, but is not limited to, the following format:
[第二預置字符串:傳輸事務名稱(或事務種類):事務屬性標識][Second preset string: Transmission transaction name (or transaction type): Transaction attribute identifier]
通過此格式,能夠一起表徵出第二預置字符串與預置的事務種類的對應關係、以及事務種類與事務屬性標識的對應關係。This format can simultaneously express the correspondence between the second preset string and the preset transaction type, as well as the correspondence between the transaction type and the transaction attribute identifier.
3)預置字符串的通信配置集合,3) Communication configuration set of preset strings,
針對一預置字符串進行通信配置,所配置的信息包含但不限於:Configure communication for a preset string. The configured information includes but is not limited to:
①為預置字符串綁定的相應端的網絡接口號(若相應的端具有多網卡,可對多個網絡網卡的網絡接口號均進行綁定),用於向相應端的網絡接口建立物理通信連接。例如,承接上述2)的例子,為一個第二預置字符串C所綁定的網絡接口號可為第一端的網卡對應的網絡接口號。① The network interface number of the corresponding end bound to the preset string (if the corresponding end has multiple network cards, the network interface numbers of multiple network cards can be bound to each of them), used to establish a physical communication connection to the network interface of the corresponding end. For example, continuing with the example in 2) above, the network interface number bound to the second preset string C can be the network interface number corresponding to the network card of the first end.
②為預置字符串綁定的目標地址信息(例如域名或IP、端口號、MAC地址、主機名等),用於向對應的網絡目標進行數據交互。例如,仍繼續承接上述2)例子,為一個第二預置字符串C還可綁定第二端對應的IP地址、部署在第二端的目標網站的目標域名www.####.com,等等。② The target address information (e.g., domain name or IP address, port number, MAC address, host name, etc.) bound to the preset string is used to exchange data with the corresponding network target. For example, continuing with the example 2) above, a second preset string C can also be bound to the IP address corresponding to the second end, the target domain name of the target website deployed on the second end (www.####.com), and so on.
③為預置字符串綁定的設備端點號等,用於向連接的端(如客戶端或服務端)進行數據交互。例如,仍繼續承接上述2)中例子並參見圖4b,為一個第二預置字符串C可綁定第一控制設備31A的一個如OUT端點的端點號,如上述2)中所述例子中的端點號1。③ is a device endpoint number bound to a preset string, used for data exchange with a connected endpoint (e.g., a client or server). For example, continuing with the example in 2) above and referring to FIG4b , a second preset string C can be bound to an endpoint number, such as the OUT endpoint, of the first control device 31A, such as endpoint number 1 in the example in 2) above.
除了為預置字符串可綁定上述通信信息之外,還可綁定其他的信息,比如,通信能力信息(或叫數據傳輸方向控制能力信息(可簡稱數據傳輸方向控制信息))、預置字符串的字符串別稱信息、預置字符串備註信息。上述數據傳輸方向控制信息用於指示如下中的任一項:只允許控制設備向目標端(如第二端)轉發報文,禁止控制設備向目標端轉發報文,允許控制設備向目標端轉發報文以及允許控制設備對目標設備發送的報文進行轉發。上述預置字符串的字符串別稱信息,用於隱藏真實的預置字符串,可在對報文進行加密時使用。In addition to binding the aforementioned communication information to a preset string, other information can also be bound, such as communication capability information (or data transmission direction control capability information (abbreviated as data transmission direction control information)), a string alias for the preset string, and a preset string remark. The aforementioned data transmission direction control information is used to indicate any of the following: allowing the control device to forward messages only to the target end (e.g., the second end); prohibiting the control device from forwarding messages to the target end; allowing the control device to forward messages to the target end; and allowing the control device to forward messages sent by the target device. The aforementioned string alias for the preset string is used to conceal the actual preset string and can be used when encrypting messages.
以下是以第一端為客戶端、第二端為服務端為例,給出的第一端對應的第二預置字符串的通信配置信息示例(注:符號“//”後面的內容為相應配置項的解釋說明)。The following is an example of communication configuration information for the second preset string corresponding to the first end, taking the first end as the client and the second end as the server (Note: the content after the symbol "//" is an explanation of the corresponding configuration item).
示例11Example 11
"第二預置字符串備註":"客戶端單向上傳(上行)""Second preset string note": "Client-side one-way upload (uplink)"
"第二預置字符串":"0x0A" //實際中為隨機或特定規則生成的長字節字符串或二進制值"Second preset string": "0x0A" // In practice, it is a long byte string or binary value generated randomly or according to specific rules
"目標地址":"192.###.1.1:8000" //通信的目標IP地址和端口,如服務端的IP地址和端口號"Destination address": "192.###.1.1:8000" // The target IP address and port of communication, such as the IP address and port number of the server
"通信能力信息":"TX" //代表僅發送數據,換句話也就是說,僅允許客戶端連接的控制設備向服務端轉發(或說上傳)所接收到的第一端發送過來的數據,若服務端返回了相應的數據,客戶端連接的控制設備也不會將服務端返回的數據發送至客戶端。"Communication capability information": "TX" // represents sending data only. In other words, the control device connected to the client is only allowed to forward (or upload) the data received from the first end to the server. If the server returns the corresponding data, the control device connected to the client will not send the data returned by the server to the client.
"提交的參數":[{ "token":"Control****=###1" //客戶端連接的控制設備向服務端上傳的參數數據(可選),參數數據包括接收到的客戶端發送過來的數據+控制設備的一些數據 } ];"Submitted parameters": [{ "token":"Control****=###1" //Parameter data uploaded by the control device connected to the client to the server (optional). The parameter data includes the data sent by the client + some data of the control device } ];
"字符串別稱信息":["0x1A","0x2A","0x3A"] //第二預置字符串的別名,用於隱藏真實的0x0A字符串,客戶端或客戶端連接的控制設備發送的如0x1A等於0x0A"String alias information": ["0x1A", "0x2A", "0x3A"] // The alias of the second preset string is used to hide the real 0x0A string. The 0x1A sent by the client or the control device connected to the client is equal to 0x0A
示例12Example 12
"第二預置字符串備註":"客戶端單向下載(下行),即客戶端接收數據""Second preset string note": "Client-side unidirectional download (downlink), i.e., the client receives data"
"第二預置字符串":"0x0B""Second preset string": "0x0B"
"目標地址":"192.###.1.2:8001""Target address": "192.###.1.2:8001"
"通信能力信息":"RX" //代表僅接收數據(即為單向傳輸下載數據),客戶端連接的控制設備可通過預設請求方式和相關參數,定時向服務端請求數據,並將接收到的數據存在本地(如內存緩衝區或外存區)中等待客戶端進行請求數據,既使客戶端主動發送請求參數數據,客戶端連接的控制設備也不會將接收到的客戶端發送過來的請求參數數據轉發至服務端。也即,禁止客戶端連接的控制設備向服務端轉發所接收到的客戶端發送過的數據(如報文)。"Communication capability information": "RX" // Indicates receiving data only (i.e., one-way transmission and downloading data). The control device connected to the client can periodically request data from the server using the preset request method and related parameters, and store the received data locally (such as a memory buffer or external storage area) waiting for the client to request data. Even if the client actively sends the request parameter data, the control device connected to the client will not forward the request parameter data received from the client to the server. In other words, the control device connected to the client is prohibited from forwarding the data (such as messages) received from the client to the server.
"提交的參數":["Submitted parameters": [
{"token":"Control****= ###1",{"token":"Control****= ###1",
"query": "getDataID=1" //為預設的查詢參數,用於從服務端中獲取數據。由於使用單向傳輸下載數據時,客戶端是不能夠上傳數據的(包括查詢數據的參數)或者既使客戶端主動上傳了如查詢數據的參數,客戶端連接的控制設備也不會進行轉發至服務端,所以為了從服務端獲取到數據,會在客戶端連接的控制設備中預設相應的查詢參數,由客戶端連接的控制設備自動提交至服務端,這裡getDataID=1表示發送查詢getDataID參數值1的請求。"query": "getDataID=1" //This is the default query parameter used to obtain data from the server. When using one-way transmission to download data, the client cannot upload data (including query data parameters) or even if the client actively uploads parameters such as query data, the control device connected to the client will not forward it to the server. Therefore, in order to obtain data from the server, the corresponding query parameters will be preset in the control device connected to the client, and automatically submitted to the server by the control device connected to the client. Here, getDataID=1 means sending a request for the query parameter value 1.
"setTime":"1000" //自動提交查詢參數的時間,單位為毫秒 } ]"setTime": "1000" //Time to automatically submit query parameters, in milliseconds } ]
"字符串別稱信息":["0x1B","0x2B","0x3B"] //第二預置字符串的別名"String alias information": ["0x1B", "0x2B", "0x3B"] // Alias of the second preset string
示例13Example 13
"第二預置字符串備註":"客戶端雙向傳輸""Second preset string note": "Client two-way transmission"
"第二預置字符符":"0x0C""Second preset character": "0x0C"
"目標地址":"192.168.1.3:8002""Destination address":"192.168.1.3:8002"
"通信能力信息":"RXTX" //代表同時具備接收和發送數據,即:允許客戶端連接的控制設備向目標端(如服務端)轉發數據(或報文),以及允許客戶端連接的控制設備對接收到的目標端發送過來的數據進行轉發至客戶端。"Communication capability information": "RXTX" // Indicates the ability to both receive and send data, i.e., allowing the control device connected to the client to forward data (or messages) to the target end (such as the server), and allowing the control device connected to the client to forward the data received from the target end to the client.
"提交的參數":[{ "token":"Control****= ###1" //雙向傳輸、單向下載則可以沒有上述的query和setTime }]"Submitted parameters": [{ "token":"Control****= ###1" // For two-way transmission and one-way download, the above query and setTime can be omitted }]
"字符串別稱信息":["0x1C","0x2C","0x3C"]"String alias information": ["0x1C","0x2C","0x3C"]
三、數據傳輸安全控制信息,可包括但不限於如下內容項:3. Data transmission security control information may include, but is not limited to, the following:
1)為預置字符串綁定(或說關聯)的網絡通信的黑名單/白名單。例如,允許或阻止訪問的IP地址或端口號。1) Blacklist/whitelist of network communications that are bound (or associated) with a preset string, for example, IP addresses or port numbers that are allowed or blocked.
2)為預置字符串綁定的接口、端點號的黑名單/白名單。例如,在此預置字符串下,允許或阻止操作對應控制設備的IN端點、OUT端點或IN/OUT端點的端點號。2) A blacklist/whitelist of interfaces and endpoint numbers bound to a preset string. For example, under this preset string, operations on the corresponding control device's IN endpoint, OUT endpoint, or IN/OUT endpoint number are allowed or blocked.
3)為預置字符串綁定的傳輸事務的黑名單/白名單。例如,在此預置字符串下,允許或阻止特定的傳輸事務對應的數據交互。比如禁止文件類型為.exe的傳輸事務,或僅允許文件類型為DOC、XLS的傳輸事務等。3) Blacklist/whitelist transfer transactions bound to a preset string. For example, under this preset string, allow or block data interactions corresponding to specific transfer transactions. For example, prohibit transfer transactions of the .exe file type, or only allow transfer transactions of the DOC and XLS file types.
4)傳輸事務對應數據流在控制設備中進行備份的數據備份條件,比如“重要”、Excel文件等。4) Data backup conditions for backing up the data stream corresponding to the transmission transaction in the control device, such as "important" and Excel files.
5)允許/阻止傳輸的數據類型信息、傳輸的報文結構符合預設規則、傳輸的報文中包含的如傳輸事務屬性等符合預設、預置字符串符合預設等等。5) The data type information allowed/blocked for transmission, the structure of the transmitted message conforms to the default rules, the transmission transaction attributes contained in the transmitted message conform to the default, the preset string conforms to the default, etc.
這裡需要補充說明的是,上述所述的為第一端10預先創建的配置文件可以是任一種格式的文件,如JSON(JavaScriptObject Notation,JS 對象簡譜,一種輕量級的數據交換格式)、HSON、XML(Extensible Markup Language,可擴展標記語言)YAML(類似於標準通用標記語言的子集XML的數據描述語言)、二進制數據結構、PROPERTIES等文件;或可執行腳本等。本實施例對配置文件的格式不作限定。配置文件的生成可由具有管理權限的用戶借助於編輯軟件(如配置文件編輯器)採用靜態人工編輯的方式生成;或者,也可借助於相應的配置界面,通過點選等方式自動生成,此處不作限定。It should be noted that the configuration file pre-created for the first end 10 described above can be in any format, such as JSON (JavaScript Object Notation, a lightweight data exchange format), HSON, XML (Extensible Markup Language), YAML (a data description language similar to XML, a subset of Standard Generalized Markup Language), a binary data structure, PROPERTIES, or an executable script. This embodiment does not limit the format of the configuration file. The configuration file can be generated manually by a user with administrative privileges using editing software (such as a configuration file editor); alternatively, it can be automatically generated by clicking on a corresponding configuration interface, etc., without limitation here.
參見上文所述的為第一端20預先創建的配置文件,同理,也可為第二端預先創建相應的配置文件。具體為第二端預先創建的相關配置文件可包含的內容,可參見上述為第一端10預先創建的配置文件所包含的內容,此處不再作具體贅述。Referring to the configuration file pre-created for the first terminal 20 described above, a corresponding configuration file can also be pre-created for the second terminal. The specific content of the configuration file pre-created for the second terminal can be found in the configuration file pre-created for the first terminal 10, and will not be further detailed here.
以下是以第一端為客戶端、第二端為服務端為例,給出的第二端對應的第一預置字符串的通信配置信息示例(注:符號“//”後面的內容為相應配置項的解釋說明)。The following example shows the communication configuration information for the first preset string corresponding to the second end, assuming the first end is the client and the second end is the server. (Note: the content after the symbol “//” is an explanation of the corresponding configuration item.)
示例21Example 21
"第一預置字符串備註":"8000” //8000服務端單向發送(上行)數據"First preset string note": "8000" //8000 server sends one-way (uplink) data
"第一預置字符串":"0x0A" //注意:雖然這裡的服務端對應的第一預置字符串與上述給出的示例11中客戶端對應的第二預置字符串(包括字符串別稱信息)相同,但實際上不一樣,第一預置字符串只作用在服務端與其連接的控制設備通信中,第二預置字符串只作用在客戶端與其連接的控制設備的的通信中。由此,也就是說,第一預置字符串與第二預置字符串可以相同,也可以不同。"First preset string": "0x0A" // Note: Although the first preset string corresponding to the server here is the same as the second preset string corresponding to the client in Example 11 given above (including string alias information), they are actually different. The first preset string only applies to the communication between the server and the control device connected to it, and the second preset string only applies to the communication between the client and the control device connected to it. Therefore, in other words, the first preset string and the second preset string can be the same or different.
"監聽號":"8000" //服務端監聽的號(如為與其連接的控制設備對應的號),用於網絡服務"Monitoring Number": "8000" //The number that the server monitors (such as the number corresponding to the control device connected to it), used for network services
"通信能力信息":"TX"//代表僅發送數據"Communication capability information": "TX" // represents sending data only
"提交的參數": [ { "token":"Control****=###t2","Submitted parameters": [ { "token":"Control****=###t2",
"check": "getDataID=1" //服務端連接的控制設備用於核驗參數數據(可選),因為使用服務端單向上傳時,在客戶端連接後,服務端是不能接收數據的,所以服務端接收客戶端數據後的判斷邏輯預設在服務端連接的控制設備中,由其連接的控制設備判斷後,提取數據緩衝區的數據上傳給客戶端(緩衝區數據由服務端提前發送至其對應連接的控制設備),這裡為判斷getDataID是否等於1;也可以用於數據庫或緩衝區數據查詢的參數。 } ];"check": "getDataID=1" //The control device connected to the server is used to verify parameter data (optional). Because when using the server-side unilateral upload, the server cannot receive data after the client is connected. Therefore, the judgment logic after the server receives the client data is preset in the control device connected to the server. After the connected control device makes the judgment, it extracts the data in the data buffer and uploads it to the client (the buffer data is sent in advance by the server to its corresponding connected control device). Here, it is used to judge whether getDataID is equal to 1; it can also be used as a parameter for database or buffer data query. } ];
"字符字符串別稱信息":["0x1A","0x2A","0x3A"]"Character string alias information": ["0x1A","0x2A","0x3A"]
示例22Example 22
"第一預置字符串備註":"8001服務端單向接收(下行)""First preset string note": "8001 server one-way receiving (downlink)"
"第一預置字符":"0x0B""First preset character": "0x0B"
"監聽號":"8001""Monitoring number": "8001"
"通信能力信息":"RX" //代表僅接收數據"Communication capability information": "RX" // represents only receiving data
"提交的參數": [ { "token":"Control****=###2,"Submitted parameters": [ { "token":"Control****=###2,
"answer":"ACK" //服務端在接收到客戶端的數據後,自動回復的數據(可選)。因為使用服務端單向下載時,在客戶端連接後,服務端是不能發送數據的,所以將需要回復的數據進行預先設置在其連接的控制設備中。} ],"answer": "ACK" // The data that the server automatically responds to after receiving the data from the client (optional). Because the server cannot send data after the client is connected when using the server-side single download, the data that needs to be responded to is pre-set in the connected control device. } ],
"字符字符串別稱信息":["0x1B","0x2B","0x3B"]"Character string alias information": ["0x1B", "0x2B", "0x3B"]
示例23Example 23
"第一預置字符串備註":"8002服務端雙向傳輸""First preset string note": "8002 server two-way transmission"
"第一預置字符串":"0x0C""First preset string": "0x0C"
"監聽號":"8002""Monitoring number": "8002"
"通信能力信息":"RXTX" //代表同時具備接收和發送數據"Communication capability information": "RXTX" // represents the ability to receive and send data at the same time
"提交的參數":[ { "token":"Control****=###2" //由於服務端的上傳或下載取決與客戶端的連接,所以setTime自動發送在這裡是可選的 }"Submitted parameters": [ { "token":"Control****=###2" //Since the upload or download of the server depends on the connection with the client, the setTime automatic sending is optional here }
"字符字符串別稱信息":["0x1C","0x2C","0x3C"]"Character string alias information": ["0x1C", "0x2C", "0x3C"]
上述有關示例21至示例23中未詳盡的內容,可參見示例11至示例13中相應內容。另外,針對第一端10所預先配置的配置文件以及針對第二端所預先配置的配置文件,也可以整合到同一個配置文件中,此處不作限定。For details not detailed in Examples 21 to 23, please refer to the corresponding contents in Examples 11 to 13. In addition, the configuration file pre-configured for the first end 10 and the configuration file pre-configured for the second end can also be integrated into the same configuration file, which is not limited here.
配置文件創建完成後,可以通過以下三種方式下發給相應的控制設備。具體如下:After the configuration file is created, it can be distributed to the corresponding control device in the following three ways.
方式一、離線分發(人工拷貝)方式。具體地,可以將配置文件進行加密(存儲到如分發器(如類型於U盤的物理裝置)中,通過離線分發(人工拷貝)方式接入相應的控制設備以進行分發,其中。配置文件可以為第一端和第二端的配置文件集合,具體如可以為服務端和所有客戶端的配置文件集合。具體實施時,例如,可採用普通拷貝方式,分發器接入(即連接)相應的控制設備後,人工選擇對應的配置文件拷貝至相應的控制設備,如可以將上文所述的為第一端10配置的配置文件拷貝至第一端10連接的控制設備。再例如,可以通過分發器進行自動分發,具體地,如參見圖4b,當分發器(圖中未示出)接入到如第一端連接的第一控制設備31A時,分發器可以根據第一控制設備31A所發送的設備硬件特徵標識符(如設備ID)進行匹配,返回第一控制設備31A對應的配置文件(如針對第一端10預先創建的配置文件、以及針對第二端20預先創建的配置文件),第一控制設備31A在接收到對應的配置文件後,進行校驗和解密,確認真實有效後,對第一控制設備31A按照配置文件進行設置。有上,可以確保在配置文件生成後,在控制設備識別前,配置文件經過加密和證書簽名,無法被竊取和篡改,分發器的使用人也無法獲取配置文件信息,能保證配置文件安全性。Method 1: Offline distribution (manual copy) method. Specifically, the configuration file can be encrypted (stored in a distributor (such as a physical device of the type of a USB flash drive), and connected to the corresponding control device for distribution through offline distribution (manual copy), wherein. The configuration file can be a set of configuration files of the first end and the second end, specifically, it can be a set of configuration files of the service end and all clients. In specific implementation, for example, a common copy method can be adopted. After the distributor is connected (i.e., connected) to the corresponding control device, the corresponding configuration file is manually selected and copied to the corresponding control device, such as the configuration file configured for the first end 10 as described above can be copied to the control device connected to the first end 10. For another example, automatic distribution can be performed through the distributor. Specifically, as shown in FIG4b, when the distributor (not shown in the figure) is connected When a first control device 31A, such as the one connected to the first end, is input, the distributor can match the hardware identifier (e.g., device ID) sent by the first control device 31A and return the corresponding configuration file (e.g., the configuration file pre-created for the first end 10 and the configuration file pre-created for the second end 20) to the first control device 31A. After receiving the corresponding configuration file, the first control device 31A verifies and decrypts it, confirms its authenticity and validity, and then configures the first control device 31A according to the configuration file. This ensures that after the configuration file is generated and before it is recognized by the control device, it is encrypted and signed with a certificate, making it impossible to be stolen or tampered with. Users of the distributor cannot also obtain the configuration file information, thus ensuring the security of the configuration file.
方式二、網絡分發。可以將配置文件進行加密存儲到配置服務器(如TFTP(Trivial File Transfer Protocol)服務器,為文件下載服務器),利用原有的網絡配置或者建立第二網絡物理接口(安全控制網絡),對配置文件進行加密分發。具體地,在一實例中,可採用全量分發的網絡分發方式,比如,接收到第一端連接的控制設備發送的一次配置數據請求參數後,配置服務器可以將一次性地將所有相應的配置文件發送給第一端連接的控制設備。在另一實例中,可採用按需分發的網絡分發方式,即通過網絡方式,可根據接收到的相應的控制設備發送的請求參數,實時下發需要的配置數據,比如相應配置文件中的如第一校驗值和第二校驗值等連接校驗信息、登錄憑證等重要數據。Method 2: Network distribution. Configuration files can be encrypted and stored on a configuration server (such as a TFTP (Trivial File Transfer Protocol) server, a file download server). This encrypted configuration file can be distributed using the existing network configuration or by establishing a second network physical interface (a secure control network). Specifically, in one example, a full network distribution method can be employed. For example, upon receiving a configuration data request parameter from a first-connected control device, the configuration server can send all corresponding configuration files to the first-connected control device at once. In another example, an on-demand network distribution method can be adopted, that is, through the network, the required configuration data can be distributed in real time according to the request parameters sent by the corresponding control device, such as the connection verification information such as the first verification value and the second verification value in the corresponding configuration file, login credentials and other important data.
方式三、其他方式的無線分發。由分發終端或者控制設備對配置數據進行加密,基於藍牙、LORA、wifi等無線信號進行共享配置數據。Method 3: Other wireless distribution methods: The distribution terminal or control device encrypts the configuration data and shares the configuration data based on wireless signals such as Bluetooth, LoRa, and WiFi.
進一步地,控制設備可以將配置文件中的部分配置數據同步至相應連接的端。例如,參見圖4b,以第一端10為客戶端為例,客戶端連接的第一控制設備31A根據相應配置文件完成配置後,當客戶端請求更新配置狀態時,第一控制設備31A可以將客戶端名稱、客戶端對應的預置字符串和訪問憑證(如2048字節的隨機數)、客戶端對應的預置字符串、預置字符串、事務屬性名稱(或事務種類)及事務屬性標識三者的對應關係等發送至客戶端,以便客戶端在其上安裝的設備驅動(為第一控制設備31A的設備驅動,可參見圖6a)中進行註冊,後續其上應用通過設備驅動的API(Application Programming Interface,應用程序編程接口)接口實現調用。訪問憑證可以有多個(例如憑證1用於數據加密解密,憑證2用於通信驗證),例如,用於後續客戶端與第一控制設備31A通信的密碼,憑證由設備驅動進行記錄並在第一控制設備發送、接收數據時進行加密或解密,也防止其他應用繞過設備驅動向第一控制設備31A發送或接收數據。Furthermore, the control device can synchronize some configuration data in the configuration file to the corresponding connected end. For example, referring to FIG4b, taking the first end 10 as the client, after the first control device 31A connected to the client completes configuration according to the corresponding configuration file, when the client requests to update the configuration status, the first control device 31A can send the client name, the preset string corresponding to the client and the access credential (such as a 2048-byte random number), the preset string corresponding to the client, the correspondence between the preset string, the transaction attribute name (or transaction type) and the transaction attribute identifier to the client, so that the client can register in the device driver installed on it (the device driver of the first control device 31A, see FIG6a), and subsequently the application on it can call it through the API (Application Programming Interface) interface of the device driver. There can be multiple access credentials (for example, credential 1 is used for data encryption and decryption, and credential 2 is used for communication authentication). For example, a password is used for subsequent communication between the client and the first control device 31A. The credentials are recorded by the device driver and used to encrypt or decrypt data when the first control device sends or receives data, preventing other applications from bypassing the device driver to send or receive data to the first control device 31A.
完成上述所述的配置文件下發後,控制設備與相應的端便可基於自身存儲的配置數據(如配置文件數據)進行建立通信連接。After the configuration file described above is issued, the control device and the corresponding end can establish a communication connection based on the configuration data stored in themselves (such as the configuration file data).
例1,繼續參見圖4b,假設第一端10通過USB接口與第一控制設備31A連接,第一端10與第一控制設備31A間為主從模式,即第一端10為主機、第二控制設備31為從機,則參見圖10示出的控制設備與相應端建立通信連接的原理性示意圖,第一控制設備31A與第一端10建立通信連接(或說第一控制設備31A接入第一端10)的具體過程可以如下:Example 1, continuing with FIG4b , assumes that the first terminal 10 is connected to the first control device 31A via a USB interface, and that a master-slave mode is employed between the first terminal 10 and the first control device 31A, i.e., the first terminal 10 is the master and the second control device 31 is the slave. Referring to FIG10 , which illustrates a schematic diagram of the principle of establishing a communication connection between the control devices and the corresponding terminals, the specific process for establishing a communication connection between the first control device 31A and the first terminal 10 (or, in other words, for the first control device 31A to connect to the first terminal 10) can be as follows:
當第一控制設備31A(從機)通電啟動後,會先讀取建立連接所使用的相關配置數據(為上文所述的設備接入配置信息),比如,描述符集合(如第一控制設備的設備描述符、配置描述符、端點描述符、字符串描述符等)、端點啟用信息(如設置使用6個端點,即端點1至端點6,其中,比如6個端點可均為單向端點(如端點1至端點3為OUT端點、端點4至端點6為NI端點),或者比如6組端點均為雙向端點(即為IN/OUT端點))、相關的校驗信息(比如連接校驗信息(如第一校驗值、第二校驗值)、設備驅動的驗證信息(如設備驅動的賬號、密碼等)、第一端對應用戶的用戶賬號、密碼等);When the first control device 31A (slave) is powered on and started, it first reads the relevant configuration data used to establish the connection (the device access configuration information described above), such as a descriptor set (such as the device descriptor, configuration descriptor, endpoint descriptor, and string descriptor of the first control device), endpoint activation information (such as setting up the use of six endpoints, namely endpoints 1 to endpoint 6, where, for example, all six endpoints can be unidirectional endpoints (such as endpoints 1 to endpoint 3 are OUT endpoints and endpoints 4 to endpoint 6 are NI endpoints), or all six endpoint groups can be bidirectional endpoints (i.e., IN/OUT endpoints)), relevant verification information (such as connection verification information (such as the first verification value and the second verification value), device driver authentication information (such as the device driver account and password), and the user account and password of the user corresponding to the first endpoint).
相關配置數據讀取完成後,第一控制設備31A向第一端10(主機)發起可以開始枚舉的信號,進入USB協議規則的標準請求的枚舉流程。具體地,標準請求的枚舉流程包括如下步驟:After reading the relevant configuration data, the first control device 31A sends a signal to the first terminal 10 (host) to start enumeration, entering the standard request enumeration process of the USB protocol rules. Specifically, the standard request enumeration process includes the following steps:
步驟11、第一端10(主機)向第一控制設備31A(從機)發送獲取設備描述符指令,相應地,第一控制設備31A向第一端10返回相應的設備描述符(如第一控制設備31A的ID、廠商ID等);Step 11: The first end 10 (host) sends a command to obtain a device descriptor to the first control device 31A (slave). In response, the first control device 31A returns a corresponding device descriptor (e.g., the ID and manufacturer ID of the first control device 31A) to the first end 10.
步驟12、第一端10向第一控制設備31A發送設置地址指令,該設置地址指令中攜帶有相應的地址;第一控制設備31A響應於設置地址指令,按照相應的地址進行設置;Step 12: The first terminal 10 sends a set address instruction to the first control device 31A, wherein the set address instruction carries a corresponding address; the first control device 31A responds to the set address instruction and performs settings according to the corresponding address;
步驟13、第一端10再次發送獲取設備描述符的指令;相應地,第一控制設備31A向第一端10返回設備描述符;Step 13: The first terminal 10 again sends a command to obtain a device descriptor; accordingly, the first control device 31A returns the device descriptor to the first terminal 10.
步驟14、第一端10向第一控制設備31A發送獲取配置描述符指令;相應地,第一端響應於該獲取配置描述符指令,向第一端10返回配置描述符;Step 14: The first terminal 10 sends a command to obtain a configuration descriptor to the first control device 31A; in response, the first terminal returns a configuration descriptor to the first terminal 10 in response to the command.
步驟15、第一端10向第一控制設備31A發送獲取字符串描述符指令;相應地,第一端響應於該獲取字符串描述符指令,向第一端10返回字符串描述符;Step 15: The first terminal 10 sends a command to obtain a string descriptor to the first control device 31A; accordingly, the first terminal returns a string descriptor to the first terminal 10 in response to the command.
步驟16、第一端10向第一控制設備31A發送相關的設置指令;相應地,第一控制設備響應於設置指令,進行設置,啟動傳輸端點。Step 16: The first terminal 10 sends a related configuration instruction to the first control device 31A. Accordingly, the first control device responds to the configuration instruction, performs configuration, and activates the transmission endpoint.
這裡需要補充說明的是,上述標準請求的枚舉流程中枚舉順序也可以不按上述所述的步驟11至步驟15中的順序進行,根據第一端的操作系統的不限,順序可改變,比如可改變步驟13至步驟15的順序。有關返回的設備描述符、配置描述符、字符串描述符等的具體介紹,可參見上文相關內容。It should be noted that the enumeration order in the standard request enumeration process described above does not need to follow the order of steps 11 to 15 described above. Depending on the operating system of the first end, the order can be changed, for example, the order of steps 13 to 15 can be changed. For a detailed description of the returned device descriptors, configuration descriptors, string descriptors, etc., please refer to the relevant content above.
標準請求的枚舉流程完成後,進一步地會進入針對第一控制設備進入特殊請求的枚舉流程,特殊請求的枚舉流程可包括如下步驟:After the standard request enumeration process is completed, the enumeration process for the special request for the first control device will be further entered. The enumeration process for the special request may include the following steps:
步驟21、第一端10(主機)向第一控制設備31A(從機)發送校驗指令(攜帶有如第一校驗值);相應的,第一控制設備31A向第一端10返回第二校驗值;Step 21: The first terminal 10 (master) sends a verification command (including a first verification value) to the first control device 31A (slave). In response, the first control device 31A returns a second verification value to the first terminal 10.
步驟22、第一端10向第一控制設備31A發送設備驅動的賬號、密碼;相應的,第一控制設備31A向第一端10返回校驗成功或失敗的編碼;Step 22: The first terminal 10 sends the device driver account number and password to the first control device 31A. In response, the first control device 31A returns a verification success or failure code to the first terminal 10.
步驟23、第一端10對上述步驟22中第一控制設備31A返回的結果進行判斷,若符合特定結果(如校驗成功),則認為枚舉成功,進入待機狀態,等待與第一端10進行數據交互;In step 23, the first terminal 10 evaluates the result returned by the first control device 31A in step 22. If the result meets a specific requirement (e.g., verification success), the first terminal 10 considers the enumeration successful and enters a standby state, waiting for data exchange with the first terminal 10.
步驟24、第一端10發送測試數據包或者心跳包,例如TEST字符串或者二進制數據;相應的,第一控制設備31A向第一端10返回正常;Step 24: The first terminal 10 sends a test data packet or a heartbeat packet, such as a TEST string or binary data; in response, the first control device 31A returns a normal state to the first terminal 10;
步驟25、第一端10向第一控制設備31A發送用戶輸入的用戶賬號、密碼;相應的,第一控制設備31A向第一端10返回校驗成功或失敗的編碼。In step 25, the first terminal 10 sends the user's account number and password entered by the user to the first control device 31A. Correspondingly, the first control device 31A returns a code indicating verification success or failure to the first terminal 10.
這裡需要補充說明的是,上述第一控制設備31A接收到第一端10發送的設備驅動的賬號、密碼以及用戶輸入的用戶賬號、密碼等,第一控制設備31A可以在本地根據預置信息進行校驗,或者也可以利用遠程服務端進行校驗,此處不作限定。It should be noted that the first control device 31A receives the device-driven account and password sent by the first end 10, as well as the user account and password entered by the user. The first control device 31A can verify the information locally based on preset information, or it can use a remote server to perform verification, which is not limited here.
進一步地,第一控制設備31A可以根據校驗結果以及第一端10發送的指令,判斷第一端是否枚舉成功。例如,在第一控制設備31A完成上述步驟25中的校驗後,第一端10在待機狀態時會一直定期發送心跳包,查詢第一控制設備31A是否準備進行數據交互,若第一控制設備31A接收到心跳包,可認為第一端10枚舉成功。Furthermore, the first control device 31A can determine whether the first end has been successfully enumerated based on the verification results and the command sent by the first end 10. For example, after the first control device 31A completes the verification in step 25, the first end 10 will periodically send heartbeat packets while in standby mode to check whether the first control device 31A is ready to exchange data. If the first control device 31A receives the heartbeat packets, it can be considered that the first end 10 has been successfully enumerated.
再進一步地,第一控制設備31A還可以向第二端20(如服務端)發送第一端10枚舉成功(或失敗)的信號,以將第一端10可以進行數據交互的消息告知第二端20。Furthermore, the first control device 31A can also send a signal to the second end 20 (such as the server end) indicating that the first end 10 has successfully (or failed to) enumerate, so as to inform the second end 20 that the first end 10 can perform data interaction.
有上內容,若第一端10與第一控制設備31A間成功建立通信連接,則進入數據交互(也即數據傳輸)流程,即進入等待數據交互狀態。其中,數據交互過程中,通過令牌包(如OUT令牌包、IN令牌包)指示數據傳輸。有關令牌包的相關介紹,可參見下文相關內容。As described above, if a communication connection is successfully established between the first terminal 10 and the first control device 31A, the data exchange (i.e., data transmission) process begins, i.e., the waiting state for data exchange begins. During this data exchange process, data transmission is indicated by token packets (e.g., OUT token packets and IN token packets). For more information about token packets, please refer to the relevant content below.
對於第一端10通過其他類型的接口與第一控制設備31A建立通信連接的具體實現,與上述通過USB接口與第一控制設備建立通信連接類似,不同之處於:通過如藍牙接口(或TCP/IP協議)、PCIE接口或SATA接口等其他類型的接口,與第一控制設備建立通信連接時,需將圖10中示出的USB協議標準請求的枚舉流程,替換為相應類型接口的接口協議規則的標準通訊握手流程。The specific implementation of establishing a communication connection between the first end 10 and the first control device 31A through other types of interfaces is similar to the above-mentioned establishment of a communication connection with the first control device through the USB interface, except that: when establishing a communication connection with the first control device through other types of interfaces such as a Bluetooth interface (or TCP/IP protocol), a PCIE interface, or a SATA interface, the enumeration process of the USB protocol standard request shown in Figure 10 needs to be replaced with the standard communication handshake process of the interface protocol rules of the corresponding type of interface.
例2,繼續參見圖4b,假設第一端10通過藍牙接口與第一控制設備31A建立通信連接,則通信連接的建立流程可以如下:第一端10可先讀取建立連接所需使用的相關配置數據,比如配對連接參數。配對連接參數可包含第一控制設備31A的藍牙相關參數,如藍牙設備名稱(第一控制設備的設備名稱)、Mac地址、配對校驗信息(如預先配置的配對密碼憑證,可為上述所述的校驗值(第一校驗值、第二校驗值))等;然後,按照藍牙協議的標準通信握手流程,開始根據配對連接參數(具體地如藍牙設備名稱、Mac地址),自動掃描第一控制設備;在掃描到第一控制設備時,可將如第一校驗值發送至第一控制設備進行配對校驗,並根據第一控制設備返回的反饋信息確定校驗通過的情況下,認為配對成功,與第一控制設備成功建立通信鏈路。Example 2, continuing with FIG4b, assumes that the first end 10 establishes a communication connection with the first control device 31A via a Bluetooth interface. The process of establishing the communication connection may be as follows: the first end 10 may first read the relevant configuration data required to establish the connection, such as pairing connection parameters. The pairing connection parameters may include Bluetooth-related parameters of the first control device 31A, such as the Bluetooth device name (device name of the first control device), Mac address, pairing verification information (such as a pre-configured pairing password certificate, which may be the verification values (first verification value, second verification value) mentioned above), etc.; then, according to the standard communication handshake process of the Bluetooth protocol, it begins to automatically scan the first control device based on the pairing connection parameters (specifically, such as the Bluetooth device name and Mac address); when the first control device is scanned, the first verification value may be sent to the first control device for pairing verification, and if the verification is confirmed to be passed based on the feedback information returned by the first control device, it is considered that the pairing is successful and a communication link is successfully established with the first control device.
上述例1和例2均是從第一控制設備31A為第一端10的外部設備角度介紹說明,二者建立通信連接實現的。若第一控制設備31A為第一端10的內部設備,舉一例3:假設第一端10通過PCIE接口與第一控制設備31A連接,則二者之間建立通信連接的實現過程可以如下:第一端10根據讀取到的預先配置的如第一控制設備的PCIE接口的特徵參數,如VID(Vendor Identification,供應商標識符),掃描第一控制設備;並在掃描到第一控制設備後,可以根據讀取到的預先配置的連接校驗信息(如密碼憑證),與第一控制設備進行連接校驗。校驗通過後,與第一控制設備成功建立通信鏈路。Examples 1 and 2 above illustrate establishing a communication link between first control device 31A and first end 10, assuming that first control device 31A is an external device. For example, if first end 10 is internal to first end 10, as in Example 3, assuming that first end 10 is connected to first control device 31A via a PCIE interface, establishing a communication link between the two can proceed as follows: First end 10 scans for the first control device based on pre-configured parameters of the first control device's PCIE interface, such as the VID (Vendor Identification). After scanning the first control device, first end 10 performs a connection verification with the first control device based on pre-configured connection verification information (e.g., a password). If verification is successful, a communication link is successfully established with the first control device.
有關第一控制設備31A與第二端20建立通信連接的具體實現,可適應性參見上述所,介紹的第一端10與第一控制設備31A通信連接的建立過程。Regarding the specific implementation of establishing the communication connection between the first control device 31A and the second end 20, please refer to the above-mentioned process of establishing the communication connection between the first end 10 and the first control device 31A.
綜上內容,在本實施例提供的系統還包括第一控制設備31A、且第一端控制31為第一端10的外部設備的情況下,In summary, in the case where the system provided in this embodiment further includes a first control device 31A, and the first end control 31 is an external device of the first end 10,
若第一端10通過第一通信方式與第一控制設備通信,第一通信方式為使用的是以信令指示傳輸的外部有線通信協議(如USB協議,信令為令牌包),則If the first terminal 10 communicates with the first control device via a first communication method, where the first communication method uses an external wired communication protocol (such as a USB protocol, where the signaling is a token packet) that is transmitted using signaling instructions, then
第一端10還可用於:在需與所述第一控制設備31A建立通信連接時,向所述第一控制設備發送連接校驗信息,所述連接校驗信息包括如下中的至少一項信息:攜帶有校驗值的校驗指令、與第一控制設備的設備驅動相關的驗證數據;The first terminal 10 may also be configured to: when establishing a communication connection with the first control device 31A, send connection verification information to the first control device 31A, the connection verification information including at least one of the following: a verification instruction including a verification value, and verification data related to a device driver of the first control device;
所述第一控制設備31A,用於針對所述連接校驗信息,向所述第一端反饋相應的校驗結果;The first control device 31A is configured to feed back a corresponding verification result to the first end in response to the connection verification information;
所述第一端10,還用於根據所述校驗結果,確定與所述第一控制設備是否建立通信鏈路。The first end 10 is further used to determine whether to establish a communication link with the first control device based on the verification result.
具體實施例,校驗指令中攜帶的校驗值可以為如上文所述的第一校驗值(或第二校驗值)、設備驅動相關的驗證數據如為設備驅動的賬號、密碼等。有關第一端10與第一控制設備建立通信連接的具體實現,可參見上文描述的與例1相關的內容。In a specific embodiment, the verification value carried in the verification command can be the first verification value (or second verification value) described above, or verification data related to the device driver, such as the device driver account number and password. For details on how to establish a communication connection between the first terminal 10 and the first control device, please refer to the description related to Example 1 above.
通信鏈路建立成功後,第一端10利用與第一控制設備31A間建立的通信鏈路,通過第一控制設備31A可將生成的待發送的第一報文發送至第一端10。基於此,在該情況下,上述第一端10,在用於將所述第一報文發送至所述第二端20時,具體可用於:獲取第一信令,所述第一信令用於指示所述第一控制設備接收報文;通過與所述第一控制設備間的通信鏈路,將所述第一信令和所述第一報文發送至所述第一控制設備;After the communication link is successfully established, the first end 10 utilizes the communication link established with the first control device 31A to send the generated first message to the first end 10 via the first control device 31A. Therefore, in this case, when the first end 10 is used to send the first message to the second end 20, it can specifically be used to: obtain a first signaling instruction instructing the first control device to receive the message; send the first signaling instruction and the first message to the first control device via the communication link with the first control device;
相應地,所述第一控制設備31A,用於響應於所述第一信令,接收所述第一報文;將所述第一報文發送至所述第二端。Correspondingly, the first control device 31A is configured to respond to the first signaling, receive the first message, and send the first message to the second end.
具體實施時,信令是第一端10發起的,用於通知第一控制設備31A接下來要做什麼工作,比如接下來要發送報文或接收報文等。信令的類型與第一端10與第一控制設備31A間採用的通信協議有關,例如,若為USB協議,則信令的形式為令牌包(由主機(如第一端)發出,用於開啟一段USB傳輸),相應在此示例下,上述第一信令可為OUT令牌包(也叫OUT輸出數據包),OUT令牌包用於用來通知第一控制設備31A,第一端10要給其發送一個數據包,準備接收。第一端10在需向第一控制設備31A發送相應的OUT令牌包和相應所述第一報文時,可以先基於預置的第二預置字符串與傳輸事務的對應關係(如參見表5),確定與第一數據流所屬傳輸事務存在對應關係的第二預置字符串;然後,根據第二預置字符串關聯的關聯信息,確定為所述第二預置字符綁定的第一控制設備31A的端點號;最後,按照確定出的端點號,將OUT令牌包和相應所述第一報文發送至第一控制設備31A相應的端點,比如,承接上文在描述第一端10與第一控制設備31A建立通信連接時,給出的第一控制設備31A的端點啟用信息示例,確定出的端點比如可以為端點1(為OUT端點或IN/OUT端點),第一控制設備31A通過對如端點1的監聽,可實現獲取達到端點1處的OUT令牌包、第一報文等數據,並響應於獲取到的OUT令牌包,執行將第一報文轉發至第二端的操作。In practice, signaling is initiated by the first terminal 10 to notify the first control device 31A of the next task, such as sending or receiving a message. The type of signaling depends on the communication protocol used between the first terminal 10 and the first control device 31A. For example, if the USB protocol is used, the signaling takes the form of a token packet (sent by the host (e.g., the first terminal) to initiate a USB transmission). Accordingly, in this example, the first signaling may be an OUT token packet (also called an OUT data packet), which notifies the first control device 31A that the first terminal 10 is about to send a data packet and is ready to receive it. When the first terminal 10 needs to send the corresponding OUT token packet and the corresponding first message to the first control device 31A, it can first determine the second preset character string that corresponds to the transmission transaction to which the first data stream belongs based on the preset correspondence between the second preset character string and the transmission transaction (such as referring to Table 5); then, based on the association information associated with the second preset character string, determine the endpoint number of the first control device 31A bound to the second preset character string; finally, according to the determined endpoint number, send the OUT token packet and the corresponding first message to The endpoint corresponding to the first control device 31A, for example, following the example of endpoint activation information of the first control device 31A given above when describing the establishment of a communication connection between the first terminal 10 and the first control device 31A, the determined endpoint can be, for example, endpoint 1 (an OUT endpoint or an IN/OUT endpoint). By monitoring endpoint 1, the first control device 31A can obtain data such as the OUT token packet and the first message that reach endpoint 1, and in response to the obtained OUT token packet, execute the operation of forwarding the first message to the second terminal.
若所述第一端通過第二通信方式與所述第一控制設備進行通信,所述第二通信方式使用的是配對連接的無線通信協議(如藍牙協議),則If the first end communicates with the first control device via a second communication method, and the second communication method uses a wireless communication protocol for paired connection (such as the Bluetooth protocol), then
第一端10還可用於:在需與所述第一控制設備建立通信連接時,根據預置的控制設備配對連接參數,查找所述第一控制設備;查找到所述第一控制設備時,與所述第一控制設備進行配對校驗;配對校驗通過後,與所述第一控制設備建立通信鏈路。有關此情況下第一端10建立與第一控制設備的通信鏈路具體實現,可參見上文與例2相關內容。The first terminal 10 can also be configured to: when establishing a communication connection with the first control device, locate the first control device according to preset control device pairing parameters; upon locating the first control device, perform a pairing verification with the first control device; and, after the pairing verification passes, establish a communication link with the first control device. For details on how the first terminal 10 establishes a communication link with the first control device in this case, please refer to the above description related to Example 2.
同上相應地,第一端10可利用與第一控制設備31A間建立的通信鏈路,通過第一控制設備31A可將生成的待發送的第一報文發送至第一端10。有關發送的具體實現,可參上述描述的第一端10通過第一通信方式與第一控制設備通信中的相關內容。Correspondingly, the first terminal 10 can utilize the communication link established with the first control device 31A to transmit the generated first message to be transmitted to the first terminal 10 via the first control device 31A. For details on the specific implementation of the transmission, please refer to the above description of the first terminal 10 communicating with the first control device via the first communication method.
在本實施例提供的系統還包括第一控制設備31A、且第一端控制31為第一端10的內部設備的情況下,則In the case where the system provided in this embodiment further includes a first control device 31A, and the first end control 31 is an internal device of the first end 10, then
第一端10通過第三通信方式與第一控制設備31A通信,第三通信方式使用的是內部有線通信協議(如PCIE接口對應的PCIE協議);以及,此情況下,The first terminal 10 communicates with the first control device 31A via a third communication method, wherein the third communication method uses an internal wired communication protocol (such as a PCIE protocol corresponding to a PCIE interface); and, in this case,
第一端10,還可用於:在需與所述第一控制設備建立通信連接時,根據預置的控制設備特徵信息,掃描所述第一控制設備;並在掃描到所述第一控制設備時,與所述第一控制設備建立通信鏈路。有關此情況下第一端建立與第一控制設備的通信鏈路具體實現,可參見上文例3相關內容。The first terminal 10 can also be configured to: scan the first control device based on preset control device characteristic information when establishing a communication connection with the first control device; and upon detecting the first control device, establish a communication link with the first control device. For details on how the first terminal establishes a communication link with the first control device in this case, please refer to Example 3 above.
同上相應地,第一端10可利用與第一控制設備31A間建立的通信鏈路,通過第一控制設備31A可將生成的待發送的第一報文發送至第一端10。有關發送的具體實現,可參上述描述的第一端10通過第一通信方式與第一控制設備通信中的相關內容。Correspondingly, the first terminal 10 can utilize the communication link established with the first control device 31A to transmit the generated first message to be transmitted to the first terminal 10 via the first control device 31A. For details on the specific implementation of the transmission, please refer to the above description of the first terminal 10 communicating with the first control device via the first communication method.
為保證數據安全性,上述第一控制設備31A針對接收到第一報文,執行轉發至第二端20之前,可利用所存儲的相應配置文件(為上文所述的針對第一端10創建的配置文件)中的數據傳輸安全控制信息,對第一報文進行校驗,校驗通過後在執行第一報文轉發操作。基於此,上述第一控制設備31A,還可用於執行如下步驟:To ensure data security, the first control device 31A may verify the received first message using the data transmission security control information in the corresponding configuration file (the configuration file created for the first terminal 10 described above) before forwarding it to the second terminal 20. If the verification is successful, the first message forwarding operation is performed. Based on this, the first control device 31A may also be configured to perform the following steps:
S11、獲取預設的數據傳輸安全控制信息;S11. Obtaining preset data transmission security control information;
S12、根據所述數據傳輸安全控制信息,對所述第一報文進行校驗;S12. Verifying the first message according to the data transmission security control information;
S13、若校驗通過,則觸發所述將所述第一報文發送至所述第二端20的操作;S13. If the verification passes, triggering the operation of sending the first message to the second terminal 20;
S14、若校驗未通過,則對所述第一報文不予進行發送處理,或輸出詢問信息以詢問用戶是否允許對所述第一報文進行傳輸。S14. If the verification fails, the first message is not sent or a query message is output to inquire the user whether to allow the first message to be transmitted.
有關上述S11中的數據傳輸安全控制信息可包括的具體內容,可參見上文相關內容。For the specific content that the data transmission security control information in S11 may include, please refer to the relevant content above.
上述S12中,根據數據傳輸安全控制信息,可以校驗但不限於如下中至少一項內容:In the above S12, based on the data transmission security control information, at least one of the following items may be verified but is not limited to:
發送第一報文的端點(如上述示例中所述的端點1)是否符合第一端10對應的第一預置字符串的預設要求,比如,端點1的端點號是否在第一預置字符串綁定的端點號白名單內,若在,則判定符合預設規則,反之若不在,則不符合預設規則。Whether the endpoint sending the first message (such as endpoint 1 in the above example) meets the preset requirements of the first preset string corresponding to the first endpoint 10, for example, whether the endpoint number of endpoint 1 is on the whitelist of endpoint numbers bound to the first preset string. If so, it is determined that the preset rules are met; otherwise, it is determined that the preset rules are not met.
第一報文的結構格式是否符合要求。如報文頭、數據頭等格式是否符合預設格式要求。Check whether the structure and format of the first message meet the requirements. For example, check whether the message header and data header meet the default format requirements.
第一報文中的內容是否符合要求。比如,報文頭中包含的第一端10對應的第二預置字符串及第二端20對應的第一預置字符串(可從第一數據流對應第一傳輸事務的傳輸事務屬性信息中獲取到),是否符合預設要求。示例性地,如在預設的相應預置字符串集合是否包含第二預置字符串、第一預置字符串,若包含,則說明第一預置字符串及第二預置字符串為已註冊的預置字符串,符合預設要求;反之若不包含,則說明第一預置字符串及第二預置字符串為未註冊的預置字符串,不符合預設要求。再比如,報文頭中包含的事務唯一標識是否符合預設要求,如預置的相應傳輸事務屬性信息集合中是否包含報文頭中的事務唯一標識,若包含,則說明報文頭中的事務唯一標識已註冊,符合要求;反之若不包含,則報文頭中包含的事務唯一標識為未註冊,不符合要求。又比如,報文中的數據是否為相應傳輸事務屬性限定的數據類型,示例性地,如若第一數據流對應傳輸事務為「請求網絡資源」傳輸事務,則確定報文中的數據前3個字節是否為「請求網絡資源」傳輸事務的傳輸事務屬性信息中限定的GET等。Whether the content of the first message meets the requirements. For example, whether the second preset string corresponding to the first end 10 and the first preset string corresponding to the second end 20 contained in the message header (which can be obtained from the transmission transaction attribute information of the first transmission transaction corresponding to the first data stream) meet the preset requirements. For example, if the preset corresponding preset string set contains the second preset string and the first preset string, if so, it means that the first preset string and the second preset string are registered preset strings and meet the preset requirements; otherwise, it means that the first preset string and the second preset string are unregistered preset strings and do not meet the preset requirements. Another example is whether the transaction unique identifier contained in the message header meets preset requirements, such as whether the transaction unique identifier in the message header is included in the preset corresponding transmission transaction attribute information set. If it is included, it indicates that the transaction unique identifier in the message header is registered and meets the requirements; otherwise, if it is not included, the transaction unique identifier contained in the message header is unregistered and does not meet the requirements. Another example is whether the data in the message is of the data type specified by the corresponding transmission transaction attributes. For example, if the transmission transaction corresponding to the first data stream is a "Request Network Resource" transmission transaction, then it is determined whether the first three bytes of the data in the message are GET, as defined in the transmission transaction attribute information of the "Request Network Resource" transmission transaction.
這裡需要補充說明的是:本申請上下文各實施例中所涉及的傳輸事務,實質上也可理解為一種針對數據的穿透指示。比如,傳輸事務的傳輸事務屬性信息中包含的傳輸屬性名稱,事務使用角色、事務屬性類型信息等,傳輸屬性名稱可透傳出允許傳輸的數據類型、事務使用角色則可透傳出允許使用此傳輸事務的創建端的身份信息(如允許服務端創建、或允許客戶端創建),事務屬性類型信息則可透傳出允許數據傳輸的方向、允許傳輸數據時使用的數據頭、允許傳輸的數據類型等等。上述所描述的傳輸事務對數據的透傳指示,換一種簡單易理解表述,也即為傳輸事務的具體功能。由此,基於上述傳輸事務對數據的穿透指示,本申請上下文各實施例中所涉及的對第一報文的校驗,比如,上述所述的第一控制設備(或上下中所述的第二控制設備、第一控制模塊、第二控制模塊、中間網絡設備等)對第一報文的校驗,從傳輸事務的角度來說,校驗可包括但不限於如下幾項:It should be noted that the transmission transactions involved in the various embodiments in the context of this application can actually be understood as a kind of penetration indication for data. For example, the transmission transaction attribute information of the transmission transaction includes the transmission attribute name, transaction usage role, transaction attribute type information, etc. The transmission attribute name can transmit the data type allowed to be transmitted, and the transaction usage role can transmit the identity information of the creator that is allowed to use this transmission transaction (such as allowing the server to create, or allowing the client to create), and the transaction attribute type information can transmit the direction of allowed data transmission, the data header used when allowing data transmission, the data type allowed to be transmitted, etc. The above-described transmission transaction's transparent indication of data, in a simple and easy-to-understand way, is the specific function of the transmission transaction. Therefore, based on the above-mentioned transmission transaction's indication of data penetration, the verification of the first message involved in the various embodiments of the present application, for example, the verification of the first message by the first control device (or the second control device, first control module, second control module, intermediate network device, etc. described above), from the perspective of the transmission transaction, may include but is not limited to the following items:
1)校驗第一報文對應的傳輸事務是否為已註冊的傳輸事務,以根據校驗結果確定第一報文對應的傳輸事務是否符合要求。具體地,可從第一報文包含的目標頭信息中解析出事務屬性標識(為傳輸事務的唯一標識),然後從傳輸事務屬性信息集合中查找是否存有目標頭信息中包含的事務屬性標識。若存有,則表明第一報文對應的傳輸事務已註冊,該第一報文對應的傳輸事務符合要求,符合要求情況下,可直接對第一報文執行相應的轉發操作(或存儲),或者也可做進一步地校驗。反正,若未存有,則表明第一報文對應的傳輸事務未註冊,該第一報文對應的傳輸事務不符合要求,對第一報文不進行轉發(或存儲)處理。1) Verify that the transmission transaction corresponding to the first message is a registered transmission transaction and, based on the verification result, determine whether the transmission transaction to which the first message corresponds meets the requirements. Specifically, the transaction attribute identifier (a unique identifier of the transmission transaction) can be parsed from the destination header information contained in the first message. Then, the transaction attribute identifier contained in the destination header information is searched within the transmission transaction attribute information set to determine whether it exists. If so, it indicates that the transmission transaction to which the first message corresponds is registered and meets the requirements. If so, the corresponding forwarding operation (or storage) can be performed directly on the first message, or further verification can be performed. Anyway, if it does not exist, it indicates that the transmission transaction corresponding to the first message is not registered, the transmission transaction corresponding to the first message does not meet the requirements, and the first message is not forwarded (or stored).
2)若經上述1)校驗出第一報文對應的傳輸事務為已註冊的傳輸事務,可進一步地校驗目標頭信息的格式是否預設格式要求,比如,校驗目標頭信息中的報文頭格式(或者,和數據頭格式)是否符合預設格式要求。若符合,可直接對第一報文執行相應的轉發操作(或存儲),或者也可做再進一步地校驗。若不符合,對第一報文不進行轉發(或存儲)處理。2) If the verification in 1) above indicates that the transmission transaction corresponding to the first message is a registered transmission transaction, the destination header information format may be further verified to see if it meets the preset format requirements. For example, the message header format (or data header format) in the destination header information may be verified to see if it meets the preset format requirements. If so, the first message may be directly forwarded (or stored) or further verification may be performed. If not, the first message is not forwarded (or stored).
3)若經上述2)校驗出第一報文包含的目標頭信息符合預設格式要求,可再進一步地校驗當前所進行的傳輸是否符合對應的傳輸事務屬性要求。符合時,可直接對第一報文執行相應的轉發操作(或存儲);反之不符合時,對第一報文不進行轉發(或存儲)處理。上述校驗,可根據從第一報文對應的傳輸事務的傳輸事務屬性信息中所獲取到的事務屬性類型信息來實現。3) If the destination header information contained in the first message is verified to conform to the preset format requirements as determined in step 2), the current transmission may be further verified to determine whether it conforms to the corresponding transmission transaction attribute requirements. If so, the first message may be directly forwarded (or stored); otherwise, the first message may not be forwarded (or stored). This verification may be performed based on the transaction attribute type information obtained from the transmission transaction attribute information of the transmission transaction corresponding to the first message.
例如,校驗當前所進行的傳輸方向是否符合傳輸事務屬性所規定的數據傳輸方向,具體地,假設前所進行傳輸方向為第一端向第二端發送數據,則:若事務屬性類型信息中包含的數據傳輸方向表徵第一端能上行數據(即能向外發送數據),當前所進行傳輸方向便符合傳輸事務屬性所規定的數據傳輸方向;反之,若事務屬性類型信息中包含的數據傳輸方向表徵第一端僅能下行數據(即僅能接收數據),當前所進行傳輸方向便不符合傳輸事務屬性所規定的數據傳輸方向。For example, the current transmission direction is verified to determine whether it complies with the data transmission direction specified by the transmission transaction attributes. Specifically, assuming the previous transmission direction is data transmission from the first end to the second end, if the data transmission direction included in the transaction attribute type information indicates that the first end can transmit uplink data (i.e., can transmit data externally), the current transmission direction complies with the data transmission direction specified by the transmission transaction attributes. Conversely, if the data transmission direction included in the transaction attribute type information indicates that the first end can only transmit downlink data (i.e., can only receive data), the current transmission direction does not comply with the data transmission direction specified by the transmission transaction attributes.
再例如,校驗當前所傳輸數據的數據類型是否符合傳輸事務屬性所規定的數據類型。具體地,假設當前所傳輸數據的數據類型為jpg文件,則:若事務屬性類型信息中包含的數據類型為圖像,當前所傳輸數據的數據類型便符合傳輸事務屬性所規定的數據類型;反之,若事務屬性類型信息中包含的數據類型為文本,當前所傳輸數據的數據類型便不符合傳輸事務屬性所規定的數據類型。Another example is verifying whether the data type of the data being transmitted complies with the data type specified by the transaction attributes. Specifically, assuming the data type of the data being transmitted is a jpg file, if the data type included in the transaction attribute type information is image, the data type of the data being transmitted complies with the data type specified by the transaction attributes. Conversely, if the data type included in the transaction attribute type information is text, the data type of the data being transmitted does not comply with the data type specified by the transaction attributes.
又例如,校驗當前所傳輸報文包含的頭信息是否符合傳輸屬性所規定的要求。具體地,假設當前假設前所傳輸報文中包含有數據頭且數據頭的格式為普通數據頭格式,則:若事務屬性類型信息中包含的數據頭使用信息指示需使用普通數據頭,當前所傳輸報文包含的頭信息便符合傳輸事務屬性所規定的要求;反之,若事務屬性類型信息中包含的數據頭使用信息指示無需數據頭或數據頭格式為文件數據頭格式,當前所傳輸報文包含的頭信息便不符合傳輸事務屬性所規定的要求。Another example is verifying whether the header information included in the currently transmitted message meets the requirements specified by the transmission attributes. Specifically, assuming that the currently transmitted message includes a data header and the data header format is a normal data header format, then: if the data header usage information included in the transaction attribute type information indicates that a normal data header is required, the header information included in the currently transmitted message meets the requirements specified by the transmission transaction attributes; conversely, if the data header usage information included in the transaction attribute type information indicates that no data header is required or the data header format is a file data header format, the header information included in the currently transmitted message does not meet the requirements specified by the transmission transaction attributes.
基於傳輸事務針對數據的透傳指示,除了能用於校驗報文之外,還能用於但不限於如下其他幾個方面:Transmission transaction-based data transparent instructions can be used not only for message verification but also for, but not limited to, the following other aspects:
用於數據備份(備份重要數據)。具體地,若傳輸事務透傳出允許傳輸的數據類型為重要類型(如文件類型)的情況下,如控制設備可對報文中的數據進行備份。Used for data backup (backing up important data). Specifically, if the data type allowed to be transmitted in a transaction is important (such as a file type), the control device can back up the data in the message.
用於透傳顯示,日誌留存、分析等。比如,控制設備可對傳輸事務的事務屬性名稱進行顯示,以便用戶通過顯示出的事務屬性名稱可以清晰的瞭解當前所進行的數據傳輸。再比如,控制設備可對接收到的報文進行記錄、分析,以生成相應傳輸事務的日誌信息。Used for transparent display, log storage, and analysis. For example, the control device can display the transaction attribute names of the transmission transaction, allowing users to clearly understand the current data transmission through the displayed transaction attribute names. Another example is that the control device can record and analyze received messages to generate log information for the corresponding transmission transaction.
上述S13及S14中,通過上述步驟S12對所述第一報文的校驗,在校驗通過的情況下,說明報文符合預設要求,第一控制設備31A則觸發將所述第一報文發送至所述第二端20的操作。反之,若校驗未通過,則說明第一報文不符合預設要求。在不符合要求的情況下,在一實施例中,可以對所述第一報文不予進行發送處理,但還是可進行留存日誌等處理的;或者,在另一實施例,可以輸出詢問信息以詢問用戶是否允許對所述第一報文進行傳輸。比如,若第一報文中的數據所屬的數據類型為禁止傳輸的可執行程序文件(如.exe程序),第一控制設備31A將不自動執行傳輸操作,而是在其顯示屏(如圖7a或圖7b所示)或第一端顯示器輸出詢問信息,詢問用戶是否允許傳輸,並在接收到用戶針對該詢問信息反饋的確認傳輸指示後,才進行將第一報文發送至第二端20,這種通過人工干預確認方式,可防止病毒木馬傳播。In S13 and S14 above, the first message is verified in step S12. If the verification passes, indicating that the message meets the preset requirements, the first control device 31A triggers the operation of sending the first message to the second terminal 20. Conversely, if the verification fails, it indicates that the first message does not meet the preset requirements. If the requirements are not met, in one embodiment, the first message may not be sent, but it may still be processed by logging. Alternatively, in another embodiment, a query message may be output to inquire whether the user allows the transmission of the first message. For example, if the data in the first message belongs to an executable program file (such as an .exe program) that is prohibited from being transmitted, the first control device 31A will not automatically perform the transmission operation. Instead, it will output a query message on its display screen (as shown in Figure 7a or Figure 7b) or the first end display, asking the user whether to allow the transmission. Only after receiving the user's confirmation transmission instruction in response to the query message will the first control device 31A send the first message to the second end 20. This manual intervention and confirmation method can prevent the spread of viruses and Trojans.
具體實施時,如參見圖4b,第一控制設備31A觸發將第一報文發送至第二端20時,是根據從第一報文(更具體地是第一報文的報文頭)中獲取到的第二端對應的第一預置字符串,來確定第二端的地址信息;按照第二端20的地址信息,將第一報文發送至第二端20的。更具體實現原理分為如下兩種情況:In a specific implementation, as shown in Figure 4b, when the first control device 31A triggers the transmission of the first message to the second terminal 20, it determines the address information of the second terminal based on the first preset string corresponding to the second terminal obtained from the first message (more specifically, the message header of the first message). The first message is then transmitted to the second terminal 20 according to the address information of the second terminal 20. The specific implementation principle is divided into the following two situations:
情況21,若第一預置字符串直接為第二端的地址信息(即上文所述的預置字符串不具有隱藏相應端的地址信息)情況下,則第一控制設備31A直接根據第一預置字符串,使用TCP/IP協議或其他相應的協議,將校驗通過的報文發送至第二端20即可。In case 21, if the first preset string is directly the address information of the second end (i.e., the preset string described above does not have the address information of the hidden corresponding end), the first control device 31A directly uses the TCP/IP protocol or other corresponding protocols based on the first preset string to send the verified message to the second end 20.
情況22,若第一預置字符串為預置的隨機字符串,用於隱藏第二端的地址信息。此情況下,本實施例中認為第一端10為不可信設備,第一控制設備31A為可信設備,第一預置字符串的作用是為了在第一端10中隱藏第二端20真實的地址信息(如IP地址),這樣既使第一端10遭受到惡意者的攻擊,惡意者也無法通過第一端10發起對網絡內的第二端20等其他設備進行掃描、探測等,難以實現對第二端20的攻擊。上述中,第一控制設備31A中可具有所有數據傳輸所需的數據,包括第二端20真實的地址信息(如IP地址),換句話也就是說,上文所述的針對第一端10創建的配置文件以及針對第二端20創建的配置文件,均預置在第一控制設備31A內,第一控制設備31A基於自身內預置的數據信息,能直接根據第一預置字符串獲取到第二端20相應真實的地址信息。或者,在其他實施例中,第一控制設備31A也可以針對第一預置字符向相應的解析服務器(如上文所述的配置服務器)發送解析請求,以從解析服務器中獲取相應第二端真實的IP地址,此處不作具體限定。In case 22, if the first preset string is a random string used to hide the second end's address information, in this embodiment, the first end 10 is considered an untrusted device, and the first control device 31A is considered a trusted device. The purpose of the first preset string is to hide the second end 20's true address information (e.g., IP address) from the first end 10. This prevents malicious actors from launching scans or detections against other devices within the network, such as the second end 20, through the first end 10, making it difficult to attack the second end 20. In the above description, the first control device 31A may contain all the data required for data transmission, including the actual address information (e.g., IP address) of the second end 20. In other words, the configuration files created for the first end 10 and the second end 20 described above are both pre-set within the first control device 31A. Based on this pre-set data, the first control device 31A can directly obtain the actual address information corresponding to the second end 20 based on the first pre-set character string. Alternatively, in other embodiments, the first control device 31A may send a resolution request based on the first pre-set character string to a corresponding resolution server (e.g., the configuration server described above) to obtain the actual IP address of the corresponding second end from the resolution server. This is not specifically limited here.
第一控制設備31A根據第一預置字符串獲取到第二端20真實的IP地址後,可以使用TCP/IP協議,將第二端真實的IP地址及相應報文發送至中間網絡設備(如圖4b),以通過中間網絡設備將校驗通過的第一報文發送至第二端20。一般情況下,由於第一控制設備31A已完成了第一預置字符串與第二端20真實的地址信息的轉換,在根據第二端的地址信息,使用TCP/IP協議對第一報文進行轉發,以發送至第二端20時,轉發的第一報文可以不攜帶預置字符串,但在本實施例中,是保持第一報文攜帶預置字符串的,目的在於可以使第二端20可對第一報文中包含的預置字符串等信息進行校驗。或者在下文其他實施例中,比如其他實施例中描述的第一端10與第二端20之間具有第一控制設備31A和第二控制設備32的情況(如圖5e),第一控制設備31A轉發第一報文時繼續使第一報文攜帶相應的預置字符串,可使第二控制設備32對第一報文包含的預置標識符等信息進行校驗;或者在第二控制設備32連接有多個第二端20情況下,便於第二控制設備32根據相應預置字符串(第一預置字符串),獲取相應的第二端20的地址信息;或者便於第二端20特定程序識別等。After first control device 31A obtains the true IP address of second end 20 based on the first preset string, it can use the TCP/IP protocol to send the true IP address of the second end and the corresponding message to the intermediate network device (as shown in FIG4b ). The intermediate network device then transmits the verified first message to second end 20. Generally, because first control device 31A has already completed the conversion between the first preset string and the true address information of second end 20, when the first message is forwarded to second end 20 using the TCP/IP protocol based on the second end's address information, the forwarded first message may not carry the preset string. However, in this embodiment, the first message carries the preset string so that second end 20 can verify the preset string and other information contained in the first message. Alternatively, in other embodiments described below, such as the case where a first control device 31A and a second control device 32 are provided between the first end 10 and the second end 20 as described in other embodiments (as shown in FIG5e ), the first control device 31A may continue to carry the corresponding preset string with the first message when forwarding the first message, so that the second control device 32 can verify information such as the preset identifier contained in the first message; or when the second control device 32 is connected to multiple second ends 20, it is convenient for the second control device 32 to obtain the address information of the corresponding second end 20 based on the corresponding preset string (first preset string); or it is convenient for specific program identification of the second end 20, etc.
這裡需要補充說明的是,為更進一步保障數據傳輸安全,也可以使中間網絡設備具有控制設備的功能,以再次對接收到的第一報文校驗,並在校驗通過後,將第一報文發送至第二端。或者,中間網絡設備也可僅具有日誌審計功能,可根據接收到的第一報文,生成所述第一傳輸事務的日誌信息,並將所述第一報文發送至所述第二端。具體實施時,可通過在中間網絡設備佈設第四控制模塊來實現上述所述的功能。有關第四控制模塊的具體介紹以及上述所述的中間網絡設備功能的具體實現,可參見上文相關內容。It should be noted that to further ensure data transmission security, the intermediate network device can also function as a control device to re-verify the received first message and, upon passing the verification, send the first message to the second end. Alternatively, the intermediate network device can simply have a log audit function, generating log information for the first transmission transaction based on the received first message and sending the first message to the second end. In specific implementation, the aforementioned functions can be achieved by deploying a fourth control module in the intermediate network device. For a detailed introduction to the fourth control module and the specific implementation of the aforementioned intermediate network device functions, please refer to the relevant content above.
進一步地,除了對第一報文進行校驗之外,還可以從第一端對應的第二預置字符串關聯的關聯信息中獲取相應的數據傳輸方向控制信息,以根據數據傳輸方向控制信息確定是否需要將第一報文轉發給第二端20,或者是否需要將第二端20針對接收到第一報文反饋的數據轉發給第一端10等等。例如,以第一數據流對應第一傳輸事務為「請求網絡資源」傳輸事務為例,相應的,假設第一端對應的第二預置字符串關聯的關聯信息中包含的傳輸方向控制信息為「RX」(代表僅接收數據,換句話也就是說,禁止第一控制設備31A向第二端20轉發所接收到的第一端發送過的報文,可參見上文給出的示例12),這種情況下,第一端10雖接收到第一端10針對「請求網絡資源」所發送的報文,但是,並不會執行將收到的報文下發給第二端20(也即不會將第一端10主動發送的請求參數下發參數給第二端10),而是從相應第二預置字符串關聯的關聯信息中獲取相應的預設請求參數信息(包括請求方式及相關參數),並針對獲取到的預設請求參數生成一個新的報文,並將新的報文下發給第二端20。有關上述新的報文生成的具體實現,可參見上述所描述的第一端10生成第一數據對應待發送的第一報文過程。基於上述例子,所述第一控制設備31在觸發所述將所述第一報文發送至所述第二端20的操作之前,還可包括如下步驟:Furthermore, in addition to verifying the first message, corresponding data transmission direction control information can also be obtained from the associated information associated with the second preset string corresponding to the first end, so as to determine whether the first message needs to be forwarded to the second end 20, or whether the data fed back by the second end 20 in response to receiving the first message needs to be forwarded to the first end 10, etc. For example, taking the first data flow corresponding to the first transmission transaction as the "request network resources" transmission transaction as an example, correspondingly, assuming that the transmission direction control information contained in the associated information associated with the second preset string corresponding to the first end is "RX" (representing only receiving data, in other words, prohibiting the first control device 31A from forwarding the received message sent by the first end to the second end 20, see Example 12 given above), in this case, although the first end 10 receives the first message, End 10 receives the message sent for "requesting network resources", but does not send the received message to the second end 20 (that is, it does not send the request parameters actively sent by the first end 10 to the second end 10). Instead, it obtains the corresponding default request parameter information (including the request method and related parameters) from the associated information associated with the corresponding second preset string, generates a new message based on the obtained default request parameters, and sends the new message to the second end 20. For the specific implementation of the above-mentioned new message generation, please refer to the above-described process of the first end 10 generating the first data corresponding to the first message to be sent. Based on the above example, before triggering the operation of sending the first message to the second end 20, the first control device 31 may also include the following steps:
S131、從所述第一端對應的第二預置字符串關聯的關聯信息中,獲取數據傳輸方向控制信息;S131. Obtain data transmission direction control information from association information associated with a second preset character string corresponding to the first end;
S132、若數據傳輸方向控制信息指示禁止第一控制設備31A將接收到的所述第一報文發送至所述第二端、且所述第一報文的報文類型為請求報文,則從所述關聯信息中獲取預設請求參數;並基於從第一報文中獲取到的第一目標頭信息及所述預設請求參數,生成一待發送的新報文,以基於所述新報文觸發將所述第一報文發送至第二端20的操作。S132. If the data transmission direction control information indicates that the first control device 31A is prohibited from sending the received first message to the second end, and the message type of the first message is a request message, then obtaining a default request parameter from the associated information; and based on the first target header information obtained from the first message and the default request parameter, generating a new message to be sent, so as to trigger an operation of sending the first message to the second end 20 based on the new message.
有關數據傳輸方向控制信息的具有描述,可參見與上文所述的示例11至示例13相關內容。有上內容及結合上文所述的與示例11至示例13相關內容,採用本實施例提供的傳輸方向控制方式來實現比如數據的單向傳輸功能,相比於現存的採用單向傳輸設備實現單向傳輸功能具有如下益處:利用單向傳輸設備(如光閘、光碼(二維碼)等)實現單向傳輸功能,雖在物理上能夠完全隔絕雙向傳輸,但設備往往比較複雜,比如設備需要光模塊、分光模塊、或者需要圖片的顯示或接收模塊等,製造成本高,設備體積較大,適用範圍具有局限性,而且,利用單向傳輸設備在物理上也無法實現根據不同的服務需求進行數據的單向發送、或者單向接收、或者雙向傳輸等的靈活配置。而本實施例提供的方向,無需借助於任何外部設備,即可實現如數據的單向傳輸功能,構建簡單、且控制設備製造成本也相對低,此外,控制設備還能夠根據不同預置字符串所關聯的傳輸方向控制信息,靈活調整不同預置字符串對應的通信方向(也即數據傳輸方向)。For a description of the data transmission direction control information, please refer to the contents related to Examples 11 to 13 described above. With the above content and in combination with the content related to Examples 11 to 13 described above, the transmission direction control method provided by this embodiment is used to achieve, for example, a one-way transmission function of data. Compared with the existing use of one-way transmission equipment to achieve one-way transmission functions, it has the following benefits: using one-way transmission equipment (such as optical gates, optical codes (two-dimensional codes), etc.) to achieve one-way transmission functions, although it can physically completely isolate two-way transmission, the equipment is often more complex. For example, the equipment requires an optical module, a splitter module, or a picture display or receiving module, etc., with high manufacturing costs, large equipment size, and limited scope of application. Moreover, the use of one-way transmission equipment cannot physically achieve flexible configuration of one-way sending, one-way receiving, or two-way transmission of data according to different service requirements. The direction provided by this embodiment can achieve a one-way data transmission function without the need for any external equipment. It is simple to construct and the manufacturing cost of the control device is relatively low. In addition, the control device can flexibly adjust the communication direction (i.e., the data transmission direction) corresponding to different preset strings based on the transmission direction control information associated with each preset string.
進一步地,第一報文校驗通過後,在第一報文包含的數據較為重要的情況下,第一控制設備31A還可對第一報文進行備份,以防止第一端10誤刪相應數據或遭到勒索病毒加密等。基於此,本實施例提供所述的系統中,上述第一控制設備31A還可用於:Furthermore, after the first message passes verification, if the data contained in the first message is relatively important, the first control device 31A can also back up the first message to prevent the first end 10 from accidentally deleting the corresponding data or being encrypted by a ransomware virus. Based on this, in the system provided in this embodiment, the first control device 31A can also be used to:
校驗通過後,根據所述第一報文中包含的標注信息,判斷所述第一報文是否滿足所述數據傳輸安全控制信息中的數據備份條件;After verification, determining whether the first message meets the data backup condition in the data transmission security control information based on the annotation information included in the first message;
若滿足所述數據備份條件,則對所述第一報文進行備份。If the data backup condition is met, the first message is backed up.
例如,在第一報文的報文頭和/或數據頭中包含的標注信息,標注的是第一報文包含的數據為「重要」(如數據為財務報表.xls)時,第一控制設備可以對該第一報文進行備份。For example, when the marking information included in the message header and/or data header of the first message indicates that the data included in the first message is "important" (such as the data is a financial report.xls), the first control device can back up the first message.
第二可能實施例中,如參見圖5c和圖5d所示,在第一端10與第二端20直接除了增設第一控制設備31A外,還可以增設另一個第二控制設備32,該第二控制設備32與第二端20及第一控制設備31A通信連接。有關第二控制設備32與第二端20建立通信連接的具體實現,可參見上文描述的第一端10與第一控制設備31A間通信連接的建立過程。In a second possible embodiment, as shown in Figures 5c and 5d , in addition to the first control device 31A, a second control device 32 may be provided between the first terminal 10 and the second terminal 20. This second control device 32 is communicatively connected to the second terminal 20 and the first control device 31A. For details on how the second control device 32 establishes a communication connection with the second terminal 20, please refer to the process for establishing a communication connection between the first terminal 10 and the first control device 31A described above.
相應地,上文所述的第一控制設備31A根據第二端對應的第一預置字符串,確定的第二端的地址信息指向的是第二控制設備。基於此,上述第一控制設備31A,在用於將所述第一報文發送至第二端20時,具體是用於:將所述第一報文發送至第二控制設備32。以及Correspondingly, the first control device 31A described above determines that the address information of the second end points to the second control device based on the first preset string corresponding to the second end. Based on this, the first control device 31A, when used to send the first message to the second end 20, is specifically used to: send the first message to the second control device 32. And
第二控制設備32,用於對接收到的所述第一報文進行校驗;並在校驗通過後,響應於所述第二端發送的獲取請求,將所述第一報文發送至所述第二端。The second control device 32 is configured to verify the received first message and, if the verification is successful, send the first message to the second end in response to the acquisition request sent by the second end.
具體實施時,以第二端20通過USB接口與第二控制設備32連接為例,第二端20在需獲取數據時,向第二端發送的獲取請求可為第二信令。第二信令用於指示第二控制設備向第二端20發送數據。具體地,第二信令可為IN令牌包(也叫IN輸入數據包),IN令牌包可理解為主機(如第二端20)用於通知從機(如第二控制設備32)要給其發送一個數據包的指令包。本實施例中,第二控制設備32並不會將校驗通過的報文主動下發給第二端,需要第二端請求後才進行將與第二端20請求適配的報文發送至第二端。In a specific implementation, for example, if the second terminal 20 is connected to the second control device 32 via a USB interface, when the second terminal 20 needs to retrieve data, the retrieval request sent to the second terminal can be a second signaling. The second signaling is used to instruct the second control device to send data to the second terminal 20. Specifically, the second signaling can be an IN token packet (also called an IN input data packet). The IN token packet can be understood as an instruction packet used by a master (e.g., the second terminal 20) to notify a slave (e.g., the second control device 32) that a data packet is to be sent. In this embodiment, the second control device 32 does not actively send verified messages to the second terminal. Instead, it requires a request from the second terminal before sending a message matching the request from the second terminal 20.
這裡需要補充說明的是,上述第一控制設備31A與第二控制設備32可採用但不限於TCP/IP協議進行通信連接,此情況下,如圖5d所示,第一控制設備31A與第二控制設備32間可具有中間網絡設備,第一控制設備31A具體是通過中間網絡設備將第一報文發送至第二控制設備32。有關中間網絡設備可具有的功能,可參見上述第一可能實施例中描述的相關內容。It should be noted that the communication connection between the first control device 31A and the second control device 32 can be established using, but not limited to, the TCP/IP protocol. In this case, as shown in FIG5d , an intermediate network device can be provided between the first control device 31A and the second control device 32. Specifically, the first control device 31A transmits the first message to the second control device 32 via the intermediate network device. For details on the functions of the intermediate network device, please refer to the relevant content described in the first possible embodiment.
另外,上文內容主要是從第一端需向第二端發送數據為例來說明地,當然,第二端也可以向第一端發送數據,此情況下,上述第一端10還可用於:In addition, the above content is mainly explained from the example of the first end needing to send data to the second end. Of course, the second end can also send data to the first end. In this case, the first end 10 can also be used for:
接收所述第二端發送的第二報文;receiving a second message sent by the second end;
其中,所述第二報文,是所述第二端上基於第二數據流對應第二傳輸事務的第二事務信息,為所述第二數據流的第二數據塊確定相應的第二目標頭信息,並根據所述第二數據塊及所述第二目標頭信息生成的;所述第二目標頭信息用於校驗所述第二報文是否符合要求。The second message is generated on the second end based on the second transaction information of the second transmission transaction corresponding to the second data stream, and determines the corresponding second destination header information for the second data block of the second data stream. The second destination header information is used to verify whether the second message meets the requirements.
上述第二數據流為第二端上第二應用所產生的數據。有關第一應用及第二數據流的描述、第二端生成第二報文以及將第二報文發送至第二端的實現等,可參見上文對第一應用及第二數據流的具體描述、以及對第一端生成第一報文並將第一報文發送至第二端的具體實現描述,此處不再做贅述。The second data stream is data generated by the second application on the second end. For details about the first application and the second data stream, and how the second end generates and sends the second message to the second end, please refer to the detailed description of the first application and the second data stream, as well as the detailed description of how the first end generates and sends the first message to the second end, and will not be repeated here.
這裡需要補充說明的是,第二報文的生成具體可以是由第二端上的第三控制模塊來實現的,第三控制模塊可位於第二應用內或第二應用的外部。第三控制模塊位於第二應用內時,第二端上第二應用外部還可設有第五控制模塊;或者在上述第三控制模塊位於第二應用外部時,第二端上第二應用內還可設有第五控制模塊。有關在第三控制模塊和第五控制模塊共存的情況下,二者如何協作以對第二數據塊進行處理生成第二報文,可參見上文本申請其他各實施例中對第一端上的第一控制模塊和第二控制模塊相互協作,對第一數據塊進行處理生成第一報文的相關內容。It should be noted that the generation of the second message can be specifically implemented by a third control module on the second end, which can be located within or outside the second application. When the third control module is located within the second application, a fifth control module can also be provided outside the second application on the second end; or when the third control module is located outside the second application, a fifth control module can also be provided within the second application on the second end. Regarding how the third control module and the fifth control module cooperate to process the second data block and generate the second message when they coexist, please refer to the relevant content in other embodiments of the above-mentioned application regarding the cooperation between the first control module and the second control module on the first end to process the first data block and generate the first message.
基於上文介紹的本申請一實施例提供的數據傳輸系統相關內容,本申請另外若干個實施例還提供的一種數據傳輸系統。具體地,Based on the above-described content related to the data transmission system provided by the first embodiment of this application, several other embodiments of this application also provide a data transmission system. Specifically,
圖3b示出了本申請另一實施例提供的數據傳輸系統的結構示意圖。參見圖3b所示,所述數據傳輸系統包括:第一端10及第二端20,其中,FIG3b shows a schematic diagram of the structure of a data transmission system provided by another embodiment of the present application. Referring to FIG3b, the data transmission system includes: a first end 10 and a second end 20, wherein:
第一端10,其上第一應用內設有第一控制模塊11,所述第一控制模塊11用於確定所述第一應用的第一數據流對應第一傳輸事務的第一事務信息;在需向第二端傳輸所述第一數據流的第一數據塊時,基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;將所述第一報文發送至所述第二端;其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求;A first end 10 includes a first application on which a first control module 11 is provided. The first control module 11 is configured to determine first transaction information of a first transmission transaction corresponding to a first data stream of the first application. When transmitting a first data block of the first data stream to a second end, the first control module 11 determines corresponding first destination header information for the first data block based on the first transaction information. The first control module 11 generates a first message to be sent based on the first data block and the first destination header information. The first message is sent to the second end. The first destination header information is used to verify whether the first message meets requirements.
第二端20,其上設有第三控制模塊(圖中未示出),所述第三控制模塊用於對所述第二端接收到的所述第一報文包含的第一目標頭信息進行校驗;校驗通過後,從所述第一報文中獲取並緩存第一數據。The second end 20 is provided with a third control module (not shown in the figure), which is used to verify the first target header information contained in the first message received by the second end; after the verification is passed, the third control module obtains and caches the first data from the first message.
進一步地,本實施例提供的系統還可包括:中間網絡設備,與所述第一端和所述第二端通信連接;Furthermore, the system provided by this embodiment may further include: an intermediate network device, communicatively connected to the first end and the second end;
所述第一控制模塊11,具體用於將所述第一報文發送至所述中間網絡設備;The first control module 11 is specifically configured to send the first message to the intermediate network device;
所述中間網絡設備,用於根據接收到的所述第一報文,生成所述第一傳輸事務的日誌信息;將所述第一報文發送至所述第二端。The intermediate network device is used to generate log information of the first transmission transaction based on the received first message; and send the first message to the second end.
圖3c示出了本申請又一實施例提供的數據傳輸系統的結構示意圖。參見圖3c所示,所述數據傳輸系統包括:第一端10及第二端20,其中,FIG3c shows a schematic diagram of the structure of a data transmission system provided by another embodiment of the present application. Referring to FIG3c, the data transmission system includes: a first end 10 and a second end 20, wherein:
第一端10,其上第一應用外部設有第二控制模塊12,所述第二控制模塊12用於響應於所述第一應用發送的需向第二端傳輸的第一數據塊,確定所述第一數據塊所屬的第一傳輸事務的第一事務信息;基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;將所述第一報文發送至所述第二端;其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求。A first terminal 10 has a second control module 12 externally disposed on the first application. The second control module 12 is configured to respond to a first data block sent by the first application to be transmitted to the second terminal by determining first transaction information of a first transmission transaction to which the first data block belongs; based on the first transaction information, determine corresponding first destination header information for the first data block; generate a first message to be transmitted based on the first data block and the first destination header information; and transmit the first message to the second terminal. The first destination header information is used to verify whether the first message meets requirements.
所述第二端20,其上設有第三控制模塊(圖中未示出),所述第三控制模塊用於對所述第二端接收到的所述第一報文包含的第一目標頭信息進行校驗;校驗通過後,從所述第一報文中獲取第一數據。The second end 20 is provided with a third control module (not shown in the figure), which is used to verify the first target header information contained in the first message received by the second end; after the verification is passed, the first data is obtained from the first message.
進一步地,本實施例提供的系統還可包括:中間網絡設備,與所述第一端和所述第二端通信連接;Furthermore, the system provided by this embodiment may further include: an intermediate network device, communicatively connected to the first end and the second end;
所述第二控制模塊,具體用於將所述第一報文發送至所述中間網絡設備;The second control module is specifically configured to send the first message to the intermediate network device;
所述中間網絡設備,用於根據接收到的所述第一報文,生成所述第一傳輸事務的日誌信息;將所述第一報文發送至所述第二端。The intermediate network device is used to generate log information of the first transmission transaction based on the received first message; and send the first message to the second end.
本申請又一實施例提供的數據傳輸系統的結構示意圖,該數據傳輸系統的系統架構與圖3a-1示出的架構類似。具體地,所述數據傳輸系統包括:第一端及第二端,其中,Another embodiment of the present application provides a schematic diagram of the structure of a data transmission system. The system architecture of the data transmission system is similar to the architecture shown in Figure 3a-1. Specifically, the data transmission system includes: a first end and a second end, wherein:
第一端,用於向中間網絡設備發送需向第二端傳輸的第一數據塊;The first end is used to send a first data block to the intermediate network device to be transmitted to the second end;
中間網絡設備,其上設有第四控制模塊,用於接收所述第一數據塊,確定所述第一數據塊所屬的第一傳輸事務的第一事務信息;基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;將所述第一報文發送至所述第二端;其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求。The intermediate network device includes a fourth control module thereon, configured to receive the first data block, determine first transaction information of a first transmission transaction to which the first data block belongs; determine corresponding first destination header information for the first data block based on the first transaction information; generate a first message to be sent based on the first data block and the first destination header information; and send the first message to the second end; wherein the first destination header information is used to verify whether the first message meets requirements.
所述第二端,其上設有第三控制模塊,用於對所述第二端接收到的所述第一報文包含的第一目標頭信息進行校驗;校驗通過後,從所述第一報文中獲取第一數據。The second end is provided with a third control module for verifying the first target header information contained in the first message received by the second end; after the verification is passed, the first data is obtained from the first message.
進一步地,上述第一端上第一應用內設有第一控制模塊或所述第一應用外部設有第二控制模塊;Furthermore, a first control module is provided inside the first application on the first end or a second control module is provided outside the first application;
所述第一控制模塊或第二控制模塊,用於將所述第一應用需向第一端傳輸的所述第一數據塊、以及所述第一數據塊所屬的第一傳輸事務的事務屬性信息發送至所述中間網絡設備;The first control module or the second control module is configured to send the first data block to be transmitted by the first application to the first end, and transaction attribute information of the first transmission transaction to which the first data block belongs, to the intermediate network device;
所述中間網絡設備,在用於確定所述第一數據塊所述的第一傳輸事務的第一事務信息時,具體用於:為所述第一傳輸事務生成相應的事務標識;基於接收到的所述事務屬性標識,從預置的多個傳輸事務屬性信息中查詢所述第一傳輸事務的傳輸事務屬性信息。The intermediate network device, when used to determine the first transaction information of the first transmission transaction described in the first data block, is specifically used to: generate a corresponding transaction identifier for the first transmission transaction; and based on the received transaction attribute identifier, query the transmission transaction attribute information of the first transmission transaction from multiple preset transmission transaction attribute information.
這裡需要補充說明的是,上述各數據傳輸系統中各端/設備/模塊等除了能夠實現上述描述的功能之外,還可實現本申請其他各實施例中相關功能。有關上述各數據傳輸系統中各端/設備/模塊等可實現的具體功能介紹,可參見上文相關內容。It should be noted that, in addition to the functions described above, each terminal/device/module in the aforementioned data transmission systems can also implement related functions in other embodiments of this application. For an introduction to the specific functions that can be implemented by each terminal/device/module in the aforementioned data transmission systems, please refer to the relevant content above.
圖4a至4c示出了本申請又一實施例提供的數據傳輸系統的結構示意圖。如參見圖4a至4c所示,所述數據傳輸系統包括:第一端10、第一控制設備31A及第二端20,其中,Figures 4a to 4c show a schematic structural diagram of a data transmission system provided by another embodiment of the present application. As shown in Figures 4a to 4c, the data transmission system includes: a first terminal 10, a first control device 31A and a second terminal 20, wherein:
第一端10,用於在需向所述第二端傳輸所述第一數據流的第一數據塊時,將所述第一數據塊發送至第一控制設備;The first end 10 is configured to send the first data block of the first data stream to the first control device when the first data block needs to be transmitted to the second end;
第一控制設備31A,用於確定所述第一數據流對應第一傳輸事務的第一事務信息;基於所述第一事務信息,為接收到的所述第一數據塊確定相應的第一目標頭信息;根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;將所述第一報文發送至所述第二端;其中,所述第一目標頭信息用於校驗所述第一報文是否要求。The first control device 31A is configured to determine first transaction information of a first transmission transaction corresponding to the first data stream; determine corresponding first destination header information for the received first data block based on the first transaction information; generate a first message to be sent based on the first data block and the first destination header information; and send the first message to the second end; wherein the first destination header information is used to verify whether the first message is required.
第二端20,用於對接收到的所述第一報文包含的目標頭信息進行校驗,確定所述第一報文是否符合要求;符合要求時,從所述第一報文中獲得並緩存所述第一數據塊。The second end 20 is configured to verify the destination header information contained in the received first message to determine whether the first message meets the requirements; if it meets the requirements, obtain and cache the first data block from the first message.
有關上述第一端10、第一控制設備31A及第二端20的具體介紹及各自功能的具體實現,可參見上文相關內容。For a detailed introduction to the first terminal 10, the first control device 31A and the second terminal 20 and the specific implementation of their respective functions, please refer to the relevant content above.
圖5d和5e示出了本申請又一實施例提供的數據傳輸系統的結構示意圖。如參見圖5d至5e所示,該數據傳輸系統包括:第一端10、第一控制設備31A、第二控制設備32及第二端20,其中,Figures 5d and 5e show a schematic structural diagram of a data transmission system provided by another embodiment of the present application. As shown in Figures 5d to 5e, the data transmission system includes: a first terminal 10, a first control device 31A, a second control device 32 and a second terminal 20, wherein:
第一端10,用於在需向所述第二端傳輸所述第一數據流的第一數據塊時,將所述第一數據塊發送至第一控制設備;The first end 10 is configured to send the first data block of the first data stream to the first control device when the first data block needs to be transmitted to the second end;
第一控制設備31A,與所述第一端通信連接,用於確定所述第一數據流對應第一傳輸事務的第一事務信息;基於所述第一事務信息,為接收到的所述第一數據塊確定相應的第一目標頭信息;根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;將所述第一報文發送至所述第二控制設備;其中,所述第一目標頭信息用於校驗所述第一報文是否要求;The first control device 31A is communicatively connected to the first end and configured to determine first transaction information of a first transmission transaction corresponding to the first data stream; determine first destination header information corresponding to the received first data block based on the first transaction information; generate a first message to be sent based on the first data block and the first destination header information; and send the first message to the second control device; wherein the first destination header information is used to verify whether the first message is requested;
第二控制設備32,與所述第一控制設備及所述第二端通信連接,用於對接收到的所述第一報文包含的第一目標頭信息進行校驗,確定所述第一報文是否符合要求;符合要求時,將所述第一報文緩存於本地,以等待所述第二端獲取;a second control device 32, communicatively connected to the first control device and the second end, configured to verify the first destination header information contained in the received first message to determine whether the first message meets requirements; if so, cache the first message locally for retrieval by the second end;
第二端20,用於向所述第二控制設備發送獲取請求;接收所述第二控制設備針對所述獲取請求反饋的所述第一報文。The second end 20 is configured to send an acquisition request to the second control device and receive the first message fed back by the second control device in response to the acquisition request.
有關上述第一端10、第一控制設備31A、第二控制設備22及第二端20的具體介紹及各自功能的具體實現,可參見上文相關內容。For detailed introduction of the first terminal 10, the first control device 31A, the second control device 22 and the second terminal 20 and the specific implementation of their respective functions, please refer to the relevant content above.
本申請其他實施例還提供了相應的一些數據傳輸方法,具體地如下:Other embodiments of this application also provide some corresponding data transmission methods, which are specifically as follows:
圖11a示出了本申請一實施例提供的數據傳輸方法的流程示意圖。該數據傳輸方法適於如圖3b示出的第一端10,更具體地,適於第一端10上第一應用內的第一控制模塊11。第一控制模塊11內事先預置的預置信息包括上文所述的針對第一端10創建的配置文件,進一步地,還可包括針對第二端20創建的配置文件。以針對第一端創建的配置文件為例,配置文件中可包括但不限於如下中的至少一項配置數據:數據交換配置數據、數據傳輸安全控制信息等,其中,數據交換配置數據可包括但不限於:多個傳輸事務的傳輸事務屬性信息;傳輸事務的事務種類、第一端對應的第二預置字符串及傳輸事務的事務屬性標識三者之間的對應關係,其中,事務屬性標識為相應傳輸事務的傳輸事務屬性信息的唯一標識;報文頭格式、多個數據頭格式,等等。其中,在本實施例中,涉及的預置字符串為相應端的地址信息對應的字符串,例如,第一端對應的第二預置字符串為第二端的地址信息(如IP地址)對應的字符串,為便於描述,本實施例針對預置字符串直接採用相應端的地址信息進行描述。有關第一控制模塊11及在第一控制模塊11內預置的預置信息的具體介紹,可參見上文相關內容,此處不再做贅述。如圖11a所示,本實施例提供的數據傳輸方法包括以下步驟:Figure 11a illustrates a schematic flow diagram of a data transmission method provided in accordance with an embodiment of the present application. This data transmission method is applicable to the first terminal 10 shown in Figure 3b , and more specifically, to the first control module 11 within the first application on the first terminal 10. The pre-configured information within the first control module 11 includes the configuration file created for the first terminal 10 described above, and may also include a configuration file created for the second terminal 20. Taking the configuration file created for the first end as an example, the configuration file may include, but is not limited to, at least one of the following configuration data: data exchange configuration data, data transmission security control information, etc. The data exchange configuration data may include, but is not limited to: transmission transaction attribute information for multiple transmission transactions; the correspondence between the transaction type of the transmission transaction, the second preset string corresponding to the first end, and the transaction attribute identifier of the transmission transaction, where the transaction attribute identifier is a unique identifier for the transmission transaction attribute information of the corresponding transmission transaction; the message header format, multiple data header formats, etc. In this embodiment, the preset string involved is a string corresponding to the address information of the corresponding end. For example, the second preset string corresponding to the first end is a string corresponding to the address information (e.g., IP address) of the second end. For ease of description, this embodiment directly uses the address information of the corresponding end to describe the preset string. For a detailed description of the first control module 11 and the preset information preset in the first control module 11, please refer to the relevant content above and will not be repeated here. As shown in FIG11a, the data transmission method provided in this embodiment includes the following steps:
101、確定所述第一應用的第一數據流對應第一傳輸事務的第一事務信息;101. Determine first transaction information of a first transmission transaction corresponding to a first data stream of the first application;
102、在需向第二端傳輸所述第一數據流的第一數據塊時,基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;102. When transmitting a first data block of the first data stream to a second end, determine corresponding first destination header information for the first data block based on the first transaction information;
103、根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;103. Generate a first message to be sent based on the first data block and the first target header information;
104、將所述第一報文發送至所述第二端;104. Send the first message to the second end;
其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求。The first target header information is used to verify whether the first message meets the requirements.
上述101中,如參見圖3b,第一端10上的第一應用可指的是但不限於業務平臺系統應用、瀏覽器應用、社交應用、視頻應用、辦公應用等。不同第一應用被使用過程中會產生不同類型的第一數據流,如以第一應用為瀏覽器應用(經安全訪問控制改造的,其內具有第一控制模塊),瀏覽器應用需要獲取第二端上的資源,則相應地,瀏覽器應用的第一數據流可以為但不限於請求數據流(如請求網絡資源數據流等)。為保證數據傳輸安全,避免第一應用直接隨意調用第一端上的網絡接口以進行數據的隨意發送,第一應用需通過其內的第一控制模塊11才能夠實現第一端10上網絡接口的調用,實現數據發送。換句話也就是說,第一應用的第一數據流需經由第一應用內的第一控制模塊11進行處理才能夠發送。具體實施時,針對第一應用的第一數據流,第一控制模塊11可以確定第一數據流對應第一傳輸事務的第一事務信息,以基於第一事務信息,對需向第二端20傳輸的第一數據流中的第一數據塊進行處理,實現第一數據塊的傳輸。上述第一事務信息可包括第一傳輸事務的事務標識及傳輸事務屬性信息,傳輸事務屬性信息包括但不限於:事務屬性名稱、第一標注信息、第二端的地址信息、事務屬性標識、事務屬性類型信息;其中,事務屬性類型信息包含如下中的至少一項:所述第一數據流的傳輸方向、所述第一數據流的數據類型、數據頭使用信息。有關傳輸事務屬性信息的具體介紹,可參見上文其它實施例中相關內容。In the above 101, as shown in Figure 3b, the first application on the first terminal 10 may refer to, but is not limited to, a business platform system application, a browser application, a social networking application, a video application, an office application, etc. Different first data streams will be generated when different first applications are used. For example, if the first application is a browser application (modified by security access control and has a first control module in it), and the browser application needs to obtain resources on the second end, then accordingly, the first data stream of the browser application can be but is not limited to a request data stream (such as a request for network resource data stream, etc.). To ensure data transmission security and prevent the first application from directly and arbitrarily calling the network interface on the first end to send data, the first application must use the first control module 11 within it to call the network interface on the first end 10 and send data. In other words, the first data stream of the first application must be processed by the first control module 11 within the first application before it can be sent. In specific implementations, with respect to the first data stream of the first application, the first control module 11 can determine the first transaction information of the first transmission transaction corresponding to the first data stream. Based on the first transaction information, the first data block in the first data stream to be transmitted to the second end 20 is processed to transmit the first data block. The first transaction information may include a transaction identifier and transmission transaction attribute information of the first transmission transaction. The transmission transaction attribute information includes, but is not limited to, a transaction attribute name, first annotation information, second end address information, a transaction attribute identifier, and transaction attribute type information. The transaction attribute type information includes at least one of the following: the transmission direction of the first data stream, the data type of the first data stream, and data header usage information. For a detailed description of the transmission transaction attribute information, please refer to the relevant content in other embodiments above.
在一可能實現技術方案中,上述101「確定所述應用的第一數據流對應第一傳輸事務的第一事務信息」,可具體包括:In one possible implementation, the step 101 of "determining first transaction information of a first transmission transaction corresponding to the first data stream of the application" may specifically include:
1010、為所述第一傳輸事務生成相應的事務標識;1010. Generate a corresponding transaction identifier for the first transmission transaction;
1011、獲取所述第一傳輸事務的傳輸事務屬性信息。1011. Obtain transmission transaction attribute information of the first transmission transaction.
上述1011「獲取所述第一傳輸事務的傳輸事務屬性信息」,可包括:The above-mentioned 1011 "obtaining the transmission transaction attribute information of the first transmission transaction" may include:
10111、確定所述第一傳輸事務的事務屬性標識;10111. Determine a transaction attribute identifier of the first transmission transaction.
10112、基於所述事務屬性標識,從預置的多個傳輸事務屬性信息中查詢所述第一傳輸事務的傳輸事務屬性信息。10112. Based on the transaction attribute identifier, query the transmission transaction attribute information of the first transmission transaction from a plurality of preset transmission transaction attribute information.
上述10111,可基於預置的傳輸事務的事務種類與事務屬性標識的對應關係,來確定第一傳輸事務的事務屬性標識。即,一具體可實現方案中,上述1011「確定所述第一傳輸事務的事務屬性標識」,可具體採用如下步驟來實現:The above-mentioned step 10111 can determine the transaction attribute identifier of the first transmission transaction based on the preset correspondence between the transaction type and the transaction attribute identifier of the transmission transaction. That is, in a specific implementation scheme, the above-mentioned step 1011 "determining the transaction attribute identifier of the first transmission transaction" can be specifically implemented by the following steps:
101111、根據所述第一數據流的傳輸需求信息,確定第一傳輸事務所屬的事務種類;101111. Determine a transaction type to which the first transmission transaction belongs based on the transmission requirement information of the first data flow.
101112、基於事務種類與事務屬性標識的第二對應關係,確定與所述第一傳輸事務所屬的事務種類存在對應關係的事務屬性標識。101112. Based on the second correspondence between transaction types and transaction attribute identifiers, determine a transaction attribute identifier that corresponds to the transaction type to which the first transmission transaction belongs.
有關上述101111~101112的具體實現描述,可參見上文其他實施例中的相關內容。For the specific implementation description of the above 101111~101112, please refer to the relevant content in other embodiments above.
上述10112中,預置的多個傳輸事務屬性信息,可參見如圖4a示出的多個傳輸事務的傳輸事務實現信息的集合示例。若基於第一數據流對應第一傳輸事務的事務屬性標識,無法從預置的多個傳輸事務屬性信息中查詢到第一數據流對應第一傳輸事務的傳輸事務屬性信息,這種情況下,則表明根據本實施例所配置的第一端與第二端間的數據傳輸安全控制信息,是不允許對第一數據流中的數據塊進行傳輸的,數據傳輸失敗,終止傳輸。For the preset multiple transmission transaction attribute information in step 10112, see the example set of transmission transaction implementation information for multiple transmission transactions shown in FIG4a . If, based on the transaction attribute identifier of the first transmission transaction corresponding to the first data stream, the transmission transaction attribute information corresponding to the first transmission transaction of the first data stream cannot be retrieved from the preset multiple transmission transaction attribute information, this indicates that the data transmission security control information configured between the first end and the second end according to this embodiment does not permit the transmission of data blocks in the first data stream. The data transmission fails, and the transmission is terminated.
上述102中「基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息」的一種可能實現技術方案可包括如下步驟:A possible technical solution for implementing the above-mentioned step 102 of "determining corresponding first target header information for the first data block based on the first transaction information" may include the following steps:
1021、獲取所述第一數據流中數據塊對應的頭信息傳輸方式;1021. Obtain a header information transmission mode corresponding to a data block in the first data stream;
1022、根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;1022. Determine a target header field for the first data block from multiple header fields included in a default message header format based on the header information transmission mode and relevant information of the first data block.
1023、根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭。1023. Configure a field value corresponding to the target header field based on at least one of the first transaction information and relevant information of the first data block to obtain a message header determined for the first data block.
有關上述1021中的頭信息傳輸方式的介紹,可參見上文相關內容。For an introduction to the header information transmission method in the above 1021, please refer to the relevant content above.
一可實現方案中,上述1022「根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段」,可具體包括:In one implementation, the step 1022 of "determining a target header field for the first data block from a plurality of header fields included in a default message header format based on the header information transmission method and information related to the first data block" may specifically include:
10221、根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在所述第一數據流中的排序;10221. Determine, based on the block number of the first data block included in the relevant information, the order of the first data block in the first data stream.
10222、若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在為所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段。10222. If the header information transmission method is the first method, or the header information transmission method is the second method and the first data block is sorted last in the first data stream, or the header information transmission method is the third method and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields.
10223、若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。10223. If the header information transmission method is the second method and the data block is not sorted last in the first data stream, or the header information transmission method is the third method and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
在上述10222中所述的情況下,即所述多個報頭字段為所述目標報頭字段時,上述1023「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可包括:In the case described in step 10222 above, that is, when the multiple header fields are the target header fields, the step 1023 of "configuring a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may include:
10231、為所述第一傳輸事務確定第一端的地址信息;10231. Determine the address information of the first end for the first transmission transaction;
10232、根據所述第一端的地址信息、所述第一事務信息及所述第一數據塊的相關信息,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第一報文頭;10232. Configure a corresponding field value of the target header field according to the address information of the first end, the first transaction information, and relevant information of the first data block, to obtain a first message header determined for the first data block.
其中,所述第一報文頭包括:第一端的地址信息、第二端的地址信息、所述第一傳輸事務的事務屬性標識、所述第二傳輸事務的事務標識、第一數據流中數據塊的總數量、第一數據塊的塊號、第一目標頭信息與第一數據塊的總大小、標注信息;The first message header includes: address information of the first end, address information of the second end, a transaction attribute identifier of the first transmission transaction, a transaction identifier of the second transmission transaction, a total number of data blocks in the first data stream, a block number of the first data block, a total size of the first destination header information and the first data block, and annotation information;
總數量為設定值時,表示所述第一數據流為數據塊的數量未獲知的流。When the total quantity is a set value, it indicates that the first data stream is a stream with an unknown number of data blocks.
一較為具體實現方案中,上述10231「為所述第一傳輸事務確定第一端的地址信息」,可具體採用如下步驟來實現:In a more specific implementation, the above-mentioned step 10231 "determining the address information of the first end for the first transmission transaction" can be implemented by the following steps:
102311、獲取第一端的地址信息與事務種類的第一對應關係;102311. Obtain the first correspondence between the address information of the first end and the transaction type;
102311、基於所述第二對應關係,確定與所述傳輸事務所屬的事務種類存在對應關係的第一端的地址信息。102311. Based on the second corresponding relationship, determine the address information of the first end that has a corresponding relationship with the transaction type to which the transmission transaction belongs.
有關上述102311~102311的具體實現描述,可參見上文其它實施例中相關內容。For the specific implementation description of the above 102311~102311, please refer to the relevant content in other embodiments above.
進一步地,若第一數據塊在所述第一數據流中排序第一或排序最後,則上述102中還可包括如下步驟:Furthermore, if the first data block is ranked first or last in the first data stream, the above 102 may further include the following steps:
1024、根據所述第一事務信息中所述第一傳輸事務的事務屬性類型信息,確定是否需要為所述第一數據塊添加數據頭;1024. Determine whether a data header needs to be added to the first data block based on the transaction attribute type information of the first transmission transaction in the first transaction information.
1025、確定需要時,根據所述第一數據流的流信息,為所述第一數據塊確定相應的數據頭;其中,所述數據頭與所述第一數據流適配、且符合預設數據頭格式要求。1025. When necessary, determine a corresponding data header for the first data block based on the stream information of the first data stream; wherein the data header is adapted to the first data stream and meets the preset data header format requirements.
有關上述1024的具體實現描述,可參見上文其它實施例中相關內容。For the specific implementation description of the above 1024, please refer to the relevant content in other embodiments above.
上述1025中「根據所述第一數據流的流信息,為所述第一數據塊確定相應的數據頭」的一具體可實現方案包括:A specific implementation of the step 1025 of “determining a corresponding data header for the first data block based on the stream information of the first data stream” includes:
10251、基於所述事務屬性類型信息中包含的數據頭使用信息,從預設的多個數據頭格式中選擇一個適配的數據頭格式;10251. Based on the data header usage information included in the transaction attribute type information, select an adapted data header format from a plurality of preset data header formats;
10252、根據所述第一數據流的流信息,按照選擇出的數據頭格式生成所述數據頭。10252. Generate the data header according to the selected data header format based on the flow information of the first data flow.
在上述10223中所述的情況下,即所述多個報頭字段中的部分報頭字段為所述目標報頭字段時,上述1023「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可包括:In the case described in step 10223 above, that is, when some of the multiple header fields are target header fields, step 1023 "configuring a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may include:
10231’、根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭,包括:10231'. Configuring a field value corresponding to a field of the target header according to at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block, including:
10232’、基於所述第一事務信息中所述第一傳輸事務的事務標識,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第二報文頭;10232'. Based on the transaction identifier of the first transmission transaction in the first transaction information, configure a field value corresponding to the target header field to obtain a second message header determined for the first data block.
其中,所述第二報文頭包括所述事務標識。Wherein, the second message header includes the transaction identifier.
上述104「將所述第一報文發送至所述第二端」的一種可實現技術方案可包括如下步驟:A possible technical solution for implementing the above-mentioned step 104 of "sending the first message to the second end" may include the following steps:
1041、將所述第一報文發送至第二控制模塊,由所述第二控制模塊對所述第一報文包含的第一目標頭信息進行校驗,並在校驗出所述第一報文符合要求時,將所述第一報文發送至第二端;1041. Send the first message to a second control module. The second control module verifies the first destination header information included in the first message and sends the first message to the second end if the verification finds that the first message meets the requirements.
其中,所述第二控制模塊為所述第一端上第一應用外部的模塊(如圖3d示出的第二控制模塊12)。The second control module is a module outside the first application on the first end (such as the second control module 12 shown in FIG. 3 d ).
有關上述1041中的第二控制模塊的具體描述、以及上述1041的具體實現,可參見上文相關內容。For a detailed description of the second control module in step 1041 and a detailed implementation of step 1041, please refer to the relevant content above.
進一步地,本實施例提供的所述方案,還可包括:Furthermore, the solution provided in this embodiment may also include:
105、接收所述第二端發送的第二報文;105. Receive a second message sent by the second end;
其中,所述第二報文,是所述第二端上的第三控制模塊根據所述第二端上第二應用的第二數據流對應第二傳輸事務的第二事務信息,為所述第二數據流的第二數據塊確定相應的第二目標頭信息,並根據所述第二數據塊及所述第二目標頭信息生成的;所述第二目標頭信息用於校驗所述第二報文是否符合要求;The second message is generated by a third control module on the second end based on the second transaction information of the second transmission transaction corresponding to the second data flow of the second application on the second end, by determining corresponding second destination header information for the second data block of the second data flow, and based on the second data block and the second destination header information; the second destination header information is used to verify whether the second message meets the requirements;
所述第三控制模塊位於所述第二應用內或所述第二應用的外部。The third control module is located within the second application or outside the second application.
有關第三控制模塊的具體介紹,可參見本申請其他實施例中相關內容。第二應用、第二報文生成,可分別參見對第一應用、第一報文生成的具體介紹。For a detailed description of the third control module, please refer to the relevant content in other embodiments of this application. For the second application and the second message generation, please refer to the detailed description of the first application and the first message generation, respectively.
這裡需要補充說明的是:在上述第三控制模塊位於第二應用內時,第二端上第二應用外部還可設有第五控制模塊;或者在上述第三控制模塊位於第二應用外部時,第二端上第二應用內還可設有第五控制模塊。有關在第三控制模塊和第五控制模塊共存的情況下,二者如何協作以對第二數據塊進行處理,可參見上文本申請其他各實施例中對第一端上的第一控制模塊和第二控制模塊相互協作,對第一數據塊進行處理的相關內容。It should be noted that when the third control module is located within the second application, a fifth control module may be further located outside the second application on the second end. Alternatively, when the third control module is located outside the second application, a fifth control module may be further located within the second application on the second end. For details on how the third and fifth control modules, when coexisting, collaborate to process the second data block, please refer to the other embodiments of the aforementioned application regarding the collaboration between the first and second control modules on the first end to process the first data block.
本實施例提供的技術方案,第一端需向第二端傳輸其上應用的第一數據流中的第一數據塊時,是第一端上第一應用內的第一控制模塊11基於確定出的第一數據流對應第一傳輸事務的第一事務信息,為第一數據塊確定相應的第一目標頭信息;進而根據第一數據塊及第一目標頭信息來生成相應待發送的第一報文,將第一報文發送至第二端的。上述中,第一目標頭信息用於校驗報文是否符合要求,這使得本方案能夠以較低成本,實現對傳輸數據內容的安全性管理。In the technical solution provided by this embodiment, when a first end needs to transmit a first data block from a first data stream used by an application on the first end to a second end, a first control module 11 within the first application on the first end determines corresponding first destination header information for the first data block based on first transaction information corresponding to the first transmission transaction in the first data stream. Furthermore, the control module 11 generates a corresponding first message to be sent based on the first data block and the first destination header information, and then sends the first message to the second end. The first destination header information is used to verify that the message meets requirements, enabling this solution to achieve security management of the transmitted data content at a relatively low cost.
這裡需要說明的是:本申請實施例提供的所述數據傳輸方法中各步驟未盡詳述的內容可參見本申請提供的其它各實施例中的相應內容,此處不再贅述。此外,本申請實施例提供的所述方法中除了上述各步驟以外,還可包括上述各實施例中其他部分或全部步驟,具體可參見上述各實施例相應內容,在此不再贅述。It should be noted that any details not fully described in the steps of the data transmission method provided in this embodiment of the present application can be found in the corresponding contents of the other embodiments provided in this application and will not be further described here. Furthermore, in addition to the above steps, the method provided in this embodiment of the present application may also include some or all of the other steps in the above embodiments, which can be found in the corresponding contents of the above embodiments and will not be further described here.
圖11b示出了本申請另一實施例提供的數據傳輸方法的流程示意圖。該數據傳輸方法適於如圖3c示出的第一端10,更具體地,適於第一端10上第一應用外部的第二控制模塊12。第二控制模塊12內會事先預置的預置信息,該預置信息為實現本實施例提供的數據傳輸方法所需要用到的信息。有關第二控制模塊12內的預置信息,可參見上文對第一控制模塊11內預置的預置信息的描述。以及有關第二控制模塊12的具體介紹,可參見上文其他實施例中相關內容,此處均不再做具體贅述。如圖11b所示,本實施例提供的數據傳輸方法可包括如下步驟:Figure 11b shows a flow chart of a data transmission method provided by another embodiment of the present application. This data transmission method is suitable for the first end 10 shown in Figure 3c, and more specifically, is suitable for the second control module 12 outside the first application on the first end 10. The second control module 12 will have preset information preset in advance, and the preset information is the information required to implement the data transmission method provided by this embodiment. For the preset information in the second control module 12, please refer to the above description of the preset information preset in the first control module 11. And for the specific introduction of the second control module 12, please refer to the relevant content in the other embodiments above, which will not be described in detail here. As shown in Figure 11b, the data transmission method provided by this embodiment may include the following steps:
201、響應於所述第一應用發送的需向第二端傳輸的第一數據塊,確定所述第一數據塊所屬的第一傳輸事務的第一事務信息;201. In response to a first data block sent by the first application to be transmitted to the second end, determine first transaction information of a first transmission transaction to which the first data block belongs;
202、基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;202. Determine corresponding first target header information for the first data block based on the first transaction information;
203、根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;203. Generate a first message to be sent based on the first data block and the first target header information;
204、將所述第一報文發送至所述第二端;204. Send the first message to the second end;
其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求。The first target header information is used to verify whether the first message meets the requirements.
上述201中,如參見圖3d所示,第一應用內還可部署有第一控制模塊11,有關第一控制模塊11以及其內可預置的預置信息的具體介紹,可參見上文其它實施例中相關內容。利用該第一控制模塊11可對第一數據塊先進行一次預審計(或說預校驗),以確定第一數據塊是否允許傳輸。例如,第一控制模塊11針對接收到的第一數據塊,可以審計第一數據塊所屬的數據類型、傳輸事務等是否符合要求,具體地如:第一控制模塊11根據自身內預置的預置信息中包含的數據傳輸安全控制信息,如允許/阻止傳輸的數據類型信息,可審計第一數據塊所屬的數據類型是否為允許傳輸的數據類型,若為允許傳輸的數據類型,則符合要求;或者,也可以先為第一數據塊所屬的傳輸事務確定相應第一端對應的第二預置字符串;然後預置的數據傳輸安全控制信息中包含的為第一端對應的第二預置字符串所綁定的傳輸事務黑名單/白名單等,分析第一數據塊所屬的傳輸事務是否在黑名單/白名單內,如若在白名單內,則符合要求,等等。有關為第一數據塊所屬的傳輸事務確定相應第一端對應的第二預置字符串的具體實現,可參見上文相關內容。第一控制模塊11在審計出第一數據塊符合要求,為允許傳輸的數據塊的情況下,可以將第一數據塊以及確定出的第一數據塊所屬的傳輸事務的事務屬性標識,發送給第二控制模塊12,由第二控制模塊根據事務屬性標識,獲取第一數據塊所屬的傳輸事務屬性信息,以基於獲取到的傳輸事務屬性信息對第一數據塊進行處理以發送。基於此,在一種可實現的技術方案中,上述201中「響應於所述第一應用發送的需向所述第二端傳輸的第一數據塊,確定所述第一數據塊所屬的第一傳輸事務對應的第一事務信息」,可包括:In step 201 above, as shown in FIG. 3 d , the first application may also include a first control module 11. For a detailed description of the first control module 11 and the preset information that may be preset therein, please refer to the relevant content in other embodiments above. The first control module 11 may be used to perform a pre-audit (or pre-verification) on the first data block to determine whether the first data block is permitted for transmission. For example, the first control module 11 can check whether the data type and transmission transaction of the received first data block meet the requirements. Specifically, the first control module 11 can check whether the data type of the first data block is a data type that is allowed to be transmitted based on the data transmission security control information contained in the preset information preset in itself, such as the data type information of the data type that is allowed/blocked to be transmitted. If it is a data type that is allowed to be transmitted, the first control module 11 checks whether the data type of the first data block is a data type that is allowed to be transmitted. Alternatively, a second preset string corresponding to the first end may be first determined for the transmission transaction to which the first data block belongs; then, the transmission transaction to which the first data block belongs is analyzed based on a transmission transaction blacklist/whitelist bound to the second preset string corresponding to the first end, contained in the preset data transmission security control information, to determine whether the transmission transaction to which the first data block belongs is on the blacklist/whitelist. If so, the requirement is met, etc. For the specific implementation of determining the second preset string corresponding to the first end for the transmission transaction to which the first data block belongs, please refer to the relevant content above. If the first control module 11 determines that the first data block meets the requirements and is permitted to be transmitted, it may send the first data block and the transaction attribute identifier of the transmission transaction to which the first data block belongs to the second control module 12. The second control module, based on the transaction attribute identifier, obtains the transmission transaction attribute information to which the first data block belongs and processes the first data block based on the obtained transmission transaction attribute information before transmitting it. Based on this, in one feasible technical solution, the above-mentioned step 201 of "determining first transaction information corresponding to the first transmission transaction to which the first data block belongs in response to the first application sending the first data block to be transmitted to the second end" may include:
2010、為所述第一傳輸事務生成相應的事務標識;2010. Generate a corresponding transaction identifier for the first transmission transaction;
2011、接收所述應用內的第一控制模塊發送的所述第一數據塊、以及所述第一數據塊所屬的第一傳輸事務的事務屬性標識;2011. Receive the first data block sent by the first control module in the application and a transaction attribute identifier of a first transmission transaction to which the first data block belongs;
2012、基於所述事務屬性標識,從預置的多個傳輸事務屬性信息中查詢所述第一傳輸事務的傳輸事務屬性信息。2012. Based on the transaction attribute identifier, query transmission transaction attribute information of the first transmission transaction from a plurality of preset transmission transaction attribute information.
上述2011中,第一數據塊所屬的第一傳輸事務,具體指的是第一數據塊所屬的第一數據流對應的傳輸事務,有關第一控制模塊確定第一數據塊所屬的第一傳輸事務的事務屬性標識的具體實現,可參見上文其它實施例中相關的內容。In the above 2011, the first transmission transaction to which the first data block belongs specifically refers to the transmission transaction corresponding to the first data stream to which the first data block belongs. For the specific implementation of the first control module determining the transaction attribute identification of the first transmission transaction to which the first data block belongs, please refer to the relevant content in other embodiments above.
上述2012中,傳輸事務屬性信息包括但不限於:事務屬性名稱、第一標注信息、第二端對應的第一預置字符串、事務屬性標識、事務屬性類型信息。其中,所述事務屬性類型信息中包含:所述第一數據塊所屬的第一數據流的傳輸方向、第一數據流的數據類型、數據頭使用信息。有關傳輸事務屬性信息的具體介紹以及上述2012的具體實現,也可參見上文其它實施例中相關的內容。In the aforementioned 2012, the transmission transaction attribute information includes, but is not limited to, the transaction attribute name, the first annotation information, the first preset string corresponding to the second end, the transaction attribute identifier, and the transaction attribute type information. The transaction attribute type information includes the transmission direction of the first data stream to which the first data block belongs, the data type of the first data stream, and data header usage information. For a detailed description of the transmission transaction attribute information and the specific implementation of the aforementioned 2012, please refer to the relevant content in the other embodiments above.
在一種可實現技術方案中,上述202「基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息」,可具體包括:In one possible technical solution, the above-mentioned 202 "determining corresponding first target header information for the first data block based on the first transaction information" may specifically include:
2021、獲取所述第一數據塊所屬的第一數據流中數據塊對應的頭信息傳輸方式;2021. Obtaining a header information transmission mode corresponding to a data block in a first data stream to which the first data block belongs;
2022、根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;2022. Determine a target header field for the first data block from multiple header fields included in a default message header format based on the header information transmission mode and relevant information of the first data block;
2023、根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭。2023. Configure a field value corresponding to the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block.
一具體可實現方案中,上述2022「根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段」,可具體包括:In one specific implementation, the step 2022 of "determining a target header field for the first data block from a plurality of header fields included in a default message header format based on the header information transmission method and information related to the first data block" may specifically include:
20221、根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在所述第一數據流中的排序;20221. Determine, based on the block number of the first data block included in the relevant information, the order of the first data block in the first data stream;
20222、若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在為所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段;20222. If the header information transmission mode is the first mode, or the header information transmission mode is the second mode and the first data block is sorted last in the first data stream, or the header information transmission mode is the third mode and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields;
20223、若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。20223. If the header information transmission method is the second method and the data block is not sorted last in the first data stream, or the header information transmission method is the third method and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
在上述20222給出的情況下,即所述多個報頭字段為所述目標報頭字段時,上述2023「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括:In the case given in 20222 above, that is, when the multiple header fields are the target header fields, the above 2023 "configuring a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may specifically include:
20231、為所述第一傳輸事務確定第一端對應的第二預置字符串;20231. Determine a second preset character string corresponding to the first end for the first transmission transaction;
20232、根據所述第二預置字符串、所述第一事務信息及所述第一數據塊的相關信息,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第一報文頭;20232. Configure a corresponding field value of the target header field according to the second preset character string, the first transaction information, and relevant information of the first data block to obtain a first message header determined for the first data block.
其中,所述第一報文頭包括:所述第二端對應的第一預置字符串、所述第二預置字符串、所述第一傳輸事務的事務屬性標識、所述第一傳輸事務的事務標識、第一數據流中數據塊的總數量、所述第一數據塊的塊號、所述第一目標頭信息與所述第一數據塊的總大小、標注信息;總數量為設定值時,表示所述第一數據流為數據塊的數量未獲知的流。The first message header includes: a first preset string corresponding to the second end, the second preset string, a transaction attribute identifier of the first transmission transaction, a transaction identifier of the first transmission transaction, a total number of data blocks in the first data stream, a block number of the first data block, a total size of the first target header information and the first data block, and annotation information; when the total number is a set value, it indicates that the number of data blocks in the first data stream is unknown.
有關上述203「根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文」的具體實現,可參見上文其它實施例中相關內容。Regarding the specific implementation of the above 203 "generating a first message to be sent according to the first data block and the first target header information", please refer to the relevant content in other embodiments above.
在本實施例中,上述所述的預置字符串(如第一預置字符、第二預置字符串)的作用為用於指示相應端的地址信息,這裡所述的“指示”包含以下兩種含義:預置字符串直接為相應端的地址信息對應的字符串;或者,預置字符串用於隱藏相應端的地址信息,隱藏方式如可以為使預置字符串關聯的關聯信息包含相應端的地址信息。在預置字符串用於隱藏相應端的地址信息的情況下,上述204「將所述第一報文發送至所述第二端」的一可能實現方案,可包括如下步驟:In this embodiment, the preset character strings (e.g., the first preset character string and the second preset character string) are used to indicate the address information of the corresponding end. "Indication" herein can have the following two meanings: the preset character string is directly a character string corresponding to the address information of the corresponding end; or the preset character string is used to conceal the address information of the corresponding end, for example, by causing the associated information associated with the preset character string to include the address information of the corresponding end. If the preset character string is used to conceal the address information of the corresponding end, a possible implementation of step 204, "sending the first message to the second end," may include the following steps:
2041、從所述第一事務信息包含的所述第一傳輸事務的傳輸事務屬性信息中,獲取所述第二端對應的第一預置字符串;2041. Obtain a first preset character string corresponding to the second end from the transmission transaction attribute information of the first transmission transaction included in the first transaction information.
2042、根據所述第一預置字符串,獲取所述第二端的地址信息;2042. Obtain address information of the second end according to the first preset character string;
2043、根據所述第二端的地址信息,將所述第一報文發送至所述第二端。2043. Send the first message to the second end according to the address information of the second end.
有關上述2041~2042的具體實現,可參見上文其它實施例中相關的內容。For the specific implementation of the above 2041~2042, please refer to the relevant content in other embodiments above.
在一具體可實現技術方案中,上述2043「根據所述第二端的地址信息,將所述第一報文發送至所述第二端」,可具體採用如下步驟來實現:In a specific technical solution, the above-mentioned 2043 "sending the first message to the second end according to the address information of the second end" can be implemented by the following steps:
20431、根據所述第二端的地址信息,將所述第一報文發送至中間網絡設備,以通過所述中間網絡設備將所述第一報文發送至所述第二端;20431. Send the first message to an intermediate network device according to the address information of the second end, so as to send the first message to the second end through the intermediate network device.
其中,所述中間網絡設備在將所述第一報文發送至所述第二端之前,還執行如下中的任一項:對所述第一報文包含的第一目標頭信息進行校驗;根據所述第一報文,生成所述第一傳輸事務的日誌信息。Before sending the first message to the second end, the intermediate network device further performs any one of the following: verifying the first destination header information contained in the first message; generating log information of the first transmission transaction based on the first message.
在上述20223給出的情況下,即所述多個報頭字段中的部分報頭字段為所述目標報頭字段時,上述2023「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括:In the case given in 20223 above, that is, when some of the multiple header fields are the target header fields, the above 2023 "configuring a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may specifically include:
20231’、根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭,包括:20231'. According to at least one of the first transaction information and the relevant information of the first data block, configure a field value corresponding to the target header field to obtain a message header determined for the first data block, including:
20232’、基於所述第一事務信息中所述第一傳輸事務的事務標識,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第二報文頭;20232'. Based on the transaction identifier of the first transmission transaction in the first transaction information, configure a field value corresponding to the target header field to obtain a second message header determined for the first data block.
其中,所述第二報文頭包括所述第一傳輸事務的事務標識。The second message header includes the transaction identifier of the first transmission transaction.
進一步地,本實施例提供的所述方法還可包括:Furthermore, the method provided in this embodiment may further include:
205、接收所述第二端發送的第二報文;205. Receive a second message sent by the second end;
其中,所述第二報文,是所述第二端上的第三控制模塊根據所述第二端上第二應用的第二數據流對應第二傳輸事務的第二事務信息,為所述第二數據流的第二數據塊確定相應的第二目標頭信息,並根據所述第二數據塊及所述第二目標頭信息生成的;所述第二目標頭信息用於校驗所述第二報文是否符合要求;The second message is generated by a third control module on the second end based on the second transaction information of the second transmission transaction corresponding to the second data flow of the second application on the second end, by determining corresponding second destination header information for the second data block of the second data flow, and based on the second data block and the second destination header information; the second destination header information is used to verify whether the second message meets the requirements;
所述第三控制模塊位於所述第二應用內或所述第二應用的外部。The third control module is located within the second application or outside the second application.
本實施例提供的技術方案,第一端需向第二端傳輸應用的第一數據流中的第一數據塊時,是基於確定出的第一數據流對應第一傳輸事務的第一事務信息,為第一數據塊確定相應的第一目標頭信息;進而根據第一數據塊及第一目標頭信息來生成相應待發送的第一報文,將第一報文發送至第二端的。上述中,第一目標頭信息用於校驗報文是否符合要求,這使得本方案能夠以較低成本,實現對傳輸數據內容的安全性管理。The technical solution provided by this embodiment, when a first end needs to transmit a first data block in a first data stream of an application to a second end, determines corresponding first destination header information for the first data block based on first transaction information corresponding to the first transmission transaction in the first data stream. Furthermore, a corresponding first message to be sent is generated based on the first data block and the first destination header information, and the first message is sent to the second end. The first destination header information is used to verify that the message meets requirements, enabling this solution to achieve security management of the transmitted data content at a relatively low cost.
這裡需要說明的是:本申請實施例提供的所述數據傳輸方法中各步驟未盡詳述的內容可參見本申請提供的其它各實施例中的相應內容,此處不再贅述。此外,本申請實施例提供的所述方法中除了上述各步驟以外,還可包括上述各實施例中其他部分或全部步驟,具體可參見上述各實施例相應內容,在此不再贅述。It should be noted that any details not fully described in the steps of the data transmission method provided in this embodiment of the present application can be found in the corresponding contents of the other embodiments provided in this application and will not be further described here. Furthermore, in addition to the above steps, the method provided in this embodiment of the present application may also include some or all of the other steps in the above embodiments, which can be found in the corresponding contents of the above embodiments and will not be further described here.
圖12示出了本申請又一實施例還提供的數據傳輸方法的流程示意圖。該數據傳輸方法適於如圖3c示出的中間網絡設備上的第四控制模塊(圖中未示出)。第四控制模塊內會事先預置的預置信息,該預置信息為實現本實施例提供的數據傳輸方法所需要用到的信息。有關第四控制模塊內的預置信息,可參見上文對第一控制模塊11內預置的預置信息的描述。以及有關第四控制模塊12的具體介紹,可參見上文其他實施例中相關內容,此處均不再做具體贅述。具體地,如參見圖12,本實施例提供的數據傳輸方法可包括如下步驟:FIG12 shows a flow chart of a data transmission method provided in another embodiment of the present application. This data transmission method is suitable for the fourth control module (not shown in the figure) on the intermediate network device shown in FIG3c. The fourth control module contains preset information, which is the information required to implement the data transmission method provided in this embodiment. For the preset information in the fourth control module, please refer to the above description of the preset information preset in the first control module 11. As for the specific introduction of the fourth control module 12, please refer to the relevant content in other embodiments above, which will not be described in detail here. Specifically, as shown in FIG12, the data transmission method provided in this embodiment may include the following steps:
A11、響應於第一端發送的需向第二端傳輸的第一數據塊,確定所述第一數據塊所屬的第一傳輸事務的第一事務信息;A11. In response to a first data block sent by the first end to be transmitted to the second end, determining first transaction information of a first transmission transaction to which the first data block belongs;
A12、基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;A12. Determine corresponding first target header information for the first data block based on the first transaction information;
A13、根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;A13. Generate a first message to be sent based on the first data block and the first target header information;
A14、將所述第一報文發送至所述第二端;A14. Sending the first message to the second end;
其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求。The first target header information is used to verify whether the first message meets the requirements.
一種可實現方案中,上述A11「響應於第一端發送的需向第二端傳輸的第一數據塊,確定所述第一數據塊所屬的第一傳輸事務的第一事務信息」,可具體包括:In one possible implementation, the above-mentioned A11 "determining, in response to a first data block sent by the first end to be transmitted to the second end, first transaction information of a first transmission transaction to which the first data block belongs" may specifically include:
A111、為所述第一傳輸事務生成相應的事務標識;A111. Generate a corresponding transaction identifier for the first transmission transaction;
A112、接收所述第一端上第一應用內第一控制模塊或所述第一端上第一應用外部的第二控制模塊發送的所述第一數據塊,以及第一數據塊所屬的第一傳輸事務的事務屬性標識;A112. Receive the first data block and a transaction attribute identifier of a first transmission transaction to which the first data block belongs, sent by a first control module within the first application on the first end or a second control module outside the first application on the first end.
A113、基於所述事務屬性標識,從預置的多個傳輸事務屬性信息中查詢所述第一傳輸事務的傳輸事務屬性信息。A113. Based on the transaction attribute identifier, query the transmission transaction attribute information of the first transmission transaction from a plurality of preset transmission transaction attribute information.
一種可實現方案中,上述A12「基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息」,可具體包括:In one possible implementation, the above-mentioned A12 "determining corresponding first target header information for the first data block based on the first transaction information" may specifically include:
A121、獲取所述第一數據塊所屬的第一數據流中數據塊對應的頭信息傳輸方式;A121. Obtaining a header information transmission mode corresponding to a data block in a first data stream to which the first data block belongs;
A122、根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;A122. Determine a target header field for the first data block from multiple header fields included in a default message header format based on the header information transmission mode and relevant information of the first data block;
A123、根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭。A123. Configure a field value corresponding to the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block.
上述A122「根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為第一數據塊確定目標報頭字段」的一具體可實現方案,可包括:A specific implementation of the aforementioned A122, "Determining a target header field for the first data block from a plurality of header fields included in a preset message header format based on the header information transmission method and information related to the first data block," may include:
A1221、根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在所述第一數據流中的排序;A1221. Determine, according to the block number of the first data block included in the relevant information, the order of the first data block in the first data stream.
A1222、若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在為所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段;A1222: If the header information transmission mode is the first mode, or the header information transmission mode is the second mode and the first data block is sorted last in the first data stream, or the header information transmission mode is the third mode and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields.
A1223、若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。A1223. If the header information transmission method is the second method and the data block is not sorted last in the first data stream, or the header information transmission method is the third method and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
在上述A1222給出的情況下,即所述多個報頭字段為所述目標報頭字段時,上述A123「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括:In the case given in A1222 above, that is, when the multiple header fields are the target header fields, the above A123 "configuring a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may specifically include:
A1231、為所述第一傳輸事務確定第一端對應的第二預置字符串;A1231. Determine a second preset character string corresponding to the first end for the first transmission transaction;
A1232、根據所述第二預置字符串、所述第一事務信息及所述第一數據塊的相關信息,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第一報文頭;A1232. Configure a corresponding field value of the target header field according to the second preset character string, the first transaction information, and relevant information of the first data block to obtain a first message header determined for the first data block.
其中,所述第一報文頭包括:所述第二端對應的第一預置字符串、所述第二預置字符串、所述第一傳輸事務的事務屬性標識、所述第一傳輸事務的事務標識、第一數據流中數據塊的總數量、所述第一數據塊的塊號、第一目標頭信息與所述第一數據塊的總大小、標注信息;The first message header includes: a first preset character string corresponding to the second end, the second preset character string, a transaction attribute identifier of the first transmission transaction, a transaction identifier of the first transmission transaction, a total number of data blocks in the first data stream, a block number of the first data block, a total size of first target header information and the first data block, and annotation information;
總數量為設定值時,表示所述第一數據流為數據塊的數量未獲知的流;預置字符串為相應端的地址信息,或者預置字符串用於隱藏相應端的地址信息。When the total quantity is a set value, it indicates that the first data stream is a stream with an unknown number of data blocks; the preset character string is the address information of the corresponding end, or the preset character string is used to hide the address information of the corresponding end.
進一步地,預置字符串用於隱藏相應端的地址信息時,上述A14「將所述第一報文發送至所述第二端」,包括:Furthermore, when the preset character string is used to hide the address information of the corresponding end, the above-mentioned A14 "sending the first message to the second end" includes:
A141、從所述第一事務信息包含的所述第一傳輸事務的傳輸事務屬性信息中,獲取所述第二端對應的第一預置字符串;A141. Obtain a first preset character string corresponding to the second end from the transmission transaction attribute information of the first transmission transaction included in the first transaction information.
A142、根據所述第一預置字符串,獲取所述第二端的地址信息;A142. Obtain address information of the second end according to the first preset character string;
A143、根據所述第二端的地址信息,將所述第一報文發送至所述第二端。A143. Send the first message to the second end according to the address information of the second end.
在上述A1223給出的情況下,即所述多個報頭字段中的部分報頭字段為所述目標報頭字段時,上述A123「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括:In the case given in A1223 above, that is, when some of the multiple header fields are the target header fields, the above A123 "configuring a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may specifically include:
A1231’、根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭,包括:A1231′, configuring a field value corresponding to a field of the target header according to at least one of the first transaction information and the relevant information of the first data block, to obtain a message header determined for the first data block, including:
A1232’、基於所述第一事務信息中所述第一傳輸事務的事務標識,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第二報文頭;A1232′: Based on the transaction identifier of the first transmission transaction in the first transaction information, configure a field value corresponding to the target header field to obtain a second message header determined for the first data block;
其中,所述第二報文頭包括所述第一傳輸事務的事務標識。The second message header includes the transaction identifier of the first transmission transaction.
進一步地,本實施例提供的所述方法還包括:Furthermore, the method provided in this embodiment also includes:
A15、接收所述第二端發送的需向第一端傳輸的第二數據塊,確定所述第二數據塊所屬的第二傳輸事務的第二事務信息;A15. Receive a second data block sent by the second end to be transmitted to the first end, and determine second transaction information of a second transmission transaction to which the second data block belongs;
A16、基於所述第二事務信息,為所述第二數據塊確定相應的第二目標頭信息;A16. Determine corresponding second target header information for the second data block based on the second transaction information;
A17、根據所述第二數據塊及所述第二目標頭信息,生成待發送的第二報文;A17. Generate a second message to be sent based on the second data block and the second destination header information;
A18、將所述第二報文發送至所述第一端;A18. Send the second message to the first end;
其中,所述第二目標頭信息用於校驗所述第二報文是否符合要求。The second destination header information is used to verify whether the second message meets the requirements.
這裡需要說明的是:本申請實施例提供的所述數據傳輸方法中各步驟未盡詳述的內容可參見本申請提供的其它各實施例中的相應內容,此處不再贅述。此外,本申請實施例提供的所述方法中除了上述各步驟以外,還可包括上述各實施例中其他部分或全部步驟,具體可參見上述各實施例相應內容,在此不再贅述。It should be noted that any details not fully described in the steps of the data transmission method provided in this embodiment of the present application can be found in the corresponding contents of the other embodiments provided in this application and will not be further described here. Furthermore, in addition to the steps described above, the method provided in this embodiment of the present application may also include some or all of the other steps in the aforementioned embodiments, which can be found in the corresponding contents of the aforementioned embodiments and will not be further described here.
本申請又一實施例還提供的數據傳輸方法。該數據傳輸方法與第一端連接的控制設備(如上文所述的第一控制設備),控制設備內會事先預置的預置信息,該預置信息為實現本實施例提供的數據傳輸方法所需要用到的信息。有關控制設備內的預置信息,可參見上文對第一控制模塊11內預置的預置信息的描述。以及有關控制設備的具體介紹,可參見上文其他實施例中相關內容,此處均不再做具體贅述。具體地,本實施例提供的數據傳輸方法可包括如下步驟:Another embodiment of the present application also provides a data transmission method. This data transmission method is connected to a control device (such as the first control device described above) connected to the first end, and the control device will have preset information pre-set in advance. This preset information is the information required to implement the data transmission method provided by this embodiment. For the preset information in the control device, please refer to the above description of the preset information preset in the first control module 11. As for the specific introduction of the control device, please refer to the relevant content in other embodiments above, which will not be described in detail here. Specifically, the data transmission method provided by this embodiment may include the following steps:
A21、接收所述第一端發送的需向第二端傳輸的第一數據流中的第一數據塊;A21. Receive a first data block in a first data stream sent by the first end and to be transmitted to the second end;
A22、確定所述第一數據流對應第一傳輸事務的第一事務信息;A22. Determine first transaction information of a first transmission transaction corresponding to the first data stream;
A23、基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;A23. Determine corresponding first target header information for the first data block based on the first transaction information;
A24、根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;A24. Generate a first message to be sent based on the first data block and the first target header information;
A25、將所述第一報文發送至所述第二端;A25. Send the first message to the second end;
其中,所述第一目標頭信息用於校驗所述第一報文是否要求。The first target header information is used to verify whether the first message is required.
這裡需要說明的是:本申請實施例提供的所述數據傳輸方法中各步驟未盡詳述的內容可參見本申請提供的其它各實施例中的相應內容,此處不再贅述。此外,本申請實施例提供的所述方法中除了上述各步驟以外,還可包括上述各實施例中其他部分或全部步驟,具體可參見上述各實施例相應內容,在此不再贅述。It should be noted that any details not fully described in the steps of the data transmission method provided in this embodiment of the present application can be found in the corresponding contents of the other embodiments provided in this application and will not be further described here. Furthermore, in addition to the steps described above, the method provided in this embodiment of the present application may also include some or all of the other steps in the aforementioned embodiments, which can be found in the corresponding contents of the aforementioned embodiments and will not be further described here.
下面本申請從「預置字符串」具有隱藏相應端的地址信息的作用角度來介紹一下本申請提供的技術方案。在從「預置字符串」的角度介紹本申請提供的數據傳輸方法之前,先介紹說明一下方法可基於的具體系統架構。This application will now explain the technical solution provided by this application from the perspective of how a "preset string" can conceal the address information of the corresponding end point. Before introducing the data transmission method provided by this application from the perspective of a "preset string," we will first explain the specific system architecture on which this method can be based.
具體地,從「預置字符串」的角度來講,本申請提供的數據傳輸方法可基於圖5a至5c所示的系統架構。如圖5a所示的本申請一實施例提供的數據傳輸系統的結構示意圖,所述數據傳輸系統包括:第一端10、第一控制設備31A和第二端20,其中,Specifically, from the perspective of "preset character strings", the data transmission method provided by this application can be based on the system architecture shown in Figures 5a to 5c. As shown in Figure 5a, a schematic structural diagram of a data transmission system provided by an embodiment of this application, the data transmission system includes: a first terminal 10, a first control device 31A and a second terminal 20, wherein:
第一端10,用於將需向第二端傳輸的第一數據塊發送至第一控制設備31A;The first end 10 is used to send a first data block to be transmitted to the second end to the first control device 31A;
第一控制設備31A,用於響應於所述第一端發送的所述第一數據塊,獲取所述第二端對應的第一預置字符串;其中,所述第一預置字符串用於隱藏所述第二端的地址信息;根據所述第一預置字符串,獲取所述第二端的地址信息;根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端。The first control device 31A is configured to, in response to the first data block sent by the first end, obtain a first preset string corresponding to the second end; wherein the first preset string is used to hide the address information of the second end; obtain the address information of the second end based on the first preset string; and transmit the first data block to the second end based on the address information of the second end.
有關第一端10、第一控制設備31A及第二端20的具體介紹以及三者之間的通信連接方式,可具體參見上文相關內容,此處不再做具體贅述。For a detailed introduction of the first terminal 10, the first control device 31A and the second terminal 20, as well as the communication connection method therebetween, please refer to the above-mentioned relevant contents, and no further details will be given here.
上述第一端10,向第一控制設備31A發送的第一數據塊為其上第一應用的第一數據流中的一個數據塊,有關第一應用及第一數據流的具體介紹可參見上文相關內容。當第一端10需向第二端20傳輸第一數據塊時,可調用其內部署的第一控制設備31A的設備驅動,利用事先在設備驅動內註冊的配置數據,為第一數據塊確定第二端對應的第一預置字符串,此外還可為第一數據塊確定第一端對應的第二預置字符串,以將第一預置字符串和第二預置字符串與第一數據塊一起下發給第一控制設備31A。其中,在設備驅動內事先註冊的配置數據可包括但不限於:第一端對應的多個第二預置字符串,第二預置字符串、傳輸事務的事務種類及傳輸事務的事務屬性標識三者之間的對應關係,第二端的名稱、訪問憑證、多個傳輸事務的傳輸事務屬性信息等等。第一端10通過調用其內部署的第一控制設備31A的設備驅動,可從確定出的第一數據塊所屬的第一數據流對應第一傳輸事務的傳輸事務屬性信息中,獲取第二端對應的第一預置字符串(即為第一數據塊確定第二端對應的第一預置字符串);以及可基於事務種類與第二預置字符串的對應關係,確定出與第一數據流對應傳輸事務的事務種類存在對應關係的第一端對應的第二預置字符串(即為第一數據塊確定第一端對應的第二預置字符串)。有關確定第一數據流對應傳輸事務的事務種類、傳輸事務屬性信息等的具體實現,可參見上文其它實施例中相關的內容。The first data block sent by the first end 10 to the first control device 31A is a data block in the first data stream of the first application on the first end. For detailed information about the first application and the first data stream, please refer to the relevant content above. When the first end 10 needs to transmit the first data block to the second end 20, it can call the device driver of the first control device 31A deployed therein and use the configuration data pre-registered in the device driver to determine a first preset string corresponding to the second end for the first data block. It can also determine a second preset string corresponding to the first end for the first data block, and then send the first and second preset strings along with the first data block to the first control device 31A. The configuration data pre-registered in the device driver may include, but is not limited to: multiple second preset strings corresponding to the first end, the correspondence between the second preset strings, the transaction type of the transmission transaction, and the transaction attribute identifier of the transmission transaction, the name of the second end, access credentials, transmission transaction attribute information of multiple transmission transactions, etc. By invoking the device driver of the first control device 31A deployed therein, the first end 10 can obtain a first preset string corresponding to the second end from the determined transmission transaction attribute information of the first transmission transaction corresponding to the first data stream to which the first data block belongs (i.e., determine the first preset string corresponding to the second end for the first data block). Furthermore, based on the correspondence between the transaction type and the second preset string, the first end 10 can determine a second preset string corresponding to the first end that corresponds to the transaction type of the transmission transaction corresponding to the first data stream (i.e., determine the second preset string corresponding to the first end for the first data block). For specific implementations of determining the transaction type and transmission transaction attribute information of the transmission transaction corresponding to the first data stream, please refer to the relevant content in other embodiments above.
或者,第一端10也可僅向第一控制設備發送第一數據塊,不向第一控制設備31A發送定第二端對應的第一預置字符串及第一端對應的第二預置字符串,由第一控制設備31A自主確定。Alternatively, the first end 10 may only send the first data block to the first control device, and not send the first preset character string corresponding to the second end and the second preset character string corresponding to the first end to the first control device 31A, which is determined independently by the first control device 31A.
基於上述內容,上述第一控制設備31A,在用於獲取所述第二端對應的第一預置字符串時,可具體用於如下中的任意一項:Based on the above, the first control device 31A, when used to obtain the first preset character string corresponding to the second end, can be specifically used for any one of the following:
11)接收所述第一端發送的第二端對應的第一預置字符串。11) Receiving a first preset character string corresponding to the second end sent by the first end.
12)確定所述第一數據塊所屬的第一數據流對應第一傳輸事務的傳輸事務屬性信息;從所述傳輸事務屬性信息中,獲取所述第二端對應的第一預置字符串。12) Determining transmission transaction attribute information of a first transmission transaction corresponding to a first data stream to which the first data block belongs; and obtaining a first preset character string corresponding to the second end from the transmission transaction attribute information.
有關確定第一數據流對應第一傳輸事務的傳輸事務屬性信息的具體實現,以及傳輸事務屬性信息的具體介紹,可參見上文其它實施例中相關內容。For the specific implementation of determining the transmission transaction attribute information of the first data stream corresponding to the first transmission transaction, and the specific introduction of the transmission transaction attribute information, please refer to the relevant content in other embodiments above.
在本實施例中,第一預置字符串用於隱藏第二端的地址信息,這樣做的目的可參見上文其它實施例中描述的與「情況22」相關的內容。具體實現隱藏的方式可以為但不限於:第一預置字符串關聯的關聯信息中包含第二端的地址信息。基於此,In this embodiment, the first preset string is used to hide the address information of the second end. The purpose of doing so can be referred to the content related to "Case 22" described in other embodiments above. The specific method of implementing the hiding can be, but is not limited to: the associated information associated with the first preset string includes the address information of the second end. Based on this,
第一控制設備31A,在用於「根據第二端對應的第一預置字符串,獲取第二端的地址信息」時,具體可用於:獲取第一預置字符串關聯的關聯信息;從所述關聯信息中,獲取所述第二端的地址信息。The first control device 31A, when used to "obtain address information of the second end according to the first preset string corresponding to the second end", can specifically be used to: obtain association information associated with the first preset string; and obtain the address information of the second end from the association information.
第一控制設備31A獲取到第二端的地址信息後,如圖5a所示,可以根據第二端的地址信息,直接將第一數據塊發送至第二端。或者,如圖5b和圖5c所示,為了進一步地提高數據傳輸的安全控制,也可以基於第一數據流對應第一傳輸事務的事務信息(包含事務標識、傳輸事務屬性信息)、第一預置字符串、第二預置字符串等,為第一數據塊生成相應待傳輸的報文,根據第二端的地址信息將生成的報文發送至第二端。基於此,在一種可實現的技術方案中,上述第一控制設備31A在用於「根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端」時,可具體用於:After the first control device 31A obtains the address information of the second end, as shown in Figure 5a, it can directly send the first data block to the second end based on the address information of the second end. Alternatively, as shown in Figures 5b and 5c, to further improve the security control of data transmission, a corresponding message to be transmitted can be generated for the first data block based on the transaction information (including transaction identification and transmission transaction attribute information) of the first transmission transaction corresponding to the first data stream, the first preset string, the second preset string, etc., and the generated message can be sent to the second end based on the address information of the second end. Based on this, in one feasible technical solution, when the first control device 31A is used to "send the first data block to the second end based on the address information of the second end," it can specifically be used to:
S41、確定所述第一數據塊所屬的第一數據流對應第一傳輸事務的第一事務信息;S41. Determine first transaction information of a first transmission transaction corresponding to a first data stream to which the first data block belongs;
S42、根據所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;S42: Determine corresponding first target header information for the first data block based on the first transaction information;
S43、根據所述第一目標頭信息及所述第一數據塊,生成待發送的第一報文;S43: Generate a first message to be sent based on the first target header information and the first data block;
S44、根據所述第二端的地址信息,將所述第一報文發送至所述第二端;S44: Send the first message to the second end according to the address information of the second end;
其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求,符合要求時所述第二端從所述第一報文中獲取並緩存第一數據。The first target header information is used to verify whether the first message meets the requirements. If it meets the requirements, the second end obtains and caches the first data from the first message.
有關上述S41的具體實現介紹,可參見上文其他各實施例中的相關內容。For the specific implementation of the above S41, please refer to the relevant content in other embodiments above.
一種可實現技術方案中,上述S42「根據所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息」,可具體包括:In one possible technical solution, the above-mentioned S42 "determining corresponding first target header information for the first data block based on the first transaction information" may specifically include:
S421、獲取所述第一數據流中數據塊對應的頭信息傳輸方式;S421: Obtaining a header information transmission mode corresponding to a data block in the first data stream;
S422、根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;S422: Determine a target header field for the first data block from a plurality of header fields included in a preset message header format according to the header information transmission mode and relevant information of the first data block;
S423、根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭。S423. Configure a field value corresponding to the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block.
有關上述S421中頭信息傳輸方式的具體介紹,可參見上文其他各實施例中相關內容。For a detailed description of the header information transmission method in S421, please refer to the relevant content in other embodiments above.
上述S422「根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段」,可包括:The above-mentioned S422 "determining a target header field for the first data block from a plurality of header fields included in a preset message header format based on the header information transmission method and relevant information of the first data block" may include:
S4221、根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在第一數據流中的排序;S4221: Determine the order of the first data block in the first data stream according to the block number of the first data block included in the relevant information;
S4222、若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在為所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段。S4222. If the header information transmission method is the first method, or the header information transmission method is the second method and the first data block is sorted last in the first data stream, or the header information transmission method is the third method and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields.
S4223、若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或者所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。S4223. If the header information transmission method is the second method and the data block is not sorted last in the first data stream, or the header information transmission method is the third method and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
在上述S4222給出的情況下,即所述多個報頭字段為所述目標報頭字段時,上述S423「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括:In the case given in S4222 above, that is, when the multiple header fields are the target header fields, the above S423 "configuring a field value corresponding to the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may specifically include:
S4231、獲取第一端對應的第二預置字符串;所述第二預置字符串用於隱藏所述第一端的地址信息;S4231: Obtain a second preset character string corresponding to the first end; the second preset character string is used to hide the address information of the first end;
S4232、基於所述第一預置字符串、所述第二預置字符串、所述第一事務信息及所述第一數據的相關信息,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第一報文頭;S4232: Based on the first preset character string, the second preset character string, the first transaction information, and relevant information of the first data, configure a corresponding field value of the target header field to obtain a first message header determined for the first data block.
其中,所述第一報文頭包括:所述第二端對應的第一預置字符串、所述第二預置字符串、所述第一傳輸事務的事務屬性標識、所述第一傳輸事務的事務標識、第一數據流中數據塊的總數量、所述第一數據塊的塊號、所述第一目標頭信息與所述第一數據塊的總大小、標注信息;總數量為設定值時,表示所述第一數據流為數據塊的數量未獲知的流。The first message header includes: a first preset string corresponding to the second end, the second preset string, a transaction attribute identifier of the first transmission transaction, a transaction identifier of the first transmission transaction, a total number of data blocks in the first data stream, a block number of the first data block, a total size of the first target header information and the first data block, and annotation information; when the total number is a set value, it indicates that the number of data blocks in the first data stream is unknown.
上述第一控制設備31,在用於上述S4231「獲取所述第一端對應的第二預置字符串」時,具體可用於如下中的任意一項:The first control device 31, when used in the above-mentioned S4231 "obtaining the second preset character string corresponding to the first end", can specifically be used for any one of the following:
21)接收所述第一端發送的所述第一端對應的第二預置字符串。21) Receive a second preset character string corresponding to the first end sent by the first end.
22)確定所述第一數據塊所屬的第一數據流對應第一傳輸事務的事務種類;基於預置的事務種類與第二預置字符串的對應關係,確定與所述第一傳輸事務的事務種類存在對應關係的所述第二預置字符串。22) Determining a transaction type of a first transmission transaction corresponding to the first data stream to which the first data block belongs; and based on a correspondence between preset transaction types and second preset character strings, determining a second preset character string that corresponds to the transaction type of the first transmission transaction.
有關上述21)及22)的具體實現描述,可參見上文相關內容。For the specific implementation description of the above 21) and 22), please refer to the relevant content above.
進一步地,若上述第一數據塊在所述第一數據流中排序第一或最後,則上述第一控制設備31,在用於上述S42時,還可具體用於:Furthermore, if the first data block is ranked first or last in the first data stream, the first control device 31, when used in S42, may be further configured to:
基於所述第一事務信息中所述第一傳輸事務的事務屬性類型信息,確定是否需要為所述第一數據塊添加數據頭;determining whether a data header needs to be added to the first data block based on the transaction attribute type information of the first transmission transaction in the first transaction information;
確定需要時,根據所述事務屬性類型信息中的數據頭使用信息,從預設的多個數據頭格式中選擇一個適配的數據頭格式;When it is determined that it is necessary, an adapted data header format is selected from a plurality of preset data header formats according to the data header usage information in the transaction attribute type information;
根據所述第一數據流的流信息,按照選擇出的數據頭格式為所述第一數據塊確定相應的數據頭。According to the stream information of the first data stream, a corresponding data header is determined for the first data block according to the selected data header format.
在上述S4223給出的情況下,即所述多個報頭字段中的部分報頭字段為所述目標報頭字段時,上述S423「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括:In the case given in S4223 above, that is, when some of the multiple header fields are the target header fields, the above S423 "configuring a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may specifically include:
S4231’、基於所述第一事務信息中的事務標識,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第二報文頭;S4231′: Based on the transaction identifier in the first transaction information, configure a field value corresponding to the target header field to obtain a second message header determined for the first data block;
其中,所述第二報文頭包括所述事務標識。Wherein, the second message header includes the transaction identifier.
有關上述S43及S44的具體實現,可參見上文其他實施例中相關內容。For the specific implementation of the above S43 and S44, please refer to the relevant content in other embodiments above.
相應地,上述第二端20,可具體用於對接收到的所述第一報文進行校驗;校驗通過後,從所述第一報文中獲得並緩存所述第一數據塊。Correspondingly, the second end 20 can be specifically used to verify the received first message; after the verification is passed, the first data block is obtained from the first message and cached.
基於上文本申請其他實施例中所描述的為預置字符串綁定(即關聯)的信息相關內容,可獲知預置字符串(如第二預置字符串)關聯的關聯信息包含有數據傳輸方向控制信息,有關數據傳輸方向控制信息的具體介紹,可參見上文相關內容。基於此,上述第一控制設備31,在用於上述S43「根據所述第一目標頭信息及所述第一數據塊,生成待發送的第一報文」之前,還可具體用於:Based on the information related to binding (i.e., associating) a preset string as described in other embodiments of the present application, it is known that the associated information associated with a preset string (e.g., the second preset string) includes data transmission direction control information. For a detailed description of data transmission direction control information, please refer to the relevant content above. Based on this, the first control device 31, before performing the aforementioned step S43 of "generating a first message to be transmitted based on the first target header information and the first data block," may also be specifically configured to:
從所述第二預置字符串關聯的關聯信息中,獲取數據傳輸方向控制信息;obtaining data transmission direction control information from the associated information associated with the second preset character string;
若所述數據傳輸方向控制信息指示允許控制設備將接收到的數據轉發至第二端,則觸發上述S43的操作;If the data transmission direction control information indicates that the control device is allowed to forward the received data to the second end, the operation of S43 is triggered;
若所述數據傳輸方向控制信息指示禁止控制設備將接收到的數據轉發至第二端,則根據所述第一數據塊所屬的第一數據流的數據類型,觸發上述S43的操作。If the data transmission direction control information indicates that the control device is prohibited from forwarding the received data to the second end, the above-mentioned operation S43 is triggered according to the data type of the first data stream to which the first data block belongs.
具體實施時,在所述數據傳輸方向控制信息指示禁止控制設備將接收到的數據轉發至第二端情況下,若確定第一數據塊所屬的第一數據流的數據類型為如上傳文件等非請求類型時,則可以對第一數據塊不予進行向第二端轉發處理,但可以進行如緩存等處理。反之,若確定第一數據塊所屬的第一數據流的數據類型為請求類型(如請求第二端上的資源(如網絡資源)),則可以先基於第一數據塊確定的請求參數,在本地查詢是否存在與請求參數適配的數據資源,若存在,直接將查詢到的與請求參數適配的數據資源反饋至第一端;若不存在,則可以從第二預置串關聯的關聯信息中獲取預設請求參數,以基於預設請求參數生成相應待發送的報文(為請求報文)並發送至第二端,以從第二端中獲取相應的數據資源並反饋給第一端。基於此,上述第一控制設備31A,在用於根據所述第一數據塊所屬的第一數據流的數據類型,觸發上述S43的操作時,可具體用於:In a specific implementation, when the data transmission direction control information indicates that the control device is prohibited from forwarding the received data to the second end, if it is determined that the data type of the first data stream to which the first data block belongs is a non-request type such as uploading a file, the first data block may not be forwarded to the second end, but may be processed such as cached. On the contrary, if it is determined that the data type of the first data stream to which the first data block belongs is a request type (such as a request for resources on the second end (such as network resources)), then based on the request parameters determined by the first data block, it is possible to first query locally whether there are data resources that are compatible with the request parameters. If so, the queried data resources that are compatible with the request parameters are directly fed back to the first end; if not, the preset request parameters can be obtained from the associated information associated with the second preset string, so as to generate a corresponding message to be sent (a request message) based on the preset request parameters and send it to the second end, so as to obtain the corresponding data resources from the second end and feed them back to the first end. Based on this, the first control device 31A, when used to trigger the operation of S43 according to the data type of the first data stream to which the first data block belongs, can be specifically used to:
所述數據類型為請求類型時,從所述關聯信息中獲取預設請求參數;基於所述預設請求參數及所述第一目標頭信息,生成待發送的所述第一報文;When the data type is a request type, obtaining a default request parameter from the associated information; generating the first message to be sent based on the default request parameter and the first target header information;
所述數據類型為非請求類型時,則不予進行發送處理。If the data type is not a request type, it will not be sent for processing.
進一步地,繼續參見圖5b和圖5c所示,本實施例提供的所述系統還可包括:第二控制設備32,與所述第二端20及所述第一控制設備31A通信連接;所述第二端的地址信息指向第二控制設備;相應地,Furthermore, referring to FIG. 5b and FIG. 5c, the system provided in this embodiment may further include: a second control device 32, which is communicatively connected to the second terminal 20 and the first control device 31A; the address information of the second terminal points to the second control device; accordingly,
上述第一控制設備31A,用於上述S44「根據所述第二端的地址信息,將所述第一報文發送至第二端」時,具體用於:根據所述第二端的地址信息,將所述第一報文發送至所述第二控制設備32,以由第二控制設備32將所述第一報文發送至第二端29;The first control device 31A is used, in step S44 of "sending the first message to the second terminal according to the address information of the second terminal," to send the first message to the second control device 32 according to the address information of the second terminal, so that the second control device 32 sends the first message to the second terminal 29;
上述第二控制設備32,用於對接收到的所述第一報文進行校驗;若校驗通過,且接收到所述第二端發送的獲取請求,則將所述第一報文發送至所述第二端;若校驗未通過,則不予進行發送處理。The second control device 32 is configured to verify the received first message; if the verification passes and the acquisition request sent by the second end is received, the first message is sent to the second end; if the verification fails, the message is not sent.
這裡需要說明的是:上述實施例提供的數據傳輸系統中的各設備或各端,除了可實現上述本實施例所述的功能步驟之外,還可實現本申請提供的其他各實施例中相關內容,有關上述各設備或各端具體可實現的功能內容以及相應的具體實現原理,可參見上文本申請其他實施例中的相應內容,此處不再贅述。It should be noted here that: in addition to being able to implement the functional steps described in the above-mentioned embodiment, each device or each end in the data transmission system provided by the above-mentioned embodiment can also implement the relevant contents in the other embodiments provided by this application. For the specific functional contents that can be implemented by the above-mentioned devices or each end and the corresponding specific implementation principles, please refer to the corresponding contents in the other embodiments of the above-mentioned application, which will not be repeated here.
基於上述介紹的本申請一實施例提供的數據傳輸系統相關內容,本申請另外三個實施例還提供的一種數據傳輸系統。具體地,Based on the above-described data transmission system provided by the first embodiment of this application, the other three embodiments of this application also provide a data transmission system. Specifically,
本申請另一實施例提供的數據傳輸系統,包括:目標設備、第一端及第一控制設備;其中,Another embodiment of the present application provides a data transmission system, comprising: a target device, a first terminal, and a first control device; wherein,
第一端,用於在需向所述目標設備傳輸第一數據塊時,獲取所述目標設備對應的第一預置字符串;基於所述第一預置字符串及所述第一數據塊,生成待發送的第一報文;將所述第一報文發送至所述第一控制設備;其中,第一預置字符串用於隱藏目標設備的地址信息;The first end is configured to obtain a first preset character string corresponding to the target device when transmitting a first data block to the target device; generate a first message to be sent based on the first preset character string and the first data block; and send the first message to the first control device; wherein the first preset character string is used to conceal address information of the target device;
第一控制設備,用於根據從所述第一報文中獲取到的所述第一預置字符串,確定所述目標設備的地址信息;根據所述目標設備的地址信息,將所述第一報文發送至所述目標設備;a first control device, configured to determine address information of the target device based on the first preset character string obtained from the first message; and send the first message to the target device based on the address information of the target device;
進一步地,上述目標設備包括第二端;以及,第一控制設備,具體用於根據所述第一預置字符串,確定所述第二端的地址信息;根據所述第二端的地址信息,將所述第一報文發送至所述第二端。Furthermore, the above-mentioned target device includes a second end; and a first control device, which is specifically used to determine the address information of the second end based on the first preset character string; and send the first message to the second end based on the address information of the second end.
進一步地,上述目標設備還包括第二控制設備,與所述第二端及所述第一控制設備通信連接;所述第二端的地址信息指向第二控制設備;Furthermore, the target device further includes a second control device, which is communicatively connected to the second end and the first control device; the address information of the second end points to the second control device;
所述第一控制設備,具體用於根據所述第二端的地址信息,將所述第一報文發送至所述第二控制設備;The first control device is specifically configured to send the first message to the second control device according to the address information of the second end;
第二控制設備,用於對接收到的所述第一報文進行校驗;校驗通過後,緩存所述第一報文,以等待所述第二端獲取;a second control device, configured to verify the received first message; and after verification, cache the first message to wait for the second end to obtain it;
第二端,用於向所述第二控制設備發送獲取請求;接收所述第二控制設備針對所述獲取請求反饋的所述第一報文。The second end is used to send an acquisition request to the second control device; and receive the first message fed back by the second control device in response to the acquisition request.
有關上述第一端、第一控制設備、第二控制設備及第二端的具體介紹、以及各自具體可實現的功能、功能具體實現描述,可參見上文相關內容。For a detailed introduction to the first end, the first control device, the second control device, and the second end, as well as their respective achievable functions and descriptions of their specific implementations, please refer to the relevant content above.
本申請另一實施例提供的數據傳輸系統的系統架構,可參見圖5d或圖5e示出的系統架構。具體地,如參見圖5d或圖5e所示,本實施例提供的所述數據傳輸系統包括:第一端10、第一控制設備31、第二控制設備32及第二端20;其中,The system architecture of the data transmission system provided in another embodiment of the present application can be seen in FIG5d or FIG5e. Specifically, as shown in FIG5d or FIG5e, the data transmission system provided in this embodiment includes: a first terminal 10, a first control device 31, a second control device 32 and a second terminal 20; wherein,
第一端10,用於在需向第二端傳輸第一數據塊時,獲取所述第二端對應的第一預置字符串;基於所述第一預置字符串及所述第一數據塊,生成待發送的所述第一報文;將所述第一報文發送至所述第一控制設備;其中,第一預置字符串用於隱藏第二端的地址信息;The first terminal 10 is configured to obtain a first preset character string corresponding to the second terminal when transmitting a first data block to the second terminal; generate a first message to be sent based on the first preset character string and the first data block; and send the first message to the first control device; wherein the first preset character string is used to hide the address information of the second terminal;
第一控制設備31,用於根據從所述第一報文中獲取到的所述第一預置字符串,確定所述第二端的地址信息;根據所述第二端的地址信息,將所述第一報文發送至所述第二控制設備;The first control device 31 is configured to determine the address information of the second end based on the first preset character string obtained from the first message; and send the first message to the second control device based on the address information of the second end;
第二控制設備32,用於緩存接收到的所述第一報文,以等待所述第二端獲取;a second control device 32, configured to cache the received first message, waiting for the second end to obtain it;
第二端20,用於向所述第二控制設備發送獲取請求;接收所述第二控制設備針對所述獲取請求反饋的所述第一報文。The second end 20 is configured to send an acquisition request to the second control device and receive the first message fed back by the second control device in response to the acquisition request.
有關上述第一端10、第一控制設備31、第二控制設備32及第二端20的具體介紹及各自具體可實現的功能、功能具體實現描述,可參見上文相關內容。For a detailed introduction to the first end 10, the first control device 31, the second control device 32, and the second end 20, as well as their respective achievable functions and descriptions of their specific implementations, please refer to the relevant content above.
本申請又一實施例提供的數據傳輸系統包括:第一端、第一控制設備及第二端;Another embodiment of the present application provides a data transmission system comprising: a first end, a first control device, and a second end;
第一端,用於在需向第二端傳輸第一數據塊時,獲取第二端對應的第一預置字符串及所述第一端對應的第二預置字符串;將所述第一預置字符串、所述第二預置字符串及所述第一數據塊發送至第一控制設備;其中,預置字符串用於隱藏相應端的地址信息;The first end is configured to obtain a first preset character string corresponding to the second end and a second preset character string corresponding to the first end when transmitting a first data block to the second end; and transmit the first preset character string, the second preset character string, and the first data block to a first control device; wherein the preset character string is configured to conceal address information of the corresponding end;
第一控制設備,用於確定所述第一數據塊所屬的第一數據流對應第一傳輸事務的第一事務信息;基於所述第一事務信息、所述第一預置字符串及所述第二預置字符串,為所述第一數據塊確定相應的第一目標頭信息;根據所述第一目標頭信息及所述第一數據塊,生成待發送的所述第一報文;並根據所述第一預置字符串獲取到的第二端的地址信息,將所述第一報文發送至第二端。The first control device is configured to determine first transaction information of a first transmission transaction corresponding to a first data stream to which the first data block belongs; determine corresponding first destination header information for the first data block based on the first transaction information, the first preset character string, and the second preset character string; generate a first message to be sent based on the first destination header information and the first data block; and send the first message to the second end based on address information of the second end obtained from the first preset character string.
第二端,用於對接收到的所述第一報文進行校驗;校驗通過後,從所述第一報文中獲得並緩存所述第一數據塊。The second end is used to verify the received first message; after the verification is passed, the first data block is obtained from the first message and cached.
有關上述第一端、第一控制設備、第二控制設備及第二端的具體介紹及各自具體可實現的功能、功能具體實現描述,可參見上文相關內容。For a detailed introduction to the first end, the first control device, the second control device, and the second end, as well as their respective achievable functions and descriptions of their specific implementations, please refer to the relevant content above.
基於上述結合圖5a至5c所介紹的系統內容,本申請一實施例還提供了相應的數據傳輸方法,具體地如下:Based on the system contents described above in conjunction with Figures 5a to 5c, an embodiment of this application also provides a corresponding data transmission method, specifically as follows:
圖13示出了本申請一實施例提供的數據傳輸方法的流程示意圖。該數據傳輸方法適於如圖5a示出的第一端10連接的控制設備,即第一控制設備31。第一控制設備31內事先預置的預置信息包括上文所述的針對第一端10創建的配置文件,進一步地,還可包括針對第二端20創建的配置文件。有關配置文件中可包括的具體內容,可參見上文其他各實施例中相關內容。如參見圖13,本實施例提供的數據傳輸方法包括以下步驟:FIG13 is a flow chart illustrating a data transmission method according to an embodiment of the present application. This data transmission method is applicable to a control device connected to the first terminal 10 shown in FIG5a, namely, the first control device 31. The pre-configured information pre-set within the first control device 31 includes the configuration file created for the first terminal 10 described above, and may also include a configuration file created for the second terminal 20. For details on the specific content that may be included in the configuration file, please refer to the relevant content in the other embodiments described above. As shown in FIG13 , the data transmission method according to this embodiment includes the following steps:
301、響應於所述第一端發送的需向第二端傳輸的第一數據塊,獲取所述第二端對應的第一預置字符串;其中,所述第一預置字符串用於隱藏所述第二端的地址信息;301. In response to a first data block sent by the first end to be transmitted to the second end, obtaining a first preset character string corresponding to the second end; wherein the first preset character string is used to hide address information of the second end;
302、根據所述第一預置字符串,獲取所述第二端的地址信息;302. Obtain address information of the second end according to the first preset character string;
303、根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端。303. Send the first data block to the second end according to the address information of the second end.
在一種可實現的技術方案中,上述301「獲取所述第二端對應的第一預置字符串」,可具體包括:In one feasible technical solution, the above-mentioned 301 "obtaining the first preset character string corresponding to the second end" may specifically include:
3011、確定所述第一數據塊所屬的第一數據流對應第一傳輸事務的第一事務信息;3011. Determine first transaction information of a first transmission transaction corresponding to a first data stream to which the first data block belongs.
3012、從所述第一事務信息中,獲取所述第二端對應的第一預置字符串。3012. Obtain a first preset character string corresponding to the second end from the first transaction information.
有關上述3011~3012的具體描述,可參見上文其他各實施例中相關內容。For detailed descriptions of 3011-3012, please refer to the relevant contents in other embodiments above.
上述302中,可以從第一預置字符串關聯的關聯信息中,獲取第二端的地址信息。有關預置字符串(如第一預置字符串、上下文涉及的第二預置字符串)關聯的關聯信息的具體介紹,可參見本申請其他各實施例中相關內容。In step 302 above, the address information of the second end can be obtained from the association information associated with the first preset string. For a detailed description of the association information associated with the preset strings (e.g., the first preset string and the second preset string related to the context), please refer to the relevant content in other embodiments of this application.
在一種可實現技術方案中,如參見圖5b或圖5c所示,上述303「根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端」,可具體包括:In one possible technical solution, as shown in FIG. 5 b or FIG. 5 c , the above-mentioned step 303 of “sending the first data block to the second end according to the address information of the second end” may specifically include:
3031、基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;3031. Determine corresponding first target header information for the first data block based on the first transaction information.
3032、根據所述第一目標頭信息及所述第一數據塊,生成待發送的第一報文;3032. Generate a first message to be sent based on the first target header information and the first data block.
3033、根據所述第二端的地址信息,將所述第一報文發送至所述第二端;3033. Send the first message to the second end according to the address information of the second end.
其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求,符合要求時所述第二端從所述第一報文中獲取並緩存第一數據;The first destination header information is used to verify whether the first message meets the requirements. If the first message meets the requirements, the second end obtains and caches the first data from the first message.
一具體可實現技術方案中,上述3031「基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息」,可具體包括如下步驟:In a specific implementation, the above-mentioned step 3031 "determining corresponding first target header information for the first data block based on the first transaction information" may specifically include the following steps:
30311、獲取所述第一數據流中數據塊對應的頭信息傳輸方式;30311. Obtain a header information transmission mode corresponding to a data block in the first data stream;
30312、根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;30312. Determine a target header field for the first data block from multiple header fields included in a default message header format based on the header information transmission mode and relevant information of the first data block.
30313、根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭。30313. Based on at least one of the first transaction information and the relevant information of the first data block, configure a field value corresponding to the target header field to obtain a message header determined for the first data block.
有關上述30311中頭信息傳輸方式的相關介紹,可參見上文其它實施例中相關內容。For the relevant introduction of the header information transmission method in the above 30311, please refer to the relevant content in other embodiments above.
在一實施例中,上述30312「根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段」,可具體包括:In one embodiment, the above-mentioned 30312 "determining a target header field for the first data block from multiple header fields included in a default message header format based on the header information transmission method and relevant information of the first data block" may specifically include:
303121、根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在第一數據流中的排序;303121. Determine, based on the block number of the first data block included in the relevant information, the order of the first data block in the first data stream.
303122、若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在為所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段。303122. If the header information transmission method is the first method, or the header information transmission method is the second method and the first data block is sorted last in the first data stream, or the header information transmission method is the third method and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields.
303123、若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或者所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。303123. If the header information transmission method is the second method and the data block is not sorted last in the first data stream, or if the header information transmission method is the third method and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
在上述303122給出的情況下,即所述多個報頭字段為所述目標報頭字段時,上述30313「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括:In the case given in 303122 above, that is, when the multiple header fields are the target header fields, the above 30313 "configuring a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may specifically include:
獲取所述第一端對應的第二預置字符串,所述第二預置字符串用於隱藏所述第一端的地址信息;Obtaining a second preset character string corresponding to the first end, where the second preset character string is used to hide address information of the first end;
基於所述第一預置字符串、所述第二預置字符串、所述第一事務信息及所述第一數據的相關信息,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第一報文頭;configuring a field value corresponding to a field of the target header based on the first preset character string, the second preset character string, the first transaction information, and relevant information of the first data, to obtain a first message header determined for the first data block;
其中,所述第一報文頭包括:所述第一預置字符串、所述第二預置字符串、所述第一傳輸事務的事務屬性標識、所述第一傳輸事務的事務標識、目標頭信息與第一數據塊的總大小、第一數據流中數據塊的總數量、所述第一數據塊的序列號、標注信息;The first message header includes: the first preset character string, the second preset character string, a transaction attribute identifier of the first transmission transaction, a transaction identifier of the first transmission transaction, target header information and a total size of the first data block, a total number of data blocks in the first data stream, a sequence number of the first data block, and annotation information;
總數量為設定值時,表示所述第一數據流為數據塊的數量未獲知的流。When the total quantity is a set value, it indicates that the first data stream is a stream with an unknown number of data blocks.
在上述303123給出的情況下,即所述多個報頭字段中的部分報頭字段為所述目標報頭字段時,上述30313「根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭」,可具體包括:In the case given in 303123 above, that is, when some of the multiple header fields are the target header fields, the above 30313 "configuring a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block" may specifically include:
基於所述第一事務信息中的事務標識,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第二報文頭;configuring a field value corresponding to a field of the target header based on the transaction identifier in the first transaction information to obtain a second header determined for the first data block;
其中,所述第二報文頭包括所述事務標識。Wherein, the second message header includes the transaction identifier.
有關上文各步驟中的具體實現介紹,可參見上文本申請其他各實施例中相關內容。For the specific implementation of each step above, please refer to the relevant content in other embodiments of the above application.
本實施例提供的技術方案,在響應於第一端發送的需向第二端傳輸的第一數據塊,獲取第二端對應的第一預置字符串(用於隱藏第二端的地址信息)後,可根據第一預置字符串來獲取第二端的地址信息,並根據第二端的地址信息,將第一數據塊發送至第二端。本方案中,利用預置字符串來隱藏相應端的地址信息,使得數據發起端無法獲知目標端的地址,能保護目標端的地址信息;且既使發起端被惡意控制後,也無法對網絡上的其他設備進行掃描、探測等,可有效避免惡意攻擊。The technical solution provided by this embodiment, in response to a first data block sent by a first end to be transmitted to a second end, obtains a first preset string corresponding to the second end (used to conceal the second end's address information). The solution then obtains the second end's address information based on the first preset string and transmits the first data block to the second end based on the second end's address information. In this solution, by using the preset string to conceal the corresponding end's address information, the data originating end cannot obtain the destination end's address, thus protecting the destination end's address information. Furthermore, even if the originating end is maliciously controlled, it cannot scan or detect other devices on the network, effectively preventing malicious attacks.
進一步地,在執行上述3032「根據所述第一目標頭信息及所述第一數據塊,生成待發送的報文」之前,本實施例提供的所述方法還可包括如下步驟:Furthermore, before executing the above 3032 "generating a message to be sent based on the first target header information and the first data block", the method provided in this embodiment may also include the following steps:
S51、從所述第二預置字符串關聯的關聯信息中,獲取數據傳輸方向控制信息;S51. Obtaining data transmission direction control information from associated information associated with the second preset character string;
S52、若所述數據傳輸方向控制信息指示允許控制設備將接收到的數據轉發至第二端,則觸發所述根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端的操作;S52: If the data transmission direction control information indicates that the control device is allowed to forward the received data to the second end, triggering the operation of sending the first data block to the second end according to the address information of the second end;
S53、若所述數據傳輸方向控制信息指示禁止控制設備將接收到的數據轉發至所述第二端,則根據所述第一數據塊所屬的第一數據流的數據類型,觸發所述根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端的操作。S53. If the data transmission direction control information indicates that the control device is prohibited from forwarding the received data to the second end, triggering the operation of sending the first data block to the second end according to the address information of the second end based on the data type of the first data stream to which the first data block belongs.
一具體可實現技術方案中,上述S53「根據所述第一數據塊所屬的第一數據流的數據類型,觸發所述根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端的操作」,可具體包括如下步驟:In a specific implementation, the above-mentioned S53 "triggering the operation of sending the first data block to the second end according to the address information of the second end based on the data type of the first data stream to which the first data block belongs" may specifically include the following steps:
S531、所述數據類型為請求類型時,從所述關聯信息中獲取預設請求參數;根據所述第二端的地址信息,將所述預設請求參數發送至所述第二端;S531: When the data type is a request type, obtain a default request parameter from the associated information; and send the default request parameter to the second end according to the address information of the second end;
S532、所述數據類型為非請求類型時,則不予進行發送處理。S532: If the data type is not a request type, the data will not be sent for processing.
進一步地,若數據傳輸方向控制信息指示允許控制設備將接收到的數據轉發至所述第二端、但禁止所述控制設備對接收到的所述第二端發送的數據進行轉發,則Furthermore, if the data transmission direction control information indicates that the control device is allowed to forward the received data to the second end, but prohibits the control device from forwarding the received data sent by the second end, then
本實施例提供的所述方法還包括:接收到所述第二端針對所述第一數據塊返回的反饋信息時,對所述反饋信息不予進行發送處理;The method provided in this embodiment further includes: upon receiving feedback information returned by the second end in response to the first data block, not sending or processing the feedback information;
進一步地,本實施例提供的所述方法,還可包括如下步驟:Furthermore, the method provided in this embodiment may further include the following steps:
300a、在與所述第一端建立通信連接時,接收所述第一端發送的連接校驗信息;300a. When establishing a communication connection with the first end, receiving connection verification information sent by the first end;
300b、針對所述連接校驗信息,向所述第一端反饋相應的校驗結果,以便所述第一端基於所述校驗結果確定是否與所述控制設備建立通信鏈路,以通過所述通信鏈路發送所述第一數據塊;300b. Feedback a corresponding verification result to the first end based on the connection verification information, so that the first end determines whether to establish a communication link with the control device based on the verification result to send the first data block through the communication link;
其中,所述連接校驗信息包括如下中的至少一項:攜帶有校驗值的校驗指令、與第一控制設備的設備驅動相關的驗證數據。The connection verification information includes at least one of the following: a verification instruction carrying a verification value, and verification data related to the device driver of the first control device.
這裡需要說明的是:本申請實施例提供的所述數據傳輸方法中各步驟未盡詳述的內容可參見本申請提供的其它各實施例中的相應內容,此處不再贅述。此外,本申請實施例提供的所述方法中除了上述各步驟以外,還可包括上述本申請提供的其他各實施例中其他部分或全部步驟,具體可參見上述各實施例相應內容,在此不再贅述。It should be noted that for any details not fully described in the steps of the data transmission method provided in this embodiment, reference may be made to the corresponding details in the other embodiments provided in this application, and will not be further elaborated here. Furthermore, in addition to the steps described above, the method provided in this embodiment may also include some or all of the other steps in the other embodiments provided in this application, and for details, reference may be made to the corresponding details in the above embodiments, and will not be further elaborated here.
針對上述結合圖13所描述的本申請提供的一種數據傳輸方法,這裡需要補充說明以下幾點內容,下面補充說明幾點內容是用於針對第一端實現數據安全的防護與控制能力的加強。具體地如下:Regarding the data transmission method provided by this application described above in conjunction with FIG. 13 , the following additional points need to be explained. These additional points are used to enhance the protection and control capabilities of data security at the first end. Specifically, they are as follows:
1)通信接入方面:主要為控制設備的設備驅動方面1) Communication access: mainly for controlling the device driving aspects
上述所述第一數據塊為所述第一端上第一應用的數據流中的一個數據塊。以及,如參見圖6a和圖6b,本申請方案中第一端與控制設備之間並不使用現有的TCP/IP協議的方式進行通信連接,而是在物理上通過硬件連接以實現通信,比如第一端與控制設備之間採用USB方式實現硬件連接。並且,第一端上還安裝有控制設備的設備驅動,以及第一端上第一應用的業務邏輯層順序為:第一應用<——>第一端的操作系統<——>第一端上控制設備的設備驅動<——>第一端的硬件結構(為非TCP/IP協議的硬件接口,如USB接口)。上述第一端的硬件接口用於與控制設備上相應的硬件接口(如USB接口)連接,第一端通過控制設備向外發送數據。而且,上述第一端上控制設備的設備驅動能對第一應用進行鑒權以判斷是否接收第一數據塊發送的功能調用。The first data block mentioned above is a data block in the data stream of the first application on the first end. Furthermore, as shown in Figures 6a and 6b, the communication connection between the first end and the control device in this application scheme is not achieved using the existing TCP/IP protocol. Instead, communication is achieved physically through a hardware connection, such as a USB hardware connection between the first end and the control device. Furthermore, a device driver for the control device is also installed on the first end, and the business logic layer sequence of the first application on the first end is: first application <--> operating system of the first end <--> device driver of the control device on the first end <--> hardware structure of the first end (which is a hardware interface that is not a TCP/IP protocol, such as a USB interface). The hardware interface on the first end is configured to connect to a corresponding hardware interface (e.g., a USB interface) on a control device, allowing the first end to transmit data externally through the control device. Furthermore, the device driver of the control device on the first end can authenticate the first application to determine whether to accept a function call sent by the first data block.
由上,通過上述所述的業務邏輯層順序,能實現第一端上的硬件接口對其上的第一應用在操作系統層面進行隱藏,使得只有控制設備的設備驅動能直接訪問第一端的硬件接口,而第一端上除設備驅動以外的應用則無法直接訪問硬件接口(即可認為第一端的硬件接口對其上應用來說是隱藏的),這樣既使第一端上安裝有惡意應用程序,則該惡意應用程序也無法直接通過其上的硬件接口向外進行通信以發送惡意攻擊數據。而且,本方案中由於第一端(相當於客戶端)使用非TCP/IP協議通訊,自身可以無需使用網卡或直接禁用網卡(也可以正常使用網卡連接網絡,不影響其他網絡通訊),所以當第一端被木馬、病毒等惡意應用程序控制時,惡意應用程序沒有可調用TCP/IP協議的通用接口程序(如禁用網卡的情況下)、或者調用後也無法連接目標設備(如未接網線的情況下)。再者,第一端對應的硬件接口(用於連接控制設備)為非通用的接口程序,惡意程序無法識別和使用該接口,調用時權限會受到限制。即使惡意程序將數據發送至控制設備,由於沒有官方的設備驅動的憑證,控制設備也不會進行處理。由此,顯然本方案能使惡意程序既無法發送數據、也無法接收數據,以及攻擊其他設備等。相當於,對惡意程序來說,第一端是未聯網的單機設備,無法進行通訊、發送數據和遠程控制。As described above, through the business logic layer sequence described above, the hardware interface on the first end can be hidden from the first application on it at the operating system level, so that only the device driver of the control device can directly access the hardware interface of the first end, while applications on the first end other than the device driver cannot directly access the hardware interface (that is, the hardware interface of the first end can be considered hidden from the applications on it). In this way, even if a malicious application is installed on the first end, the malicious application cannot directly communicate outward through the hardware interface on it to send malicious attack data. Furthermore, in this solution, because the first end (equivalent to the client) uses a non-TCP/IP protocol for communication, it can dispense with a network card or disable it (it can still connect to the network normally without affecting other network communications). Therefore, if the first end is controlled by a malicious application such as a trojan or virus, the malicious application cannot call the universal TCP/IP protocol interface (for example, if the network card is disabled) or even if it does, it will be unable to connect to the target device (for example, if the network cable is not connected). Furthermore, the hardware interface corresponding to the first end (for connecting to the control device) is a non-universal interface, which the malicious application cannot recognize and use, and its access permissions will be restricted. Even if the malicious application sends data to the control device, the control device will not process it because it lacks official device driver credentials. Therefore, it is clear that this solution can prevent malicious programs from sending or receiving data, as well as attacking other devices. This means that for malicious programs, the first end is a standalone device that is not connected to the Internet, unable to communicate, send data, or conduct remote control.
例如,假設第一端(如客戶端)與控制設備是通過USB方式進行通信,則按照上述所述的第一端上第一應用的業務層邏輯層順序,第一應用必須通過第一端上控制設備的設備驅動才能間接的來訪問第一端的USB接口,以實現向外發送數據。由此:若第一端上某一個應用A需要向外發送數據時,便需要通過第一端的操作系統先訪問設備驅動的API(或SDK)接口以進行鑒權,比如,預先給授權訪問的應用是頒發有數字證書或者密碼憑證等憑證信息,在應用訪問設備驅動時需要附帶相應的憑證信息,以便設備驅動根據憑證信息進行鑒權;當設備驅動針對應用A鑒權通過,判定出是可以接收應用A的數據(如應用A的數據流中的一個數據塊,即第一數據塊)發送的功能調用的,則設備驅動便會直接訪問第一端的USB接口,從而通過第一端的USB接口將應用A的數據發送至控制設備,由控制設備將應用A的數據通過網絡轉發至第二端(服務端)。For example, assuming that the first end (such as the client) communicates with the control device via USB, then according to the business-layer logical order of the first application on the first end described above, the first application must access the USB interface of the first end indirectly through the device driver of the control device on the first end to send data outward. Therefore: if an application A on the first end needs to send data outward, it needs to first access the API (or SDK) interface of the device driver through the operating system of the first end for authentication. For example, the application that is pre-authorized to access is issued with certificate information such as a digital certificate or a password certificate. When the application accesses the device driver, it needs to attach the corresponding certificate information so that the device driver can authenticate based on the certificate information; when the device driver is set If the device driver authenticates application A and determines that it can receive data from application A (e.g., a data block in application A's data stream, i.e., the first data block), the device driver will directly access the USB interface on the first end and send the data from application A to the control device through the USB interface on the first end. The control device then forwards the data from application A to the second end (the server) via the network.
而當應用A為木馬、病毒等惡意應用軟件時:首先惡意應用軟件能用TCP/IP網絡通用接口程序(如Socket接口)進行網絡通訊,以實現連接控制端,或自動掃描網絡中的設備、連接網絡設備、並進行數據發送等惡意操作,但因為控制設備的設備驅動是非通用接口程序,在此情況下自然無法成功實現訪問設備驅動進行網絡通訊等惡意操作。其次,即使應用A能夠訪問設備驅動,但發送的數據無法附帶有效憑證,此時設備驅動則針對應用A便會鑒權不通過,判定出是不可以接收應用A的數據發送的功能調用的,從而設備驅動也就不會進一步執行訪問第一端的硬件接口以對應用A的數據進行發送處理,所以在此情況下,雖然第一端被惡意的應用A控制,但是該應用A發起的惡意攻擊數據在達到設備驅動階段便已被阻斷,根本達到不了第一端的USB接口,為此更不會向外流出,從而對其他設備也就無法造成攻擊。If Application A is a malicious application such as a Trojan horse or virus, the malicious application can use TCP/IP universal network interface programs (such as Socket interfaces) to communicate over the network, enabling it to connect to a control terminal, automatically scan for devices on the network, connect to network devices, and perform other malicious operations such as sending data. However, because the device driver used to control the device is not a universal interface program, it cannot successfully access the device driver to perform network communications and other malicious operations. Secondly, even if Application A can access the device driver, the data it sends will not be accompanied by a valid certificate. In this case, the device driver will fail to authenticate Application A and determine that it is not allowed to receive the function call of Application A's data transmission. Therefore, the device driver will not further execute the access to the hardware interface of the first end to send and process Application A's data. Therefore, in this case, although the first end is controlled by the malicious Application A, the malicious attack data initiated by Application A is blocked before reaching the device driver. It cannot reach the USB interface of the first end and therefore cannot flow out, thus causing an attack on other devices.
綜上,顯然採用本申請請求項1的方案,通過第一端側對應用的鑒權(具體地時通過第一端上控制設備的設備驅動對應用的鑒權)以及硬件接口的,客戶端鑒權(接口無法調用,惡意數據無法發送)+控制設備鑒權(基於對客戶端的不信任,客戶端即使發送了數據塊,在鑒權失敗的情況下,也不處理該數據),惡意應用是無法通過第一端向其他設備發起掃描、探測或者攻擊等惡意行為的,為此本方案是能夠加強數據安全的防護與控制能力的。In summary, it is obvious that the solution of claim 1 of this application is adopted. Through the authentication of the application on the first end side (specifically, through the authentication of the application by the device driver of the control device on the first end) and the hardware interface, the client authentication (the interface cannot be called and malicious data cannot be sent) + the control device authentication (based on the distrust of the client, even if the client sends a data block, it will not process the data if the authentication fails), malicious applications cannot initiate malicious behaviors such as scanning, detection or attack to other devices through the first end. Therefore, this solution can enhance the protection and control capabilities of data security.
2)數據傳輸方面:主要為控制設備層面2) Data transmission: mainly for control equipment level
考慮到既使通過1)所描述的數據安全的防護與控制,因某些因素也可能會致使第一端上惡意應用的數據被向外發送。例如,若第一端上部署的是控制設備的仿版設備驅動,因仿版設備驅動的鑒權功能存在缺陷,可能存在該仿版設備驅動對惡意應用鑒權通過風險,從而調用第一端的硬件接口將惡意應用的數據向外發送(或在物理上直接向控制設備的硬件接口發送惡意數據),即將惡意應用的數據發送至了控制設備,並以此導致控制設備將惡意應用的數據轉發至了網絡內的其它設備(第二端),對其它設備造成攻擊。Consider that even with the data security protection and control described in 1), certain factors may still cause malicious application data on the first end to be transmitted externally. For example, if a replica device driver of the control device is deployed on the first end, due to defects in the authentication function of the replica device driver, there is a risk that the replica device driver will be able to authenticate the malicious application and thus call the hardware interface of the first end to transmit the malicious application data externally (or physically send the malicious data directly to the hardware interface of the control device). In other words, the malicious application data is sent to the control device, which in turn forwards the malicious application data to other devices within the network (the second end), causing attacks on these other devices.
針對此,為能更進一步地有效加強信息安全的防護與控制能力,本申請方案中控制設備對第一端(或硬件接口)發送的數據是不信任的,既使第一端向控制設備發送了相應的第一數據塊,控制設備仍會對接收到的第一數據塊做進一步地驗證處理,以驗證該第一數據塊是否為通過官方正版的設備驅動發送的,從而根據驗證結果來確定是否對第一數據塊執行發送處理。In response to this, in order to further effectively enhance the protection and control capabilities of information security, the control device in this application scheme does not trust the data sent by the first end (or hardware interface). Even if the first end sends the corresponding first data block to the control device, the control device will still perform further verification processing on the received first data block to verify whether the first data block is sent by the official and genuine device driver, and then determine whether to perform sending processing on the first data block based on the verification result.
例如,假設控制設備接收到第一端發送過來的第一數據塊,則:控制設備可先確定該第一數據塊是否攜帶有相應有效的訪問憑證信息(如數字簽名、密碼);若沒有攜帶,可直接判定為該第一數據塊不是通過官方正版的設備驅動發送的,為惡意數據,從而直接丟棄該第一數據塊,不進行轉發處理;若攜帶有,可對第一數據塊攜帶的訪問憑證進行驗證以確定該攜帶的訪問憑證是否為預先給授權的應用頒發的,進而根據驗證結果確定第一數據塊是否為通過官方正版的設備驅動發送的,以決定是否對第一數據塊執行發送處理。具體地,若第一數據塊攜帶的訪問憑證驗證通過,則判定第一數據塊是通過官方正版的設備驅動發送的,並能夠識別出第二端對應的第一預置標識以及獲取所述第二端的地址信息,從而根據所述第二端的地址信息將第一數據塊轉發至網絡內的其它設備(相應的第二端);反之,若第一數據塊攜帶的訪問憑證驗證未通過,則判定第一數據塊不是通過官方正版的設備驅動發送的,為惡意數據,或者無法識別第一預置標識以及獲取所述第二端的地址信息,為未知數據,從而將該第一數據塊直接丟棄,不進行轉發處理。For example, assuming that the control device receives the first data block sent by the first end, the control device can first determine whether the first data block carries corresponding valid access credential information (such as a digital signature or password); if not, it can be directly determined that the first data block is not sent by the official device driver and is malicious data, and thus directly discarded. The first data block is discarded and no forwarding processing is performed; if the first data block is carried, the access certificate carried by the first data block can be verified to determine whether the carried access certificate is issued by a pre-authorized application, and then based on the verification result, it is determined whether the first data block is sent by an official and genuine device driver to decide whether to perform sending processing on the first data block. Specifically, if the access credentials carried by the first data block pass verification, the first data block is determined to have been sent by an official, authentic device driver, and the first preset identifier corresponding to the second end can be identified and the address information of the second end can be obtained. The first data block is then forwarded to other devices (corresponding to the second end) in the network based on the address information of the second end. Conversely, if the access credentials carried by the first data block fail verification, the first data block is determined to have not been sent by an official, authentic device driver and is malicious data, or the first preset identifier cannot be identified and the address information of the second end cannot be obtained, and is unknown data. The first data block is then directly discarded and not forwarded.
上述內容,通過控制設備對數據驗證,是基於對第一端(如客戶端)的不信任提出的數據安全防護方案,這樣可使得第一端既使向控制設備發送了惡意的數據,在控制設備對該數據驗證失敗(不通過)的情況下,也不會對該數據進行轉發處理,即惡意的數據在達到控制設備階段便會被阻斷繼續向其它設備發送,為此對其他設備也就無法造成攻擊。The aforementioned data verification by the control device is a data security solution based on distrust of the first end (e.g., the client). This ensures that even if the first end sends malicious data to the control device, if the control device fails to verify the data (rejects it), the data will not be forwarded. In other words, the malicious data will be blocked from continuing to be sent to other devices before it reaches the control device, preventing it from attacking other devices.
另外,除上1)和2)所述的內容之外,本申請請求項1還保留了能繼續使用TCP/IP協議,以實現遠距離數據傳輸,減少遠端通信成本。具體地實現如下:In addition to the contents described in 1) and 2) above, claim 1 of this application also retains the ability to continue to use the TCP/IP protocol to achieve long-distance data transmission and reduce remote communication costs. Specifically, it is implemented as follows:
如繼續參見圖6a,控制設備針對接收到的數據向外轉發至第二端時,仍可以是基於TCP/IP協議發送的,這能減少遠端通信成本,實現遠距離通信。例如,結合上述1)~2)所描述的內容,從整體上來看本申請實施例提供的方案:第一端(通過設備驅動實現第一端的硬件接口對其上應用隱藏、以及應用數據鑒權)+控制設備(與第一端間不使用TCP/IP協議通信連接、與第二端間使用TCP/IP協議連接,能對接收到的數據驗證,對預置字符串轉換為第二端地址)+第二端(採用TCP/IP協議進行遠距離數據傳輸),實現了既能有效地解決使用TCP/IP協議存在的各種問題,又能繼續發揮TCP/IP協議的各種優點(如網絡組網方便、遠距離傳輸等)進行數據傳輸,既增強數據傳輸安全性、又減少遠端通信成本。而且,還有效克服了長期以來因為TCP/IP協議(以及安全措施)的不可靠性而捨棄其使用方案(如使用無網絡連接的計算機單機,而數據傳輸只能通過光盤、U盤等進行線下拷貝),但是高安全性並且低成本、遠距離數據傳輸需求又難以找到有效的替代使用方案,「不使用TCP/IP網絡」與「低成本數據傳輸」兩者之間存在「不可能實現」的技術偏見。綜上,顯然本方案已超出了人們預期的想像,並且產生了預料不到的較好技術效果。As shown in Figure 6a, when the control device forwards the received data to the second end, it can still be sent based on the TCP/IP protocol, which can reduce the cost of remote communication and realize long-distance communication. For example, combining the contents described in 1) to 2) above, the solution provided by the embodiment of this application is as follows: the first end (using the device driver to realize the application hiding and application data authentication on the hardware interface of the first end) + the control device (which does not use the TCP/IP protocol to communicate with the first end, but uses the TCP/IP protocol to connect with the second end, and can verify the received data and convert the preset string into the second end address) + the second end (using the TCP/IP protocol for long-distance data transmission). This can effectively solve the various problems existing in the use of the TCP/IP protocol while continuing to give play to the various advantages of the TCP/IP protocol (such as convenient networking and long-distance transmission) for data transmission, thereby enhancing data transmission security and reducing remote communication costs. Furthermore, this solution effectively overcomes the long-standing practice of abandoning the TCP/IP protocol (and its security measures) due to its unreliability (e.g., using a standalone computer without a network connection and relying solely on offline copying via optical disks, USB drives, etc.). However, effective alternatives for high-security, low-cost, and long-distance data transmission have been difficult to find, and the perceived technical impossibility of "not using a TCP/IP network" and "low-cost data transmission" has been a technical misconception. Overall, this solution has clearly exceeded expectations and produced unexpectedly positive technical results.
有關上述所述的補充內容,有些更詳盡內容(如與1)中的一些更詳盡內容,也可參見下文所出現的相關內容。Regarding the supplementary content mentioned above, some more detailed content (such as some more detailed content in 1) can also be found in the relevant content below.
基於上述補充說明的內容,上述本申請結合圖13所提供的數據傳輸方法中,所述第一數據塊為所述第一端上第一應用的數據流中的一個數據塊,所述第一應用的業務邏輯層順序為:第一應用、第一端的操作系統、第一端上控制設備的設備驅動、第一端的硬件接口;其中,所述第一端的硬件接口用於與控制設備的硬件接口進行通信連接、且通信連接不使用TCP/IP協議;所述控制設備與所述第二端之間使用TCP/IP協議進行通信連接。以及,進一步地,所述方法還可包括如下步驟:Based on the above supplementary description, in the data transmission method provided in the present application in conjunction with FIG. 13 , the first data block is a data block in the data stream of the first application on the first end. The business logic layer sequence of the first application is: first application, operating system on the first end, device driver of the control device on the first end, hardware interface on the first end; wherein the hardware interface on the first end is used to establish a communication connection with the hardware interface of the control device, and the communication connection does not use the TCP/IP protocol; the communication connection between the control device and the second end uses the TCP/IP protocol. Furthermore, the method may also include the following steps:
F1、在接收到所述第一數據塊後,對所述第一數據塊進行驗證以確定所述第一數據塊是否為官方的設備驅動發送的數據;F1. After receiving the first data block, verify the first data block to determine whether the first data block is data sent by an official device driver;
F2、若是,則對所述第一數據塊執行發送處理;F2. If yes, perform sending processing on the first data block;
F3、若不是,則對所述第一數據塊不予執行發送處理。F3. If not, the first data block will not be sent.
其中,在一種可實現技術方案中,上述步驟F1「在接收到所述第一數據塊後,對所述第一數據塊進行驗證以確定所述第一數據塊是否為官方的設備驅動發送的數據」,可具體包括:In one possible technical solution, step F1 of "after receiving the first data block, verifying the first data block to determine whether the first data block is data sent by an official device driver" may specifically include:
確定所述第一數據塊是否附帶有效的訪問憑證;determining whether the first data block is accompanied by a valid access certificate;
附帶時,所述第一數據塊為官方的設備驅動發送的數據;When attached, the first data block is the data sent by the official device driver;
未附帶時,所述第一數據塊不是官方設備驅動發送的數據;When not included, the first data block is not data sent by the official device driver;
其中,所述訪問憑證包括如下中的至少一項:數字簽名、密碼、密鑰等。The access credential includes at least one of the following: a digital signature, a password, a key, etc.
基於上述結合圖5d至5e所介紹的系統內容,本申請另一實施例還提供了相應的數據傳輸方法,該另一實施例提供的數據傳輸方法適於如圖5d示出的第一端10。第一端內事先預置的預置信息包括上文所述的針對第一端10創建的配置文件,進一步地,還可包括針對第二端20創建的配置文件。有關配置文件中可包括的具體內容,可參見上文其他各實施例中相關內容。具體地,本實施例提供的數據傳輸方法包括以下步驟:Based on the system described above in conjunction with Figures 5d through 5e , another embodiment of the present application further provides a corresponding data transmission method. This data transmission method is applicable to the first terminal 10 shown in Figure 5d . The pre-configured information pre-set within the first terminal includes the configuration file created for the first terminal 10 described above, and further, may also include a configuration file created for the second terminal 20. For details on the specific content that may be included in the configuration file, please refer to the relevant content in the other embodiments above. Specifically, the data transmission method provided in this embodiment includes the following steps:
401、在需向第二端傳輸第一數據塊時,獲取所述第二端對應的第一預置字符串;其中,第一預置字符串用於隱藏所述第二端的地址信息;401. When a first data block needs to be transmitted to a second end, obtain a first preset character string corresponding to the second end; wherein the first preset character string is used to hide address information of the second end;
402、基於所述第一預置字符串及所述第一數據塊,生成待發送的第一報文;402. Generate a first message to be sent based on the first preset character string and the first data block;
403、通過控制設備將所述第一報文發送至所述第二端。403. Send the first message to the second end through a control device.
有關上述401獲取第一預置字符創的具體實現,可參見上文其它實施例中相關內容。Regarding the specific implementation of the above 401 obtaining the first preset character set, please refer to the relevant content in other embodiments above.
一具體可實現技術方案中,上述402「基於所述第一預置字符串及所述第一數據塊,生成待發送的第一報文」,包括:In one specific implementation, the above-mentioned step 402 of "generating a first message to be sent based on the first preset character string and the first data block" includes:
4021、確定所述第一數據塊所屬的第一數據流對應第一傳輸事務的第一事務信息;4021. Determine first transaction information of a first transmission transaction corresponding to a first data stream to which the first data block belongs.
4022、基於所述第一事務信息及所述第一預置字符串,為所述第一數據塊確定相應的目標頭信息;4022. Determine corresponding target header information for the first data block based on the first transaction information and the first preset character string.
4023、根據所述第一目標頭信息及所述第一數據塊,生成所述第一報文;4023. Generate the first message based on the first target header information and the first data block.
其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求。The first target header information is used to verify whether the first message meets the requirements.
有關上述4021~4023的具體實現描述,可參見上文其它實施例中相關內容。For the specific implementation description of the above 4021~4023, please refer to the relevant content in other embodiments above.
上述403中,控制設備可以從接收到的第一報文中解析出第一預置字符串,然後再根據第一預置字符串獲取到第二端的地址信息,進而根據第二端的地址信息將第一報文發送至第二端。In the above 403, the control device can parse the first preset character string from the received first message, and then obtain the address information of the second end according to the first preset character string, and then send the first message to the second end according to the address information of the second end.
這裡需要說明的是:本申請實施例提供的所述數據傳輸方法中各步驟未盡詳述的內容可參見本申請提供的其它各實施例中的相應內容,此處不再贅述。此外,本申請實施例提供的所述方法中除了上述各步驟以外,還可包括上述本申請提供的其他各實施例中其他部分或全部步驟,具體可參見上述各實施例相應內容,在此不再贅述。It should be noted that for any details not fully described in the steps of the data transmission method provided in this embodiment, reference may be made to the corresponding details in the other embodiments provided in this application, and will not be further elaborated here. Furthermore, in addition to the steps described above, the method provided in this embodiment may also include some or all of the other steps in the other embodiments provided in this application, and for details, reference may be made to the corresponding details in the above embodiments, and will not be further elaborated here.
針對本申請上下文所述的涉及到「預置字符串」的所有相關內容,這裡需補充說明的是:預置字符串可由多種組合形式。例如,不同數據端各自均有相對應的預置字符串,如參見下文給出的示例二中的例子1「請求數據」,針對「請求網絡資源」傳輸事務,客戶端對應有第二預置字符串:0x81 0xa4 0x35 0xe3,服務端對應有第一預置字符串:0x47 0xec 0x47 0xf4,第一預置字符串與第二預置字符串不同。再例如,不同數據端可為固定的預置字符串,例如,針對上述「請求網絡資源」傳輸事務,客戶端與服務端對應的預置字符串可均為第三預置字符串,如參見上文針對預置字符串給出的示例11和示例21,客戶端對應的第二預置字符串和服務端對應的第一預置字符串可均為字符串「0x0A」,雖然這裡服務端對應的第一預置字符串與客戶端對應的第二預置字符串相同,但實際上作用並不同,第一預置字符串只作用在服務端與其連接的控制設備通信中,第二預置字符串只作用在客戶端與其連接的控制設備的通信中。上述針對預置字符串給出的兩個例子,預置字符串具有隱藏相應端的地址信息。在預置字符串直接為相應端真實的地址信息情況下,不同數據端各自均有相對應的預置字符串,如參見圖14,客戶端對應的第二預置字符串可直接為表徵客戶端真實的地址信息的字符串「192.###.1.2:12345」,服務端對應的第一預置字符串可直接為表徵服務端真實的地址信息的字符串「192.###.1.1:8000」。Regarding all references to "preset strings" in this application, it should be noted that preset strings can be used in various combinations. For example, different data endpoints each have corresponding preset strings. For example, in Example 2 below, Example 1, "Requesting Data," for the "Requesting Network Resources" transaction, the client has a second preset string: 0x81 0xa4 0x35 0xe3, while the server has a first preset string: 0x47 0xec 0x47 0xf4. The first and second preset strings are different. As another example, different data terminals may use fixed preset strings. For example, for the aforementioned "Request Network Resources" transmission transaction, the corresponding preset strings for both the client and server may be the third preset string. As shown in Examples 11 and 21 above regarding preset strings, the second preset string corresponding to the client and the first preset string corresponding to the server may both be the string "0x0A." Although the first preset string corresponding to the server and the second preset string corresponding to the client are the same, their actual functions are different. The first preset string only applies to communications between the server and its connected control device, while the second preset string only applies to communications between the client and its connected control device. In the two examples above regarding preset strings, the preset strings contain hidden address information for the corresponding terminals. When the preset string is directly the actual address information of the corresponding end, different data ends each have a corresponding preset string. As shown in Figure 14, the second preset string corresponding to the client can be directly the string representing the actual address information of the client, "192.###.1.2:12345", and the first preset string corresponding to the server can be directly the string representing the actual address information of the server, "192.###.1.1:8000".
結合上下文本申請提供的所有與「傳輸事務、預置字符串、基於與某一端間的通信協議」相關的所有實施例,這裡需要總補充說明的是:本申請從第一端、第二端或中間設備上的控制模塊角度下基於「傳輸事務」所實現的數據傳輸控制(如數據的結構化、校驗控制),與從控制設備的角度下基於「傳輸事務、預置字符串、基於與某一端間的通信協議」所實現的數據傳輸控制,相同部分實現原理實際上等同(如數據的結構化實現原理等同、校驗實現原理等同等),可相互參考。即,第一端、第二端或中間設備上的控制模塊與控制設備所具有的數據傳輸控制功能可等同或者在一定程度上等同。In conjunction with the context of all embodiments provided in this application relating to "transmission transactions, preset character strings, and communication protocols with a particular end," it is necessary to provide a general explanation: the data transmission control (e.g., data structuring and verification control) implemented in this application based on "transmission transactions" from the perspective of a control module on a first end, a second end, or an intermediate device, and the data transmission control implemented from the perspective of a control device based on "transmission transactions, preset character strings, and communication protocols with a particular end" are substantially identical in their implementation principles (e.g., identical data structuring and verification implementation principles), and may be used in conjunction with each other. That is, the data transmission control functions of the control module on the first end, the second end, or the intermediate device and the control device may be identical, or equivalent to a certain extent.
綜合上文所描述的本申請結合控制設備實現數據傳輸的相關所有內容可獲知,為解決現有的網絡通信協議(TCP/IP協議)、網絡安全保護措施、安全防護軟件存在的問題,本申請方案(如可參見圖6a)是基於軟件程序(為安裝在數據端(如第一端、第二端)上的設備驅動和API接口)和硬件(為控制設備)相結合的方式,從數據端(第一端與第二端)的物理接口設備接入方式、數據交換方式、數據結構化方式和物理特殊控制等方式出發,以加強信息安全的防護和控制能力。具體地,本申請提供的數據傳輸方案可包括以下幾大塊內容:Based on all the above-described aspects of this application's integration with control devices to achieve data transmission, it can be seen that, to address issues with existing network communication protocols (TCP/IP), network security measures, and security protection software, this application solution (as shown in Figure 6a) is based on a combination of software programs (device drivers and API interfaces installed on data terminals (such as the first and second terminals)) and hardware (control devices). This solution is designed to enhance information security protection and control capabilities by focusing on the physical interface device access method, data exchange method, data structuring method, and physical special controls at the data terminals (first and second terminals). Specifically, the data transmission solution provided by this application may include the following major components:
第一大塊內容:數據端(如第一端或第二端)的網絡接入方面The first part: Network access at the data end (such as the first or second end)
如參見圖6a,本申請方案並不使用現有的中間網絡設備(例如雙絞線網卡、光纖網卡、WiFi網卡、4G無線網卡等)的直接連接,而是通過在數據端物理上與控制設備進行硬件連接,並在數據端安裝相應的驅動軟件程序(為控制設備的設備驅動)的方式,建立與控制設備的通信連接;再由控制設備向目標設備(如另一控制設備,或另一數據端)建立網絡連接的方式進行通信。採用這種接入方式,具有以下幾點益處:As shown in Figure 6a, this application solution does not utilize existing intermediate network devices (such as twisted-pair network cards, fiber optic network cards, WiFi network cards, 4G wireless network cards, etc.) for direct connection. Instead, it establishes a communication connection with the control device by physically connecting the data end to the control device through hardware and installing the corresponding driver software program (device driver for the control device) on the data end. The control device then establishes a network connection to the target device (such as another control device or another data end) for communication. This access method has the following benefits:
1)從數據端(如第一端(客戶端)或第二端(服務端))角度來看,數據端可以為無網卡(網絡設配器)的單機設備。此外,木馬、病毒等惡意程序在控制數據端後,無法通過網絡進行接收控制指令、竊取文件或者對網絡內其他設備發起掃描、探測或者攻擊行為。例如,參見圖6a所示,第一端被惡意控制後,由於第一端發送的所有數據是需經過相應的第一控制設備進行審計和按照預設規則進行的,數據不符合要求時,第一控制設備並不會對第一端發送的數據進行轉發,也無法處理未知規則的數據,為此惡意者控制第一端發送的惡意數據並不會在網絡內的進行發送,由此惡意者也難以通過第一端向網絡內其它設備發起掃描、探測或者攻擊等行為。1) From the perspective of the data end (e.g., the first end (client) or the second end (server)), the data end can be a standalone device without a network card (network adapter). Furthermore, after malicious programs such as Trojans and viruses take control of the data end, they cannot receive control commands, steal files, or initiate scanning, probing, or attacking other devices on the network. For example, as shown in Figure 6a, after the first end is maliciously controlled, all data sent by the first end must be audited and processed according to preset rules by the corresponding first control device. If the data does not meet the requirements, the first control device will not forward the data sent by the first end, nor will it be able to process data with unknown rules. Therefore, the malicious data sent by the malicious end will not be sent within the network, and it will be difficult for the malicious end to launch scanning, detection, or attack actions against other devices in the network through the first end.
2)不同控制設備之間的遠程通信,仍可通過現有網絡技術進行連接,降低建設投入成本。如繼續參見圖6a,第一控制設備31A與第二控制設備32的通信連接,可以使用TCP/IP通信協議,通過傳統的雙絞線、光纖、WiFi、蜂窩網絡(3G、4G、5G等)、衛星通訊、LORA等有線或無線方式進行網絡連接。2) Remote communication between different control devices can still be achieved through existing network technologies, reducing construction investment costs. As shown in Figure 6a, the communication connection between the first control device 31A and the second control device 32 can use the TCP/IP communication protocol and establish a network connection through traditional twisted pair cables, optical fibers, WiFi, cellular networks (3G, 4G, 5G, etc.), satellite communications, LoRa, and other wired or wireless methods.
3)數據端上的設備驅動和相應的API接口可以通過修改操作系統權限的方式進行限制,使無授權的應用無法進行訪問;或者使用隱藏技術,使惡意程序無法發現設備驅動或者API接口。具體實現原理如下:3) Device drivers and corresponding API interfaces on the data side can be restricted by modifying operating system permissions to prevent unauthorized applications from accessing them; or by using hiding technology to prevent malicious programs from discovering device drivers or API interfaces. The specific implementation principles are as follows:
在介紹具體實現原理之前,先簡單的介紹一些相關的背景知識。Before introducing the specific implementation principles, let's briefly introduce some related background knowledge.
一數據端(如客戶端或服務端)上的應用基於該數據端的操作系統進行網絡通信時,應用訪問網絡的權限一般無限制(例外情況下,雖可通過殺毒軟件、軟件防火牆等對應用訪問網絡進行限制,但是在繞過限制後即可通過網絡接口訪問網絡),任何應用使用普通的權限均可訪問網絡。同時,數據端上的其他程序可以對通信過程進行監聽,如使用wireshark軟件(為一種開源網絡協議分析器)可對網卡數據進行監聽。數據端上的應用訪問網絡的具體實現可包括如下步驟:When an application on a data center (such as a client or server) communicates over a network based on that data center's operating system, its network access permissions are generally unrestricted. (Under certain exceptions, although application access can be restricted by antivirus software or software firewalls, these restrictions can be circumvented to allow network access through the network interface.) Any application can access the network using normal permissions. Furthermore, other programs on the data center can monitor the communication process, such as using Wireshark (an open-source network protocol analyzer) to monitor network card data. Implementing network access for a data center application may include the following steps:
步驟1、調用操作系統內置的通用網絡訪問API接口文件。例如,Linux、Windows、MacOS操作系統下的Socket.h文件等。Step 1: Call the operating system's built-in general network access API interface file, such as the Socket.h file in Linux, Windows, and MacOS operating systems.
步驟2、通過API接口函數創建網絡套接字(Socket)。例如,使用socket()函數。Step 2: Create a network socket using the API interface function. For example, use the socket() function.
上述步驟1~步驟2以及下述的步驟3為如客戶端、服務端等不同數據端的共同步驟。The above steps 1 to 2 and the following step 3 are common steps for different data terminals such as the client and the server.
步驟3、數據端作為客戶端時,通過API接口函數建立與服務端的連接。例如,使用connect()函數(為用於建立與指定socket的連接的函數),連接至指定的IP地址和對應的端口號。數據端作為服務端時,通過API函數進行連接的監聽,例如使用bind()函數綁定號,並使用listen()函數監聽接入的客戶端,在有客戶端接入時,使用accept()函數接受客戶端接入請求。Step 3: When the data end acts as a client, it establishes a connection with the server using API functions. For example, it uses the connect() function (which establishes a connection to a specified socket) to connect to the specified IP address and corresponding port number. When the data end acts as a server, it monitors for connections using API functions, such as using the bind() function to bind an address and the listen() function to listen for incoming clients. If a client connects, it uses the accept() function to accept the client's request.
步驟4、在連接成功後,使用API接口函數進行服務端或客戶端的通信數據發送或接收。例如,使用write()或send()函數向服務端或客戶端發送數據;使用read()或recv()函數接收服務端或客戶端發送的數據。Step 4. After the connection is established, use the API functions to send or receive data to or from the server or client. For example, use the write() or send() functions to send data to or from the server or client; use the read() or recv() functions to receive data from or from the server or client.
上述應用的業務邏輯如下:The business logic of the above application is as follows:
應用<——>操作系統<——>網卡驅動<——>網卡<——>網絡數據Application<——>Operating System<——>Network Card Driver<——>Network Card<——>Network Data
基於上述介紹的背景知識,本實施例在實現應用訪問權限限制時,所設計的在驅動層的業務邏輯為:應用<——>操作系統<——>控制設備的設備驅動<->控制設備<->網絡數據。在本申請的控制設備在操作系統的設備驅動(設備驅動程序)中,一方面,可以對其他程序訪問設備驅動的API接口進行鑒權,比如,預先給授權的應用頒發數字證書、或者密碼憑證,在應用訪問設備驅動時需要附帶憑證信息,由設備驅動或控制設備判斷是否接收其數據發送或接收的功能調用。另一方面,可以對控制設備的設備驅動進行操作系統的權限設置,沒有調用權限的應用或者用戶不能進行功能調用。例如,在linux系統中,可通過chmod命令進行設備驅動的權限設置。Based on the background information described above, the driver-level business logic designed for implementing application access permission restrictions in this embodiment is: application <-> operating system <-> device driver of the controlled device <-> controlled device <-> network data. Within the operating system's device driver (device driver program) of the control device in this application, other programs can authenticate access to the device driver's API. For example, authorized applications are pre-issued with digital certificates or password credentials. When an application accesses the device driver, it must provide this credential information, and the device driver or control device determines whether to accept the function call to send or receive data. On the other hand, the operating system can set permissions for the device driver that controls the device. Applications or users without call permissions cannot call functions. For example, in Linux systems, device driver permissions can be set using the chmod command.
實現訪問接口隱藏時,會進一步細化硬件接入層的業務邏輯,具體為:應用<——>操作系統<——>控制設備的設備驅動<——>數據端的連接硬件接口<——>控制設備的連接硬件接口<——>控制設備<——>網絡數據。訪問接口是對數據端(如客戶端)與控制設備連接硬件接口在操作系統層面進行隱藏,防止設備驅動以外的應用直接訪問硬件接口。When implementing access interface hiding, the business logic at the hardware access layer is further refined. Specifically, the following relationship is established: application <-> operating system <-> device driver for controlling the device <-> data connection hardware interface <-> control device connection hardware interface <-> control device <-> network data. The access interface hides the hardware interface connecting the data end (e.g., client) to the control device at the operating system level, preventing applications other than the device driver from directly accessing the hardware interface.
以USB接口協議、控制設備連接數據端(第一端(客戶端)或第二端(服務端))為例,一方面,在控制設備初次連接一數據端(或者長時間未調用進行休眠重置)時,數據端第一次發送標準請求(請求設備、配置、接口、端點描述符等,可參見圖10)時,控制設備先返回一種通用的CDC(Connected Device Configuration)設備類型的相關描述符,將控制設備模擬為普通CDC設備類型。在設備驅動根據預設的UID或PID(返回的設備描述符中的數據)對CDC設備的發送特殊請求,進行校驗通過(圖10中示出的特殊請求中的校驗部分)時,控制設備進行斷開重新發起可以枚舉的信號。在客戶端第二次發送標準請求時,返回真實的5個描述符數據,並在校驗通過時,完成控制設備的接入。另一方面,參考上述介紹的與訪問權限限制相關的第一方面,如果應用發送的數據沒有附帶有效的憑證,控制設備不返回和處理發送的數據。上述CDC設備類型是USB組織定義的一類專門給各種通信設備(電信通信設備和中速網絡通信設備)使用的USB設備類型。Taking the USB interface protocol as an example, a control device connected to a data port (either the first port (client) or the second port (server)) undergoes a sleep reset after a long period of inactivity. When the control device first connects to a data port (or is inactive for a long time), the data port sends a standard request (requesting device, configuration, interface, and endpoint descriptors, see Figure 10). The control device returns a generic CDC (Connected Device Configuration) device type descriptor, simulating the control device as a standard CDC device. When the device driver verifies the CDC device's special request based on the preset UID or PID (data in the returned device descriptor) and passes verification (the verification portion of the special request shown in Figure 10), the control device disconnects and re-initiates a signal indicating that enumeration is possible. When the client sends the standard request a second time, it returns the five descriptor data, and if verification is successful, access to the control device is complete. On the other hand, referring to the first aspect of access permission restrictions described above, if the data sent by the application is not accompanied by a valid certificate, the control device will not return or process the data. The aforementioned CDC device type is a USB device type defined by the USB organization specifically for use by various communication devices (telecommunications and medium-speed network devices).
這裡需要補充說明的是,上述所述的兩點內容可以單獨存在或共同存在。It should be noted here that the two points mentioned above can exist separately or together.
4)對於數據端(如客戶端或服務端)而言,只有一個通信目標,為控制設備。數據端具體訪問什麼網絡資源和網絡目標,均由控制設備通過預設配置的方式決定,數據端無法干預。由於重要的控制代碼、內存數據或者運行邏輯均在控制設備中獨立運行,數據端無法具有控制設備的所有控制權限,例如,即使一數據端在被惡意程序完全控制後,惡意程序也無法獲得控制設備的完全控制權限。4) For data terminals (such as clients or servers), there is only one communication target: the control device. The specific network resources and network targets accessed by the data terminal are determined by the control device through pre-configured settings, and the data terminal cannot interfere. Because important control code, memory data, and operational logic are all run independently within the control device, the data terminal cannot have full control permissions of the control device. For example, even if a data terminal is fully controlled by a malicious program, the malicious program cannot gain full control of the control device.
5)數據端和控制設備的關係為主機和從機的關係。數據端為主機模式,控制設備為從機模式,控制設備需要數據端主動發起請求才能響應,避免在控制設備被惡意控制的情況下,竊取數據端主機的數據。5) The relationship between the data terminal and the control device is that of a master and slave. The data terminal is in master mode, and the control device is in slave mode. The control device requires the data terminal to initiate a request before responding. This prevents the control device from being maliciously controlled and potentially stealing data from the data terminal host.
6)控制設備可以為無操作系統的固件程序,理論上無法感染病毒和被植入木馬進行控制。6) The control device can be a firmware program without an operating system, which theoretically cannot be infected by viruses or implanted with Trojans for control.
固件(Firmware)程序是一種寫入EPROM(可擦寫可編程只讀存儲器)或EEPROM(電可擦可編程只讀存儲器)中的程序,可理解為一個獨立的軟件。在控制設備為無操作系統的固件程序的情況下,可將上文描述的「第一控制模塊11」、「第二控制模塊12」、「第三控制模塊」、「第四控制模塊」等理解為控制設備。Firmware is a program written to EPROM (Erasable Programmable Read-Only Memory) or EEPROM (Electrically Erasable Programmable Read-Only Memory) and can be considered a standalone piece of software. If the control device is a firmware program without an operating system, the "first control module 11," "second control module 12," "third control module," and "fourth control module" described above can be considered the control device.
具體實現原理或步驟:Specific implementation principles or steps:
1、數據端(如客戶端或服務端)與控制設備之間的通信接口及通信連接1. Communication interface and connection between the data end (such as client or server) and the control device
以USB接口和USB協議為例,數據端與控制設備通過USB數據線進行連接(現場接入或近端接入的情況)。其中,在USB通信協議下,數據端為主機模式,控制設備為從機模式。控制設備使能其上的一個及以上控制傳輸端點和一個及以上IN端點或OUT端點的等時傳輸、中斷傳輸或批量端點,用於數據端與控制設備完成枚舉(控制傳輸端點的通信握手),並進行數據的交互(IN或OUT端點的輸入和輸出)。有關完成枚舉的具體實現,可參見上文所述的與圖10相關的內容。Taking the USB interface and USB protocol as an example, the data port and control device are connected via a USB data cable (for field access or near-end access). Under the USB communication protocol, the data port operates in host mode, while the control device operates in slave mode. The control device enables isochronous transfers, interrupt transfers, or batch transfers on one or more control transfer endpoints and one or more IN or OUT endpoints. This allows the data port and control device to complete enumeration (communication handshakes at the control transfer endpoints) and exchange data (input and output of IN or OUT endpoints). For details on how to complete enumeration, see the above description related to Figure 10.
2、數據端與控制設備進行數據交換2. Data exchange between the data terminal and the control device
從數據端的角度,以USB協議為例:From the data end perspective, taking the USB protocol as an example:
一個數據端需發送數據時,可向其連接的控制設備的OUT端點(輸出端點),發送OUT令牌包、數據交互指令和數據包;When a data terminal needs to send data, it can send an OUT token packet, data interaction command and data packet to the OUT terminal (output terminal) of the connected control device;
一個數據端接收數據時,可向其連接的控制設備的IN端點(輸入端點)發IN令牌包,當IN端點有數據時,接收數據包。When a data terminal receives data, it can send an IN token packet to the IN terminal (input terminal) of the control device connected to it. When the IN terminal has data, it receives the data packet.
需補充說的是,在一台控制設備,IN/OUT端點可以有多組,比如5組,5個IN端點、5個OUT端點;或者不對稱,如3個IN端點、7個OUT端點,用於數據的高速傳輸;同時也可以只有IN端點或者只有OUT端點的情況,用於數據的單向傳輸。數據端具體向控制設備的那個端點發送令牌包、數據交互指令等,可以根據該數據端對應的預置字符串綁定的控制設備的端點確定。It should be noted that a control device can have multiple sets of IN/OUT endpoints, for example, five (5 IN endpoints and 5 OUT endpoints), or an asymmetrical pattern, such as three IN endpoints and seven OUT endpoints, for high-speed data transmission. Alternatively, a control device can have only IN endpoints or only OUT endpoints for unidirectional data transmission. The specific endpoint on the control device to which a data port sends token packets, data exchange commands, and other information is determined by the control device endpoint bound to the preset string corresponding to the data port.
3、一個數據端連接的控制設備與目標設備(如另一個控制設備或另一個數據端)進行數據交換3. A control device connected to a data port exchanges data with a target device (such as another control device or another data port)
控制設備根據預設配置(例如網絡配置:目標的IP、端口,接入的賬號、密碼等電子憑據),通過TCP/IP等網絡接口連接另一控制設備或者另一數據端(如服務端)。控制設備之間的網絡連接,或者控制設備網絡連接如服務端的情況下,或者控制設備網絡連接如客戶端的情況下,可以通過TCP/IP協議,降低部署成本,也解決USB協議的通信距離問題(遠端接入或遠程接入的情況)。Based on pre-configured configurations (e.g., network configuration: target IP address, port number, access account, password, and other electronic credentials), a control device connects to another control device or another data terminal (e.g., a server) via a network interface such as TCP/IP. Network connections between control devices, or when a control device acts as a server or client, can utilize the TCP/IP protocol, reducing deployment costs and addressing the communication distance limitations of the USB protocol (for remote access or remote access).
當一個數據端比如客戶端向其連接的控制設備的OUT端點發送數據時,控制設備將數據轉發至目標設備(比如服務端)。當控制設備接收到服務端發送的數據時,將數據放置在控制設備的存儲介質(內存或者外存)中,並在客戶端通過IN端點發送令牌包請求時,將數據向服務端返回。另外,此處的服務端和客戶端的數據轉發:一是,不一定是原始的數據進行轉換,也可以是經過加密、解密、裁剪、增加或者其他形式處理過的數據;二是,不一定是立即轉發,也可以是經過人工確認後,或者經過預設腳本、規則等進行校驗後才轉發;三是,可以將傳輸的重要數據存儲在控制設備中備份,防止計算機主機誤刪除、或者遭到勒索軟件的惡意加密。When a data terminal, such as a client, sends data to the OUT endpoint of a connected control device, the control device forwards the data to the target device (such as a server). When the control device receives the data sent by the server, it places the data in the control device's storage medium (internal or external memory) and returns the data to the server when the client sends a token packet request through the IN endpoint. In addition, the data forwarding between the server and client here: First, the data does not necessarily need to be converted as original data, but can also be data that has been encrypted, decrypted, cropped, added, or processed in other forms; second, it does not necessarily need to be forwarded immediately, but can also be forwarded after manual confirmation or verification based on preset scripts and rules; third, the transmitted important data can be stored in the control device for backup to prevent accidental deletion by the computer host or malicious encryption by ransomware.
第二大塊內容:一個數據端上應用與另一個數據端上應用的數據交互方面。The second major area of content is data interaction between an application on one data end and an application on another data end.
以一個數據端為客戶端,另一個數據端為服務端為例:For example, one data end is the client and the other data end is the server:
客戶端與服務端之間的應用通信,不同於現有的TCP/IP等傳輸協議,如具傳輸過程中需要有源(IP)地址、宿(IP)地址、端口號和內容數據包(為具體待傳輸的數據(或數據塊))等形式。本申請是通過預先註冊的服務(為預先註冊的服務對應預置有相應的「通信標識(也即上文涉及的預置字符串)」,還包括後續的「 傳輸事務」),並將服務信息同步至控制設備,再由控制設備按照該服務的預設配置進行通信。控制設備可以只有客戶端功能或者服務端功能(如5a示出的客戶端和服務端分別連接不同的控制設備情形下),或者同時具有客戶端和服務端的功能(如4a示出的客戶端和服務端連接同一個控制設備情形下)。Application communication between clients and servers differs from existing transmission protocols like TCP/IP, which require source (IP) addresses, destination (IP) addresses, port numbers, and content packets (specific data (or data blocks) to be transmitted). This application is established through pre-registered services (pre-registered services are assigned corresponding "communication identifiers (the preset strings mentioned above)" and include subsequent "transmission transactions"), synchronizing service information with the control device. The control device then communicates according to the service's pre-configured configuration. The control device may have only client functionality or server functionality (as shown in 5a, where the client and server are connected to different control devices respectively), or may have both client and server functionality (as shown in 4a, where the client and server are connected to the same control device).
例如,參見圖14,假設服務提供者在服務端上預先註冊了一服務B(如網絡資源提供服務),服務B指向網絡地址為192.###.1.1、端口號8080的第二控制設備,服務B授權第一控制設備可以訪問,並針對該服務B,預置了相應的通信標識0x01(為其綁定有服務端的地址信息(192.###.1.1:8080));則,For example, referring to Figure 14, assume that the service provider has pre-registered a service B on the server (e.g., a network resource provisioning service). Service B points to the second control device with a network address of 192.###.1.1 and a port number of 8080. Service B authorizes the first control device to access the service and presets a corresponding communication identifier 0x01 for Service B (bound to the server's address information (192.###.1.1:8080)). Then,
1、客戶端發送數據。客戶端上應用只需將服務B對應的通信標識0x01和待發送的數據hello發送至第一控制設備,由第一控制設備對通信標識0x01進行識別解析,以解析出網絡目標地址(192.####.1.1:8080)和客戶端對應的通信標識符0x02,而後將包含通信標識0x01、通信標識0x02及數據hello的數據包向網絡目標地址(指向服務端連接的第二控制設備)發送。1. The client sends data. The client application simply sends the communication identifier 0x01 corresponding to service B and the data to be sent, "hello," to the first control device. The first control device identifies and parses the communication identifier 0x01 to determine the network destination address (192.####.1.1:8080) and the communication identifier 0x02 corresponding to the client. The first control device then sends a data packet containing the communication identifiers 0x01, 0x02, and "hello" to the network destination address (the second control device connected to the server).
2、在第二控制設備接收第一控制設備發送的數據後,等待服務端讀取。在服務端讀取第二控制設備2時,將相應數據向服務端發送。2. After receiving the data sent by the first control device, the second control device waits for the server to read it. When the server reads the second control device 2, it sends the corresponding data to the server.
3、服務端機經過對接收的數據進行處理後,按照1和2的步驟向客戶端回復數據。3. After processing the received data, the server returns the data to the client according to steps 1 and 2.
通過上述通信標識(即上文涉及的預置字符串)進行數據傳輸,有以下幾點益處:Transmitting data using the aforementioned communication identifiers (i.e., the preset strings mentioned above) has the following benefits:
1)發送端無法獲得目標端(接收端)的地址1) The sender cannot obtain the address of the target (receiver)
通信過程中,對於發送端來說,只有接收端對應的通信標識和待發送的數據,這樣:During the communication process, the sender only has the corresponding communication identifier of the receiver and the data to be sent, as follows:
一是發送端不知道目標端的地址,保護了目標端的地址信息;First, the sender does not know the address of the target end, thus protecting the address information of the target end;
二是發送端只能根據目標端對應的通信標識進行提交數據,通信標識符可以為多個字節數以上的隨機字符串(例如32位或128個字節等複雜隨機數,不同於IP地址的規律性),所以發送端無法對網絡上的其他服務進行掃描、探測,也無法猜測網絡設備的數量,無法對網絡的設備進行分析等等。Second, the sender can only submit data based on the target's corresponding communication identifier. The communication identifier can be a random string of more than one byte (for example, a complex random number such as 32 or 128 bytes, which is different from the regularity of an IP address). Therefore, the sender cannot scan or detect other services on the network, guess the number of network devices, or analyze the network devices.
2)網絡上的所有網絡服務均能被管理2) All network services on the network can be managed
由於服務是先進行註冊,再根據控制設備或者用戶角色等進行授權,所有服務開通和授權能夠進行有效管理。控制設備可以只有客戶端的功能,使普通客戶端無法進行服務功能的啟用,防止私自開通網絡服務造成的安全風險,例如僅有客戶端功能的普通用戶私自建立FTP、文件共享網絡服務等等。Because services are first registered and then authorized based on control devices or user roles, all service activation and authorization can be effectively managed. Control devices can be configured with client-only functionality, preventing regular clients from activating service functions. This prevents security risks associated with unauthorized activation of network services, such as FTP and file sharing services being privately established by regular users with only client functionality.
3)能夠控制數據的傳輸方向3) Ability to control the direction of data transmission
由於網絡通信是雙向傳輸的,即作為網絡客戶端可以接收網絡服務端的數據包,也可以向網絡服務端發送數據包;網絡服務端也是如此。在一些特殊場景下,並不需要數據的雙向傳輸,僅需要數據的單向傳輸,防止數據洩露。通過標識對應的功能設置,能夠將通信標識設置為通信數據的僅上行(接收)、僅下行(發送),控制設備只對僅上行或僅下行的數據包進行處理,實現數據的單向傳輸。Because network communication is bidirectional—a network client can receive data packets from a network server and send data packets to it, and the same is true for the server—some special scenarios require unidirectional data transmission, rather than bidirectional transmission, to prevent data leaks. By configuring the corresponding function settings, you can set the communication flag to uplink-only (receive) or downlink-only (send) for communication data, controlling the device to process only uplink-only or downlink-only data packets, achieving unidirectional data transmission.
有關如何通過通信標識實現數據傳輸方向的控制,可參見上文其他實施例中描述的與「數據傳輸方向控制信息」相關的內容。Regarding how to control the data transmission direction through the communication identifier, please refer to the content related to "data transmission direction control information" described in other embodiments above.
具體實現原理或步驟:Specific implementation principles or steps:
步驟1、創建配置文件(為具有管理權限的用戶創建配置文件)Step 1. Create a profile (create a profile for a user with administrative privileges)
二是生成一數據端(如客戶端)的配置文件。配置文件中包括但不限於如下配置信息:客戶端的名稱(同個客戶端硬件,但不同服務對應的名稱可以不同),客戶端對應的通信標識(同個客戶端硬件,但不同服務對應的通信標識可以不同),設置允許訪問的客戶端的IP、綁定的控制設備硬件特徵標識符,以及自動生成客戶端IP對應的:①訪問端口範圍(客戶端訪問時的端口號,例如10000至10010,非IP對應的特定端口限制其訪問服務端,以提高安全性。短連接的情況下,使用多個客戶端端口是用於數據併發,以提高併發數);②通信標識號(客戶端標識,隨機生成128字節隨機數);③訪問服務端的賬號、密碼等電子憑據、客戶端數字證書等等。The second is to generate a configuration file for a data terminal (such as a client). The configuration file includes but is not limited to the following configuration information: the name of the client (the same client hardware, but different services corresponding to the name can be different), the corresponding communication identifier of the client (the same client hardware, but different services corresponding to the communication identifier can be different), set the IP address of the client that is allowed to access, the hardware characteristic identifier of the bound control device, and automatically generate the following: ① Access port range ( ② The port number used by the client for access, such as 10000 to 10010. Non-IP-based ports restrict access to the server to improve security. In short-term connections, using multiple client ports is useful for data concurrency to increase concurrency. ② The communication identification number (client identification, a randomly generated 128-byte number). ③ Electronic credentials such as the server account and password, and the client's digital certificate, etc.
一是生成另一數據端(如服務端)的配置文件。配置文件中包括但不限於如下配置信息:服務端的名稱,服務端對應的通信標識(可為隨機生成32位或128字節等複雜隨機數,也可為單字符),綁定的控制設備硬件特徵標識符,服務端的IP、端口、數字證書等;客戶端對應的IP、賬號、密碼等電子憑據、訪問端口範圍、客戶端通信標識號等,連接方式:長連接或短連接。The first is to generate a configuration file for another data end (such as a server). This configuration file includes, but is not limited to, the following configuration information: the server name, the corresponding communication identifier for the server (which can be a randomly generated complex number such as 32-bit or 128 bytes, or a single character), the hardware identifier of the bound control device, the server's IP address, port number, digital certificate, etc.; the client's corresponding IP address, account number, password, and other electronic credentials, access port range, client communication identifier, etc., and the connection method: long or short connection.
步驟2、將配置文件向相應的控制設備進行分發。Step 2: Distribute the configuration file to the corresponding control devices.
步驟3、控制設備將配置文件部分參數同步至其連接的數據端(如客戶端或服務端)。Step 3: The control device synchronizes some parameters of the configuration file to the data end to which it is connected (such as the client or server).
有關上文創建的配置文件具體可包括的內容信息以及配置文件分發等的具體介紹,可參見上文其他實施例中的相關內容。For detailed information about the content that the configuration file created above may include and the distribution of the configuration file, please refer to the relevant content in other embodiments above.
步驟4、一個數據端上的應用向相應控制設備發送或接收數據。具體地,Step 4: An application on a data terminal sends or receives data to a corresponding control device. Specifically,
應用可通過調用其所在數據端上安裝的獲取服務列表的API接口(為設備驅動的API接口),獲取註冊的服務列表(服務名稱、服務標識(也即針對服務配置的通信標識);The application can obtain the registered service list (service name, service identifier (i.e., the communication identifier configured for the service)) by calling the service list API interface installed on the data terminal (the device-driven API interface);
進一步地,應用需發送數據時,可調用發送數據的API接口,API參數包括目標端對應的通信標識符和待發送數據,向相應的控制設備發送數據。發送數據的底層原理(邏輯)為:向相應的控制設備特定的OUT端點發送數據,例如,發送的數據可括OUT令牌包和包含通信標識符和待發送數據的數據包。Furthermore, when an application needs to send data, it can call a data transmission API. The API parameters include the communication identifier corresponding to the target device and the data to be sent. This API then sends the data to the corresponding control device. The underlying principle (logic) of data transmission is to send data to the specific OUT endpoint of the corresponding control device. For example, the data sent may include an OUT token packet and a data packet containing the communication identifier and the data to be sent.
應用需接收數據時,可調用接收數據的API接口,API參數包括目標端的通信標識符(服務端或客戶端)和查詢參數的數據包,在與應用所在數據端連接的控制設備有數據時返回數據。接收數據的底層原理(邏輯)包括如下兩種方式:When an application needs to receive data, it calls the data receiving API. The API parameters include the communication identifier of the target end (server or client) and the data packet of the query parameters. When the control device connected to the data end where the application is located has data, the data is returned. The underlying principles (logic) of receiving data include the following two methods:
方式一、應用所在數據端直接向其連接的控制設備特定的IN端點循環發起IN令牌包進行查詢,當控制設備有數據時返回數據包;Method 1: The data end of the application directly sends IN token packets to the specific IN endpoint of the connected control device for query. When the control device has data, it returns the data packet.
方式二、應用所在數據端先向其連接的控制設備特定OUT端點發送OUT令牌包和數據包,數據包包括具有查詢或請求功能的交互指令,而後再向其連接的控制設備特定的IN端點循環發起IN令牌包進行查詢,當控制設備有數據時返回數據包。Method 2: The data end where the application is located first sends an OUT token packet and a data packet to the specific OUT endpoint of the connected control device. The data packet includes interactive instructions with query or request functions. Then, it cyclically sends IN token packets to the specific IN endpoint of the connected control device to query. When the control device has data, it returns a data packet.
步驟5、控制設備對其連接的數據端主機發送的數據進行驗證。Step 5: The control device verifies the data sent by the connected data host.
計算機連接端的控制設備時:When connecting the control device to the computer:
一是,控制設備對與其連接的數據端發送的數據,可通過訪問憑證進行驗證(例如數字簽名),確保為官方驅動程序發送的真實數據;First, the control device can verify the data sent by the data end connected to it by accessing the certificate (such as a digital signature), ensuring that the data is authentic and sent by the official driver;
二是,驗證發送的通信標識符是否存在,如果存在的話進行配置文件的匹配,並按照配置文件將數據轉發至目標設備。Second, verify whether the communication identifier sent exists. If it does, match the configuration file and forward the data to the target device according to the configuration file.
步驟6、若一個數據端與第一控制設備連接,另一個數據端與第二控制設連接,一個數據端將需向另一個數據端發送的數據包(包括另一個數據端對應的通信標識和待發送數據)發送至第一控制設備後,第一控制設備先將數據包發送至第二控制設備,具體地,第一控制設備根據接收到的通信標識符,將數據包發送至第二控制設備的IP地址和端口。第二控制設備在收到數據包後,可根據預置的配置文件中的預設規則(例如源IP、源端口、用戶、憑證、數字證書等)的進行數據校驗,校驗通過時,等待計算機獲取。Step 6: If one data port is connected to the first control device and the other data port is connected to the second control device, after one data port sends a data packet (including the communication identifier corresponding to the other data port and the data to be sent) to the first control device, the first control device first sends the data packet to the second control device. Specifically, based on the received communication identifier, the first control device sends the data packet to the IP address and port of the second control device. After receiving the data packet, the second control device may perform data verification according to the preset rules in the preset configuration file (such as source IP address, source port, user, certificate, digital certificate, etc.). If the verification passes, it waits for the computer to acquire the data.
第三大塊內容:數據傳輸交換中的通信數據結構化方面The third part: Structuring of communication data in data transmission and exchange
現有的TCP/IP等傳輸協議對傳輸數據內容沒有進行規範,不同的應用有不同的通信數據結構(或不同的通信協議),需要一一分析通信的數據結構(或通信協議),才能實施保護措施,導致數據安全保護成本高,也難以進行有效的保護。例如:Existing transmission protocols such as TCP/IP do not regulate the content of transmitted data. Different applications have different communication data structures (or different communication protocols). It is necessary to analyze the communication data structures (or communication protocols) one by one before implementing protection measures. This leads to high data security protection costs and difficulty in effective protection. For example:
一是,當用戶(或應用)通過相應數據端傳輸文件時,由於沒有一個標準的協議,導致傳輸了可執行文件(如帶有病毒或木馬的.exe可執行程序)時,在網絡傳輸層面難以被發現、攔截,這種情況下,只能在相應數據端上通過安裝殺毒軟件進行攔截,但是在免殺技術下,殺毒軟件可能無法查殺。而且,數據端上的操作系統是難以限制可執行文件的傳輸,且在數據端使用的大部分情況下,是沒有通過網絡傳輸接收可執行程序文件的需求的。First, when users (or applications) transmit files through data terminals, the lack of a standard protocol makes it difficult to detect and intercept executable files (such as .exe programs containing viruses or Trojans) during network transmission. In such cases, the only way to intercept them is by installing antivirus software on the data terminals. However, with antivirus technology, antivirus software may not be able to detect and kill the viruses. Furthermore, the operating system on the data terminal cannot restrict the transmission of executable files, and in most cases, there is no need to transmit executable program files over the network.
二是,對於不同的應用的不同操作日誌、通信日誌,難以有效記錄。因為不同的應用廠商開發的程序,通信數據包的結構(協議)不同,一般難以完全的進行解析分析,而且分析過程一般只能依靠廠商,另外,一般也只能事後(出事後)才進行分析。導致管理員或者用戶難以在平時發現問題。Second, it's difficult to effectively record the different operation and communication logs for different applications. Because different application vendors develop programs and use different communication data packet structures (protocols), comprehensive analysis is often difficult. Furthermore, analysis is often dependent on the vendor, and can only be performed after the fact (after an incident occurs). This makes it difficult for administrators or users to detect problems in real time.
三是,現有的應用防火牆、流量探測設備等是基於分析不同應用的通信數據結構(協議)後,才能有效進行工作,如果應用的協議更新了(或是新型木馬病毒程序、或者流量加密了),防火牆可能無法有效的進行檢測。Third, existing application firewalls and traffic detection equipment can only work effectively after analyzing the communication data structure (protocol) of different applications. If the application protocol is updated (or a new Trojan virus program is introduced, or the traffic is encrypted), the firewall may not be able to effectively detect it.
為此,本申請對通信數據進行數據結構化限定,只有符合特定結構化規則的數據,在控制設備中才予以進行交換。所以,應用在發起數據傳輸時,需要通過調用指定的API(或SDK)接口,只由API(或驅動程序、或控制設備、或SDK)對數據進行結構化後才能進行傳輸。通過結構化後的通信數據,控制設備或者計算機驅動程序(或API、SDK)可以識別上層應用的數據傳輸意圖,從而實現安全控制、日誌審計等措施。To this end, this application restricts communication data to structured data. Only data that meets specific structuring rules is exchanged within the control device. Therefore, when an application initiates data transmission, it must call a designated API (or SDK). Data transmission can only proceed after the API (or driver, or control device, or SDK) structures the data. Through structured communication data, the control device or computer driver (or API, SDK) can identify the data transmission intent of the upper-level application, thereby implementing security controls, log audits, and other measures.
在本申請的部分實施例中,是利用「傳輸事務」來實現對待傳輸的數據進行結構化的。有關具體實現可參見上文其他實施例中描述的與「目標頭信息」相關的內容。需要說明的是,對數據結構化也可以使用其他方式,比如,單純根據數據流的相關信息來對待傳輸的數據(數據流中的數據塊)進行結構化,其中,數據流的相關信息包括數據流中數據塊的總數量、數據流類型、數據流對應應用、數據塊的塊號等。本申請對數據進行結構化所採用的方式不進行限定,優選地,是利用「傳輸事務」來實現數據結構化。In some embodiments of the present application, "transmission transactions" are used to implement the structuring of the data to be transmitted. For specific implementations, please refer to the content related to "destination header information" described in other embodiments above. It should be noted that other methods can also be used to structure the data. For example, the data to be transmitted (data blocks in the data stream) can be structured simply based on the relevant information of the data stream, wherein the relevant information of the data stream includes the total number of data blocks in the data stream, the data stream type, the application corresponding to the data stream, the block number of the data block, etc. The present application does not limit the method used to structure the data. Preferably, "transmission transactions" are used to implement data structuring.
本申請,是利用「傳輸事務」來實現對待傳輸的數據進行結構化以進行傳輸,這樣做以下幾點益處:This application uses "transfer transactions" to structure the data to be transmitted, which has the following benefits:
1)透明化數據傳輸的行為。不同與傳統的日誌(一般僅記錄IP、端口、URL、數據包大小),需要針對不同的應用程序的通信流量進行大量的解析工作,而且解析工作往往只能系統開發商才能完成。而本申請的結構化方法,可以在應用程序使用網絡傳輸的過程中,將網絡流量透明化為具體操作:1) Transparent data transmission behavior. Unlike traditional logs (which typically only record IP addresses, ports, URLs, and packet sizes), this requires extensive analysis of the communication traffic of different applications, a task often only performed by system developers. This structured approach can transparently break down network traffic into specific operations during application network transmission:
一是,控制設備能具體化的記錄傳輸的具體行為(如進行文件傳輸、登錄操作)以及具體行為的參數(如文件名、文件類型)等應用的具體操作行為等等;First, the control device can specifically record the specific behavior of transmission (such as file transfer, login operation) and the parameters of specific behavior (such as file name, file type) and other specific operation behaviors of the application;
二是,結構化的過程由應用開發商按照API(或SDK)的規範進行開發,後續的日誌審計一般無需開發商再參與;Second, the structured process is developed by application developers according to API (or SDK) specifications, and subsequent log audits generally do not require the developer's participation;
三是,對於未授權的操作,控制設備可以進行阻斷,例如,普通的數據端不需要傳輸可執行文件(例如.exe程序)的操作,那麼可以禁止該操作;Third, the control device can block unauthorized operations. For example, if a normal data terminal does not need to transfer executable files (such as .exe programs), the operation can be prohibited.
四是,控制設備對未知的操作(非註冊的傳輸事務)或者不符合結構化的數據不進行轉發,防止惡意程序或者其他未知應用進行訪問網絡或計算機。Fourth, control devices not to forward unknown operations (unregistered transmission transactions) or unstructured data to prevent malicious programs or other unknown applications from accessing the network or computer.
2)可以實時顯示當前網絡傳輸的行為。控制設備可以實時顯示當前網絡傳輸流量的行為進行檢測,例如,傳統的防火牆等檢測設備只能監測當前傳輸流量的大小,但是控制設備能夠檢測傳輸流量正在進行什麼具體行為,如正在進行文件名為test.mp4文件的傳輸等等。2) Real-time display of current network transmission behavior. The control device can display the current network transmission traffic behavior in real time for detection. For example, traditional detection equipment such as firewalls can only monitor the current transmission traffic volume, but the control device can detect the specific behavior of the transmission traffic, such as the transmission of the file named test.mp4.
3)可以對傳輸的數據進行預處理。3) The transmitted data can be pre-processed.
一是可以進行人工干預控制。例如,在傳輸的數據為可執行程序文件(例如.exe程序)時,不自動執行傳輸指令,而是需要人工干預,在控制設備中進行確認後,才能進行數據傳輸,防止病毒木馬的傳播或者敏感文件的數據洩露。First, manual intervention control is possible. For example, when the data being transmitted is an executable program file (such as an .exe program), the transmission instruction is not automatically executed. Instead, manual intervention is required. After confirmation in the control device, data transmission can be carried out, preventing the spread of viruses and Trojans or the leakage of sensitive files.
二是可以對重要文件進行備份。例如,在數據結構中,標記為“重要”的文件時(例如財務報表.xls),在傳輸過程中先將文件保存備份至控制設備中,防止數據端上文件誤刪除或者遭到勒索病毒加密。Second, it allows for the backup of important files. For example, if a file is marked as "important" in the data structure (e.g., a financial report .xls), it can be backed up to the control device before being transferred to prevent accidental deletion or ransomware encryption on the data client.
三是可以進行異常控制。例如在短時間內傳輸了10個文件時,則認為有異常行為,可以進行阻止傳輸、預警或者進行人工確認操作,防止惡意的程序或操作盜取數據。Third, it can perform abnormal control. For example, if 10 files are transferred in a short period of time, it is considered abnormal behavior and can block the transfer, issue an early warning, or perform manual confirmation operations to prevent malicious programs or operations from stealing data.
4)可以不需要對流量內容進行解密。在加密流量(例如https)的情況下,應用級的防火牆一般無法正常進行工作,需要使用私鑰進行流量解密。在結構化後,由於流量對應了具體的在應用上的API操作,其操作的範圍一般是受限的了,所以只要符合結構化的數據,可以不需要對程序傳輸的數據進行解密。同理,只要符合結構化的數據,也就能明確流量(傳輸的數據)的作用,所以可不對流量的具體內容進行解密。4) Traffic content decryption is not necessary. With encrypted traffic (e.g., HTTPS), application-level firewalls generally fail to function properly, requiring the use of a private key to decrypt the traffic. Once structured, since traffic corresponds to specific application API operations, the scope of these operations is generally limited. Therefore, as long as the data conforms to the structured data, decryption of the data transmitted by the application is not necessary. Similarly, as long as the data conforms to the structured data, the purpose of the traffic (the data being transmitted) can be clearly identified, so decryption of the specific content of the traffic is not necessary.
這裡需要補充說明的是,在本申請中,一個控制設備可連接多個數據端,或一個控制設備可與另外其他的多個控制設備連接(如圖6c所示)。It should be noted that in this application, one control device can be connected to multiple data ports, or one control device can be connected to multiple other control devices (as shown in FIG6c ).
下面結合圖5c和圖5d,以第一端10為客戶端、第二端20為服務端為例,具體列舉幾個示例來詳述一下本申請提供的技術方案:The following, with reference to FIG5c and FIG5d, takes the first end 10 as the client and the second end 20 as the server as an example, and lists several specific examples to describe in detail the technical solution provided by this application:
示例一Example 1
步驟一、預配置階段:控制設備預先配置Step 1: Pre-configuration phase: Pre-configuration of control devices
以第一控制設備預設配置為例,第一控制設備啟動後,讀取與客戶端建立通信連接所需使用到的配置信息,配置信息可具體包括但不限於如下內容:Taking the default configuration of the first control device as an example, after the first control device is started, it reads the configuration information required to establish a communication connection with the client. The configuration information may specifically include but is not limited to the following:
①控制設備的設備特徵,比如設備名稱、廠商ID、設備ID等;① Device characteristics of the control device, such as device name, manufacturer ID, device ID, etc.;
②建立通信連接所需用到的賬號、密碼(憑證)、連接校驗信息等;② Account number, password (credential), connection verification information, etc. required to establish a communication connection;
③數據傳輸交換配置信息,比如相關的公鑰和私鑰、傳輸事務集合等等;③Data transmission exchange configuration information, such as relevant public and private keys, transmission transaction sets, etc.;
④控制設備相關的描述符集合,其中,描述符集合可以但不限於如下內容:設備描述符(如廠商ID、產品ID、設備ID);配置描述符(如接口數量、電流需求等);接口描述符(規定通信協議等);端點描述符(各個IN、OUT端點的配置信息,包括端點號、端點類型等);字符串描述符(比如顯示的廠商名字、設備名字、產品名字等)等。④ A set of descriptors related to the control device, where the descriptor set can include but is not limited to the following: device descriptors (such as manufacturer ID, product ID, device ID); configuration descriptors (such as the number of interfaces, current requirements, etc.); interface descriptors (specifying communication protocols, etc.); endpoint descriptors (configuration information for each IN and OUT endpoint, including endpoint number, endpoint type, etc.); string descriptors (such as the displayed manufacturer name, device name, product name, etc.), etc.
⑤數據傳輸安全控制信息,比如,通信雙方的通信標識配置(如上文所述的客戶端對應的第二預置字符串集合、服務端對應的第一預置字符串集合、為預置字符字符串綁定(或關聯)的信息(如對應的IP、端口等),禁止或允許的傳輸事務、數據流等等。⑤ Data transmission security control information, such as the communication identification configuration of the communicating parties (such as the second preset character string set corresponding to the client, the first preset character string set corresponding to the server, and the information bound (or associated) with the preset character strings (such as the corresponding IP address, port number, etc.), prohibited or permitted transmission transactions, data streams, etc.
有關上述各配置信息的具體介紹,可參見上文結合圖9所述的相關內容。For detailed description of the above configuration information, please refer to the relevant content described above in conjunction with Figure 9.
這裡需要補充說明以下兩點:The following two points need to be explained here:
1)上述預設配置的實現可以離線配置(如使用分發器),或者也可以在線配置(如連接配置服務器,向控制設備下發相應的配置信息)。1) The above default configuration can be implemented offline (e.g. using a distributor) or online (e.g. connecting to a configuration server and sending the corresponding configuration information to the control device).
2)上述所述的4個描述符(設備描述符、配置描述符、接口描述符、端點描述符),是使用USB協議情況下的通用標準描述符,也可以不需要。通用標準的作用是,例如可以讓USB設備(如控制設備)在插入任意數據端(如客戶端或服務端),在不安裝驅動的情況下都能正常訪問,例如U盤、鼠標和鍵盤。為了能在數據端上隱藏控制設備,也可以不按照上述4個描述符的數據結構來,因為描述符只是讓數據端讀取識別用的(描述符相當於數據端連接控制設備的配置文件),用於數據端加載相應控制設備的設備驅動,並向指定控制設備的端點發送或接收數據,所以,描述符對於控制設備本身來說,並無太大意義。因為本申請中是需要在數據端中安裝控制設備的設備驅動的,那麼也可以完全自定義描述符,或者僅有最基本的設備描述符、字符串描述(僅讓操作系統能夠識別到的最低限度),其他用於數據端連接的信息預先通過其他方式同步至數據端即可。能夠使控制設備在接入未知的計算機時,進行安全保護和隱藏功能,減少遭逆向破解的安全風險。2) The four descriptors described above (device descriptor, configuration descriptor, interface descriptor, and endpoint descriptor) are universal standard descriptors used when using the USB protocol, but they are not necessarily required. The purpose of the universal standard is to allow USB devices (such as control devices) to be accessed normally when plugged into any data port (such as a client or server) without a driver installed, such as USB flash drives, mice, and keyboards. To hide the control device from the data port, the data structure of the four descriptors described above can be deviated from. Descriptors are only used by the data port for identification (a descriptor is equivalent to a configuration file for the data port connecting to the control device). They are used by the data port to load the device driver for the corresponding control device and send or receive data to the endpoint of the specified control device. Therefore, descriptors are not of much significance to the control device itself. Because this application requires installing a device driver for the control device on the data end, it's possible to completely customize the descriptor, or use only the most basic device descriptor and string description (the bare minimum required for the operating system to recognize it). Other data connection information can be pre-synchronized to the data end through other means. This allows the control device to implement security protection and concealment when connected to an unknown computer, reducing the risk of reverse engineering.
步驟二、數據端與控制設備建立通信連接階段Step 2: Establishing a communication connection between the data terminal and the control device
數據端與控制設備間的通信連接,可以為有線連接,或者無線連接,或者基於主板的獨立擴展卡連接,或者基於芯片的集成連接。有線連接可以為使用USB協議的連接線或者網絡雙絞線或光纖等等。無線連接可以為藍牙、WiFi等等。基於主板的連接可以為PCIE接口的擴展卡設備、SATA接口的設備等等。基於芯片集成的方式可以為SPI接口、SDIO接口等等。The communication connection between the data terminal and the control device can be wired, wireless, connected via a standalone expansion card on the motherboard, or integrated within a chip. Wired connections can use USB cables, twisted-pair network cables, or optical fibers. Wireless connections can use Bluetooth, WiFi, and other methods. Motherboard connections can use expansion cards with PCIe interfaces or SATA interfaces. Chip integration can use interfaces such as SPI and SDIO.
控制設備供電:可以為由相應數據端為控制設備供電,或者也可以為控制設備提供獨立的供電電源。Control device power supply: The control device can be powered by the corresponding data terminal, or an independent power supply can be provided for the control device.
控制設備使能:控制設備通電啟動後,控制設備按照讀取到的預設的配置信息,使能控制傳輸端點、IN端點或OUT端點,其中,IN端點或OUT可以為多組,也可以僅有IN端點或僅有OUT端點的情況。端點包括控制傳輸、中斷傳輸、批量傳輸、等時傳輸,超高速控制傳輸、超高速中斷傳輸、超高速批量傳輸、超高速等時傳輸。Control device enablement: After the control device is powered on, it reads the preset configuration information and enables control transmission endpoints, IN endpoints, or OUT endpoints. IN endpoints or OUT endpoints can be multiple groups, just IN endpoints, or just OUT endpoints. Endpoints include control transmission, interrupt transmission, bulk transmission, isochronous transmission, ultra-high-speed control transmission, ultra-high-speed interrupt transmission, ultra-high-speed bulk transmission, and ultra-high-speed isochronous transmission.
數據端開始枚舉以與相應控制設備建立通信連接,具體地:在數據端和控制設備通電啟動後,數據端連接控制設備,完成握手協議(完成枚舉)。如參見圖5c,以客戶端與第一控制設備建立通信連接、客戶端與第一控制設備間採用USB協議為例,具體枚舉過程可包括如下步驟:The data end begins enumeration to establish a communication connection with the corresponding control device. Specifically, after the data end and the control device are powered on, the data end connects to the control device and completes the handshake protocol (completes enumeration). As shown in Figure 5c, taking the example of a client end establishing a communication connection with a first control device and using the USB protocol between the client end and the first control device, the specific enumeration process may include the following steps:
①客戶端加載預設的連接所需的配置信息。比如,加載尋找第一控制設備的特徵值(如廠商ID、產品ID、設備ID、字符串等);加載登錄第一控制設備的賬號、密碼(憑證)等;加載數據交互相關的公鑰和密鑰等。需說明的是,配置信息可以由「分發器」(配置分發器)進行分發;也可以由第一控制設備進行同步。① The client loads the default configuration information required for the connection. For example, it loads the characteristic values for locating the first control device (such as the vendor ID, product ID, device ID, and string); the account and password (credentials) used to log in to the first control device; and the public and private keys related to data exchange. It should be noted that this configuration information can be distributed by a "distributor" (configuration distributor) or synchronized by the first control device.
②客戶端向符合特徵值的第一控制設備發送交互指令,獲取第一控制設備的描述符,如設備描述符、配置描述符、接口描述符、端點描述符、字符串描述符、或自定義描述符等(控制設備返回上述描述符),並判斷描述符參數是否符合預設。② The client sends an interaction command to the first control device that meets the characteristic value, obtains the descriptor of the first control device, such as a device descriptor, configuration descriptor, interface descriptor, endpoint descriptor, string descriptor, or custom descriptor (the control device returns the above descriptors), and determines whether the descriptor parameters meet the default.
另外,在操作系統支持、完全自定義的情況下(例如預設了5組IN和OUT端點,均為批量傳輸),也可以直接向控制設備(具備特徵值的設備)特定端點號發送測試數據,例如向端點1(OUT端點、批量傳輸)發送測試數據包,當測試數據包符合預設的情況下,控制設備端點2(IN端點、批量傳輸)返回成功的數據包。In addition, if the operating system supports full customization (for example, five sets of IN and OUT endpoints are preset, all for bulk transmission), test data can also be sent directly to a specific endpoint number of the control device (a device with characteristic values). For example, a test data packet can be sent to endpoint 1 (OUT endpoint, bulk transmission). When the test data packet meets the preset conditions, the control device endpoint 2 (IN endpoint, bulk transmission) returns a successful data packet.
需要說明的是:在完全自定義的情況下,在測試前,也可以先完成以下步驟③的連接請求校驗,或者跳過本步驟②的「獲取控制設備的描述符」部分,直接進行第③步驟,在第③步驟中進行測試。It should be noted that in a fully customized scenario, you can complete the connection request verification in step ③ below before testing, or skip the "Obtaining the Control Device Descriptor" section in step ② and proceed directly to step ③ for testing.
③客戶端向第一控制設備發送連接請求數據(賬號、密碼(憑證)等)。在第一控制設備返回預設的校驗成功數據後(控制設備對請求的數據進行校驗,校驗成功則返回成功,校驗失敗則返回失敗或者不返回數據),判定為枚舉成功。需說明的是:發送連接請求數據也是向第一控制設備的特定端點進行發送。例如,向端點1(OUT端點、批量傳輸)發送帶有賬號、密碼(憑證)的數據包,在端點2(IN端點、批量傳輸)返回成功或失敗的數據包。③ The client sends a connection request (account number, password (credential), etc.) to the first control device. Enumeration is considered successful when the first control device returns a preset verification success signal (the control device verifies the requested data and returns a success signal if successful, a failure signal if failed, or no data). It should be noted that sending the connection request data is also directed to a specific endpoint on the first control device. For example, a data packet containing an account number and password (credential) is sent to endpoint 1 (OUT endpoint, bulk transfer), and a success or failure signal is returned by endpoint 2 (IN endpoint, bulk transfer).
在返回成功的數據包後,客戶端完成與第一控制設備的通信連接(或稱完成枚舉),並每隔1秒向特定端點發送1次心跳包保持連接關係(非必須步驟),等待下一步的數據傳輸(傳輸事務)。After returning the successful data packet, the client completes the communication connection with the first control device (or completes the enumeration) and sends a heartbeat packet to the specific endpoint every 1 second to maintain the connection relationship (optional step), waiting for the next data transmission (transmission transaction).
由上內容,在客戶端加載預設的連接所需的配置信息,是由第一控制設備進行同步的情況下,通信連接建立的工作邏輯(為常規邏輯)為:Based on the above content, when the client loads the configuration information required for the default connection and the first control device performs synchronization, the working logic for establishing the communication connection (which is conventional logic) is as follows:
客戶端——>讀取描述符(配置)_——>第一控制設備---返回描述符(配置)--->客戶端---根據配置的端點發送或接收數據(端點等)——>第一控制設備Client -> Read descriptor (configuration) -> First control device --- Return descriptor (configuration) --- > Client --- Send or receive data according to the configured endpoint (endpoint, etc.) -> First control device
在客戶端加載預設的連接所需的配置信息,是由如“分發器”分發的情況下通信連接建立的工作邏輯(為特殊邏輯)為:The configuration information required to load the default connection on the client is based on the working logic (special logic) of establishing a communication connection when the "dispatcher" is distributed:
客戶端、第一控制設備預先同步配置信息——>客戶端根據配置的端點發送或接收數據(端點等)——>第一控制設備The client and the first control device pre-synchronize configuration information -> The client sends or receives data according to the configured endpoint (endpoint, etc.) -> The first control device
有關數據端與控制設備間進行建立通信連接的具體實現,可參見與圖10相關的內容。For details on how to establish a communication connection between the data terminal and the control device, please refer to the contents related to Figure 10.
這裡需要補充說明的是,數據端與相應控制設備間的數據傳輸還可以進行加解密。考慮到數據端與相應控制設備之間進行數據傳輸交換過程中,所傳輸的數據中途可能被抓包或者篡改。例如,控制設備發送數據至相應數據端過程中,可能被其他數據端內另一程序進行抓包或修改。再例如,數據端發送數據至相應控制設備過程時,可能被中間設備進行抓包或修改。為保證數據傳輸安全,數據端與相應控制設備間進行數據傳輸過程中可以進行加密,防止數據端中的其他軟件、或者通信鏈路上進行抓包。具體實施時,數據端與相應控制設備可以按照預先約定好通信的加密公鑰、密鑰(非對稱加密情況下)或者加密密鑰(對稱加密情況下)等加密憑證或解密憑證。It's important to note that data transmission between the data terminal and the corresponding control device can also be encrypted and decrypted. This is because data exchange between the data terminal and the corresponding control device can be intercepted or tampered with. For example, while a control device is sending data to the corresponding data terminal, it could be intercepted or modified by another program on the data terminal. Another example is that while a data terminal is sending data to the corresponding control device, it could be intercepted or modified by an intermediary device. To ensure data security, data transmission between the data terminal and the corresponding control device can be encrypted to prevent interception by other software on the data terminal or on the communication link. In specific implementations, the data end and the corresponding control device can use encryption certificates or decryption certificates such as the pre-agreed encryption public key, secret key (in the case of asymmetric encryption) or encryption key (in the case of symmetric encryption) for communication.
比如,當數據端(或數據端上的設備驅動、API接口等)上應用,根據相應控制設備下發的預設規則,調用數據端上的設備驅動以向相應控制設備的OUT端點發送數據時,設備驅動可先通過加密憑證(如私鑰)對待發送的數據進行加密,再進行發送;相應的控制設備接收後對數據進行解密(如使用公鑰進行解密)。也可以預先設置加密密鑰進行加密或解密(對稱加密方式)。也可以使用密鑰交換算法預先交換密鑰(密鑰交換方式),再根據密鑰進行加密或解密(對稱加密方式)。同時,密碼錯誤或者解密後不符合預設規則的數據,控制設備不予處理,防止數據端上的其他程序冒充控制設備的設備驅動向控制設備發送數據。For example, when an application on a data end (or a device driver, API, etc. on the data end) calls the device driver on the data end to send data to the OUT endpoint of the corresponding control device according to preset rules issued by the corresponding control device, the device driver can first encrypt the data to be sent using an encryption certificate (such as a private key) before sending it; the corresponding control device then decrypts the data (such as using a public key). Alternatively, encryption or decryption can be performed using a pre-set encryption key (symmetric encryption). Alternatively, a key exchange algorithm can be used to exchange keys in advance (key exchange method), and encryption or decryption can then be performed based on the key (symmetric encryption method). At the same time, the control device will not process data with incorrect passwords or data that does not meet the preset rules after decryption, preventing other programs on the data end from impersonating the device driver of the control device to send data to the control device.
再比如,當控制設備使用IN端點向相應的數據端(或數據端的設備驅動、API接口等)發送數據前,可以先通過加密憑證對數據進行加密,再進行發送;相應的數據端接收後,其上的設備驅動對對接收到的數據進行解密以發送至相應的應用。For example, before a control device uses an IN endpoint to send data to a corresponding data end (or the data end's device driver, API interface, etc.), it can first encrypt the data using an encryption certificate before sending it; after the corresponding data end receives the data, the device driver on it decrypts the received data and sends it to the corresponding application.
上述加密解密的方式包括但不限於對稱加密(如DES、AES等加密算法)、非對稱加密(如RSA、DSA、ECDSA等加密算法)、密鑰交換算法(如DH算法、ECDH算法)以及商業密碼算法(如SM1、SM2、SM3、SM4、SM7、SM9等加密算法)。The above encryption and decryption methods include but are not limited to symmetric encryption (such as DES, AES and other encryption algorithms), asymmetric encryption (such as RSA, DSA, ECDSA and other encryption algorithms), key exchange algorithms (such as DH algorithm, ECDH algorithm) and commercial cryptographic algorithms (such as SM1, SM2, SM3, SM4, SM7, SM9 and other encryption algorithms).
步驟三、數據端向相應連接的控制設備發送數據Step 3: The data end sends data to the corresponding connected control device
數據端向相應連接的控制設備發送數據時,是向控制設備相應接口下的OUT端點發送數據。以數據端與相應控制設備的通信連接採用USB協議為例,發送的數據為OUT令牌包+發送數據包。具體實施時,發送的數據包可以為如下2種:When a data port sends data to a connected control device, it sends the data to the OUT endpoint of the corresponding interface on the control device. For example, if the data port and the control device use the USB protocol, the data sent consists of an OUT token packet and a data packet. In practice, the data packets sent can be of the following two types:
第一種、數據包中包括:結構化頭(包含結構化的報文頭(或+數據頭))、具體需要傳輸的數據內容(如上文所述的第一數據流的第一數據塊);其中,報文頭中含有含有預置字符串(如接收方對應的第一預置字符串、發送方對應的第二預置字符串)。The first type is a data packet comprising: a structured header (including a structured message header (or + data header)), specific data content to be transmitted (such as the first data block of the first data stream described above); wherein the message header contains a preset string (such as a first preset string corresponding to the receiver and a second preset string corresponding to the sender).
第二種、數據包中包括:發送方對應的第二預置字符串、接收方對應的第一預置字符串、具體需要傳輸的數據內容(如上文所述的第一數據流的第一數據塊)。The second type is a data packet that includes: a second preset string corresponding to the sender, a first preset string corresponding to the receiver, and the specific data content to be transmitted (such as the first data block of the first data stream described above).
上述第二種,數據端對具體需要傳輸的數據內容(如第一數據塊)不進行結構化處理,結構化處理可以在由其連接的控制設備進行、或者也可以不進行。比如,在上文本申請其他實施例中所述的預置字符串用於隱藏相應端的地址信息的情況下,可以不進行。數據包中包含的各字段的數據長度(字節數)可根據實際進行自定義。下表6示出了第一種中的數據包的結構格式(注:該情況下的數據包也即為上文涉及的報文(如圖3a-1中示出的報文A1))。 表6
上表6中,第一預置字符串、第二預置字符串為發送方和接收方這兩個雙方的通信標識。當發送方為客戶端時,接收方對應的第一預置字符串可稱為服務標識符,發送方對應的第二預置字符串可稱為客戶標識符。當發送方為服務端時,發送方對應的第二預置字符串可稱為服務標識符,接收方對應的的第一預置字符串可稱為客戶標識符。In Table 6 above, the first and second preset character strings are the communication identifiers for the sender and receiver. When the sender is a client, the first preset character string corresponding to the receiver can be called the service identifier, and the second preset character string corresponding to the sender can be called the client identifier. When the sender is a server, the second preset character string corresponding to the sender can be called the service identifier, and the first preset character string corresponding to the receiver can be called the client identifier.
在一些實施例中,預置字符串可為32個字節或8字節等的複雜隨機字符串,用於隱藏相應端的地址信息。這種情況下,以發送方為客戶端,接收方為服務端,客戶端對應的第二預置字符串為:0x5c 0x67 0x55 0xb6,接收方對應的第一預置字符串為0x47 0xec 0x47 0xf4為例,假設客戶端需向服務端發送字符串數據「hello」,則發送方法可包括如下兩種:In some embodiments, the preset string can be a complex random string of 32 bytes or 8 bytes, etc., used to hide the address information of the corresponding end. In this case, the sender is the client and the receiver is the server. The client's corresponding second preset string is: 0x5c 0x67 0x55 0xb6, and the receiver's corresponding first preset string is 0x47 0xec 0x47 0xf4. For example, assuming that the client needs to send the string data "hello" to the server, the sending method may include the following two methods:
方法一:客戶端針對字符串數據「hello」構建符合預設結構規則要求的數據包(報文),數據包包含以下內容:Method 1: The client constructs a data packet (message) for the string data "hello" that meets the default structure rules. The data packet contains the following content:
客戶端對應的第二預置字符串:0x5c 0x67 0x55 0xb6The second preset string corresponding to the client: 0x5c 0x67 0x55 0xb6
服務端對應的第一預置字符串:0x47 0xec 0x47 0xf4The first preset string corresponding to the server: 0x47 0xec 0x47 0xf4
事務屬性標識標識:0x00 0x00 0x00 0x01 //“hello”對應傳輸事務的事務屬性標識,用於指示傳輸事務的事務屬性信息(已事先預設,事務屬性信息可包含的內容可參見表1b)Transaction attribute identifier: 0x00 0x00 0x00 0x01 // "hello" corresponds to the transaction attribute identifier of the transmission transaction, which is used to indicate the transaction attribute information of the transmission transaction (pre-set, the content of the transaction attribute information can be found in Table 1b)
事務標識:0xa2 0xba 0xc6 0xa1 //為“hello”對應傳輸事務的事務標識Transaction ID: 0xa2 0xba 0xc6 0xa1 //Transaction ID for the "hello" transmission transaction
數據包大小:0x00 0xC8 //為當前待傳輸的數據塊及結構化頭的總大小,數據包大小也可稱為數據包長度Packet size: 0x00 0xC8 // The total size of the data block and structured header to be transmitted. The packet size can also be called the packet length.
塊總數:0x00 0x01 //由於“hello”數據量較小,無需分成多個數據塊進行傳輸,所述塊總數為1Total number of blocks: 0x00 0x01 // Since the amount of "hello" data is small, it does not need to be divided into multiple data blocks for transmission. The total number of blocks is 1
當前塊號:0x00 0x01 //當前待傳輸的數據塊的塊號為1Current block number: 0x00 0x01 //The block number of the data block to be transmitted is 1
標注信息:0x00 0x00 //沒有需要標注的信息Annotation information: 0x00 0x00 //No information to be annotated
具體需傳輸的數據:0x68 0x65 0x6c 0x6c 0x6f //為字符串“hello”的unicode二進制編碼Specific data to be transmitted: 0x68 0x65 0x6c 0x6c 0x6f // Unicode binary encoding of the string "hello"
客戶端發送數據,如參見圖5d,具體可向相應連接的第一控制設備特定的OUT端點發送OUT令牌包+上述數據包。其中,特定的OUT端點為是客戶端根據第二預置字符串(0x5c 0x67 0x55 0xb6)關聯的關聯信息確定的。比如,可根據關聯信息,獲取為第二預置字符串綁定的端點號信息,從而根據端點號信,確定特定的OUT端點。The client sends data, as shown in Figure 5d. Specifically, it can send an OUT token packet and the aforementioned data packet to the specific OUT endpoint of the corresponding first control device. The specific OUT endpoint is determined by the client based on the association information associated with the second preset string (0x5c 0x67 0x55 0xb6). For example, the client can obtain the endpoint number information bound to the second preset string based on the association information, and then determine the specific OUT endpoint based on the endpoint number information.
方法二:客戶端針對字符串數據“hello”,進行預結構化構建包含如下內容的數據包:Method 2: The client pre-structures the string data "hello" and constructs a data packet containing the following content:
客戶端對應的第二預置字符串:0x5c 0x67 0x55 0xb6The second preset string corresponding to the client: 0x5c 0x67 0x55 0xb6
服務端對應的第一預置字符串:0x47 0xec 0x47 0xf4The first preset string corresponding to the server: 0x47 0xec 0x47 0xf4
具體需傳輸的數據:0x68 0x65 0x6c 0x6c 0x6f //為字符串“hello”的unicode二進制編碼Specific data to be transmitted: 0x68 0x65 0x6c 0x6c 0x6f // Unicode binary encoding of the string "hello"
客戶端發送數據,如參見圖5c,具體可向其連接的第一控制設備特定的OUT端點發送OUT令牌包+上述數據包(即預置字符串+具體需傳輸的數據)。The client sends data, as shown in Figure 5c, and specifically can send an OUT token packet + the above data packet (i.e., a preset string + specific data to be transmitted) to the specific OUT endpoint of the first control device to which it is connected.
這裡需要補充說明的是:在上述方式二的情況下,如參見圖5d,第一控制設備接收到的客戶端發送過來的數據後,可以根據從接收到的數據包中獲取到的第一預置字符串,獲取服務端的地址信息,根據服務端的地址信息直接對接收到的數據包進行轉發以發送至服務端。或者,也可以針對接收到的數據包,進一步地進行結構化處理,以生成如上述方式一中示出的符合預設結構規則要求的數據包,將生成的符合預設結構規則要求的數據包發送至服務端。採用上述由第一控制設備來生成符合預設結構要求的數據包,這種方式,可以對預置字符串進一步地進行加密。例如,在客戶端上安裝的控制設備的設備驅動中預註冊(預置)的可以是字符串別稱集合,字符串別稱集合中的字符串別稱為相應真實的預置字符串的別名,用於隱藏真實相應的預置字符串;相應地,客戶端針對需向服務端發送的字符串數據“hello”,通過調用其內安裝的設備驅動獲取到的是客戶端、服務端各自對應真實的預置字符串的字符串別稱,來作為客戶端、服務端各自對應的預置字符串,比如客戶端對應的預置字符串為:0x5c 0x67 0x55 0xb5(為真實的第二預置字符串“0x5c 0x67 0x55 0xb6”的字符串別稱)、服務端對應的預置字符串為:0x47 0xec 0x47 0xf3(為真實的第一預置字符串“0x47 0xec 0x47 0xf4”的字符串別稱;之後,根據上述獲取到的客戶端、服務端各自對應的預置字符串(為真實的預置字符串的字符串別稱(非真實))及具體需傳輸的字符串數據“hello”,生成待發送的數據包並發送至第一控制設備;第一控制設備對接收到的數據包進行解析,解析出客戶端、服務端各自對應的非真實的預置字符串後,可以根據自身內預置的真實的預置字符串與字符串別稱的對應關係,將上述解析出的客戶端、服務端各自對應的非真實的預置字符串轉換成真實的預置字符串,即上述所述的客戶端對應的第二預置字符串:0x5c 0x67 0x55 0xb6、服務端對應的第一預置字符串:0x47 0xec 0x47 0xf4,以此進一步加強數據安全。It should be noted that in the case of the second method described above, as shown in Figure 5d, after the first control device receives data sent by the client, it can obtain the server's address information based on the first preset string obtained from the received data packet and directly forward the received data packet to the server based on the server's address information. Alternatively, the received data packet can be further structured to generate a data packet that meets the preset structural rule requirements as shown in the first method described above, and the generated data packet that meets the preset structural rule requirements can be sent to the server. Using the above method of having the first control device generate a data packet that meets the preset structural requirements, this method can further encrypt the preset string. For example, a set of string aliases may be pre-registered (pre-set) in the device driver of the control device installed on the client. The string aliases in the string alias set are aliases of the corresponding real preset strings and are used to hide the real corresponding preset strings. Accordingly, for the string data "hello" to be sent to the server, the client obtains the string aliases of the real preset strings corresponding to the client and the server respectively by calling the device driver installed therein, which are used as the preset strings corresponding to the client and the server respectively. For example, the preset string corresponding to the client is: 0x5c 0x67 0x55 0xb5 (which is the string alias of the real second preset string "0x5c 0x67 0x55 0xb6"), and the preset string corresponding to the server is: 0x47 0xec 0x47 0xf3 (which is the string alias of the real first preset string "0x47 0xec 0x47 0xf4"); thereafter, based on the preset strings corresponding to the client and server obtained above (which are the string alias of the real preset string (not real)) and the specific string data "hello" to be transmitted, a data packet to be sent is generated and sent to the first control device; the first control device parses the received data packet, and after parsing out the non-real preset strings corresponding to the client and server, the first control device can convert the non-real preset strings corresponding to the client and server into real preset strings according to the correspondence between the real preset strings and the string aliases preset in the first control device, i.e., the second preset string corresponding to the client mentioned above: 0x5c 0x67 0x55 0xb6, the first preset string corresponding to the server: 0x47 0xec 0x47 0xf4, to further enhance data security.
上述所述的真實的預置字符串與字符串別稱的對應關係,可根據真實的預置字符串關聯的關聯信息獲得,關聯信息中包含相應真實的預置字符串的字符串別稱信息。有關字符串別稱信息的具體描述,可參見上文本申請其他實施例中給出的與示例11至示例13相關的內容。The aforementioned correspondence between the actual preset strings and the string aliases can be obtained based on the association information associated with the actual preset strings, which includes the string alias information of the corresponding actual preset strings. For a detailed description of the string alias information, please refer to Examples 11 to 13 of the other embodiments of the aforementioned application.
步驟四、控制設備向目標設備發送數據Step 4: Control the device to send data to the target device
承接上述步驟3給出的示例,繼續參見圖5d(或圖5c),第一控制設備通過其第一接口(為與客戶端連接的接口)接收到的客戶端發送過來的數據包後,基於預設的配置(如數據傳輸安全控制信息)進行校驗(或校驗後生成符合預設結構規則要求的數據包);校驗通過後,根據預設的配置,查詢第一預置字符串(0x47 0xec 0x47 0xf4)以獲得第一預置字符串關聯的關聯信息,從關聯信息中獲得其第二接口的通信目標(目標地址信息)。例如,當第一控制設備的第二接口為TCP/IP通信的情況下,從第一預置字符串(0x47 0xec 0x47 0xf4)關聯的關聯信息中獲取到的目標地址信息可為:目標IP地址為192.###.1.1、端口號為8080。比如,參見圖5d(或圖5c)示出的數據傳輸系統架構場景,目標地址信息可指向服務端連接的第二控制設備;或者如參見圖4b示出的數據傳輸系統架構場景,目標地址信息可直接指向服務端。Continuing with the example provided in step 3 above, and referring to FIG. 5d (or FIG. 5c ), the first control device receives a data packet sent by the client via its first interface (the interface connected to the client), and then verifies the data packet based on a preset configuration (such as data transmission security control information) (or generates a data packet that complies with preset structural rules after verification). After the verification passes, the first preset string (0x47 0xec 0x47 0xf4) is queried according to the preset configuration to obtain association information associated with the first preset string, and then obtains the communication target (target address information) of its second interface from the association information. For example, when the second interface of the first control device uses TCP/IP communication, the target address information obtained from the association information associated with the first preset string (0x47 0xec 0x47 0xf4) may be: target IP address 192.###.1.1, port number 8080. For example, referring to the data transmission system architecture scenario shown in Figure 5d (or Figure 5c), the target address information may point to the second control device connected to the server; or, as referring to the data transmission system architecture scenario shown in Figure 4b, the target address information may directly point to the server.
進一步地,第一控制設備可根據目標地址信息,將按照上述步驟3中的方法一或方法二生成的數據包向目標地址信息對應的設備發送。Furthermore, the first control device may send the data packet generated according to method 1 or method 2 in step 3 to the device corresponding to the target address information based on the target address information.
步驟五、目標設備接收數據Step 5: Target device receives data
目標設備接收到數據包時,可根據預設的配置,進行解密、校驗。目標設備校驗的內容可以為但不限於:源IP、源端口,發送方、接收方的通信標識(預置字符串),密碼憑證信息(若需要的情況),數據類型等是否符合預設配置。當校驗通過,若為如圖5d(或圖5c)示出的數據傳輸系統架構場景,且第二控制設備和服務端為主從角色的情況,則目標設備為第二控制設備,第二控制設備可將接收到的數據包緩存於本地,等待連接的服務端請求數據。When the target device receives the data packet, it decrypts and verifies it according to the preset configuration. The target device verifies, among other things, whether the source IP address, source port, sender and receiver communication identifiers (preset strings), password credentials (if necessary), and data type, to ensure compliance with the preset configuration. If verification passes, and if the data transmission system architecture scenario is as shown in Figure 5d (or Figure 5c), with the second control device and server in a master-slave relationship, the target device becomes the second control device. The second control device can cache the received data packet locally, awaiting data requests from the connected server.
需說明的是:控制設備根據預設的配置對通信數據包進行校驗,可根據校驗結果對數據包進行攔截或者放行。例如,若預設的配置禁止(或非允許(白名單制))傳輸文件類型為“exe”可執行程序,則當通信的數據包中所含具體傳輸的數據為test1.exe文件時,便進行攔截;反之,當通信的的數據包中所含具體傳輸的數據為test2.txt文件時,便進行放行。It should be noted that the control device verifies communication data packets according to the default configuration and can intercept or release the data packets based on the verification results. For example, if the default configuration prohibits (or does not allow (whitelist)) the transmission of "exe" executable files, then if the communication data packet contains the specific data transmitted by the test1.exe file, it will be intercepted. Conversely, if the communication data packet contains the specific data transmitted by the test2.txt file, it will be released.
進一步地,服務端獲取數據時,可主動地向第二控制設備循環發起獲取請求(發起方式可參見上文在介紹「第二大塊內容:數據交換方面」時涉及的接收數據的兩種方式相關內容),第二控制設備上有適配的數據包時進行向服務端返回數據包。服務端對接收到的數據包進行解析獲得相應數據,比如,繼續承接上述本示例給出的數據包例子,解析出的數據可包括但不限於:客戶端對應的第二預置字符串:0x5c 0x67 0x55 0xb6、服務端對應的第一預置字符串:0x47 0xec 0x47 0xf4,數據:0x68 0x65 0x6c 0x6c 0x6f(字符串數據“hello”的unicode二進制編碼)。Furthermore, when the server obtains data, it can actively initiate a cyclic acquisition request to the second control device (for the initiation method, please refer to the two methods of receiving data mentioned above when introducing "The second major content: Data exchange aspects"). When there is an adapted data packet on the second control device, the data packet is returned to the server. The server parses the received data packet to obtain the corresponding data. For example, continuing with the data packet example given above, the parsed data may include but is not limited to: the second preset string corresponding to the client: 0x5c 0x67 0x55 0xb6, the first preset string corresponding to the server: 0x47 0xec 0x47 0xf4, and the data: 0x68 0x65 0x6c 0x6c 0x6f (the Unicode binary encoding of the string data "hello").
示例二Example 2
下面將結合圖5d示出的數據傳輸系統架構場景,以第一端為客戶端、第二端為服務端、各端與相應的控制設備間為USB連接為例對示例二進行詳述。The following describes Example 2 in detail, combining the data transmission system architecture scenario shown in FIG5d , with the first end being the client, the second end being the server, and each end being connected to the corresponding control device via a USB connection.
例子1、請求數據:客戶端通過其連接的第一控制設備向服務端發起請求,比如請求網絡資源,具體的,請求test.jpg數據Example 1: Requesting data: The client sends a request to the server through the first control device it is connected to, such as requesting network resources, specifically, requesting test.jpg data.
1.1、預備階段:1.1. Preparatory stage:
1.1.1 針對「請求網絡資源」,對應預置的“請求網絡資源”傳輸事務的事務屬性信息包括如下表7示出的內容: 表71 「請求網絡資源」傳輸事務的事務屬性信息
1.1.2、第一控制設備、客戶端中同步地預設配置(預置的配置信息)中包含有上述「請求網絡資源」傳輸事務的事務屬性信息。1.1.2. The first control device and the client synchronously preset configuration (preset configuration information) including the transaction attribute information of the above-mentioned "request network resources" transmission transaction.
有關具體同步預設配置的具體實現,可參見上文本申請其他實施例中相關內容。For the specific implementation of the specific synchronization default configuration, please refer to the relevant content in other embodiments of the above text application.
1.2、客戶端的操作1.2. Client Operation
1.2.1、針對需向服務端傳輸的數據(請求網絡資源對應的請求參數),構建待傳輸的數據包。具體地,當客戶端上的應用(如瀏覽器應用)需要請求服務端的test.jpg圖片數據時,客戶端上應用針對需向服務端傳輸的數據(即請求網絡資源對應的請求參數)通過相應的API接口調用其上安裝的第一控制設備的設備驅動,獲取相應的「請求網絡資源」傳輸事務的事務屬性信息,並利用該「 請求網絡資源」傳輸事務的事務屬性信息,生成相應的符合預設結構規則要求的待傳輸的數據包。生成的數據包包括的內容如下表72所示。 表72 待傳輸的數據包
有關生成數據包的具體實現,可參見上文本申請其他實施例中介紹的生成待傳輸的報文相關內容。For the specific implementation of generating data packets, please refer to the relevant content of generating messages to be transmitted described in other embodiments of the above application.
1.2.2、客戶端向其連接的第一控制設備發送數據包1.2.2. The client sends a data packet to the first control device to which it is connected
客戶端通過相應的API接口調用其上安裝的設備驅動,構建完待傳輸的數據包後,可根據客戶端對應的第二預置字符串關聯的關聯信息中包含的端點號信息,向第一控制設備特定的OUT端點(例如第一控制設備的端點1),向第一控制設備發送OUT令牌+生成的數據包。The client calls the device driver installed on it through the corresponding API interface. After constructing the data packet to be transmitted, it can send the OUT token + generated data packet to the first control device to the specific OUT endpoint of the first control device (for example, endpoint 1 of the first control device) based on the endpoint number information contained in the associated information associated with the second preset string corresponding to the client.
1.3、第一控制設備的操作1.3. Operation of the first control device
1.3.1 第一控制設備對接收到的數據包進行校驗1.3.1 The first control device verifies the received data packet
校驗內容包括但不限於:數據包中客戶端、服務端這二者對應的預置字符串是否符合預設規則,比如,是否已註冊(即預設配置中是否含有);發送數據包的端點(端點1)是否符合預設規則(如是否為客戶端對應的第二預置字符串綁定的端點、是否為允許的端點);數據包中的事務屬性是否符合預設規則,例如傳輸事務的事務屬性標識0x36 0xe1 0x31 0xf2是否已註冊(預設配置中是否含有該事務屬性標識),數據流前3個字節是否為事務屬性限定的GET,等等。Verification includes, but is not limited to, checking whether the preset strings corresponding to the client and server in the data packet comply with the default rules, such as whether they are registered (i.e., included in the default configuration); whether the endpoint sending the data packet (endpoint 1) complies with the default rules (e.g., whether it is the endpoint bound to the second preset string corresponding to the client, and whether it is an allowed endpoint); whether the transaction attributes in the data packet comply with the default rules, such as whether the transaction attribute identifier 0x36 0xe1 0x31 0xf2 of the transmission transaction is registered (whether it is included in the default configuration); and whether the first three bytes of the data stream are a GET defined by the transaction attributes.
同時,對事務屬性標識等相關標識和數據流信息、數據流等數據進行日誌存儲。第一控制設備的日誌存儲區域只允許控制設備本身寫入,當連接的客戶端或其他審計設備接入時,日誌數據為只讀狀態,保證日誌數據不被刪除、篡改。At the same time, transaction attribute identifiers and other related identifiers, data flow information, and data flow data are logged and stored. The log storage area of the first control device only allows the control device itself to write. When connected clients or other audit devices access the log data, it is read-only, ensuring that the log data is not deleted or tampered with.
1.3.2 第一控制設備向第二控制設備發送網絡數據1.3.2 The first control device sends network data to the second control device
第一控制設備對接收到的數據包校驗通過後,根據從數據包中獲得服務端對應的第一預置字符串,確定出的目標地址信息(服務端對應的地址信息),按照預設網絡配置(如使用TCP/IP協議的網絡配置),將數據包發送至第二控制設備。After the first control device verifies the received data packet, it determines the target address information (the address information corresponding to the server) based on the first preset string corresponding to the server obtained from the data packet, and sends the data packet to the second control device according to the preset network configuration (such as the network configuration using the TCP/IP protocol).
1.4、第二控制設備的操作1.4. Operation of the Second Control Device
1.4.1 第二控制設備接收第二控制設備發送的網絡數據,並進行解碼校驗。1.4.1 The second control device receives network data sent by the second control device and performs decoding verification.
校驗內容包括但不限於:接收到的數據包中客戶端、服務端這二者對應的預置字符串是否符合預設規則,比如,是否已註冊(即預設配置中是否含有);發送數據包的網絡地址(例如域名、IP或端口)是否符合第一預置字符的預設規則(如是否為客戶端對應的第二預置字符串綁定的端點、是否為允許的端點);數據包中傳輸事務的事務屬性是否符合預設規則,例如,傳輸事務的事務屬性標識0x36 0xe1 0x31 0xf2是否已註冊(預設配置中是否含有該事務屬性標識)、數據流前3個字節是否為事務屬性限定的GET,等等。Verification includes, but is not limited to: whether the corresponding preset strings on the client and server in the received data packet comply with the preset rules, for example, whether they are registered (i.e., included in the default configuration); whether the network address (such as the domain name, IP address, or port) of the data packet meets the default rules for the first preset character (e.g., whether it is the endpoint bound to the second preset string corresponding to the client, and whether it is an allowed endpoint); whether the transaction attributes of the transmission transaction in the data packet comply with the default rules, for example, whether the transaction attribute identifier 0x36 0xe1 0x31 0xf2 of the transmission transaction is registered (whether it is included in the default configuration), whether the first three bytes of the data stream are a GET defined by the transaction attributes, etc.
同時,對事務屬性標識等相關標識符和數據流信息、數據流等數據進行日誌存儲。控制設備的日誌存儲區域只允許控制設備本身寫入,當連接的服務端或其他審計設備接入時,日誌數據為只讀狀態,保證日誌數據不被刪除、篡改。At the same time, transaction attribute identifiers and other related identifiers, as well as data flow information and data flow data, are logged and stored. The control device's log storage area only allows the control device itself to write. When connected to the server or other auditing equipment, the log data is read-only, ensuring that the log data is not deleted or tampered with.
1.4.2 緩存數據包1.4.2 Cache Data Packets
第二控制設備對接收到的數據包校驗通過後,將數據包緩存於本地,等待連接的服務端請求該數據包。After the second control device verifies the received data packet, it caches the data packet locally and waits for the connected server to request the data packet.
當服務端請求時,校驗請求的端口是否符合預設等,符合時,將數據包發送至服務端。When the server makes a request, it checks whether the requested port matches the default setting, etc. If it does, it sends the data packet to the server.
1.5、服務端的操作:通過相應API接口讀取數據。1.5. Server-side operation: read data through the corresponding API interface.
服務端接收到數據包後,按照預設的配置進行校驗,主要校驗的內容包括但不限於:數據包中傳輸事務的事務屬性是否符合預設規則,例如,事務屬性標識0x36 0xe1 0x31 0xf2是否已註冊、數據流前3個字節是否為事務屬性限定的GET,等等。當校驗通過後,解析數據流「 GET test.jpg」的操作內容,以針對客戶端的請求反饋相應的數據,即進入下述給出的例子2的流程。After receiving the data packet, the server performs a verification according to the default configuration. This verification primarily checks, but is not limited to, whether the transaction attributes of the transaction transmitted in the packet conform to the default rules. For example, whether the transaction attribute identifier 0x36 0xe1 0x31 0xf2 is registered, and whether the first three bytes of the data stream represent a GET transaction attribute. If the verification passes, the server parses the data stream "GET test.jpg" for the operation content and responds to the client's request with the corresponding data, thus entering the process of Example 2 below.
例子2:回復數據:服務端通過第二控制設備向客戶端回復數據,具體地,為回復test.jpg文件數據Example 2: Data recovery: The server recovers data to the client through the second control device. Specifically, it recovers the test.jpg file data.
2.1、預備階段:2.1. Preparatory stage:
2.1.1、服務端需向客戶端發送「test.jpg文件數據」,所對應的傳輸事務可為預置的“上傳jpg文件”傳輸事務,該傳輸事務的事務屬性信息包括如下表73示出的內容: 表73 「上傳jpg文件」傳輸事務的傳輸事務屬性信息
上述表73中,事務屬性名稱,該傳輸事務顯示的屬性名稱字符串,如為「上傳jpg文件」。In Table 73 above, the transaction attribute name is the attribute name string displayed for the transfer transaction, such as "Upload jpg file."
標注信息,該傳輸事務的事務屬性備註的字符串。標注為「上傳jpg格式的文件」。Note: This is a string that represents the transaction attribute notes for this transfer transaction. The note is "Upload a jpg file."
關聯的預置字符串,為該傳輸事務關聯的客戶端對應的第二預置字符串。事務是基於服務下的具體操作,比如以客戶端上預先註冊的文件交互服務為例,則為該文件交互服務預置的客戶端對應的第二預置字符串(或也可叫服務標識、通信標識)可為:0x47 0xec 0x47 0xf4。The associated preset string is the second preset string corresponding to the client associated with the transfer transaction. Transactions are specific operations within a service. For example, for a pre-registered file exchange service on the client, the second preset string (also called the service identifier or communication identifier) corresponding to the client's preset client for this file exchange service might be: 0x47 0xec 0x47 0xf4.
事務屬性標識,為傳輸事務的事務屬性信息的唯一標識(如ID值),一般為隨機字符串,如。為「上傳jpg文件」傳輸事務的傳輸事務屬性生成的事務屬性標識為:0x36 0xe1 0x31 0xf1;The transaction attribute identifier is a unique identifier for the transaction attribute information of the transfer transaction (such as an ID value). It is generally a random string. For example, the transaction attribute identifier generated for the transfer transaction attribute of the "upload jpg file" transfer transaction is: 0x36 0xe1 0x31 0xf1;
事務屬性使用角色,為使用該事務屬性角色的相應端角色。例如,服務端或者客戶端,或者,客戶端的更具體角色可為,如客戶端的普通會員或者高級會員。上述0x00表徵為服務端角色使用的情況。The transaction attribute usage role is the corresponding end role that uses the transaction attribute role. For example, server or client, or a more specific client role, such as regular member or senior member. The above 0x00 indicates the server role is used.
事務屬性類型,為傳輸事務的基本操作類型。例如,控制傳輸事務,一般是與應用系統運行相關的,如發起網絡測試、發起心跳包;下載傳輸事務,如讀取網絡數據資源;上傳傳輸事務,如發送網絡數據;數據流的類型,如普通數據流或者文件數據流。上述0x00表徵上傳傳輸數據,數據流為文件數據流。The transaction attribute type represents the basic operation type of a transmission transaction. For example, control transmission transactions are generally related to application system operations, such as initiating network tests and sending heartbeat packets; download transmission transactions include reading network data resources; upload transmission transactions include sending network data; and the data stream type includes a normal data stream or a file data stream. The value 0x00 above indicates an upload transmission, and the data stream is a file data stream.
分組編碼(一種字典),分別為一、二、三類,用於配置不同場景下的數據傳輸操作等等。暫不進行分類,均為0x00。Group coding (a kind of dictionary), divided into categories 1, 2, and 3, is used to configure data transmission operations in different scenarios, etc. Currently, no classification is performed and all values are 0x00.
傳輸的具體數據包的校驗信息(例如正則表達式、數據或文件頭格式),用於校驗具體數據包的數據格式或者部分數據內容是否符合該傳輸事務的要求。例如,當傳輸事務為發送文件,文件頭為jpg格式(圖片)時,則判斷文件內容數據的起始4字節是否為0xFF 0xD8 0xFF 0xE0,防止非jpg格式的文件(如exe可執行文件)進行冒充。設置為0xFF 0xD8 0xFF 0xE0時,判斷文件頭的數據為0xFF 0xD8 0xFF 0xE0。Verification information for the specific data packet being transmitted (such as a regular expression, data, or file header format) is used to verify that the data format or partial data content of the specific data packet meets the requirements of the transmission transaction. For example, if the transmission transaction is sending a file and the file header is in .jpg format (image), the first four bytes of the file content data are checked to ensure they are 0xFF 0xD8 0xFF 0xE0 to prevent non-.jpg format files (such as executable files) from impersonating the file. When set to 0xFF 0xD8 0xFF 0xE0, the file header data is checked to be 0xFF 0xD8 0xFF 0xE0.
有關上文為詳盡的內容,可參見上文其他實施例中相關內容。For details about the above, please refer to the relevant content in other embodiments above.
這裡需要補充說明的是,文件流傳輸事務可以為特定文件類型(限定JPG格式),如上述例子;也可以通用類型,不限定特定文件類型;不限定特定文件類型的情況下,可以在控制設備進行預設限制,例如限制文件類型為exe的文件不允許上傳或者下載。It should be noted that file streaming transactions can be for specific file types (limited to JPG format), as in the example above, or they can be general types, not limited to specific file types. If they are not limited to specific file types, preset restrictions can be set on the control device, for example, restricting the upload or download of EXE files.
2.1.2、第二控制設備、服務端中同步地預設配置(預置的配置信息)中包含有上述「上傳jpg文件」傳輸事務的事務屬性信息。2.1.2. The second control device and the server synchronously configure the default configuration (default configuration information) to include the transaction attribute information of the "upload jpg file" transmission transaction.
有關具體同步預設配置的具體實現,可參見上文本申請其他實施例中相關內容。For the specific implementation of the specific synchronization default configuration, please refer to the relevant content in other embodiments of the above text application.
2.2、服務端的操作2.2. Server Operation
2.2.1、針對需向客戶端傳輸的數據(上傳test.jpg文件數據),構建待傳輸的數據包。具體地,例如,以上述例子1中客戶端請求Jpg圖片為例,服務端針對客戶端的請求,讀取適配的jpg圖片數據,並通過相應API接口其上安裝的第二控制設備的設備驅動,獲取相應的上述示出的「上傳jpg文件」傳輸事務的事務屬性信息,並利用該「上傳jpg文件」傳輸事務的事務屬性信息,生成相應的符合預設結構規則要求的待傳輸的數據包。2.2.1. Construct a data packet to be transmitted to the client (uploading the test.jpg file data). Specifically, using the client's request for a JPEG image in Example 1 above as an example, the server reads the appropriate JPEG image data in response to the client's request. The server then obtains the transaction attribute information of the corresponding "upload jpg file" transaction described above through the device driver of the second control device installed on the server via the corresponding API interface. Using this transaction attribute information, the server generates a corresponding data packet to be transmitted that complies with the preset structural rules.
假設,讀取到的jpg圖片數據為1024字節,由於數據相對較大,需對讀取到的jpg圖片數據分塊,設置每塊數據大小為512字節的情況下,需將讀取到的jpg圖片數據切分為2個塊進行傳輸。針對切分的2個數據塊,分別利用上述「上傳jpg文件」傳輸事務的事務屬性信息,生成相應符合預設結構規則要求的待傳輸的數據包。所生成的兩個數據包如下表74和表75所示: 表74 生成的第一個待傳輸的數據包(記為數據包1)
2.2.2、服務端向其連接的第二控制設備發送數據包2.2.2. The server sends a data packet to the second control device connected to it
服務端通過相應的API接口調用其上安裝的設備驅動,構建完待傳輸的數據包後,可根據服務端對應的第一預置字符串關聯的關聯信息中包含的端點號信息,向第二控制設備特定的OUT端點(例如第二控制設備的端點1’),向第而控制設備發送OUT令牌+生成的數據包。The server calls the device driver installed on it through the corresponding API interface. After constructing the data packet to be transmitted, it can send the OUT token + generated data packet to the second control device based on the endpoint number information contained in the associated information associated with the first preset string corresponding to the server. The OUT token + generated data packet is sent to the second control device.
2.3、第二控制設備的操作2.3. Operation of the Second Control Device
2.3.1 第二控制設備對接收到的數據包進行校驗2.3.1 The second control device verifies the received data packet
校驗內容包括但不限於:數據包中客戶端、服務端這二者對應的預置字符串是否符合預設規則,比如,是否已註冊(即預設配置中是否含有);發送數據包的端點(端點1)是否符合預設規則(如是否為服務端對應的第一預置字符串綁定的端點、是否為允許的端點);數據包中的事務屬性是否符合預設規則,例如,傳輸事務的事務屬性標識0x36 0xe1 0x31 0xf1是否已註冊(預設配置中是否含有該事務屬性標識)、傳輸的文件是否為jpg格式、jpg的文件頭是否為事務屬性限定的0xFF 0xD8 0xFF 0xE0,等等。Verification includes, but is not limited to, checking whether the corresponding preset strings on the client and server sides of the data packet comply with the default rules, for example, whether they are registered (i.e., included in the default configuration); whether the endpoint sending the data packet (endpoint 1) complies with the default rules (e.g., whether it is the endpoint bound to the first preset string corresponding to the server, and whether it is an allowed endpoint); whether the transaction attributes in the data packet comply with the default rules, for example, whether the transaction attribute identifier 0x36 0xe1 0x31 0xf1 of the transmission transaction is registered (i.e., whether it is included in the default configuration); whether the transmitted file is in jpg format; whether the jpg file header contains the transaction attribute-defined format of 0xFF 0xD8 0xFF 0xE0, etc.
同時,對事務屬性標識等相關標識符和文件流頭(文件名、文件類型等)等數據進行日誌存儲。第二控制設備的日誌存儲區域只允許第二控制設備本身寫入,當連接的服務端或其他審計設備接入時,日誌數據為只讀狀態,保證日誌數據不被刪除、篡改。At the same time, relevant identifiers such as transaction attribute identifiers and file stream headers (file name, file type, etc.) are logged and stored. The log storage area of the second control device only allows writing by the second control device itself. When connected to the server or other auditing equipment, the log data is read-only, ensuring that the log data is not deleted or tampered with.
2.3.2 第二控制設備向第一控制設備發送網絡數據2.3.2 The second control device sends network data to the first control device
第二控制設備對接收到的數據包校驗通過後,根據從數據包中獲得客戶端對應的第二預置字符串,確定出的目標地址信息(客戶端對應的地址信息),按照預設網絡配置(如使用TCP/IP協議的網絡配置),將數據包發送至第一控制設備。After the second control device verifies the received data packet, it determines the target address information (the address information corresponding to the client) based on the second preset character string corresponding to the client obtained from the data packet, and sends the data packet to the first control device according to the preset network configuration (such as the network configuration using the TCP/IP protocol).
2.4、第一控制設備的操作2.4. Operation of the First Control Device
2.4.1 第一控制設備接收第二控制設備發送的網絡數據,並進行解碼校驗。2.4.1 The first control device receives network data sent by the second control device and performs decoding verification.
校驗內容包括但不限於:接收到的數據包中客戶端、服務端這二者對應的預置字符串是否符合預設規則,比如,是否已註冊(即預設配置中是否含有);發送數據包的網絡地址(例如域名、IP或端口)是否符合第二預置字符的預設規則(如是否為客戶端對應的第二預置字符串綁定的端點、是否為允許的端口);數據包中的事務屬性是否符合預設規則,例如,傳輸事務的事務屬性標識0x36 0xe1 0x31 0xf1是否已註冊(預設配置中是否含有該事務屬性標識)、傳輸的文件是否為jpg格式、jpg的文件頭是否為事務屬性限定的0xFF 0xD8 0xFF 0xE0,等等。Verification includes, but is not limited to, checking whether the corresponding preset strings on the client and server in the received data packet comply with the default rules, for example, whether they are registered (i.e., included in the default configuration); whether the network address (such as the domain name, IP address, or port) of the sent data packet complies with the default rules for the second preset character (e.g., whether it is the endpoint bound to the second preset string corresponding to the client, or whether it is an allowed port); whether the transaction attributes in the data packet comply with the default rules, for example, whether the transaction attribute identifier 0x36 0xe1 0x31 0xf1 of the transmission transaction is registered (whether it is included in the default configuration); whether the transmitted file is in jpg format; whether the jpg file header contains the transaction attribute-defined string 0xFF 0xD8 0xFF 0xE0, etc.
同時,對事務屬性標識等相關標識符和文件流頭(文件名、文件類型等)等數據進行日誌存儲。第一控制設備的日誌存儲區域只允許第一控制設備本身寫入,當連接的客戶端或其他審計設備接入時,日誌數據為只讀狀態,保證日誌數據不被刪除、篡改。At the same time, relevant identifiers such as transaction attribute identifiers and file stream headers (file name, file type, etc.) are logged and stored. The log storage area of the first control device only allows writing by the first control device itself. When connected clients or other audit devices access the log data, the log data is read-only, ensuring that the log data is not deleted or tampered with.
2.4.2 緩存數據包2.4.2 Cache Data Packets
第一控制設備對接收到的數據包校驗通過後,將數據包緩存於本地,等待連接的客戶端請求該數據包After the first control device verifies the received data packet, it caches the data packet locally and waits for the connected client to request the data packet.
當客戶端請求時,校驗請求的端點是否符合預設等,符合時,將數據包發送至服務端。When the client makes a request, it verifies whether the requested endpoint meets the default settings, etc. If it does, it sends the data packet to the server.
2.5、客戶端的操作:通過相應API接口讀取數據2.5. Client operation: read data through the corresponding API interface
客戶端接收到數據包後,按照預設的配置進行校驗,主要校驗的內容包括但不限於:數據包中傳輸事務的事務屬性是否符合預設規則,例如,事務屬性標識0x36 0xe1 0x31 0xf1是否已註冊、傳輸的文件是否為jpg格式、jpg的文件頭是否為事務屬性限定的0xFF 0xD8 0xFF 0xE0,等等。當校驗通過後,保存從數據包中獲取的數據test.jpg,文件名、文件類型也可以自行設置。After receiving the data packet, the client verifies it according to the default configuration. This verification primarily checks, but is not limited to, whether the transaction attributes of the transaction transmitted in the packet conform to the default rules. For example, whether the transaction attribute identifier 0x36 0xe1 0x31 0xf1 is registered, whether the transmitted file is in .jpg format, and whether the .jpg file header contains the transaction attribute-defined format of 0xFF 0xD8 0xFF 0xE0. If verification passes, the client saves the data obtained from the packet as test.jpg. The file name and file type can also be customized.
綜合上文內容,本申請又通過圖15a至圖15c,簡單的示出了本申請結合控制設備提供的數據傳輸方案的原理性示意圖。如參見圖15a所示,數據端的數據交換需求一般可分為如下兩大類:發送數據(上行數據)、接收數據(下行數據)。其中,In summary, this application further illustrates the principle schematic diagram of the data transmission solution provided by this application in combination with the control device through Figures 15a to 15c. As shown in Figure 15a, the data exchange requirements of the data end can generally be divided into the following two categories: sending data (uplink data) and receiving data (downlink data). Among them,
發送數據的具體實現包括如下過程:The specific implementation of sending data includes the following processes:
數據端向其連接的控制設備的OUT端點發送數據(如OUT令牌+數據包(含有預置字符串+具體需傳輸的數據));The data end sends data (such as OUT token + data packet (containing preset string + specific data to be transmitted)) to the OUT end of the control device to which it is connected;
相應的控制設備對接收到的數據包進行校驗,並根據從數據包中相應的預置字符串(為目標設備(如計算機2)對應的預置字符串),獲取目標地址信息(如目標IP、端口);然後,根據目標地址信息向目標設備發送數據包。之後,若接收到目標設備返回的數據包接收的狀態包(用於表徵數據包的接收情況(如接收成功或失敗)),通過其上的OUT端點向其連接的數據端發送狀態包;The corresponding control device verifies the received data packet and obtains the target address information (such as the target IP address and port number) from the preset string corresponding to the target device (such as Computer 2) in the data packet. Then, based on the target address information, it sends the data packet to the target device. Afterwards, if the target device returns a data packet reception status packet (used to indicate the data packet reception status (such as successful or failed)), it sends a status packet to the connected data port through its OUT endpoint.
數據端接收相應控制設備發送的數據(狀態包),執行發送數據成功或失敗的處理流程(如按照預設進行本地記錄或向目標設備進行發送記錄,等等)。The data end receives data (status packets) sent by the corresponding control device and executes the processing flow for the success or failure of sending data (such as local recording according to the default or sending records to the target device, etc.).
接收數據的具體實現包括如下過程:The specific implementation of receiving data includes the following processes:
數據端向其連接的控制設備的IN端點發送數據(如IN令牌包);The data end sends data (such as IN token packet) to the IN end of the control device to which it is connected;
相應的控制設備接收到其IN端點的數據後,查詢自身內是否存儲有符合要求的可用數據;若未存儲,則按照預設向目標設備發送請求或等待目標設備下傳數據;若存儲有,向數據端返回相應數據;After receiving the data from its IN endpoint, the corresponding control device checks whether it has available data that meets the requirements. If not, it sends a request to the target device or waits for the target device to download data according to the default settings. If it does, it returns the corresponding data to the data end.
數據端針對接收到的數據,向其連接的控制設備返回數據接收的狀態包,由控制設備根據狀態包執行數據接收成功或失敗的處理流程(如按照預設進行本地記錄或向目標設備進行發送記錄,等等)。The data end returns a data reception status packet to the connected control device for the received data. The control device then executes the data reception success or failure processing flow based on the status packet (such as local recording according to the default or sending the record to the target device, etc.).
這裡需要補充說明的是,上述狀態包可分為如下3種:ACK包,用於表示發送或接收成功;NAK包,用於標識控制設備忙或目標無可處理的數據,連接的數據端需要重新發數據;SHALL包,表徵錯誤,一般為數據發錯端點或端點不支持或數據校驗不通過等。控制設備的網絡接口及端點均可以由多組。通過預置字符串可配置綁定相應的端點或網絡接口。It's important to note that these status packets can be categorized into three types: ACK packets, which indicate a successful transmission or reception; NAK packets, which indicate that the control device is busy or that the target has no data to process, requiring the connected data end to resend; and SHAL packets, which indicate errors, typically indicating data sent to the wrong endpoint, unsupported endpoints, or data verification failures. A control device's network interfaces and endpoints can be grouped together. Preset strings can be used to configure bindings to corresponding endpoints or network interfaces.
圖15b和圖15c是以數據端為計算機設備(如臺式計算機)為例進行示出的數據傳輸交換示例;其中,圖中的目標設備,一些實施例中,其可僅包含另一計算機(記為計算機2),或者在另一些實施例中,可包括計算機2和該計算機2連接的另一控制設備。Figures 15b and 15c illustrate data transmission and exchange examples using a computer device (e.g., a desktop computer) as the data end. In some embodiments, the target device in the figure may only include another computer (denoted as computer 2), or in other embodiments, may include computer 2 and another control device connected to computer 2.
圖15b示出的是在計算機作為主機、計算機連接的控制設備作為從機的情況(與圖15a中示出的主從機模式對應)下,數據傳輸的原理性示意圖。如參見圖15b所示,具體數據傳輸過程為:Figure 15b shows a schematic diagram of the principle of data transmission in the case where the computer acts as the master and the control device connected to the computer acts as the slave (corresponding to the master-slave mode shown in Figure 15a). As shown in Figure 15b, the specific data transmission process is as follows:
若計算機1需向目標設備傳輸(發送)數據(即上行數據),則可包括如下步驟:If computer 1 needs to transmit (send) data to the target device (i.e., uplink data), the following steps may be included:
步驟11、計算機1針對需發送的數據,生成待發送的數據包(即上行數據包),數據包中可包含如下內容:預置字符串和具體需傳輸的數據,並將該數據包發送至與其連接的控制設備1。需說明的是,若計算機1與控制設備1間為USB協議連接,在向控制設備1發送數據包時,同時還需發送OUT令牌包;若後續無對應的下行數據,則此次發送為單向傳輸。In step 11, computer 1 generates a data packet (i.e., an uplink data packet) for the data to be transmitted. This data packet may include the following: a preset string and the specific data to be transmitted. This data packet is then sent to connected control device 1. It should be noted that if the connection between computer 1 and control device 1 is USB, when sending a data packet to control device 1, an OUT token packet must also be sent. If there is no subsequent downlink data, this transmission is considered a one-way transmission.
步驟12、控制設備1根據相應的預置字符串(如計算機2對應的預置字符串),獲取對應的目標地址信息(如為計算機2對應的預置字符串綁定的計算機的地址信息,如192.###.1.2:8080),根據獲取到的目標地址信息發送數據包至目標設備。需說明的是,向目標設備發送的數據包可以為接收到的計算機1發送過來的原始數據包,或者也可以為根據控制設備1預設的配置進行處理(加密(利用私鑰對原始數據包進行加密)、修改數據包中的某些內容(如數據包為請求數據包,修改數據包中包含的請求參數)、刪除數據包中的某些內容(如數據包為請求數據包,刪除數據包中包含的請求參數以增加新的預設請求參數)、壓縮數據、在數據包中增加一些內容等)後形成的新數據包。Step 12: Control device 1 obtains corresponding target address information (e.g., the address information of the computer bound to the preset string corresponding to computer 2, such as 192.###.1.2:8080) based on the corresponding preset string (e.g., the preset string corresponding to computer 2), and sends a data packet to the target device based on the obtained target address information. It should be noted that the data packet sent to the target device can be the original data packet sent by the receiving computer 1, or it can also be a new data packet formed after being processed according to the preset configuration of the control device 1 (encryption (using a private key to encrypt the original data packet), modification of certain contents in the data packet (such as if the data packet is a request data packet, modification of the request parameters contained in the data packet), deletion of certain contents in the data packet (such as if the data packet is a request data packet, deletion of the request parameters contained in the data packet to add new default request parameters), compression of data, addition of some contents to the data packet, etc.).
步驟13、目標設備響應於接收數據包的狀態,向控制設備1反饋數據包接收的狀態包。例如,若接收數據包成功,可反饋表徵成功的狀態包,此狀態包中可包含表徵接收成功的編碼信息(如0);反之,若接收數據包失敗,可反饋表徵失敗的狀態包,此狀態包中包含表徵接收失敗的編碼信息,此編碼信息根據接收失敗的不同原因有所不同,比如因無法找到而失敗,則編碼信息可為404等。In step 13, the target device, in response to the status of receiving the data packet, feeds back a status packet indicating the data packet reception to the control device 1. For example, if the data packet is received successfully, a status packet indicating success may be fed back. This status packet may include coded information indicating successful reception (e.g., 0). Conversely, if the data packet is received unsuccessfully, a status packet indicating failure may be fed back. This status packet may include coded information indicating a reception failure. This coded information may vary depending on the reason for the reception failure. For example, if the reception failure is due to not being found, the coded information may be 404.
步驟14、控制設備1將接收到的目標設備反饋的狀態包發送至計算機1,發送的方式有如下兩種:Step 14: Control device 1 sends the received status packet from the target device to computer 1. There are two ways to send the status packet:
方式一、等待計算機1主動獲取,具體可參見下述描述的計算機1上行(接收)數據的相關內容,此處不作贅述。Method 1: Wait for Computer 1 to actively acquire the data. For details, please refer to the following description of Computer 1 uplinking (receiving) data, which will not be repeated here.
方式二、控制設備1直接反饋,若發送成功,控制設備1直接向計算機1返回成功包(計算機1與控制設備1為USB協議連接時,返回的為ACK包);若發送失敗時,控制設備1直接向計算機1返回失敗包(計算機1與控制設備1為USB協議連接時,返回的為NAK包)。Method 2: Direct feedback from control device 1. If the transmission is successful, control device 1 directly returns a success packet to computer 1 (when computer 1 and control device 1 are connected via the USB protocol, the returned packet is an ACK packet). If the transmission fails, control device 1 directly returns a failure packet to computer 1 (when computer 1 and control device 1 are connected via the USB protocol, the returned packet is a NAK packet).
這裡需要補充說明的是,上述步驟13和步驟14為非必須步驟,比如若計算機1的此次發送為單向傳輸,則便無需執行步驟13和步驟14。It should be noted that the above steps 13 and 14 are optional steps. For example, if the transmission by computer 1 is a one-way transmission, there is no need to execute steps 13 and 14.
若計算機1需下載(或查詢)數據(即下行數據),則可包括如下步驟:If computer 1 needs to download (or query) data (i.e., downlink data), the following steps may be included:
步驟21、計算機1需查詢/下載數據時,可向控制設備1發送查詢數據指令,例如,當計算機1與控制設備1為USB協議連接,發送查詢數據指令有如下兩種方式:Step 21: When computer 1 needs to query/download data, it can send a data query instruction to control device 1. For example, when computer 1 and control device 1 are connected via USB protocol, there are two ways to send the data query instruction:
方式一、計算機1向控制設備1特定的OUT端點發送查詢數據包(數據包可包含相應的預置字符串,同上述描述的上行數據);在接收到控制設備1返回的ACK時,再向控制設備1特定的IN端點發送IN令牌包,以接收控制設備反饋的適配的數據。Method 1: Computer 1 sends a query data packet to the specific OUT endpoint of control device 1 (the data packet may contain a corresponding preset string, similar to the uplink data described above). When receiving the ACK returned by control device 1, it then sends an IN token packet to the specific IN endpoint of control device 1 to receive the adapted data fed back by the control device.
方式二、計算機1直接向控制設備1特定的IN端點發送IN令牌包(無OUT上行數據的過程,為單向傳輸)。Method 2: Computer 1 directly sends an IN token packet to the specific IN endpoint of control device 1 (without the OUT uplink data process, which is a one-way transmission).
步驟22、控制設備1,針對上述方式一,可向目標設備發送查詢數據包,具體地,是根據相應預置字符串(計算機2對應的預置字符串),所獲取到的目標地址信息,向目標設備發送請求數據包。針對上述方式二,控制設備1可先自動的、定時的向目標設備發送數據請求動作(可根據預置的相應請求參數進行),或者可在接收到計算機1發送的IN令牌包時,觸發預設的規則,向目標設備發送數據請求動作。In step 22, control device 1, in accordance with method 1 above, may send a query data packet to the target device. Specifically, based on the target address information obtained from the corresponding preset character string (the preset character string corresponding to computer 2), control device 1 may send a request data packet to the target device. In accordance with method 2 above, control device 1 may automatically and periodically send a data request action to the target device (perhaps based on preset request parameters), or upon receiving an IN token packet sent by computer 1, trigger a preset rule to send a data request action to the target device.
步驟23、目標設備,針對上述方式一,響應於接收到的查詢數據包,向控制設備1發送具體包含適配數據的數據包,此數據包中可包括但不限於如下內容:預置字符串(可選)+具體與請求適配的數據。控制設備1接收到目標設備反饋的數據包後,可存儲在自身內的數據緩存區中,等待計算機1主動請求獲取(如等待計算機1發起IN令牌包時,進行向計算機1發送數據包)。針對上述方式二,目標設備自動的、主動的、定時的向控制設備1發送具體包含適配數據的數據包(單向傳輸)。Step 23: For Method 1 above, the target device, in response to receiving the query data packet, sends a data packet specifically containing the adaptation data to control device 1. This data packet may include, but is not limited to, the following: a preset string (optional) + the data specifically matching the request. After receiving the data packet from the target device, control device 1 may store it in its internal data cache and wait for computer 1 to actively request it (e.g., when computer 1 issues an IN token packet, it sends the data packet to computer 1). For Method 2 above, the target device automatically, proactively, and periodically sends data packets specifically containing the adaptation data to control device 1 (one-way transmission).
步驟24、計算機1接收數據包。比如,當計算機1與控制設備1為USB協議連接時,計算機1向控制設備的IN端點發起IN令牌包,在IN端點接收返回的數據包。Step 24: Computer 1 receives the data packet. For example, when computer 1 and control device 1 are connected via USB protocol, computer 1 sends an IN token packet to the IN endpoint of the control device and receives the returned data packet at the IN endpoint.
步驟25、計算機1向控制設備1返回狀態包,為表徵數據包接收成功或失敗的狀態包。Step 25: The computer 1 returns a status packet to the control device 1, which is a status packet indicating whether the data packet is received successfully or failed.
步驟26、控制設備1將接收到的狀態包向目標設備發送,以告知目標設備數據包的接收狀態。Step 26: The control device 1 sends the received status packet to the target device to inform the target device of the reception status of the data packet.
這裡需要補充說明的是,上述步驟25和步驟26為非必須步驟。It should be noted that steps 25 and 26 are not required.
這裡還需要補充說明的是,本申請上下文中,根據控制設備1與目標設備不同的通信協議或連接方式,目標設備的地址信息有所不同。例如,當使用TCP/IP協議通信時,為域名、IP和端口。再例如,當使用局域網、藍牙、LoRa通信時,為Mac地址或主機名稱。又例如,當使用UCB協議通信時,控制設備作為主機時,為主機分配的USB總線地址;控制設備作為從機時為端點號。有關預置字符串的具體描述,可參見上文其他實施例中相關內容的具體描述。It should also be noted that in the context of this application, the address information of the target device may vary depending on the different communication protocols or connection methods between the control device 1 and the target device. For example, when using the TCP/IP protocol for communication, the address information may be the domain name, IP address, and port number. For another example, when using a LAN, Bluetooth, or LoRa for communication, the address information may be the Mac address or host name. For another example, when using the UCB protocol for communication, when the control device acts as the host, the address information may be the USB bus address assigned by the host; when the control device acts as a slave, the address information may be the endpoint number. For a detailed description of the preset character strings, please refer to the detailed description of the relevant content in the other embodiments above.
圖15c示出的是在計算機作為從機、計算機連接的控制設備作為主機的情況下,數據傳輸的原理性示意圖。如參見圖15c所示,具體數據傳輸過程為:Figure 15c shows a schematic diagram of the principle of data transmission when the computer acts as a slave and the control device connected to the computer acts as a master. As shown in Figure 15c, the specific data transmission process is as follows:
若計算機1需上行數據(如上傳數據),則可包括如下步驟:If computer 1 needs to upload data (e.g., upload data), the following steps may be included:
步驟31、控制設備1向計算機1發送查詢指令Step 31: Control device 1 sends a query command to computer 1
控制設備1與計算機1間為USB協議連接時,控制設備1可向計算機1發送OUT令牌包和查詢指令數據包,以查詢計算機1是否有數據交換指令;當有數據交換指令時,再向計算機1發送IN令牌包,接收數據交換指令。When the control device 1 and computer 1 are connected via the USB protocol, the control device 1 can send an OUT token packet and a query instruction data packet to computer 1 to inquire whether computer 1 has a data exchange instruction. If there is a data exchange instruction, the control device 1 will send an IN token packet to computer 1 to receive the data exchange instruction.
步驟32、當計算機1需要查詢數據/上傳數據時,發送預置字符串和具體需傳輸的數據(當計算機1與控制設備1為USB連接時,在控制設備1發送IN令牌包時,為上傳數據)。Step 32: When computer 1 needs to query data/upload data, it sends a preset string and the specific data to be transmitted (when computer 1 and control device 1 are connected via USB, when control device 1 sends an IN token packet, it is uploading data).
步驟33、控制設備1根據接收到的相應預置字符串,獲取目標地址信息;並根據目標地址信息,向目標設備發送具體需傳輸的數據(上傳數據)。Step 33: Control device 1 obtains target address information based on the received corresponding preset character string; and sends specific data to be transmitted (upload data) to the target device based on the target address information.
步驟34、目標設備針對數據接收情況,向控制設備1返回數據接收的狀態包。Step 34: The target device returns a data reception status packet to the control device 1 based on the data reception status.
步驟35、控制設備1將狀態包發送至計算機1。Step 35: Control device 1 sends the status packet to computer 1.
若計算機1需下行數據(接收數據),則可通過如下兩種方式來實現:If Computer 1 needs to downlink data (receive data), it can be achieved in the following two ways:
方式一、可包括如下步驟:Method 1 may include the following steps:
步驟41、控制設備1主動向計算機1發送查詢指令(同上述步驟31),以確定計算機1是否需要接收數據,需要時,為下行指令/OUT數據(主機出去數據為OUT)。Step 41: Control device 1 actively sends a query command to computer 1 (same as step 31 above) to determine whether computer 1 needs to receive data. If so, it sends a downlink command/OUT data (data sent from the host is OUT).
步驟42、當計算機1需要OUT數據/上傳數據時,發送:預置字符串+查詢請求(當計算機1與控制設備1為USB連接時,在控制設備1發送IN令牌包時,為上傳數據)。Step 42: When computer 1 needs OUT data/upload data, it sends: a preset string + a query request (when computer 1 and control device 1 are connected via USB, when control device 1 sends an IN token packet, it is for uploading data).
步驟43、控制設備1根據接收到的相應預置字符串,獲取目標地址信息;並根據目標地址信息,向目標設備發送具體需傳輸的數據(查詢請求)。Step 43: The control device 1 obtains the target address information according to the received corresponding preset character string; and sends the specific data to be transmitted (query request) to the target device according to the target address information.
步驟44、目標設備針對查詢請求,向控制設備1發送下行數據和狀態編碼。Step 44: The target device sends downlink data and status code to the control device 1 in response to the query request.
步驟45、控制設備1向計算機1發送數據包(包括下行數據和狀態編碼)。Step 45: Control device 1 to send a data packet (including downlink data and status code) to computer 1.
方式二、可包括如下步驟:Method 2 may include the following steps:
步驟51、目標設備主動向控制設備1發送下行數據。Step 51: The target device actively sends downlink data to the control device 1.
步驟52、控制設備1向計算機1發送數據包,數據包中包含下行數據(當計算機1與控制設備1為USB連接時,控制設備1發送OUT令牌包+數據包)。Step 52: Control device 1 sends a data packet to computer 1, where the data packet includes downlink data (when computer 1 and control device 1 are connected via USB, control device 1 sends an OUT token packet + data packet).
有關上述各步驟中未詳盡內容,可參見上文如與圖15a相關的內容。For details not yet completed in the above steps, please refer to the above contents related to FIG15a.
圖16示出了針對需傳輸的數據生成待傳輸的數據包(即上文涉及的報文)並進行發送的原理性示意圖。如參見圖16所示,當計算機1上應用針對其需傳輸的具體數據,啟動一次數據傳輸時,將從預設的配置信息(預置信息)中讀取傳輸事務屬性信息集合,並從該傳輸事務屬性信息集合中查詢需傳輸的具體數據所屬的傳輸事務對應的傳輸事務屬性信息;然後,利用查詢到的傳輸事務屬性信息,為需傳輸的具體數據生成結構化的報文頭、數據頭(可選),並根據生成的報文頭、數據頭以及需傳輸的具體數據,構建(或生成)符合預設結構規則要求的數據包。若數據包構建成功,則計算機1通過其連接的中間網絡設備(如交換機、路由器、防火牆)或控制設備等,發送至計算機2;計算機2針對接收到的數據包,可根據預設的配置信息,對數據包進行解析,解析成功即獲取相應數據。Figure 16 illustrates a schematic diagram of the principles for generating and sending a data packet (i.e., the message mentioned above) for the data to be transmitted. As shown in Figure 16 , when an application on computer 1 initiates a data transmission for the specific data to be transmitted, it reads a set of transmission transaction attribute information from pre-set configuration information (pre-set information) and retrieves the transmission transaction attribute information corresponding to the transmission transaction to which the specific data to be transmitted belongs from this set of transmission transaction attribute information. The application then uses the retrieved transmission transaction attribute information to generate a structured message header and, optionally, a data header for the specific data to be transmitted. Based on the generated message header and data header, as well as the specific data to be transmitted, it constructs (or generates) a data packet that conforms to the pre-set structural rules. If the data packet is constructed successfully, Computer 1 sends it to Computer 2 via its connected intermediate network equipment (such as a switch, router, firewall) or control device. Computer 2 can parse the received data packet based on the preset configuration information and obtain the corresponding data if the parsing is successful.
上述中,計算機1構建待發送的數據包失敗的原因包括但不限於:無法在傳輸事務屬性信息集合中,查詢到需傳輸的具體數據所屬的傳輸事務對應的傳輸事務屬性信息;根據預設的數據傳輸安全控制信息,需傳輸的具體數據不允許發送、發送端點不符合預設等。中間網絡設備(如交換機、路由器防火牆)或控制設備等,在將接收到的數據包轉發給計算2之前,可對數據包進行解析,並在解析成功的情況下,根據預設的配置信息(數據傳輸安全控制信息)對數據包進行處理,比如對數據包進行放行(即允許數據包傳輸、將數據包轉發給計算機2)、阻止(攔截)數據包(即禁止數據包傳輸)、執行預設動作(如備份數據包、本地記錄)。若解析數據包失敗,則解析失敗的原因包括但不限於:數據包的結構不符合預設要求;對應數據包中需傳輸的具體數據所屬的傳輸事務的傳輸事務屬性信息不存在;根據數據傳輸安全控制信息,不允許傳輸;等等。In the above description, the reasons why computer 1 fails to construct the data packet to be transmitted include, but are not limited to: failure to find the transmission transaction attribute information corresponding to the transmission transaction to which the specific data to be transmitted belongs in the transmission transaction attribute information set; the specific data to be transmitted is not allowed to be sent according to the default data transmission security control information; the sending endpoint does not meet the default requirements, etc. Before forwarding received data packets to Computer 2, intermediate network devices (such as switches, routers, and firewalls) or control devices may parse the data packets. If parsing is successful, the devices process the data packets according to pre-set configuration information (data transmission security control information). This may include releasing the data packet (i.e., allowing data packet transmission or forwarding it to Computer 2), blocking (intercepting) the data packet (i.e., prohibiting data packet transmission), or performing pre-set actions (e.g., backing up the data packet or logging it locally). If parsing of the data packet fails, reasons for the failure include, but are not limited to: the data packet structure does not meet pre-set requirements; the transmission transaction attribute information corresponding to the transmission transaction to which the specific data to be transmitted in the data packet belongs does not exist; the data transmission security control information prohibits transmission; and so on.
圖17示出了數據傳輸具體應用示例。如參見圖17所示,根據數據傳輸需求,按數據傳輸方向進行劃分,數據傳輸可分為單向數據傳輸和雙向數據傳輸。單向數據傳輸可包括僅下行數據(為只接受數據)、僅上行數據(為只發送數據)。雙向數據傳輸交互包括上下行數據,具體地,包括以下行數據為主(如請求Http數據)的雙向數據傳輸交互、以上行數據為主的雙向數據傳輸交互。Figure 17 illustrates a specific application example of data transmission. As shown in Figure 17, based on data transmission requirements and direction, data transmission can be divided into unidirectional and bidirectional data transmission. Unidirectional data transmission can include downlink-only data transmission (receiving data only) and uplink-only data transmission (sending data only). Bidirectional data transmission interactions include both uplink and downlink data, specifically including those primarily involving downlink data (such as requesting HTTP data) and those primarily involving uplink data.
在僅下行數據(為只接收數據)的情況下,預設的傳輸事務屬性信息集合,用於在接收到數據包後,解析數據包,此數據包可包括請求的執行結果參數(如請求接收成功或失敗)和對應的具體數據(如返回的與請求適配的數據)。In the case of downlink data only (data reception only), the default transmission transaction attribute information set is used to parse the data packet after receiving it. This data packet may include the execution result parameter of the request (such as success or failure of the request) and the corresponding specific data (such as the returned data that is compatible with the request).
在僅上行數據(為只發送數據)的情況下,預設的傳輸事務屬性信息集合,用於針對需傳輸的數據構建相應待發送的數據包,此數據包中可包括上傳的具體數據和其他對應參數(如上文所述的報文頭包含的各參數)。In the case of uplink data only (data only), the default transmission transaction attribute information set is used to construct the corresponding data packet to be sent for the data to be transmitted. This data packet may include the specific data to be uploaded and other corresponding parameters (such as the parameters contained in the message header mentioned above).
在以下行數據為主(如請求Http數據)的雙向數據傳輸交互的情況下,上行數據時,預設的傳輸事務屬性信息集合,用於針對需傳輸的數據構建相應待發送的數據包,此數據包中可包括請求參數(如數據流請求參數、或請求的數據流等),進一步地還可其他對應參數(如上文所述的報文頭包含的各參數)。下行數據時,預設的傳輸事務屬性信息集合,用於在接收到數據包後,解析數據包,此數據包可包括請求的執行結果參數(如請求成功或失敗的編碼信息)和對應的具體數據(如返回的與請求適配的數據)。In bidirectional data transmission interactions primarily involving downstream data (e.g., HTTP data requests), for upstream data, the default set of transmission transaction attribute information is used to construct the corresponding data packet to be sent, specifically for the data to be transmitted. This data packet may include request parameters (e.g., data stream request parameters or the requested data stream), as well as other corresponding parameters (e.g., the parameters contained in the message header described above). For downstream data, the default set of transmission transaction attribute information is used to parse the received data packet. This data packet may include the request execution result parameters (e.g., encoding information indicating success or failure) and the corresponding specific data (e.g., returned data that matches the request).
在以上行數據為主(如上傳圖片數據)的雙向數據傳輸交互的情況下,上行數據時,預設的傳輸事務屬性信息集合,用於針對需傳輸的數據構建相應待發送的數據包,此數據包中可包括上傳的具體數據(如圖片數據)和對應參數(如上文所述的報文頭包含的各參數)。下行數據時,預設的傳輸事務屬性信息集合,用於在接收到數據包後,解析數據包,此數據包可包括上傳的執行結果參數(如圖片數據上傳成功成功或失敗的編碼信息)。In bidirectional data transmission interactions primarily involving uplink data (e.g., uploading image data), the default transmission transaction attribute information set is used to construct the corresponding data packet to be sent for the data to be transmitted. This data packet may include the specific uploaded data (e.g., image data) and corresponding parameters (such as the parameters contained in the message header described above). For downlink data, the default transmission transaction attribute information set is used to parse the received data packet. This data packet may include the upload execution result parameters (e.g., encoding information indicating the success or failure of the image data upload).
這裡需要補充說明的是,上述數據傳輸需求信息,具體可包括但不限於:網頁瀏覽(如請求網絡資源)、數據庫操作、郵件交換、文件交換、二進制數據傳輸、即時通訊、單向傳輸發送、單向傳輸接收等)。It should be noted that the aforementioned data transmission demand information may include, but is not limited to: web browsing (such as requesting network resources), database operations, email exchange, file exchange, binary data transmission, instant messaging, one-way transmission sending, one-way transmission receiving, etc.).
有上圖17示出的相關內容,本申請實施例中數據傳輸交互,實質上主要有以下3種場景:With the relevant content shown in FIG. 17 above, the data transmission interaction in the embodiment of this application essentially has the following three scenarios:
場景一、數據端向其連接的控制設備上行(發送)數據Scenario 1: The data port sends data to the connected control device.
數據端可以通過控制自身上的硬件接口,向其連接的控制設備的上行接口(或者稱上行端點、上行數據寄存器等,如下圖18a中示出的數據交換接口①)發送數據包(包含預置字符串和具體待傳輸的數據)。另外,也可以按照為預置字符串(為數據端對應的預置字符串,比如為0x0A)配置的通信能力,只能單向地向控制設備發送數據包,控制設備不會向此數據端下行(發送)數據。有關通信能力的具體介紹,可參見上文其他實施例中相關內容。The data port can send data packets (including a preset string and the specific data to be transmitted) to the connected control device's uplink interface (also known as an uplink endpoint, uplink data register, etc., such as the data exchange interface ① shown in Figure 18a below) by controlling its own hardware interface. Alternatively, the data port can be configured to send data packets unidirectionally to the control device according to the communication capability configured for the preset string (the preset string corresponding to the data port, such as 0x0A), and the control device will not transmit data to this data port. For a detailed description of communication capabilities, please refer to the relevant content in other embodiments above.
場景二、數據端向其連接的控制設備下行(接收)數據Scenario 2: The data port transmits (receives) data to the connected control device
數據端可通過控制自身上的硬件接口,在其連接的控制設備的下行接口(或者稱下行端點、下行數據寄存器等)接收數據包,此數據包=預置字符串+具體數據(可為另一數據端下發的數據)。與發送數據包不同的是,請求下行數據時,數據端需要向目標設備請求,控制設備的接口不一定有下行數據,所以需要數據端通過其自身的硬件接口,不斷對其連接的控制設備的下行接口進行查詢掃描、或者等待接口接收到數據的中斷信號、或者等待推送的數據等。例如,數據端與其連接的控制設備間使用USB接口協議連接時,需要數據端不斷主動向控制設備的IN端點發送IN令牌包,以請求進行嘗試讀取數據。再例如,數據端與其連接的控制設備間使用ble(Bluetooth Low Energy,藍牙低能耗)藍牙接口協議棧時,可在藍牙協議的服務(service)中設置特徵(characteristic)屬性為通知(notify),控制設備有數據時便會自動向相應數據端推送。A data port receives data packets from the downstream interface (also called a downstream endpoint or downstream data register) of the connected control device through its own hardware interface. This data packet consists of a preset string plus specific data (which can be data sent by another data port). Unlike sending data packets, when requesting downstream data, the data port must first request it from the target device. The control device's interface may not have downstream data. Therefore, the data port needs to continuously query and scan the downstream interface of the connected control device through its own hardware interface, wait for interrupt signals indicating that the interface has received data, or wait for pushed data. For example, when the data port and its connected control device are connected using the USB interface protocol, the data port needs to continuously send IN token packets to the control device's IN endpoint to request data reads. For example, when using the BLE (Bluetooth Low Energy) Bluetooth interface protocol stack between a data end and its connected control device, a characteristic attribute in the Bluetooth protocol service can be set to notification. When the control device has data, it will automatically push it to the corresponding data end.
場景三、數據端與控制設備的雙向通信,Scenario 3: Two-way communication between the data terminal and the control device.
結合上述場景一和場景二,數據端可通過控制自身上的硬件接口,先向其連接的控制設備的上行接口發送數據包;控制設備接收到數據包後,向目標設備請求並下載數據,再向數據端的硬件接口發送(轉發)。Combining scenarios 1 and 2 above, the data end can first send data packets to the uplink interface of the connected control device through the hardware interface on its own controller. After receiving the data packet, the control device requests and downloads the data from the target device, and then sends (forwards) it to the hardware interface on the data end.
下面補充說明一下,本申請控制設備上下文中的相關的接口描述。The following is a supplementary description of the relevant interfaces in the context of this application control device.
本申請上下文中所述的控制設備上用於與相應數據端進行數據傳輸交互的接口(如圖18a中示出的數據交換接口①,可稱為第一接口),可為一切類型的接口,只要保證能用於與相應數據端實現數據的單向或雙向傳輸即可。The interface on the control device described in the context of this application used for data transmission interaction with the corresponding data end (such as the data exchange interface ① shown in Figure 18a, which can be called the first interface) can be any type of interface as long as it can be used to realize unidirectional or bidirectional data transmission with the corresponding data end.
例如,從物理層上角度來看,接口類型可為但不限於:有線傳輸的接口(如雙絞線/光纖接口、USB接口)、無線傳輸的接口(如通過藍牙模塊、LoRa模塊、WiFi模塊等實現的接口)、一體化集成芯片接口(如SPI、PCI)、主板獨立擴展卡接口(如PCIE、SATA)、單向傳輸接口(如光纖的單向TX或RX、紅外線接口、可見光通訊接口等等)。For example, from a physical layer perspective, interface types may include, but are not limited to: wired transmission interfaces (such as twisted pair/optical fiber interfaces, USB interfaces), wireless transmission interfaces (such as interfaces implemented through Bluetooth modules, LoRa modules, WiFi modules, etc.), integrated chip interfaces (such as SPI, PCI), motherboard independent expansion card interfaces (such as PCIE, SATA), unidirectional transmission interfaces (such as unidirectional TX or RX of optical fiber, infrared interfaces, visible light communication interfaces, etc.).
次例如,從架構設計上角度來看,接口類型可以為但不限於:主從設備模式的接口、客戶端-服務器模式的接口、點對點模式接口(網絡接口)、TX-RX(Transmit-receive)收發線模式(上行與下行不在一根(或者一組、或者一組差分線)線上,如串口通信、光纖通信、PCIE接口,或者僅有TX或RX的單向傳輸)的接口。For example, from an architectural design perspective, the interface type can be, but is not limited to: a master-slave mode interface, a client-server mode interface, a point-to-point mode interface (network interface), a TX-RX (Transmit-receive) transceiver line mode (the uplink and downlink are not on the same line (or a group of lines, or a set of differential lines), such as serial communication, optical fiber communication, PCIE interface, or only TX or RX one-way transmission) interface.
再例如,從功能作用上角度來看,接口類型可為但不限於:用於總線通信的接口(如USB、PCI、PCIE、SPI、I²C接口)、用於存儲設備通信的接口(如SATA、IDE、M.2、Emmc、SDIO接口)、用於音視頻傳輸的接口(如HDMI接口)等。上述USB接口為比較常用的接口。For example, from a functional perspective, interface types include, but are not limited to: interfaces for bus communication (such as USB, PCI, PCIE, SPI, and I²C), interfaces for storage device communication (such as SATA, IDE, M.2, EMMC, and SDIO), and interfaces for audio and video transmission (such as HDMI). The USB interface mentioned above is a relatively common interface.
又例如:從數據傳輸模式上角度來看,接口類型可為但不限於:採用PIO模式(Programmed Input-Output,可編程輸入輸出)的接口、採用DMA模式(Direct Memory Access,直接內存訪問)的接口。For example, from the perspective of data transmission mode, the interface type can be, but is not limited to: an interface using PIO mode (Programmed Input-Output) or an interface using DMA mode (Direct Memory Access).
以下針對幾個主要接口類型簡述一下數據端與控制設備的數據交互實現:The following briefly describes the data interaction between the data terminal and the control device for several major interface types:
以通信場景為:計算機1<->計算機1的硬件接口<->控制設備1的硬件接口<->控制設備2<->計算機2為例。Take the communication scenario of computer 1 <-> computer 1's hardware interface <-> control device 1's hardware interface <-> control device 2 <-> computer 2 as an example.
1、接口類型為USB接口(有線、主從模式)1. The interface type is USB interface (wired, master-slave mode)
此情況下,計算機1與控制設備1使用USB協議連接。計算機1可通過控制設備1發送的設備描述符的PID(Product ID產品識別碼)、VID(Vendor ID,供應商識別碼)等識別控制設備1,並與控制設備1完成枚舉。之後,可通過IN、OUT的端點和令牌包,完成數據的交換。有關枚舉及數據交互的具體實現,可參見上文本申請其他實施例中相關的內容。In this scenario, computer 1 and control device 1 are connected using the USB protocol. Computer 1 can identify control device 1 using the PID (Product ID) and VID (Vendor ID) in the device descriptor sent by control device 1, and complete enumeration with control device 1. Data can then be exchanged via IN and OUT endpoints and token packets. For details on enumeration and data exchange, please refer to the relevant content in the other embodiments of the aforementioned application.
2、接口類型為藍牙接口(無線、主從模式)2. The interface type is Bluetooth interface (wireless, master-slave mode)
藍牙,可分為經典藍牙(Bluetooth Classic)和低功耗藍牙(Bluetooth Low Energy)2種,兩者實現方式完全不同。Bluetooth can be divided into two types: Bluetooth Classic and Bluetooth Low Energy, and the two have completely different implementation methods.
經典藍牙時,在計算機1為主機模式、控制設備1為從機模式下,第一步,完成計算機1與控制設備1的藍牙連接配對,配對的方式有:①人工配對,選擇控制設備的藍牙名稱並輸入配對碼進行配對;②自動配對,通過預先配置的方式,獲得了控制設備1的藍牙相關參數(例如藍牙設備名稱、Mac地址、配對碼),自動掃描藍牙設備進行配對;③安全配對(安全控制部分),通過預先配置允許連接控制設備1的相關藍牙參數的方式(白名單機制),只允許計算機1與指定的控制設備藍牙名稱、Mac地址進行配對,並可以採用人工輸入配對碼的方式進行配對。第二步,進行數據交換,在第一步配對成功後,計算機1向控制設備2進行數據的發送或接收。In classic Bluetooth, with computer 1 in master mode and control device 1 in slave mode, the first step is to complete the Bluetooth connection pairing between computer 1 and control device 1. Pairing methods include: ① Manual pairing, selecting the Bluetooth name of the control device and entering the pairing code for pairing; ② Automatic pairing, obtaining the Bluetooth-related parameters of control device 1 (such as Bluetooth device name, MAC address, and pairing code) through pre-configuration, and automatically scanning Bluetooth devices for pairing; ③ Secure pairing (security control part), pre-configuring the relevant Bluetooth parameters allowed to connect to control device 1 (whitelist mechanism), allowing computer 1 to pair only with the specified Bluetooth name and MAC address of the control device, and manually entering the pairing code for pairing. The second step is data exchange. After the first step of pairing is successful, computer 1 sends or receives data to control device 2.
低功耗藍牙時,在計算機1為客戶端模式、控制設備1為服務端模式下,第一步,計算機1連接控制設備1的藍牙名稱,控制設備1在接收到連接時,發送配對碼進行配對,配對方式與經典藍牙類似不同的是,低功耗藍牙是計算機1先連接後,控制設備1再發起配對指令。安全配對(安全控制部分),只允許計算機1與指定的控制設備藍牙名稱、Mac地址、UUID進行配對,並可以採用人工輸入配對碼的方式進行配對。第二步,進行數據交換,在第一步配對成功後,計算機1向控制設備的藍牙服務(service)的寫特徵(characteristic,屬性為write)、讀特徵(characteristic,屬性為read)、通知特徵(characteristic,屬性為notify)端點進行數據的發送或接收。服務和特徵可以有多種組合。In Bluetooth Low Energy (BLE), with Computer 1 in client mode and Control Device 1 in server mode, the first step is for Computer 1 to connect to Control Device 1 by its Bluetooth name. Upon receiving the connection, Control Device 1 sends a pairing code to initiate pairing. The pairing process is similar to that of Classic Bluetooth, except that in BLE, Computer 1 connects first, followed by Control Device 1 initiating the pairing command. Secure pairing (the security control portion) only allows Computer 1 to pair with a specified Control Device by its Bluetooth name, MAC address, or UUID. Pairing can also be performed manually by entering a pairing code. The second step is data exchange. After successful pairing in the first step, Computer 1 sends or receives data to the Write (write), Read (read), and Notify (notify) characteristics of the Control Device's Bluetooth service. There can be many combinations of services and features.
需說明的是,上述給出的兩種接口類型情況下,控制設備為計算機外部的設備、控制設備的形態可參見圖7a或圖7b所示。It should be noted that in the two interface types given above, the control device is a device external to the computer, and the shape of the control device can be seen in Figure 7a or Figure 7b.
3、接口類型為PCIE接口(主板接口,主從模式)。3. The interface type is PCIE interface (motherboard interface, master-slave mode).
此接口類型情況下,控制設備部署於計算機的內部,結構形式可為芯片或擴展卡(如圖7c所示)。計算機與控制設備的數據傳輸交互過程如下:In this interface type, the control device is deployed inside the computer and can be in the form of a chip or expansion card (as shown in Figure 7c). The data transmission interaction process between the computer and the control device is as follows:
第一步,計算機1通過掃描PCIE接口設備,根據對預設的控制設備PCIE接口的VID(Vendor Identification,供應商標識符)、DID(Device Identification,設備標識)、SSID(Subsystem-Identification,製造商標識符)等特徵值進行識別和連接;In the first step, computer 1 scans the PCIE interface device and identifies and connects to it based on the preset characteristic values of the PCIE interface of the control device, such as the VID (Vendor Identification), DID (Device Identification), and SSID (Subsystem-Identification).
第二步,進行數據交換,通過PCIE接口的數據通路(Lane)的發送端(TX發送邏輯)和接收端(RX接收邏輯)進行。數據通路可以有多組,一般可為×1、×2、×4、×8、×12、×16、×32個Lane。The second step is data exchange, which is carried out through the transmit side (TX transmit logic) and receive side (RX receive logic) of the PCIE interface's data lanes (Lane). Data lanes can have multiple groups, typically ×1, ×2, ×4, ×8, ×12, ×16, or ×32 lanes.
除了上述所述的幾種接口之外,主要的還可由SATA接口(有線,類似硬盤的方式接入)、emmC接口(有線、類似SD卡的方式接入)、串口通信接口(有線、通過RX線和TX線發送數據)、光纖通信接口(有線、光模塊、RXTX模式)、網線通信接口(有線或無線,包括WIFI)等等,本實施例對此不再限定。In addition to the several interfaces mentioned above, the main ones may also include a SATA interface (wired, accessed in a manner similar to a hard drive), an emmC interface (wired, accessed in a manner similar to an SD card), a serial communication interface (wired, sending data through RX and TX lines), an optical fiber communication interface (wired, optical module, RXTX mode), a network cable communication interface (wired or wireless, including WIFI), etc., and this embodiment is no longer limited to this.
下面本申請從通過控制設備基於通信協議,採用軟件定義控制方式來控制相應端的數據傳輸能力(單向傳輸、雙向傳輸)的角度,還提供了一些方法和系統實施例。在介紹之前,先對本申請上下文中涉及的一些專有名詞介紹說明。在本申請上下文中,所述的「上行數據」即是指發送數據(或上傳數據),「下行數據」即是指接收數據(或下載數據)。This application also provides several method and system embodiments for controlling the data transmission capabilities (unidirectional or bidirectional) of corresponding terminals using software-defined control methods based on communication protocols. Before introducing these, some technical terms used in the context of this application are explained. In this context, "uplink data" refers to transmitted data (or uploaded data), and "downlink data" refers to received data (or downloaded data).
圖19示出了本申請一實施例提供的數據傳輸控制方法的流程示意圖,該方法的執行主體為基於第一通信協議與第一端通信連接的控制設備,比如圖4a至圖6a中示出的第一控制設備31。第一通信協議包含的多個通信節點中部分通信節點為單向通信節點,具體地,第一通信協議可以為以信令指示傳輸的外部有線通信協議,比如USB協議,USB協議中包含有IN端點、OUT端點等單向通信節點。或者,第一通信協議也可以為以配對方式連接的無線通信協議,比如藍牙協議,藍牙協議中包含Read屬性的Characteristic、Write屬性的Characteristic等單向通信節點。或者,第一通信協議也可以為以第一端內部設備的通訊協議,比如PCI或PCIE協議,PCI或PCIE協議中包含了多個數據通路(Lane,或稱為物理鏈路),多個數據通信中包括發送端數據通路(TX發送邏輯)、接收端數據通路(RX接收邏輯)等單向通信節點。在使用控制設備對第一端進行數據傳輸控制之前,用戶可以在控制設備內事先預置一些配置信息,以供控制設備在需要時調用;其中,控制設備內事先預置的配置信息可主要包括:第一端的數據傳輸能力控制信息、控制設備的通信節點啟用信息、數據傳輸的目標端;具體地,配置信息中可包括下文所述的針對第一端創建的配置文件,進一步地,還可包括針對第二端創建的配置文件。以針對第一端創建的配置文件為例,配置文件中可包括但不限於如下中的至少一項配置數據:數據交換配置數據、數據傳輸安全控制信息等,其中,數據交換配置數據可包括但不限於:多個傳輸事務的傳輸事務屬性信息;傳輸事務的事務種類、第一端對應的預置標識及傳輸事務的事務屬性標識三者之間的對應關係,其中,事務屬性標識為相應傳輸事務的傳輸事務屬性信息的唯一標識;報文頭格式、多個數據頭格式,等等。有關控制設備內置的配置信息的具體介紹、以及控制設備和第一端的形態詳述,可參見下文本申請其它實施例中相關內容,此處不再做贅述。FIG19 is a flow chart of a data transmission control method provided by an embodiment of the present application. The execution subject of the method is a control device that is communicatively connected to the first end based on a first communication protocol, such as the first control device 31 shown in FIG4a to FIG6a. Some of the multiple communication nodes included in the first communication protocol are unidirectional communication nodes. Specifically, the first communication protocol can be an external wired communication protocol that uses signaling to indicate transmission, such as a USB protocol. The USB protocol includes unidirectional communication nodes such as an IN endpoint and an OUT endpoint. Alternatively, the first communication protocol can also be a wireless communication protocol connected in a paired manner, such as a Bluetooth protocol. The Bluetooth protocol includes unidirectional communication nodes such as a Characteristic with a Read attribute and a Characteristic with a Write attribute. Alternatively, the first communication protocol may be a communication protocol based on the internal devices of the first end, such as the PCI or PCIE protocol. The PCI or PCIE protocol includes multiple data lanes (or physical links), including unidirectional communication nodes such as the transmitter data lane (TX transmit logic) and the receiver data lane (RX receive logic). Before using the control device to control data transmission for the first end, the user may pre-set certain configuration information within the control device for the control device to call when needed. The pre-set configuration information within the control device may primarily include: data transmission capability control information for the first end, communication node activation information for the control device, and the target end for data transmission. Specifically, the configuration information may include the configuration file created for the first end, as described below, and may also include a configuration file created for the second end. Taking the configuration file created for the first end as an example, the configuration file may include, but is not limited to, at least one of the following configuration data: data exchange configuration data, data transmission security control information, etc. The data exchange configuration data may include, but is not limited to: transmission transaction attribute information for multiple transmission transactions; the correspondence between the transaction type of the transmission transaction, the preset identifier corresponding to the first end, and the transaction attribute identifier of the transmission transaction, where the transaction attribute identifier is a unique identifier for the transmission transaction attribute information of the corresponding transmission transaction; the message header format, multiple data header formats, etc. For a detailed introduction to the configuration information built into the control device, as well as a detailed description of the configuration of the control device and the first end, please refer to the relevant content in other embodiments of the application below and will not be repeated here.
參見圖19所示,本實施例提供的所述數據傳輸控制方法包括如下步驟:Referring to FIG. 19 , the data transmission control method provided in this embodiment includes the following steps:
S100、響應於針對第一端觸發的控制設備上通信節點配置操作,確定第一配置信息;其中,所述第一配置信息中包含的通信節點為所述第一通信協議中的通信節點;S100: In response to a communication node configuration operation on a control device triggered by a first terminal, determining first configuration information; wherein the communication node included in the first configuration information is a communication node in the first communication protocol;
S101、在與所述第一端非握手連接數據傳輸過程中,根據所述第一配置信息,針對所述第一端啟動至少一個第一通信節點;其中,所述第一通信節點所屬的節點類型能反映所述第一通信節點對第一端使能的數據傳輸功能;S101: During a non-handshake data transmission process with the first end, activating at least one first communication node for the first end according to the first configuration information; wherein the node type of the first communication node can reflect a data transmission function enabled by the first communication node for the first end;
S102、根據每個所述第一通信節點所屬的節點類型,控制所述第一端通過每個所述第一通信節點所能進行的數據傳輸能力。S102. Control the data transmission capability of the first end through each of the first communication nodes according to the node type of each of the first communication nodes.
通常,基於USB、藍牙等通信協議與其它端進行通信的設備,比如基於USB協議的USB設備,其通信所能夠使用的通信節點往往在出廠階段便已被固定配置,後續使用者是無法按自己需求進行配置的,從而致使使用者購買到出廠後的USB設備後,很難在不改變該USB設備的物理結構或固件軟件的情況下,使該USB設備對其它端能夠實現除廠商所限定的數據傳輸功能之外的其它功能。Typically, devices that communicate with other devices based on communication protocols such as USB and Bluetooth, such as USB devices, often have their communication nodes fixed at the factory. Subsequent users cannot configure them to suit their needs. As a result, after purchasing a USB device, it is difficult for users to enable the USB device to perform other functions with other devices beyond the data transmission function specified by the manufacturer without changing the physical structure or firmware of the USB device.
例如,假設一USB設備出廠時被固定配置的通信節點為OUT端點,則與USB連接的某一端通過該USB設備盤只能進行上行數據,無法下行數據。若使用者想要該某一端通過此USB設備單純的能進行下行數據,則必須對此USB設備進行物理結構或固件軟件上的改變,如,通過改變固件軟件,將該USB設備的通信節點均配置為IN端點。For example, if a USB device is shipped with its communication nodes configured as OUT endpoints, then one of the ports connected to the USB device can only transmit data upstream, not downstream. If the user wants to enable this port to transmit data downstream, they must modify the USB device physically or through its firmware. For example, by modifying the firmware, they can configure all of the USB device's communication nodes as IN endpoints.
由上例子,由於現有的USB設備,出廠時通信功能已被固設,較難對其通信功能再做改變,若改變則需要大量的時間、金錢、人力等成本,為此是難以通過現有的USB設備根據實際數據傳輸控制需求,靈活控制相應端所能進行的數據傳輸能力的。As mentioned above, since existing USB devices have fixed communication functions when they leave the factory, it is difficult to modify their communication functions. Modifying these functions would require a lot of time, money, and manpower. Therefore, it is difficult to flexibly control the data transmission capabilities of the corresponding terminals based on actual data transmission control needs through existing USB devices.
不同於現有的基於USB、藍牙等通信協議與其它端進行通信的設備,本實施例提供的控制設備,在設備出廠後,使用者可根據自己的數據傳輸控制需求,通過軟件定義控制等方式靈活配置控制設備上通信節點啟用(如數據傳輸過程中令一些通信節點開啟、一些通信節點保持關閉)、以及調整通信節點的功能(如改變數據傳輸的目標端)等,並避免了光閘等單向傳輸設備成本高等問題,低成本、靈活的實現數據傳輸的安全控制。具體實施時,使用者可針對第一端按需事先創建好相應的配置文件,然後再通過離線分發或網絡分發等方式下發給控制設備。上述配置文件中是包含有針對第一端所配置的控制設備上通信節點的配置信息的。有關針對第一端事先創建的配置文件所可包含的具體內容、以及將配置文件採用離線分發或網絡分發等方式下發給控制設備的具體實現,可參見本申請提供的其它實施例中相關內容,此處就不再做具體贅述。此外,有關通信節點的詳述,也可參見本申請其它實施例中相關內容,此處也不再做贅述。Unlike existing devices that communicate with other ends based on communication protocols such as USB and Bluetooth, the control device provided in this embodiment allows users to flexibly configure the activation of communication nodes on the control device (such as turning on some communication nodes and keeping some communication nodes closed during data transmission) and adjust the functions of communication nodes (such as changing the target end of data transmission) through software-defined control and other methods according to their own data transmission control needs after the device leaves the factory. It avoids the high cost of one-way transmission equipment such as optical gates and achieves low-cost and flexible security control of data transmission. In specific implementation, the user can create the corresponding configuration file in advance for the first end as needed, and then distribute it to the control device through offline distribution or network distribution. The above configuration file contains the configuration information of the communication node on the control device configured for the first end. Regarding the specific content that may be included in the configuration file created in advance by the first end, as well as the specific implementation of distributing the configuration file to the control device using methods such as offline distribution or network distribution, please refer to the relevant content in other embodiments provided in this application and will not be further described here. In addition, details regarding the communication node can also be found in the relevant content in other embodiments of this application and will not be further described here.
基於上述內容,上述S100「響應於針對第一端觸發的控制設備上通信節點配置操作,確定第一配置信息」,可具體包括:Based on the above, the above S100 "determining first configuration information in response to a communication node configuration operation on a control device triggered by the first end" may specifically include:
S1001、獲取用戶針對第一端事先創建的配置文件;S1001. Obtaining a configuration file created in advance by the user for the first end;
S1002、從所述配置文件中,獲取所述第一配置信息。S1002: Obtain the first configuration information from the configuration file.
其中,上述S1001「獲取用戶針對第一端事件創建的配置文件」,可採用如下任一項來實現:The above-mentioned S1001 "Obtaining the configuration file created by the user for the first-end event" can be implemented by any of the following methods:
響應於用戶觸發的導入操作,獲取導入的所述配置文件;或者In response to a user-triggered import operation, obtaining the imported configuration file; or
接收配置數據提供端發送的所述配置文件。Receive the configuration file sent by the configuration data provider.
有關配置數據提供端的詳述,可參見本申請實施例在詳述通過「網絡分發」方式將相應配置文件下發給控制設備時相關內容,更具體地比如,與配置服務器相關內容。上述第一配置信息中可包含有針對第一端的通信節點啟用信息、通過通信節點進行數據傳輸的目標端、相關其它一些參數,等等。有關第一配置信息可包含的具體內容,可參見其它實施例中相關內容。For details on the configuration data provider, please refer to the detailed description of the "network distribution" method for distributing the corresponding configuration file to the control device in the embodiments of this application, more specifically, the configuration server. The first configuration information may include information about the activation of the communication node for the first end, the target end for data transmission via the communication node, and other related parameters. For details on the specific content of the first configuration information, please refer to the relevant content in other embodiments.
之後,控制設備可按上述配置文件中包含的配置信息(如第一配置信息等),進行諸如通信節點的啟動,以與第一端進行數據交互,實現對第一端的數據傳輸控制。Afterwards, the control device can start the communication node according to the configuration information (such as the first configuration information, etc.) contained in the above configuration file to interact with the first end and realize data transmission control of the first end.
例如,參見圖20所示,控制設備31是基於第一通信協議(如USB協議、藍牙協議等)與第一端通信連接。控制設備31上電後,將會按照通過上述步驟S1001獲取到的配置文件中包含的配置信息進行啟動,比如:先從配置文件中,獲取針對第一端設置的通信節點啟用信息(如設置啟用兩個端點,其中,一個為默認需啟動的端點0、另一個為IN端點(如端點1))、用於與第一端建立握手連接(即通信連接)所需使用到的描述符、校驗規則等、以及與目標端(如第二端21、第二端22等)的數據傳輸方式等等;其中,與目標端的數據傳輸方式可以為但不限於如SOCKET、HTTP、HTTPS等,上述通信節點啟用信息具體是從配置文件包含的第一配置信息中獲取到的;之後,可按照獲取到的通信節點啟用信息中包含的通信節點標識,先啟動必須要啟動的默認端點諸如端點0,以通過該端點0與第一端進行枚舉交互從而完成握手連接,之後再完成針對第一端啟動相應的第一通信節點。For example, as shown in FIG20 , the control device 31 is connected to the first end in communication based on the first communication protocol (such as the USB protocol, the Bluetooth protocol, etc.). After the control device 31 is powered on, it will be started according to the configuration information contained in the configuration file obtained in the above step S1001. For example, first, the communication node activation information set for the first end is obtained from the configuration file (such as setting and activating two endpoints, one of which is the default endpoint 0 to be activated and the other is the IN endpoint (such as endpoint 1)), the descriptor, verification rules, etc. required to establish a handshake connection (i.e., a communication connection) with the first end, and the data with the target end (such as the second end 21, the second end 22, etc.). transmission mode, etc.; wherein, the data transmission mode with the target end may be, but is not limited to, SOCKET, HTTP, HTTPS, etc., and the above-mentioned communication node activation information is specifically obtained from the first configuration information contained in the configuration file; thereafter, according to the communication node identifier contained in the obtained communication node activation information, the default endpoint that must be activated, such as endpoint 0, may be first activated, so as to perform enumeration interaction with the first end through the endpoint 0 to complete the handshake connection, and then the corresponding first communication node may be activated for the first end.
通信節點標識能反映控制設備相應的通信節點號以及通信節點所屬的節點類型。有關通信節點標識的詳述可參見其它實施例中相關內容。「通信節點」在不同通信協議中具有不同的含義,在第一端與控制設備31間的通信協議為USB協議的情況下,通信節點是指USB協議中用於服務於通信傳輸的端點,如支持單向傳輸的NI端點、OUT端點(如除默認端點(端點0)之外的其他端點,為單向通信端點(簡稱單向端點)),支持雙向傳輸的IN/OUT端點(如端點0,為雙向通信端點(簡稱雙向端點))。在第一端與控制設備31間的通信協議為藍牙協議的情況下,通信節點是指可以是藍牙協議中的characteristic(特徵),如支持單向傳輸的讀特徵(Read屬性(或權限)的characteristic)、通知特徵(Notify屬性的 Characteristic)、寫特徵(Write屬性(或權限)的characteristic)、支持雙向傳輸的讀/寫特徵(Read/Write characteristic)等。在第一端與控制設備31間的通信協議為PCI或PCIE協議的情況下,通信節點可是指PCI或PCIE協議包含了多個數據通路(Lane),如發送端數據通路(TX發送邏輯)、接收端數據通路(RX接收邏輯)等。The communication node identification can reflect the communication node number corresponding to the control device and the node type to which the communication node belongs. For details about the communication node identification, please refer to the relevant content in other embodiments. "Communication node" has different meanings in different communication protocols. When the communication protocol between the first end and the control device 31 is the USB protocol, the communication node refers to the endpoint used to serve the communication transmission in the USB protocol, such as the NI endpoint and OUT endpoint that support unidirectional transmission (such as other endpoints except the default endpoint (endpoint 0), which are unidirectional communication endpoints (referred to as unidirectional endpoints)), and the IN/OUT endpoint that supports bidirectional transmission (such as endpoint 0, which is a bidirectional communication endpoint (referred to as bidirectional endpoint)). If the communication protocol between the first end and the control device 31 is the Bluetooth protocol, a communication node may refer to a characteristic in the Bluetooth protocol, such as a read characteristic (a characteristic with a Read attribute (or permission)), a notification characteristic (a characteristic with a Notify attribute), a write characteristic (a characteristic with a Write attribute (or permission)), or a read/write characteristic (a characteristic with a Bidirectional transmission). If the communication protocol between the first end and the control device 31 is the PCI or PCIE protocol, a communication node may refer to multiple data lanes included in the PCI or PCIE protocol, such as a transmit data lane (TX transmit logic) and a receive data lane (RX receive logic).
這裡需要補充說明的是:在USB協議中,也可將不同類型的通信節點進行組合,以組合形成一個支持雙向傳輸的端點(雙向端點)。例如,可將一個IN端點1和一個OUT端點1組合起來形成一個雙向通信端點1。It should be noted that in the USB protocol, different types of communication nodes can be combined to form an endpoint that supports bidirectional transmission (a bidirectional endpoint). For example, an IN endpoint 1 and an OUT endpoint 1 can be combined to form a bidirectional communication endpoint 1.
在下文中,將主要以第一端與控制設備31間的通信協議為USB協議為例來詳述本實施例提供的技術方案。In the following, the technical solution provided by this embodiment will be described in detail by taking the USB protocol as an example of the communication protocol between the first end and the control device 31.
以第一端與控制設備31間的通信協議為USB協議為例,假設對第一端所定義的是只能單向下行數據(即下載數據、獲取數據、接收數據),則上述所述的第一配置信息簡單示例可見下表8。 表8
以上表8中的端點1為例,進一步地,第一配置信息中包含的端點1相關信息具體可如下示例011所示:Taking endpoint 1 in Table 8 above as an example, the endpoint 1 related information included in the first configuration information may be specifically shown in the following example 011:
示例011Example 011
"備註":"第一端(如客戶端)單向下行數據,即第一端單向下載/接收數據""Remarks": "The first end (such as the client) unidirectionally downlinks data, that is, the first end unidirectionally downloads/receives data."
"通信節點標識":"0x01" //表示出的是端點號為1的端點(記為端點1,IN端點)"Communication Node Identification": "0x01" // indicates the endpoint with endpoint number 1 (denoted as endpoint 1, IN endpoint)
"數據傳輸能力控制信息":"RX""Data transmission capability control information": "RX"
"目標地址":"地址21(如192.###.1.1:8001)" //通信目標端(如服務端)的目標IP地址和端口號,或域名和端口號,或MAC地址等"Destination address": "Address 21 (such as 192.###.1.1:8001)" // The target IP address and port number of the communication target (such as the server), or the domain name and port number, or the MAC address, etc.
"提交的參數":["Submitted parameters": [
{"token":"Control****= ###1",{"token":"Control****= ###1",
"query": "getDataID=1" //為預設的查詢參數,用於從服務端中獲取數據。"query": "getDataID=1" //The default query parameter used to obtain data from the server.
"setTime":"1000" //自動提交查詢參數的時間,單位為毫秒 } ]"setTime": "1000" //Time to automatically submit query parameters, in milliseconds } ]
由上即,為端點1配置(或綁定)的信息包括但不限於:目標地址、提交的參數、數據傳輸能力控制信息等。上述"setTime",也即下文所述的控制設備所依據的觸發向目標端獲取數據的時機參數。如,若"setTime":"1000",則表示設置控制設備每間隔1000毫秒便向目標地址指示的目標端發送一次請求以向目標端獲取數據;再如,若"setTime":"0",則表示設置控制設備根據接收到的第一端發送的用於指示獲取數據的信令,比如IN令牌,來觸發執行向目標地址指示的目標端獲取數據。有關信令的詳述,在本申請其它實施例中有詳述,此處不作具體贅述。As mentioned above, the information configured (or bound) for endpoint 1 includes but is not limited to: target address, submitted parameters, data transmission capability control information, etc. The above-mentioned "setTime" is the timing parameter used by the control device described below to trigger the acquisition of data from the target end. For example, if "setTime": "1000", it means that the control device is set to send a request to the target end indicated by the target address once every 1000 milliseconds to obtain data from the target end; for another example, if "setTime": "0", it means that the control device is set to trigger the acquisition of data from the target end indicated by the target address based on the signaling sent by the first end for indicating the acquisition of data, such as an IN token. The details of the signaling are detailed in other embodiments of this application and will not be described in detail here.
這裡需要補充說明的是,若第一端與控制設備31間的通信協議為藍牙協議,則在配置第一端能通過控制設備上的一通信節點能單向下行數據情況下,為該通信節點配置的相關信息可同上述示例011,不同之處僅在於通信節點標識為UUID格式,例如,"通信節點標識(UUID)":"0x00000001-XXXX-XXXX-XXXX-00805F9B34FB" //表示特徵號為1的Characteristic(為讀特徵),本申請相關表格中對UUID的表示進行了簡化。It should be noted here that if the communication protocol between the first end and the control device 31 is the Bluetooth protocol, then when the first end is configured to be able to transmit downlink data unidirectionally through a communication node on the control device, the relevant information configured for the communication node can be the same as the above example 011. The only difference is that the communication node identifier is in UUID format, for example, "Communication node identifier (UUID)": "0x00000001-XXXX-XXXX-XXXX-00805F9B34FB" // Indicates a Characteristic with a characteristic number of 1 (read characteristic). The representation of UUID is simplified in the relevant forms of this application.
有關上表8以及下述各表(如表9~表12b等)中所述的相關其他參數可包含的具體內容,或者結合上表8給出的示例011、以及結合下述各表(如表9~表12b)給出的相應示例中各信息更具體詳述,均可參見本申請其他實施例中相關的內容,比如可參見與本申請其他實施例中給出的示例11至示例13中相關的內容,此處不再作具體贅述。Regarding the specific content that may be included in the other relevant parameters described in Table 8 above and the following tables (such as Tables 9 to 12b, etc.), or the more detailed description of each information in Example 011 given in Table 8 above and the corresponding examples given in the following tables (such as Tables 9 to 12b), please refer to the relevant content in other embodiments of this application, for example, please refer to the relevant content in Examples 11 to 13 given in other embodiments of this application, and no further detailed description will be given here.
控制設備31上電,讀取完上述表8示出的配置信息後,按照讀取到的配置信息,將先啟動端點0。端點0是控制設備31默認必須啟動的端點,用於設備枚舉和對設備進行一些基本的控制功能以與第一端建立握手連接,也即用於握手連接過程中與第一端的數據交互。除了端點0,在與第一端未完成枚舉之前,控制設備31上除端點0之外的其它端點均不會被激活啟動。After powering on and reading the configuration information shown in Table 8, control device 31 will first activate endpoint 0 according to the read configuration information. Endpoint 0 is the default endpoint that control device 31 must activate. It is used for device enumeration and basic device control functions to establish a handshake connection with the first end. This means that it is used to exchange data with the first end during the handshake process. Except for endpoint 0, no other endpoints on control device 31 will be activated until enumeration with the first end is complete.
例如,參見圖20中示出的控制設備31與第一端建立握手連接相關內容,控制設備31啟動端點0後,通過端點0向第一端發送可枚舉的電信號,進入USB協議規則的標準請求的枚舉流程,以與第一端進行來回枚舉,建立握手連接(也即上下文其他實施例中所述的建立通信連接);其中,在枚舉過程中,第一端發送的請求可包括但不限於:獲取描述符請求(如設備描述符、配置描述符、接口描述符、端點描述符、字符串描述符等)、設置請求(如設置USB設備地址、設置配置等)、校驗請求(如發送登錄設備訪問控制的密碼或後續數據傳輸的密鑰等)。控制設備31會針對上述第一端發送的請求進行響應,當響應第一端發送的校驗請求時,會對該校驗請求中攜帶的校驗數據進行校驗;在校驗通過後,啟動端點1,並通過端點0向第一端返回校驗結果,以告知第一端校驗通過、已完成端點1的啟動,可以向端點1傳輸數據。For example, referring to the content related to the control device 31 establishing a handshake connection with the first end shown in Figure 20, after the control device 31 starts endpoint 0, it sends an enumerable electrical signal to the first end through endpoint 0, and enters the enumeration process of the standard request of the USB protocol rules to perform back and forth enumeration with the first end to establish a handshake connection (that is, the establishment of a communication connection as described in other embodiments of the context); wherein, during the enumeration process, the requests sent by the first end may include but are not limited to: obtaining descriptor requests (such as device descriptors, configuration descriptors, interface descriptors, endpoint descriptors, string descriptors, etc.), setting requests (such as setting USB device addresses, setting configurations, etc.), verification requests (such as sending a password for logging in to device access control or a key for subsequent data transmission, etc.). The control device 31 will respond to the request sent by the first end. When responding to the verification request sent by the first end, it will verify the verification data carried in the verification request. After the verification is passed, endpoint 1 will be started and the verification result will be returned to the first end through endpoint 0 to inform the first end that the verification has passed, the startup of endpoint 1 has been completed, and data can be transmitted to endpoint 1.
需補充說明的是:在圖20中示出的控制設備31與第一端建立握手連接相關內容中,給出的SETUP令牌,是用於通知設備將要輸出一個數據包,其只用在控制傳輸中,起到一個控制作用,也就是通知控制設備的那個端點接下來要發送一個數據包了。有關SETUP令牌的具體作用詳述,也可參見現有相關內容。It should be noted that in the handshake connection established between the control device 31 and the first end shown in Figure 20 , the SETUP token provided is used to notify the device that a data packet is about to be output. It is used only in controlling transmission and serves a control function, namely, notifying the control device that the endpoint is about to send a data packet. For a detailed description of the specific function of the SETUP token, please refer to the existing related content.
有關控制設備31與第一端建立握手連接的具體實現,可參見本申請其他實施例中相關內容,此處不再做詳述。For the specific implementation of the control device 31 establishing a handshake connection with the first end, please refer to the relevant content in other embodiments of this application, and will not be described in detail here.
這裡需要補充說明的是,上述建立握手連接所涉及的部分內容可以為可選項。例如,涉及與描述符相關的部分內容為可選項,描述符(如端點描述符)可在第一端中預設,具體地,可通過配置文件預置在第一端上所安裝的控制設備的驅動軟件中,使第一端不通過向控制設備請求描述符的方式來獲取,這樣做可減少握手連接過程中的數據交互,提高握手連接的安全性;此外,還可防止第一端上安裝的軟件通過獲取描述符的方式,獲取控制設備的端點信息,進而不經由第一端(更具體地如為第一端上部署的控制設備驅動)直接通過控制設備與其他端進行數據交互。此外,還可以將握手或數據交換所需的全部數據(描述符集合,包括端點信息)和設置指令(如設置地址(第一端分配的USB總線地址)或使能配置指令等)預先分別在第一端和控制設備預設。控制設備啟動時(關閉默認的端點0),按照預置的USB總線地址進行設置,並啟動傳輸端點,第一端直接通過傳輸端點進行校驗和數據交換。相當不使用圖20步驟2的建立握手連接階段,並關閉默認端點0(控制傳輸、雙向傳輸),防止數據傳輸存在雙向連接(同時具備上行和下行傳輸)的風險。It should be noted that some of the content involved in establishing the handshake connection described above may be optional. For example, some of the content related to descriptors is optional. Descriptors (such as endpoint descriptors) can be preset on the first end. Specifically, they can be preset in the driver software of the control device installed on the first end through a configuration file, so that the first end does not need to request descriptors from the control device to obtain them. This can reduce data exchange during the handshake connection process and improve the security of the handshake connection. In addition, it can prevent the software installed on the first end from obtaining the endpoint information of the control device by obtaining descriptors, thereby preventing the software installed on the first end from directly exchanging data with other ends through the control device without going through the first end (more specifically, the driver of the control device deployed on the first end). Furthermore, all data (descriptor sets, including endpoint information) and setup instructions (such as setting the address (the USB bus address assigned by the first end) or enabling configuration instructions) required for handshaking or data exchange can be pre-set on the first end and the control device. When the control device boots up (by disabling the default endpoint 0), it configures itself according to the preset USB bus address and activates the transmit endpoint. The first end then performs verification and data exchange directly through the transmit endpoint. This effectively bypasses the handshake connection establishment phase in step 2 of Figure 20 and disables the default endpoint 0 (control transmission, bidirectional transmission), preventing the risk of a bidirectional connection (simultaneous uplink and downlink transmission) in data transmission.
另外,考慮到在握手連接過程中,由於控制設備31啟動有端點0(為雙向端點,即IN/OUT端點),是允許第一端通過端點0進行下行和上行數據的,這種情況下,例如,第一端可能向端點0發送與握手連接不相關的指令(或請求),比如獲取請求指令或發送數據指令,從而使得控制設備響應於如獲取請求指令向第一端發送非握手連接所需的數據(比如其他端的應用數據)、或者響應於發送數據指令向其他端發送指令中所攜帶的第一端的數據,造成第一端非期望的進行下行或上行數據的發生,為解決此問題,在控制設備31中可預置握手連接過程中所允許響應的指令,以此使得控制設備通過端點0只能響應符合要求的指令,比如,“0x0005XX0000000000”(設置地址指令,字節XX可以動態變化)、“0x8006000100001200”(獲取設備描述符指令)、“0x8006000200000900”(獲取配置描述符指令1)、“0x8006000200002000”(獲取配置描述符指令2);在握手連接過程中,若第一端向端點0發送的指令不符合要求,則直接忽視,不予響應。進一步地,上述端點0對應的數據緩衝區可為獨立存儲區,與控制設備31中其他端點(如端點1、端點2等)不共享數據緩衝區,以避免在第一端被惡意軟件等控制的情況下,使得第一端的非握手連接數據(如應用數據)通過端點0上傳至其他端,造成第一端非期望進行上行數據的發生。此外,在建立完握手連接後,控制設備還可立馬關閉端點0,使得後續第一端無法通過端點0對其他端(如第二端)進行非期望的上行或下行數據傳輸。當然,在其他一些實施例中,控制設備31也可不關閉端點0。具體是否關閉端點0,可根據後續針對第一端需要啟動的至少一個第一通信節點所屬節點類型、以及後續是否需要使用端點0從第一端獲取控制第一端上行數據或下行數據所需依據的一些參數(如所述的「 第一端的預置標識」)等各種因素來確定。有關握手連接完成後,什麼情況下可繼續保持端點0啟動或可關閉端點0,將在下文中結合具體例子有相關詳述,此處不作具體贅述。In addition, considering that during the handshake connection process, since the control device 31 starts with endpoint 0 (a bidirectional endpoint, i.e., an IN/OUT endpoint), the first end is allowed to transmit downlink and uplink data through endpoint 0, in this case, for example, the first end may send an instruction (or request) unrelated to the handshake connection to endpoint 0, such as an acquisition request instruction or a send data instruction, thereby causing the control device to respond to the acquisition request instruction by sending data required for a non-handshake connection (such as application data of the other end) to the first end, or respond to the send data instruction by sending the data of the first end carried in the instruction to the other end, causing the first end to transmit downlink or uplink data unexpectedly. To solve this problem, The control device 31 can preset the instructions allowed to respond during the handshake connection process, so that the control device can only respond to instructions that meet the requirements through endpoint 0, such as "0x0005XX0000000000" (set address instruction, byte XX can change dynamically), "0x8006000100001200" (get device descriptor instruction), "0x8006000200000900" (get configuration descriptor instruction 1), and "0x8006000200002000" (get configuration descriptor instruction 2). During the handshake connection process, if the instruction sent by the first end to endpoint 0 does not meet the requirements, it will be directly ignored and no response will be given. Furthermore, the data buffer corresponding to Endpoint 0 can be an independent storage area, not shared with other endpoints in control device 31 (e.g., Endpoint 1, Endpoint 2, etc.). This prevents the first endpoint's non-handshake connection data (e.g., application data) from being uploaded to other endpoints via Endpoint 0 if the first endpoint is controlled by malware, potentially causing the first endpoint to transmit unintended uplink data. Furthermore, after establishing the handshake connection, the control device can immediately shut down Endpoint 0, preventing the first endpoint from subsequently transmitting unintended uplink or downlink data to other endpoints (e.g., the second endpoint) via Endpoint 0. Of course, in other embodiments, control device 31 may not shut down Endpoint 0. Whether to shut down Endpoint 0 can be determined based on various factors, including the node type of at least one first communication node to be subsequently activated for the first end, and whether Endpoint 0 will be used to obtain parameters (such as the "preset identifier of the first end") required to control uplink or downlink data from the first end. The circumstances under which Endpoint 0 may be kept activated or shut down after the handshake connection is completed will be discussed in detail below with specific examples and will not be further elaborated here.
基於上述補充說明內容,本實施例提供的所述方法還可包括如下步驟:Based on the above supplementary description, the method provided in this embodiment may further include the following steps:
S103、在監測到上電後,根據所述第一配置信息啟動第二通信節點,以通過所述第二通信節點與第一端建立握手連接;S103: After detecting power-on, start the second communication node according to the first configuration information to establish a handshake connection with the first end through the second communication node;
S104、在建立握手連接過程中,確定所述第一端向第二通信節點發送的指令是否符合要求;S104: During the handshake connection establishment process, determining whether the instruction sent by the first end to the second communication node meets the requirements;
S105、符合時,響應所述指令;不符合時,不予響應所述指令;S105. If the conditions are met, respond to the instruction; if the conditions are not met, do not respond to the instruction;
其中,上述所述的第二通信節點是與第一端通信協議中支持雙向傳輸的一個通信節點,用於握手連接過程中與第一端的數據交互。例如,第二通信節點可以是上文所述的端點0,可以為控制設備默認必須啟動的端點(IN/OUT端點、或讀/寫特徵(Read/Write characteristic)。The second communication node is a communication node that supports bidirectional transmission in the communication protocol with the first end and is used to exchange data with the first end during the handshake connection process. For example, the second communication node can be endpoint 0 mentioned above, which can be an endpoint that the control device must activate by default (IN/OUT endpoint or read/write characteristic).
進一步地,在所述控制設備中,是為所述第二通信節點獨立設置有對應的數據緩存區的;Furthermore, in the control device, a corresponding data buffer area is independently provided for the second communication node;
以及,本實施例提供的所述方法還可包括如下步驟:Furthermore, the method provided in this embodiment may further include the following steps:
S106、在握手連接成功後,觸發執行上述S101中「 針對第一端啟動至少一個第一通信節點」的步驟,並根據所述至少一個通信節點所屬的節點類型以及所述目標端的確定方式,確定是否關閉所述第二通信節點。S106. After the handshake connection is successful, trigger the execution of the step of "activating at least one first communication node for the first end" in the above S101, and determine whether to shut down the second communication node based on the node type of the at least one communication node and the determination method of the target end.
有關上述S106中「確定是否關閉所述第二通信節點」的具體實現詳述,可參見下文結合圖21所描述的示例相關內容。For detailed implementation of “determining whether to shut down the second communication node” in S106 above, please refer to the example described below in conjunction with FIG. 21 .
以及,上述S101中「根據所述第一配置信息,針對所述第一端啟動至少一個第一通信節點」,可包括:Furthermore, the step of "activating at least one first communication node for the first end according to the first configuration information" in S101 may include:
S1011、從所述第一配置信息中,獲取針對第一端設置的通信節點啟用信息;S1011. Obtain communication node activation information set for the first end from the first configuration information;
S1012、根據所述通信節點啟用信息中包含的通信節點標識,啟動所述至少一個第一通信節點。S1012. Activate the at least one first communication node according to the communication node identifier included in the communication node activation information.
此外,可選的,在控制設備31上電後,若除檢測到第一端之外,還檢測到其他目標端(如第二端21、第二端22),還可進行與目標端建立握手連接。比如,控制設備31按照預設配置,可向目標端發起握手連接,如登錄目標端、或取得目標端session信息等數據傳輸憑證等,其中,控制設備連接目標端進行數據交互可以為長連接(如SOCKET保持連接)、也可以為短連接(如HTTP)、也可以為文件交換(如FTP)等等;上述session為「會話控制」,session信中包含與目標端建立會話所需的屬性及配置信息等。Optionally, after powering on, if the control device 31 detects other target terminals (e.g., second terminals 21 and 22) in addition to the first terminal, it can also establish a handshake connection with the target terminal. For example, according to a preset configuration, the control device 31 can initiate a handshake connection with the target terminal, such as logging into the target terminal or obtaining data transmission credentials such as the target terminal's session information. The data exchange between the control device and the target terminal can be a long connection (e.g., a persistent SOCKET connection), a short connection (e.g., HTTP), or a file exchange (e.g., FTP). The aforementioned session is a "session control" session, and the session message contains the properties and configuration information required to establish a session with the target terminal.
這裡需要補充說明的是,除了為第二通信節點設置有獨立的數據緩存區外,也可為其他通信節點設置相應獨立的數據緩存區,由此也就是說:本實施例中各通信節點之間可以以獨立數據緩衝區(互相不共享)進行隔離。其中,獨立數據緩衝區可為基於軟件上的,比如,內存分配的獨立緩衝區;或者,也可以為基於硬件上的,比如,不同存儲芯片的獨立緩衝區。It should be noted that, in addition to providing an independent data cache for the second communication node, corresponding independent data caches can also be provided for other communication nodes. This means that in this embodiment, each communication node can be isolated using independent data buffers (not shared). These independent data buffers can be software-based, such as independent buffers allocated by memory, or hardware-based, such as independent buffers on different storage chips.
通過上述內容,控制設備31也就可以從通信節點層面上,實現對第一端所能進行的數據傳輸能力的控制,其中,數據傳輸能力包括上行數據傳輸能力、下行數據傳輸能力中的至少一個。例如,若上述至少一個第一通信節點均為IN端點,由於控制設備未啟動OUT端點,所以第一端在與控制設備進行非握手連接數據交互(如批量傳輸)過程中,只能通過控制設備上啟動的IN端點對相應的目標端進行下行數據的傳輸,無法進行上行數據的傳輸。Through the above, the control device 31 can control the data transmission capabilities of the first end at the communication node level. Data transmission capabilities include at least one of uplink and downlink data transmission capabilities. For example, if at least one of the first communication nodes is an IN endpoint, and the control device has not activated the OUT endpoint, the first end, during non-handshake data exchange (e.g., bulk transfer) with the control device, can only transmit downlink data to the corresponding target end via the IN endpoint activated on the control device, and cannot transmit uplink data.
由上即,設目標通信節點為所述至少一個第一通信節點中的一個通信節點,則上述S102中「根據所述目標通信節點所屬的節點類型,控制所述第一端通過所述目標通信節點所能進行的數據傳輸能力」,可具體包括:As described above, assuming that the target communication node is one of the at least one first communication node, the step of "controlling the data transmission capability of the first end through the target communication node according to the node type of the target communication node" in S102 may specifically include:
S1021、確定所述第一端通過目標通信節點進行數據傳輸的目標端;S1021, determining a target end for data transmission by the first end through a target communication node;
S1022、目標通信節點所屬節點類型為第一類型時,控制第一端對目標端能上行數據;S1022: When the node type of the target communication node is the first type, controlling the first end to transmit uplink data to the target end;
S1023、目標通信節點所屬節點類型為第二類型時,控制第一端對目標端能下行數據;S1023: When the node type of the target communication node is the second type, controlling the first end to transmit data to the target end;
具體實施時,在一可實現方案中,上述目標端可根據通信節點與目標地址的一一綁定關係來確定,如可參見上表8、或者下表9或表10或表11a~表11b示出針對第一端所配置的控制設備上通信節點與目標地址的綁定關係簡單示例。 表9(配置第一端僅能單向下行數據(即下載數據、獲取數據)的示例)
針對上表10示出的配置第一端僅能單向上行數據的情況下,以上表10中的端點3為例,為端點3配置的相關信息具體可如下示例012所示:In the case where the configuration shown in Table 10 above shows that the first end can only transmit uplink data in one direction, taking Endpoint 3 in Table 10 above as an example, the relevant information configured for Endpoint 3 can be specifically shown in Example 012 below:
示例012Example 012
"備註":"第一端單向上行數據,即客戶端發送(上傳)數據""Remarks": "Unidirectional uplink data on the first end, i.e., data sent (uploaded) by the client"
"通信節點標識":"0x13""Communication Node Identifier": "0x13"
"目標地址":"192.###.1.1:8000""Target address": "192.###.1.1:8000"
"數據傳輸能力控制信息":"TX""Data transmission capability control information": "TX"
"提交的參數":[{ "token":"Control****=###1" } ];"Submitted parameters": [{ "token":"Control****=###1" } ];
由上即,在一可實現方案中,上述S1021“確定所述第一端通過目標通信節點進行數據傳輸的目標端”,可採用如下步驟來實現:Therefore, in one possible implementation, the above-mentioned step S1021 "determining the target end for data transmission by the first end through the target communication node" can be implemented by the following steps:
S10211、根據所述第一配置信息,獲取通信節點與目標地址的一一綁定關係;S10211. Obtain a one-to-one binding relationship between a communication node and a target address based on the first configuration information;
S10212、根據所述通信節點與目標地址的一一綁定關係,確定與所述目標通信節點具有綁定關係的目標地址;S10212: Determine a target address that has a binding relationship with the target communication node based on the one-to-one binding relationship between the communication node and the target address;
S10213、根據與所述目標通信節點具有綁定關係的目標地址,確定所述目標端。S10213. Determine the target end according to the target address that has a binding relationship with the target communication node.
在圖23a示出的數據傳輸系統結構圖中,示出了通信節點與目標地址為一對一綁定示例。In the data transmission system structure diagram shown in FIG23a, an example of one-to-one binding between a communication node and a target address is shown.
當然目標端也可以採用其他方式來確定,有關採用其他方式確定將在本申請中有詳述。Of course, the target end may also be determined by other methods, and the use of other methods will be detailed in this application.
需要說明的是,上述目標端地址:地址21a、地址21b,地址22、地址23、地址24,可以分別表示硬件上不同的第二端(如不同的服務器),也可以表示為網絡服務不同的第二端(如相同的服務器,不同的網絡服務)。It should be noted that the aforementioned target end addresses: address 21a, address 21b, address 22, address 23, and address 24, can represent different second-ends on hardware (e.g., different servers) or different second-ends of network services (e.g., the same server, different network services).
根據本申請其它實施例中所詳述的與USB協議中端點相關的內容,上述所述的目標通信節點一般為單向通信節點,在目標通信節點為單向通信節點的情況下,第一端通過目標通信節點對目標端只具備單向數據傳輸能力,比如,若目標通信節點所屬節點類型為第一類型(如為OUT端點),第一端對目標端只能單向上行數據,以及若目標通信節點所屬節點類型為第二類型(如為IN端點),第一端對目標端只能單向下行數據。當然,在其他一些實施例中,不排除控制設備中除默認通信節點(如上文所述的端點0)為雙向通信節點之外,其他額外通信節點也可能被定義為符合相應通信協議規範的雙向通信節點,即目標通信節點也可能為雙向通信節點(如IN/OUT端點),在目標通信節點為雙向通信節點(如IN/OUT端點,即所屬節點類型為第三類型)的情況下,第一端通過目標通信節點對目標端能雙向數據傳輸,即能上行數據和下行數據。由此,上述步驟S102中還可包括如下步驟:According to the content related to endpoints in the USB protocol detailed in other embodiments of this application, the target communication node mentioned above is generally a unidirectional communication node. When the target communication node is a unidirectional communication node, the first end only has a unidirectional data transmission capability to the target end through the target communication node. For example, if the node type of the target communication node is the first type (such as an OUT endpoint), the first end can only transmit unidirectional data to the target end; and if the node type of the target communication node is the second type (such as an IN endpoint), the first end can only transmit unidirectional data to the target end. Of course, in other embodiments, it is not ruled out that, in addition to the default communication node (such as endpoint 0 described above) in the control device being a bidirectional communication node, other additional communication nodes may also be defined as bidirectional communication nodes that comply with the corresponding communication protocol specifications. In other words, the target communication node may also be a bidirectional communication node (such as an IN/OUT endpoint). If the target communication node is a bidirectional communication node (such as an IN/OUT endpoint, i.e., a node type of the third type), the first end can transmit bidirectional data to the target end through the target communication node, i.e., both uplink and downlink data. Therefore, the above-mentioned step S102 may also include the following steps:
S1024、所述目標通信節點所屬節點類型為第三類型時,控制第一端對目標端能進行上行數據和下行數據。S1024: When the node type of the target communication node is the third type, control the first end to transmit uplink data and downlink data to the target end.
這裡需要補充說明的是,若控制設備中只有默認通信節點為雙向通信節點,其它額外節點均為單向通信節點,則可以使用兩個不同類型的單向通信節點來控制實現第一端對一個目標端能進行上行數據和下行數據。例如,參見下表11a,可針對第一端為控制設備中的一個IN端點和一個OUT端點均綁定同一個目標地址(如綁定的均為第二端22的地址22),以此來控制實現第一端對相應的一個目標端能同時進行上行數據和下行數據。 表11a(配置第一端能上行數據和下行數據的示例)
另外,若控制設備中只有默認通信節點為雙向通信節點,其它額外通信節點均為單向通信節點,也可以配置啟動控制設備上不同類型的單向通信節點,來通過控制設備控制第一端能上行數據和下行數據,其中,第一端上行數據和下行數據對應的目標端不同。例如,參見下表11b,可針對第一端配置啟用控制設備中兩個不同類型的端點:一個NI端點和一個OUT端點,其中,為該一個NI端點綁定的目標地址為地址22,為該一個OUT端點綁定的目標地址為地址23,以此控制第一端可同時對不同目標端具有不同的數據傳輸能力,比如,第一端對第二端22能下行數據,同時對第二端23能上行數據。 表11b(配置第一端能上行數據和下行數據的示例)
下面舉兩個例子,分別詳述一下第一端進行單向上行數據、單向下行數據的具體實現。The following two examples illustrate the specific implementation of one-way uplink data and one-way downlink data on the first end.
例如,承接上述結合表8給出的示例並繼續參見圖20,設控制設備31與第一端握手連接成功後,針對第一端僅啟動有一個端點1(IN端點)、端點1綁定的目標地址所指示的目標端為第二端21,則第一端通過控制設備31對第二端21僅能單向下行數據,單向下行數據的具體實現可包括如下兩種實現方式:自動單向下行數據、按需單向下行數據。其中,For example, continuing with the example given in conjunction with Table 8 and referring to FIG20 , assuming that after the control device 31 successfully establishes a handshake connection with the first end, only one endpoint 1 (IN endpoint) is activated for the first end, and the target end indicated by the target address bound to endpoint 1 is the second end 21, then the first end can only transmit unidirectional downstream data to the second end 21 through the control device 31. The specific implementation of unidirectional downstream data can include the following two implementation methods: automatic unidirectional downstream data transmission and on-demand unidirectional downstream data transmission.
自動單向下行數據是指由控制設備31自動定時的主動向第二端21請求獲取數據,並將第二端21返回的數據存儲至端點1對應的數據緩存區中,以待達到推送條件時,將第二端21返回的數據再通過端點1推送給第一端,其中,推送條件可包括但不限於如下中的至少一項:推送時間、數據量大於設定閾值、接收到指示向第一端發送數據的信令(如IN令牌包)等。例如,在控制設備31基於USB協議與第一端通信情況下,控制設備可在監測到端點1接收到第一端發送的IN令牌包後,被動觸發通過端點1向第一端推送數據。Automatic unidirectional downlink data transmission refers to the control device 31 automatically and regularly requesting data from the second end 21 and storing the data returned by the second end 21 in the data buffer corresponding to endpoint 1. When push conditions are met, the data returned by the second end 21 is then pushed to the first end via endpoint 1. Push conditions may include, but are not limited to, at least one of the following: the push time, the data volume exceeding a set threshold, or the receipt of a signal (such as an IN token packet) instructing data transmission to the first end. For example, if the control device 31 is communicating with the first end based on the USB protocol, the control device may passively trigger data push to the first end via endpoint 1 after detecting that endpoint 1 has received the IN token packet sent by the first end.
這裡需要補充說明的是:在控制設備31基於藍牙協議與第一端通信情況下,如控制設備針對第一端僅啟動的一個通信節點為Notify屬性的Characteristic,則控制設備31可按照設定推送時間,通過該Notify屬性的Characteristic實時或定時的自動觸發向第一端推送數據;或者,可按照設定的數據量大於設定閾值這一推送條件,在確定接收到的第二端返回的數據量大於設定閾值時,通過該Notify屬性的Characteristic自動觸發向第一端推送數據。It should be noted that when the control device 31 communicates with the first end based on the Bluetooth protocol, if the control device only activates a communication node with a Characteristic of the Notify attribute for the first end, the control device 31 can automatically trigger the Characteristic of the Notify attribute to push data to the first end in real time or on a scheduled basis according to the set push time; or, according to the push condition that the set data amount is greater than the set threshold, when it is determined that the amount of data received from the second end is greater than the set threshold, the control device 31 automatically triggers the Characteristic of the Notify attribute to push data to the first end.
採用上述控制設備預先異步向第二端21請求獲取數據的方式,可提高第一端下行數據的傳輸速度。圖20中示出的“單向傳輸下行(自動獲取)”相關內容,也即對應於上述所述的自動單向下行數據。By using the aforementioned control device to asynchronously request data from the second end 21 in advance, the transmission speed of downlink data from the first end can be increased. The "Unidirectional Downlink Transmission (Automatic Acquisition)" section shown in Figure 20 corresponds to the automatic unidirectional downlink data transmission described above.
按需單向下行數據,是指控制設備31在監測到第一端向端點1發送的指示獲取數據的信令(如IN令牌)後,被動的向第二端21請求獲取數據,並將第二端21返回的數據存儲至端點1對應的數據緩存區中,以待達到推送條件時,將第二端21返回的數據再通過端點1推送給第一端。例如,參見圖20中示出的「單向傳輸下行(按需獲取)」相關內容,第一端在需要從第二端獲取數據時,可向控制設備31的端點1發送IN令牌包,以指示控制設備31向其返回第二端的數據(如第二端中所存儲的第一端上應用所需的資源數據),此時端點1對應的數據緩存區中並未存儲有相關數據,控制設備31針對接收到的IN令牌包可通過端點1向第一端返回相應的響應狀態包,如NAK包(無可推送數據),以告知目前無可推送的數據;並進一步地,控制設備31還會觸發執行向第二端21請求獲取數據,並將接收到第二端21返回的數據進行緩存存儲,當再次接收到第一端繼續重試向端點1發送的IN令牌包時,向第一端返回從第二端21中獲取到的數據以及ACK狀態包。On-demand unidirectional downlink data means that after the control device 31 monitors the signaling (such as an IN token) sent by the first end to endpoint 1 indicating the acquisition of data, it passively requests data from the second end 21 and stores the data returned by the second end 21 in the data buffer area corresponding to endpoint 1. When the push conditions are met, the data returned by the second end 21 is pushed to the first end through endpoint 1. For example, referring to the "One-way transmission downlink (on-demand acquisition)" related content shown in Figure 20, when the first end needs to obtain data from the second end, it can send an IN token packet to the endpoint 1 of the control device 31 to instruct the control device 31 to return the data of the second end to it (such as the resource data required by the application on the first end stored in the second end). At this time, the data cache corresponding to the endpoint 1 does not store the relevant data. The control device 31 can receive the received IN token packet through The control device 31 returns a corresponding response status packet, such as a NAK packet (no data to push), to the first end through endpoint 1 to inform that there is currently no data to push; and further, the control device 31 will trigger the execution of a request to obtain data from the second end 21, and cache and store the data returned by the second end 21. When the first end receives the IN token packet that continues to retry sending to endpoint 1, it returns the data obtained from the second end 21 and the ACK status packet to the first end.
有關是自動單向下行數據還是按需單向下行數據,可根據配置信息中的setTime參數來確定。setTime參數為指示控制設備向目標端觸發獲取數據的時機參數,有關setTime詳述可參見本申請其它實施例中相關內容,如與示例12相關內容。Whether the data is transmitted automatically or on-demand can be determined by the setTime parameter in the configuration information. The setTime parameter indicates the timing for the control device to trigger the acquisition of data from the target terminal. For details about setTime, please refer to the relevant content in other embodiments of this application, such as the content related to Example 12.
這裡需要補充說明的是,在單向下行數據場景下,控制設備31是按照自身內置的預設請求參數來生成獲取請求並發送至第二端,以向第二端請求獲取數據的。另外,考慮到在單向下行數據場景下,因某些因素也可能存在控制設備接收到第一端發送的非如IN令牌包等信令的數據,比如,第一端可能會通過控制設備上默認啟動的通信節點(如端點0,用於控制傳輸,如握手連接)發送非如IN令牌包等信令的數據,此種情況下,若監測到第一端向端點1發送了非如IN令牌包等信令的數據,比如包含請求參數的請求數據包,控制設備31也不會將該接收到的請求數據包轉發給第二端21,但可以進行記錄。針對控制第一端通過端點1(IN端點)只能單向下行數據所設置的配置信息可參見上文其它實施例中給出的諸如示例011。It should be noted that in a unidirectional downlink data scenario, the control device 31 generates a request based on its own built-in default request parameters and sends it to the second end to request data from the second end. Furthermore, considering that in a unidirectional downlink data scenario, due to certain factors, the control device may receive data other than signaling, such as an IN token packet, sent by the first end. For example, the first end may send data other than signaling, such as an IN token packet, through a communication node enabled by default on the control device (such as endpoint 0, used to control transmission, such as a handshake connection). In this case, if the control device 31 detects that the first end has sent data other than signaling, such as an IN token packet, to endpoint 1, such as a request data packet containing request parameters, the control device 31 will not forward the received request data packet to the second end 21, but may record it. For the configuration information for controlling the first terminal to transmit only downstream data through terminal 1 (IN terminal), please refer to Example 011 given in other embodiments above.
再例如,結合表10以及圖20中示出的與「單向傳輸上行」相關內容,假設針對第一端啟動的通信節點均為OUT端點,第一端僅能單向上行數據。以目標通信節點為端點3(為OUT端點),端點3對應的目標端為第二端22為例,第一端通過端點3對第二端22進行單向上行數據的過程可如下:第一端向控制設備31的端點3發送用於指示控制設備31接收數據的信令諸如OUT令牌包以及需向第二端22傳輸的數據包b(或報文);控制設備31響應於該OUT令牌包,可以根據自身預置配置,根據OUT令牌包直接實時地將接收到的數據包b轉發給第二端22,或者也可以將數據包b先暫存在端點3對應的數據緩存區,以待達到預設發送條件時,再觸發自動執行將數據包b轉發至第二端22的操作,其中,預設發送條件可以為但不限於:數據存儲時間大於或等於設定時間閾值、數據存儲累積量達到設定數據量、達到設定發送時間等。進一步地,由於第一端只能單向上行數據的限制,控制設備31可不向第一端返回相應的響應狀態包,如ACK包(發送成功)、或NAK包(發送失敗)、或STALL包(無法判斷發送狀態)等;或者,按照安全控制需求,根據上行數據是否成功,也可以返回相應的響應狀態包;或者,無論上行數據是否成功,一律返回同一個狀態包,比如一律返回上述示出的ACK包、NAK包、STALL包中的一個,等等。For another example, combining Table 10 and the contents related to "one-way transmission uplink" shown in Figure 20, assuming that the communication nodes activated for the first end are all OUT endpoints, the first end can only transmit data in one direction. Taking the target communication node as endpoint 3 (which is an OUT endpoint) and the target end corresponding to endpoint 3 as the second end 22, the process of the first end transmitting one-way uplink data to the second end 22 through endpoint 3 can be as follows: the first end sends a signaling such as an OUT token packet and a data packet b (or message) to be transmitted to the second end 22 to endpoint 3 of the control device 31; the control device 31 responds to the OUT token packet and can perform the following operations according to its own preset settings. The received data packet b is directly forwarded to the second end 22 in real time according to the OUT token packet, or the data packet b can be temporarily stored in the data buffer area corresponding to the end point 3, and then the operation of automatically forwarding the data packet b to the second end 22 is triggered when the preset sending conditions are met. The preset sending conditions can be, but are not limited to: the data storage time is greater than or equal to the set time threshold, the data storage accumulation amount reaches the set data amount, the set sending time is reached, etc. Furthermore, due to the limitation that the first end can only transmit uplink data unilaterally, the control device 31 may not return a corresponding response status packet to the first end, such as an ACK packet (successful transmission), a NAK packet (failed transmission), or a STALL packet (unable to determine the transmission status), etc.; or, in accordance with security control requirements, a corresponding response status packet may be returned based on whether the uplink data is successful; or, regardless of whether the uplink data is successful, the same status packet may be returned, such as one of the ACK packet, NAK packet, or STALL packet shown above, etc.
針對控制第一端通過端點3(OUT端點)只能單向上行數據所設置的配置信息可參見上文其它實施例中給出的諸如示例012。For the configuration information for controlling the first terminal to transmit only one-way uplink data through terminal 3 (OUT terminal), please refer to Example 012 given in other embodiments above.
基於上述描述內容,在一種可實現方案中,上述S1022「目標通信節點所屬節點類型為第二類型時,控制第一端對目標端只能上行數據」,可具體包括:Based on the above description, in one possible implementation, the above S1022 "When the target communication node belongs to the second type of node, controlling the first end to only transmit uplink data to the target end" may specifically include:
S10221、獲取針對所述目標通信節點所設置的觸發獲取數據的時機參數;S10221. Obtaining a timing parameter for triggering data acquisition set for the target communication node;
S10222、按照所述時機參數,向所述目標端獲取數據以備將獲取到的數據發送至所述第一端;S10222: Obtain data from the target end according to the timing parameter, so as to prepare to send the obtained data to the first end;
有關時機參數的詳述,可參見本申請各實施例中涉及的與「setTime」相關的內容。For details on timing parameters, please refer to the contents related to "setTime" in the various embodiments of this application.
以及,上述步驟S10222「按照所述時機參數,向所述目標端獲取數據以備將獲取到的數據發送至所述第一端」,可採用如下步驟來實現:Furthermore, the above-mentioned step S10222 "According to the timing parameter, obtaining data from the target end so as to prepare to send the obtained data to the first end" can be implemented by the following steps:
S102221、若所述時機參數為第一數值,則定時地向所述目標端獲取數據;S102221. If the timing parameter is a first value, periodically obtain data from the target terminal;
S102222、若所述時機參數為第二數值,則在監測到所述第一端向所述目標通信節點發送的用於指示需向第一端發送數據的信令時,向所述目標端獲取數據。S102222. If the timing parameter is a second value, upon detecting signaling sent by the first end to the target communication node indicating that data needs to be sent to the first end, obtain data from the target end.
上述第一數值可為非零時間值,比如1000ms,此時可自動每間隔1000ms觸發一次向目標端獲取數據;第二數值可為零,若控制設備與第一端的通信協議為USB協議,則上述用於指令需向第一端發送數據的信令可為IN令牌包,此時可每監測到目標通信節點接收到IN令牌包,觸發一次向目標端獲取數據。有關信令的詳述,可參見本申請其它實施例中相關內容。The first value can be a non-zero time value, such as 1000ms, in which case the control device can automatically trigger data acquisition from the target device every 1000ms. The second value can be zero. If the communication protocol between the control device and the first terminal is the USB protocol, the signaling for instructing the first terminal to send data can be an IN token packet. In this case, each time the target communication node receives the IN token packet, the control device can trigger data acquisition from the target device. For detailed descriptions of signaling, please refer to the relevant content in other embodiments of this application.
其中,在執行上述步驟S102222中「向所述目標端獲取數據「之前,還可包括:Before executing the above step S102222 of "obtaining data from the target end", the following steps may also be included:
在目標通信節點對應的數據緩存區查找是否存在與目標端相關的數據;Search the data cache corresponding to the target communication node to see if there is data related to the target end;
存在時,將查找到的與目標端相關的數據發送至所述第一端;If it exists, the data related to the target end is sent to the first end;
不存在時,向目標端發送相應的響應狀態包(如NAK包),以告知第一端無可發送的適配數據,並觸發執行向所述目標端獲取數據的步驟。If the first end does not have the data, a corresponding response status packet (such as a NAK packet) is sent to the target end to inform the first end that there is no adapted data to be sent, and trigger the step of obtaining data from the target end.
以及,上述S102221或S102222中“向所述目標端獲取數據”,可採用如下步驟來實現:Furthermore, the step of "obtaining data from the target end" in S102221 or S102222 can be implemented by the following steps:
G11、獲取針對所述目標通信節點所設置的預設請求參數;G11. Obtaining default request parameters set for the target communication node;
G12、根據所述預設請求參數,生成獲取請求並發送至所述目標端;G12. Generate a request based on the preset request parameters and send it to the target end;
G13、接收所述目標端針對所述獲取請求返回的數據並存儲至所述目標通信節點對應的數據緩存區。G13. Receive the data returned by the target end in response to the acquisition request and store it in a data cache area corresponding to the target communication node.
本實施例中上下文所述的時機參數、預設請求參數、以及數據傳輸能力控制信息,均可從控制設備內置的配置信息中獲取到。The timing parameters, default request parameters, and data transmission capability control information described in the context of this embodiment can all be obtained from the built-in configuration information of the control device.
上文內容,主要是單純從通信節點層面上來描述實現對第一端的數據傳輸能力控制的,這種單純從通信節點層面上來實現控制,通信節點與目標端是一對一,第一端通過一個通信節點只能對單個目標端進行上行和/或下行數據,為了能夠實現通信節點複用,使得通信節點與目標端能一對多,從而達到第一端通過一個通信節點能對多個目標端進行上行和/或下行數據,進一步地,本實施例提供的方案還可為第一端或目標端配置「預置標識」(或「預置字符串」),利用「預置標識」(或「預置字符串」)實現在通信節點數量有限、不夠的情況下,通過通信節點複用解決針對多個目標端的數據接收、發送等問題。The above content mainly describes the control of the data transmission capacity of the first end from the communication node level. This control is achieved from the communication node level. The communication node and the target end are one-to-one. The first end can only transmit uplink and/or downlink data to a single target end through a communication node. In order to realize communication node reuse, the communication node and the target end can be one-to-many, thereby achieving the first end. A single communication node can transmit uplink and/or downlink data to multiple target terminals. Furthermore, the solution provided in this embodiment can also configure a "preset identifier" (or "preset string") for the first terminal or the target terminal. The "preset identifier" (or "preset string") can be used to solve the problem of receiving and sending data to multiple target terminals by reusing the communication nodes when the number of communication nodes is limited or insufficient.
上述「預置標識」是針對第一端或目標端上預先註冊服務預置的,一個預置標識對應於一個預先註冊服務,能用於因隱藏相應端的地址,或不隱藏地址為相應端的地址。有關預置標識的詳述可參見本申請其它實施例中相關內容,此處不再做詳述。用戶在針對第一端創建相應的配置文件時,可以按自己需求,為一個通信節點綁定至少一個預置標識,通過一個預置標識是能夠確定出一個目標地址的,以此實現利用「預置標識」通過通信節點複用解決針對多個目標端的數據接收、發送等問題。即:用戶在針對第一端創建配置文件時,可按如下配置格式為需啟用的控制設備中通信節點配置相應的信息:The above-mentioned "preset identifier" is preset for the pre-registered service on the first end or the target end. One preset identifier corresponds to one pre-registered service and can be used to hide the address of the corresponding end or to not hide the address as the address of the corresponding end. For details about the preset identifier, please refer to the relevant content in other embodiments of this application and will not be described in detail here. When the user creates the corresponding configuration file for the first end, he can bind at least one preset identifier to a communication node according to his own needs. A preset identifier can be used to determine a target address, thereby realizing the use of the "preset identifier" through communication node reuse to solve problems such as data reception and transmission for multiple target ends. That is, when creating a configuration file for the first end, the user can configure the corresponding information for the communication node in the control device to be activated according to the following configuration format:
"備註":"第一端的數據傳輸功能(如單向下行數據或單向上行數據)""Remarks": "Data transmission function of the first end (such as one-way downlink data or one-way uplink data)"
"通信節點標識":"****""Communication Node Identifier": "****"
"預置標識":"預置標識1、預置標識2、......""Preset ID": "Preset ID 1, Preset ID 2, ..."
具體在配置相應的通信節點以為其綁定相應的預置標識時,可根據通信節點的節點類型,為通信節點綁定相應的第一端的預置標識或目標端的預置標識。其中,若綁定的為第一端的預置標識,可從綁定的預置標識關聯的關聯信息中獲取相應的目標地址;若綁定的為目標端的預置標識,則可直接根據綁定的預置標識,確定目標地址。Specifically, when configuring a corresponding communication node to bind a corresponding preset identifier, the communication node may be bound to either the preset identifier of the first end or the preset identifier of the target end, depending on the node type of the communication node. If the preset identifier of the first end is bound, the corresponding target address may be obtained from the associated information associated with the bound preset identifier; if the preset identifier of the target end is bound, the target address may be directly determined based on the bound preset identifier.
例如,若通信節點所屬節點類型為第一類型,如通信節點為OUT端點,則可為該通信節點綁定至少一個第一端的預置標識(或者,也可綁定目標端的預置標識(如目標地址));若通信節點所屬節點類型為第二類型,如通信節點為IN端點,則可為該通信節點綁定至少一個目標端的預置標識(如直接為目標地址、或為具有隱藏目標地址作用的字符串)。當然,若通信節點所屬節點類型為第二類型,也可為該通信節點綁定第一端的預置標識,本實施例不作限定。For example, if the communication node belongs to the first type of node type, such as an OUT endpoint, then at least one preset identifier of the first endpoint (or, alternatively, a preset identifier of the target endpoint (e.g., a target address)) may be bound to the communication node. If the communication node belongs to the second type of node type, such as an IN endpoint, then at least one preset identifier of the target endpoint (e.g., a direct target address or a character string that hides the target address) may be bound to the communication node. Of course, if the communication node belongs to the second type of node type, the preset identifier of the first endpoint may also be bound to the communication node, and this embodiment is not limited thereto.
下表12a、表12b和表13a、表13b分別示出了針對第一端所預置的配置信息中包含預置標識,通過預置標識實現控制設備上端點複用的簡單示例。 表12a(配置第一端僅能單向下行數據的示例)
有關表12b中預置標識具體可關聯的關聯信息,可參見本申請其它實施例中給出的示例12相關內容。For specific associated information of the preset identifiers in Table 12b, please refer to the relevant content of Example 12 given in other embodiments of this application.
通過如上述表12a或表12b示出的配置,在需控制第一端能對不同目標端進行下行數據時,可全部複用控制設備上的端點1。By using the configuration shown in Table 12a or Table 12b above, when it is necessary to control the first end to transmit downlink data to different target ends, all endpoints 1 on the control device can be reused.
例如,結合上述表12a,第一端在需獲取數據時,可向控制設備31的端點1發送IN令牌包,以指示控制設備31向其返回第二端的數據(如第二端中所存儲的第一端上應用所需的資源數據),此時端點1對應的數據緩存區中並未存儲有相關數據,控制設備31針對接收到的IN令牌包可通過端點1向第一端返回相應的響應狀態包,如NAK包(無可推送數據),以告知目前無可推送的數據;並進一步地,控制設備31還會執行根據端點1所綁定的目標端的預置標識確定出相應的目標地址,比如,根據預置標識0x2B確定出第二端21a的地址21a、根據預置標識0x3B確定出第二端21b的地址21b;然後,再根據地址21a、地址21b,分別向第二端21a、第二端21b請求數據,並將接收到第二端21a和第二端21b各自返回的數據進行緩存存儲,當再次接收到第一端繼續重試向端點1發送的IN令牌包時,通過端點1向第一端返回從第二端21a及第二端21b中獲取到的數據以及ACK狀態包,以此使得第一端僅通過端點1便能同時從不同端獲取(下載)數據。For example, in conjunction with Table 12a above, when the first end needs to obtain data, it can send an IN token packet to endpoint 1 of the control device 31 to instruct the control device 31 to return the data of the second end (such as resource data required by the application on the first end stored in the second end). At this time, the corresponding data cache area of endpoint 1 does not store the relevant data. In response to the received IN token packet, the control device 31 can return a corresponding response status packet, such as a NAK packet (no data to push), to the first end through endpoint 1 to inform that there is currently no data to push. Furthermore, the control device 31 will also determine the corresponding target address based on the preset identifier of the target end bound to endpoint 1, such as , determine the address 21a of the second end 21a according to the preset identifier 0x2B, and determine the address 21b of the second end 21b according to the preset identifier 0x3B; then, request data from the second end 21a and the second end 21b according to the addresses 21a and 21b respectively, and cache and store the data returned by the second end 21a and the second end 21b. When the first end receives the IN token packet that continues to be retried to be sent to the endpoint 1, the data obtained from the second end 21a and the second end 21b and the ACK status packet are returned to the first end through the endpoint 1. In this way, the first end can obtain (download) data from different ends at the same time only through the endpoint 1.
再例如,結合圖21以及上述表12b,第一端在需獲取數據時,可向控制設備31的端點1發送IN令牌包,以指示控制設備31向其返回第二端的數據,此時端點1對應的數據緩存區中並未存儲有相關數據,控制設備31針對接收到的IN令牌包可通過端點1向第一端返回相應的響應狀態包,以告知目前無可推送的數據;並進一步地,控制設備31還會執行端點1所綁定的第一端的預置標識0x0B、預置標識0x1B各自配置(即關聯的關聯信息),分別向地址21a指示的第二端21a、地址21b指的第二端21b請求數據,並將接收到第二端21a和第二端21b各自返回的數據進行緩存存儲,當再次接收到第一端繼續重試向端點1發送的IN令牌包時,通過端點1向第一端返回從第二端21a及第二端21b中獲取到的數據以及ACK狀態包,以此使得第一端僅通過端點1便能同時從不同端獲取(下載)數據。For another example, referring to FIG. 21 and the above-mentioned Table 12b, when the first end needs to obtain data, it can send an IN token packet to the endpoint 1 of the control device 31 to instruct the control device 31 to return the data of the second end to it. At this time, the data buffer corresponding to the endpoint 1 does not store relevant data. The control device 31 can return a corresponding response status packet to the first end through the endpoint 1 in response to the received IN token packet to inform that there is no data to be pushed. Furthermore, the control device 31 will also execute the preset identifier 0x0B and the preset identifier 0x0B of the first end bound to the endpoint 1. 0x1B are configured separately (i.e., associated association information), and data is requested from the second end 21a indicated by address 21a and the second end 21b indicated by address 21b, respectively. The data returned by the second end 21a and the second end 21b are cached and stored. When the first end receives the IN token packet that continues to be sent to endpoint 1, the data obtained from the second end 21a and the second end 21b and the ACK status packet are returned to the first end through endpoint 1. In this way, the first end can obtain (download) data from different ends simultaneously through endpoint 1.
其中,結合本申請其它實施例中給出的示例12,以控制設備31向地址21a指示的第二端21a請求數據為例,具體請求過程可如下:首選,獲取預置標識0x0B關聯的關聯信息,並從預置標識0x0B關聯的關聯信息中獲取到地址21a(目標地址,如“192.###.1.1:8001")、以及請求需提交的參數(如"getDataID=1"等);然後,根據請求需提交的參數生成一請求數據包,並根據地址21a,將該請求數據包發送至第二端21a,以此實現向第二端21a請求數據。Among them, combined with Example 12 given in other embodiments of the present application, taking the control device 31 requesting data from the second end 21a indicated by the address 21a as an example, the specific request process can be as follows: first, obtain the associated information associated with the preset identifier 0x0B, and obtain the address 21a (target address, such as "192.###.1.1:8001") and the parameters to be submitted in the request (such as "getDataID=1", etc.) from the associated information associated with the preset identifier 0x0B; then, generate a request data packet according to the parameters to be submitted in the request, and send the request data packet to the second end 21a according to the address 21a, so as to realize the request for data from the second end 21a.
這裡需要補充說明的是:在本申請實施例上下文中,控制設備在向第一端發送目標端諸如第二端21a返回的數據時,可在相應的數據包中添加目標端對應的預置標識(如目標端的真實地址);之後,再將數據包發送至第一端,以便第一端區分數據包中包含的數據到底來源於那個目標端。或者,也可以不添加目標端對應的預置標識,將數據直接發送至第一端,由第一端根據數據包中的數據內容,按照預置配置(如第二端21a對應的是http數據,第二端211對應的是視頻流數據,第二端211對應的是文件數據)進行自動篩選,以此判斷數據到底是來自哪個目標端。當然,第一端也可以採用其他篩選方式來確定接收到的數據到底來自哪個目標端,比如,可根據端點1綁定的預置標識進篩選。It should be noted that, in the context of the present application embodiment, when the control device sends data returned by a target end, such as the second end 21a, to the first end, it may add a preset identifier corresponding to the target end (such as the real address of the target end) to the corresponding data packet. The data packet is then sent to the first end so that the first end can distinguish which target end the data contained in the data packet originated from. Alternatively, the data may be sent directly to the first end without adding the preset identifier corresponding to the target end. The first end then automatically filters the data in the data packet according to the preset configuration (such as the second end 21a corresponding to HTTP data, the second end 211 corresponding to video stream data, and the second end 212 corresponding to file data) to determine which target end the data originated from. Of course, the first end may also use other screening methods to determine the target end from which the received data comes, for example, it may filter according to a preset identifier bound to endpoint 1.
通過上述表12a或表12b示出的複用IN端點的示例,可在端點有限、較少情況下,解決第一端從多個目標端下載數據的問題。 表13a(配置第一端僅能單向上行數據的示例)
有關上表13a中預置標識具體可關聯的關聯信息,可參見本申請其它實施例中給出的示例11相關內容。 表13b(配置第一端僅能單向上行數據的示例)
通過如上述表13a或表13b示出的配置,在需控制第一端對不同目標端進行上行數據時,可全部複用控制設備上的OUT端點3。By using the configuration shown in Table 13a or Table 13b above, when the first end needs to be controlled to transmit uplink data to different target ends, OUT end point 3 on the control device can be fully reused.
在圖23b中示出了通信節點綁定有預置標識情形示例。FIG23b shows an example of a situation where a communication node is bound with a preset identifier.
通過上述表13a或表13b示出的複用OUT端點的示例,可在端點有限、較少情況下,解決第一端向多個目標端發送數據的問題。The examples of multiplexing OUT endpoints shown in Table 13a or Table 13b above can solve the problem of a first endpoint sending data to multiple destination endpoints when there are limited or few endpoints.
例如,結合圖21、圖23b以及上表13a,假設第一端需傳輸數據塊data1,其在將該數據塊data1發送至控制設備31的端點3後,控制設備31則:可根據自身預置的配置信息,分別先獲取到端點3所綁定的第一端的預置標識0x0A、預置標識0x1A各自關聯的關聯信息;然後,在從預置標識0x0A關聯的關聯信息中獲取相應的目標地址如地址22、以及從預置標識0x1A關聯的關聯信息中獲取相應的目標地址如地址23;最後,根據地址22和地址23,將數據data1分別發送至地址22指示的第二端22、以及地址23指示的第二端23,以此也便就控制實現了第一端向第二端22、第二端23發送數據data1。For example, referring to Figure 21, Figure 23b, and Table 13a above, assume that the first end needs to transmit data block data1. After sending the data block data1 to endpoint 3 of control device 31, control device 31 can first obtain the associated information of the preset identifier 0x0A and the preset identifier 0x1A of the first end bound to endpoint 3 according to its own preset configuration information; then, after obtaining the associated information from the preset identifier 0x0A, The corresponding target address, such as address 22, is obtained from the associated information of the preset identifier 0x1A, and the corresponding target address, such as address 23, is obtained from the associated information associated with the preset identifier 0x1A; finally, according to address 22 and address 23, the data data1 is sent to the second end 22 indicated by address 22 and the second end 23 indicated by address 23, respectively, thereby controlling the first end to send data data1 to the second end 22 and the second end 23.
再例如,結合圖23b以及上表13b,假設第一端需傳輸數據塊data2,其在將該數據塊data2發送至控制設備31的端點3後,控制設備31則:可以根據端點3所綁定的目標端的預置標識(0x2A、0x3A),直接確定出相應的目標地址,比如,根據預置標識0x2A確定出第二端22的地址22、以及根據預置標識0x3A確定出第二端23的地址23;之後,再根據地址22、地址23,將接收到的數據塊data2分別轉發至第二端22、第二端23。For another example, referring to Figure 23b and Table 13b above, assume that the first end needs to transmit data block data2. After sending data block data2 to endpoint 3 of control device 31, control device 31 can directly determine the corresponding target address based on the preset identifier (0x2A, 0x3A) of the target end bound to endpoint 3. For example, it can determine address 22 of second end 22 based on the preset identifier 0x2A, and determine address 23 of second end 23 based on the preset identifier 0x3A. Then, based on addresses 22 and 23, control device 31 can forward the received data block data2 to second end 22 and second end 23, respectively.
上述結合表12a~表13a示出各方案,控制設備是根據通信節點所綁定的預置標識,向目標端進行請求數據或發送數據的,可見,數據傳輸通信的目標端直接由控制設備通過通信節點進行控制,第一端並未能夠接觸到預置標識,這能有效的對相應單向數據傳輸的目標端進行更好隱私保護。需要說明的是,預置標識用於指示目標地址。可選地,結合圖23a,也可以不通過預置標識指示目標地址,而是直接根據通信節點綁定目標地址,如192.###.1.1:8001等等。Tables 12a through 13a illustrate various schemes. The control device requests or sends data to the target end based on a preset identifier bound to the communication node. This indicates that the target end of the data transmission communication is directly controlled by the control device through the communication node, and the first end is unable to access the preset identifier. This effectively provides better privacy protection for the target end of the corresponding one-way data transmission. It should be noted that the preset identifier is used to indicate the target address. Alternatively, as shown in Figure 23a, the target address can be directly bound to the communication node, rather than indicated by a preset identifier, such as 192.###.1.1:8001.
基於上述描述的為通信節點綁定有預置標識相關內容,在另一種可實現技術方案中,上述S1021「確定所述第一端通過目標通信節點進行數據傳輸的目標端」,可具體包括:Based on the above description of binding the communication node with the preset identification related content, in another possible technical solution, the above S1021 "determining the target end of the first end for data transmission through the target communication node" may specifically include:
S10211’、根據所述第一配置信息,獲取所述目標通信節點所綁定的預置標識;S10211', obtaining a preset identifier bound to the target communication node according to the first configuration information;
S10212’、根據所述預置標識,確定目標地址;S10212', determining the target address according to the preset identification;
S10213’、根據所述目標地址,確定所述目標端;S10213', determining the target end according to the target address;
其中,所述目標通信節點所綁定的預置標識為目標端的預置標識或第一端的預置標識;若目標通信節點所綁定的是第一端的預置標識,則在執行上述步驟S10212’時,採用如下步驟來實現:The preset identifier bound to the target communication node is the preset identifier of the target end or the preset identifier of the first end. If the target communication node is bound to the preset identifier of the first end, when executing the above step S10212', the following steps are adopted to implement it:
S01、獲取所述預置標識關聯的關聯信息;S01. Obtaining the associated information associated with the preset identifier;
S02、從所述關聯信息中,獲取目標地址。S02. Obtain a target address from the associated information.
這裡需要補充說明的是:在上述以及下文所介紹的,通過利用預置標識複用通信節點來控制實現第一端向多個目標端發送數據的情形下,第一端在向控制設備發送需傳輸的數據時,為了使控制設備能獲知將接收到的數據具體發送至哪個目標端,第一端可在包含需傳輸的數據的數據包中添加如下至少一項:預置標識、需傳輸的數據塊所屬數據流對應傳輸事務的事務屬性標識,以便控制設備在接收到數據包後,能根據裡面含有的預置標識或事務屬性標識執行向相應的目標端轉發數據包的操作;其中,添加的預置標識可包括:第一端的預置標識、和/或目標端的預置標識。進一步地,預置標識與輸事務的事務屬性標識、預置字符串等內容作為等同,具有指示目標端或者穿透指示數據等功能,為避免贅述部分以預置標識代為表述。It should be noted that: in the above and below descriptions, when the first end sends data to multiple target ends by controlling the multiplexing of communication nodes using preset identifiers, when the first end sends the data to be transmitted to the control device, in order to enable the control device to know to which target end the received data will be sent, the first end may add at least one of the following items to the data packet containing the data to be transmitted: a preset identifier, a transaction attribute identifier of the transmission transaction corresponding to the data stream to which the data block to be transmitted belongs, so that after receiving the data packet, the control device can execute the operation of forwarding the data packet to the corresponding target end according to the preset identifier or transaction attribute identifier contained therein; wherein, the added preset identifier may include: the preset identifier of the first end, and/or the preset identifier of the target end. Furthermore, the preset identifier is equivalent to the transaction attribute identifier of the input transaction, the preset string, etc., and has the functions of indicating the target end or penetrating the indication data. In order to avoid redundant description, the preset identifier is used instead.
例如,第一端需傳輸數據塊data1時,第一端則:可根據自身內事先預置的配置信息,針對該數據塊data1所屬數據流可確定出對應的傳輸事務Trans_affairs1,並獲取該傳輸事務Trans_affairs1的傳輸事務屬性信息,進而從傳輸事務Trans_affairs1的傳輸事務屬性信息獲取目標端的預置標識;進一步地,還可根據事先預置的配置信息中包含的第一端的預置標識與事務種類的對應關係,確定出與傳輸事務Trans_affairs1所屬事務種類存在對應關係的第一端的預置標識,如預置標識0x0A;之後,可將數據data1和所確定出的第一端的預置標識0x0A、和/或目標端的預置標識進行打包以形成一個數據包data_package1(或報文),從而將該數據包data_package發送至控制設備,具體地,是根據事先預置的配置信息中包含的通信節點與第一端的預置標識的綁定關係,將數據包data_package1發送至控制設備上與預置標識0x0A存有綁定關係的通信節點,如上表13a示出的端點3。控制設備根據數據包data_package1中包含的預置標識,可確定出目標地址),具體地,比如可根據數據包data_package1中包含的目標端的預置標識直接確定出目標地址,或者也可根據數據包data_package中包含的第一端的預置標識0x0A,獲取預置標識0x0A關聯的關聯信息,從預置標識0x0B關聯的關聯信息中獲取目標地址;然後,根據目標地址(如地址22),將數據包data_package1轉發至目標地址指示的目標端(如第二端22)。For example, when the first end needs to transmit a data block data1, the first end can: based on the pre-set configuration information within itself, determine the corresponding transmission transaction Trans_affairs1 for the data flow to which the data block data1 belongs, obtain the transmission transaction attribute information of the transmission transaction Trans_affairs1, and then obtain the preset identifier of the target end from the transmission transaction attribute information of the transmission transaction Trans_affairs1; further, based on the correspondence between the preset identifier of the first end contained in the pre-set configuration information and the transaction type, determine the transaction type to which the transmission transaction Trans_affairs1 belongs. The preset identifier of the first end with which there is a corresponding relationship, such as the preset identifier 0x0A; thereafter, the data data1 and the determined preset identifier 0x0A of the first end and/or the preset identifier of the target end may be packaged to form a data packet data_package1 (or message), and the data packet data_package is then sent to the control device. Specifically, based on the binding relationship between the communication node and the preset identifier of the first end included in the pre-set configuration information, the data packet data_package1 is sent to the communication node on the control device that has a binding relationship with the preset identifier 0x0A, such as endpoint 3 shown in Table 13a above. The control device can determine the destination address based on the preset identifier included in the data packet data_package1). Specifically, for example, the control device can directly determine the destination address based on the preset identifier of the destination end included in the data packet data_package1, or can also obtain the associated information associated with the preset identifier 0x0A based on the preset identifier 0x0A of the first end included in the data packet data_package, and obtain the destination address from the associated information associated with the preset identifier 0x0B. Then, based on the destination address (e.g., address 22), the control device forwards the data packet data_package1 to the destination end (e.g., second end 22) indicated by the destination address.
再例如,第一端需傳輸數據塊data1時,第一端可在針對該數據塊data1所屬數據流確定出對應的傳輸事務Trans_affairs1後,直接根據傳輸事務Trans_affairs1的事務屬性標識和數據塊data1生成一數據包data_package2並發送至控制設備,控制設備針對接收到的數據包data_package2可執行如下操作:從數據包data_package2中解析出數據塊data1、以及相應的事務屬性標識,然後根據解析出的事務屬性標識從自身預置的配置信息中獲取相應的事務屬性信息,進而根據該事務屬性信息中包含的的目標端的預置標識確定出目標地址,以此將數據塊數據塊data1轉發至目標地址指示的目標端。其中,第一端在確定傳輸事務Trans_affairs1的事務屬性標識時,可通過執行如下步驟來實現:根據數據塊data1所屬數據流的傳輸需求信息,確定傳輸事務Trans_affairs1所屬的事務種類;基於事務種類與事務屬性標識的對應關係,確定與傳輸事務Trans_affairs1所屬的事務種類存在對應關係的事務屬性標識。For another example, when the first end needs to transmit data block data1, the first end can determine the corresponding transmission transaction Trans_affairs1 for the data stream to which the data block data1 belongs, and then directly generate a data package data_package2 based on the transaction attribute identifier of the transmission transaction Trans_affairs1 and the data block data1, and send it to the control device. The control device can perform the following operations on the received data package data_package2: parse the data block data1 and the corresponding transaction attribute identifier from the data package data_package2, and then obtain the corresponding transaction attribute information from its own preset configuration information based on the parsed transaction attribute identifier, and then determine the target address based on the preset identifier of the target end contained in the transaction attribute information, so as to forward the data block data1 to the target end indicated by the target address. The first end determines the transaction attribute identifier for the transmission transaction Trans_affairs1 by performing the following steps: determining the transaction type to which the transmission transaction Trans_affairs1 belongs based on the transmission requirement information of the data flow to which the data block data1 belongs; and determining a transaction attribute identifier that corresponds to the transaction type to which the transmission transaction Trans_affairs1 belongs based on the correspondence between transaction types and transaction attribute identifiers.
當然,在其他一些實施例中,第一端在向控制設備發送需向目標端傳輸的數據時,也可不在相應的數據包中添加預置標識、和/或事務屬性標識等,直接根據需傳輸的數據塊生成一普通的數據包並發送至控制設備,由控制設備根據數據包中的數據內容,按照預置配置(例如包含數據包標識特徵,如特定二進制數據等)自動進行篩選以確定相應的目標端。例如,結合上表13a,第一端直接將需傳輸數據塊data1打包形成一個數據包data_package’發送至控制設備的端點3後,控制設備則:可從數據包data_package’中解析出數據塊data1,然後再根據自身內預置的配置信息,針對該數據塊data1確定相應的第一端的預置標識如預置標識0x0A,進而從預置標識0x0A關聯的關聯信息中獲取目標地址(如地址22),以此根據獲取到的目標地址,將數據塊data1發送至相應的目標端(如第二端22)。有關針對該數據塊data1確定相應的第一端的預置標識的具體實現,可參見上述例子相關內容,或者也可參見本申請其它實施例中相關內容。Of course, in some other embodiments, when the first end sends data to be transmitted to the target end to the control device, it may not add a preset identifier and/or transaction attribute identifier to the corresponding data packet, and directly generate an ordinary data packet based on the data block to be transmitted and send it to the control device. The control device automatically filters the data according to the data content in the data packet and the preset configuration (for example, including data packet identification characteristics, such as specific binary data, etc.) to determine the corresponding target end. For example, referring to Table 13a above, after the first end directly packages the data block data1 to be transmitted into a data packet data_package' and sends it to endpoint 3 of the control device, the control device can parse the data block data1 from the data packet data_package'. Then, based on its own preset configuration information, the control device determines the corresponding first end preset identifier, such as preset identifier 0x0A, for the data block data1. It then obtains the target address (e.g., address 22) from the associated information associated with the preset identifier 0x0A. Based on the obtained target address, the control device then sends the data block data1 to the corresponding target end (e.g., second end 22). For the specific implementation of determining the preset identifier of the corresponding first end for the data block data1, please refer to the relevant content of the above example, or refer to the relevant content in other embodiments of this application.
基於上述描述內容,在本實施例中,第一端向控制設備發送的數據包可為如下兩種:Based on the above description, in this embodiment, the data packets sent by the first end to the control device can be of the following two types:
第一種:數據包中包括:具體需傳輸的數據內容,以及第一端的預置標識、目標端的預置標識、事務屬性標識中的至少一項。The first type: The data packet includes: the specific data content to be transmitted, and at least one of the preset identifier of the first end, the preset identifier of the target end, and the transaction attribute identifier.
第二種:數據包中僅包括具體需傳輸的數據內容。The second type: The data packet only includes the specific data content to be transmitted.
在圖23c和圖23d中,示出了第一端向控制設備發送普通的數據包(數據包中未添加預置標識等)情形示例。FIG. 23 c and FIG. 23 d show examples of a situation in which the first end sends a normal data packet (without a preset identifier, etc. added to the data packet) to the control device.
有關本實施例中上下文所涉及的傳輸事務未詳盡內容,可參見本申請上下文其它實施例中相關內容。For details about the transmission matters involved in the context of this embodiment, please refer to the relevant content in other embodiments in the context of this application.
還需進一步地補充說明的是:如參見圖23b,在配置通信節點時,除了為通信節點綁定第一端相應的預置標識之外,還可綁定其它信息,比如還可如下中至少一項信息:事務屬性標識、數據包頭格式標識。有關數據包頭格式的詳述,可參見本申請其它實施例中詳述的報文頭格式相關內容,此處不再作具體贅述。控制設備在監測到其上相應通信節點接收到第一端發送的需傳輸的數據諸如數據data1時,可根據該通信節點所綁定的預置標識、傳輸事務屬性標識、數據包頭格式標識等之間的綁定關係信息,獲取相應的事務屬性信息、數據包頭格式信息,以用於對接收到的如數據data1進行結構化處理生成符合要求結構化的數據包,並該結構化的數據包發送至相應的目標端。當然,在通信節點僅綁定有預置標識的情況下,控制設備也可以針對接收到的如數據data1,從自身預置的配置信息中獲取相應的事務屬性信息、數據包有格式信息等,以用於對接收到的如數據data1進行結構化處理。有關結構化的數據包生成的具體實現,可參見本申請其它實施例中描述的報文(如第一報文)生成相關內容。It should be further explained that, as shown in Figure 23b, when configuring a communication node, in addition to binding the preset identifier corresponding to the first end to the communication node, other information may also be bound, such as at least one of the following: a transaction attribute identifier and a data packet header format identifier. For details on the data packet header format, please refer to the detailed description of the message header format in other embodiments of this application and will not be further elaborated here. When the control device detects that the corresponding communication node on it has received data to be transmitted, such as data data1, sent by the first end, it can obtain the corresponding transaction attribute information and data header format information based on the binding relationship information between the preset identifier, transmission transaction attribute identifier, data header format identifier, etc. bound to the communication node, so as to structure the received data, such as data1, to generate a data packet that meets the required structure, and then send the structured data packet to the corresponding target end. Of course, if the communication node is only bound with a preset identifier, the control device can also obtain the corresponding transaction attribute information, data packet format information, etc. from its own preset configuration information for the received data, such as data1, to structure the received data, such as data1. For the specific implementation of structured data packet generation, please refer to the message (such as the first message) generation related content described in other embodiments of this application.
綜上這裡還需補充說明的是:預置標識可為相應端的地址信息對應的字符串(如IP地址對應的具有規律性的字符串),即預置標識不具有隱藏相應端的地址信息的作用;或者,在另一些實施例,預置標識具有隱藏相應端的地址信息的作用,比如,預置標識為隨機生成的不具有規律性的隨機字符串,其關聯的關聯信息包含相應端的地址信息。有關預置標識的相關描述,可參見本申請其它實施例中相關內容。表12a~表13b中示出的預置標識,可具有隱藏第一端的地址信息作用。此外,預置標識所關聯的關聯信息並不局限於表12b或表13a中示出的內容,具體關聯信息可包含的內容可參見本申請上下文其它實施例中所描述的相關內容。以及,第一端向控制設備發送數據端或控制設備向第一端發送數據端、或控制設備將接收到的第一端發送的數據包轉發至目標端等的具體實現,也可參見本申請其它實施例中相關內容。In summary, it should be further explained that the preset identifier can be a string corresponding to the address information of the corresponding end (such as a regular string corresponding to an IP address), that is, the preset identifier does not have the function of hiding the address information of the corresponding end; or, in other embodiments, the preset identifier has the function of hiding the address information of the corresponding end. For example, the preset identifier is a randomly generated, irregular, random string, and its associated information includes the address information of the corresponding end. For relevant descriptions of the preset identifier, please refer to the relevant content in other embodiments of this application. The preset identifiers shown in Tables 12a to 13b can have the function of hiding the address information of the first end. Furthermore, the associated information associated with the preset identifier is not limited to the content shown in Table 12b or Table 13a. For specific content that the associated information may include, please refer to the relevant content described in other embodiments of this application. Furthermore, for specific implementations of the first end sending data to the control device, the control device sending data to the first end, or the control device forwarding a data packet received from the first end to the target end, please refer to the relevant content of other embodiments of this application.
另外,在其它一些實施例中,第一端在執行如單向上行或下行數據傳輸之前,也可以將相應的預置標識發送給控制設備相應的端點,以由控制設備根據接收到的預置標識確定目標地址,從而確定目標端。In addition, in some other embodiments, before performing unidirectional uplink or downlink data transmission, the first end may also send a corresponding preset identifier to the corresponding endpoint of the control device, so that the control device can determine the target address based on the received preset identifier, thereby determining the target end.
基於上述描述的目標端確定方式,在又一可實現方案中,上述S1021「確定所述第一端通過目標通信節點進行數據傳輸的目標端」,可具體包括:Based on the target end determination method described above, in another possible implementation, the above S1021 "determining the target end for data transmission by the first end through the target communication node" may specifically include:
S10211”、接收所述第一端發送的預置標識;S10211”, receiving a preset identifier sent by the first end;
S10212”、根據所述預置標識,確定所述目標端;S10212”, determining the target end according to the preset identification;
其中,所述預置標識是第一端根據需傳輸的數據塊所屬數據流對應的傳輸事務確定的;所述預置標識為第一端對應的預置標識或目標端對應的預置標識;若所述預置標識為第一端對應的預置標識,則上述步驟S10212”的具體實現,可參見上述步驟S01~S02。The preset identifier is determined by the first end based on the transmission transaction corresponding to the data stream to which the data block to be transmitted belongs; the preset identifier is the preset identifier corresponding to the first end or the preset identifier corresponding to the target end; if the preset identifier is the preset identifier corresponding to the first end, the specific implementation of the above step S10212" can be found in the above steps S01-S02.
具體實施時,第一端在確定需傳輸的數據塊所屬數據流對應的傳輸事務之後,可繼續通過執行如下步驟來確定需發送至控制設備的預置標識:In specific implementations, after determining the transmission transaction corresponding to the data stream to which the data block to be transmitted belongs, the first end can continue to determine the preset identifier to be sent to the control device by executing the following steps:
根據預置的第一端的預置標識與事務種類的對應關係,確定與所述傳輸事務所屬的事務種類具有對應關係的第一端的預置標識;和/或Determining the preset identifier of the first end that corresponds to the transaction type to which the transmission transaction belongs based on the correspondence between the preset identifier of the first end and the transaction type; and/or
獲取所述傳輸事務的事務屬性信息;從所述事務屬性信息中,獲取目標端的預置標識。Transaction attribute information of the transmission transaction is obtained; and a preset identifier of the target end is obtained from the transaction attribute information.
有關獲取傳輸事務的事務屬性信息的具體實現描述、以及事務屬性信息中可具體包括的內容,可參見上下文本申請其它實施例中相關內容。For a detailed description of how to obtain the transaction attribute information of a transmission transaction and the specific content that can be included in the transaction attribute information, please refer to the relevant content in other embodiments of this application.
上述S10211’中,考慮到在針對第一端啟動的至少一個第一通信節點所屬節點類型均為第二類型時,控制設備只能給主機(第一端)發送數據、無法接收主機發送過來的除信令類(如令牌包類)之外的任何其它類數據,比如,啟動的至少一個第一通信節點均為IN端點,則此情況下,可在通過啟動的第二通信節點(如端點0)與第一端握手連接完成後,保持第二通信節點繼續處於啟動狀態,第一端可以通過第二通信端點向控制設備發送預置標識。In the above S10211', considering that when the node type of at least one first communication node activated for the first end is the second type, the control device can only send data to the host (first end) and cannot receive any other type of data sent by the host except signaling type (such as token packet type). For example, at least one activated first communication node is an IN endpoint. In this case, after the handshake connection with the first end is completed through the activated second communication node (such as endpoint 0), the second communication node can continue to be in the activated state, and the first end can send a preset identifier to the control device through the second communication endpoint.
例如,結合表12b並參見圖21中示出的與“單向傳輸下行”相關內容,以第一端需通過端點1(IN端點)獲取第二端21a中的數據為例,第一端可先向控制設備31的端點0發送SETUP令牌包(只用在控制傳輸中,用於通知控制設備將要開始一個控制傳輸,其內包含端點0的端點號);當控制設備的端點0接收到該SETUP令牌包後,其接下來將會等待接收第一端(主機)發來的設置信息,該設置信息即可為第一端發送的其對應的預置標識0x0B;進一步地,控制設備便可從預置的配置信息中,獲取該預置標識0x0B關聯的關聯信信息,進而根據關聯信息中包含的目標地址,確定出接下來第一端所欲進行數據傳輸的目標端(如第二端21a)。另外,可選地,接收到第一端發送的預置標識0x0B後,控制設備還可以通過端點0向第一端返回相應的響應狀態包。此外,因為安全原因預先關閉端點0(SETUP)的情況下,也可以通過啟動其他OUT端點接收預置標識數據。For example, referring to Table 12b and FIG21 for the "unidirectional transmission downlink" related content, taking the example that the first end needs to obtain the data in the second end 21a through end point 1 (IN end point), the first end can first send a SETUP token packet (only used in control transmission, used to notify the control device that a control transmission is about to begin, which contains the end point number of end point 0) to the end point 0 of the control device 31; when the end point 0 of the control device receives the SETUP token packet, the first end can first send a SETUP token packet (only used in control transmission, used to notify the control device that a control transmission is about to begin, which contains the end point number of end point 0) to the end point 0 of the control device 31. After receiving the UP token packet, the control device will then wait to receive setup information from the first end (host). This setup information can be the corresponding preset identifier 0x0B sent by the first end. Furthermore, the control device can obtain the associated information associated with the preset identifier 0x0B from the preset configuration information and, based on the target address contained in the associated information, determine the target end (e.g., second end 21a) to which the first end intends to transmit data. Optionally, after receiving the preset identifier 0x0B from the first end, the control device can also return a corresponding response status packet to the first end via Endpoint 0. Furthermore, if Endpoint 0 (SETUP) is disabled for security reasons, it is possible to receive the preset identifier data by activating other OUT endpoints.
當然,在上述至少一個第一通信節點所屬節點類型均為第二類型時,也可以關閉第二通信節點。以及,本實施例中可以針對控制設備需要根據第一端發送的信息來確定目標端這一需求,專門配置一個用於服務於確定目標端的適配的通信節點,比如可配置一個屬第一類型(如OUT端點)的通信節點或者也可配置一個屬第三類型(如IN/OUT端點)的通信節點,當第二端有發送預置標識的需求時,可以通過該專門服務於確定目標端的通信節點向控制設備發送相應的預置標識。Of course, when the node type of at least one of the first communication nodes is the second type, the second communication node can also be shut down. Furthermore, in this embodiment, in response to the control device's need to determine the target end based on the information sent by the first end, a communication node specifically adapted to serve the determined target end can be configured. For example, a communication node of the first type (e.g., an OUT endpoint) or a communication node of the third type (e.g., an IN/OUT endpoint) can be configured. When the second end needs to send a preset identifier, the corresponding preset identifier can be sent to the control device via the communication node specifically serving the determined target end.
結合表13a,在針對第一端啟動的至少一個第一通信節點所屬節點類型均為第一類型(如均為OUT端點)時,控制設備是可以通過第一通信節點接收第一端發送過來的非信令類的數據的,為此,此情況下,可關閉第二通信節點,第一端直接通過相應的第一通信節點向控制設備發送相應的預置標識。例如,若第一端確定與所需發送的預置標識與通信節點標識Sign1有綁定關係,且該通信節點標識Sign1表徵出的是端點3(為OUT),則第一端可以直接向端點3發送預置標識,從而控制設備可根據端點3接收到的第一端發送過來的預置標識來確定相應的目標端。或者,在關閉第二通信節點的情況下,當第一端有發送預置標識的需求時,可以通過所配置的該專門服務於確定目標端的通信節點向控制設備發送相應的預置標識,具體可參見上述針對「至少一個第一通信節點所屬節點類型均為第二類型時」所描述的相關內容。當然,在上述情況下,也可以繼續保持第二通信節點啟動,配置第一端通過第二通信節點向控制設備發送相應的預置標識,本實施例對此不作限定。圖21中示出的與「單向傳輸上行」相關內容中,第二通信節點(如端點0)是保持啟動的,第一端通過端點0向控制設備發送相應的預置標識。With reference to Table 13a, when at least one first communication node activated for the first endpoint is of the first type (e.g., all are OUT endpoints), the control device can receive non-signaling data transmitted by the first endpoint via the first communication node. In this case, the second communication node can be disabled, and the first endpoint can directly transmit a corresponding preset identifier to the control device via the corresponding first communication node. For example, if the first endpoint determines that the preset identifier to be transmitted is bound to the communication node identifier Sign1, and that the communication node identifier Sign1 indicates endpoint 3 (which is OUT), the first endpoint can directly transmit the preset identifier to endpoint 3. The control device can then determine the corresponding target endpoint based on the preset identifier received by endpoint 3 from the first endpoint. Alternatively, when the second communication node is turned off, if the first end needs to send a preset identifier, the corresponding preset identifier can be sent to the control device via the communication node configured to serve the specific target end. For details, please refer to the relevant content described above regarding "when the node type of at least one first communication node is the second type." Of course, in the above situation, the second communication node can also be kept activated, and the first end can be configured to send the corresponding preset identifier to the control device via the second communication node. This embodiment is not limited to this. In the content related to "one-way transmission uplink" shown in Figure 21, the second communication node (such as endpoint 0) remains activated, and the first end sends the corresponding preset identifier to the control device via endpoint 0.
有關上述S10211”~S10212”的具體實現描述,均可參見上下文本申請其它實施例中相關內容。For the specific implementation description of the above S10211"~S10212", please refer to the relevant content in other embodiments of this application.
有上內容,上述步驟106中「根據所述至少一個通信節點所屬的節點類型以及所述目標端的確定方式,確定是否關閉所述第二通信節點」,可具體包括:With the above content, the above step 106 of "determining whether to shut down the second communication node based on the node type of the at least one communication node and the method for determining the target end" may specifically include:
所述目標端通過執行上述步驟S10211~S10213或者步驟S10211’~S10213’來確定、和/或所述目標通信節點所屬節點類型為第一類型時,關閉所述第二通信節點或繼續保持所述第二通信節點啟動;The target end determines by executing steps S10211 to S10213 or steps S10211' to S10213' above, and/or when the node type to which the target communication node belongs is the first type, shuts down the second communication node or continues to keep the second communication node activated;
所述至少一個通信階段所屬節點類型均為第二類型、且目標端通過執行上述步驟S10211”~S10212”來確定時,繼續保持所述第二通信節點啟動。When the node type of the at least one communication phase is the second type and the target end determines it by executing the above steps S10211" to S10212", the second communication node continues to be activated.
上述步驟步驟S01~S02中所述的關聯信息中除包括目標地址等信息之外,還可包括其它內容,比如,數據傳輸能力控制信息、時機參數等。基於此,在一些實施例中,在本實施例中上下文所涉及到的獲取針對所述目標通信節點為所述第一端設置的數據傳輸能力控制信息、以及針對所述目標通信節點所設置的觸發獲取數據的時機參數、預設請求參數等,均可從該關聯信息中獲取到。或者,如結合表9~表11b,在直接為通信節點綁定相應的目標地址、相關其它參數等情況下,在本實施例中上下文所涉及到的獲取針對所述目標通信節點為所述第一端設置的數據傳輸能力控制信息、以及針對目標通信節點所設置的觸發獲取數據的時機參數、預設請求參數等,也可以直接從目標通信節點所綁定的綁定信息中獲取;其中,目標通信節點所綁定的綁定信息可從通過執行上述步驟S101確定的第一配置信息中獲得。The associated information described in steps S01-S02 may include not only information such as the target address but also other content, such as data transmission capability control information and timing parameters. Therefore, in some embodiments, the data transmission capability control information set for the target communication node for the first end, as well as the timing parameters and default request parameters set for the target communication node for triggering data acquisition, can be obtained from the associated information. Alternatively, as shown in combination with Tables 9 to 11b, when the corresponding target address and other related parameters are directly bound to the communication node, the data transmission capability control information set for the target communication node for the first end, as well as the timing parameters and default request parameters set for the target communication node for triggering data acquisition can also be directly obtained from the binding information bound to the target communication node. The binding information bound to the target communication node can be obtained from the first configuration information determined by executing the above step S101.
圖22示出了在控制設備與第一端之間採用藍牙協議進行通信的情況下,控制第一端通過相應的通信節點進行下行數據(可參見圖中示出的「單向傳輸下行」相關內容))或上行數據(可參見圖中示出的「單向傳輸上行行」相關內容)的示例。與該圖22相對應的,針對第一端所預置的配置信息可參見下述通過表14a~表14c示出的幾個示例。 表14a(配置第一端能上行數據和下行數據的示例)
有關圖22中示出的控制設備按照預設的配置信息與第一端建立握手連接、以及控制設備與目標端(如第二端21a、第二端22)建立通訊連接(通信連接)的實現,可參見本申請上下文其它實施例中相關內容,此處不再做具體贅述。其中,控制設備31與目標端的數據傳輸方式可以為但不限於SOCKET、HTTP、HTTPS等。另外,在圖22中未示出與上表14b及表14c中給出的與第二端23、第二端21b相關內容。Regarding the implementation of the control device shown in FIG22 establishing a handshake connection with the first end according to the preset configuration information, and establishing a communication connection (communication connection) between the control device and the target end (e.g., second end 21a and second end 22), please refer to the relevant content in other embodiments of this application and will not be further elaborated here. The data transmission method between the control device 31 and the target end can be, but is not limited to, SOCKET, HTTP, HTTPS, etc. Furthermore, FIG22 does not show the content related to the second end 23 and second end 21b shown in Tables 14b and 14c above.
此外,在控制設備與第一端之間採用藍牙協議進行通信情況下,同上述針對USB協議所描述的通信節點複用示例,同樣地,也可以在通信節點有限、較少情況下,借助預置標識,通過通信節點複用來解決第一端從多個目標端下載數據、或向多個目標端發送數據的問題。具體可參見下表15a~表15b、表16a~表16b示出的配置信息簡單示例。 表15a(配置第一端僅能單向下行數據的示例)
通過上述表15a或表15b示出的複用Read屬性的Characteristic的示例,可在Characteristic有限、較少情況下,解決第一端從多個目標端下載數據的問題。 表16a(配置第一端僅能單向上行數據的示例)
通過上述表15a或表15b示出的複用Write屬性的Characteristic的示例,可在Characteristic有限、較少情況下,解決第一端向多個目標端發送數據的問題。The example of reusing the Write attribute of a Characteristic as shown in Table 15a or Table 15b above can solve the problem of a first end sending data to multiple target ends when the number of Characteristic is limited or small.
有關在藍牙協議情況下,控制設備如何在通信節點層面上控制第一端通過相應的通信節點進行上行數據或下行數據的具體實現,可參見本實施例上下文所述的以USB協議為例所詳述的相關內容,不同之處僅在於:USB協議下所述的通信節點為端點(如IN端點或OUT端點等),藍牙協議下所述的通信節點為Characteristic(特徵),如Read屬性的Characteristic、Write屬性的Characteristic等。Regarding the specific implementation of how the control device controls the first end at the communication node level to transmit uplink data or downlink data through the corresponding communication node under the Bluetooth protocol, please refer to the relevant content detailed in the context of this embodiment using the USB protocol as an example. The only difference is that the communication node described in the USB protocol is an endpoint (such as an IN endpoint or an OUT endpoint), while the communication node described in the Bluetooth protocol is a characteristic, such as a characteristic of the Read attribute and a characteristic of the Write attribute.
上文主要是從通信節點層面(類似於通信鏈路層)上詳述了如何對第一端的數據傳輸能力控制,考慮到單純從通信節點層面上來實現對第一端的數據傳輸能力控制,可能會因一些因素出現控制疏漏,從而使得第一端通過通信節點發生非期望的上行數據或下行數據等,針對此,本實施還結合所配置的「數據傳輸能力控制信息」,從應用層面上對第一端的數據傳輸能力進一步地加以進行了控制。The above primarily details how to control the data transmission capacity of the first end at the communication node level (similar to the communication link level). However, considering that controlling the data transmission capacity of the first end solely at the communication node level may result in control omissions due to certain factors, causing the first end to transmit undesired uplink or downlink data through the communication node, this implementation further controls the data transmission capacity of the first end at the application level, in conjunction with the configured "data transmission capacity control information."
即,進一步地,上述S102中「根據所述目標通信節點所屬的節點類型,控制所述第一端通過所述目標通信節點所能進行的數據傳輸能力」,還可具體包括如下步驟:That is, further, the above-mentioned step of "controlling the data transmission capability of the first end through the target communication node according to the node type to which the target communication node belongs" in S102 may further specifically include the following steps:
S1025、在監測到所述目標通信節點接收到第一端發送的需向所述目標端傳輸的數據塊時,獲取針對所述目標通信節點為所述第一端設置的數據傳輸能力控制信息;S1025. When monitoring that the target communication node receives a data block sent by the first end and to be transmitted to the target end, obtaining data transmission capability control information set for the first end by the target communication node;
S1026、確定所述數據傳輸能力控制信息指示的第一端具備的數據通信能力;S1026. Determine the data communication capability of the first end indicated by the data transmission capability control information;
S1027、根據所述第一端具備的數據通信能力,對所述數據塊執行發送處理操作。S1027. Perform a sending processing operation on the data block according to the data communication capability of the first end.
上述S1025中,第一端上具有第一應用,第一應用的第一數據流中可包含有至少一個數據塊,上述所述的數據塊可為第一數據流包含的至少一個數據塊中的一個。第一應用可以是指但不限於業務平臺系統應用、瀏覽器應用、社交應用、視頻應用、辦公應用等。不同第一應用被使用過程中會產生不同類型的第一數據流,如以第一應用為瀏覽器應用,瀏覽器應用需要獲取相應目標端如圖20中示出的第二端21上的資源,則相應地,瀏覽器應用的第一數據流可以為但不限於請求數據流(如請求網絡資源數據流等)。有關本實施例中涉及到的應用(如第一應用)、數據流(如第一數據流)的相關介紹,也均可參見上文其它實施例中相關的內容。In S1025 above, a first application is present on the first end. The first data stream of the first application may include at least one data block. The aforementioned data block may be one of the at least one data block included in the first data stream. The first application may include, but is not limited to, a business platform system application, a browser application, a social application, a video application, an office application, etc. Different first applications may generate different types of first data streams during use. For example, if the first application is a browser application and the browser application needs to obtain resources on a corresponding target end, such as the second end 21 shown in FIG. 20 , then the first data stream of the browser application may be, but is not limited to, a request data stream (such as a network resource request data stream). For the relevant introduction of the applications (such as the first application) and data streams (such as the first data stream) involved in this embodiment, please refer to the relevant content in other embodiments above.
第一端在向其連接的控制設備發送需向目標端傳輸的數據塊時,可將數據塊打包成報文的形式發送。報文中除含有數據塊之外,還可含有相應的預置標識等,比如可含有第一端的預置標識、第二端的預置標識等。所述的預置標識用於隱藏相應端的地址信息或為相應端的地址信息;其中,報文中含有的第一端的預置標識,可以是第一端根據第一數據塊所屬數據流(即上述所述的第一數據流)對應的傳輸事務確定的。當然,報文中也可不含預置標識,控制設備接收到第一端發送過來的報文後,可從該報文中解析出第一數據塊,然後直接基於自身內事先預置的配置信息,先確定出第一數據塊所屬數據流對應的傳輸事務,進而再確定出相應的預置標識,如第一端的預置標識;從確定出的第一端的預置標識關聯的關聯信息中,便可針對第一端此次進行的數據傳輸,獲取到第一端的數據傳輸能力控制信息。或者,如上文本申請其它實施例中所述的相關內容,第一端的預置標識也可以是第一端在執行向控制設備發送需傳輸的數據塊之前,發送給控制設備的,本實施例對此不作限定。When a first end sends a data block to a connected control device for transmission to a target end, it may package the data block into a message and send it. In addition to the data block, the message may also contain corresponding preset identifiers, such as a preset identifier for the first end and a preset identifier for the second end. The preset identifiers are used to conceal or serve as the address information of the corresponding end. The preset identifier of the first end contained in the message may be determined by the first end based on the transmission transaction corresponding to the data stream to which the first data block belongs (i.e., the first data stream described above). Of course, the message may not contain a preset identifier. After receiving the message sent by the first end, the control device can parse the message to extract the first data block. Then, based on the pre-set configuration information within the control device, it can first determine the transmission transaction corresponding to the data stream to which the first data block belongs, and then determine the corresponding preset identifier, such as the preset identifier of the first end. From the associated information associated with the preset identifier of the first end, the data transmission capability control information of the first end can be obtained for the data transmission being performed by the first end. Alternatively, as described in other embodiments of the above text application, the preset identifier of the first end can also be sent to the control device by the first end before executing the transmission of the data block to be transmitted to the control device. This embodiment is not limited to this.
或者,如參見上述結合表8~表11b給出的控制設備內預置的配置信息,控制設也可以直接從配置信息中,獲取為目標通信節點針對第一端所綁定的數據傳輸能力控制信息。Alternatively, as shown in the configuration information preset in the control device in conjunction with Table 8 to Table 11b, the control device may also directly obtain the data transmission capability control information bound for the target communication node to the first end from the configuration information.
有關第一端將數據塊打包成報文、且該報文中含有相應的預置標識的具體實現,可參見本申請上下文其它實施例中相應的內容,比如本申請上下文其它實施例中所述的「第一報文」、「數據包」等相關的內容,此處不再做具體贅述。Regarding the specific implementation of the first end packaging the data block into a message and the message containing the corresponding preset identifier, please refer to the corresponding content in other embodiments in the context of this application, such as the "first message", "data packet" and other related content described in other embodiments in the context of this application, which will not be described in detail here.
上述S102~S103中,基於本申請上下文其它實施例中詳述的與「數據傳輸能力控制信息」相關內容可獲知,所獲取到的數據傳輸能力控制信息是能夠指示出第一端的數據通信能力(即上下行數據通信能力)的,比如,第一端(更具體的是,第一端上相應的第一應用)對目標僅具有單向進行上行數據通信能力(也即數據發送通信能力)、或僅具有單向進行下行數據通信能力(也即數據接收(獲取)通信能力)、或者同時具有同時具有上行數據通信能力和下行數據通信能力。只有在確定第一端對目標端具有上行數據通信能力(換句話也就是說,允許從第一端向目標端通信)時,控制設備才會將接收到的數據塊轉發給目標端。In steps S102-S103 above, based on the details regarding "data transmission capability control information" in other embodiments described in the context of this application, it can be understood that the obtained data transmission capability control information is capable of indicating the data communication capabilities (i.e., uplink and downlink data communication capabilities) of the first end. For example, the first end (more specifically, the first application corresponding to the first end) has only one-way uplink data communication capabilities (i.e., data transmission communication capabilities) with the target end, or only one-way downlink data communication capabilities (i.e., data reception (acquisition) communication capabilities), or has both uplink and downlink data communication capabilities. Only if it is determined that the first end has uplink data communication capabilities with the target end (in other words, communication from the first end to the target end is permitted) will the control device forward the received data block to the target end.
基於此,在一種可實現技術方案中,上述S1027「根據所述第一端具備的數據通信能力,對所述數據塊執行發送處理操作」,可具體包括:Based on this, in one possible technical solution, the above-mentioned S1027 "performing a sending processing operation on the data block according to the data communication capability of the first end" may specifically include:
S10271、若所述第一端具備上行數據通信能力,則將所述數據塊發送至所述目標端;S10271: If the first end has uplink data communication capability, send the data block to the target end;
S10272、若所述第一端不具備上行數據通信能力、但具備下行數據通信能力,則對所述數據塊不進行發送處理。S10272: If the first end does not have uplink data communication capability but has downlink data communication capability, the data block is not sent for processing.
上述S10271中,第一端具備上行數據通信能力的情況下,可以根據目標端的地址信息,將所述數據塊發送至目標端。其中,In the above S10271, if the first end has uplink data communication capability, the data block can be sent to the target end according to the address information of the target end.
結合表8~表11b給出的控制設備內預置的配置信息,目標端的地址信息可以直接從配置信息中獲取;或者,Combined with the preset configuration information in the control device given in Table 8 to Table 11b, the target end address information can be directly obtained from the configuration information; or,
可以先確定目標端的預置標識,之後再根據目標端的預置標識確定目標端的地址信息。其中,目標端的預置標識可以是第一端發送過來的,具體地:第一端可以從數據塊所屬數據流對應的傳輸事務的事務屬性信息中,獲取目標端的預置標識;然後,將目標端的預置標識和數據塊打包在一個報文裡發送給本實施例執行主體;或者,在第一端針對數據塊向本實施例執行主體發送的報文不含第二端、第二端等對應的預置標識的情況下,本實施例執行主體也可以根據自身內置的預置信息,在確定出數據塊所屬數據流對應的傳輸事務基礎上,獲取到數據塊所屬數據流對應的傳輸事務的事務屬性信息,進而從該事務屬性信息中獲取到目標端的預置標識。或者,在第一端向控制設備發送需傳輸的數據塊之前,向將其對應的預置標識發送給控制設備的情況下,控制設備也可以根據接收到的第一端的預置標識,從配置信息中獲取第一端的預置標識關聯的關聯信息,進而從該關聯信息中獲取目標地址,該目標地址即為目標端的地址信息,等等。The preset identifier of the target end can be determined first, and then the address information of the target end can be determined based on the preset identifier of the target end. The preset identifier of the target end can be sent by the first end. Specifically, the first end can obtain the preset identifier of the target end from the transaction attribute information of the transmission transaction corresponding to the data flow to which the data block belongs; then, the preset identifier of the target end and the data block are packaged in a message and sent to the execution subject of this embodiment; or, the first end executes the data block to the execution subject of this embodiment. When the message sent by the subject does not contain the corresponding preset identifiers such as the second end and the second end, the execution subject of this embodiment can also obtain the transaction attribute information of the transmission transaction corresponding to the data stream to which the data block belongs based on its own built-in preset information, and then obtain the preset identifier of the target end from the transaction attribute information. Alternatively, before the first end sends the data block to be transmitted to the control device, if the corresponding preset identifier is sent to the control device, the control device can also obtain the association information associated with the preset identifier of the first end from the configuration information based on the received preset identifier of the first end, and then obtain the target address from the association information, and the target address is the address information of the target end, and so on.
有關根據目標端的地址信息將數據塊發送至目標端的具體實現詳述,可參見本申請其它實施例中相關的內容。For details on the specific implementation of sending the data block to the target terminal according to the address information of the target terminal, please refer to the relevant content in other embodiments of this application.
此外,在第一端具備上行數據通信能力的情況下,進一步地其可能不具備下行數據能力能力、或者同時也具備下行數據通信能力,若進一步地不具體下行數據通信能力,則本實施例執行主體在接收到目標端針對所述數據塊返回的反饋信息後,便不會向第一端轉發。基於此,上述步驟S10271中還可包括步驟步驟:Furthermore, if the first end has uplink data communication capabilities, it may not have downlink data communication capabilities, or it may have downlink data communication capabilities at the same time. If it does not have downlink data communication capabilities, then after receiving the feedback information returned by the target end regarding the data block, the execution subject of this embodiment will not forward it to the first end. Based on this, the above step S10271 may further include the following steps:
A01、若所述第一端具體上行數據通信能力,但不具體下行數據通信能力,則在接收到所述目標端針對所述數據塊返回的反饋信息時,對所述反饋信息不進行向第一端發送處理;A01. If the first end has uplink data communication capability but does not have downlink data communication capability, upon receiving feedback information returned by the target end for the data block, the first end does not send the feedback information to the first end for processing;
A02、若所述第一端具備上行數據通信能力、且具體下行數據通信能力,則在接收到所述目標端針對所述數據塊返回的反饋信息時,將所述反饋信息發送至所述第一端。A02. If the first end has uplink data communication capability and specifically downlink data communication capability, upon receiving feedback information returned by the target end for the data block, the first end sends the feedback information to the first end.
具體實施時,上述反饋信息可以是目標端在接收到本實施例執行主體發送過來的數據塊後返回的。反饋信息可為:在目標端內針對接收到的數據後所預置的自動回復數據,比如「ACK」。In a specific implementation, the above feedback information can be returned by the target end after receiving the data block sent by the execution subject of this embodiment. The feedback information can be: automatic reply data preset in the target end after receiving the data, such as "ACK".
若無需將反饋信息發送至第一端,則可不執行向第一端發送反饋信息的處理操作,但可對反饋信息進行日誌記錄;若需將反饋信息發送至第一端,則可在對反饋信息進行校驗並校驗通過的情況下,再將反饋信息發送至第一端。其中,校驗可包括端不限於校驗反饋信息的數據格式、數據內容等是否符合要求、反饋信息是否完整等等。由此即,在上述A12中「將所述反饋信息發送所述第一端」之前,本實施例提供的所述方法還可包括如下步驟:If the feedback information does not need to be sent to the first end, the processing operation of sending the feedback information to the first end may not be performed, but the feedback information may be logged. If the feedback information needs to be sent to the first end, the feedback information may be verified and sent to the first end after passing the verification. The verification may include, but is not limited to, verifying whether the data format and data content of the feedback information meet the requirements, whether the feedback information is complete, etc. Therefore, before "sending the feedback information to the first end" in A12 above, the method provided in this embodiment may also include the following steps:
對所述反饋信息進行校驗;Verifying the feedback information;
校驗通過後,觸發所述將所述反饋信息發送至所述第第一端的步驟。After the verification is passed, the step of sending the feedback information to the first end is triggered.
上述10272中,第一端不具體上行數據通信能力、但具體下行數據通信能力時,表明第一端不具備向目標端發送數據的通信能力,此情況下,若需傳輸的數據塊所屬數據流的數據類型為請求類型時,本實施例執行主體可根據該數據塊中包含的請求參數,在所述目標通信階段對應的數據緩存區中執行查找操作;若查找到與數據塊中包含的請求參數匹配的數據,便將該查找到的數據發送至第一端;若沒有查找到與數據塊中包含的請求參數匹配的數據,控制設備則是將自身內相應的預設請求參數發送給第二端,對接收到的數據塊則不會向目標端轉發,但可以針對數據塊進行日誌記錄。若數據塊所屬數據流的數據類型為非請求類型時,則本實施例執行主體可僅針對數據塊進行日誌記錄,並不會向目標端做任何發送處理。由此即,若第一端不具體上行數據通信能力、但具體下行數據通信能力時,則本實施例提供的所述方法還可包括如下步驟:In the above 10272, when the first end does not have the specific uplink data communication capability but has the specific downlink data communication capability, it indicates that the first end does not have the communication capability to send data to the target end. In this case, if the data type of the data stream to which the data block to be transmitted belongs is a request type, the execution subject of this embodiment can, according to the request parameter contained in the data block, cache the data corresponding to the target communication phase. A search operation is performed in the area; if data matching the request parameters contained in the data block is found, the found data is sent to the first end; if data matching the request parameters contained in the data block is not found, the control device sends the corresponding default request parameters within itself to the second end, and the received data block will not be forwarded to the target end, but a log record may be made for the data block. If the data type of the data stream to which the data block belongs is a non-request type, the execution body of this embodiment may only log the data block and will not perform any sending processing to the target end. Therefore, if the first end does not have specific uplink data communication capabilities but has specific downlink data communication capabilities, the method provided by this embodiment may further include the following steps:
A11、確定所述數據塊所屬數據流的數據類型;A11. Determine the data type of the data stream to which the data block belongs;
A12、所述數據類型為請求類型時,根據所述數據塊中包含的請求參數,在所述目標通信階段對應的數據緩存區中執行查找操作,以為所述第一端返回適配的數據。A12. When the data type is a request type, perform a search operation in a data cache area corresponding to the target communication phase according to the request parameters contained in the data block to return adapted data to the first end.
本實施例提供的方法,與第一端通信連接的控制設備,會先針對第一端啟動至少一個第一通信節點,第一通信節點為與第一端通信協議中的通信節點,用於非握手連接過程中與第一端的數據交互;第一通信節點所屬的節點類型能反映第一通信節點對第一端使能的數據傳輸功能;進一步地,可根據每個第一通信節點所屬的節點類型,控制第一端通過每個第一通信節點所能進行的數據傳輸能力。本方案基於通信協議的約束,通過軟件控制的方式針對第一端實現了通信節點啟動控制,從而借助通信節點實現了對第一端的數據傳輸能力控制,比如控制第一端能單向上行數據、或能單向下行數據、或能上行數據和下行數據,構建簡單、實現成本低,且利於根據不同傳輸控制需求進行靈活配置,而無需同現有方案中的光閘等,需進一步佈設相應的物理接口才能實現相應需求的傳輸控制。In the method provided in this embodiment, a control device that is communicatively connected to a first end first activates at least one first communication node for the first end. The first communication node is a communication node in a communication protocol with the first end and is used for data interaction with the first end during a non-handshake connection process. The node type to which the first communication node belongs can reflect the data transmission function enabled by the first communication node to the first end. Furthermore, the data transmission capability of the first end through each first communication node can be controlled based on the node type to which each first communication node belongs. Based on the constraints of the communication protocol, this solution implements communication node startup control for the first end through software control. This, in turn, uses the communication node to control the first end's data transmission capabilities. For example, the first end can be controlled to transmit uplink data unilaterally, downlink data unilaterally, or both uplink and downlink data. This solution is simple to construct, has low implementation costs, and facilitates flexible configuration based on different transmission control requirements. It eliminates the need for optical gates and other devices in existing solutions, which require further deployment of corresponding physical interfaces to achieve the corresponding transmission control requirements.
進一步地,在第一端和目標端之間僅佈設有一個控制設備(如參見圖4a至圖5a所示)的情形下,本實施例執行主體還可與目標端通信連接,具體地,本實施例執行主體還可基於第二非雙向通信協議與目標端通信連接,有關第二非雙向通信協議的描述,可參見本實施例上下文中所述的與第一非雙向通信協議相關內容;相應地,本實施例提供的所述方法還可包括如下步驟:Furthermore, in the case where only one control device is disposed between the first end and the target end (as shown in Figures 4a to 5a), the execution entity of this embodiment may also be communicatively connected to the target end. Specifically, the execution entity of this embodiment may also be communicatively connected to the target end based on a second non-bidirectional communication protocol. For a description of the second non-bidirectional communication protocol, please refer to the content related to the first non-bidirectional communication protocol described in the context of this embodiment. Accordingly, the method provided by this embodiment may further include the following steps:
S107、響應於針對所述目標端觸發的控制設備上通信節點配置操作,確定第二配置信息;所述第二配置信息中包含的通信節點為所述第二非雙向通信協議中的通信節點;S107. In response to the communication node configuration operation on the control device triggered by the target terminal, determine second configuration information; the communication node included in the second configuration information is a communication node in the second non-bidirectional communication protocol;
S108、在與所述目標端非握手連接數據傳輸過程中,根據所述第二配置信息,針對所述目標端啟動的至少一個第三通信節點;所述第三通信節點所屬的節點類型能反映所述第三通信節點對目標端使能的數據傳輸功能;S108. During a non-handshake data transmission process with the target terminal, at least one third communication node is activated for the target terminal according to the second configuration information; the node type of the third communication node can reflect a data transmission function enabled by the third communication node for the target terminal;
S109、根據每個所述第三通信節點所屬的節點類型,控制所述目標端通過每個所述第三通信節點所能進行的數據傳輸通信能力。S109. Control the data transmission communication capability of the target end through each of the third communication nodes according to the node type to which each of the third communication nodes belongs.
有關上述S107~S109的具體實現,可參見上述描述的上述步驟S100~S102的具體實現過程,此處不再做具體贅述。Regarding the specific implementation of the above-mentioned S107-S109, please refer to the specific implementation process of the above-mentioned steps S100-S102 described above, and will not be described in detail here.
綜合上述本申請實施例提供的數據傳輸控制方法相應內容,本申請實現控制第一端所能進行的數據傳輸能力如單向傳輸,是通過控制設備基於通信協議來實現第一端的上行數據或下行數據等的數據傳輸控制的;用戶可根據對第一端的傳輸控制需求,針對第一端自定義控制設設備上所能啟動的通信節點,從而使得控制設備是按用戶需求使能相應的通信節點以進行相應的數據傳輸控制。例如,結合圖24,控制設備31基於如USB協議、藍牙協議等非雙向通信協議(如非TCP/IP協議)與第一端通信連接,可按需使能第一類型的通信節點(如零個、一個或多個OUT端點)以對第一端進行上行數據傳輸控制(即控制第一端單向的向相應目標端發送數據,具體地,控制設備接收第一端數據並單向發送至響應的目標端),或者按需使能第二類型的通信節點(如零個、一個或多個IN端點)以對第一端進行下行數據傳輸控制(即控制第一端單向的獲取相應目標端的數據,具體地,控制設備31接收目標端數據並單向發送至第一端)。上述圖24中,在控制設備31基於USB協議(有線通信)與第一端通信連接下,控制設備的通信接口1(為USB接口)基於USB從機模式,根據自身內預置的配置信息,可使能通信接口1中相應的端點,具體地,通信接口1中的端點可包括:IN端點(為第二類型的通信節點),用於向第一端發送數據;OUT端點(為第一類型的通信節點),用於接收第一端發送的數據。以及,在控制設備31基於藍牙協議(有線通信)與第一端通信連接下,控制設備的通信接口1為藍牙接口,其基於BLE-SERVER模式,可根據控制設備內預置的配置信息,所使能的通信節點可為通信接口1(也即GATT服務中)中的Characteristic,具體地,GATT服務中的Characteristic可包括:Read屬性的Characteristic(為第二類型的通信節點),用於向第一端發送數據;Notify屬性的Characteristic(為第二類型的通信節點),用於向第一端發送(推送)數據;Write屬性的Characteristic(為第一類型的通信節點),用於接收第一端發送的數據。In summary, the data transmission control method provided in the above-mentioned embodiments of the present application is implemented to control the data transmission capability of the first end, such as one-way transmission, by controlling the data transmission control of the first end, such as uplink data or downlink data, based on the communication protocol. The user can customize the communication nodes that can be activated on the control device for the first end according to the transmission control requirements of the first end, so that the control device enables the corresponding communication nodes according to the user's requirements to perform the corresponding data transmission control. For example, in conjunction with Figure 24, the control device 31 is connected to the first end based on a non-bidirectional communication protocol (such as a non-TCP/IP protocol) such as a USB protocol or a Bluetooth protocol, and can enable the first type of communication node (such as zero, one or more OUT endpoints) as needed to control the uplink data transmission of the first end (that is, control the first end to unidirectionally send data to the corresponding target end, specifically, the control device receives the data from the first end and sends it unidirectionally to the corresponding target end), or enable the second type of communication node (such as zero, one or more IN endpoints) as needed to control the downlink data transmission of the first end (that is, control the first end to unidirectionally obtain the data from the corresponding target end, specifically, the control device 31 receives the target end data and sends it unidirectionally to the first end). In the above Figure 24, when the control device 31 is connected to the first end based on the USB protocol (wired communication), the communication interface 1 (USB interface) of the control device can enable the corresponding endpoints in the communication interface 1 based on the USB slave mode according to the configuration information preset in itself. Specifically, the endpoints in the communication interface 1 may include: an IN endpoint (a second type of communication node), which is used to send data to the first end; and an OUT endpoint (a first type of communication node), which is used to receive data sent by the first end. Furthermore, when the control device 31 is connected to the first end for communication based on the Bluetooth protocol (wired communication), the communication interface 1 of the control device is a Bluetooth interface based on the BLE-SERVER mode. According to the configuration information preset in the control device, the enabled communication node may be the Characteristic in the communication interface 1 (that is, in the GATT service). Specifically, the Characteristic in the GATT service may include: a Characteristic with a Read attribute (for the second type of communication node), which is used to send data to the first end; a Characteristic with a Notify attribute (for the second type of communication node), which is used to send (push) data to the first end; and a Characteristic with a Write attribute (for the first type of communication node), which is used to receive data sent by the first end.
其中,一個控制設備可以由多個同類型或不同類型的通信接口,如可有USB接口、藍牙接口等。各通信接口可根據控制設備內預置的配置文件使能相應的通信端點,以對第一端進行數據傳輸能力的控制。A control device may have multiple communication interfaces of the same or different types, such as a USB interface, a Bluetooth interface, etc. Each communication interface may enable a corresponding communication endpoint according to a configuration file preset in the control device to control the data transmission capability of the first end.
本申請實施例提供的數據傳輸控制方案,可以簡述為如下:The data transmission control scheme provided by the embodiment of this application can be briefly described as follows:
1、按需進行使能至少一個通信節點(第一類型或第二類型的通信節點),實現對第一端單向上行數據或下行數據等數據傳輸能力的控制。例如,使能1個第二類型的通信節點a1(如IN端點)、通信端點a1對應目標端b1,當接收到目標端b1(或目標端上應用c1)的數據(如文件數據等)時,將數據通過通信端點a1發送至第一端,以此第一端便完成一次下行數據(獲取數據)。再例如,使能1個第一類型的通信節點a2(如OUT端點)、通信節點a2對應目標端b2,當接收到第一端通過通信節點a2下發的數據時,將該數據轉發至目標端b2,以此便第一端便完成一次上行數據。1. Enable at least one communication node (Type 1 or Type 2) as needed to control the first end's data transmission capabilities, such as unidirectional uplink or downlink data. For example, enable Type 2 communication node a1 (e.g., an IN endpoint) and correspond to target end b1. Upon receiving data (e.g., file data) from target end b1 (or application c1 on the target end), the first end transmits the data via a1 to the first end, thereby completing a downlink data transmission (data acquisition). For another example, enable Type 1 communication node a2 (e.g., an OUT endpoint) and correspond to target end b2. Upon receiving data sent by the first end via a2, the first end forwards the data to b2, thereby completing an uplink data transmission.
這樣做的好處是:在對第一端實現單向數據傳輸控制過程中,第一端只能通過使得的通信節點與相應的目標端通信,第一端無法改變數據傳輸目標地址。第一端無法通過非使能的通信節點實現數據傳輸。The advantage of this approach is that during the one-way data transmission control process for the first end, the first end can only communicate with the corresponding target end through the enabled communication node, and the first end cannot change the data transmission target address. The first end cannot transmit data through the disabled communication node.
2、根據第一端上不同的應用、不同目標端等,使能多個相同類型(或說傳輸方向)的通信節點,可實現第一端同時對多個目標端進行上行數據傳輸或下行數據傳輸,形成針對第一端上應用或目標端單獨的鏈路。例如,同時使能2個第二類型的通信節點(如IN端點),具體地,如針對第一端上的應用1和應用2,分別使能有通信節點a1_1、通信節點a1_2,通信節點a1_1對應目標端b1_1,當接收到目標端b1_1數據時,將數據通過通信節點a1_1發送至第一端上應用1;通信節點a1_2對應目標端b1_2,當接收到目標端b1_2的數據時,將數據通過通信節點a1_2發送至第一端上應用2。2. Based on different applications and different target terminals on the first end, multiple communication nodes of the same type (or transmission direction) are enabled. This allows the first end to simultaneously transmit uplink data or downlink data to multiple target terminals, forming separate links for the applications or target terminals on the first end. For example, two second-type communication nodes (such as IN endpoints) are enabled at the same time. Specifically, for application 1 and application 2 on the first end, communication node a1_1 and communication node a1_2 are enabled respectively. Communication node a1_1 corresponds to target end b1_1. When receiving data from target end b1_1, the data is sent to application 1 on the first end through communication node a1_1; communication node a1_2 corresponds to target end b1_2. When receiving data from target end b1_2, the data is sent to application 2 on the first end through communication node a1_2.
這樣做的好處:一台控制設備可以同時對第一端上多個應用或多個目標端進行單向傳輸控制;各通信節點與各目標端形成獨立的單向通信鏈路,避免單通信節點、多目標端下的數據干擾或洩露;可僅通過綁定通信節點標識的方式區分不同的目標端。The advantages of this approach are: a single control device can simultaneously control one-way transmissions to multiple applications or multiple targets on the first end; each communication node forms an independent one-way communication link with each target, preventing data interference or leakage between a single communication node and multiple targets; and different targets can be distinguished simply by binding the communication node identifier.
3、根據第一端上不同的應用、目標端設備的需要,同時使能多個不同類型(或說傳輸方向)的通信節點(第一類型的通信節點和第二類型的通信節點同時存在)。例如,可同時使能2個第一類型的通信節點、2個第二類型的通信節點。3. Based on the needs of different applications on the first end and the target device, multiple communication nodes of different types (or transmission directions) can be enabled simultaneously (first-type communication nodes and second-type communication nodes coexisting). For example, two first-type communication nodes and two second-type communication nodes can be enabled simultaneously.
這樣做的好處:一台控制設備可以同時對多個應用或目標端進行單向傳輸控制,並可同時滿足多個目標端的不同傳輸方向的需求。The advantage of doing this is that one control device can simultaneously perform one-way transmission control on multiple applications or targets, and can also meet the different transmission direction requirements of multiple targets at the same time.
這裡需要補充說明的是:上述內容中所述的「使能」,也即可理解為本申請上下文所述的「啟動」。It should be noted that the "enabling" mentioned above can also be understood as the "starting" mentioned in the context of this application.
綜上內容,下面再相比於現有方案,對本申請提供的數據傳輸控制技術方案做進一步地以下幾點詳述:In summary, the data transmission control technology provided by this application is further described in the following points compared to existing solutions:
1)現有的設備基於所使用的協議大多只能啟用雙向通信節點(如TCP、UDP協議中的端口(port)),實現雙向(上行和下行)數據傳輸。比如,第二端為服務端,在服務端上一端口號對應的端口啟動後,第一端便與服務端通過該端口號對應的端口進行雙向數據傳輸通信。而且,現有的設備所使用的協議,也沒有用於配置單向傳輸的單向通信節點功能。例如,現有的設備所使用的協議僅支持用戶配置端口號,無法進一步地配置端口號對應的端口作為僅能上行數據或僅能下行數據的通信節點,設備在出產階段其上端口的啟用、通信功能等往往已被固設,端口常被固設為雙向傳輸通信節點(即固設為具有雙向通信能力),用戶無法根據自己實際所需進行自主配置端口啟用、通信能力等。1) Due to the protocols they use, most existing devices can only enable two-way communication nodes (such as ports in TCP and UDP protocols) to achieve bidirectional (uplink and downlink) data transmission. For example, if the second end is a server, and the port corresponding to a port number on the server is activated, the first end will then communicate with the server through the port corresponding to the port number. Furthermore, the protocols used by existing devices do not have the function of configuring one-way communication nodes for one-way transmission. For example, the protocols used by existing devices only support user-configured port numbers, and there is no way to further configure the port corresponding to the port number as a communication node capable of uplink data only or downlink data only. During the production stage of the device, the activation and communication functions of the port on it are often fixed. The port is often set as a two-way transmission communication node (i.e., it is set to have two-way communication capabilities), and users cannot independently configure port activation and communication capabilities according to their actual needs.
本申請提供的方案則不同,控制設備的通信協議支持靈活配置啟用針對不同目標端、不同傳輸方向的通信節點,經配置可以同時啟用雙向通信節點和單向通信節點(上行通信節點(僅能上行數據)和/或下行通信節點(僅能下行數據)),用於與同一個目標端進行通信;或者,也可以只包含單向的上行通信節點和/或下行通信節點,用於與一個或同時與多個(或不同)目標端進行通信,其中,多個目標端可是具有不同通信需求的不同數據端。例如,參見圖25b,假設控制設備的通信協議經配置,同時包含有雙向通信節點(對應於第二端22)、單向的下行通信節點(對應於第二端21)和單向的上行通信節點(對應於第二端23),則:第一端通過上述控制設備的雙向通信節點、單向的下行通信節點及單向的上行通信節點,能同時分別與第二端21實現單向下行數據、與第二端22實現雙向數據傳輸(包含上行數據和下行數據)、與第二端23實現單向上行數據。The solution provided in this application is different. The communication protocol of the control device supports flexible configuration to enable communication nodes for different target terminals and different transmission directions. It can be configured to enable bidirectional communication nodes and unidirectional communication nodes (uplink communication nodes (uplink data only) and/or downlink communication nodes (downlink data only)) at the same time for communicating with the same target terminal; alternatively, it can only include unidirectional uplink communication nodes and/or downlink communication nodes for communicating with one or multiple (or different) target terminals at the same time, where the multiple target terminals may be different data terminals with different communication requirements. For example, referring to Figure 25b, assuming that the communication protocol of the control device is configured to include a bidirectional communication node (corresponding to the second end 22), a unidirectional downlink communication node (corresponding to the second end 21) and a unidirectional uplink communication node (corresponding to the second end 23), then: the first end can simultaneously realize unidirectional downlink data with the second end 21, bidirectional data transmission (including uplink data and downlink data) with the second end 22, and unidirectional uplink data with the second end 23 through the bidirectional communication node, unidirectional downlink communication node and unidirectional uplink communication node of the above-mentioned control device.
2)現有的USB設備,如USB移動硬盤等近場通訊設備,基本上僅支持使用USB進行近端通信。本申請中控制設備不同於現有的USB移動硬盤等近場通訊設備,通信除支持近端通信(如使用USB等方式實現)之外,還支持使用TCP/IP進行遠端通信。其中,遠端通信的目標端如參見上述1)中所述,可以為不同的第二端;且針對不同的第二端可實現不同方向的通信,比如,針對一些第二端為雙向(上行和下行)通信、針對另一些第二端僅上行通信、或針對又一些第二端僅下行通信;此外,針對不同的第二端在通信過程中還可實現以不同數據交換方式進行傳輸數據,有關以不同數據交換方式進行傳輸數據的具體實現,可參見本申請其他實施例中與圖2b相關內容。2) Existing USB devices, such as USB portable hard drives and other near-field communication devices, generally only support near-end communication using USB. The control device in this application differs from existing near-field communication devices such as USB portable hard drives. In addition to supporting near-end communication (e.g., using USB or other methods), it also supports remote communication using TCP/IP. The target end of the remote communication, as described in 1) above, may be different second ends; and communications in different directions may be achieved for different second ends, for example, bidirectional (uplink and downlink) communication for some second ends, uplink-only communication for other second ends, or downlink-only communication for yet other second ends; in addition, data may be transmitted using different data exchange modes during the communication process for different second ends. For the specific implementation of data transmission using different data exchange modes, please refer to the relevant content of FIG. 2b in other embodiments of this application.
這裡需要補充說明的是:雖然現有的USB設備(以及光模塊網卡)等也是具有單向傳輸協議功能的硬件,但是其只是作為通信的中間環節,其與第一端的直接通信連接還是使用網絡,並為網絡通信啟用的是雙向通信節點,比如:參見圖25a,同時啟用上行通信節點和下行通信節點、並都與相同的第二端(為目標端)通信。另外,雖諸如USB網卡(即接口為USB的網卡)、U盤、硬盤(基於SATA協議)等都是有單向通信節點的,但是為了第一端能與同一個第二端進行數據交換(如至少一個或多個網絡服務數據讀寫、U盤存儲芯片讀寫、硬盤數據讀寫),按照固設都會同時啟用上行通信節點和下行通信節點且都與同一個第二端(為目標端)通信。而本申請方案,不同的通信節點,如上行通信節點或下行通信節點可與不同的特定第二端進行通信,但該特定第二端也是可以向其他端(為不同於第一端的數據端)進行下行數據或上行數據。例如,假設第一端通過控制設備上啟用的下行通信節點與第二端通信,此情況下,第一端只能從第二端處下載數據,換句說也就是說,第二端只能向第一端發送數據,但是這並不會影響第二端與除第一端之外的其他端正常通信以傳輸數據,如第二端還與第三端進行網絡連接,則第二端對第三端進行下行數據和/或上行數據。It should be noted that although existing USB devices (and optical module network cards) are also hardware with unidirectional transmission protocol functions, they only serve as an intermediate link in communication. Their direct communication connection with the first end still uses the network, and bidirectional communication nodes are enabled for network communication. For example, see Figure 25a, where both the upstream communication node and the downstream communication node are enabled at the same time, and both communicate with the same second end (the target end). Furthermore, while USB network cards (i.e., network cards with USB interfaces), USB flash drives, and hard drives (based on the SATA protocol) all have unidirectional communication nodes, in order for a first end to exchange data with the same second end (e.g., reading and writing at least one or more network service data, reading and writing USB flash drive storage chips, and reading and writing hard drive data), they are inherently configured to simultaneously activate both upstream and downstream communication nodes, and both communicate with the same second end (the target end). However, in this application, different communication nodes, such as upstream or downstream communication nodes, can communicate with different specific second ends, but these specific second ends can also transmit or upload data to other ends (data ends other than the first end). For example, assume that the first end communicates with the second end through a downlink communication node enabled on a control device. In this case, the first end can only download data from the second end. In other words, the second end can only send data to the first end. However, this does not affect the second end's normal communication with other ends other than the first end to transmit data. If the second end also has a network connection with a third end, the second end can transmit downlink data and/or uplink data to the third end.
3)現有的USB網卡等通信設備,其的USB網卡在第一端的操作系統驅動將會被識別為網卡(有線網卡或無線網卡等),即為:第一端(為TCP/IP網絡驅動,該TCP網絡驅動具有通信性,對端口數據收發不進行限制)——>USB接口設備(無法配置,自動啟用滿足雙向傳輸的端點)——>第二端。而本申請提供的方案為:第一端(只能向控制設備啟用的特定通信節點發送數據或從控制設備啟用的特定通信節點接收數據)——>控制設備(根據配置,啟用特定傳輸方向的通信節點)——>第二端。也就是說,在本申請方案中,控制設備在沒啟用特定傳輸節點的情況下,不管第一端有沒驅動、驅動是否官方的等,均無法與第二端進行數據交換。3) In existing communication devices such as USB network cards, the operating system driver on the first end identifies the USB network card as a network card (wired or wireless, etc.), i.e., the first end (a TCP/IP network driver with communication capabilities and no restrictions on port data transmission and reception) -> USB interface device (unconfigurable, automatically activated endpoint for bidirectional transmission) -> second end. The solution provided in this application, however, is: the first end (which can only send data to or receive data from a specific communication node enabled by the control device) -> control device (which, based on configuration, activates a communication node for a specific transmission direction) -> second end. That is, in this application, if the control device does not activate a specific transmission node, it will not be able to exchange data with the second end, regardless of whether the first end has a driver or whether the driver is official.
下面再結合圖24以控制設備31基於藍牙協議與第一端通信連接為例,舉幾個例子。The following examples are given with reference to FIG. 24 , taking the control device 31 communicating with the first end based on the Bluetooth protocol as an example.
例1、在針對第一端配置只具備下行數據傳輸能力情況下,控制第一端只能進行下行數據(獲取數據)可如下:Example 1: If the first end is configured with only downlink data transmission capability, controlling the first end to only transmit downlink data (acquire data) can be as follows:
控制設備31按照內所預置的配置信息,只使能Read或Notjfy屬性的Characteristic;The control device 31 only enables the Characteristic with the Read or Notjfy attribute according to the preset configuration information;
第一端只能通過該使能的Characteristic請求Read數據,或者等待Notjfy推送數據,因沒有可供Write的Characteristic,無法向控制設備31發送數據包。The first end can only request Read data through the enabled Characteristic, or wait for Notjfy to push data. Since there is no Characteristic available for Write, it cannot send data packets to the control device 31.
此外,使得的Read或Notjfy屬性Characteristic可有多組;Read或Notjfy的數據來自哪個真實的目標地址(或目標端),第一端是無法得知的,第一端也無法接收預設以外的數據來源。In addition, the Read or Notjfy attribute of Characteristic can have multiple sets; the first end cannot know the actual target address (or target end) from which the Read or Notjfy data comes, and the first end cannot receive data from sources other than the default.
例2、在針對第一端配置只具備上行數據傳輸能力情況下,控制第一端只能進行上行數據(發送數據)可如下:Example 2: If the first end is configured to only transmit uplink data, the following steps can be used to control the first end to only transmit uplink data:
控制設備31按照內所預置的配置,使能Write屬性的Characteristic。The control device 31 enables the Characteristic of the Write attribute according to the preset configuration.
第一端只能通過該使能的CharacteristicWrite向控制設備發送數據,因為沒有可供Read的Characteristic,無法向控制設備31接收數據。The first end can only send data to the control device through the enabled CharacteristicWrite, because there is no Characteristic available for Read, and it cannot receive data from the control device 31.
此外,使能的Write屬性的Characteristic可有多組;Write數據發送真實的目標地址,可以在預設中被隱藏,第一端無法得知,第一端也無法向預設以外的目標地址發送數據。當然,目標地址也可不隱藏。Furthermore, the Write-enabled Characteristic can have multiple sets of parameters. The actual destination address of the Write data can be hidden by default, making it impossible for the first end to know and send data to a destination other than the default. Of course, the destination address can also be left unhidden.
例3、在針對第一端配置具備上行數據傳輸能力和下行數據傳輸能力的情況下,控制第一端能進行上行數據(發送數據)和下行數據(接收數據)可如下:Example 3: When the first end is configured with uplink data transmission capabilities and downlink data transmission capabilities, controlling the first end to transmit uplink data (send data) and receive downlink data (receive data) can be as follows:
控制設備31按照內所預置的配置信息,使能相應的Read或Notjfy屬性的Characteristic、以及Write屬性的Characteristic,以此通過所使能的各Characteristic控制第一端上行數據和/或下行數據,具體實現可參見上述例1和例2中的相關內容。上述所使能的各Characteristic可對應不同的目標地址,控制設備31能通過所使能的各Characteristic同時控制第一端向多個目標地址發送數據或者接收來自多個目標地址的數據。The control device 31 enables corresponding Read or Notify properties, as well as Write properties, according to pre-set configuration information. This enables the first end's uplink and/or downlink data transmission via the enabled characteristics. For specific implementations, please refer to the relevant content in Examples 1 and 2 above. Each of the enabled characteristics can correspond to a different target address. The control device 31 can simultaneously control the first end to send data to or receive data from multiple target addresses via the enabled characteristics.
例4、在針對第一端配置具備下行數據傳輸能力,並通過一個通信節點能對多個目標端進行下行數據情況下,控制第一端能進行下行數據可如下:Example 4: When the first end is configured with downlink data transmission capability and can transmit downlink data to multiple destinations through a communication node, controlling the first end to transmit downlink data can be as follows:
控制設備31按照內所預置的配置信息,使能相應的一個Read屬性的Characteristic,其中,針對第一端為該一個Read屬性的Characteristic綁定有多個預置標識,一個預置標識關聯有一個目標地址;The control device 31 enables a corresponding Characteristic of a Read attribute according to the preset configuration information, wherein a plurality of preset identifiers are bound to the Characteristic of the Read attribute at the first end, and each preset identifier is associated with a target address;
之後,控制設備可根據該一個Read屬性的Characteristic所綁定的多個預置標識,確定出多個目標地址,並分別向多個目標地址中各目標地址指示的目標端請求數據,從而將多個目標端返回的數據發送至第一端,以此使得第一端從多個目標端獲取數據。Afterwards, the control device can determine multiple target addresses based on the multiple preset identifiers bound to the Characteristic of the Read attribute, and request data from the target end indicated by each target address in the multiple target addresses, thereby sending the data returned by the multiple target ends to the first end, so that the first end obtains data from the multiple target ends.
例5、在針對第一端配置具備上行數據傳輸能力,並通過一個通信節點能向多個目標端進行上行數據情況下,控制第一端能進行上行數據可如下:Example 5: If the first end is configured with uplink data transmission capability and can transmit uplink data to multiple destinations via a communication node, controlling the first end to transmit uplink data can be as follows:
控制設備31按照內所預置的配置信息,使能相應的一個Write屬性的Characteristic,其中,針對第一端為該一個Write屬性的Characteristic綁定有多個預置標識,一個預置標識關聯有一個目標地址;The control device 31 enables a corresponding Characteristic with a Write attribute according to the preset configuration information therein, wherein a plurality of preset identifiers are bound to the Characteristic with a Write attribute at the first end, and each preset identifier is associated with a target address;
之後,控制設備在接收到第一端發送過來的數據後,可根據該一個Read屬性的Characteristic所綁定的多個預置標識,確定出多個目標地址,並分別向多個目標地址中各目標地址指示的目標端轉發從第一端接收到的數據,以此使得第一端向多個目標端發送數據。Afterwards, after receiving the data sent by the first end, the control device can determine multiple target addresses based on the multiple preset identifiers bound to the Characteristic of the Read attribute, and forward the data received from the first end to the target end indicated by each target address in the multiple target addresses, thereby allowing the first end to send data to multiple target ends.
此外,再結合圖24,控制設備31還可基於PCIE協議與第一端通信連接。該情況下,In addition, referring to FIG24 , the control device 31 can also be connected to the first end via the PCIE protocol.
控制設備可以部署於第一端設備的內部,結構形式可為芯片或擴展卡(如圖7c所示),使用PCIE協議與第一端連接。控制設備31按照內所預置的配置信息,使能PCIE協議中多個數據通路(Lane)中相應的發送端數據通路(TX發送邏輯)和/或接收端數據通路(RX接收邏輯),以實現單向的上行數據或下行數據、或者雙向數據(上行數據和下行數據)。The control device can be deployed within the first-end device and can take the form of a chip or expansion card (as shown in Figure 7c). It connects to the first-end device using the PCIE protocol. The control device 31, based on pre-configured configuration information, enables the corresponding transmit data lanes (TX transmit logic) and/or receive data lanes (RX receive logic) within the multiple data lanes (Lanes) of the PCIE protocol, enabling unidirectional uplink or downlink data transmission, or bidirectional data transmission (uplink and downlink data).
其中,發送端數據通路,即為發送端的數據鏈路;接收端數據通路,即為接收端的數據鏈路;數據通路(Lane)的發送端或接收端與上述USB協議中的IN端點、OUT端點,或者與上述藍牙協議中Read屬性的Characteristic、Write屬性的Characteristic等同,有關針對數據通路的具體實施方式(如綁定對應的目標端、預置標識、預置字符串、傳輸事務等相關內容)可以參考本申請相關實施例,此處不再贅述。The transmitting data lane is the data link at the transmitting end; the receiving data lane is the data link at the receiving end; the transmitting end or receiving end of the data lane (Lane) is equivalent to the IN endpoint and OUT endpoint in the above-mentioned USB protocol, or the Characteristic of the Read attribute and the Characteristic of the Write attribute in the above-mentioned Bluetooth protocol. The specific implementation methods for the data lane (such as binding the corresponding target end, preset identification, preset string, transmission transaction, etc.) can be referred to the relevant embodiments of this application and will not be repeated here.
這裡需要補充說明的是:除上述所述的幾種協議之外,控制設備與第一端的通信連接還可以以SATA接口(類似硬盤設備類型的方式接入)、emmC接口(類似SD存儲卡設備類型的方式接入)、串口通信接口(有線、通過RX線和TX線發送數據)、光纖通信接口(有線、光模塊、RXTX模式)、網線通信接口(有線或無線,包括WIFI)等接口相關的協議,或者自定義協議。上述所述的各種協議中包含的RX、TX等單向通信節點,都等同於本申請示例中的USB協議的IN端點、OUT端點,或者藍牙協議的Read屬性的Characteristic、Write屬性的Characteristic等,本申請對此不進行限定。It should be noted that, in addition to the several protocols described above, the communication connection between the control device and the first end can also be achieved through a SATA interface (accessed in a manner similar to a hard drive device), an emmC interface (accessed in a manner similar to an SD memory card device), a serial communication interface (wired, sending data via RX and TX lines), an optical communication interface (wired, optical module, RXTX mode), a network communication interface (wired or wireless, including WIFI), or other interface-related protocols, or a custom protocol. The unidirectional communication nodes such as RX and TX contained in the various protocols described above are equivalent to the IN and OUT endpoints of the USB protocol in the examples of this application, or the Characteristic of the Read attribute and the Characteristic of the Write attribute of the Bluetooth protocol, etc., and this application does not limit them.
基於上述詳述的本申提供的數據傳輸控制方法相關內容,本申請還提供了與所述數據傳輸控制方法相對應的如下幾個數據傳輸控制系統。具體地,Based on the above detailed description of the data transmission control method provided by the present application, the present application also provides the following data transmission control systems corresponding to the data transmission control method. Specifically,
本申請一實施例提供了一種數據傳輸控制系統,該系統結構可參見圖4a至圖6c、以及圖23a~圖23d等所示出的系統結構。具體地,本申請實施例提供的數據傳輸控制系統包括:An embodiment of the present application provides a data transmission control system. The system structure can be seen in Figures 4a to 6c, and Figures 23a to 23d. Specifically, the data transmission control system provided by the embodiment of the present application includes:
第一端;First end;
第一控制設備,基於第一通信協議與與第一端通信連接,所述第一通信協議包含的多個通信節點中部分通信節點為單向通信節點;所述第一控制設備用於響應於針對第一端觸發的控制設備上通信節點配置操作,確定第一配置信息;其中,所述第一配置信息中包含的通信節點為所述第一通信協議中的通信節點;在與所述第一端非握手連接數據傳輸過程中,根據所述第一配置信息,針對所述第一端啟動的至少一個第一通信節點;所述第一通信節點所屬的節點類型能反映所述第一通信節點對第一端使能的數據傳輸功能;根據每個所述第一通信節點所屬的節點類型,控制所述第一端通過每個所述第一通信節點所能進行的數據傳輸能力;A first control device is configured to communicate with a first end based on a first communication protocol, wherein some of the multiple communication nodes included in the first communication protocol are unidirectional communication nodes; the first control device is configured to determine first configuration information in response to a communication node configuration operation triggered on the control device for the first end; wherein the communication nodes included in the first configuration information are communication nodes in the first communication protocol; during data transmission in a non-handshake connection with the first end, at least one first communication node is activated for the first end based on the first configuration information; the node type of the first communication node can reflect the data transmission function enabled by the first communication node to the first end; and based on the node type of each first communication node, the data transmission capability of the first end through each first communication node is controlled;
進一步地,上述第一控制設備,還用於:在監測到上電後,根據所述第一配置信息啟動所述第二通信節點,以通過所述第二通信節點與所述第一端建立握手連接;在建立握手連接過程中,確定所述第一端向第二通信節點發送的指令是否符合要求;符合時,響應所述指令;不符合時,不予響應所述指令。Furthermore, the above-mentioned first control device is also used to: after monitoring power-on, start the second communication node according to the first configuration information to establish a handshake connection with the first end through the second communication node; in the process of establishing the handshake connection, determine whether the instruction sent by the first end to the second communication node meets the requirements; if it meets the requirements, respond to the instruction; if it does not meet the requirements, do not respond to the instruction.
進一步地,本實施例提供的所述系統還可包括:Furthermore, the system provided by this embodiment may also include:
第二控制設備,與所述第一控制設備和所述第二端通信連接,用於接收所述第一控制設備發送的數據;對接收到的所述數據進行校驗;校驗通過後,將所述數據發送至所述第二端。The second control device is communicatively connected to the first control device and the second end, and is used to receive data sent by the first control device; verify the received data; and after passing the verification, send the data to the second end.
具體實施時,校驗可包括但不限於:校驗數據的數據格式、數據內容等是否符合要求、數據是否完整,等等。有關針對數據具體校驗的內容,可參見本申請其他實施例中相關內容。In specific implementations, verification may include, but is not limited to, verifying the data format, whether the data content, etc. meet the requirements, whether the data is complete, etc. For details on specific data verification, please refer to the relevant content in other embodiments of this application.
進一步地,上述所述第二控制設備,基於第二通信協議與所述第二端通信連接,所述第二通信協議包含的多個通信節點中部分通信節點為單向通信節點;以及,所述第二控制設備還用於:響應於針對所述第二端觸發的第二控制設備上通信節點配置操作,確定第二配置信息;其中,所述第二配置信息中包含的通信節點為所述第二通信協議中的通信節點;在與所述第二端非握手連接數據傳輸過程中,根據所述第二配置信息,針對所述第二端啟動的至少一個第三通信節點;所述第三通信節點所屬的節點類型能反映所述第三通信節點對第二端使能的數據傳輸功能;根據每個所述第三通信節點所屬的節點類型,控制所述第二端通過每個所述第三通信節點所能進行的數據傳輸通信能力。Furthermore, the above-mentioned second control device is communicatively connected to the second end based on a second communication protocol, and some of the multiple communication nodes included in the second communication protocol are unidirectional communication nodes; and the second control device is also used to: determine second configuration information in response to a communication node configuration operation on the second control device triggered for the second end; wherein the communication nodes included in the second configuration information are communication nodes in the second communication protocol; during the non-handshake connection data transmission process with the second end, at least one third communication node is activated for the second end according to the second configuration information; the node type to which the third communication node belongs can reflect the data transmission function enabled by the third communication node to the second end; and according to the node type to which each of the third communication nodes belongs, control the data transmission communication capability that the second end can perform through each of the third communication nodes.
這裡需要說明的是:上述實施例提供的數據傳輸控制系統中的各設備和/或各端,除了可實現上述本實施例所述的功能步驟之外,還可實現本申請提供的其他各實施例中相關內容,有關上述各設備和/或各端具體可實現的功能內容以及相應的具體實現原理,可參見上文本申請其他實施例中的相應內容,此處不再贅述。It should be noted here that: in addition to implementing the functional steps described in the above embodiment, each device and/or each end in the data transmission control system provided in the above embodiment can also implement the relevant contents of other embodiments provided in this application. Regarding the specific functional contents that can be implemented by the above devices and/or each end and the corresponding specific implementation principles, please refer to the corresponding contents in other embodiments of the above text application, which will not be repeated here.
本申請另一實施例還提供了一種數據傳輸控制系統,該系統結構可參見圖5b至圖6c、以及圖23d所示出的系統結構。具體地,本申請實施例提供的數據傳輸控制系統包括:Another embodiment of the present application further provides a data transmission control system. The system structure can be seen in Figures 5b to 6c and the system structure shown in Figure 23d. Specifically, the data transmission control system provided by the embodiment of the present application includes:
第一端;First end;
第一控制設備,基於第一通信協議與與第一端通信連接,所述第一通信協議包含的多個通信節點中部分通信節點為單向通信節點;所述第一控制設備用於響應於針對第一端觸發的控制設備上通信節點配置操作,確定第一配置信息;其中,所述第一配置信息中包含的通信節點為所述第一通信協議中的通信節點;在與所述第一端非握手連接數據傳輸過程中,根據所述第一配置信息,針對所述第一端啟動的至少一個第一通信節點;所述第一通信節點所屬的節點類型能反映第一通信節點對第一端使能的數據傳輸功能;根據每個所述第一通信節點所屬的節點類型,控制所述第一端通過每個所述第一通信節點所能進行的數據傳輸能力;A first control device is configured to communicate with a first end based on a first communication protocol, wherein some of the multiple communication nodes included in the first communication protocol are unidirectional communication nodes; the first control device is configured to determine first configuration information in response to a communication node configuration operation triggered on the control device for the first end; wherein the communication nodes included in the first configuration information are communication nodes in the first communication protocol; during data transmission in a non-handshake connection with the first end, at least one first communication node is activated for the first end based on the first configuration information; the node type of the first communication node can reflect a data transmission function enabled by the first communication node to the first end; and based on the node type of each first communication node, the data transmission capability of the first end through each first communication node is controlled;
第二控制設備,與所述第一控制設備和所述第二端通信連接,用於在接收到所述第一控制設備發送的數據時,對所述數據進行校驗;校驗通過後,將所述數據發送至所述第二端;a second control device, communicatively connected to the first control device and the second end, configured to verify the data sent by the first control device upon receipt thereof; and send the data to the second end after passing the verification;
第二端,用於接收所述第二控制設備發送的所述數據。The second end is used to receive the data sent by the second control device.
這裡需要說明的是:上述實施例提供的數據傳輸控制系統中的各設備和/或各端,除了可實現上述本實施例所述的功能步驟之外,還可實現本申請提供的其他各實施例中相關內容,有關上述各設備和/或各端具體可實現的功能內容以及相應的具體實現原理,可參見上文本申請其他實施例中的相應內容,此處不再贅述。It should be noted here that: in addition to implementing the functional steps described in the above embodiment, each device and/or each end in the data transmission control system provided in the above embodiment can also implement the relevant contents of other embodiments provided in this application. Regarding the specific functional contents that can be implemented by the above devices and/or each end and the corresponding specific implementation principles, please refer to the corresponding contents in other embodiments of the above text application, which will not be repeated here.
圖18a示出了控制設備的結構示意圖。如參見圖圖18a所示,控制設備30可包括:FIG18 a shows a schematic diagram of the structure of the control device. As shown in FIG18 a, the control device 30 may include:
配置文件接收模塊,用於如當存儲有配置文件的分發器接入控制設備的接口(即下述的配置文件接收接口)時,向其發送控制設備的設備標識或使用控制設備用戶的用戶標識等特徵標識符,以由分發器根據接收到的特徵標識符向控制設備返回適配的配置文件;以及,還用於接收並校驗如分發器發送的配置文件數據,並在校驗通過後,將配置文件數據在控制設備和與控制設備連接的數據端(如計算機)(具體地為數據端中安裝的控制設備的設備驅動)進行註冊。其中,數據端可定值發送交互指令,以查詢是否有更新配置文件;配置文件中包含的是服務配置和通信事務相關的內容,有關配置文件具體可包括的內容,可參見上文其他實施例中相關內容。The configuration file receiving module is used to send a characteristic identifier, such as the device identifier of the control device or the user identifier of the user using the control device, to the distributor when the distributor storing the configuration file is connected to the interface of the control device (i.e., the configuration file receiving interface described below), so that the distributor can return an adapted configuration file to the control device based on the received characteristic identifier; and is also used to receive and verify the configuration file data sent by the distributor, and after verification, register the configuration file data with the control device and a data terminal (such as a computer) connected to the control device (specifically, the device driver of the control device installed in the data terminal). The data terminal may send an interactive command with a fixed value to check whether there is an updated configuration file; the configuration file includes content related to service configuration and communication transactions. For specific content that may be included in the configuration file, please refer to the relevant content in other embodiments above.
配置文件接收接口,可複用下述所述的數據交換接口①或數據交換接口②。The configuration file receiving interface can reuse the data exchange interface ① or data exchange interface ② described below.
數據結構化模塊,用於接收數據交換接口①處的數據,將數據進行結構化處理,以生成符合預設結構規則要求的結構化數據(即上文涉及的報文);以及,還用於接收到數據交換接收②處的數據時,對數據進行反序列化等解析處理。上述數據交換接口①,是用於與一數據端(為發送方,如客戶端)連接的第一接口,比如控制設備上用於進程通信的USB接口。數據交換接收②,是用於與目標設備(如另一控制設備或另一數據端(為接收方,如服務端))連接的第二接口,比如控制設備上用於遠程通信的網絡接口(如以太網接口)。The data structuring module is used to receive data from the data exchange interface ① and structure the data to generate structured data that meets the requirements of the preset structural rules (i.e., the message mentioned above); and is also used to perform deserialization and other parsing processing on the data when receiving the data from the data exchange reception ②. The above-mentioned data exchange interface ① is a first interface for connecting to a data end (the sender, such as the client), such as a USB interface for process communication on a control device. Data exchange reception ② is a second interface for connecting to a target device (such as another control device or another data end (the receiver, such as the server)), such as a network interface (such as an Ethernet interface) for remote communication on a control device.
數據校驗模塊,用於校驗數據交換接口①和數據交換接口②處接收到或發送的數據是否符合預設的配置文件的標準。The data verification module is used to verify whether the data received or sent at the data exchange interface ① and the data exchange interface ② conforms to the standards of the preset configuration file.
數據交換模塊,用於針對數據交換接口②,按照配置文件(具體為另一數據端對應的預置字符串(即圖中所述的服務標識)關聯的關聯信息,將數據(如接收到的與控制設備連接的數據端發送過來的數據)發送至遠端的目標設備(如另一控制設備或另一數據端),或者接收遠端的目標設備發送的數據。以及還用於針對數據交換接口①,接收與控制設備連接的數據端發送的第一信令(如OUT令牌包)和具體待傳輸的數據包(如普通數據包或結構化數據);且當接收到與控制設備連接的數據端發送的第二信令(如IN令牌包)時,向其連接的數據端發送相應適配的數據包。The data exchange module is used to transmit data (such as data received from a data end connected to a control device) to a remote target device (such as another control device or another data end) or receive data transmitted by a remote target device, in accordance with the configuration file (specifically, the associated information associated with the preset string corresponding to the other data end (i.e., the service identifier described in the figure)) for data exchange interface ②. Furthermore, the module is used to receive, for data exchange interface ①, a first signaling (such as an OUT token packet) and a specific data packet to be transmitted (such as a normal data packet or structured data) from the data end connected to the control device; and upon receiving a second signaling (such as an IN token packet) from the data end connected to the control device, transmit a corresponding adapted data packet to the connected data end.
存儲器,用於存儲如下中的至少一項:可讀指令(為計算機指令),以供控制設備的處理器調用並執行;配置文件數據、備份數據等。存儲器可以由任何類型的易失性或非易失性存儲設備或者它們的組合實現,如靜態隨機存取存儲器(SRAM),電可擦除可編程只讀存儲器(EEPROM),可擦除可編程只讀存儲器(EPROM),可編程只讀存儲器(PROM),只讀存儲器(ROM),磁存儲器,快閃存儲器,磁盤或光盤。A memory is used to store at least one of the following: readable instructions (computer instructions) for the processor that controls the device to call and execute; configuration file data, backup data, etc. The memory can be implemented by any type of volatile or non-volatile storage device, or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk, or optical disk.
處理器,為控制控制設備30內其他各功能模塊/器件工作的中控部件,可為但不限於中央處理器(Central Processing Unit,CPU)。The processor is a central control component that controls the operation of other functional modules/devices in the control device 30, and can be, but is not limited to, a central processing unit (CPU).
控制設備30除了可包括上述所述的各功能模塊/器件之外,還可包括其他的模塊,比如加解密模塊,用於對數據執行加密和/或解密處理。In addition to the functional modules/devices described above, the control device 30 may also include other modules, such as an encryption/decryption module, for performing encryption and/or decryption processing on data.
圖18b示出了與控制設備連接的數據端的結構示意圖。數據端上除了安裝有應用(如瀏覽器應用、社交應用等)外,還安裝有控制設備的API接口及設備驅動。其中,Figure 18b shows a schematic diagram of the structure of the data terminal connected to the control device. In addition to applications (such as browser applications, social applications, etc.), the data terminal also has the API interface and device driver for controlling the device installed.
應用通過調用API接口實現數據的發送或接收,具體地,當需發送數據時,創建數據發送的需求信息(即上文涉及的數據傳輸需求信息),按照API接口參數發送相應的數據;當需接收數據時,按照API接口參數讀取相關的數據。Applications send or receive data by calling API interfaces. Specifically, when data needs to be sent, the application creates data transmission requirement information (i.e., the data transmission requirement information mentioned above) and sends the corresponding data according to the API interface parameters. When data needs to be received, the application reads the relevant data according to the API interface parameters.
控制設備的API接口,用於:當發送數據時,將待發送的數據轉換為符合預設結構規則的結構化數據,或者也可以只對待發送的數據進行預結構化處理,後續由控制設備的數據結構化模塊進行處理以轉換為符合預設結構規則的結構化數據。以及,還用於當接收數據時,對接收到的結構化數據進行反序列化等解析處理。The control device's API is used to: When sending data, convert the data to be sent into structured data that conforms to preset structural rules. Alternatively, the data to be sent can be pre-structured, and then processed by the control device's data structuring module to convert it into structured data that conforms to preset structural rules. Furthermore, when receiving data, the API is used to perform deserialization and other parsing operations on the received structured data.
控制設備的設備驅動,用於建立數據端與相應控制設備的通信連接(或說通信握手關係,如完成圖10示出的枚舉流程);以及還可用於將數據向如圖18a示出的控制設備的數據交換接口①發送,或者接收數據交換接口②處的數據。The device driver of the control device is used to establish a communication connection (or a communication handshake relationship, such as completing the enumeration process shown in Figure 10) between the data end and the corresponding control device; and can also be used to send data to the data exchange interface ① of the control device as shown in Figure 18a, or receive data at the data exchange interface ②.
這裡對於本申請上文所有內容應說明的是:上文內容中及本相關實施例所涉及的控制設備的「端點」,是從傳輸協議為USB協議角度描述的,在其他傳輸協議場景下,「端點」也可理解為「端口」。「端口」與「端點」只是在不同傳輸協議場景下,用於設備之間或應用之間數據傳輸的接口,採用的不同表述方式而已。It should be noted here that the "endpoint" of the control device described above and in the relevant embodiments is described from the perspective of the USB protocol. In other transmission protocol scenarios, "endpoint" can also be understood as "port." "Port" and "endpoint" are simply different ways of describing the interface used for data transmission between devices or applications in different transmission protocol scenarios.
圖26示出了本申請一實施例提供的一種數據傳輸裝置的結構示意圖。該數據傳輸裝置部署於第一端,具體地,部署於第一端上第一應用內的第一控制模塊上。有關第一控制模塊的具體介紹,可參見上文其他各實施例中相關內容。如圖26所示,本實施例提供的所述數據傳輸裝置包括:確定模塊41、生成模塊42以及發送模塊43;其中,FIG26 shows a schematic diagram of the structure of a data transmission device provided by an embodiment of the present application. The data transmission device is deployed on the first end, specifically, deployed on the first control module in the first application on the first end. For a detailed introduction to the first control module, please refer to the relevant content in the other embodiments above. As shown in FIG26, the data transmission device provided by this embodiment includes: a determination module 41, a generation module 42, and a sending module 43; wherein,
確定模塊41,用於確定所述第一應用的第一數據流對應第一傳輸事務的第一事務信息;a determination module 41, configured to determine first transaction information of a first transmission transaction corresponding to a first data stream of the first application;
所述確定模塊41,還用於在需向第二端傳輸所述第一數據流的第一數據塊時,基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;The determination module 41 is further configured to determine corresponding first destination header information for the first data block based on the first transaction information when the first data block of the first data stream needs to be transmitted to the second end;
生成模塊42,用於根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;a generating module 42, configured to generate a first message to be sent based on the first data block and the first destination header information;
發送模塊43,用於將所述第一報文發送至所述第二端;a sending module 43, configured to send the first message to the second end;
其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求。The first target header information is used to verify whether the first message meets the requirements.
進一步地,上述確定模塊41,在用於基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息時,具體用於:獲取所述第一數據流中數據塊對應的頭信息傳輸方式;根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭。Furthermore, the above-mentioned determination module 41, when used to determine the corresponding first target header information for the first data block based on the first transaction information, is specifically used to: obtain the header information transmission mode corresponding to the data block in the first data stream; determine the target header field for the first data block from multiple header fields included in a preset message header format based on the header information transmission mode and relevant information of the first data block; configure the field value corresponding to the target header field based on at least one of the first transaction information and relevant information of the first data block, and obtain the message header determined for the first data block.
進一步地,上述確定模塊41,在用於根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段時,具體用於:Furthermore, the determination module 41, when used to determine a target header field for the first data block from a plurality of header fields included in a preset message header format based on the header information transmission mode and relevant information of the first data block, is specifically used to:
根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在所述第一數據流中的排序;determining, according to the block number of the first data block included in the relevant information, an order of the first data block in the first data stream;
若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在為所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段。If the header information transmission method is the first method, or the header information transmission method is the second method and the first data block is sorted last in the first data stream, or the header information transmission method is the third method and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields.
若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。If the header information transmission method is the second method and the data block is not sorted last in the first data stream, or the header information transmission method is the third method and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
進一步地,上述多個報頭字段為所述目標報頭字段的情況下,上述確定模塊41,在用於根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭時,具體用於:Furthermore, when the plurality of header fields are target header fields, the determination module 41, when configured to configure a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block, is specifically configured to:
為所述第一傳輸事務確定第一端的地址信息;determining address information of the first end for the first transmission transaction;
根據所述第一端的地址信息、所述第一事務信息及所述第一數據塊的相關信息,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第一報文頭;configuring a field value corresponding to a field of the target header according to the address information of the first end, the first transaction information, and relevant information of the first data block, to obtain a first message header determined for the first data block;
其中,所述第一報文頭包括:第一端的地址信息、第二端的地址信息、所述第一傳輸事務的事務屬性標識、所述第二傳輸事務的事務標識、第一數據流中數據塊的總數量、第一數據塊的塊號、第一目標頭信息與第一數據塊的總大小、標注信息;The first message header includes: address information of the first end, address information of the second end, a transaction attribute identifier of the first transmission transaction, a transaction identifier of the second transmission transaction, a total number of data blocks in the first data stream, a block number of the first data block, a total size of the first destination header information and the first data block, and annotation information;
總數量為設定值時,表示所述第一數據流為數據塊的數量未獲知的流。When the total quantity is a set value, it indicates that the first data stream is a stream with an unknown number of data blocks.
進一步地,上述確定模塊,在用於為所述第一傳輸事務確定第一端的地址信息時,具體用於:獲取第一端的地址信息與事務種類的第一對應關係;基於所述第一對應關係,確定與所述第一傳輸事務所屬的事務種類存在對應關係的第一端的地址信息。Furthermore, when the above-mentioned determination module is used to determine the address information of the first end for the first transmission transaction, it is specifically used to: obtain a first correspondence between the address information of the first end and the transaction type; based on the first correspondence, determine the address information of the first end that has a correspondence with the transaction type to which the first transmission transaction belongs.
進一步地,所述第一數據塊在所述第一數據流中排序第一或排序最後時,上述確定模塊41,在用於基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息時,還具體用於:根據所述第一事務信息中所述第一傳輸事務的傳輸事務屬性信息,確定是否需要為所述第一數據塊添加數據頭;確定需要時,根據所述第一數據流的流信息,為所述第一數據塊確定相應的數據頭;其中,所述數據頭與所述第一數據流適配、且符合預設數據頭格式要求。Furthermore, when the first data block is sorted first or last in the first data stream, the above-mentioned determination module 41, when used to determine the corresponding first target header information for the first data block based on the first transaction information, is also specifically used to: determine whether it is necessary to add a data header for the first data block based on the transmission transaction attribute information of the first transmission transaction in the first transaction information; when it is determined to be necessary, determine the corresponding data header for the first data block based on the flow information of the first data stream; wherein, the data header is adapted to the first data stream and meets the preset data header format requirements.
進一步地,上述確定模塊41,在用於根據所述第一數據流的流信息,為所述第一數據塊確定相應的數據頭時,具體用於:基於所述傳輸事務屬性信息中包含的數據頭使用信息,從預設的多個數據頭格式中選擇一個適配的數據頭格式;根據所述第一數據流的流信息,按照選擇出的數據頭格式生成所述數據頭。Furthermore, the above-mentioned determination module 41, when used to determine the corresponding data header for the first data block based on the flow information of the first data stream, is specifically used to: select an adaptive data header format from multiple preset data header formats based on the data header usage information contained in the transmission transaction attribute information; and generate the data header according to the selected data header format based on the flow information of the first data stream.
進一步地,上述多個報頭字段中的部分報頭字段為目標報頭字段的情況下,上述確定模塊41,在用於根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭時,具體用於:基於所述第一事務信息中所述第一傳輸事務的事務標識,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第二報文頭;其中,所述第二報文頭包括所述事務標識。Furthermore, when some of the multiple header fields are target header fields, the determination module 41, when used to configure the field value corresponding to the target header field according to at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block, is specifically used to: configure the field value corresponding to the target header field based on the transaction identifier of the first transmission transaction in the first transaction information to obtain a second message header determined for the first data block; wherein the second message header includes the transaction identifier.
進一步地,上述確定模塊41,在用於確定所述應用的第一數據流對應第一傳輸事務的第一事務信息時,具體用於:為所述第一傳輸事務生成相應的事務標識;獲取所述第一傳輸事務的傳輸事務屬性信息。Furthermore, the above-mentioned determination module 41, when used to determine the first transaction information of the first transmission transaction corresponding to the first data stream of the application, is specifically used to: generate a corresponding transaction identifier for the first transmission transaction; and obtain transmission transaction attribute information of the first transmission transaction.
進一步地,上述確定模塊41,在用於獲取所述第一傳輸事務的傳輸事務屬性信息時,具體用於:確定所述第一傳輸事務的事務屬性標識;基於所述事務屬性標識,從預置的多個傳輸事務屬性信息中查詢所述第一傳輸事務的傳輸事務屬性信息。Furthermore, when used to obtain the transmission transaction attribute information of the first transmission transaction, the determination module 41 is specifically used to: determine the transaction attribute identifier of the first transmission transaction; and based on the transaction attribute identifier, query the transmission transaction attribute information of the first transmission transaction from a plurality of preset transmission transaction attribute information.
進一步地,上述確定模塊41,在用於確定所述傳輸事務的事務屬性標識時,具體用於:根據所述第一數據流的傳輸需求信息,確定所述第一傳輸事務所屬的事務種類;基於事務種類與事務屬性標識的第二對應關係,確定與所述第一傳輸事務所屬的事務種類存在對應關係的事務屬性標識。Furthermore, when used to determine the transaction attribute identifier of the transmission transaction, the determination module 41 is specifically configured to: determine the transaction type to which the first transmission transaction belongs based on the transmission requirement information of the first data stream; and determine a transaction attribute identifier that corresponds to the transaction type to which the first transmission transaction belongs based on a second correspondence between the transaction type and the transaction attribute identifier.
進一步地,上述發送模塊43,用於將所述第一報文發送至所述第二端時,具體用於:Furthermore, the sending module 43 is used to send the first message to the second end, specifically for:
將所述第一報文發送至第二控制模塊,由所述第二控制模塊對所述第一報文包含的目標頭信息進行校驗,並在校驗出所述第一報文符合要求時,將所述第一報文發送至第二端;Sending the first message to a second control module, which verifies the destination header information included in the first message and sends the first message to the second end if the verification shows that the first message meets the requirements;
其中,所述第二控制模塊為所述第一端上第一應用外部的模塊。The second control module is a module outside the first application on the first end.
進一步地,本實施例提供的裝置還包括:接收模塊,用於接收所述第二端發送的第二報文;其中,所述第二報文,是所述第二端上的第三控制模塊根據所述第二端上第二應用的第二數據流對應第二傳輸事務的第二事務信息,為所述第二數據流的第二數據塊確定相應的第二目標頭信息,並根據所述第二數據塊及所述第二目標頭信息生成的;所述第二目標頭信息用於校驗所述第二報文是否符合要求;Furthermore, the apparatus provided by this embodiment further includes: a receiving module configured to receive a second message sent by the second end; wherein the second message is generated by a third control module on the second end based on the second transaction information of the second data stream corresponding to the second transmission transaction of the second application on the second end, by determining corresponding second destination header information for the second data block of the second data stream, and based on the second data block and the second destination header information; the second destination header information is used to verify whether the second message meets the requirements;
所述第三控制模塊位於所述第二應用內或所述第二應用的外部。The third control module is located within the second application or outside the second application.
這裡需要說明的是:上述實施例提供的數據傳輸裝置可實現上述圖11a示出的數據傳輸方法實施例中描述的技術方案,上述各模塊或單元具體實現的原理可參見上述圖11a示出的數據傳輸方法實施例中的相應內容,此處不再贅述。It should be noted here that the data transmission device provided in the above embodiment can implement the technical solution described in the data transmission method embodiment shown in Figure 11a above. The specific implementation principles of the above modules or units can be found in the corresponding content in the data transmission method embodiment shown in Figure 11a above, and will not be repeated here.
本申請另一實施例還提供的一種數據傳輸裝置的結構示意圖。該數據傳輸裝置部署於第一端,具體地,部署於第一端上第一應用外部的第二控制模塊上。有關第二控制模塊的具體介紹,可參見上文其他各實施例中相關內容。該數據傳輸裝置的結構類似於圖26示出的數據傳輸裝置的結構。具體地,本實施例提供的所述數據傳輸裝置包括:確定模塊、生成模塊以及發送模塊;其中,Another embodiment of the present application also provides a structural schematic diagram of a data transmission device. The data transmission device is deployed on the first end, specifically, deployed on the second control module outside the first application on the first end. For a detailed introduction to the second control module, please refer to the relevant content in the other embodiments above. The structure of the data transmission device is similar to the structure of the data transmission device shown in Figure 26. Specifically, the data transmission device provided in this embodiment includes: a determination module, a generation module, and a sending module; wherein,
確定模塊,用於響應於所述應用發送的需向第二端傳輸的第一數據塊,確定所述第一數據塊所屬的第一傳輸事務的第一事務信息;以及,基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;a determination module configured to, in response to a first data block sent by the application to be transmitted to the second end, determine first transaction information of a first transmission transaction to which the first data block belongs; and, based on the first transaction information, determine first destination header information corresponding to the first data block;
生成模塊,用於根據所述第一數據塊及所述第一目標頭信息,生成待發送的報文;a generation module, configured to generate a message to be sent based on the first data block and the first target header information;
發送模塊,用於將所述第一報文發送至所述第二端;a sending module, configured to send the first message to the second end;
其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求。The first target header information is used to verify whether the first message meets the requirements.
進一步地,上述確定模塊,在用於基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息時,具體用於:獲取所述第一數據塊所屬的第一數據流中數據塊對應的頭信息傳輸方式;根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭。Furthermore, the above-mentioned determination module, when used to determine the corresponding first target header information for the first data block based on the first transaction information, is specifically used to: obtain a header information transmission mode corresponding to the data block in the first data stream to which the first data block belongs; determine a target header field for the first data block from multiple header fields included in a preset message header format based on the header information transmission mode and relevant information of the first data block; configure a field value corresponding to the target header field based on at least one of the first transaction information and relevant information of the first data block, to obtain a message header determined for the first data block.
進一步地,上述確定模塊,在用於根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段時,具體用於:根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在所述第一數據流中的排序;若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在為所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段;若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。Furthermore, the determination module, when used to determine the target header field for the first data block from a plurality of header fields included in a default message header format according to the header information transmission mode and the relevant information of the first data block, is specifically used to: determine the order of the first data block in the first data stream according to the block number of the first data block included in the relevant information; if the header information transmission mode is the first mode, or if the header information transmission mode is the second mode and the first data block is in the first data stream, If the first data block is sorted last in the first data stream, or the header information transmission method is the third method and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields; if the header information transmission method is the second method and the data block is not sorted last in the first data stream, or the header information transmission method is the third method and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
進一步地,所述多個報頭字段為所述目標報頭字段的情況下,上述確定模塊,在用於根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭時,具體用於:Furthermore, when the multiple header fields are target header fields, the determination module, when configured to configure a corresponding field value of the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block, is specifically configured to:
為所述第一傳輸事務確定第一端對應的第二預置字符串;determining a second preset character string corresponding to the first end for the first transmission transaction;
根據所述第二預置字符串、所述第一事務信息及所述第一數據塊的相關信息,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第一報文頭;configuring a field value corresponding to a field of the target header according to the second preset character string, the first transaction information, and relevant information of the first data block, to obtain a first message header determined for the first data block;
其中,所述第一報文頭包括:第二端對應的第一預置字符串、所述第二預置字符串、所述第一傳輸事務的事務屬性標識、所述第一傳輸事務的事務標識、第一數據流中數據塊的總數量、所述第一數據塊的塊號、所述第一目標頭信息與所述第一數據塊的總大小、標注信息;The first message header includes: a first preset character string corresponding to the second end, the second preset character string, a transaction attribute identifier of the first transmission transaction, a transaction identifier of the first transmission transaction, a total number of data blocks in the first data stream, a block number of the first data block, a total size of the first target header information and the first data block, and annotation information;
總數量為設定值時,表示所述第一數據流為數據塊的數量未獲知的流;預置字符串為相應端的地址信息,或者預置字符串用於隱藏相應端的地址信息。When the total quantity is a set value, it indicates that the first data stream is a stream with an unknown number of data blocks; the preset character string is the address information of the corresponding end, or the preset character string is used to hide the address information of the corresponding end.
進一步地,預置字符串用於隱藏相應端的地址信息時,則,上述發送模塊在用於將所述第一報文發送至所述第二端時,具體用於:從所述第一事務信息包含的所述第一傳輸事務的傳輸事務屬性信息中,獲取所述第二端對應的第一預置字符串;根據所述第一預置字符串,獲取所述第二端的地址信息;根據所述第二端的地址信息,將所述第一報文發送至第二端。Furthermore, when a preset string is used to hide the address information of the corresponding end, the above-mentioned sending module, when used to send the first message to the second end, is specifically used to: obtain a first preset string corresponding to the second end from the transmission transaction attribute information of the first transmission transaction contained in the first transaction information; obtain the address information of the second end based on the first preset string; and send the first message to the second end based on the address information of the second end.
進一步地,上述發送模塊,在用於根據所述第二端的地址信息,將所述第一報文發送至所述第二端時,具體用於:根據所述第二端的地址信息,將所述第一報文發送至中間網絡設備,以通過所述中間網絡設備將所述第一報文發送至所述第二端;其中,所述中間網絡設備在將所述第一報文發送至所述第二端之前,還執行如下中的任一項:對所述第一報文包含的第一目標頭信息進行校驗;根據所述第一報文,生成所述第一傳輸事務的日誌信息。Furthermore, the above-mentioned sending module, when used to send the first message to the second end based on the address information of the second end, is specifically used to: send the first message to an intermediate network device based on the address information of the second end, so as to send the first message to the second end through the intermediate network device; wherein, before sending the first message to the second end, the intermediate network device also performs any one of the following: verifying the first destination header information contained in the first message; generating log information of the first transmission transaction based on the first message.
進一步地,所述多個報頭字段中的部分報頭字段為所述目標報頭字段的情況下,上述確定模塊,在用於根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭時,具體用於:基於所述第一事務信息中所述第一傳輸事務的事務標識,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第二報文頭;其中,所述第二報文頭包括所述第一傳輸事務的事務標識。Furthermore, when some of the multiple header fields are the target header fields, the above-mentioned determination module, when used to configure the corresponding field value of the target header field according to at least one of the relevant information of the first transaction information and the first data block to obtain the message header determined for the first data block, is specifically used to: configure the corresponding field value of the target header field based on the transaction identifier of the first transmission transaction in the first transaction information to obtain the second message header determined for the first data block; wherein, the second message header includes the transaction identifier of the first transmission transaction.
進一步地,上述確定模塊,在用於響應於所述應用發送的需向所述第二端傳輸的第一數據塊,確定所述第一數據塊所屬的第一傳輸事務對應的第一事務信息時,具體用於:為所述第一傳輸事務生成相應的事務標識;接收所述應用內的第一控制模塊發送的所述第一數據塊、以及所述第一數據塊所屬的第一傳輸事務的事務屬性標識;基於所述事務屬性標識,從預置的多個傳輸事務屬性信息中查詢所述第一傳輸事務的傳輸事務屬性信息。Furthermore, the above-mentioned determination module, when used to determine the first transaction information corresponding to the first transmission transaction to which the first data block belongs in response to the first data block sent by the application and to be transmitted to the second end, is specifically used to: generate a corresponding transaction identifier for the first transmission transaction; receive the first data block and the transaction attribute identifier of the first transmission transaction to which the first data block belongs, sent by the first control module within the application; and based on the transaction attribute identifier, query the transmission transaction attribute information of the first transmission transaction from multiple preset transmission transaction attribute information.
進一步地,本實施例提供的所述裝置還包括:接收模塊,用於接收所述第二端發送的第二報文;其中,所述第二報文,是所述第二端上的第三控制模塊根據所述第二端上第二應用的第二數據流對應第二傳輸事務的第二事務信息,為所述第二數據流的第二數據塊確定相應的第二目標頭信息,並根據所述第二數據塊及所述第二目標頭信息生成的;所述第二目標頭信息用於校驗所述第二報文是否符合要求;所述第三控制模塊位於所述第二應用內或所述第二應用的外部。Furthermore, the device provided in this embodiment also includes: a receiving module, configured to receive a second message sent by the second end; wherein the second message is generated by a third control module on the second end based on the second transaction information of the second transmission transaction corresponding to the second data stream of the second application on the second end, determining corresponding second destination header information for the second data block of the second data stream, and based on the second data block and the second destination header information; the second destination header information is used to verify whether the second message meets the requirements; and the third control module is located within the second application or outside the second application.
這裡需要說明的是:上述實施例提供的數據傳輸裝置可實現上述圖11b示出的數據傳輸方法實施例中描述的技術方案,上述各模塊或單元具體實現的原理可參見上述圖11b示出的數據傳輸方法實施例中的相應內容,此處不再贅述。It should be noted here that the data transmission device provided in the above embodiment can implement the technical solution described in the data transmission method embodiment shown in Figure 11b above. The specific implementation principles of the above modules or units can be found in the corresponding content in the data transmission method embodiment shown in Figure 11b above, and will not be repeated here.
本申請又一實施例還提供了一種數據傳輸裝置。該數據傳輸裝置部署於中間網絡設備,具體地,部署於中間網絡設備上的第四控制模塊上。有關第四控制模塊的具體介紹,可參見上文其他各實施例中相關內容。該數據傳輸裝置的結構類似於圖26示出的數據傳輸裝置的結構。具體地,本實施例提供的所述數據傳輸裝置包括:確定模塊、生成模塊以及發送模塊;其中,Another embodiment of the present application further provides a data transmission device. The data transmission device is deployed on an intermediate network device, specifically, on a fourth control module on the intermediate network device. For a detailed introduction to the fourth control module, please refer to the relevant content in the other embodiments above. The structure of the data transmission device is similar to the structure of the data transmission device shown in Figure 26. Specifically, the data transmission device provided in this embodiment includes: a determination module, a generation module, and a sending module; wherein,
確定模塊,用於響應於第一端發送的需向第二端傳輸的第一數據塊,確定所述第一數據塊所屬的第一傳輸事務的第一事務信息;以及,用於基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;a determination module configured to, in response to a first data block sent by a first end and to be transmitted to a second end, determine first transaction information of a first transmission transaction to which the first data block belongs; and, based on the first transaction information, determine first destination header information corresponding to the first data block;
生成模塊,用於根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;a generating module, configured to generate a first message to be sent based on the first data block and the first target header information;
發送模塊,用於將所述第一報文發送至所述第二端;a sending module, configured to send the first message to the second end;
其中,所述第一目標頭信息用於校驗所述第一報文是否符合要求。The first target header information is used to verify whether the first message meets the requirements.
進一步地,上述確定模塊,在用於基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息時,具體用於:獲取所述第一數據塊所屬的第一數據流中數據塊對應的頭信息傳輸方式;根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭。Furthermore, the above-mentioned determination module, when used to determine the corresponding first target header information for the first data block based on the first transaction information, is specifically used to: obtain a header information transmission mode corresponding to the data block in the first data stream to which the first data block belongs; determine a target header field for the first data block from multiple header fields included in a preset message header format based on the header information transmission mode and relevant information of the first data block; configure a field value corresponding to the target header field based on at least one of the first transaction information and relevant information of the first data block, to obtain a message header determined for the first data block.
進一步地,上述確定模塊,在用於根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段時,具體用於:根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在所述第一數據流中的排序;若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在為所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段;若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。Furthermore, the determination module, when used to determine the target header field for the first data block from a plurality of header fields included in a default message header format according to the header information transmission mode and the relevant information of the first data block, is specifically used to: determine the order of the first data block in the first data stream according to the block number of the first data block included in the relevant information; if the header information transmission mode is the first mode, or if the header information transmission mode is the second mode and the first data block is in the first data stream, If the first data block is sorted last in the first data stream, or the header information transmission method is the third method and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields; if the header information transmission method is the second method and the data block is not sorted last in the first data stream, or the header information transmission method is the third method and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
進一步地,所述多個報頭字段為所述目標報頭字段的情況下,上述確定模塊,用於根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭時,具體用於:為所述第一傳輸事務確定第一端對應的第二預置字符串;根據所述第二預置字符串、所述第一事務信息及所述第一數據塊的相關信息,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第一報文頭;其中,所述第一報文頭包括:所述第二端對應的第一預置字符串、所述第二預置字符串、所述第一傳輸事務的事務屬性標識、所述第一傳輸事務的事務標識、第一數據流中數據塊的總數量、所述第一數據塊的塊號、所述第一目標頭信息與所述第一數據塊的總大小、標注信息;總數量為設定值時,表示所述第一數據流為數據塊的數量未獲知的流;預置字符串為相應端的地址信息,或者預置字符串用於隱藏相應端的地址信息。Furthermore, when the plurality of header fields are the target header fields, the determination module is configured to configure the field value corresponding to the target header field according to at least one of the first transaction information and the relevant information of the first data block, and obtain the message header determined for the first data block, and is specifically configured to: determine a second preset string corresponding to the first end for the first transmission transaction; configure the field value corresponding to the target header field according to the second preset string, the first transaction information and the relevant information of the first data block, and obtain the message header determined for the first data block; a first message header of a packet; wherein the first message header includes: a first preset character string corresponding to the second end, the second preset character string, a transaction attribute identifier of the first transmission transaction, a transaction identifier of the first transmission transaction, a total number of data blocks in the first data stream, a block number of the first data block, a total size of the first target header information and the first data block, and annotation information; when the total number is a set value, it indicates that the first data stream is a stream with an unknown number of data blocks; the preset character string is the address information of the corresponding end, or the preset character string is used to hide the address information of the corresponding end.
進一步地,預置字符串用於隱藏相應端的地址信息時,則上述發送模塊在用於將所述第一報文發送至所述第二端時,具體用於:從所述第一事務信息包含的所述第一傳輸事務的傳輸事務屬性信息中,獲取所述第二端對應的第一預置字符串;根據所述第一預置字符串,獲取所述第二端的地址信息;根據所述第二端的地址信息,將所述第一報文發送至所述第二端。Furthermore, when the preset string is used to hide the address information of the corresponding end, the above-mentioned sending module, when used to send the first message to the second end, is specifically used to: obtain the first preset string corresponding to the second end from the transmission transaction attribute information of the first transmission transaction contained in the first transaction information; obtain the address information of the second end based on the first preset string; and send the first message to the second end based on the address information of the second end.
進一步地,所述多個報頭字段中的部分報頭字段為所述目標報頭字段的情況下,上述確定模塊,在用於根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭時,具體用於:基於所述第一事務信息中所述第一傳輸事務的事務標識,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第二報文頭;其中,所述第二報文頭包括所述第一傳輸事務的事務標識。Furthermore, when some of the multiple header fields are the target header fields, the above-mentioned determination module, when used to configure the corresponding field value of the target header field according to at least one of the relevant information of the first transaction information and the first data block to obtain the message header determined for the first data block, is specifically used to: configure the corresponding field value of the target header field based on the transaction identifier of the first transmission transaction in the first transaction information to obtain the second message header determined for the first data block; wherein, the second message header includes the transaction identifier of the first transmission transaction.
進一步地,上述確定模塊,在用於響應於第一端發送的需向第二端傳輸的第一數據塊,確定所述第一數據塊所屬的第一傳輸事務的第一事務信息時,具體用於:為所述第一傳輸事務生成相應的事務標識;接收所述第一端上第一應用內第一控制模塊或所述第一端上第一應用外部的第二控制模塊發送的所述第一數據塊,以及第一數據塊所屬的第一傳輸事務的事務屬性標識;基於所述事務屬性標識,從預置的多個傳輸事務屬性信息中查詢所述第一傳輸事務的傳輸事務屬性信息。Furthermore, the above-mentioned determination module, when used to determine first transaction information of a first transmission transaction to which the first data block belongs in response to a first data block sent by the first end and to be transmitted to the second end, is specifically used to: generate a corresponding transaction identifier for the first transmission transaction; receive the first data block, and a transaction attribute identifier of the first transmission transaction to which the first data block belongs, sent by a first control module within a first application on the first end or a second control module outside the first application on the first end; and based on the transaction attribute identifier, query the transmission transaction attribute information of the first transmission transaction from a plurality of preset transmission transaction attribute information.
進一步地,本實施例提供的所述裝置還包括:接收模塊,用於接收所述第二端發送的需向第一端傳輸的第二數據塊,確定所述第二數據塊所屬的第二傳輸事務的第二事務信息;基於所述第二事務信息,為所述第二數據塊確定相應的第二目標頭信息;根據所述第二數據塊及所述第二目標頭信息,生成待發送的第二報文;將所述第二報文發送至所述第一端;其中,所述第二目標頭信息用於校驗所述第二報文是否符合要求。Furthermore, the device provided in this embodiment also includes: a receiving module, used to receive a second data block sent by the second end to be transmitted to the first end, determine second transaction information of the second transmission transaction to which the second data block belongs; based on the second transaction information, determine corresponding second destination header information for the second data block; generate a second message to be sent based on the second data block and the second destination header information; and send the second message to the first end; wherein the second destination header information is used to verify whether the second message meets the requirements.
這裡需要說明的是:上述實施例提供的數據傳輸裝置可實現上述圖12示出的數據傳輸方法實施例中描述的技術方案,上述各模塊或單元具體實現的原理可參見上述圖12示出的數據傳輸方法實施例中的相應內容,此處不再贅述。It should be noted here that the data transmission device provided in the above embodiment can implement the technical solution described in the data transmission method embodiment shown in Figure 12 above. The specific implementation principles of the above modules or units can be found in the corresponding content in the data transmission method embodiment shown in Figure 12 above, and will not be repeated here.
本申請又一實施例還提供了一種數據傳輸裝置。該數據傳輸裝置部署於與上述第一端所連接的控制設備上。該數據傳輸裝置包括:Another embodiment of the present application further provides a data transmission device. The data transmission device is deployed on a control device connected to the first end. The data transmission device includes:
接收模塊,用於接收所述第一端發送的需向第二端傳輸的第一數據流中的第一數據塊;a receiving module, configured to receive a first data block in a first data stream sent by the first end and to be transmitted to the second end;
確定模塊,用於確定所述第一數據流對應第一傳輸事務的第一事務信息;以及基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;a determination module configured to determine first transaction information of a first transmission transaction corresponding to the first data stream; and determine corresponding first target header information for the first data block based on the first transaction information;
生成模塊,用於根據所述第一數據塊及所述第一目標頭信息,生成待發送的第一報文;a generating module, configured to generate a first message to be sent based on the first data block and the first target header information;
發送模塊,用於將所述第一報文發送至所述第二端;a sending module, configured to send the first message to the second end;
其中,所述第一目標頭信息用於校驗所述第一報文是否要求。The first target header information is used to verify whether the first message is required.
這裡針對上述本申請各實施例提供的數據傳輸裝置需要說明的是:上述本申請各實施例提供的數據傳輸裝,分別可實現與上文本申請提供相應的數據傳輸方法實施例中描述的技術方案,為此上述本申請各實施例提供的數據傳輸裝置中各模塊或單元除了可實現上述所述的步驟外,還可實現其它相關步驟,有關上述各模塊或單元所可實現的具體步驟及具體實現的原理可參見與之相應的數據傳輸方法實施例中的相應內容,此處不再贅述。What needs to be explained here regarding the data transmission devices provided in each embodiment of the present application is that the data transmission devices provided in each embodiment of the present application can respectively implement the technical solutions described in the corresponding data transmission method embodiments provided in the above text application. For this reason, in addition to being able to implement the steps described above, each module or unit in the data transmission devices provided in each embodiment of the present application can also implement other related steps. For the specific steps that can be implemented by the above modules or units and the specific implementation principles, please refer to the corresponding content in the corresponding data transmission method embodiments, which will not be repeated here.
圖27示出了本申請一實施例提供的一種數據傳輸裝置的結構示意圖。該數據傳輸裝置部署於第一端連接的控制設備,有關控制設備的具體介紹,可參見上文其他各實施例中相關內容。如圖27所示,本實施例提供的所述數據傳輸裝置包括:獲取模塊51以及發送模塊52;其中,FIG27 shows a schematic diagram of the structure of a data transmission device provided by an embodiment of the present application. The data transmission device is deployed on the control device connected to the first end. For the detailed introduction of the control device, please refer to the relevant content in the other embodiments above. As shown in FIG27, the data transmission device provided by this embodiment includes: an acquisition module 51 and a sending module 52; wherein,
獲取模塊51,用於響應於所述第一端發送的需向第二端傳輸的第一數據塊,獲取所述第二端對應的第一預置字符串;其中,所述第一預置字符串用於隱藏所述第二端的地址信息;an acquisition module 51 for acquiring a first preset character string corresponding to the second end in response to a first data block sent by the first end to be transmitted to the second end; wherein the first preset character string is used to hide the address information of the second end;
所述獲取模塊51,還用於根據所述第一預置字符串,獲取所述第二端的地址信息;The acquisition module 51 is further configured to acquire the address information of the second end according to the first preset character string;
發送模塊52,用於根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端。The sending module 52 is used to send the first data block to the second end according to the address information of the second end.
進一步地,上述獲取模塊51,在用於獲取所述第二端對應的第一預置字符串時,具體用於:確定所述第一數據塊所屬的第一數據流對應第一傳輸事務的第一事務信息;從所述第一事務信息包含的傳輸事務屬性信息中,獲取所述第二端對應的第一預置字符串。Furthermore, when the acquisition module 51 is used to obtain the first preset character string corresponding to the second end, it is specifically used to: determine the first transaction information of the first transmission transaction corresponding to the first data stream to which the first data block belongs; and obtain the first preset character string corresponding to the second end from the transmission transaction attribute information contained in the first transaction information.
進一步地,上述發送模塊52,在用於根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端時,具體用於:基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息;根據所述第一目標頭信息及所述第一數據塊,生成待發送的第一報文;根據所述第二端的地址信息,將所述第一報文發送至所述第二端;其中,第一目標頭信息用於校驗所述第一報文是否符合要求,符合要求時所述第二端從所述第一報文中獲取並緩存第一數據。Furthermore, the above-mentioned sending module 52, when used to send the first data block to the second end according to the address information of the second end, is specifically used to: determine the corresponding first destination header information for the first data block based on the first transaction information; generate a first message to be sent according to the first destination header information and the first data block; and send the first message to the second end according to the address information of the second end; wherein the first destination header information is used to verify whether the first message meets the requirements. If it meets the requirements, the second end obtains and caches the first data from the first message.
進一步地,上述發送模塊52,在用於基於所述第一事務信息,為所述第一數據塊確定相應的第一目標頭信息時,具體用於:獲取所述第一數據流中數據塊對應的頭信息傳輸方式;根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段;根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭。Furthermore, the above-mentioned sending module 52, when used to determine the corresponding first target header information for the first data block based on the first transaction information, is specifically used to: obtain the header information transmission mode corresponding to the data block in the first data stream; determine the target header field for the first data block from multiple header fields included in the default message header format based on the header information transmission mode and relevant information of the first data block; configure the field value corresponding to the target header field based on at least one of the first transaction information and relevant information of the first data block, and obtain the message header determined for the first data block.
上述發送模塊52,在用於根據所述頭信息傳輸方式及所述第一數據塊的相關信息,從預設報文頭格式包含的多個報頭字段中,為所述第一數據塊確定目標報頭字段時,具體用於:根據所述相關信息中包含的所述第一數據塊的塊號,確定所述第一數據塊在第一數據流中的排序;若所述頭信息傳輸方式為第一方式,或所述頭信息傳輸方式為第二方式、且所述第一數據塊在所述第一數據流中排序最後,或所述頭信息傳輸方式為第三方式、且所述第一數據塊在為所述第一數據流中排序第一,則所述多個報頭字段為所述目標報頭字段。若所述頭信息傳輸方式為第二方式、且所述數據塊在所述第一數據流中排序非最後,或者所述頭信息傳輸方式為第三方式、且所述數據塊在所述第一數據流中排序非第一,則所述多個報頭字段中的部分報頭字段為所述目標報頭字段。The above-mentioned sending module 52, when used to determine the target header field for the first data block from multiple header fields included in a default message header format based on the header information transmission mode and relevant information of the first data block, is specifically used to: determine the order of the first data block in the first data stream based on the block number of the first data block included in the relevant information; if the header information transmission mode is the first mode, or the header information transmission mode is the second mode and the first data block is sorted last in the first data stream, or the header information transmission mode is the third mode and the first data block is sorted first in the first data stream, then the multiple header fields are the target header fields. If the header information transmission method is the second method and the data block is not sorted last in the first data stream, or the header information transmission method is the third method and the data block is not sorted first in the first data stream, then some of the multiple header fields are the target header fields.
進一步地,所述多個報頭字段為所述目標報頭字段的情況下,上述發送模塊52,在用於根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭時,具體用於:獲取所述第一端對應的第二預置字符串,所述第二預置字符串用於隱藏所述第一端的地址信息;基於所述第一預置字符串、所述第二預置字符串、所述第一事務信息及所述第一數據的相關信息,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第一報文頭;其中,所述第一報文頭包括:所述第一預置字符串、所述第二預置字符串、所述第一傳輸事務的事務屬性標識、所述第一傳輸事務的事務標識、目標頭信息與第一數據塊的總大小、第一數據流中數據塊的總數量、所述第一數據塊的序列號、標注信息;總數量為設定值時,表示所述第一數據流為數據塊的數量未獲知的流。Furthermore, when the plurality of header fields are the target header fields, the sending module 52, when configured with respect to at least one of the first transaction information and the related information of the first data block, for configuring the field value corresponding to the target header field and obtaining the message header determined for the first data block, is specifically used to: obtain a second preset string corresponding to the first end, the second preset string being used to hide the address information of the first end; based on the first preset string, the second preset string, the first transaction information and the first data block, The method further comprises configuring a target header field with a field value corresponding to the target header field to obtain a first message header determined for the first data block; wherein the first message header includes: the first preset character string, the second preset character string, the transaction attribute identifier of the first transmission transaction, the transaction identifier of the first transmission transaction, the total size of the target header information and the first data block, the total number of data blocks in the first data stream, the sequence number of the first data block, and annotation information; when the total number is a set value, it indicates that the first data stream is a stream with an unknown number of data blocks.
進一步地,上述所述多個報文字段中的部分報頭字段為所述目標報頭字段的情況下。上述發送模塊52,在用於根據所述第一事務信息、所述第一數據塊的相關信息中的至少一項,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的報文頭時,具體用於:基於所述第一事務信息中的事務標識,配置所述目標報頭字段相應的字段值,得到為所述第一數據塊確定的第二報文頭;其中,所述第二報文頭包括所述事務標識。Furthermore, when some of the header fields among the plurality of message fields are the target header fields, the sending module 52, when configured to configure a field value corresponding to the target header field based on at least one of the first transaction information and the relevant information of the first data block to obtain a message header determined for the first data block, is specifically configured to: configure a field value corresponding to the target header field based on a transaction identifier in the first transaction information to obtain a second message header determined for the first data block; wherein the second message header includes the transaction identifier.
進一步地,上述獲取模塊51,還可用於:從所述第二預置字符串關聯的關聯信息中,獲取數據傳輸方向控制信息;以及Furthermore, the acquisition module 51 can also be used to: obtain data transmission direction control information from the associated information associated with the second preset character string; and
本實施例提供的所述數據傳輸裝置,還包括:觸發模塊,用於:The data transmission device provided in this embodiment further includes a trigger module for:
若所述數據傳輸方向控制信息指示允許控制設備將接收到的數據轉發至第二端,則觸發所述根據所述第二端的地址信息,將所述第一數據塊發送至所述第二端的操作;If the data transmission direction control information indicates that the control device is allowed to forward the received data to the second end, triggering the operation of sending the first data block to the second end according to the address information of the second end;
若所述數據傳輸方向控制信息指示禁止控制設備將接收到的數據轉發至第二端,則根據所述第一數據塊所屬的第一數據流的數據類型,觸發所述第二端的地址信息,將所述第一數據塊發送至所述第二端的操作。If the data transmission direction control information indicates that the control device is prohibited from forwarding the received data to the second end, then according to the data type of the first data stream to which the first data block belongs, the address information of the second end is triggered to send the first data block to the second end.
進一步地,上述觸發模塊,在用於根據所述第一數據塊所屬的第一數據流的數據類型,觸發所述所述第二端的地址信息,將所述第一數據塊發送至所述第二端的操作時,具體用於:所述數據類型為請求類型時,從所述關聯信息中獲取預設請求參數;根據所述第二端的地址信息,將所述預設請求參數及發送至所述第二端;所述數據類型為非請求類型時,則不予進行發送處理。Furthermore, the trigger module, when used to trigger the address information of the second end and send the first data block to the second end based on the data type of the first data stream to which the first data block belongs, is specifically used to: when the data type is a request type, obtain default request parameters from the associated information; send the default request parameters to the second end based on the address information of the second end; when the data type is not a request type, not send the data.
進一步地,若數據傳輸方向控制信息指示允許控制設備將接收到的數據轉發至所述第二端、但禁止所述控制設備對接收到的所述第二端發送的數據進行轉發,則本實施例提供的所述數據傳輸裝置還包括:處理模塊,用於:接收到所述第二端針對所述第一數據塊返回的反饋信息時,對所述反饋信息不予進行發送處理;Furthermore, if the data transmission direction control information indicates that the control device is permitted to forward the received data to the second end but is prohibited from forwarding the data sent by the second end, the data transmission apparatus provided in this embodiment further includes: a processing module configured to: upon receiving feedback information returned by the second end in response to the first data block, not send or process the feedback information;
進一步地,本實施例提供的所述數據傳輸裝置還包括:Furthermore, the data transmission device provided in this embodiment further includes:
接收模塊,用於在與所述第一端建立通信連接時,接收所述第一端發送的連接校驗信息;a receiving module, configured to receive connection verification information sent by the first end when establishing a communication connection with the first end;
反饋模塊,用於針對所述連接校驗信息,向所述第一端反饋相應的校驗結果,以便所述第一端基於所述校驗結果確定是否與所述控制設備建立通信鏈路,以通過所述通信鏈路發送所述第一數據塊;a feedback module configured to feed back a corresponding verification result to the first end in response to the connection verification information, so that the first end determines whether to establish a communication link with the control device based on the verification result to send the first data block via the communication link;
其中,所述連接校驗信息包括如下中的至少一項:攜帶有校驗值的校驗指令、與第一控制設備的設備驅動相關的驗證數據。The connection verification information includes at least one of the following: a verification instruction carrying a verification value, and verification data related to the device driver of the first control device.
這裡需要說明的是:上述實施例提供的數據傳輸裝置可實現上述圖13示出的數據傳輸方法實施例中描述的技術方案,上述各模塊或單元具體實現的原理可參見上述圖13示出的數據傳輸方法實施例中的相應內容,此處不再贅述。It should be noted here that the data transmission device provided in the above embodiment can implement the technical solution described in the data transmission method embodiment shown in Figure 13 above. The specific implementation principles of the above modules or units can be found in the corresponding content in the data transmission method embodiment shown in Figure 13 above, and will not be repeated here.
本申請另一實施例提供的一種數據傳輸裝置的結構示意圖。該數據傳輸裝置部署於第一端,有關第一端的具體介紹,可參見上文其他各實施例中相關內容。具體地,所述數據傳輸裝置包括:獲取模塊、生成模塊以及發送模塊;其中,Another embodiment of the present application provides a schematic structural diagram of a data transmission device. The data transmission device is deployed at the first end. For a detailed introduction to the first end, please refer to the relevant content in the other embodiments above. Specifically, the data transmission device includes: an acquisition module, a generation module, and a sending module; wherein,
獲取模塊,用於在需向第二端傳輸第一數據塊時,獲取所述第二端對應的第一預置字符串;其中,第一預置字符串用於隱藏所述第二端的地址信息The acquisition module is used to obtain a first preset string corresponding to the second end when the first data block needs to be transmitted to the second end; wherein the first preset string is used to hide the address information of the second end
生成模塊,用於基於所述第一預置字符串及所述第一數據塊,生成待發送的第一報文;a generating module, configured to generate a first message to be sent based on the first preset character string and the first data block;
發送模塊,用於通過控制設備將所述第一報文發送至所述第二端。The sending module is used to send the first message to the second end through the control device.
這裡需要說明的是:上述實施例提供的數據傳輸裝置可實現上述本申請第二方方法實施例提供的數據傳輸方法中描述的技術方案,為此上述各模塊或單元除了可實現上述所述的步驟之外,還可實現其它相關步驟,具體可實現的步驟及實現原理可參見本申請其它實施例中相關內容,此處不再贅述。It should be noted here that the data transmission device provided in the above-mentioned embodiment can implement the technical solution described in the data transmission method provided in the second-party method embodiment of the above-mentioned application. To this end, in addition to being able to implement the steps described above, the above-mentioned modules or units can also implement other related steps. The specific steps that can be implemented and the implementation principles can be found in the relevant content of other embodiments of this application, and will not be repeated here.
本申請一實施例還提供了一種第一端,該第一端的結構可參見圖3b中示出的第一端10。具體地,所述第一端包括:An embodiment of the present application further provides a first end, the structure of which can be seen in the first end 10 shown in FIG3b. Specifically, the first end includes:
安裝在所述第一端上的第一應用;a first application mounted on the first end;
第一控制模塊,位於所述第一應用內,用於實現本申請實施例提供的與圖11a相關的所述數據傳輸方法。The first control module, located in the first application, is used to implement the data transmission method related to Figure 11a provided in the embodiment of this application.
本申請另一實施例還提供了一種第一端,該第一端的結構可參見圖3c中示出的第一端10。具體地,所述第一端包括:Another embodiment of the present application further provides a first end, the structure of which can be seen in the first end 10 shown in FIG3c. Specifically, the first end includes:
安裝在所述第一端上的第一應用;a first application mounted on the first end;
第二控制模塊,位於所述第一應用的外部,用於實現本申請實施例提供的與圖11b相關的所述數據傳輸方法。The second control module is located outside the first application and is used to implement the data transmission method related to Figure 11b provided in the embodiment of this application.
有關上述本申請兩個實施例中提供的第一端的具體描述,可參見上文本申請其他實施例中相關的內容,此處不再作贅述。For the detailed description of the first end provided in the two embodiments of the present application, please refer to the relevant contents in the other embodiments of the above-mentioned application, which will not be repeated here.
本申請又一實施例還提供了一種中間網絡設備,該中間網絡設備包括:第四控制模塊及存儲器,其中,所述存儲器,用於存儲一條或多條計算機程序;所述第四控制模塊,用於執行所述一條或多條計算機程序,以用於實現本申請實施例提供的與圖12相關的所述數據傳輸方法。Another embodiment of the present application further provides an intermediate network device, which includes: a fourth control module and a storage device, wherein the storage device is used to store one or more computer programs; the fourth control module is used to execute the one or more computer programs to implement the data transmission method related to Figure 12 provided in the embodiment of the present application.
圖28示出了本申請一實施例提供的一種數據傳輸控制裝置的結構示意圖。該數據傳輸裝置部署於基於第一通信協議與第一端通信連接的控制設備,所述第一通信協議包含的多個通信節點中部分通信節點為單向通信節點,有關控制設備、第一通信協議的具體介紹,可參見上文其他各實施例中相關內容。如圖28所示,本實施例提供的所述數據傳輸控制裝置包括:啟動模塊61、控制模塊62;其中,FIG28 shows a schematic diagram of the structure of a data transmission control device provided by an embodiment of the present application. The data transmission device is deployed on a control device that is connected to the first end of the communication based on a first communication protocol. Some of the multiple communication nodes included in the first communication protocol are one-way communication nodes. For a detailed introduction to the control device and the first communication protocol, please refer to the relevant content in the other embodiments above. As shown in FIG28, the data transmission control device provided by this embodiment includes: a startup module 61 and a control module 62; wherein,
啟動模塊61,用於響應於針對第一端觸發的控制設備上通信節點配置操作,確定第一配置信息;其中,所述第一配置信息中包含的通信節點為所述第一通信協議中的通信節點;在與所述第一端非握手連接數據傳輸過程中,根據所述第一配置信息,針對所述第一端啟動至少一個第一通信節點;所述第一通信節點所屬的節點類型能反映所述第一通信節點對第一端使能的數據傳輸功能;An activation module 61 is configured to determine first configuration information in response to a communication node configuration operation on a control device triggered for a first end; wherein the communication nodes included in the first configuration information are communication nodes in the first communication protocol; and during a non-handshake data transmission process with the first end, activate at least one first communication node for the first end according to the first configuration information; wherein the node type of the first communication node can reflect the data transmission function enabled by the first communication node for the first end;
控制模塊62,用於根據每個所述第一通信節點所屬的節點類型,控制所述第一端通過每個所述第一通信節點所能進行的數據傳輸能力;a control module 62 for controlling the data transmission capability of the first end through each of the first communication nodes based on the node type of each of the first communication nodes;
進一步地,上述目標通信節點為所述至少一個第一通信節點中的一個通信節點;以及Furthermore, the target communication node is a communication node among the at least one first communication node; and
上述控制模塊61,在用於根據所述目標通信節點所屬的節點類型,控制所述第一端通過所述目標通信節點所能進行的數據傳輸能力時,可具體用於:確定所述第一端通過所述目標通信節點進行數據傳輸的目標端;所述目標通信節點所屬節點類型為第一類型時,控制第一端對目標端能上行數據;所述目標通信節點所屬節點類型為第二類型時,控制第一端對目標端能下行數據;所述目標通信節點所屬節點類型為第三類型時,控制第一端對目標端能上行數據和下行數據。The above-mentioned control module 61, when used to control the data transmission capability of the first end through the target communication node according to the node type of the target communication node, can be specifically used to: determine the target end for the first end to transmit data through the target communication node; when the node type of the target communication node is the first type, control the first end to be able to transmit uplink data to the target end; when the node type of the target communication node is the second type, control the first end to be able to transmit downlink data to the target end; when the node type of the target communication node is the third type, control the first end to be able to transmit uplink data and downlink data to the target end.
進一步地,本實施例提供的所述裝置還可包括:Furthermore, the device provided in this embodiment may also include:
監測獲取模塊,用於在監測到所述目標通信節點接收到第一端發送的需向所述目標端傳輸的數據塊時,獲取針對所述目標通信節點為所述第一端設置的數據傳輸能力控制信息;a monitoring and obtaining module, configured to obtain data transmission capability control information set for the first end by the target communication node when monitoring that the target communication node receives a data block sent by the first end and to be transmitted to the target end;
確定模塊,用於確定所述數據傳輸能力控制信息指示的所述第一端具備的數據通信能力;a determination module, configured to determine the data communication capability of the first end indicated by the data transmission capability control information;
發送處理模塊,用於根據所述第一端具備的數據通信能力,對所述數據塊執行發送處理操作;其中,所述數據通信能力包括上行數據通信能力、下行數據通信能力中的至少一個。A sending processing module is used to perform a sending processing operation on the data block according to the data communication capability of the first end; wherein the data communication capability includes at least one of an uplink data communication capability and a downlink data communication capability.
進一步地,上述發送處理模塊,在用於根據所述第一端具備的數據通信能力,對所述數據塊執行傳輸處理操作時,具體用於:若所述第一端具備上行數據通信能力,則將所述數據塊發送至所述目標端;若所述第一端不具備上行數據通信能力、但具備下行數據通信能力,則對所述數據塊不進行發送處理。Furthermore, the above-mentioned sending processing module, when used to perform transmission processing operations on the data block based on the data communication capability of the first end, is specifically used to: if the first end has uplink data communication capability, then send the data block to the target end; if the first end does not have uplink data communication capability but has downlink data communication capability, then do not send processing on the data block.
進一步地,上述發送處理模塊還用於:在若所述第一端不具體上行數據通信能力、但具體下行數據通信能力時,確定所述數據塊所屬數據流的數據類型;所述數據類型為請求類型時,根據所述數據塊中包含的請求參數,在所述目標通信節點對應的數據緩存區中執行查找操作,以為所述第一端返回適配的數據;Furthermore, the sending processing module is further configured to: if the first end does not have specific uplink data communication capabilities but does have specific downlink data communication capabilities, determine the data type of the data stream to which the data block belongs; and if the data type is a request type, perform a search operation in a data cache corresponding to the target communication node based on request parameters contained in the data block to return appropriate data to the first end;
以及,上述發送處理模塊,還用於:在若所述第一端具備上行數據通信能力,但不具體下行數據通信能力時,在接收到所述目標端針對所述數據塊返回的反饋信息時,對所述反饋信息不進行發送處理。Furthermore, the sending processing module is further configured to: if the first end has uplink data communication capability but does not have downlink data communication capability, upon receiving feedback information returned by the target end for the data block, not send processing on the feedback information.
進一步地,上述控制模塊62,在用於所述目標通信節點所屬節點類型為第二類型時,控制所述第一端能下行數據時,可具體用於:獲取針對所述目標通信節點所設置的觸發獲取數據的時機參數;按照所述時機參數,向所述目標端獲取數據以備將獲取到的數據發送至所述第一端。Furthermore, the above-mentioned control module 62, when used to control the first end to downlink data when the node type to which the target communication node belongs is the second type, can be specifically used to: obtain the timing parameters for triggering data acquisition set for the target communication node; and obtain data from the target end according to the timing parameters in preparation for sending the obtained data to the first end.
進一步地,上述控制模塊62,在用於按照所述時機參數,向所述目標端獲取數據時,可具體用於:若所述時機參數為第一數值,則定時地向所述目標端獲取數據;若所述時機參數為第二數值,則在監測到所述第一端向所述目標通信節點發送的用於指示需向第一端發送數據的信令時,向所述目標端獲取數據。Furthermore, the above-mentioned control module 62, when used to obtain data from the target end according to the timing parameter, can be specifically used to: if the timing parameter is a first value, then obtain data from the target end on a regular basis; if the timing parameter is a second value, then obtain data from the target end when monitoring the signaling sent by the first end to the target communication node to indicate that data needs to be sent to the first end.
進一步地,上述控制模塊62,在用於向所述目標端獲取數據時,可具體用於:獲取針對所述目標通信節點所設置的預設請求參數;根據所述預設請求參數,生成獲取請求並發送至所述目標端接收所述目標端針對所述獲取請求返回的數據並存儲至所述目標通信節點對應的數據緩存區中。Furthermore, when the control module 62 is used to obtain data from the target end, it can be specifically used to: obtain the default request parameters set for the target communication node; generate an acquisition request based on the default request parameters and send it to the target end; receive the data returned by the target end in response to the acquisition request and store it in the data cache area corresponding to the target communication node.
進一步地,上述控制模塊62,在用於確定所述第一端通過所述目標通信節點進行數據傳輸的目標端時,可具體用於:Furthermore, the control module 62, when used to determine the target end for data transmission from the first end through the target communication node, can be specifically used to:
確定所述目標通信節點對應的目標地址;Determining a target address corresponding to the target communication node;
根據所述目標地址,確定所述目標端;Determining the target end according to the target address;
其中,所述目標通信節點對應的目標地址通過如下任一項確定:The target address corresponding to the target communication node is determined by any of the following:
根據所述第一配置信息中包含的通信節點與目標地址的一一綁定關係,確定與所述目標通信節點具有綁定關係的目標地址;或者,determining a target address having a binding relationship with the target communication node based on the one-to-one binding relationship between the communication node and the target address contained in the first configuration information; or,
針對所述目標通信節點確定預置標識;根據所述預置標識,確定所述目標地址;所述預置標識為第一端對應的預置標識、或目標端對應的預置標識,用於隱藏相應端的地址或為相應端的地址。A preset identifier is determined for the target communication node; and the target address is determined based on the preset identifier. The preset identifier is a preset identifier corresponding to the first end or a preset identifier corresponding to the target end, and is used to hide the address of the corresponding end or is the address of the corresponding end.
進一步地,上述控制模塊62在用於針對所述目標通信節點確定預置標識時,可具體用於:Furthermore, when the control module 62 is used to determine the preset identifier for the target communication node, it can be specifically used to:
根據所述第一配置信息,獲取所述目標通信節點所綁定的預置標識;或者obtaining a preset identifier bound to the target communication node according to the first configuration information; or
接收所述第一端發送的預置標識;其中,所述預置標識是第一端根據需傳輸的數據塊所屬數據流對應的傳輸事務確定的。Receive a preset identifier sent by the first end; wherein the preset identifier is determined by the first end according to the transmission transaction corresponding to the data stream to which the data block to be transmitted belongs.
進一步地,若所述預置標識為第一端對應的預置標識,則上述述控制模塊62在用於根據所述預置標識,確定所述目標地址時,可具體用於:獲取所述預置標識關聯的關聯信息;從所述關聯信息中,獲取目標地址。Furthermore, if the preset identifier is a preset identifier corresponding to the first end, the control module 62, when used to determine the target address based on the preset identifier, can be specifically used to: obtain associated information associated with the preset identifier; and obtain the target address from the associated information.
進一步地,與所述第一端通信協議中還包括一個第二通信節點,用於握手連接過程中與第一端的數據交互;以及,上述啟動模塊61,還用於:在監測到上電後,根據所述第一配置信息啟動所述第二通信節點,以通過所述第二通信節點與所述第一端建立握手連接;在建立握手連接過程中,確定所述第一端向第二通信節點發送的指令是否符合要求;符合時,響應所述指令;不符合時,不予響應所述指令。Furthermore, the communication protocol with the first end also includes a second communication node, which is used for data interaction with the first end during the handshake connection process; and the above-mentioned startup module 61 is also used to: after monitoring power-on, start the second communication node according to the first configuration information to establish a handshake connection with the first end through the second communication node; in the process of establishing the handshake connection, determine whether the instruction sent by the first end to the second communication node meets the requirements; if it meets the requirements, respond to the instruction; if it does not meet the requirements, do not respond to the instruction.
進一步地,在所述控制設備中,是為所述第二通信節點獨立設置有對應的數據緩存區的;Furthermore, in the control device, a corresponding data buffer area is independently provided for the second communication node;
以及,本實施例提供的所述裝置還包括:觸發確定模塊,用於在握手連接成功後,觸發執行所述據所述第一配置信息,針對所述第一端啟動至少一個第一通信節點的步驟,並根據所述至少一個第一通信節點所屬的節點類型以及所述目標端的確定方式,確定是否關閉所述第二通信節點。In addition, the device provided in this embodiment further includes: a trigger determination module, which is used to trigger the execution of the step of starting at least one first communication node for the first end according to the first configuration information after the handshake connection is successful, and determine whether to shut down the second communication node based on the node type of the at least one first communication node and the determination method of the target end.
進一步地,所述第一非雙向通信協議為如下中的任一種:以信令指示傳輸的外部有線通信協議、以配對方式連接的無線通信協議。Furthermore, the first non-bidirectional communication protocol is any one of the following: an external wired communication protocol transmitted by signaling, or a wireless communication protocol connected in a pairing manner.
進一步地,所述控制設備還基於第二通信協議與所述目標端通信連接,所述第二通信協議中包含的多個通信節點中部分通信節點為單向通信節點;以及,上述啟動模塊61,還用於響應於針對所述目標端觸發的控制設備上通信節點配置操作,確定第二配置信息;其中,所述第二配置信息中包含的通信節點為所述第二通信協議中的通信節點;在與所述目標端非握手連接數據傳輸過程中,根據所述第二配置信息,針對所述目標端啟動的至少一個第三通信節點;所述第三通信節點所屬的節點類型能反映所述第三通信節點對目標端使能的數據傳輸功能;上述控制模塊62,還用於根據每個所述第三通信節點所屬的節點類型,控制所述目標端通過每個所述第三通信節點所能進行的數據傳輸通信能力。Furthermore, the control device is also connected to the target end in communication based on a second communication protocol, and some of the communication nodes included in the second communication protocol are one-way communication nodes; and the activation module 61 is also used to respond to the communication node configuration operation on the control device triggered by the target end, and determine the second configuration information; wherein the communication nodes included in the second configuration information are the communication nodes in the second communication protocol; During the non-handshake connection data transmission process of the target end, at least one third communication node is activated for the target end according to the second configuration information; the node type to which the third communication node belongs can reflect the data transmission function enabled by the third communication node to the target end; the above-mentioned control module 62 is also used to control the data transmission communication capability that the target end can perform through each of the third communication nodes according to the node type to which each of the third communication nodes belongs.
這裡需要說明的是:上述實施例提供的數據傳輸控制裝置可實現上述本申請提供的數據傳輸控制方法實施例技術方案,為此上述各模塊或單元除了可實現上述所述的步驟之外,還可實現其它相關步驟,具體可實現的步驟及實現原理可參見本申請其它實施例中相關內容,此處不再贅述。It should be noted that the data transmission control device provided in the above-mentioned embodiment can implement the technical solution of the data transmission control method embodiment provided in the above-mentioned application. To this end, in addition to being able to implement the steps described above, the above-mentioned modules or units can also implement other related steps. The specific steps that can be implemented and the implementation principles can be found in the relevant content of other embodiments of this application and will not be repeated here.
圖29示出了本申請一實施例提供的一種控制設備的結構示意圖。所述控制設備包括處理器72及存儲器71。其中,所述存儲器71用於存儲一條或多條計算機指令;所述處理器72,與所述存儲器71耦合,用於一條或多條計算機指令(如實現數據存儲邏輯的計算機指令),以用於實現上述本申請提供相應的數據傳輸方法中的步驟(比如與圖11a至圖13以及圖19相關的數據傳輸方法、數據傳輸控制方法等中的步驟,相關方法和步驟可以獨立實現,也可以組合實現)。FIG29 shows a schematic structural diagram of a control device provided in one embodiment of the present application. The control device includes a processor 72 and a memory 71. The memory 71 is used to store one or more computer instructions; the processor 72, coupled to the memory 71, is used to execute one or more computer instructions (such as computer instructions that implement data storage logic) to implement the steps in the corresponding data transmission method provided by the present application (such as the steps in the data transmission method and data transmission control method related to FIG11a to FIG13 and FIG19; the related methods and steps can be implemented independently or in combination).
存儲器71可以由任何類型的易失性或非易失性存儲設備或者它們的組合實現,如靜態隨機存取存儲器(SRAM),電可擦除可編程只讀存儲器(EEPROM),可擦除可編程只讀存儲器(EPROM),可編程只讀存儲器(PROM),只讀存儲器(ROM),磁存儲器,快閃存儲器,磁盤或光盤。The memory 71 can be implemented by any type of volatile or non-volatile memory device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk.
進一步,如圖29所示,控制設備還包括:通信組件73、電源組件74及音頻組件75等其它組件。圖29中僅示意性給出部分組件,並不意味著控制設備只包括圖29所示組件。Furthermore, as shown in Figure 29, the control device also includes other components such as a communication component 73, a power component 74, and an audio component 75. Figure 29 only schematically shows some components, which does not mean that the control device only includes the components shown in Figure 29.
有關控制設備具體可包括的功能部件,可參見本申請其他實施例中描述的與圖18a相關的內容,和/或與圖7a至7c相關的內容,此處不再作贅述。For specific functional components that the control device may include, please refer to the content related to Figure 18a and/or the content related to Figures 7a to 7c described in other embodiments of this application, and no further details will be given here.
本申請一實施例還提供了一種第一端,該第一端包括處理器及存儲器。其中,所述存儲器用於存儲一條或多條計算機指令;所述處理器,與所述存儲器耦合,用於一條或多條計算機指令(如實現數據存儲邏輯的計算機指令),以用於實現上述本申請實施例提供相應的數據傳輸方法中的步驟。One embodiment of the present application further provides a first end comprising a processor and a memory. The memory is configured to store one or more computer instructions; the processor, coupled to the memory, is configured to execute one or more computer instructions (e.g., computer instructions implementing data storage logic) to implement the steps of the corresponding data transmission method provided in the aforementioned embodiment of the present application.
有關存儲器的具體介紹,可參見上文其它實施例中相關的內容。For a detailed description of the memory, please refer to the relevant contents in other embodiments above.
此外,第一端處包括存儲器和處理器之外,還可包括其它組件,如通信組件、顯示器、音頻組件等,此處不作具體限制。In addition, the first end may include not only a memory and a processor, but also other components, such as a communication component, a display, an audio component, etc., which are not specifically limited here.
本申請還有一實施例提供一種計算機程序產品(說明書圖式中無相應圖式示出)。該計算機程序產品包括計算機程序或指令,當所述計算機程序或指令被處理器執行時,致使所述處理器能夠實現上述各方法實施例中的步驟。Another embodiment of the present application provides a computer program product (not shown in the accompanying drawings). The computer program product includes a computer program or instructions that, when executed by a processor, enable the processor to implement the steps of the above-described method embodiments.
相應地,本申請實施例還提供一種存儲有計算機程序的計算機可讀存儲介質,所述計算機程序被計算機執行時能夠實現上述各實施例提供的方法步驟或功能。Correspondingly, the embodiments of the present application also provide a computer-readable storage medium storing a computer program, which, when executed by a computer, can implement the method steps or functions provided in the above embodiments.
以上所描述的裝置實施例僅僅是示意性的,其中所述作為分離部件說明的單元可以是或者也可以不是物理上分開的,作為單元顯示的部件可以是或者也可以不是物理單元,即可以位於一個地方,或者也可以分佈到多個網絡單元上。可以根據實際的需要選擇其中的部分或者全部模塊來實現本實施例方案的目的。所屬技術領域中具有通常知識者在不付出創造性的勞動的情況下,即可以理解並實施。The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components shown as units may or may not be physical units, i.e., they may be located in one location or distributed across multiple network units. Some or all of the modules may be selected based on actual needs to achieve the objectives of the present embodiments. Those skilled in the art will be able to understand and implement the present invention without inventive effort.
通過以上實施方式的描述,所屬技術領域中具有通常知識者可以清楚地瞭解到各實施方式可借助軟件加必需的通用硬件平臺的方式來實現,當然也可以通過硬件。基於這樣的理解,上述技術方案本質上或者說對現有技術做出貢獻的部分可以以軟件產品的形式體現出來,該計算機軟件產品可以存儲在計算機可讀存儲介質中,如ROM/RAM、磁碟、光盤等,包括若干指令用以使得一台計算機設備(可以是個人計算機,服務器,或者網絡設備等)執行各個實施例或者實施例的某些部分所述的方法。Through the description of the above embodiments, a person of ordinary skill in the art will clearly understand that each embodiment can be implemented using software plus the necessary general-purpose hardware platform, or of course, hardware. Based on this understanding, the essence of the above technical solution, or the portion that contributes to the existing technology, can be embodied in the form of a software product. This computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, a magnetic disk, or an optical disk, and includes a number of instructions for causing a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods described in each embodiment or certain portions of the embodiments.
最後應說明的是:在本申請的說明書、申請專利範圍及下述圖式中描述的一些流程中,包含了按照特定順序出現的多個操作,這些操作可以不按照其在本文中出現的順序來執行或並行執行。操作的序號如101、102等,僅僅是用於區分各個不同的操作,序號本身不代表任何的執行順序。另外,這些流程可以包括更多或更少的操作,並且這些操作可以按順序執行或並行執行。需要說明的是,本文中的「第一」、「第二」等描述,是用於區分不同的消息、設備、模塊等,不代表先後順序,也不限定「第一」和「第二」是不同的類型。而本申請中術語「或/和」,僅僅是一種描述關聯對象的關聯關係,表示可以存在三種關係,例如:A或/和B,表示可以單獨存在A,同時存在A和B,單獨存在B這三種情況;本申請中字符「/」,一般表示前後關聯對象是一種「或」關係。還需要說明的是,術語「包括」、「包含」或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的商品或者系統不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種商品或者系統所固有的要素。在沒有更多限制的情況下,由語句「包括一個……」限定的要素,並不排除在包括所述要素的商品或者系統中還存在另外的相同要素。另外,示例的TCP/IP協議為協議族,包括開放系統互連參考模型(Open System Interconnect 簡稱OSI)相關的ARP、IP、TCP、UDP等以及應用層的HTTP、FTP、SMTP、TELNET、HTTP、POP3等;相關的接口或協議如USB、藍牙、PCIE、SATA、SPI、SDIO等僅為示例而非限定,按照實際需求可以使用串口通訊(如RS-232、RS-422、RS-485等)、UART、CAN等接口或協議替代,或者自定義接口或協議替代等;相關的數據類型僅為示例而非限定,如「16位」、「32位」、「String」等;相關的字段內容、數據頭內容等僅為示例而非限定,如「一類編碼字段」、「校驗信息」、「普通數據頭」、「文件數據頭」、「郵件數據頭」等,按照實際需求可以自定義增加或刪減。此外,以上各實施例僅僅是本申請一部分實施例,而不是全部的實施例。基於本申請中的實施例,所屬技術領域中具有通常知識者在沒有做出創造性勞動前提下所獲得的所有其他實施例,都屬本申請保護的範圍。以及,以上實施例僅用以說明本申請的技術方案,而非對其限制;儘管參照前述實施例對本申請進行了詳細的說明,所屬技術領域中具有通常知識者應當理解:其依然可以對前述各實施例所記載的技術方案進行修改,或者對其中部分技術特徵進行等同替換;而這些修改或者替換,並不使相應技術方案的本質脫離本申請各實施例技術方案的精神和範圍。Finally, it should be noted that some of the processes described in the specification of this application, the scope of the patent application and the following figures include multiple operations that appear in a specific order. These operations may not be executed in the order in which they appear in this document or may be executed in parallel. The serial numbers of the operations, such as 101, 102, etc., are only used to distinguish between different operations. The serial numbers themselves do not represent any execution order. In addition, these processes may include more or fewer operations, and these operations may be executed in sequence or in parallel. It should be noted that the descriptions of "first", "second", etc. in this document are used to distinguish different messages, devices, modules, etc., and do not represent the order of precedence, nor do they limit "first" and "second" to different types. The term "or/and" in this application is merely a description of the association relationship between related objects, indicating that three relationships can exist, for example: A or/and B, indicating that A can exist alone, A and B can exist at the same time, and B can exist alone; the character "/" in this application generally indicates that the related objects before and after are in an "or" relationship. It should also be noted that the term "includes", "comprising" or any other variants thereof are intended to cover non-exclusive inclusion, so that a product or system that includes a series of elements includes not only those elements, but also other elements that are not explicitly listed, or elements that are inherent to such product or system. In the absence of further restrictions, the elements defined by the phrase "including a..." does not exclude the existence of other identical elements in the product or system that includes the elements. In addition, the TCP/IP protocol is a protocol family including the Open System Interconnection Reference Model. OSI (Open System Interconnection)-related protocols such as ARP, IP, TCP, and UDP, as well as application-layer protocols such as HTTP, FTP, SMTP, TELNET, HTTP, and POP3, are provided for example only and are not intended to be limiting. Serial communication interfaces (such as RS-232, RS-422, and RS-485), UART, and CAN, or custom interfaces or protocols may be used as substitutes, depending on actual needs. Data types such as "16-bit," "32-bit," and "String" are provided for example only and are not intended to be limiting. Field and header content such as "Class I Encoding Field," "Checksum Information," "Normal Header," "File Header," and "Mail Header" are provided for example only and are not intended to be limiting. These fields and headers may be added or deleted as needed. In addition, the above embodiments are only part of the embodiments of this application, not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts are within the scope of protection of this application. In addition, the above embodiments are only used to illustrate the technical solutions of this application, not to limit them. Although this application has been described in detail with reference to the aforementioned embodiments, persons of ordinary skill in the art should understand that they can still modify the technical solutions described in the aforementioned embodiments, or make equivalent replacements for some of the technical features therein. However, these modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of this application.
10:第一端 20、21、21a、21b、22、23:第二端 12:第二控制模塊 30、31:控制設備 31A:第一控制設備 311:網線接口 312:總線接口 313:板間接口 31’:外設接口 311’:第一類型外設接口 312’:第二類型外設接口 32:第二控制設備 32A:無線模塊 33:操作按鈕 34:天線 41:確定模塊 42:生成模塊 43:發送模塊 51:獲取模塊 52:發送模塊 61:啟動模塊 62:控制模塊 71:存儲器 72:處理器 73:通信組件 74:電源組件 75:音頻組件 101-104:步驟 201-204:步驟 A11-A14:步驟 301-303:步驟 S100-S102:步驟10: First end20, 21, 21a, 21b, 22, 23: Second end12: Second control module30, 31: Control devices31A: First control device311: Network cable interface312: Bus interface313: Inter-board interface31': Peripheral interface311': First type peripheral interface312': Second type peripheral interface32: Second control device32A: Wireless module33: Operation button34: Antenna41: Confirmation module42: Generate module43: Send module51: Acquisition module52: Send module61: Start module62: Control module71: Memory72: Processor73: Communication Components74: Power Components75: Audio Components101-104: Steps201-204: StepsA11-A14: Steps301-303: StepsS100-S102: Steps
圖1為本申請一實施例提供的一種現存的不同端間數據傳輸的原理性示意圖; 圖2a為本申請一實施例提供的傳輸事務的原理性示意圖; 圖2b為本申請一實施例提供的與圖2a相應的傳輸方式原理性示意圖; 圖3a-1至圖5e示出了本申請實施例提供的數據傳輸系統的結構示意圖; 圖6a~圖6b為本申請實施例提供的在第一端和第二端上分別部署的相應控制設備的設備驅動及API接口的示例; 圖6c為本申請實施例提供的一個控制設備可與另外其他的多個控制設備連接的示例; 圖7a至圖7c為本申請實施例提供的控制設備的具體形態示意圖; 圖8為本申請實施例提供的示傳輸事務屬性信息中事務屬性類型字段的字段值的高八位配置原理流程示意圖; 圖9為本申請實施例提供的配置文件包含的配置信息示意圖; 圖10為本申請實施例提供的控制設備與相應端建立通信連接的原理性示意圖; 圖11a至圖13為本申請實施例提供的數據傳輸方法的流程示意圖; 圖14為本申請另一實施例提供的數據傳輸系統的結構示意圖; 圖15a至圖15c為本申請實施例提供的數據傳輸交換原理性示意圖; 圖16為本申請一實施例提供的基於傳輸事務屬性信息實現對需傳輸的數據進行傳輸(可稱為數據結構化傳輸)的原理性示意圖; 圖17為本申請一實施例提供的數據結構化傳輸的應用示例; 圖18a為本申請一實施例提供的控制設備的結構示意圖; 圖18b為本申請一實施例提供的與控制設備連接的數據端的結構示意圖; 圖19為本申請實施例提供的數據傳輸控制方法的流程示意圖; 圖20至圖22為本申請實施例提供的數據傳輸控制原理性示意圖; 圖23a~圖23d以及圖24為本申請實施例提供的數據傳輸控制系統的結構示意圖; 圖25a為本申請提供的第一端通過網卡通信設備與第二端通信的示意圖; 圖25b為本申請提供的第一端通過控制設備與不同的多個第二端通信的示意圖; 圖26和圖27為本申請實施例提供的數據傳輸裝置的結構示意圖; 圖28為本申請一實施例提供的數據傳輸控制裝置的結構示意圖; 圖29為本申請另一實施例提供的控制設備的結構示意圖。Figure 1 is a schematic diagram illustrating a conventional data transmission method between different terminals, according to an embodiment of the present application.Figure 2a is a schematic diagram illustrating a transmission transaction, according to an embodiment of the present application.Figure 2b is a schematic diagram illustrating a transmission method corresponding to Figure 2a, according to an embodiment of the present application.Figures 3a-1 through 5e illustrate schematic structural diagrams of a data transmission system, according to an embodiment of the present application.Figures 6a and 6b illustrate examples of device drivers and API interfaces for corresponding control devices deployed on a first terminal and a second terminal, respectively, according to an embodiment of the present application.Figure 6c illustrates an example of a control device, according to an embodiment of the present application, being connectable to multiple other control devices.Figures 7a through 7c illustrate schematic diagrams illustrating the specific configurations of the control devices, according to an embodiment of the present application. Figure 8 is a schematic diagram illustrating the principle flow for configuring the upper eight bits of the field value of the transaction attribute type field in the transmission transaction attribute information provided in an embodiment of this application;Figure 9 is a schematic diagram illustrating the configuration information contained in the configuration file provided in an embodiment of this application;Figure 10 is a schematic diagram illustrating the principle of establishing a communication connection between a control device and a corresponding terminal provided in an embodiment of this application;Figures 11a through 13 are schematic diagrams illustrating the flow of a data transmission method provided in an embodiment of this application;Figure 14 is a schematic diagram illustrating the structure of a data transmission system provided in another embodiment of this application;Figures 15a through 15c are schematic diagrams illustrating the principle of data transmission exchange provided in an embodiment of this application;Figure 16 is a schematic diagram illustrating the principle of transmitting required data based on transmission transaction attribute information (which may be referred to as structured data transmission) provided in an embodiment of this application; Figure 17 is an application example of structured data transmission provided in accordance with an embodiment of the present application.Figure 18a is a schematic structural diagram of a control device provided in accordance with an embodiment of the present application.Figure 18b is a schematic structural diagram of a data terminal connected to a control device provided in accordance with an embodiment of the present application.Figure 19 is a flow chart of a data transmission control method provided in accordance with an embodiment of the present application.Figures 20 to 22 are schematic diagrams of the data transmission control principle provided in accordance with an embodiment of the present application.Figures 23a to 23d and 24 are schematic structural diagrams of a data transmission control system provided in accordance with an embodiment of the present application.Figure 25a is a schematic diagram of a first terminal communicating with a second terminal via a network card communication device provided in accordance with the present application.Figure 25b is a schematic diagram of a first terminal communicating with multiple different second terminals via a control device provided in accordance with the present application. Figures 26 and 27 are schematic diagrams of the data transmission device according to embodiments of this application.Figure 28 is a schematic diagram of the data transmission control device according to one embodiment of this application.Figure 29 is a schematic diagram of the control device according to another embodiment of this application.
301-303:步驟301-303: Steps
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW114106990ATW202527513A (en) | 2023-12-01 | 2023-12-01 | Data transmission control method, system, control device and readable storage medium |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW114106990ATW202527513A (en) | 2023-12-01 | 2023-12-01 | Data transmission control method, system, control device and readable storage medium |
| Publication Number | Publication Date |
|---|---|
| TW202527513Atrue TW202527513A (en) | 2025-07-01 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW114106990ATW202527513A (en) | 2023-12-01 | 2023-12-01 | Data transmission control method, system, control device and readable storage medium |
| Country | Link |
|---|---|
| TW (1) | TW202527513A (en) |
| Publication | Publication Date | Title |
|---|---|---|
| TWI879277B (en) | Data transmission method, system, first end, intermediate network device and control device | |
| US9621574B2 (en) | Out of band end user notification systems and methods for security events related to non-browser mobile applications | |
| Cynthia et al. | Security protocols for IoT | |
| JP6656157B2 (en) | Network connection automation | |
| Batalla et al. | RETRACTED ARTICLE: Deployment of smart home management system at the edge: mechanisms and protocols | |
| KR101359324B1 (en) | System for enforcing security policies on mobile communications devices | |
| US8683059B2 (en) | Method, apparatus, and computer program product for enhancing computer network security | |
| JP2023541599A (en) | Service communication methods, systems, devices and electronic equipment | |
| US20140181842A1 (en) | Secure mobile app connection bus | |
| US20130332724A1 (en) | User-Space Enabled Virtual Private Network | |
| WO2014173365A1 (en) | Ftp application layer packet filtering method, device and computer storage medium | |
| US12216769B2 (en) | Secure element enforcing a security policy for device peripherals | |
| CN110474921B (en) | Perception layer data fidelity method for local area Internet of things | |
| WO2023279782A1 (en) | Access control method, access control system and related device | |
| CN112219416A (en) | Technology for authenticating data transmitted over cellular networks | |
| CN118523966A (en) | Resource access method, computer device, and computer-readable storage medium | |
| US11784973B2 (en) | Edge-based enterprise network security appliance and system | |
| CN118300899B (en) | Authorized communication method, device, computer equipment and storage medium | |
| CN114765554A (en) | Method for determining trust terminal and related device | |
| Li et al. | Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges | |
| TW202527513A (en) | Data transmission control method, system, control device and readable storage medium | |
| CN114422167A (en) | Network access control method, device, electronic equipment and storage medium | |
| CN115623013A (en) | Strategy information synchronization method, system and related product | |
| EP3662640A1 (en) | Data communication with devices having no direct access or only restricted access to communication networks | |
| Frank | Securing Smart Homes with OpenFlow: Feasibility, Implementation, and Performance |