TLV (Threshold Limit Value) based data transmission method and system thereof

[0049] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments in the present invention, all other embodiments obtained by those of ordinary skill in the art fall within the protection scope of the present invention.

[0050] see figure 1 , which is a flowchart of the first embodiment of a TLV-based data transmission method provided by the present invention. To illustrate the embodiment of the present invention more clearly, in the transmission process, the two transmission parties are respectively referred to as the first transmission party and the second transmission party.

[0051] Step 110: the first transmission party acquires the first public key in the pre-generated first key pair, and the second transmission party acquires the first private key in the pre-generated first key pair;

[0052] Step 120: The first transmission party and the second transmission party use the first key pair to exchange information, and exchange data transmission keys for subsequent transmission of TLV data.

[0053] It can be seen from the above steps that the solutions of steps 110 and 120 are mainly for the purpose of enabling the transmitting party to know the key related to the transmission of the TLV data. . see figure 2 , which is a schematic diagram of the first embodiment of the present invention for obtaining a key related to the transmission of TLV data.

[0054] In this schematic diagram, the first transmission party takes the client as an example for description, and the second transmission party takes the server as an example for description. The client, which is not physically limited to this, can be implemented by being integrated into the server, that is, the function of key management can be performed by the server shown in the figure or another server.

[0055] Step 2001: Generate a key pair including a public key (ie, the first public key in step 110) and a private key (ie, the first private key in step 110). This step can be completed by a key management unit. This key pair is usually not updated very often. Of course, if for stricter security requirements, it can also be updated regularly or irregularly according to actual needs.

[0056] Step 2002: The key management unit transmits the public key to the client, and the client saves the public key, that is, the client knows the public key.

[0057] Step 2003: The key management unit transmits the private key to the server, and the server saves the private key, that is, the server learns the private key.

[0058] Step 2004: The client generates authentication information (plain text). If the security requirements are high, verification information can be added to the request message. The main purpose of the verification information is to enable the server to verify that the client's identity is legal.

[0059] Step 2005: The client constructs a request message (the key for requesting subsequent transmission of TLV data, that is, the data transmission key for requesting encryption/decryption of TLV data), and encrypts the request message with the public key. For example, the original text of the request message requesting the key is: "request key, password=123456", which is encrypted with the public key and becomes: Y.

[0060] Step 2006: Send the request message encrypted by the public key to the server. For example, the above "Y" is sent to the server.

[0061] Step 2007: After receiving the request message, the server decrypts it with the private key and verifies the plaintext information. For example, after receiving Y, the server decrypts Y → "request key, password=123456" using the private key, and verifies whether the password is correct.

[0062] Step 2008: If the decryption of the private key is successful and the verification information is correct, a random key is generated and transmitted to the client. For the sake of security, the key is preferably randomly generated, but the present invention is not limited to this. In addition, preferably, private key encryption can be used when transmitting the key, so as to better improve the security.

[0063] Step 2009: The client successfully obtains the data transmission key key for transmitting TLV data. If the server encrypts the key with the private key when transmitting the key, the client also needs to use the public key to decrypt it after receiving it so that the key can be decoded correctly.

[0064] So far, the first key pair is used to exchange information between the first transmission party and the second transmission party, and the data transmission key key used for subsequent transmission of TLV data has been successfully exchanged. It can be seen that the key used for subsequent transmission of TLV data is The key key is different from the previous public key and private key. The public key and private key generated at the beginning are only used for exchanging the data transmission key key. In the subsequent actual transmission of TLV data, the public key and private key are used instead. Use the newly exchanged data transfer key key. Furthermore, if the subsequent first transmission party and the second transmission party need to transmit TLV data, the above-mentioned data transmission key key can be used for encryption and decryption. From this, it can be seen that the main solution of step 110 and step 120 is to generate a first key pair including a first public key and a first private key, the first transmission party obtains the first public key, and the second transmission party obtains the first private key. The first transmission party sends a request message encrypted with the public key to the second transmission party, the request message includes the information requesting to know the data transmission key key; the second transmission party uses the private key to decrypt the received request message , after the decryption is successful, a data transmission key is generated, and the data transmission key used for encrypting the TLV data is sent to the first transmission party.

[0065] Step 130: The first transmitting party encodes the first original data to be transmitted in a TLV encoding manner.

[0066]In this step, the original data can be encoded by using the existing TLV encoding method. An improved TLV encoding method provided by the present invention may also be used for encoding. For example, in the encoding process, the Length field is not encoded, and TLV data is generated, and the TLV data does not include the Length field. Alternatively, reduce the number of bits in the tag.

[0067] Specifically, the traditional TLV, Tag (referred to as the corresponding data body is the object), the length of Length is fixed (mainly for the convenience of programming), in fact, if the type of tag is limited, and there are some data lengths corresponding to tags if If it is fixed, then the tag and length can be further reduced to save traffic. For example, the tag and length of traditional TLV generally use 16 bits more: Tag: short short (16bits) Length: short short (16bits) Value: variable (variable)

[0068] If it can be determined that there are no more than 256 objects to be transmitted (meeting most of the requirements), then the Tag only needs to use 8 bits (which can save 1 byte). If the length of any object is fixed, the length will not be transmitted, and the Pass the value, so a total of 2 bytes can be saved. Using the above encoding method, there is no problem in decoding the receiver, because the data length of each type is basically fixed, so the receiver can read the data type from the tag and know the length of the data of this type. Then when decoding, you know how long to decode. It can be seen that by adopting the above encoding method, the transmission traffic can be saved and the transmission efficiency can be improved.

[0069] It should be noted that there is no sequence relationship between step 130 and steps 110 and 120 for obtaining the relevant key for transmitting TLV data, the sequence of the two can be interchanged, and it is not limited to the time before each TLV data is sent. It is necessary to learn the key, usually only when a new session is opened, the key for transmitting TLV data needs to be learned again. In other words, it is possible to know the key once, which can be applied to multiple encrypted transmissions of TLV data. Of course, if a very high level of security is actually required, it is not ruled out that a new key must be learned every time before TLV data is transmitted. The present invention does not limit the above content.

[0070] Step 140: The first transmission party encrypts the TLV data by using the data transmission key to generate encrypted TLV data. For example, the encryption process is performed using the data encryption key key for transmitting the TLV data known in step 120 .

[0071] Step 150: Transmit the encrypted TLV data to the second transmission party.

[0072] So far, through steps 110 to 150, the complete transmission process of transmitting TLV data to the second transmission party from the first transmission party is completed.

[0073] In order to describe the embodiments of the present invention in more detail, the processing of the received data by the receiver (the second transmission party) will be further described later.

[0074] The second transmission party uses the data transmission key to decrypt the TLV data from the first transmission party. The decryption key of the second transmission party is the same as the encryption key of the first transmission party, for example, both are figure 2 The data transfer key shown in the key. Then, the decrypted TLV data is decoded to obtain the transmitted first original data.

[0075] It can be seen from the above-mentioned first embodiment of the present invention that the encryption and decryption keys are the same when actually transmitting TLV data, so the efficiency of encryption and decryption is relatively high. And since the data transmission key is learned interactively through the aforementioned complicated communication process (by means of another key pair different from the data transmission key), the security of the data transmission key is very high. The security of the data transmission key itself is high, which naturally leads to greatly improved security when the key is used to transmit TLV data subsequently.

[0076] please continue image 3 , which is a flowchart of the second embodiment of a TLV-based data transmission method provided by the present invention. To illustrate the embodiment of the present invention more clearly, in the transmission process, the two transmission parties are respectively referred to as the first transmission party and the second transmission party. The main difference between this embodiment and the first embodiment is that steps 310 to 330 are different from steps 110 to 120 in the first embodiment, that is, the specific manner of obtaining the data transmission key used for transmitting TLV data is different. Subsequent steps are handled the same way.

[0077] Step 310: the first transmission party and the second transmission party respectively obtain the first public key in the first key pair, and the third party obtains the first private key in the first key pair;

[0078] Step 320: The first transmission party and the third party use the first key pair to exchange information, so that the first transmission party knows the subsequent data transmission used for transmitting TLV data between the first transmission party and the second transmission party key.

[0079] Step 330: The second transmission party and the third party use the first key pair to exchange information, so that the second transmission party knows that the second transmission party will be used later between the second transmission party and the first transmission party. The data transfer key for transferring TLV data.

[0080] In order to describe steps 310 to 320 more clearly, a specific schematic diagram is still used for further description below. see Figure 4 , which is a schematic diagram of the second implementation manner of obtaining the key related to the transmission of TLV data in the present invention.

[0081] In this schematic diagram, the first transmission party takes the client C1 as an example for description, and the second transmission party takes the client C2 as an example for description, and there are also a third-party server and a key management unit. The key management unit can be understood as being logically independent of the server and the client, but is not physically limited to this. It can be integrated into the server for implementation, that is, the key management function can be completed by the server shown in the figure or another server. .

[0082] Step 4001: Generate a key pair, which includes a public key (ie the first public key in step 310) and a private key (ie the first private key in step 310), which can be generated by the key management unit .

[0083] Step 4002: transmit the public key to the client C2 to save.

[0084] Step 4003: transmit the public key to the client C1 to save.

[0085] Step 4004: transmit the private key to the server for saving.

[0086] Step 4005: The client C1 asks the server for the client list.

[0087] Step 4006: The server returns a client list to the client C1, which includes the online information of the client C2.

[0088] Step 4007: The client C1 requests the server to connect to the client C2.

[0089] Step 4008: The server asks the client C2 whether to agree to the connection request of the client C1.

[0090] Step 4009: The client C2 returns the confirmation message of consent.

[0091] Step 4010: The server generates a data transmission key key used for subsequent transmission of TLV data between the client C1 and the client C2, preferably, a random key is generated.

[0092] Step 4011: The server generates session information, including the aforementioned random key.

[0093] Step 4012: Send the session information including the random key to the client C2.

[0094] Step 4013: also send the session information including the random key to the client C1.

[0095] Step 4014: With the help of the server, TCP (Transmission Control Protocol) hole punching is performed between the client C1 and the client C2 to establish a connection. This step can be implemented by adopting the related technology in the prior art, and thus will not be repeated here.

[0096] It should be noted that, from the beginning to the end of step 4005, the information exchange between the client C1, C2 and the server uses the initial public key and private key key pair for encrypted information transmission, that is, the client C1 or C2 sends the encrypted information to the server. When the server sends a message, it uses public key encryption, and the server uses the private key to decrypt; otherwise, when the server sends a message to the client C1 or C2, it uses the private key to encrypt, and the client C1 or C2 uses the public key to decrypt.

[0097] Step 4015: Encrypt/decrypt the transmitted TLV data between the client C2 and the client C1 using the data transmission key key distributed by the server.

[0098] pass Figure 4 It can be seen from the specific implementation manner that this specific implementation manner is mainly applied to an application scenario in which TLV data needs to be directly transmitted between two clients, such as a P2P application scenario. However, for security reasons, the data transmission key used to transmit TLV data is not directly transmitted between clients, but distributed by the server. It can be seen that in this way, in the application scenario where TLV needs to be transmitted directly between clients such as P2P, the transmission security of TLV data is further improved. In particular, if a user transmits data under a public network such as a Wi-Fi network, using the technical solutions of the embodiments of the present invention, the security is greatly improved.

[0099] Step 340: The first transmitting party encodes the first original data to be transmitted in a TLV encoding manner to generate TLV data. Similar to the previous embodiment, there is no necessary sequence relationship between steps 310 to 330 and step 340, and it is not necessary to execute steps 310-330 every time step 340 is executed. There is no limit to the number of times, which can be determined according to actual needs.

[0100] Step 350: The first transmission party encrypts the TLV data by using the data transmission key to generate encrypted TLV data. For example, client C1 takes Figure 4 The key distributed by the server encrypts the TLV data to be transmitted.

[0101] Step 360: Transmit the encrypted TLV data to the second transmission party. For example, the client C1 transmits the key-encrypted TLV data to the client C2.

[0102] So far, through steps 310 to 350, the complete transmission process of transmitting TLV data to the second transmission party from the first transmission party is completed.

[0103] In order to describe the embodiments of the present invention in more detail, the processing of the received data by the receiver and the second transmitter will be further described later.

[0104] Step 370: The second transmission party uses the data transmission key to decrypt the TLV data from the first transmission party. corresponds to Figure 4 For example, the client C2 decrypts the TLV data from C1 with the key.

[0105] Step 380: Decode the decrypted TLV data to obtain the transmitted first original data.

[0106] The foregoing steps 340 to 380 are similar to the steps 130 to 170 in the first embodiment, and thus are not described again. For details, please refer to the description of the corresponding steps in the foregoing first embodiment.

[0107]Combining the foregoing first and second embodiments of the present invention, it can be seen that the key used for encrypting TLV data is not directly transmitted between the first transmission party and the second transmission party, but a more complex and secure key The key is exchanged during the transmission process, thus making the key itself more secure, thereby further ensuring the security of the transmitted TLV data. In practical applications, some transmissions are unidirectional, but many transmissions are bidirectional. The following takes a specific implementation as an example to introduce the specific process of bidirectional transmission.

[0108] see Figure 5 , which is a schematic diagram of a third embodiment of a TLV-based data transmission method provided by the present invention. In this schematic diagram the first transmission party may be a client and the second transmission party may be a server or another client.

[0109] Step 501: Compress the TLV data to be transmitted, that is, compress the TLV data. Those skilled in the art can understand that TLV encoding has been performed on the original data to be transmitted before this step, and TLV data has been formed, just to highlight the steps in the communication process, so the initial TLV encoding steps are not shown in the figure. out. Since the TLV encoding method adds extra Tag and Length fields for each type, the resulting data is larger than the original data, so if you compress the TLV data before transmitting it, such as using Huffman (Huffman encoding) or Gzip (abbreviation of GNUzip, a file compression program) way to compress, which can save bandwidth and improve transmission speed.

[0110] Step 502: Encrypt the compressed TLV data using the data transmission key key. For example, the key for transmitting TLV data known in the foregoing first embodiment, or the key for transmitting TLV data known in the foregoing second embodiment is used. It should be noted that step 501 and step 502 do not have a strict sequence, and can be interchanged, that is, they can be compressed first and then encrypted, or they can be encrypted first and then compressed.

[0111] Step 503: Send the TLV data encrypted by the data transmission key key to the second transmission party.

[0112] Step 504: The second transmission party uses the key to decrypt the received TLV data. The decrypted key in this embodiment is the same as the encrypted key.

[0113] Step 505: Decompress the decrypted data.

[0114] Step 506: Perform normal business logic processing on the decompressed data to obtain business processing results. Of course, in most cases, it is necessary to decode and restore the original data after decompression, and then perform business logic processing.

[0115] Step 507: Compress the TLV data of the service processing result. Of course, TLV encoding (just not shown in the figure) is also performed before compression in order to generate TLV data.

[0116] Step 508: Encrypt the compressed TLV data using the data transmission key key.

[0117] Step 509: The second transmission party sends the data encrypted by the data transmission key key to the first transmission party.

[0118] Step 510: The first transmission party decrypts the received data by using the data transmission key key.

[0119] Step 511: Decompress the decrypted data to complete the communication. Of course, if the original data is to be obtained, the TLV data needs to be further decoded, which will not be repeated here.

[0120] through the above Figure 5 It can be seen from the embodiment of the present invention that, in the embodiment, the first transmission party and the second transmission party use the same key to encrypt and decrypt TLV data. In addition, the encryption key used by the first transmission to send the TLV data to the second transmission is the same as the encryption key used by the second transmission to send the TLV data to the first transmission.

[0121] In order to further improve the security of data transmission, the key used by the sender (such as the first transmission party) to encrypt the TLV data is different from the key used by the receiver (such as the second transmission party) to decrypt the TLV data. Even, the encryption key used by the first transmission to send TLV data to the second transmission is not the same as the encryption key used by the second transmission to send TLV data to the first transmission, or even not the same key pair. Please see the example below

[0122] see Image 6 , which is a flowchart of the fourth embodiment of a TLV-based data transmission method provided by the present invention.

[0123] Step 610: The first transmission party acquires the first public key in the pre-generated first key pair; the second transmission party acquires the first private key in the pre-generated first key pair.

[0124] Step 620: The first transmission party and the second transmission party use the first key pair to exchange information, triggering the generation of a second key pair including the second public key and the second private key.

[0125] Step 630: The second transmission party and the first transmission party respectively acquire the key information in the second key pair, and the key information in the second key pair is used as related key information for subsequent transmission of TLV data. For example, the second transmission party learns the second public key in the second key pair, and transmits the second private key to the first transmission party by using the first key pair.

[0126] The purpose of the above steps 610 to 630 is also to make the data transmission party know the key related to the transmission of the TLV data. In other words, it can also be understood that the first transmission party and the second transmission party use the first key pair to exchange information, and exchange the data transmission key used to transmit TLV data subsequently. Only the data transmission key in this embodiment is different from the data transmission key in the foregoing first and second embodiments. In the first embodiment and the second embodiment, the transmission key used to transmit the TLV data is the same for encryption and decryption, and the encryption key used in the two-way mutual transmission is also the same. In this embodiment, the subsequent transmission keys used to transmit TLV data are different for encryption and decryption, and if there is bidirectional transmission, the encryption keys used in both directions are also different, and the corresponding decryption keys are also different. different.

[0127] For a better understanding of 610 to 630, a detailed description is given below in conjunction with a specific implementation manner. see Figure 7 , which is a schematic diagram of the third embodiment of the present invention for obtaining a key related to the transmission of TLV data.

[0128] In this schematic diagram, the first transmission party takes the client as an example for description, and the second transmission party takes the server as an example for description. The client, which is not physically limited to this, can be implemented by being integrated into the server, that is, the function of key management can be performed by the server shown in the figure or another server.

[0129] Step 7001: Generate a key pair A1 including the public key A1-P (ie the first public key in step 610) and the private key A1-S (ie the first private key in step 610). The key management unit is completed. This key pair is usually not updated very often. Of course, if you are in stricter security requirements, you can also update it regularly or irregularly according to actual needs.

[0130] Step 7002: The key management unit transmits the public key A1-P to the client, and the client saves the public key A1-P, that is, the client learns the public key A1-P.

[0131] Step 7003: The key management unit transmits the private key A1-S to the server, and the server saves the private key A1-S, that is, the server learns the private key A1-S.

[0132] Step 7004: The client generates authentication information (plain text). If the security requirements are high, verification information can be added to the request message. The purpose of the verification information is to enable the server to verify that the client's identity is legal.

[0133] Step 7005: The client constructs a request message (the key for requesting subsequent transmission of TLV data, that is, the key for requesting encryption/encryption of TLV data), and encrypts the request message with the public key A1-P.

[0134] Step 7006: Send the request message encrypted by the public key A1-P to the server.

[0135] Step 7007: After receiving the request message, the server decrypts it with the private key A1-S, and verifies the plaintext information.

[0136] Step 7008: After successful decryption and verification, the server sends a request to the key management unit, requesting to generate a new key pair AN.

[0137] Step 7009: The key management unit delivers the key pair AN (public key AN-P and private key AN-S) to the server.

[0138] Step 7010: The server issues the private key AN-S to the client.

[0139] Step 7011: The client successfully receives the key AN-S for transmitting TLV data to the server. At the same time, the private key AN-S is also used as a decryption key for decrypting the TLV data subsequently transmitted from the server.

[0140] through the above Figure 7 It can be seen from the specific embodiment that the first key pair (A1-P and A1-S) is used between the server and the client to exchange information, and the subsequent data transmission keys (AN-P and A1-S) used to transmit TLV data are exchanged. AN-S).

[0141] For specific transmission encryption and other processes, please continue to refer to the following procedures.

[0142] Step 640: The first transmitting party encodes the first original data to be transmitted in a TLV encoding manner.

[0143] Step 650: The first transmission party encrypts the TLV data by using the second private key to generate encrypted TLV data. corresponds to Figure 7 In this step, the client uses AN-S to encrypt the TLV data.

[0144] Step 660: Transmit the encrypted TLV data to the second transmission party. corresponds to Figure 7 In this step, the client transmits the data encrypted by AN-S to the server.

[0145] So far, through steps 610 to 660, the complete transmission process of transmitting TLV data to the second transmission party from the first transmission party is completed.

[0146] In order to describe the embodiments of the present invention in more detail, the processing of the received data by the receiver and the second transmitter will be further described later.

[0147] Specifically, the second transmission party uses the second public key to decrypt the TLV data from the first transmission party. corresponds to Figure 7 In the application environment shown, this step is that the server uses AN-P to decrypt the TLV data from the client. After the decryption is successful, the decrypted TLV data is decoded to obtain the transmitted first original data.

[0148] In practical applications, some transmissions are unidirectional, but there are also many transmissions that are bidirectional. If a subsequent second transmission party needs to transmit TLV data to the first transmission party, the following process is used.

[0149] (1) The second transmitting party encodes the second original data to be transmitted in a TLV encoding manner to generate TLV data.

[0150](2) The second transmission party uses the second public key to encrypt the TLV data to generate encrypted TLV data. corresponds to Figure 7 In this step, the server uses the public key AN-P to encrypt the TLV data to generate encrypted TLV data.

[0151] (3) Transmitting the encrypted TLV data to the first transmitting party. corresponds to Figure 7 In this step, the server transmits the encrypted TLV data to the client.

[0152] (4) The first transmission party uses the second private key to decrypt the TLV data from the second transmission party. corresponds to Figure 7 In the application scenario, this step is that the client uses AN-S to decrypt the TLV data from the server.

[0153] (5) Decode the decrypted TLV data to obtain the transmitted second original data.

[0154] It should be noted that, in the foregoing step 7010, the server may also issue the public key AN-P to the client, and save the private key AN-S by itself. Furthermore, when the client sends TLV data to the server subsequently, the public key AN-P is used for encryption, and correspondingly, the server uses the private key AN-S to decrypt. On the contrary, when the server sends TLV data to the client, it uses the private key AN-S for encryption, and correspondingly, the client uses the public key AN-P for decryption. In a word, the first transmission party obtains one key information in the second key pair, and the second transmission party obtains another key information in the second key pair, specifically which one obtains the public key and which one obtains the private key, the present invention The embodiment does not limit this. When transmitting TLV data, one key in the second key pair is used for encryption, and another key in the second key pair is used for decryption.

[0155] In addition, in the foregoing embodiment, after the second key pair is generated, the second key pair is used for encryption and decryption of the TLV data transmitted between the first transmission party and the second transmission party. There is another alternative solution, that is, after the second key pair is generated, the first transmission direction transmits the TLV data to the second transmission party, the first key pair is used to encrypt/decrypt, and the second transmission direction transmits the TLV data to the first transmission party. TLV data, encrypted/decrypted using the second key pair.

[0156] Specifically, through steps 610 to 630, the first transmission party is made aware of the pre-generated first public key in the first key pair and the second private key in the second key pair; and the second transmission party is informed The pre-generated first private key in the first key pair and the second public key in the second key pair. Furthermore, the first transmission party uses the TLV encoding method to encode the first original data to be transmitted; the first transmission party uses the first public key (for example, Figure 7 A1-P in the above) encrypts the TLV data; transmits the encrypted TLV data to the second transmission party. Further, the second transmission party uses the first private key (eg A1-S) to decrypt the TLV data from the first transmission party; and decodes the decrypted TLV data to obtain the transmitted first original data.

[0157] In the case of bidirectional transmission, further include:

[0158] The second transmission party uses the TLV encoding method to encode the second original data to be transmitted to generate TLV data; the second transmission party uses the second public key (for example, Figure 7 AN-P in the above) encrypts the TLV data to generate encrypted TLV data; and transmits the encrypted TLV data to the first transmission party. Then, the first transmission party decrypts the TLV data from the second transmission party by using the second private key (eg, AN-S); and decodes the decrypted TLV data to obtain the transmitted second original data.

[0159] Similar to the foregoing fourth embodiment, which one of the first transmission party and the second transmission party obtains the public key in the first key pair and which obtains the private key is not limited in the present invention, but the foregoing examples only affect the security. Say relatively better. There are no similar restrictions on the distribution of the second key pair. In other words, the first transmitting party learns a key information in the pre-generated first key pair and a key information in the second key pair; the second transmitting party learns the pre-generated first key Another key information in the pair, and another key information in the second key pair. It does not restrict whether a key information in the first key pair is the first public key or the first private key, and similarly, it does not restrict whether the key information in the second key pair is the second public key or the second private key. It just means that when one key information is the public key, the other key information is the private key, and vice versa, they are used in pairs.

[0160] From the above description of the fourth embodiment of a TLV-based data transmission method of the present invention and its alternatives, it can be seen that in this embodiment, the encryption and decryption passwords used by the two transmission parties are different, which further improves the security of TLV data. Moreover, the encryption key used by the first transmission to send TLV data to the second transmission is different from the encryption key used by the second transmission to send TLV data to the first transmission, thus further improving the security of TLV data transmission .

[0161] Corresponding to the foregoing method embodiments of the present invention, the present invention also discloses a TLV-based data transmission system. Please refer to Figure 8 , which is a block diagram of an embodiment of a TLV-based data transmission system provided by the present invention. The units in this embodiment are based on logical division rather than physical division. Therefore, in practical applications, a unit may be located in different physical entities to cooperate with each other to complete corresponding functions, and different units may also be combined in one physical entity. , the embodiment of the system of the present invention is not limited to this. In addition, since the system embodiment and the method embodiment of the present invention are completely corresponding, the technical details of each unit will not be repeated.

[0162] In this embodiment, the data transmission system includes:

[0163] The encoding unit 810 is used to encode the original data to be transmitted using the TLV encoding mode to generate TLV data; the encryption unit 820 is used to encrypt the TLV data to generate encrypted TLV data; to transmit the encrypted TLV data.

[0164] Optionally, the method further includes: a key communication unit, configured to acquire the key related to the transmission of the TLV data.

[0165] In a specific embodiment, the key transmission unit specifically includes a first key communication unit and a second key communication unit, wherein the first key communication unit is used to inform the first transmission party of the pre-generated key The first public key in the first key pair of the first key pair, the second transmission party knows the first private key in the pre-generated first key pair. The second key communication unit is used for information exchange between the first transmission party and the second transmission party using the first key pair, and for exchanging a data transmission key used to transmit TLV data subsequently.

[0166] In another specific embodiment, the key communication unit specifically includes a third key communication unit, a fourth key communication unit and a fifth key communication unit, wherein the third key communication unit is used to enable all The first transmission party and the second transmission party respectively obtain the first public key in the first key pair, and the third party obtains the first private key in the first key pair; the fourth key communication unit is used for the The first transmission party and the third party use the first key pair to perform information exchange, so that the first transmission party learns the data subsequently used for transmitting TLV data between the first transmission party and the second transmission party a transmission key; a fifth key communication unit, used for the second transmission party and the third party to use the first key pair to exchange information, so that the second transmission party knows that the second transmission The data transmission key for transmitting TLV data between the second transmission party and the first transmission party.

[0167] In the above two specific embodiments, the encoding unit 810 is specifically a first encoding unit, which is used by the first transmitting party to encode the first original data to be transmitted in a TLV encoding manner; the encryption unit 820 is specifically a first encryption unit , for the first transmission party to encrypt the TLV data by using the data transmission key; the transmission unit 830 is specifically a first transmission unit, used for sending the encrypted TLV data to the second The transmitting party makes the transmission;

[0168] Optionally, the system further includes: a first decryption unit for the second transmission party to decrypt the TLV data from the first transmission party by using the data transmission key; and, a first decoding unit , which is used to decode the decrypted TLV data to obtain the transmitted first original data.

[0169] In yet another specific implementation manner, the aforementioned second key communication unit includes: a new key triggering subunit, configured to use the first key pair between the first transmission party and the second transmission party to perform information exchange, triggering the generation of a second key pair including a second public key and a second private key; a new key communication subunit, used to make the first transmission party aware of a key pair in the second key pair key information, and the second transmission party learns the other key information in the second key pair. The encoding unit 810 is specifically a second encoding unit, which is used by the first transmission party to encode the first original data to be transmitted in a TLV encoding manner; the encryption unit 820 is specifically a second encryption unit, which is used for the first transmission party. Encrypt the TLV data by using the first key information in the second key pair; the transmission unit 830 is specifically a second transmission unit, configured to send the encrypted TLV data to the second The transmitting party makes the transmission;

[0170] The system further includes: a second decryption unit for the second transfer party to decrypt the TLV data from the first transfer party using the other key in the second key pair; and , a second decoding unit, configured to decode the decrypted TLV data to obtain the transmitted first original data.

[0171] If the transmission system is bidirectional transmission, it further includes: a third encoding unit, used by the second transmission party to encode the second original data to be transmitted in a TLV encoding manner to generate TLV data; a third encryption unit, using The second party uses the other key in the second key to encrypt the TLV data to generate encrypted TLV data; a third transmission unit is used to encrypt the encrypted TLV data. The TLV data is transmitted to the first transmission party; a third decryption unit is used for the first transmission party to use the first key in the second key pair to pair the TLV from the second transmission party The data is decrypted; the third decoding unit is used for decoding the decrypted TLV data to obtain the second original data transmitted.

[0172] In another specific embodiment, the key communication unit includes: a sixth key communication unit, configured to make the first transmission party know a key information and a second key in the pre-generated first key pair One key information in the key pair; a seventh key communication unit, configured to make the second transmission party know the other key information in the pre-generated first key pair and the second key pair in the second key pair. Another key information.

[0173] Correspondingly, the encoding unit 810 is specifically a fourth encoding unit, which is used by the first transmitting party to encode the first original data to be transmitted in a TLV encoding manner; the encryption unit 820 is specifically a fourth encryption unit, which is used for the first original data to be transmitted. A transmission party encrypts the TLV data by using a key in the first key pair; the transmission unit 830 is specifically a fourth transmission unit, configured to send the encrypted TLV data to the second The transmitting party makes the transmission;

[0174] Optionally, the system further includes: a fourth decryption unit, configured for the second transmission party to use the other key pair in the first key pair to pair the TLV data from the first transmission party performing decryption; and, a fourth decoding unit, configured to decode the decrypted TLV data to obtain the transmitted first original data.

[0175]If in this specific embodiment, if the system is bidirectional transmission, it further includes: a fifth encoding unit, used for the second transmission party to use TLV encoding to encode the second original data to be transmitted to generate TLV data; The fifth encryption unit is used for the second party to perform encryption processing on the TLV data using the other key in the second key pair to generate encrypted TLV data; the fifth transmission unit, used in transmitting the encrypted TLV data to the first transmission party; the fifth decryption unit is used for the first transmission party to use the first key pair in the second key pair from the The TLV data of the second transmission party is decrypted; the fifth decoding unit is used for decoding the decrypted TLV data to obtain the transmitted second original data.

[0176] In order to save traffic and improve messages, the system further includes: a compression unit for compressing the TLV data before or after encrypting the TLV data. Since the TLV encoding method adds extra Tag and Length fields for each type, the resulting data is larger than the original data, so if you compress the TLV data before transmitting it, such as using Huffman (Huffman encoding) or Gzip (abbreviation of GNUzip, a file compression program) way to compress, which can save bandwidth and improve transmission speed.

[0177] To further reduce the amount of transmitted data, the encoding unit 810 can be specifically used to encode the original data to be transmitted by using the TLV encoding method, without encoding the Length field during the encoding process, to generate TLV data, the TLV The Length field is not included in the data. In addition, the length of the tag can also be reduced, for example, reduced to 8bits (bits).

[0178] Specifically, in traditional TLV, the length of Tag (used to identify the type of data) and Length are fixed (mainly for the convenience of programming). In fact, if the type of tag is limited, and there are some data lengths corresponding to tags. If fixed, then tag and length can be further reduced to save traffic. Using the above-mentioned new TLV encoding method that reduces the tag length or does not encode the length, there is no problem in decoding the receiver. Because the data length of each type is basically fixed, the receiver can read the data type from the tag, and can know the length of the data of this type, and then know how long it needs to be decoded when decoding. It can be seen that the adoption of the above-mentioned new TLV encoding method can save the transmission traffic and improve the transmission efficiency.

[0179] From the description of the above embodiments and specific implementations, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus a necessary general hardware platform. Based on this understanding, the technical solutions of the present invention can be embodied in the form of software products in essence or the parts that make contributions to the prior art. The computer software products can be stored in storage media, such as ROM/RAM, magnetic disks, etc. , CD, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in various embodiments or some parts of the embodiments of the present invention.

[0180] Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to the partial descriptions of the method embodiments. The system embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

[0181] The embodiments of a TLV-based data transmission method and system provided by the present invention have been described above in detail. In this paper, specific examples are used to illustrate the principles and implementations of the present invention. The descriptions of the above embodiments are only used for It helps to understand the method of the present invention and its core idea; meanwhile, for those skilled in the art, according to the idea of ​​the present invention, there will be changes in the specific embodiments and application scope. In conclusion, the contents of this specification should not be construed as limiting the present invention.