CN101141243A - Device and method for carrying out security check and content filtering on communication data - Google Patents
Device and method for carrying out security check and content filtering on communication data Download PDFInfo
- Publication number
- CN101141243A CN101141243A CNA200610138738XA CN200610138738A CN101141243A CN 101141243 A CN101141243 A CN 101141243A CN A200610138738X A CNA200610138738X A CN A200610138738XA CN 200610138738 A CN200610138738 A CN 200610138738A CN 101141243 A CN101141243 A CN 101141243A
- Authority
- CN
- China
- Prior art keywords
- data
- ssl
- tls
- safety inspection
- digital certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001914 filtration Methods 0.000 title claims abstract description 110
- 238000004891 communication Methods 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000007689 inspection Methods 0.000 claims description 116
- 230000002155 anti-virotic effect Effects 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 10
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 5
- 241001269238 Data Species 0.000 description 4
- 230000000644 propagated effect Effects 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 230000008030 elimination Effects 0.000 description 2
- 238000003379 elimination reaction Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a device for checking and filtering communication data, which is used for performing security check and content filtering on connection data mutually transmitted between a client and a server, wherein the device comprises: the SSL/TLS proxy server is used for decrypting SSL/TLS protocol encrypted data sent by the client/server end into plaintext, sending the plaintext to the security check and content filtering device, encrypting the plaintext data processed by the security check and content filtering device into SSL/TLS data and sending the SSL/TLS data to the server end/client end; the invention also provides a method for checking and filtering the communication data by using the device, which can effectively reduce or even eliminate the network attack and the security threat of a malicious attacker through a protocol based on SSL/TLS encryption.
Description
Technical field
The present invention relates to information security field, particularly relevant for a kind of apparatus and method of communication data being carried out safety inspection and information filtering.
Background technology
In the prior art, the SSL/TLS between client and the server end encrypts that to be connected be direct-connected, and as shown in Figure 1, the data of transmission are all encrypted all the time between client 110 and the server end 120, not plaintext appearance.For ciphered data.Safety inspection and content filtering equipment are directly analyzed and are handled data.Because based on SSL/TLS (Secure Sockets Layer/Transport Layer Security, security socket layer/Transport Layer Security) agreement is (as HTTPS (Hyper Text Transfer Protocolover SSL/TLS), SMTPS (Short Message Transmission Protocol over SSL/TLS), IMAPS (Internet Message Access Protocol over SSL/TLS), POP3S (Post OfficeProtocol version 3 over SSL/TLS) etc.) data of its communication are encrypted, so safety inspection and content filtering equipment can't be handled this data.Just caused client to be subjected to network attack and the security threat that is undertaken by the SSL/TLS communication tunnel easily, these attacks and threat comprise: 1) the network attack and the virus at the browser leak of being undertaken by HTTPS is propagated, and phishing is attacked (Phishing); 2) spam that is undertaken by SMTPS/POP3S/IMAPS (Spam) is propagated, and carries virus and Phishing attack script in these spams most probably; 3) in the SSL/TLS communication tunnel, violate the problem of the reverse connection of gateway access strategy; 4) other possible attack.
Summary of the invention
For addressing the above problem, the object of the present invention is to provide a kind of equipment and method of the communication data of encrypting based on SSL/TLS being carried out safety inspection and information filtering at the gateway place, thereby the agreement that minimizing even elimination malicious attacker are passed through to encrypt based on SSL/TLS is (as HTTPS, IMAPS, SMTPS, POP3S etc.) network attack and the security threat that carries out.
For achieving the above object, the present invention proposes and a kind of communication data is carried out the device of safety inspection and information filtering, be used for the connection data that send mutually between the client and server end are carried out safety inspection and information filtering, wherein, comprising:
The SSL/TLS acting server, be used for the SSL/TLS agreement enciphered data that described client end/server end sends is decrypted into expressly, be sent to safety inspection and content filtering device, and the described clear data that described safety inspection and content filtering device dispose is encrypted as the SSL/TLS data, and be sent to described server end/client;
Safety inspection and content filtering device, be connected with described SSL/TLS acting server, be used for accepting and checking described clear data, if find to have security threat to exist, the data filter that threat then will be arranged, and the clear data after will handling returns described SSL/TLS acting server.
Above-mentioned communication data is carried out the device of safety inspection and information filtering, wherein, described SSL/TLS acting server further comprises:
The client communication module is connected respectively with content filtering device with safety inspection with described client, be used to accept the SSL/TLS agreement enciphered data that described client sends, and deciphering is sent to described safety inspection and content filtering device for clear data; With
Be used to accept the clear data that sends from described safety inspection and content filtering device, encrypt described clear data with the SSL/TLS agreement, and be sent to described client.
Above-mentioned communication data is carried out the device of safety inspection and information filtering, wherein, described SSL/TLS acting server further comprises:
The server end communication module, be connected respectively with content filtering device with safety inspection with described server end, be used to accept the SSL/TLS agreement enciphered data that described server end sends, and deciphering is sent to described safety inspection and content filtering device for clear data; With
Be used to accept the clear data that sends from described safety inspection and content filtering device, encrypt described clear data and be sent to described server end with the SSL/TLS agreement.
Above-mentioned communication data is carried out the device of safety inspection and information filtering, wherein, further comprises:
Gateway, be connected respectively with described client, server end, SSL/TLS acting server, be used for when the communication data of described client transmission is SSL/TLS agreement enciphered data, described enciphered data is sent to described SSL/TLS acting server, and accept SSL/TLS agreement enciphered data after described safety inspection and content filtering device are handled from described SSL/TLS acting server, be forwarded to described server end then; With
Be used for when the communication data of described server end transmission is SSL/TLS agreement enciphered data, described enciphered data is sent to described SSL/TLS acting server, and be subjected to SSL/TLS agreement enciphered data after described safety inspection and content filtering device are handled from described SSL/TLS acting server termination, be forwarded to described client.
Above-mentioned communication data is carried out the device of safety inspection and information filtering, wherein, further comprises:
The digital certificate analytical equipment, be used for receiving the digital certificate that SSL/TLS that described SSL/TLS acting server sends connects data, judge whether described digital certificate belongs to the digital certificate white list tabulation, perhaps belongs to the digital certificate blacklist list, or unknown digital certificate.
Above-mentioned communication data is carried out the device of safety inspection and information filtering, wherein, described digital certificate analytical equipment further comprises:
The digital certificate data storehouse, being used for tabulates with digital certificate blacklist list and digital certificate white list respectively stores digital certificate.
Above-mentioned communication data is carried out the device of safety inspection and information filtering, wherein, further comprises:
The URL(uniform resource locator) analytical equipment, be used for judging whether described client belongs to the tabulation of URL(uniform resource locator) white list to the URL(uniform resource locator) of the SSL/TLS agreement connection data of described server end transmission, perhaps belong to the URL(uniform resource locator) blacklist list, or unknown URL(uniform resource locator).
Above-mentioned communication data is carried out the device of safety inspection and information filtering, wherein, described URL(uniform resource locator) analytical equipment further comprises:
The URL(uniform resource locator) database is used for tabulating with URL(uniform resource locator) blacklist list and URL(uniform resource locator) white list and stores the URL(uniform resource locator) list.
Above-mentioned communication data is carried out the device of safety inspection and information filtering, wherein, described SSL/TLS acting server, safety inspection and content filtering device, digital certificate analytical equipment and/or URL(uniform resource locator) analytical equipment are arranged in the described gateway.
For achieving the above object, the invention allows for and a kind of communication data is carried out the method for safety inspection and information filtering, wherein, may further comprise the steps:
Step 1, client end/server end send SSL/TLS agreement enciphered data to the SSL/TLS acting server;
Step 2, described SSL/TLS acting server is clear data and is sent to safety inspection and content filtering device described SSL/TLS agreement enciphered data deciphering;
Step 3, described safety inspection and content filtering device are carried out safety inspection to described clear data, when finding security threat is arranged, the data filter of threat will be arranged, and the clear data after will filtering are sent to described SSL/TLS acting server;
Step 4, the described SSL/TLS acting server clear data after with described processing is encrypted as SSL/TLS agreement enciphered data, is sent to described server end/client.
Above-mentioned communication data is carried out the method for safety inspection and information filtering, wherein, when described client and server end carries out data when connecting by gateway, described step 1 further comprises:
Step 111, described client end/server end send and connect data to gateway;
Step 112, described gateway judge whether described data meet access strategy, if meet, then enter step 113, if do not meet, then refusal connects;
Step 113, described gateway judges whether described data are SSL/TLS agreement enciphered data, if then described SSL/TLS agreement enciphered data is sent to described SSL/TLS acting server, if not, then described data directly are sent to described server end/client.
Above-mentioned communication data is carried out the method for safety inspection and information filtering, wherein, when described client and server end carries out data when connecting by gateway, further comprises after the described step 1:
Step 121, described SSL/TLS acting server sends the digital certificate analytical equipment with the digital certificate that described SSL/TLS agreement connects in the data, and described digital certificate analytical equipment judges whether described digital certificate belongs to the digital certificate white list tabulation or belong to digital certificate blacklist list or unknown digital certificate;
Step 122, if belong to the digital certificate white list tabulation, then described SSl/TLS acting server directly is connected described client with described server end, if belong to the digital certificate blacklist list, then described SSL/TLS acting server stops being connected of described client and described server end, if unknown digital certificate then enters described step 2.
Above-mentioned communication data is carried out the method for safety inspection and information filtering, wherein, further comprises after the described step 1:
Above-mentioned communication data is carried out the method for safety inspection and information filtering, wherein, described SSL/TLS agreement enciphered data comprises: HTTPS data, IMAPS data, SMTPS data and/or POP3S data.
Above-mentioned method of communication data being carried out safety inspection and information filtering, wherein, when described SSL/TLS agreement enciphered data was the HTTPS data, described step 3 further comprised: the step of the data after the described deciphering being carried out the processing of home page filter, anti-virus, intrusion detection, anti-phishing and/or access strategy inspection;
When described SSL/TLS agreement enciphered data was IMAPS, SMTPS or POP3S data, described step 3 further comprised: the step of the data after the described deciphering being carried out the processing of anti-rubbish mail, anti-virus and/or access strategy inspection.
The present invention has realized that the communication data of SSL/TLS being encrypted at the gateway place carries out safety inspection and information filtering, thereby the agreement that minimizing even elimination malicious attacker are passed through to encrypt based on SSL/TLS is (as HTTPS, IMAPS, SMTPS, POP3S etc.) network attack that carries out and security threat, these attacks and threat comprise: 1) the network attack and the virus at the browser leak of being undertaken by HTTPS is propagated, and phishing is attacked (Phishing); 2) spam that is undertaken by SMTPS/POP3S/IMAPS (Spam) is propagated, and carries virus and Phishing attack script in these spams most probably; 3) in the SSL/TLS communication tunnel, violate the problem of the reverse connection of gateway access strategy; 4) other possible attack.
Description of drawings
Fig. 1 is that the SSL/TLS of prior art encrypts connection diagram;
Fig. 2 is the structural representation of first embodiment of the invention;
Fig. 3 is the structural representation of second embodiment of the invention;
Fig. 4 is the workflow schematic diagram of second embodiment of the invention;
Fig. 5 is the structural representation of third embodiment of the invention;
Fig. 6 is the workflow schematic diagram of third embodiment of the invention;
Fig. 7 is the structural representation of fourth embodiment of the invention;
Fig. 8 is the workflow schematic diagram of fourth embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the invention is described.
Fig. 2 is the structural representation of first embodiment of the invention.As shown in the figure, client 110 sends the client communication module 131 of SSL/TLS agreement enciphered datas to the SSL/TLS acting server 130, client communication module 131 is clear data with the deciphering of SSL/TLS agreement enciphered data, be sent to safety inspection and content filtering device 140,140 pairs of these clear datas of safety inspection and content filtering device carry out safety inspection, to there be the information filtering of threat to fall, perhaps directly return and disconnect the instruction that connects, through checking the clear data that filters, be sent to server end communication module 132 by safety inspection and content filtering device, clear data after server end communication module 132 will be filtered is encrypted as encrypt data according to the SSL/TLS agreement again, and is sent to server end 120.
In like manner, when server end 120 when client 110 sends SSL/TLS agreement enciphered datas, at first, data are sent to server end communication module 132 in the SSL/TLS acting server 130, after deciphering is clear data, be sent to safety inspection and content filtering device 140 again, 140 pairs of these clear datas of safety inspection and content filtering device carry out a series of inspection, and the data that threat is arranged are filtered, perhaps directly return the instruction that refusal connects, to check that the clear data after filtering sends client communication module 132, is encrypted as encrypt data with clear data with the SSL/TLS agreement, and is sent to client 110.
Fig. 3 is the structural representation of second embodiment of the invention.As shown in Figure 3, comprise SSL/TLS acting server 130, safety inspection and content filtering device 140 and digital certificate analytical equipment 150.
SSL/TLS acting server 130 is used for agent client 110 and is connected with the SSL/TLS of server end 120, it is forwarded to digital certificate analytical equipment 150 with client 110 to the digital certificate that the SSL/TLS that server end 120 is sent connects in the data, and SSL/TLS connection data are decrypted.
Also comprise digital certificate data storehouse 151 in the digital certificate analytical equipment 150, this digital certificate data storehouse 151 is used for storing the data certificate, and digital certificate classification is stored in two tabulations, be respectively the tabulation of digital certificate blacklist list and digital certificate white list.List the digital certificate of being trusted in the digital certificate white list tabulation, list the digital certificate of known malicious websites in the digital certificate blacklist list.Digital certificate analytical equipment 150 is used to judge whether the digital certificate of being transmitted by SSL/TLS acting server 130 belongs to digital certificate white list tabulation or digital certificate blacklist list, and analysis result is returned to SSL/TLS acting server 130.If above-mentioned digital certificate belongs to digital certificate white list tabulation, then SSL/TLS acting server 130 will make client 110 directly be connected with server end 120, no longer encrypt, work such as deciphering and safety inspection; If above-mentioned digital certificate belongs to the digital certificate blacklist list, then SSL/TLS acting server 130 will stop being connected of client 110 and server end 120; If above-mentioned digital certificate is the certificate an of the unknown, be that it is neither in the digital certificate white list tabulation, also not in the digital certificate blacklist list, then SSL/TLS acting server 130 sends to safety inspection and content filtering device 140 with the clear data of deciphering.
Safety inspection and content filtering device 140 are used for checking the security threat of the clear data that is sent with treatment S SL/TLS acting server 130.
Fig. 4 is the system flow chart of second embodiment of the invention, and as shown in Figure 4, the method that the security threat in the SSL/TLS communication tunnel is carried out safety inspection and information filtering provided by the present invention comprises following step:
Step S401, client 110 send SSL/TLS to server end 120 and connect data;
Step S402, SSL/TLS acting server 130 are forwarded to digital certificate analytical equipment 150 with the digital certificate that SSL/TLS connects in the data;
The digital certificate of being stored in the digital certificate that step S403, digital certificate analytical equipment 150 are sent SSL/TLS acting server 130 and the digital certificate data storehouse 151 is compared, if the described digital certificate that is sent by SSL/TLS acting server 130 belongs to digital certificate white list tabulation, then execution in step S404; If the described digital certificate that is sent by SSL/TLS acting server 130 belongs to the digital certificate blacklist list, then execution in step S405; If the described digital certificate that is sent by SSL/TLS acting server 130 is unknown digital certificate, promptly it neither in the digital certificate white list tabulation, also not in the digital certificate blacklist list, execution in step S406 then;
Step S404, SSL/TLS acting server 130 directly are connected client 110 with server end 120, no longer encrypt, work such as deciphering and safety inspection;
Step S405, SSL/TLS acting server 130 stop client 110 to be connected with server end 120;
Step S406, SSL/TLS acting server 130 are converted to the connection of client 110 to himself with the SSL/TLS connection, and SSL/TLS is connected data decryption is clear data, and the clear data after will deciphering again sends to safety inspection and content filtering device 140;
The clear data that step S407, safety inspection and 140 pairs of SSL/TLS acting servers 130 of content filtering device are sent carries out safety inspection and information filtering, comprise that following mode one of at least: home page filter (Web Filter), anti-virus (Anti-Virus), intrusion detection and protection (IDS/IPS), anti-phishing (Anti-Fishing) and access strategy (Access Policy) inspection etc.If there is security threat to exist in the discovery clear data, safety inspection and content filtering device 140 can disconnect this and be connected and notify client 110 or delete the data that threat is arranged;
After step S408, safety inspection and content filtering device 140 are checked and are disposed, again above-mentioned clear data is sent it back SSL/TLS acting server 130, after SSL/TLS acting server 130 was encrypted above-mentioned clear data, instead of client 110 sent SSL/TLS to server end 120 and connects data;
Step S409, server end 120 return the answer data to SSL/TLS acting server 130 after receiving that above-mentioned SSL/TLS connects data, SSL/TLS acting server 130 again with above-mentioned answer data forwarding to client 110.
In said process, SSL/TLS acting server 130 is divided into two parts with client 110 to the connection of server end 120, a part is the connection of client 110 to SSL/TLS acting server 130, another part is the connection of SSL/TLS acting server 130 to server end 120, and above-mentioned two connections all are that SSL/TLS encrypts.
Fig. 5 is the structural representation of third embodiment of the invention, and as shown in the figure, the client 110 in the Intranet is carried out SSL/TLS by gateway 160 with the server end 120 of outer net and is connected.Gateway 160 is connected with SSL/TLS acting server 130, and SSL/TLS acting server 130 is connected with content filtering device 140 with safety inspection.When gateway 160 receives the connection data that server end 120/ client 110 is sent to, to judge whether these connection data meet access strategy earlier, if do not meet, then stop connecting, if meet, judge further then whether these connection data belong to SSL/TLS agreement ciphered data, if do not belong to, then directly be sent to client 110/ server end 120, if belong to, then this SSL/TLS agreement enciphered data is sent to SSL/TLS acting server 130, be decrypted processing, pass through again after the encryption again of the processing of safety inspection and content filtering device and SSL/TLS acting server 130, the SSL/TLS agreement data decryption that sends after handling returns gateway 160, is sent to client 110/ server end 120 by gateway 160 again.
Fig. 6 is the workflow schematic diagram of third embodiment of the invention.As shown in Figure 6, send to the server end 120 of outer net with the client 110 of Intranet and to connect data instances, as shown in the figure, specifically comprise:
Step S601, the client 110 of Intranet sends and connects data to gateway 160;
Step S602, gateway 160 checks whether this connection meets its access strategy, and the connection data for not meeting access strategy enter step S603, and the connection data for meeting access strategy enter step S604;
Step S603, the connection that gateway 160 refusal clients 110 are initiated;
Step S604, gateway 160 checks whether these connection data are SSL/TLS agreement data decryptions, if not, then enter step S605, if then enter step S606;
Step S605, gateway 160 will connect data and directly be forwarded to server end 120;
Step S606, gateway 160 is sent to SSL/TLS acting server 130 with SSL/TLS agreement enciphered data, 130 these connections of agency of SSL/TLS acting server, SSL/TLS acting server 130 is handled this connection.It transforms into the connection data of client 110 to oneself with this client 110 to the connection request of server end 120, again this is connected data and send to safety inspection and content filtering device 140, and the enciphered data deciphering that sends is sent to safety inspection and content filtering device 140 for clear data;
Step S607, the clear data that safety inspection and content filtering device 140 treatment S SL/TLS acting servers 130 send over.When clear data is the HTTPS agreement, the processing that can carry out has home page filter (Web Filter), anti-virus (Anti-Virus), intrusion detection (IDS/IPS), anti-phishing (Anti-Phishing) and access strategy (Access Policy) check that when clear data was IMAPS, SMTPS or POP3S agreement, the processing that can carry out had anti-rubbish mail (Anti-Spam), anti-virus (Anti-Virus), access strategy (Access Policy) is checked.Have security threat to exist in the data if find to connect, safety inspection and content filtering equipment can be selected to disconnect this and be connected and notify the user, and perhaps deletion has the data of threat;
Step S608, clear data after safety inspection and content filtering device 140 will be handled returns SSL/TLS acting server 130, after SSL/TLS acting server 130 is encrypted this clear data, change into the connection data that SSL/TLS acting server 130 sends to server end 120, and these connection data are sent it back gateway 160;
Step S609, gateway 160 are sent to SSL/TLS agreement enciphered data the server end 120 of outer net.
In this process, the effect of SSL/TLS acting server 130 is that original client 110 is divided into two parts to the connection of server end 120, a part is the connection of client 110 to SSL/TLS acting server 130, and another part is the connection of SSL/TLS acting server 130 to server end 120.These two connections all are that SSL/TLS encrypts.But the data between these two connections, promptly SSL/TLS server 130 send to the data of safety inspection and content filtering device 140 and the data returned all be unencrypted expressly.
Fig. 7 is the structural representation of fourth embodiment of the invention.As shown in Figure 7, present embodiment also comprises URL (URL(uniform resource locator)) analytical equipment 170 except comprising SSL/TLS acting server 130, safety inspection and content filtering device 140 and digital certificate analytical equipment 150.
Also comprise url database 171 in URL (URL(uniform resource locator)) analytical equipment 170, this url database 171 is used for storing the URL list, and the classification of URL list is stored in two tabulations, is respectively the tabulation of URL blacklist list and URL white list.List the URL that is trusted in the tabulation of URL white list, list known malice URL in the URL blacklist list.The URL list that URL analytical equipment 170 is stored according to url database 171 judges whether the URL of client 110 in the SSL/TLS connection data that server end 120 sends belongs to tabulation of URL white list or URL blacklist list.If above-mentioned URL belongs to URL white list tabulation, client 110 directly will be connected with server end 120, no longer encrypt, work such as deciphering and safety inspection; If above-mentioned URL belongs to the URL blacklist list, then stop being connected of client 110 and server end 120; If above-mentioned URL is the URL an of the unknown, promptly it neither in the tabulation of URL white list, also not in the URL blacklist list, then sends to SSL/TLS acting server 130 with client 110 to the HTTPS connection data that server end 120 sends.
SSL/TLS acting server 130 is forwarded to digital certificate analytical equipment 150 with client 110 to the digital certificate that the SSL/TLS that server end 120 is sent connects in the data, and SSL/TLS connection data are decrypted.
Also comprise digital certificate data storehouse 151 in the digital certificate analytical equipment 150, this digital certificate data storehouse 151 is used for storing the data certificate, and digital certificate classification is stored in two tabulations, be respectively the tabulation of digital certificate blacklist list and digital certificate white list.List the digital certificate of being trusted in the digital certificate white list tabulation, list the digital certificate of known malicious websites in the digital certificate blacklist list.Digital certificate analytical equipment 150 is used to judge whether the digital certificate of being transmitted by SSL/TLS acting server end 120 belongs to digital certificate white list tabulation or digital certificate blacklist list, and analysis result is returned to SSL/TLS acting server 130.If above-mentioned digital certificate belongs to digital certificate white list tabulation, then SSL/TLS acting server 130 will make client 110 directly be connected with server end 120, no longer encrypt, work such as deciphering and safety inspection; If above-mentioned digital certificate belongs to the digital certificate blacklist list, then SSL/TLS acting server 130 will stop being connected of client 110 and server end 120; If above-mentioned digital certificate is the certificate an of the unknown, be that it is neither in the digital certificate white list tabulation, also not in the digital certificate blacklist list, then SSL/TLS acting server 130 sends to safety inspection and content filtering device 140 with the clear data of deciphering.
Safety inspection and content filtering device 140 are used for checking the security threat of the clear data that is sent with treatment S SL/TLS acting server 130.Safety inspection and content filtering device 140 comprise one or more as in the lower device: home page filter (Web Filter) device is used for shielding web page, as shielding lottery ticket website, pornographic website, advertisement bar etc.; Anti-virus (Anti-Virus) device is used for the virus that detects and clear data; Intrusion detection and protection (IDS/IPS) device is used for detecting and the protected network invasion, system is attacked by network as the hacker; Anti-phishing (Anti-Fishing) device is used to remove identity theft and the swindle carried out with the phishing form; And access strategy (Access Policy) testing fixture, be used to prevent the network unauthorized access.
Fig. 8 is the system flow chart of fourth embodiment of the invention, and as shown in Figure 8, the method that the SSL/TLS communication data is carried out safety inspection and information filtering provided by the present invention comprises following step:
The URL list that step S801, URL analytical equipment 170 are stored according to url database 171 judges whether the URL of client 110 in the SSL/TLS connection data that server end 120 sends belongs to tabulation of URL white list or URL blacklist list; If above-mentioned URL belongs to the tabulation of URL white list, then execution in step S802; If above-mentioned URL belongs to the URL blacklist list, execution in step S803 then; If above-mentioned URL is the URL an of the unknown, promptly it neither in URL white list tabulation, also not in the URL blacklist list, execution in step S804 then;
Step S802, client 110 directly will be connected with server end 120, will no longer encrypt, work such as deciphering and safety inspection;
Step S803, prevention client 110 are connected with server end 120;
Step S804, the SSl/TLS that client 110 is sent to server end 120 connect data and send to SSL/TLS acting server 130;
Step S805, SSlL/TLS acting server 130 are forwarded to digital certificate analytical equipment 150 with the digital certificate that SSlL/TLS connects in the data;
The digital certificate of being stored in the digital certificate that step S806, digital certificate analytical equipment 150 are sent SSlL/TLS acting server 130 and the digital certificate data storehouse 131 is compared, if the described digital certificate that is sent by SSlL/TLS acting server 130 belongs to digital certificate white list tabulation, then execution in step S807; If the described digital certificate that is sent by SSlL/TLS acting server 130 belongs to numeral card step S807; If the described digital certificate that is sent by SSlL/TLS acting server 130 belongs to the digital certificate blacklist list, then execution in step S808; If the described digital certificate that is sent by SSlL/TLS acting server 130 is unknown digital certificate, promptly it neither in the digital certificate white list tabulation, also not in the digital certificate blacklist list, execution in step S809 then;
Step S807, SSL/TLS acting server 130 directly are connected client 110 with server end 120, no longer encrypt, work such as deciphering and safety inspection;
Step S808, SSL/TLS acting server 130 stop client 110 to be connected with server end 120;
Step S809, SSL/TLS acting server 130 are converted to the connection of client 110 to himself with the SSL/TLS connection, and SSL/TLS is connected data decryption is clear data, and the clear data after will deciphering again sends to safety inspection and content filtering device 140;
The clear data that step S810, safety inspection and 140 pairs of SSL/TLS acting servers 130 of content filtering device are sent carries out safety inspection and information filtering, comprise that following mode one of at least: home page filter (Web Filter), anti-virus (Anti-Virus), intrusion detection and protection (IDS/IPS), anti-phishing (Anti-Fishing) and access strategy (Access Policy) inspection etc.If there is security threat to exist in the discovery clear data, safety inspection and content filtering device 140 can disconnect this and be connected and notify client 110 or delete the data that threat is arranged;
After step S811, safety inspection and content filtering device 140 are checked and are disposed, again above-mentioned clear data is sent it back SSL/TLS acting server 130, after SSL/TLS acting server 130 was encrypted above-mentioned clear data, instead of client 110 sent SSL/TLS to server end 120 and connects data;
Step S812, server end 120 return the answer data to SSL/TLS acting server 130 after receiving that above-mentioned SSL/TLS connects data, SSL/TLS acting server 130 again with above-mentioned answer data forwarding to client 110.
Four above-mentioned embodiment can carry out separately, also can make up between a plurality of embodiment, wherein, SSL/TLS acting server 130, safety inspection and content filtering device 140, digital certificate analytical equipment 150 and URL(uniform resource locator) analytical equipment 170 can all be arranged in the gateway 160, to maintain easily and to use.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; being familiar with those of ordinary skill in the art ought can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (15)
1. one kind is carried out the device of safety inspection and information filtering to communication data, is used for the connection data that send mutually between the client and server end are carried out safety inspection and information filtering, it is characterized in that, comprising:
The SSL/TLS acting server, be used for the SSL/TLS agreement enciphered data that described client end/server end sends is decrypted into expressly, be sent to safety inspection and content filtering device, and the described clear data that described safety inspection and content filtering device dispose is encrypted as the SSL/TLS data, and be sent to described server end/client;
Safety inspection and content filtering device, be connected with described SSL/TLS acting server, be used for accepting and checking described clear data, if find to have security threat to exist, the data filter that threat then will be arranged, and the clear data after will handling returns described SSL/TLS acting server.
2. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that described SSL/TLS acting server further comprises:
The client communication module is connected respectively with content filtering device with safety inspection with described client, be used to accept the SSL/TLS agreement enciphered data that described client sends, and deciphering is sent to described safety inspection and content filtering device for clear data; With
Be used to accept the clear data that sends from described safety inspection and content filtering device, encrypt described clear data with the SSL/TLS agreement, and be sent to described client.
3. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that described SSL/TLS acting server further comprises:
The server end communication module, be connected respectively with content filtering device with safety inspection with described server end, be used to accept the SSL/TLS agreement enciphered data that described server end sends, and deciphering is sent to described safety inspection and content filtering device for clear data; With
Be used to accept the clear data that sends from described safety inspection and content filtering device, encrypt described clear data and be sent to described server end with the SSL/TLS agreement.
4. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that, further comprise:
Gateway, be connected respectively with described client, server end, SSL/TLS acting server, be used for when the communication data of described client transmission is SSL/TLS agreement enciphered data, described enciphered data is sent to described SSL/TLS acting server, and accept SSL/TLS agreement enciphered data after described safety inspection and content filtering device are handled from described SSL/TLS acting server, be forwarded to described server end then; With
Be used for when the communication data of described server end transmission is SSL/TLS agreement enciphered data, described enciphered data is sent to described SSL/TLS acting server, and be subjected to SSL/TLS agreement enciphered data after described safety inspection and content filtering device are handled from described SSL/TLS acting server termination, be forwarded to described client.
5. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that, further comprise:
The digital certificate analytical equipment, be used for receiving the digital certificate that SSL/TLS that described SSL/TLS acting server sends connects data, judge whether described digital certificate belongs to the digital certificate white list tabulation, perhaps belongs to the digital certificate blacklist list, or unknown digital certificate.
6. according to claim 5 communication data is carried out the device of safety inspection and information filtering, it is characterized in that described digital certificate analytical equipment further comprises:
The digital certificate data storehouse, being used for tabulates with digital certificate blacklist list and digital certificate white list respectively stores digital certificate.
7. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that, further comprise:
The URL(uniform resource locator) analytical equipment, be used for judging whether described client belongs to the tabulation of URL(uniform resource locator) white list to the URL(uniform resource locator) of the SSL/TLS agreement connection data of described server end transmission, perhaps belong to the URL(uniform resource locator) blacklist list, or unknown URL(uniform resource locator).
8. according to claim 7 communication data is carried out the device of safety inspection and information filtering, it is characterized in that described URL(uniform resource locator) analytical equipment further comprises:
The URL(uniform resource locator) database is used for tabulating with URL(uniform resource locator) blacklist list and URL(uniform resource locator) white list and stores the URL(uniform resource locator) list.
9. according to claim 4,5, the 7 described devices that communication data carried out safety inspection and information filtering, it is characterized in that described SSL/TLS acting server, safety inspection and content filtering device, digital certificate analytical equipment and/or URL(uniform resource locator) analytical equipment are arranged in the described gateway.
10. one kind is carried out the method for safety inspection and information filtering to communication data, it is characterized in that, may further comprise the steps:
Step 1, client end/server end send SSL/TLS agreement enciphered data to the SSL/TLS acting server;
Step 2, described SSL/TLS acting server is clear data and is sent to safety inspection and content filtering device described SSL/TLS agreement enciphered data deciphering;
Step 3, described safety inspection and content filtering device are carried out safety inspection to described clear data, when finding security threat is arranged, the data filter of threat will be arranged, and the clear data after will filtering are sent to described SSL/TLS acting server;
Step 4, the described SSL/TLS acting server clear data after with described processing is encrypted as SSL/TLS agreement enciphered data, is sent to described server end/client.
11. according to claim 10 communication data is carried out the method for safety inspection and information filtering, it is characterized in that when described client and server end carries out data when connecting by gateway, described step 1 further comprises:
Step 111, described client end/server end send and connect data to gateway;
Step 112, described gateway judge whether described data meet access strategy, if meet, then enter step 113, if do not meet, then refusal connects;
Step 113, described gateway judges whether described data are SSL/TLS agreement enciphered data, if then described SSL/TLS agreement enciphered data is sent to described SSL/TLS acting server, if not, then described data directly are sent to described server end/client.
12. according to claim 10 communication data is carried out the method for safety inspection and information filtering, it is characterized in that, when described client and server end carries out data when connecting by gateway, further comprise after the described step 1:
Step 121, described SSL/TLS acting server sends the digital certificate analytical equipment with the digital certificate that described SSL/TLS agreement connects in the data, and described digital certificate analytical equipment judges whether described digital certificate belongs to the digital certificate white list tabulation or belong to digital certificate blacklist list or unknown digital certificate;
Step 122, if belong to the digital certificate white list tabulation, then described SSl/TLS acting server directly is connected described client with described server end, if belong to the digital certificate blacklist list, then described SSL/TLS acting server stops being connected of described client and described server end, if unknown digital certificate then enters described step 2.
13. according to claim 10 communication data is carried out the method for safety inspection and information filtering, it is characterized in that, further comprise after the described step 1:
Step 131, described SSL/TLS acting server sends the URL(uniform resource locator) analytical equipment with the URL(uniform resource locator) that described SSL/TLS agreement connects in the data, and described URL(uniform resource locator) analytical equipment judges whether described URL(uniform resource locator) belongs to the tabulation of URL(uniform resource locator) white list or belong to the URL(uniform resource locator) blacklist list or unknown URL(uniform resource locator);
Step 132, if belong to the tabulation of URL(uniform resource locator) white list, then described SSl/TLS acting server directly is connected described client with described server end, if belong to the URL(uniform resource locator) blacklist list, then described SSL/TLS acting server stops being connected of described client and described server end, if unknown URL(uniform resource locator) then enters described step 2.
14. according to claim 10 communication data is carried out the method for safety inspection and information filtering, it is characterized in that described SSL/TLS agreement enciphered data comprises: HTTPS data, IMAPS data, SMTPS data and/or POP3S data.
15. method of communication data being carried out safety inspection and information filtering according to claim 14, it is characterized in that, when described SSL/TLS agreement enciphered data was the HTTPS data, described step 3 further comprised: the step of the data after the described deciphering being carried out the processing of home page filter, anti-virus, intrusion detection, anti-phishing and/or access strategy inspection;
When described SSL/TLS agreement enciphered data was IMAPS, SMTPS or POP3S data, described step 3 further comprised: the step of the data after the described deciphering being carried out the processing of anti-rubbish mail, anti-virus and/or access strategy inspection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200610138738XA CN101141243A (en) | 2006-09-08 | 2006-11-13 | Device and method for carrying out security check and content filtering on communication data |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610113076 | 2006-09-08 | ||
| CN200610113076.0 | 2006-09-08 | ||
| CNA200610138738XA CN101141243A (en) | 2006-09-08 | 2006-11-13 | Device and method for carrying out security check and content filtering on communication data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101141243A true CN101141243A (en) | 2008-03-12 |
Family
ID=39193013
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200610138738XA Pending CN101141243A (en) | 2006-09-08 | 2006-11-13 | Device and method for carrying out security check and content filtering on communication data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101141243A (en) |
Cited By (48)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820414A (en) * | 2010-01-29 | 2010-09-01 | 蓝盾信息安全技术股份有限公司 | Host access control system and method |
| CN101282250B (en) * | 2008-05-12 | 2011-02-09 | 华为终端有限公司 | Method, system and network equipment for snooping safety conversation |
| CN102098285A (en) * | 2010-12-14 | 2011-06-15 | 成都市华为赛门铁克科技有限公司 | Method and device for preventing phishing attacks |
| CN102202037A (en) * | 2010-03-24 | 2011-09-28 | 北京创世网赢高科技有限公司 | Information publishing system |
| CN102202036A (en) * | 2010-03-24 | 2011-09-28 | 北京创世网赢高科技有限公司 | Method for issuing information |
| CN101656736B (en) * | 2009-08-28 | 2012-01-25 | 深圳市茁壮网络股份有限公司 | Device and method for processing service data, and service processing system |
| CN102480437A (en) * | 2010-11-23 | 2012-05-30 | 中兴通讯股份有限公司 | Method and device for controlling internet surfing data of home gateway |
| CN102685165A (en) * | 2011-03-16 | 2012-09-19 | 中兴通讯股份有限公司 | Method and device for controlling access request on basis of proxy gateway |
| CN102868694A (en) * | 2012-09-17 | 2013-01-09 | 北京奇虎科技有限公司 | Method, device and system for detecting whether to control client to visit network |
| CN103036883A (en) * | 2012-12-14 | 2013-04-10 | 公安部第一研究所 | Secure communication method and system of secure server |
| CN103188255A (en) * | 2011-12-31 | 2013-07-03 | 北京市国路安信息技术有限公司 | Application proxy and security module separated network security protection method |
| CN103428196A (en) * | 2012-12-27 | 2013-12-04 | 北京安天电子设备有限公司 | URL white list-based WEB application intrusion detecting method and apparatus |
| CN103607392A (en) * | 2010-12-14 | 2014-02-26 | 华为数字技术(成都)有限公司 | Method and device used for preventing fishing attack |
| CN103701819A (en) * | 2013-12-30 | 2014-04-02 | 北京网康科技有限公司 | Hypertext transfer protocol decoding processing method and device |
| CN103905425A (en) * | 2013-12-27 | 2014-07-02 | 哈尔滨安天科技股份有限公司 | Method and system for capturing malicious code network behavior enciphered data |
| CN105429934A (en) * | 2014-09-19 | 2016-03-23 | 腾讯科技(深圳)有限公司 | HTTPS connection verification method and device |
| CN105490998A (en) * | 2014-12-12 | 2016-04-13 | 哈尔滨安天科技股份有限公司 | Security credit assessment method and system based on digital certificate authentication |
| CN105516169A (en) * | 2015-12-23 | 2016-04-20 | 北京奇虎科技有限公司 | Method and device for detecting website security |
| CN105577738A (en) * | 2014-11-10 | 2016-05-11 | 中国移动通信集团公司 | Method, device and system for processing terminal information |
| CN105592051A (en) * | 2015-09-08 | 2016-05-18 | 杭州华三通信技术有限公司 | Secure socket layer SSL session establishment method and device |
| CN105743868A (en) * | 2014-12-11 | 2016-07-06 | 中国科学院声学研究所 | Data acquisition system supporting encrypted and non-encrypted protocols and method |
| CN106302391A (en) * | 2016-07-27 | 2017-01-04 | 上海华为技术有限公司 | A kind of enciphered data transmission method and proxy server |
| CN106355101A (en) * | 2015-07-15 | 2017-01-25 | 中国科学院声学研究所 | Transparent file encryption and decryption system and method for simple storage services |
| CN106411899A (en) * | 2016-09-30 | 2017-02-15 | 北京奇虎科技有限公司 | Security detection method and device for data files |
| CN106470191A (en) * | 2015-08-19 | 2017-03-01 | 国基电子(上海)有限公司 | Filter system, the method and device of HTTPS transferring content |
| WO2017031691A1 (en) * | 2015-08-25 | 2017-03-02 | 华为技术有限公司 | Service processing method and apparatus |
| CN107079048A (en) * | 2015-03-10 | 2017-08-18 | 华为技术有限公司 | Data transmission method and equipment |
| CN107104929A (en) * | 2016-02-23 | 2017-08-29 | 阿里巴巴集团控股有限公司 | The methods, devices and systems of defending against network attacks |
| CN107135233A (en) * | 2017-06-28 | 2017-09-05 | 百度在线网络技术(北京)有限公司 | Safe transmission method and device, the server and storage medium of information |
| US9892931B2 (en) | 2013-10-14 | 2018-02-13 | Taiwan Semiconductor Manufacturing Company Ltd. | Semiconductor manufacturing apparatus and method thereof |
| CN107733841A (en) * | 2016-08-12 | 2018-02-23 | 阿里巴巴集团控股有限公司 | Method for message transmission and device based on multi-enciphering |
| CN108259406A (en) * | 2016-12-28 | 2018-07-06 | 中国电信股份有限公司 | Examine the method and system of SSL certificate |
| CN108848078A (en) * | 2018-06-01 | 2018-11-20 | 北京中海闻达信息技术有限公司 | A kind of online data monitoring method and device |
| CN108898020A (en) * | 2018-05-31 | 2018-11-27 | 深圳壹账通智能科技有限公司 | Leak detection method, device, mobile terminal and storage medium based on agent side |
| CN109088889A (en) * | 2018-10-16 | 2018-12-25 | 深信服科技股份有限公司 | A kind of SSL encipher-decipher method, system and computer readable storage medium |
| CN109413060A (en) * | 2018-10-19 | 2019-03-01 | 深信服科技股份有限公司 | Message processing method, device, equipment and storage medium |
| CN109413201A (en) * | 2018-11-27 | 2019-03-01 | 东软集团股份有限公司 | SSL traffic method, apparatus and storage medium |
| CN109818939A (en) * | 2018-12-29 | 2019-05-28 | 深圳市创梦天地科技有限公司 | A kind of data processing method and equipment |
| CN110324282A (en) * | 2018-03-29 | 2019-10-11 | 华耀(中国)科技有限公司 | The load-balancing method and its system of SSL/TLS visualization flow |
| CN110445802A (en) * | 2019-08-16 | 2019-11-12 | 国家计算机网络与信息安全管理中心 | Threat based on digital certificate finds model construction techniques |
| WO2020024377A1 (en) * | 2018-08-02 | 2020-02-06 | 密信技术(深圳)有限公司 | Email encryption method and apparatus, and computer-readable storage medium |
| CN110826065A (en) * | 2019-10-30 | 2020-02-21 | 亚信科技(成都)有限公司 | Scanning method, device and system |
| CN111147465A (en) * | 2019-12-18 | 2020-05-12 | 深圳市任子行科技开发有限公司 | Method for auditing HTTPS (hypertext transfer protocol secure) content and proxy server |
| WO2020117676A1 (en) * | 2018-12-04 | 2020-06-11 | Citrix Systems, Inc. | System and apparatus for enhanced qos, steering and policy enforcement for https traffic via intelligent inline path discovery of tls terminating node |
| CN111711598A (en) * | 2020-04-23 | 2020-09-25 | 中国电子科技网络信息安全有限公司 | Sensitive data detection system for large-scale SSL/TLS encrypted session stream |
| US10944769B2 (en) | 2018-09-25 | 2021-03-09 | Oracle International Corporation | Intrusion detection on load balanced network traffic |
| CN113507438A (en) * | 2021-06-04 | 2021-10-15 | 茂名市群英网络有限公司 | Multistage defense system for ensuring use safety of network user |
| CN114389809A (en) * | 2022-02-18 | 2022-04-22 | 山西清网信息技术有限公司 | Information network security protection method for encrypted https protocol |
-
2006
- 2006-11-13 CN CNA200610138738XA patent/CN101141243A/en active Pending
Cited By (68)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282250B (en) * | 2008-05-12 | 2011-02-09 | 华为终端有限公司 | Method, system and network equipment for snooping safety conversation |
| CN101656736B (en) * | 2009-08-28 | 2012-01-25 | 深圳市茁壮网络股份有限公司 | Device and method for processing service data, and service processing system |
| CN101820414A (en) * | 2010-01-29 | 2010-09-01 | 蓝盾信息安全技术股份有限公司 | Host access control system and method |
| CN102202037A (en) * | 2010-03-24 | 2011-09-28 | 北京创世网赢高科技有限公司 | Information publishing system |
| CN102202036A (en) * | 2010-03-24 | 2011-09-28 | 北京创世网赢高科技有限公司 | Method for issuing information |
| CN102480437A (en) * | 2010-11-23 | 2012-05-30 | 中兴通讯股份有限公司 | Method and device for controlling internet surfing data of home gateway |
| CN102098285B (en) * | 2010-12-14 | 2013-12-04 | 华为数字技术(成都)有限公司 | Method and device for preventing phishing attacks |
| CN102098285A (en) * | 2010-12-14 | 2011-06-15 | 成都市华为赛门铁克科技有限公司 | Method and device for preventing phishing attacks |
| CN103607392A (en) * | 2010-12-14 | 2014-02-26 | 华为数字技术(成都)有限公司 | Method and device used for preventing fishing attack |
| CN102685165A (en) * | 2011-03-16 | 2012-09-19 | 中兴通讯股份有限公司 | Method and device for controlling access request on basis of proxy gateway |
| CN102685165B (en) * | 2011-03-16 | 2015-01-28 | 中兴通讯股份有限公司 | Method and device for controlling access request on basis of proxy gateway |
| CN103188255A (en) * | 2011-12-31 | 2013-07-03 | 北京市国路安信息技术有限公司 | Application proxy and security module separated network security protection method |
| WO2014040571A1 (en) * | 2012-09-17 | 2014-03-20 | 北京奇虎科技有限公司 | Inspection method, device, and system for controlling network access of client |
| CN102868694B (en) * | 2012-09-17 | 2015-08-19 | 北京奇虎科技有限公司 | Control the detection method of client-access network, device and system |
| CN102868694A (en) * | 2012-09-17 | 2013-01-09 | 北京奇虎科技有限公司 | Method, device and system for detecting whether to control client to visit network |
| CN103036883A (en) * | 2012-12-14 | 2013-04-10 | 公安部第一研究所 | Secure communication method and system of secure server |
| CN103036883B (en) * | 2012-12-14 | 2015-11-04 | 公安部第一研究所 | A kind of safe communication method of security server and system |
| CN103428196A (en) * | 2012-12-27 | 2013-12-04 | 北京安天电子设备有限公司 | URL white list-based WEB application intrusion detecting method and apparatus |
| CN103428196B (en) * | 2012-12-27 | 2016-08-03 | 北京安天电子设备有限公司 | A kind of WEB application intrusion detection method based on URL white list |
| US9892931B2 (en) | 2013-10-14 | 2018-02-13 | Taiwan Semiconductor Manufacturing Company Ltd. | Semiconductor manufacturing apparatus and method thereof |
| CN103905425A (en) * | 2013-12-27 | 2014-07-02 | 哈尔滨安天科技股份有限公司 | Method and system for capturing malicious code network behavior enciphered data |
| CN103701819A (en) * | 2013-12-30 | 2014-04-02 | 北京网康科技有限公司 | Hypertext transfer protocol decoding processing method and device |
| CN105429934A (en) * | 2014-09-19 | 2016-03-23 | 腾讯科技(深圳)有限公司 | HTTPS connection verification method and device |
| CN105429934B (en) * | 2014-09-19 | 2019-07-19 | 腾讯科技(深圳)有限公司 | Method and apparatus, readable storage medium storing program for executing, the terminal of HTTPS connectivity verification |
| CN105577738A (en) * | 2014-11-10 | 2016-05-11 | 中国移动通信集团公司 | Method, device and system for processing terminal information |
| CN105577738B (en) * | 2014-11-10 | 2019-08-02 | 中国移动通信集团公司 | A kind of method, apparatus and system of processing terminal information |
| CN105743868B (en) * | 2014-12-11 | 2019-01-25 | 中国科学院声学研究所 | A kind of data collection system and method for supporting encryption and non-encrypted agreement |
| CN105743868A (en) * | 2014-12-11 | 2016-07-06 | 中国科学院声学研究所 | Data acquisition system supporting encrypted and non-encrypted protocols and method |
| CN105490998B (en) * | 2014-12-12 | 2019-05-07 | 哈尔滨安天科技股份有限公司 | A kind of safety credit appraisal procedure and system based on digital certificate authentication |
| CN105490998A (en) * | 2014-12-12 | 2016-04-13 | 哈尔滨安天科技股份有限公司 | Security credit assessment method and system based on digital certificate authentication |
| CN107079048A (en) * | 2015-03-10 | 2017-08-18 | 华为技术有限公司 | Data transmission method and equipment |
| CN106355101B (en) * | 2015-07-15 | 2019-04-26 | 中国科学院声学研究所 | A kind of transparent file encrypting and deciphering system and its method towards simple storage service |
| CN106355101A (en) * | 2015-07-15 | 2017-01-25 | 中国科学院声学研究所 | Transparent file encryption and decryption system and method for simple storage services |
| CN106470191B (en) * | 2015-08-19 | 2019-12-10 | 国基电子(上海)有限公司 | system, method and device for filtering HTTPS transmission content |
| CN106470191A (en) * | 2015-08-19 | 2017-03-01 | 国基电子(上海)有限公司 | Filter system, the method and device of HTTPS transferring content |
| KR102095893B1 (en) * | 2015-08-25 | 2020-04-01 | 후아웨이 테크놀러지 컴퍼니 리미티드 | Service processing method and device |
| WO2017031691A1 (en) * | 2015-08-25 | 2017-03-02 | 华为技术有限公司 | Service processing method and apparatus |
| KR20180038496A (en) * | 2015-08-25 | 2018-04-16 | 후아웨이 테크놀러지 컴퍼니 리미티드 | Service processing method and apparatus |
| CN105592051A (en) * | 2015-09-08 | 2016-05-18 | 杭州华三通信技术有限公司 | Secure socket layer SSL session establishment method and device |
| CN105516169A (en) * | 2015-12-23 | 2016-04-20 | 北京奇虎科技有限公司 | Method and device for detecting website security |
| CN107104929A (en) * | 2016-02-23 | 2017-08-29 | 阿里巴巴集团控股有限公司 | The methods, devices and systems of defending against network attacks |
| CN106302391A (en) * | 2016-07-27 | 2017-01-04 | 上海华为技术有限公司 | A kind of enciphered data transmission method and proxy server |
| CN106302391B (en) * | 2016-07-27 | 2019-09-13 | 上海华为技术有限公司 | A kind of enciphered data transmission method and proxy server |
| CN107733841A (en) * | 2016-08-12 | 2018-02-23 | 阿里巴巴集团控股有限公司 | Method for message transmission and device based on multi-enciphering |
| CN106411899A (en) * | 2016-09-30 | 2017-02-15 | 北京奇虎科技有限公司 | Security detection method and device for data files |
| CN108259406B (en) * | 2016-12-28 | 2020-12-29 | 中国电信股份有限公司 | Method and system for verifying SSL certificate |
| CN108259406A (en) * | 2016-12-28 | 2018-07-06 | 中国电信股份有限公司 | Examine the method and system of SSL certificate |
| CN107135233A (en) * | 2017-06-28 | 2017-09-05 | 百度在线网络技术(北京)有限公司 | Safe transmission method and device, the server and storage medium of information |
| CN110324282A (en) * | 2018-03-29 | 2019-10-11 | 华耀(中国)科技有限公司 | The load-balancing method and its system of SSL/TLS visualization flow |
| CN108898020A (en) * | 2018-05-31 | 2018-11-27 | 深圳壹账通智能科技有限公司 | Leak detection method, device, mobile terminal and storage medium based on agent side |
| CN108848078A (en) * | 2018-06-01 | 2018-11-20 | 北京中海闻达信息技术有限公司 | A kind of online data monitoring method and device |
| WO2020024377A1 (en) * | 2018-08-02 | 2020-02-06 | 密信技术(深圳)有限公司 | Email encryption method and apparatus, and computer-readable storage medium |
| US10944769B2 (en) | 2018-09-25 | 2021-03-09 | Oracle International Corporation | Intrusion detection on load balanced network traffic |
| CN109088889A (en) * | 2018-10-16 | 2018-12-25 | 深信服科技股份有限公司 | A kind of SSL encipher-decipher method, system and computer readable storage medium |
| CN109413060A (en) * | 2018-10-19 | 2019-03-01 | 深信服科技股份有限公司 | Message processing method, device, equipment and storage medium |
| CN109413201A (en) * | 2018-11-27 | 2019-03-01 | 东软集团股份有限公司 | SSL traffic method, apparatus and storage medium |
| CN109413201B (en) * | 2018-11-27 | 2021-06-29 | 东软集团股份有限公司 | SSL communication method, device and storage medium |
| US11716314B2 (en) | 2018-12-04 | 2023-08-01 | Citrix Systems, Inc. | System and apparatus for enhanced QOS, steering and policy enforcement for HTTPS traffic via intelligent inline path discovery of TLS terminating node |
| US11025601B2 (en) | 2018-12-04 | 2021-06-01 | Citrix Systems, Inc. | System and apparatus for enhanced QOS, steering and policy enforcement for HTTPS traffic via intelligent inline path discovery of TLS terminating node |
| WO2020117676A1 (en) * | 2018-12-04 | 2020-06-11 | Citrix Systems, Inc. | System and apparatus for enhanced qos, steering and policy enforcement for https traffic via intelligent inline path discovery of tls terminating node |
| CN109818939A (en) * | 2018-12-29 | 2019-05-28 | 深圳市创梦天地科技有限公司 | A kind of data processing method and equipment |
| CN110445802A (en) * | 2019-08-16 | 2019-11-12 | 国家计算机网络与信息安全管理中心 | Threat based on digital certificate finds model construction techniques |
| CN110826065A (en) * | 2019-10-30 | 2020-02-21 | 亚信科技(成都)有限公司 | Scanning method, device and system |
| CN111147465A (en) * | 2019-12-18 | 2020-05-12 | 深圳市任子行科技开发有限公司 | Method for auditing HTTPS (hypertext transfer protocol secure) content and proxy server |
| CN111711598A (en) * | 2020-04-23 | 2020-09-25 | 中国电子科技网络信息安全有限公司 | Sensitive data detection system for large-scale SSL/TLS encrypted session stream |
| CN113507438A (en) * | 2021-06-04 | 2021-10-15 | 茂名市群英网络有限公司 | Multistage defense system for ensuring use safety of network user |
| CN114389809A (en) * | 2022-02-18 | 2022-04-22 | 山西清网信息技术有限公司 | Information network security protection method for encrypted https protocol |
| CN114389809B (en) * | 2022-02-18 | 2024-05-03 | 山西清网信息技术有限公司 | Information network security protection method for encrypting https protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101141243A (en) | Device and method for carrying out security check and content filtering on communication data | |
| US10505900B2 (en) | Data leak protection in upper layer protocols | |
| CN101141447B (en) | HTTPS communication tunnel safety examination and content filtering system and method | |
| EP2147390B1 (en) | Detection of adversaries through collection and correlation of assessments | |
| US20180332079A1 (en) | Efficient and secure user credential store for credentials enforcement using a firewall | |
| US7953969B2 (en) | Reduction of false positive reputations through collection of overrides from customer deployments | |
| US9407650B2 (en) | Unauthorised/malicious redirection | |
| CN101141244A (en) | Network encrypted data virus detection and elimination system, proxy server and method | |
| US20160127316A1 (en) | Highly secure firewall system | |
| Mani et al. | An extensive evaluation of the internet's open proxies | |
| KR101443472B1 (en) | Method for detecting the hijacking of computer resources | |
| CN110581836B (en) | Data processing method, device and equipment | |
| Naeem et al. | A survey on registration hijacking attack consequences and protection for Session Initiation Protocol (SIP) | |
| CA2793422C (en) | Hypertext link verification in encrypted e-mail for mobile devices | |
| Shah et al. | TCP/IP network protocols—Security threats, flaws and defense methods | |
| Narula et al. | Novel Defending and Prevention Technique for Man‐in‐the‐Middle Attacks in Cyber‐Physical Networks | |
| Bux et al. | Detection of malicious servers for preventing client-side attacks | |
| Bortolameotti | C&C botnet detection over SSL | |
| Liubinskii | The Great Firewall’s active probing circumvention technique with port knocking and SDN | |
| Ganapathy | Virtual Dispersive Network in the Prevention of Third Party Interception: A Way of Dealing with Cyber Threat | |
| Blancaflor et al. | Security Assessment and Proposed Controls in a Philippines' Shopping Mall: A Case Study | |
| Qureshi | Analysis of Network Security Through VAPT and Network Monitoring | |
| Al Dhanhani | Detecting Cyber Malicious Activity Via Analyzing SSL Certificates | |
| Chandrika et al. | Exploring IoT Frameworks: An In-Depth Analysis and Survey of Security Protocols | |
| Selvaraj et al. | Security Vulnerabilities, Threats, and Attacks in IoT and Big Data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: FORTINET INC. Free format text: FORMER OWNER: FORTINET INFORMATION TECHNOLOGY (BEIJING) CO., LTD. Effective date: 20090925 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20090925 Address after: California, USA Applicant after: Fortinet, Inc. Address before: Room 7, digital media building, No. 507 information road, Beijing, Haidian District, China: 100085 Applicant before: Fortinet,Inc. |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080312 |