CN101695038A - Method and device for detecting SSL enciphered data safety - Google Patents
Method and device for detecting SSL enciphered data safetyDownload PDFInfo
- Publication number
- CN101695038A CN101695038ACN200910236903ACN200910236903ACN101695038ACN 101695038 ACN101695038 ACN 101695038ACN 200910236903 ACN200910236903 ACN 200910236903ACN 200910236903 ACN200910236903 ACN 200910236903ACN 101695038 ACN101695038 ACN 101695038A
- Authority
- CN
- China
- Prior art keywords
- server
- key
- ssl
- private key
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Technical field
The present invention relates to network security technology, be specifically related to a kind of method and device of the SSL of detection enciphered data safety.
Background technology
At present, along with the construction and development of network infrastructure and application system, people's work life more and more be unable to do without network: Web bank, declare dutiable goods on the net, shopping online, online registration or the like.These network applications have changed people's work, life style, stay indoors and can finish a lot of work.But network brings easily simultaneously, because the defective that system, software, agreement self exist, some unique people can utilize hacking technique to attack these systems, to obtain user credit card information, enterprise's confidential information or other sensitive informations, therefrom obtain economic interests.
SSL (Security Socket Layer, SSL) is to use the secure network communications protocol of unsymmetrical key technology of PKI and private key combination, be mainly used in the coefficient of safety that improves data between the application program, guarantee the communication of transaction-safe between any client that safe socket character has been installed and server, relate to all TCP/IP (Transmission Control Protocol/Internet Protocol, i.e. transmission control protocol/IP(Internet Protocol)) application program.The SSL security protocol mainly provides the service of three aspects: the legitimacy authentication of user and server, enciphered data are to hide the data that are transmitted, the integrality of protected data.
The application of ssl protocol can realize communicating pair is authenticated, and to the transmission data encrypt, effectively having improved safety of data transmission, is a kind of security protection means commonly used, is widely used in the enterprise web sites higher to safety requirements such as bank, the tax, insurance.Though but the SSL technology has solved the fail safe of data transmission procedure, the data itself that but can not guarantee encrypted transmission must be safe and reliable, as: can there be SQL (Structured Query Language) injection, XSS attack messages such as (Cross SiteScript, cross site scriptings) in the HTTPS that validated user sends (the Hypertext Transfer Protocol over Secure Socket Layer) data equally.
In order to protect these systems not to be destroyed, a lot of security protection products and technology occur and solved this class safety problem, mainly contain:
The use of (1.PKI Public Key Infrastructure, PKIX).
PKI is that a kind of public key cryptography of utilizing of following standard provides the technology and the standard of a cover foundation for security platform for carrying out of ecommerce.The use of PKI can verify client and server both sides identity, and the data of transmitting between client and the server are encrypted, to improve safety of data.
The use of (2.NIDS Network-based Intrusion Detection System, Network Intrusion Detection System).
NIDS is deployed in the network key node, and the real-time analysis network data with the illegal or unlawful practice of finding wherein to exist, and is in time taked alert notice keeper or multiple response modes such as automatic and firewall linkage, stops hacker attacks.
3. fire compartment wall, VPN (Virtual Private Network, Virtual Private Network) wait other various safety products and technology.
Wherein, NIDS can find the behavior of breach of security strategy and be attacked sign by analyzing to the some key point acquisition of information in the computer network and to it, can identification data content safety whether.But traditional NIDS can not discern and use the SSL ciphered data, therefore can't analyze encrypted data, thereby can't detect the intrusion behavior that is present in the SSL encryption tunnel.
Summary of the invention
The embodiment of the invention provides a kind of method and device of the SSL of detection enciphered data safety, to guarantee the fail safe of SSL enciphered data.
For this reason, the embodiment of the invention provides following technical scheme:
A kind of method that detects the SSL enciphered data safety comprises:
By following the tracks of SSL session negotiation process, the cryptographic algorithm that the identification session is used;
By following the tracks of key exchange process, obtain to be used for the session key of enciphered data;
The data of utilizing described session key deciphering to receive obtain unencrypted initial data;
Described initial data is carried out intrusion detection and analysis.
Alternatively, described cryptographic algorithm comprise following any one: symmetric encipherment algorithm, Diffie-Hellman, digest algorithm.
Preferably, described method also comprises: the private key that obtains the server correspondence;
Described by following the tracks of key exchange process, the session key that acquisition is used for enciphered data comprises:
By the tracking key exchange process, and use the private key of described server correspondence to decipher the cipher key change message that client sends to server, obtain session key.
Preferably, the described private key that obtains the server correspondence comprises:
Determine the address of server and the application layer protocol of use;
According to the address of the protected server of setting up in advance and the corresponding relation of application layer protocol and private key certificate, obtain the private key of server correspondence.
Preferably, the application layer protocol of the address of described definite server and use comprises:
The IP message that receives is recombinated, determine the address of server;
The TCP stream that receives is recombinated, determine the application layer protocol that server uses.
A kind of device that detects the SSL enciphered data safety comprises:
The cryptographic algorithm recognition unit is used for by following the tracks of SSL session negotiation process, the cryptographic algorithm that the identification session is used;
The session key acquiring unit is used for obtaining to be used for the session key of enciphered data by following the tracks of key exchange process;
Decrypting device is used to utilize described session key to decipher the data that receive, and obtains unencrypted initial data;
Detecting unit is used for described initial data is carried out intrusion detection and analysis.
Preferably, described device also comprises:
The private key acquiring unit is used to obtain the private key of server correspondence;
Described session key acquiring unit specifically is used for by following the tracks of key exchange process, uses the private key of described server correspondence to decipher the cipher key change message that client sends to server, obtains session key.
Preferably, described private key acquiring unit comprises:
Server address is determined subelement, is used for determining the address of server;
Application layer protocol is determined subelement, is used for the application layer protocol of determining that server uses;
Private key obtains subelement, is used for obtaining the private key of server correspondence according to the address of the protected server of setting up in advance and the corresponding relation of application layer protocol and private key certificate.
Preferably, described server address is determined subelement, specifically is used for the IP message that receives is recombinated, and determines the address of server;
Described application layer protocol is determined subelement, specifically is used for the TCP stream that receives is recombinated, and determines the application layer protocol that server uses.
Preferably, described device also comprises:
Corresponding relation is set up the unit, is used to set up the address of protected server and the corresponding relation of application layer protocol and private key certificate.
The technical scheme that is provided by the above embodiment of the invention as can be seen, the embodiment of the invention detects the method and the device of SSL enciphered data safety, by following the tracks of SSL session negotiation process, the cryptographic algorithm that the identification session is used, by following the tracks of key exchange process, acquisition is used for the symmetric key of enciphered data, the data of utilizing described session key deciphering to receive, obtain unencrypted initial data, described initial data is carried out intrusion detection and analysis, thereby can detect the intrusion behavior that is present in the SSL encryption tunnel, guarantee the fail safe of SSL enciphered data.
Description of drawings
Fig. 1 is the workflow diagram of existing SSL;
Fig. 2 is the flow chart that the embodiment of the invention detects the method for SSL enciphered data safety;
Fig. 3 is the composition of ssl protocol and the position view in TCP/IP thereof;
Fig. 4 is a kind of structural representation that the embodiment of the invention detects the device of SSL enciphered data safety;
Fig. 5 is the another kind of structural representation that the embodiment of the invention detects the device of SSL enciphered data safety.
Embodiment
In order to make those skilled in the art person understand the scheme of the embodiment of the invention better, the embodiment of the invention is described in further detail below in conjunction with drawings and embodiments.
At first the workflow of SSL is carried out simple declaration below.
As shown in Figure 1, the workflow of SSL mainly is divided into following two processes:
1. session negotiation process:
101. user end to server sends a start information " Hello ", so that begin a new session connection;
102. server determines whether that according to client's information needs generate new master key, as needs then server will comprise the server certificate that is used to transmit server public key information when " Hello " of customer in response information;
2. key exchange process:
103. client produces this session key, and passes to server behind the public key encryption with server according to the server response message of receiving;
104. server receives response message, uses private key deciphering response message, obtains this session key.
What after this, the dialogue between SSL client and the SSL server transmitted is to utilize this session key data encrypted.
For this reason, the embodiment of the invention detects the method and the device of SSL enciphered data safety, workflow based on above-mentioned SSL, by following the tracks of SSL session negotiation process, the cryptographic algorithm that the identification session is used is by following the tracks of key exchange process, acquisition is used for the session key of enciphered data, the data of utilizing described session key deciphering to receive obtain unencrypted initial data, and described initial data are carried out intrusion detection and analysis.
As shown in Figure 2, be the flow chart that the embodiment of the invention detects the method for SSL enciphered data safety, may further comprise the steps:
Step 202 by following the tracks of key exchange process, obtains to be used for the session key of enciphered data.
As seen from Figure 1, SSL client and SSL server adopt rivest, shamir, adelman to transmit this session key, the algorithm that adopts can be: RSA (Ron Rivest, Adi Shamir, Len Adleman), Elgamal, knapsack algorithm, Rabin, HD (Hausdorff distance), ECC (Elliptic CurvesCryptography, elliptic curve encryption algorithm) etc.Particularly, the SSL client can transmit this session key of encrypting with server public key to the SSL server.In public key encryption, PKI can openly transmit between communicating pair, or issues in public warehouse, but relevant private key is maintained secrecy.Have only and use corresponding private key could decipher the data of using public key encryption.
For this reason, in embodiments of the present invention, can obtain the private key of server correspondence in advance, utilize this private key deciphering client to send to the cipher key change message of server, can obtain session key.
In embodiments of the present invention, can derive the private key and the storage of server in advance, the private key of described server can be that the third party issues, and also can be server oneself configuration.
Step 204 is carried out intrusion detection and analysis to described initial data.
Utilize the embodiment of the invention to detect the method for SSL enciphered data safety, obtain the SSL enciphered data that the SSL server receives by bypass, and this SSL enciphered data is decrypted, obtain unencrypted initial data, described initial data is carried out intrusion detection and analysis, thereby can detect the intrusion behavior that is present in the SSL encryption tunnel, guarantee the fail safe of SSL enciphered data.
The embodiment of the invention detects the method for SSL enciphered data safety, can be applied to individual host, and the separate unit server is carried out security protection, also can dispose by bypass, realizes the security protection to multiple servers.
When needs carry out security protection to multiple servers, can set up the address of protected server and the corresponding relation of application layer protocol and private key certificate in advance, and the message that receives according to server and this corresponding relation private key that obtains the server correspondence.
TCP/IP (Transmission Control Protocol/Internet Protocol, transmission control protocol/internet interconnection protocol) is the whole Internet transfer of data and the most basic employed control protocol of communicating by letter, on it, also has HTTP (Hypertext Transfer Protocol, HTML (Hypertext Markup Language)), LDAP (Lightweight Directory Access Protoco 1 Light Directory Access Protocol), IMAP application layer host-host protocols such as (InternetMessaging Access Protocol, Interactive Mail Access Protocol).And SSL is a kind of data security agreement between TCP/IP and various application layer protocol, use TCP that a kind of security service end to end reliably is provided, it makes the communication between the client-server application do not attacked eavesdropping, and all the time server is authenticated, can also select client is authenticated.
As shown in Figure 3, be the composition of ssl protocol and the position view in TCP/IP thereof.
Each layer wherein can comprise length, description and content field.
Ssl protocol is made up of two-layer, is respectively Handshake Protocol layer and record protocol layer.Handshake Protocol is based upon on the record protocol.Wherein:
Ssl handshake protocol specific implementation compression/de-compression, encrypt/decrypt, computer MAC etc. and security-related operation.
Ssl handshake protocol is to be used for the secure communication mechanism set up at client and server end transmitting user data, comprising:
(1) negotiating algorithm: when communicating by letter first, both sides are by Handshake Protocol arranging key cryptographic algorithm, DEA and digest algorithm.
(2) authentication: after key agreement was finished, client and server end were verified the other side's identity mutually by certificate.
(3) determine key: use the Diffie-Hellman consult to produce a secret information that has only both sides to know at last, the client and server end is separately according to the parameter (generally being key) of this secret information specified data cryptographic algorithm.
According to the position of ssl protocol in TCP/IP as seen, recombinate, determine the address of server by the IP message that the SSL server is received; The TCP stream that the SSL server receives is recombinated, determine the application layer protocol that server uses.Then, according to the address of the protected server of setting up in advance and the corresponding relation of application layer protocol and private key certificate, can find the private key of this protected server.Thereby can realize security protection to many different servers.
Because existing NIDS can be by analyzing to the some key point acquisition of information in the computer network and to it, discern the attack in the non-SSL enciphered data, can in time take alert notice keeper or multiple response modes such as automatic and firewall linkage, to stop hacker attacks.Therefore, the method that the embodiment of the invention can also be detected the SSL enciphered data safety is applied in traditional NIDS product, makes it bypass detect the intrusion behavior that is present in the SSL encryption tunnel.That is to say, NIDS and PKI technology are used, thereby can when network information system is protected, both can bring into play the authentication of PKI, the advantage of encryption, can utilize NIDS to discern attack or the unlawful practice that is hidden in the enciphered data again.Can also be convenient to postaudit or provide corresponding information by the relevant daily record of record for the police solve a case.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to finish by program, described program can be stored in the computer read/write memory medium, described storage medium, as: ROM/RAM, magnetic disc, CD etc.
Correspondingly, the embodiment of the invention also provides a kind of device of the SSL of detection enciphered data safety, as shown in Figure 4, is a kind of structural representation of this device.
In this embodiment, described device comprises:
Cryptographicalgorithm recognition unit 301 is used for by following the tracks of SSL session negotiation process, the cryptographic algorithm that the identification session is used;
Sessionkey acquiring unit 302 is used for obtaining to be used for the session key of enciphered data by following the tracks of key exchange process;
Detectingunit 304 is used for described initial data is carried out intrusion detection and analysis.
In embodiments of the present invention, can obtain the private key of server correspondence in advance, utilize this private key deciphering client to send to the cipher key change message of server, can obtain session key.For this reason, described device also further comprises: privatekey acquiring unit 305 is used to obtain the private key of server correspondence.The private key of described server can be that the third party issues, and also can be server oneself configuration.
Described sessionkey acquiring unit 302 specifically is used for by following the tracks of key exchange process, uses the private key of described server correspondence to decipher the cipher key change message that client sends to server, obtains session key.
Utilize the embodiment of the invention to detect the device of SSL enciphered data safety, obtain the SSL enciphered data that the SSL server receives by bypass, and this SSL enciphered data is decrypted, obtain unencrypted initial data, described initial data is carried out intrusion detection and analysis, thereby can detect the intrusion behavior that is present in the SSL encryption tunnel, guarantee the fail safe of SSL enciphered data.
The embodiment of the invention detects the device of SSL enciphered data safety, can be applied to individual host, and the separate unit server is carried out security protection, also can dispose by bypass, realizes the security protection to multiple servers.
When needs carry out security protection to multiple servers, can set up the address of protected server and the corresponding relation of application layer protocol and private key certificate in advance, and the message that receives according to server and this corresponding relation private key that obtains the server correspondence.
As shown in Figure 5, be the another kind of structural representation that the embodiment of the invention detects the device of SSL enciphered data safety.
In this embodiment, described device also further comprises: corresponding relation is set upunit 306, is used to set up the address of protected server and the corresponding relation of application layer protocol and private key certificate.
Described privatekey acquiring unit 305 comprises:
Server address isdetermined subelement 351, is used for determining the address of server, particularly, can determine the address of server by the IP message that receives is recombinated;
Application layer protocol isdetermined subelement 352, is used for determining the application layer protocol of server use, particularly, can determine the application layer protocol that server uses by the TCP stream that receives is recombinated;
Private key obtainssubelement 353, is used for obtaining the private key of server correspondence according to the address of the protected server of setting up in advance and the corresponding relation of application layer protocol and private key certificate.
The device that the embodiment of the invention can be detected the SSL enciphered data safety is integrated in traditional NIDS product, makes it bypass detect the intrusion behavior that is present in the SSL encryption tunnel.That is to say, NIDS and PKI technology are used, thereby can when network information system is protected, both can bring into play the authentication of PKI, the advantage of encryption, can utilize NIDS to discern attack or the unlawful practice that is hidden in the enciphered data again.Can also be convenient to postaudit or provide corresponding information by the relevant daily record of record for the police solve a case.
The embodiment of the invention detects the method and the device of SSL enciphered data safety, can be used in numerous general or special purpose computingasystem environment or the configuration.For example: personal computer, server computer, multicomputer system, the system based on microprocessor, set-top box, programmable consumer-elcetronics devices, network PC, minicom, mainframe computer, comprise distributed computing environment (DCE) of above any system or equipment or the like.
More than the embodiment of the invention is described in detail, used embodiment herein the present invention set forth, the explanation of above embodiment just is used for help understanding device and method of the present invention; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (10)
1. a method that detects the SSL enciphered data safety is characterized in that, comprising:
By following the tracks of SSL session negotiation process, the cryptographic algorithm that the identification session is used;
By following the tracks of key exchange process, obtain to be used for the session key of enciphered data;
The data of utilizing described session key deciphering to receive obtain unencrypted initial data;
Described initial data is carried out intrusion detection and analysis.
2. method according to claim 1 is characterized in that, described cryptographic algorithm comprise following any one: symmetric encipherment algorithm, Diffie-Hellman, digest algorithm.
3. method according to claim 1 is characterized in that, described method also comprises: the private key that obtains the server correspondence;
Described by following the tracks of key exchange process, the session key that acquisition is used for enciphered data comprises:
By the tracking key exchange process, and use the private key of described server correspondence to decipher the cipher key change message that client sends to server, obtain session key.
4. method according to claim 3 is characterized in that, the described private key that obtains the server correspondence comprises:
Determine the address of server and the application layer protocol of use;
According to the address of the protected server of setting up in advance and the corresponding relation of application layer protocol and private key certificate, obtain the private key of server correspondence.
5. method according to claim 4 is characterized in that, the address of described definite server and the application layer protocol of use comprise:
The IP message that receives is recombinated, determine the address of server;
The TCP stream that receives is recombinated, determine the application layer protocol that server uses.
6. a device that detects the SSL enciphered data safety is characterized in that, comprising:
The cryptographic algorithm recognition unit is used for by following the tracks of SSL session negotiation process, the cryptographic algorithm that the identification session is used;
The session key acquiring unit is used for obtaining to be used for the session key of enciphered data by following the tracks of key exchange process;
Decrypting device is used to utilize described session key to decipher the data that receive, and obtains unencrypted initial data;
Detecting unit is used for described initial data is carried out intrusion detection and analysis.
7. device according to claim 6 is characterized in that, described device also comprises:
The private key acquiring unit is used to obtain the private key of server correspondence;
Described session key acquiring unit specifically is used for by following the tracks of key exchange process, uses the private key of described server correspondence to decipher the cipher key change message that client sends to server, obtains session key.
8. device according to claim 7 is characterized in that, described private key acquiring unit comprises:
Server address is determined subelement, is used for determining the address of server;
Application layer protocol is determined subelement, is used for the application layer protocol of determining that server uses;
Private key obtains subelement, is used for obtaining the private key of server correspondence according to the address of the protected server of setting up in advance and the corresponding relation of application layer protocol and private key certificate.
9. device according to claim 8 is characterized in that,
Described server address is determined subelement, specifically is used for the IP message that receives is recombinated, and determines the address of server;
Described application layer protocol is determined subelement, specifically is used for the TCP stream that receives is recombinated, and determines the application layer protocol that server uses.
10. device according to claim 8 is characterized in that, described device also comprises:
Corresponding relation is set up the unit, is used to set up the address of protected server and the corresponding relation of application layer protocol and private key certificate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910236903ACN101695038A (en) | 2009-10-27 | 2009-10-27 | Method and device for detecting SSL enciphered data safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910236903ACN101695038A (en) | 2009-10-27 | 2009-10-27 | Method and device for detecting SSL enciphered data safety |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101695038Atrue CN101695038A (en) | 2010-04-14 |
Family
ID=42093980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910236903APendingCN101695038A (en) | 2009-10-27 | 2009-10-27 | Method and device for detecting SSL enciphered data safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101695038A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710663A (en)* | 2012-06-21 | 2012-10-03 | 奇智软件(北京)有限公司 | Method and device for obtaining cloud service |
| CN102724211A (en)* | 2012-06-29 | 2012-10-10 | 飞天诚信科技股份有限公司 | Key agreement method |
| CN102857393A (en)* | 2012-09-11 | 2013-01-02 | 中国电力科学研究院 | Message simulation based non-public cryptographic algorithm SSL (secure sockets layer) VPN (virtual private network) equipment performance testing method |
| CN102932350A (en)* | 2012-10-31 | 2013-02-13 | 华为技术有限公司 | TLS (Transport Layer Security) scanning method and device |
| CN103227770A (en)* | 2012-01-30 | 2013-07-31 | 凌群电脑股份有限公司 | Endpoint data secure transmission module and method |
| CN105429962A (en)* | 2015-11-03 | 2016-03-23 | 清华大学 | A general encryption data-oriented intermediate network service construction method and system |
| CN106302507A (en)* | 2016-08-31 | 2017-01-04 | 北京盛世光明软件股份有限公司 | A kind of method based on SSL network data analytic technique |
| CN107438065A (en)* | 2016-05-27 | 2017-12-05 | 三星Sds株式会社 | Data encryption device and method, data decryption apparatus and method |
| WO2017215582A1 (en)* | 2016-06-15 | 2017-12-21 | 华为技术有限公司 | Encrypted content detection method and apparatus |
| CN107925565A (en)* | 2015-06-30 | 2018-04-17 | 华为技术有限公司 | Algorithm update method, equipment to be updated and server |
| CN108156178A (en)* | 2018-01-30 | 2018-06-12 | 上海天旦网络科技发展有限公司 | A kind of SSL/TLS data monitoring systems and method |
| CN108400995A (en)* | 2018-06-07 | 2018-08-14 | 北京广成同泰科技有限公司 | A kind of network attack identification method and identifying system compared based on flow rate mode |
| CN108848078A (en)* | 2018-06-01 | 2018-11-20 | 北京中海闻达信息技术有限公司 | A kind of online data monitoring method and device |
| CN108965307A (en)* | 2018-07-26 | 2018-12-07 | 深信服科技股份有限公司 | Based on HTTPS agreement ciphertext Data Audit method, system and relevant apparatus |
| CN109413060A (en)* | 2018-10-19 | 2019-03-01 | 深信服科技股份有限公司 | Message processing method, device, equipment and storage medium |
| CN109756505A (en)* | 2019-01-16 | 2019-05-14 | 北京左江科技股份有限公司 | The transparent TCP/IP network transmission message recombining method of a kind of pair of terminal device |
| CN111431887A (en)* | 2020-03-19 | 2020-07-17 | 深信服科技股份有限公司 | Reverse Shell monitoring method and device, terminal equipment and medium |
| CN111819824A (en)* | 2017-12-23 | 2020-10-23 | 迈克菲有限责任公司 | Decrypting transport layer security traffic without a broker |
- 2009
- 2009-10-27CNCN200910236903Apatent/CN101695038A/enactivePending
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103227770A (en)* | 2012-01-30 | 2013-07-31 | 凌群电脑股份有限公司 | Endpoint data secure transmission module and method |
| CN103227770B (en)* | 2012-01-30 | 2016-01-20 | 凌群电脑股份有限公司 | Endpoint data security transmission module and method |
| CN102710663A (en)* | 2012-06-21 | 2012-10-03 | 奇智软件(北京)有限公司 | Method and device for obtaining cloud service |
| CN102724211A (en)* | 2012-06-29 | 2012-10-10 | 飞天诚信科技股份有限公司 | Key agreement method |
| CN102724211B (en)* | 2012-06-29 | 2014-12-10 | 飞天诚信科技股份有限公司 | Key agreement method |
| CN102857393A (en)* | 2012-09-11 | 2013-01-02 | 中国电力科学研究院 | Message simulation based non-public cryptographic algorithm SSL (secure sockets layer) VPN (virtual private network) equipment performance testing method |
| CN102857393B (en)* | 2012-09-11 | 2015-06-03 | 中国电力科学研究院 | Message simulation based non-public cryptographic algorithm SSL (secure sockets layer) VPN (virtual private network) equipment performance testing method |
| CN102932350B (en)* | 2012-10-31 | 2016-06-15 | 华为技术有限公司 | A kind of method and apparatus of TLS scanning |
| CN102932350A (en)* | 2012-10-31 | 2013-02-13 | 华为技术有限公司 | TLS (Transport Layer Security) scanning method and device |
| CN107925565A (en)* | 2015-06-30 | 2018-04-17 | 华为技术有限公司 | Algorithm update method, equipment to be updated and server |
| CN107925565B (en)* | 2015-06-30 | 2020-08-07 | 华为技术有限公司 | Algorithm updating method, equipment to be updated and server |
| CN105429962A (en)* | 2015-11-03 | 2016-03-23 | 清华大学 | A general encryption data-oriented intermediate network service construction method and system |
| CN105429962B (en)* | 2015-11-03 | 2018-10-19 | 清华大学 | A kind of general go-between service construction method and system towards encryption data |
| CN107438065A (en)* | 2016-05-27 | 2017-12-05 | 三星Sds株式会社 | Data encryption device and method, data decryption apparatus and method |
| CN107517183B (en)* | 2016-06-15 | 2021-02-12 | 华为技术有限公司 | Method and apparatus for encrypted content detection |
| CN107517183A (en)* | 2016-06-15 | 2017-12-26 | 华为技术有限公司 | Method and device for encrypted content detection |
| WO2017215582A1 (en)* | 2016-06-15 | 2017-12-21 | 华为技术有限公司 | Encrypted content detection method and apparatus |
| CN106302507A (en)* | 2016-08-31 | 2017-01-04 | 北京盛世光明软件股份有限公司 | A kind of method based on SSL network data analytic technique |
| US11805097B2 (en) | 2017-12-23 | 2023-10-31 | Skyhigh Security Llc | Decrypting transport layer security traffic without Man-in-the-Middle proxy |
| CN111819824A (en)* | 2017-12-23 | 2020-10-23 | 迈克菲有限责任公司 | Decrypting transport layer security traffic without a broker |
| CN108156178A (en)* | 2018-01-30 | 2018-06-12 | 上海天旦网络科技发展有限公司 | A kind of SSL/TLS data monitoring systems and method |
| CN108156178B (en)* | 2018-01-30 | 2021-01-26 | 上海天旦网络科技发展有限公司 | SSL/TLS data monitoring system and method |
| CN108848078A (en)* | 2018-06-01 | 2018-11-20 | 北京中海闻达信息技术有限公司 | A kind of online data monitoring method and device |
| CN108400995B (en)* | 2018-06-07 | 2020-12-22 | 北京广成同泰科技有限公司 | Network attack identification method and system based on flow pattern comparison |
| CN108400995A (en)* | 2018-06-07 | 2018-08-14 | 北京广成同泰科技有限公司 | A kind of network attack identification method and identifying system compared based on flow rate mode |
| CN108965307A (en)* | 2018-07-26 | 2018-12-07 | 深信服科技股份有限公司 | Based on HTTPS agreement ciphertext Data Audit method, system and relevant apparatus |
| CN109413060A (en)* | 2018-10-19 | 2019-03-01 | 深信服科技股份有限公司 | Message processing method, device, equipment and storage medium |
| CN109756505A (en)* | 2019-01-16 | 2019-05-14 | 北京左江科技股份有限公司 | The transparent TCP/IP network transmission message recombining method of a kind of pair of terminal device |
| CN111431887A (en)* | 2020-03-19 | 2020-07-17 | 深信服科技股份有限公司 | Reverse Shell monitoring method and device, terminal equipment and medium |
| CN111431887B (en)* | 2020-03-19 | 2022-09-30 | 深信服科技股份有限公司 | Reverse Shell monitoring method and device, terminal equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101695038A (en) | Method and device for detecting SSL enciphered data safety | |
| US11799656B2 (en) | Security authentication method and device | |
| CN110069918B (en) | Efficient double-factor cross-domain authentication method based on block chain technology | |
| Pant et al. | Three step data security model for cloud computing based on RSA and steganography | |
| CN110535868A (en) | Data transmission method and system based on Hybrid Encryption algorithm | |
| RU2584500C2 (en) | Cryptographic authentication and identification method with real-time encryption | |
| US20150113283A1 (en) | Protecting credentials against physical capture of a computing device | |
| US20080022085A1 (en) | Server-client computer network system for carrying out cryptographic operations, and method of carrying out cryptographic operations in such a computer network system | |
| CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
| CN109951513B (en) | Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card | |
| JP4107420B2 (en) | Secure biometric authentication / identification method, biometric data input module and verification module | |
| CN108768613A (en) | A kind of ciphertext password method of calibration based on multiple encryption algorithms | |
| TWI526871B (en) | Server, user device, and user device and server interaction method | |
| CN116743470A (en) | Service data encryption processing method and device | |
| US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
| US10764260B2 (en) | Distributed processing of a product on the basis of centrally encrypted stored data | |
| CN103188212A (en) | Security management method and service terminal of electronic wallet, and electronic wallet system | |
| CN112989320B (en) | User state management system and method for password equipment | |
| Accorsi et al. | Delegating secure logging in pervasive computing systems | |
| KR20030097550A (en) | Authorization Key Escrow Service System and Method | |
| Shen et al. | Research on Information Encryption Technology Applied in Computer Network Security [J] | |
| KR100744603B1 (en) | Packet Level User Authentication Method Using Biometric Data | |
| Tan et al. | A new secure network upgrade system | |
| Mahalle et al. | A review of secure data sharing in cloud using key aggregate cryptosystem and decoy technology | |
| CN117201089B (en) | A gateway authentication method and device for client dynamic upload process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication | Open date:20100414 |