CN116405536A - Data processing method and device - Google Patents

Data processing method and device Download PDF

Info

Publication number
CN116405536A
CN116405536A CN202310280737.2A CN202310280737A CN116405536A CN 116405536 A CN116405536 A CN 116405536A CN 202310280737 A CN202310280737 A CN 202310280737A CN 116405536 A CN116405536 A CN 116405536A
Authority
CN
China
Prior art keywords
message
session
transmission
encrypted
decrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310280737.2A
Other languages
Chinese (zh)
Inventor
樊俊诚
吴亚东
王阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Original Assignee
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Technology Group Co Ltd, Secworld Information Technology Beijing Co Ltd filed Critical Qianxin Technology Group Co Ltd
Priority to CN202310280737.2A priority Critical patent/CN116405536A/en
Publication of CN116405536A publication Critical patent/CN116405536A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The data processing method and the data processing device can be applied to the intermediate proxy equipment, and the session to be decrypted is determined in the session established by the intermediate proxy equipment for the client and the server; detecting a session to be decrypted including an encrypted connection request session and serving as a target session; the method comprises the steps of obtaining message key information of a target session, wherein the message key information is obtained by intermediate proxy equipment in the process of encrypting and connecting proxy with a client and a server; and decrypting the transmission message of the target session based on the message key information. The invention can realize the detection of the target session through the data detection, thereby effectively detecting and decrypting the transmission message between the client and the server which need to be decrypted, avoiding decrypting the transmission message between the client and the server which do not need to be decrypted while effectively realizing the message decryption, effectively avoiding the unnecessary consumption of decryption resources and ensuring the utilization rate of the decryption resources.

Description

Data processing method and device
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data processing method and apparatus.
Background
With the development of scientific technology, data processing technology is continuously improved.
Currently, data interactions between certain clients and servers need to be proxied by an intermediary proxy device. Specifically, when the intermediate proxy device performs data interaction between a certain client and a certain server, a corresponding session can be established between the client and the server in advance, and then the data interaction between the client and the server can be performed by performing a transmission proxy on a transmission message in the session.
In the clients and the servers, transmission messages of part of the clients and the servers need to be decrypted by the intermediate proxy equipment, and transmission messages of part of the clients and the servers do not need to be decrypted by the intermediate proxy equipment.
However, the intermediate proxy device cannot determine which clients and servers to decrypt the transmission messages, which may result in unnecessary consumption of decryption resources, and the utilization rate of the decryption resources is low.
Disclosure of Invention
The invention provides a data processing method and a data processing device, which are used for solving the defects that in the prior art, an intermediate proxy device cannot determine which clients and servers transmit messages to decrypt, which may cause unnecessary consumption of decryption resources, and the utilization rate of the decryption resources is low, and can effectively detect and decrypt the transmission messages between the clients and the servers which need to be decrypted, avoid decrypting the transmission messages between the clients and the servers which need to be decrypted, effectively avoid the unnecessary consumption of the decryption resources, and ensure the utilization rate of the decryption resources.
The invention provides a data processing method which is applied to an intermediate proxy device, and comprises the following steps:
determining a session to be decrypted in a session established by the intermediate proxy equipment for the client and the server;
detecting whether the transmission message of the session to be decrypted comprises an encryption connection request message or not;
under the condition that the transmission message of the session to be decrypted comprises an encryption connection request message, the corresponding session to be decrypted is taken as a target session;
the message key information of the target session is obtained in the process that the intermediate proxy equipment, the client and the server are connected in an encryption mode;
and decrypting the transmission message of the target session based on the message key information.
Optionally, the detecting whether the transmission message of the session to be decrypted includes an encrypted connection request message includes:
detecting whether the first transmission message of the session to be decrypted is the encryption connection request message or not;
and under the condition that the first transmission message is detected to be not the encrypted connection request message, continuously detecting whether the transmission message after the first transmission message comprises the encrypted connection request message.
Optionally, if the first transmission message is detected not to be the encrypted connection request message, continuing to detect whether the transmission message after the first transmission message includes the encrypted connection request message, including:
detecting whether a transmission message after the first transmission message comprises an encryption negotiation message or not under the condition that the first transmission message is not the encryption connection request message;
and detecting whether the transmission message after the encryption negotiation message comprises the encryption connection request message or not under the condition that the transmission message after the first transmission message comprises the encryption negotiation message.
Optionally, the encryption negotiation message includes an encryption negotiation identifier; and under the condition that the first transmission message is detected to be not the encrypted connection request message, detecting whether the transmission message after the first transmission message comprises an encrypted negotiation message or not, wherein the method comprises the following steps:
initializing an encryption negotiation identification detector under the condition that the first transmission message is detected to be not the encryption connection request message;
and detecting whether the transmission message after the first transmission message comprises the encryption negotiation identification or not by the encryption negotiation identification detector so as to detect whether the transmission message after the first transmission message comprises the encryption negotiation message or not.
Optionally, in the case that the transmission packet after the first transmission packet includes the encrypted negotiation packet, detecting whether the transmission packet after the encrypted negotiation packet includes the encrypted connection request packet includes:
generating an encryption connection detection identifier and identifying the session to be decrypted comprising the encryption negotiation message under the condition that the transmission message after the first transmission message comprises the encryption negotiation message;
and in the session to be decrypted comprising the encrypted connection detection identifier, detecting whether a transmission message after the encrypted negotiation message comprises the encrypted connection request message.
Optionally, the encrypted connection request message includes a handshake packet for requesting establishment of an encrypted connection;
detecting whether the transmission message of the session to be decrypted includes the encrypted connection request message, including:
under the condition that the transmission message of the session to be decrypted comprises the handshake data packet, determining that the transmission message of the session to be decrypted is the encryption connection request message;
and under the condition that the transmission message of the session to be decrypted does not comprise the handshake data packet, determining that the transmission message of the session to be decrypted is not the encryption connection request message.
Optionally, the determining the session to be decrypted in the session established by the intermediate proxy device for the client and the server includes:
and in the session established by the intermediate proxy equipment for the client and the server, if the session of which the connection information is matched with the pre-configured decryption connection information is detected, determining the corresponding session as the session to be decrypted.
Optionally, the obtaining the message key information of the target session includes:
based on the encryption connection request message in the target session, carrying out encryption connection proxy with a target client and a target server to obtain a first symmetric key negotiated with the target client and a second symmetric key negotiated with the target server; the target client is the client corresponding to the target session, and the target server is the server corresponding to the target session;
and determining the first symmetric key and the second symmetric key as the message key information.
Optionally, the target client stores the first symmetric key; the decrypting the transmission message of the target session based on the message key information includes:
Acquiring a first encrypted transmission message sent by the target client in the target session; the first encrypted transmission message is a message generated by the target client based on the first symmetric key after the encryption connection agent is completed;
and decrypting the first encrypted transmission message based on the first symmetric key.
Optionally, the target server stores the second symmetric key; the decrypting the transmission message of the target session based on the message key information includes:
acquiring a second encrypted transmission message sent by the target server in the target session; the second encrypted transmission message is a message generated by the target server based on the second symmetric key after the encryption connection agent is completed;
and decrypting the second encrypted transmission message based on the second symmetric key.
Optionally, after decrypting the first encrypted transmission packet based on the first symmetric key, the data processing method further includes:
obtaining a first decryption message; the first decryption message is a message obtained by decrypting the first encrypted transmission message based on the first symmetric key;
Detecting whether the first decryption message is a network attack message or not;
and under the condition that the first decryption message is detected to be a non-network attack message, encrypting the first decryption message based on the second symmetric key to obtain a corresponding first encryption message and sending the corresponding first encryption message to the target server.
Optionally, after decrypting the second encrypted transmission packet based on the second symmetric key, the data processing method further includes:
obtaining a second Jie Mibao text; the second Jie Mibao message is a message obtained by decrypting the second encrypted transmission message based on the second symmetric key;
detecting whether the second Jie Mibao message is a network attack message;
and under the condition that the second decrypted message is detected to be a non-network attack message, encrypting the second decrypted message based on the first symmetric key, obtaining a corresponding second encrypted message and sending the second encrypted message to the target client.
The invention also provides a data processing device which is applied to the intermediate proxy equipment, and the data processing method comprises the following steps: a first determination unit, a first detection unit, a first serving unit, a first acquisition unit, and a first decryption unit; wherein:
The first determining unit is configured to determine a session to be decrypted in a session established by the intermediate proxy device for the client and the server;
the first detecting unit is configured to detect whether the transmission packet of the session to be decrypted includes an encrypted connection request packet;
the first serving unit is configured to, when detecting that the transmission packet of the session to be decrypted includes an encrypted connection request packet, use the corresponding session to be decrypted as a target session;
the first obtaining unit is configured to obtain message key information of the target session, where the message key information is obtained in a process that the intermediate proxy device performs encryption connection with the client and the server;
the first decryption unit is configured to decrypt a transmission message of the target session based on the message key information.
The data processing method and the data processing device provided by the invention can determine at least one session to be decrypted from the session established for the client and the server by the intermediate proxy equipment, then detect the session to be decrypted comprising the encrypted connection request message, namely the session to be decrypted which has initiated the encrypted connection by detecting whether the session to be decrypted comprises the encrypted connection request message, take the session to be decrypted which has initiated the encrypted connection as a target session, acquire the message key information of the target session through the encrypted connection proxy, and decrypt the transmission message of the target session based on the message key information. The invention can realize the detection of the target session through the data detection, thereby effectively detecting and decrypting the transmission message between the client and the server which need to be decrypted, avoiding decrypting the transmission message between the client and the server which do not need to be decrypted while effectively realizing the message decryption, effectively avoiding the unnecessary consumption of decryption resources and ensuring the utilization rate of the decryption resources.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data processing method according to an embodiment of the present invention;
FIG. 2 is a second flow chart of a data processing method according to the embodiment of the invention;
FIG. 3 is a schematic flow chart of an encryption connection agent according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a data processing apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The data processing method of the present invention is described below with reference to fig. 1 to 3.
As shown in fig. 1, the present invention proposes a first data processing method, which may be applied to an intermediate proxy device, and which may include the steps of:
s101, determining a session to be decrypted in a session established by the intermediate proxy equipment for the client and the server;
it should be noted that, the intermediate proxy device may establish sessions for a plurality of clients and a plurality of servers, and perform message transmission for the clients and the servers in the corresponding sessions. For example, the intermediary proxy device may establish a first session with the first server for the first client, establish a second session with the second server for the second client, and perform messaging between the first client and the first server in the first session, and perform messaging between the second client and the second server in the second session.
Specifically, the session established by the intermediate proxy device for a certain client and a certain server may include two sub-sessions, where the two sub-sessions are respectively a sub-session established by the intermediate proxy device with the client and a sub-session established by the intermediate proxy device with the server. When receiving a connection request message sent by the client and used for requesting connection with the server, the intermediate proxy device can obtain quintuple information of the connection request message, determine an IP address of the client and an IP address of the server according to the quintuple information, then, the intermediate proxy device can respectively establish connection with the client and the server, establish a sub-session with the client, establish the sub-session with the server, and associate the quintuple information of the two sub-sessions, thereby realizing association of the two sub-sessions (one quintuple information can uniquely identify one sub-session). At this time, when the intermediate proxy device receives the message in a certain sub-session, it can determine another corresponding sub-session according to the sub-session, and transmit the received message in the other sub-session, thereby implementing message transmission between the client and the server.
The session to be decrypted is a session to be decrypted.
Optionally, the present invention may determine any session that has been established as a session to be decrypted;
alternatively, the present invention may also detect one or more sessions to be decrypted that satisfy a determination condition from all established sessions according to a determination condition of the session to be decrypted.
S102, detecting whether a transmission message of a session to be decrypted comprises an encryption connection request message or not;
the encrypted connection request message may be a message sent by a certain client and used for requesting to perform encrypted connection with a certain server.
Specifically, the invention can respectively detect whether the transmission message of each session to be decrypted comprises an encryption connection request message.
It will be appreciated that the encrypted connection request message may be a message having a particular message format and message content. The invention can detect whether a certain transmission message of the session to be decrypted is the encryption connection request message according to the specific message format and message content of the encryption connection request message, thereby realizing the detection of whether the transmission message of the session to be decrypted comprises the encryption connection request message.
S103, under the condition that the transmission message of the session to be decrypted comprises an encryption connection request message, the corresponding session to be decrypted is taken as a target session;
The target session is the session to be decrypted including the encrypted connection request message.
Specifically, the invention can take a session to be decrypted as a target session under the condition that a transmission message of a session to be decrypted is detected to comprise an encrypted connection request message.
It will be appreciated that the present invention may detect one target session, or may detect multiple target sessions.
Optionally, in the case that it is not detected that the transmission message of a session to be decrypted includes an encrypted connection request message, the present invention may prohibit the session to be decrypted from being used as the target session.
S104, obtaining message key information of a target session, wherein the message key information is obtained in the process that the intermediate proxy equipment is connected with the client and the server in an encryption manner;
specifically, the message key information of the target session may include two sub-key information. The two sub-key information are key information of transmission messages of two sub-sessions of the target session respectively.
Specifically, the invention can carry out encryption connection proxy on the client and the server corresponding to the target session, namely respectively carry out encryption connection with the corresponding client and server, and can acquire the key information of the corresponding two sub-sessions in the encryption connection proxy process, thereby realizing the acquisition of the message key information of the target session.
S105, decrypting the transmission message of the target session based on the message key information.
Specifically, the invention can decrypt the transmission message of the target session based on the message key information after the message key information of the target session is acquired.
After the encryption connection proxy for the target session is completed, the intermediate proxy device and the corresponding client and server can perform encryption transmission.
It can be understood that the transmission message after the completion of the encrypted connection proxy in the target session is the encrypted transmission message. Therefore, the transmission message after the encryption connection in the target session can be determined for the invention, and the transmission message between the client and the server which need to be decrypted can be determined.
It can be understood that the invention can only decrypt the transmission message after the encryption connection agent completes in the target session, thereby effectively avoiding unnecessary consumption of error decryption and decryption resources.
Specifically, the invention can decrypt the transmission message after the encryption connection agent is completed in the target session based on the message key information.
The data processing method provided by the invention can determine at least one session to be decrypted from the session established for the client and the server by the intermediate proxy equipment, then detect the session to be decrypted comprising the encrypted connection request message, namely the session to be decrypted which has initiated the encrypted connection by detecting whether the session to be decrypted comprises the encrypted connection request message, take the session to be decrypted which has initiated the encrypted connection as a target session, acquire the message key information of the target session through the encrypted connection proxy, and decrypt the transmission message of the target session based on the message key information. The invention can realize the detection of the target session through the data detection, thereby effectively detecting and decrypting the transmission message between the client and the server which need to be decrypted, avoiding decrypting the transmission message between the client and the server which do not need to be decrypted while effectively realizing the message decryption, effectively avoiding the unnecessary consumption of decryption resources and ensuring the utilization rate of the decryption resources.
As shown in fig. 2, the present invention proposes a second data processing method. In the data processing method, step S102 may include steps S201 and S202; wherein:
s201, detecting whether a first transmission message of a session to be decrypted is an encryption connection request message;
specifically, when detecting whether the transmission message of the session to be decrypted includes the encrypted connection request message, the invention can detect whether the first transmission message of the session to be decrypted is the encrypted connection request message.
S202, under the condition that the non-encrypted connection request message of the first transmission message is detected, continuously detecting whether the transmission message after the first transmission message comprises the encrypted connection request message or not.
Specifically, under the condition that the first transmission message of the session to be decrypted is detected to be the non-encrypted connection request message, the method and the device can continuously detect whether the transmission message after the first transmission message in the session to be decrypted comprises the encrypted connection request message.
It should be noted that, in the case of detecting the first transmission message of the session to be decrypted and the non-encrypted connection request message, the invention can determine that the first transmission message of the session to be decrypted is a plaintext message, i.e. can determine that the corresponding client and the server are the plaintext transmission performed first through the intermediate proxy device after the session to be decrypted is established.
Under the condition that the first transmission message of the session to be decrypted is detected to be the encryption connection request message, the method and the device can determine that the corresponding client and the server are directly connected in an encryption mode through the intermediate proxy equipment to carry out encryption transmission after the session to be decrypted is established.
Specifically, the invention can be applied to a decryption scene that after the session to be decrypted is established, the corresponding client and the server firstly carry out plaintext transmission and then carry out encrypted transmission through the intermediate proxy equipment, and can also be applied to a decryption scene that after the session to be decrypted is established, the corresponding client and the server directly carry out encrypted connection through the intermediate proxy equipment so as to carry out encrypted transmission.
The data processing method provided by the invention can be suitable for a decryption scene that the client and the server firstly carry out plaintext transmission and then carry out encrypted transmission through the intermediate proxy equipment, and can also be suitable for a decryption scene that the client and the server directly carry out encrypted connection through the intermediate proxy equipment so as to carry out encrypted transmission, thereby realizing the diversification of decryption applicable scenes.
Based on fig. 2, the present invention proposes a third data processing method. In the method, step S202 may include steps S2021 and S2022, wherein:
S2021, under the condition that a non-encrypted connection request message of a first transmission message is detected, detecting whether a transmission message after the first transmission message comprises an encrypted negotiation message or not;
the encryption negotiation message may be a message for requesting encryption negotiation.
In the invention, in the scene that the client and the server firstly carry out plaintext transmission and then carry out encrypted transmission through the intermediate proxy equipment, the message transmission mode of the client and the server can be identified by transmitting the encrypted negotiation message to convert the plaintext transmission into the encrypted transmission.
Specifically, the encrypted negotiation message may be a message having a specific message format and message content. The invention can detect whether the transmission message after the first transmission message of the session to be decrypted comprises the encryption negotiation message according to the specific message format and message content of the encryption negotiation message.
S2022, in the case that the transmission message after the first transmission message is detected to include the encryption negotiation message, detecting whether the transmission message after the encryption negotiation message includes the encryption connection request message.
Specifically, in the case that the encrypted negotiation message is detected in the transmission message after the first transmission message of the session to be decrypted, the invention can determine that the message transmission mode between the intermediate proxy device and the corresponding client and server is converted from plaintext transmission to encrypted transmission. At this time, the invention can confirm that the corresponding client and server are to be connected in an encrypted manner through the intermediate proxy equipment; at this time, the invention can detect whether the corresponding transmission message after the encryption negotiation message of the session to be decrypted includes the encryption connection request message.
It should be noted that, the present invention can detect whether the transmission message of the session to be decrypted includes the encrypted connection request message or not only when the transmission message after the first transmission message of the session to be decrypted includes the encrypted negotiation message, and can effectively reduce the resources required for detecting the encrypted connection request message.
It should be noted that, in the case that the transmission message after the first transmission message of a certain session to be decrypted does not include the encryption co-quotient message, it is unnecessary to detect whether the transmission message of the session to be decrypted includes the encryption connection request message, so that the resource required for detecting the encryption connection request message is further reduced.
Optionally, in another data processing method provided by the present invention, the encryption negotiation message includes an encryption negotiation identifier, and step S2021 may include:
under the condition that a non-encrypted connection request message of a first transmission message is detected, initializing an encrypted negotiation identification detector;
and detecting whether the transmission message after the first transmission message comprises an encryption negotiation identification through an encryption negotiation identification detector so as to detect whether the transmission message after the first transmission message comprises the encryption negotiation message.
Wherein the encryption negotiation identification may be a character string for identifying that encryption negotiation is to be performed.
Specifically, the encryption negotiation message may be a message including an encryption negotiation identifier.
The encryption negotiation identification detector may be a preset executable code, program or module for detecting whether the transmission message includes the encryption negotiation identification.
Specifically, the invention can initialize the encryption negotiation identification detector under the condition that the first transmission message of the session to be decrypted is not the encryption connection request message, and after the initialization, the encryption negotiation identification detector is utilized to detect whether the transmission message comprises the encryption negotiation identification.
Specifically, the invention can correspondingly initialize the encryption negotiation identification detector according to the transmission layer protocol in the quintuple information of the first transmission message, so that the encryption negotiation identification detector can detect the encryption negotiation identification of the corresponding transmission layer protocol, and the encryption negotiation identification detector which has correspondingly initialized is utilized to detect whether the transmission message comprises the encryption negotiation identification.
It should be noted that, the invention can effectively realize the detection of the encrypted negotiation message through the encrypted negotiation identification detector.
Optionally, in other data processing methods proposed in the present invention, step S2022 may include:
under the condition that the transmission message after the first transmission message is detected to comprise the encryption negotiation message, generating an encryption connection detection identifier and identifying a session to be decrypted comprising the encryption negotiation message;
in a session to be decrypted including an encrypted connection detection identifier, detecting whether a transmission message after the encrypted negotiation message includes an encrypted connection request message.
The encrypted connection detection identifier may be used to identify that a certain session to be decrypted needs to be detected by the encrypted connection request message.
Specifically, when the transmission message after detecting the first transmission message of a certain session to be decrypted comprises the encryption co-quotient message, the invention can generate the encryption connection detection identifier and use the encryption connection detection identifier to identify the session to be decrypted.
It can be understood that when the session to be decrypted includes the encrypted connection detection identifier, the present invention detects whether the transmission message includes the encrypted connection request message, so that the resource consumed for detecting the encrypted connection request message can be effectively reduced.
Optionally, for the session to be decrypted which does not include the encrypted connection detection identifier, the method and the device can further reduce the resources required for detecting the encrypted connection request message without detecting whether the transmission message includes the encrypted connection request message.
The data processing method provided by the invention can detect whether the transmission message of the session to be decrypted comprises the encryption connection request message or not under the condition that the transmission message after the first transmission message of the session to be decrypted comprises the encryption negotiation message, and can effectively reduce the resources required for detecting the encryption connection request message.
Based on fig. 1, the present invention proposes a fourth data processing method. In the method, an encrypted connection request message includes a handshake packet for requesting establishment of an encrypted connection; at this time:
detecting whether a transmission message of a session to be decrypted includes an encrypted connection request message, including:
under the condition that the transmission message of the session to be decrypted comprises a handshake data packet, determining that the transmission message of the session to be decrypted is an encryption connection request message;
and under the condition that the transmission message of the session to be decrypted does not comprise the handshake data packet, determining that the transmission message of the session to be decrypted is a non-encryption connection request message.
The handshake packet may be a packet sent by the client for encrypted connection with the server. Alternatively, the handshake packet may be a Client Hello packet.
The encrypted connection request message may be a message including a handshake packet.
Specifically, the invention can detect whether the transmission message of the session to be decrypted comprises the encrypted connection request message by detecting whether each transmission message of the session to be decrypted is the encrypted connection request message.
The invention can detect whether a transmission message of a session to be decrypted is an encrypted connection request message by detecting whether the transmission message comprises a handshake data packet.
Specifically, in the case that a certain transmission message of a session to be decrypted includes a handshake data packet, the transmission message can be determined to be an encrypted connection request message, and at this time, the transmission message of the session to be decrypted can be determined to include the encrypted connection request message;
specifically, the invention can determine that the transmission message does not include the handshake data packet under the condition that the transmission message of the session to be decrypted does not include the handshake data packet, and cannot determine that the transmission message of the session to be decrypted includes the encrypted connection request message at the moment.
It will be appreciated that the specific way of detecting whether the transmission message of the session to be decrypted includes the encrypted connection request message may also be applied to other data processing methods of the present invention, such as the second and third data processing methods described above.
The data processing method provided by the invention can effectively realize the detection of the encrypted connection request message, thereby effectively ensuring the detection of the target session and the detection of the transmission message between the client and the server which need to be decrypted.
Based on fig. 1, the present invention proposes a fifth data processing method. In the method, step S101 may include:
and if the session of which the connection information is matched with the pre-configured decryption connection information is detected in the session established by the intermediate proxy equipment for the client and the server, determining the corresponding session as a session to be decrypted.
The connection information may be information for connecting the client and the server for message transmission.
Optionally, the connection information may be quintuple information that the client communicates with the server;
optionally, the connection information may include identification information of the client, identification information of the server, and a message transmission protocol. The identification information of the client and the identification information of the server may be an IP address of the client and an IP address of the server, respectively.
In practical application, the messages related to the processing process of some services are required to be decrypted, and the messages related to the processing process of some services are not required to be decrypted.
It should be noted that, the client and the server may process the corresponding service through message transmission, and the connection information of the client and the server may be used to identify the service processed by the client and the server. The invention can set the connection information corresponding to the service needing to decrypt the message as the decryption connection information in advance, such as a decryption connection information table shown in table 1.
TABLE 1
Policy name Source IP Source port Destination IP Destination port Protocol(s)
AAA 192.168.0.0/24 any 10.10.0.1 25 SMTP
BBB 192.168.0.0/24 any 10.10.0.1 110 POP3
CCC 192.168.0.0/24 any 10.10.0.1 143 IMAP
The policy name in table 1 is the name of a piece of decryption connection information.
The SMTP is simple mail transfer protocol (Simple Mail Transfer Protocol, SMTP), POP3 is post office protocol Version 3 (Post Office Protocol-Version 3, POP 3), and IMAP is Internet mail access protocol (Internet Mail Access Protocol, IMAP).
In practical application, the invention can decrypt the hypertext transfer protocol security (Hypertext Transfer Protocol Secure, HTTPS) message transmitted by SMTP, POP3 or IMAP between the client and the server.
Specifically, the invention can detect whether the session with the connection information matched with the decryption connection information exists in the session established by the intermediate proxy equipment, and if so, the session with the connection information matched with the decryption connection information can be determined as the session to be decrypted.
The data processing method provided by the invention can determine the session to be decrypted from the session established by the intermediate proxy equipment according to the decrypted connection information, and then only detect whether the transmission message of the session to be decrypted comprises the encrypted connection request message or not without detecting the session which is not the session to be decrypted, thereby effectively reducing the resources required for detecting whether the connection request message is encrypted or not.
Based on fig. 1, the present invention proposes a sixth data processing method. In the method, step S104 may include steps S1041 and S1042, wherein:
s1041, carrying out encryption connection proxy with a target client and a target server based on an encryption connection request message in a target session; the target client is a client corresponding to the target session, and the target server is a server corresponding to the target session;
specifically, the invention can carry out encryption connection proxy with the target client and the target server when the encryption connection request message in the target session is detected, namely, carry out encryption connection with the target client and the target server respectively.
It can be understood that the intermediate proxy device is used as a server to make encrypted connection with the target client and as a client to make encrypted connection with the target server in the process of making encrypted connection with the target client and the target server respectively.
As shown in the flow diagram of the encrypted connection proxy shown in fig. 3, the intermediate proxy device may be used as a Server to perform encrypted connection with the target Client, and the intermediate proxy device may obtain a Client Hello packet sent by the target Client, return the Server Hello packet to the target Client, obtain a key agreement message sent by the target Client and used for performing key agreement, perform key agreement with the target Client, and return a message that the modification of the Client specification is completed to the target Client after the key agreement is completed, where the intermediate proxy device completes encrypted connection with the target Client; in addition, the intermediate proxy device can be used as a Client to be connected with the target Server in an encrypted manner, the intermediate proxy device can send a Client Hello packet to the target Server to obtain a Server Hello packet returned by the target Server, send a key agreement message for carrying out key agreement to the target Server, and obtain a message returned by the target Server after the key agreement is completed that the modification Client specification is completed, and the intermediate proxy device completes the encrypted connection with the target Server.
It should be noted that the above-mentioned encryption connection proxy may be implemented by a secure socket protocol (Secure Sockets Layer, SSL) proxy, or may be implemented by a transport layer security protocol (Transport Layer Security, TLS) proxy. It will be appreciated that the encryption connection broker described above may also be implemented by other encryption connection broker means.
S1042, obtaining a first symmetric key negotiated with a target client;
the first symmetric key is a symmetric key negotiated between the intermediate proxy device and the target client in the encryption connection process.
Specifically, the invention can negotiate the symmetric key in the process of encrypting the intermediate proxy equipment and the target client, and determine the negotiated symmetric key as the first symmetric key.
The invention can directly acquire the symmetric key which is negotiated before the encryption connection and determine the symmetric key as the first symmetric key without carrying out key negotiation in the encryption connection process of the intermediate proxy equipment and the target client.
S1043, obtaining a second symmetric key negotiated with the target server;
the second symmetric key is a symmetric key negotiated between the intermediate proxy device and the target server in the process of encryption connection.
Specifically, the invention can negotiate the symmetric key in the process of encrypting the intermediate proxy equipment and the target server, and determine the negotiated symmetric key as the second symmetric key.
The invention can directly acquire the symmetric key which is negotiated before the encryption connection and determine the symmetric key as a second symmetric key without carrying out key negotiation in the process of carrying out the encryption connection between the intermediate proxy equipment and the target server.
S1044, determining the first symmetric key and the second symmetric key as message key information.
Specifically, the invention can determine the first symmetric key and the second symmetric key as message key information after obtaining the first symmetric key and the second symmetric key.
The data processing method provided by the invention can effectively realize the acquisition of the key information of the message, thereby effectively ensuring the realization of message decryption.
Based on the sixth data processing method, the present invention proposes a seventh data processing method. In a seventh data processing method, a target client stores a first symmetric key; at this time, step S105 may include:
acquiring a first encrypted transmission message sent by a target client in a target session; the first encrypted transmission message is a message generated by the target client based on a first symmetric key after the encryption connection agent is completed;
And decrypting the first encrypted transmission message based on the first symmetric key.
It should be noted that, after the target client completes the encrypted connection with the intermediate proxy device and determines the first symmetric key, the encrypted transmission of the message can be performed based on the first symmetric key. At this time, the target client may encrypt the message to be sent based on the first symmetric key, generate an encrypted transmission message, and send the encrypted transmission message to the intermediate proxy device.
It may be appreciated that the first encrypted transmission message may be a message sent by the target client after the encrypted connection is completed.
Specifically, the invention can acquire the first encrypted transmission message sent by the target client after the encrypted connection is completed, and decrypt the first encrypted transmission message by using the first symmetric key.
Optionally, in the other data processing method provided by the present invention, after decrypting the first encrypted transmission packet based on the first symmetric key, the method further includes:
obtaining a first decryption message; the first decryption message is a message obtained by decrypting the first encrypted transmission message based on the first symmetric key;
detecting whether the first decryption message is a network attack message or not;
And under the condition that the first decryption message is detected to be a non-network attack message, encrypting the first decryption message based on the second symmetric key, obtaining a corresponding first encryption message and sending the corresponding first encryption message to the target server.
It can be understood that the first decryption message is encrypted and sent only when the first decryption message is detected as the non-network attack message, so that the network attack message is effectively prevented from being transmitted to the target server, the network attacker is prevented from escaping from the attack by utilizing the encrypted transmission between the client and the server, the harm caused by the network attack is avoided, and the network security is improved.
Optionally, the invention can directly discard the first decryption message under the condition that the first decryption message is detected as the network attack message, further avoid transmitting the network attack message to the target server, and improve network security.
The data processing method provided by the invention can effectively avoid the harm caused by network attack and improve the network security.
Based on the sixth data processing method, the present invention proposes an eighth data processing method. In the eighth data processing method, the target server stores the second symmetric key, and step S105 may include:
Acquiring a second encrypted transmission message sent by a target server in a target session; the second encrypted transmission message is a message generated by the target server based on a second symmetric key after the encryption connection agent is completed;
and decrypting the second encrypted transmission message based on the second symmetric key.
It should be noted that, after the target server completes the encryption connection with the intermediate proxy device and determines the second symmetric key, the encrypted transmission of the message can be performed based on the second symmetric key. At this time, the target server may encrypt the message to be sent based on the second symmetric key, generate an encrypted transmission message, and send the encrypted transmission message to the intermediate proxy device.
It is understood that the second encrypted transmission message may be a message sent by the target server after the encrypted connection is completed.
Specifically, the invention can acquire the second encrypted transmission message sent by the target server after the encrypted connection is completed, and decrypt the second encrypted transmission message by using the second symmetric key.
Optionally, in the other data processing method provided by the present invention, after decrypting the second encrypted transmission packet based on the second symmetric key, the method further includes:
Obtaining a second Jie Mibao text; the second Jie Mibao message is a message obtained by decrypting the second encrypted transmission message based on the second symmetric key;
detecting whether the second decryption message is a network attack message;
and under the condition that the second decrypted message is detected to be a non-network attack message, encrypting the second Jie Mibao message based on the first symmetric key, obtaining a corresponding second encrypted message and sending the second encrypted message to the target client.
It can be understood that the invention encrypts and sends the second Jie Mibao message only when detecting the second decrypted message is not the network attack message, so that the network attack message can be effectively prevented from being transmitted to the target client, the network attacker can be prevented from escaping from the attack by utilizing the encrypted transmission between the client and the server, the harm caused by the network attack can be avoided, and the network security can be improved.
Optionally, the invention can directly discard the second decryption message under the condition that the second decryption message is detected as the network attack message, further avoid transmitting the network attack message to the target client, and improve network security.
The data processing method provided by the invention can effectively avoid the harm caused by network attack and improve the network security.
Corresponding to the method shown in fig. 1, as shown in fig. 4, the present invention proposes a data processing apparatus applied to an intermediate proxy device, the data processing apparatus comprising: a first determination unit 401, a first detection unit 402, a first serving unit 403, a first acquisition unit 404, and a first decryption unit 405; wherein:
the first determining unit 401 is configured to determine, in a session established by the intermediate proxy device for the client and the server, a session to be decrypted;
the first detecting unit 402 is configured to detect whether the transmission packet of the session to be decrypted includes an encrypted connection request packet;
the first serving unit 403 is configured to, when detecting that the transmission packet of the session to be decrypted includes an encrypted connection request packet, take the corresponding session to be decrypted as a target session;
the first obtaining unit 404 is configured to obtain message key information of the target session, where the message key information is obtained in a process that the intermediate proxy device performs encryption connection with the client and the server;
the first decryption unit 405 is configured to decrypt the transmission message of the target session based on the message key information.
Optionally, the first detecting unit 402 includes: a second detection unit and a third detection unit;
the second detecting unit is configured to detect whether the first transmission packet of the session to be decrypted is the encrypted connection request packet;
and the third detection unit is configured to continuously detect whether a transmission packet after the first transmission packet includes the encrypted connection request packet if the first transmission packet is detected to be not the encrypted connection request packet.
Optionally, the third detection unit includes: a fourth detection unit and a fifth detection unit;
the fourth detection unit is configured to detect, when it is detected that the first transmission packet is not the encrypted connection request packet, whether a transmission packet after the first transmission packet includes an encrypted negotiation packet;
the fifth detection unit is configured to detect, when the transmission packet after the first transmission packet includes the encrypted negotiation packet, whether the transmission packet after the encrypted negotiation packet includes the encrypted connection request packet.
Optionally, the encryption negotiation message includes an encryption negotiation identifier; the fourth detection unit includes: an initializing unit and a sixth detecting unit;
The initialization unit is used for initializing an encryption negotiation identification detector under the condition that the first transmission message is detected to be not the encryption connection request message;
the sixth detecting unit is configured to detect, by using the encryption negotiation identifier detecting machine, whether the transmission packet after the first transmission packet includes the encryption negotiation identifier, so as to detect whether the transmission packet after the first transmission packet includes the encryption negotiation packet.
Optionally, the fifth detection unit includes: the device comprises a first generation unit, a first identification unit and a seventh detection unit;
the first generation unit is configured to generate an encrypted connection detection identifier when the transmission packet after the first transmission packet is detected to include the encrypted negotiation packet;
the first identification unit is configured to identify the session to be decrypted including the encrypted negotiation packet by using the encrypted connection detection identifier;
the seventh detecting unit is configured to detect, in the session to be decrypted including the encrypted connection detection identifier, whether a transmission packet after the encrypted negotiation packet includes the encrypted connection request packet.
Optionally, the encrypted connection request message includes a handshake packet for requesting establishment of an encrypted connection;
detecting whether the transmission message of the session to be decrypted comprises the encrypted connection request message, and setting the transmission message as follows:
under the condition that the transmission message of the session to be decrypted comprises the handshake data packet, determining that the transmission message of the session to be decrypted is the encryption connection request message;
and under the condition that the transmission message of the session to be decrypted does not comprise the handshake data packet, determining that the transmission message of the session to be decrypted is not the encryption connection request message.
Optionally, the first determining unit 401 is configured to determine, in a session established by the intermediate proxy device for the client and the server, a corresponding session as the session to be decrypted if a session in which connection information matches with pre-configured decryption connection information is detected.
Optionally, the first obtaining unit 404 includes: the device comprises a proxy unit, a first obtaining unit, a second obtaining unit and a second determining unit;
the proxy unit is used for carrying out encryption connection proxy with the target client and the target server based on the encryption connection request message in the target session; the target client is the client corresponding to the target session, and the target server is the server corresponding to the target session;
The first obtaining unit is used for obtaining a first symmetric key negotiated with the target client;
the second obtaining unit is used for obtaining a second symmetric key negotiated with the target server;
the second determining unit is configured to determine the first symmetric key and the second symmetric key as the message key information.
Optionally, the target client stores the first symmetric key; the first decryption unit 405 includes: a second acquisition unit and a second decryption unit;
the second obtaining unit is configured to obtain a first encrypted transmission packet sent by the target client in the target session; the first encrypted transmission message is a message generated by the target client based on the first symmetric key after the encryption connection agent is completed;
the second decryption unit is configured to decrypt the first encrypted transmission packet based on the first symmetric key.
Optionally, the target server stores the second symmetric key; the first decryption unit 405 includes: a third acquisition unit and a third decryption unit;
the third obtaining unit is configured to obtain a second encrypted transmission packet sent by the target server in the target session; the second encrypted transmission message is a message generated by the target server based on the second symmetric key after the encryption connection agent is completed;
And the third decryption unit is used for decrypting the second encrypted transmission message based on the second symmetric key.
Optionally, the data processing apparatus further includes: a third obtaining unit, an eighth detecting unit, a first encrypting unit, a fourth obtaining unit and a first transmitting unit;
the third obtaining unit is configured to obtain a first decrypted packet after decrypting the first encrypted transmission packet based on the first symmetric key; the first decryption message is a message obtained by decrypting the first encrypted transmission message based on the first symmetric key;
the eighth detection unit is configured to detect whether the first decryption packet is a network attack packet;
the first encryption unit is configured to encrypt the first decryption packet based on the second symmetric key when the first decryption packet is detected to be a non-network attack packet;
the fourth obtaining unit is configured to obtain a corresponding first encrypted packet;
the first sending unit is configured to send the first encrypted packet to the target server.
Optionally, the data processing apparatus further includes: a fifth obtaining unit, a ninth detecting unit, a second encrypting unit, a sixth obtaining unit, and a second transmitting unit;
The fifth obtaining unit is configured to obtain a second decrypted packet after decrypting the second encrypted transmission packet based on the second symmetric key; the second Jie Mibao message is a message obtained by decrypting the second encrypted transmission message based on the second symmetric key;
the ninth detection unit is configured to detect whether the second Jie Mibao message is a network attack message;
the second encryption unit is configured to encrypt, based on the first symmetric key, the second Jie Mibao message when the second decrypted message is detected to be a non-network attack message;
the fourth obtaining unit is configured to obtain a corresponding second encrypted packet;
the first sending unit is configured to send the second encrypted packet to the target client.
The data processing device provided by the invention can determine at least one session to be decrypted from the session established for the client and the server by the intermediate proxy equipment, then detect the session to be decrypted comprising the encrypted connection request message, namely the session to be decrypted which has initiated the encrypted connection by detecting whether the session to be decrypted comprises the encrypted connection request message, take the session to be decrypted which has initiated the encrypted connection as a target session, acquire the message key information of the target session through the encrypted connection proxy, and decrypt the transmission message of the target session based on the message key information. The invention can realize the detection of the target session through the data detection, thereby effectively detecting and decrypting the transmission message between the client and the server which need to be decrypted, avoiding decrypting the transmission message between the client and the server which do not need to be decrypted while effectively realizing the message decryption, effectively avoiding the unnecessary consumption of decryption resources and ensuring the utilization rate of the decryption resources.
Fig. 5 illustrates a physical schematic diagram of an electronic device, as shown in fig. 5, which may include: processor 510, communication interface (Communications Interface) 520, memory 530, and communication bus 540, wherein processor 510, communication interface 520, memory 530 complete communication with each other through communication bus 540. Processor 510 may invoke logic instructions in memory 530 to perform a data processing method that applies to an intermediate proxy device, the data processing method comprising:
determining a session to be decrypted in a session established by the intermediate proxy equipment for the client and the server;
detecting whether the transmission message of the session to be decrypted comprises an encryption connection request message or not;
under the condition that the transmission message of the session to be decrypted comprises an encryption connection request message, the corresponding session to be decrypted is taken as a target session;
the message key information of the target session is obtained in the process that the intermediate proxy equipment, the client and the server are connected in an encryption mode;
and decrypting the transmission message of the target session based on the message key information.
Further, the logic instructions in the memory 530 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, is capable of performing a data processing method applied to an intermediate proxy device, the data processing method comprising:
Determining a session to be decrypted in a session established by the intermediate proxy equipment for the client and the server;
detecting whether the transmission message of the session to be decrypted comprises an encryption connection request message or not;
under the condition that the transmission message of the session to be decrypted comprises an encryption connection request message, the corresponding session to be decrypted is taken as a target session;
the message key information of the target session is obtained in the process that the intermediate proxy equipment, the client and the server are connected in an encryption mode;
and decrypting the transmission message of the target session based on the message key information.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform a data processing method applied to an intermediate proxy device, the data processing method comprising:
determining a session to be decrypted in a session established by the intermediate proxy equipment for the client and the server;
detecting whether the transmission message of the session to be decrypted comprises an encryption connection request message or not;
Under the condition that the transmission message of the session to be decrypted comprises an encryption connection request message, the corresponding session to be decrypted is taken as a target session;
the message key information of the target session is obtained in the process that the intermediate proxy equipment, the client and the server are connected in an encryption mode;
and decrypting the transmission message of the target session based on the message key information.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (13)

1. A data processing method, applied to an intermediate proxy device, comprising:
determining a session to be decrypted in a session established by the intermediate proxy equipment for the client and the server;
detecting whether the transmission message of the session to be decrypted comprises an encryption connection request message or not;
under the condition that the transmission message of the session to be decrypted comprises an encryption connection request message, the corresponding session to be decrypted is taken as a target session;
the message key information of the target session is obtained in the process that the intermediate proxy equipment, the client and the server are connected in an encryption mode;
And decrypting the transmission message of the target session based on the message key information.
2. The method according to claim 1, wherein the detecting whether the transmission message of the session to be decrypted includes an encrypted connection request message comprises:
detecting whether the first transmission message of the session to be decrypted is the encryption connection request message or not;
and under the condition that the first transmission message is detected to be not the encrypted connection request message, continuously detecting whether the transmission message after the first transmission message comprises the encrypted connection request message.
3. The method according to claim 2, wherein, in the case where it is detected that the first transmission packet is not the encrypted connection request packet, continuing to detect whether the transmission packet subsequent to the first transmission packet includes the encrypted connection request packet, includes:
detecting whether a transmission message after the first transmission message comprises an encryption negotiation message or not under the condition that the first transmission message is not the encryption connection request message;
and detecting whether the transmission message after the encryption negotiation message comprises the encryption connection request message or not under the condition that the transmission message after the first transmission message comprises the encryption negotiation message.
4. A data processing method according to claim 3, wherein the encryption negotiation messages include encryption negotiation identifications; and under the condition that the first transmission message is detected to be not the encrypted connection request message, detecting whether the transmission message after the first transmission message comprises an encrypted negotiation message or not, wherein the method comprises the following steps:
initializing an encryption negotiation identification detector under the condition that the first transmission message is detected to be not the encryption connection request message;
and detecting whether the transmission message after the first transmission message comprises the encryption negotiation identification or not by the encryption negotiation identification detector so as to detect whether the transmission message after the first transmission message comprises the encryption negotiation message or not.
5. A data processing method according to claim 3, wherein, in the case where the transmission message after the first transmission message is detected to include the encrypted negotiation message, detecting whether the transmission message after the encrypted negotiation message includes the encrypted connection request message includes:
generating an encryption connection detection identifier and identifying the session to be decrypted comprising the encryption negotiation message under the condition that the transmission message after the first transmission message comprises the encryption negotiation message;
And in the session to be decrypted comprising the encrypted connection detection identifier, detecting whether a transmission message after the encrypted negotiation message comprises the encrypted connection request message.
6. The data processing method according to any one of claims 1 to 5, wherein the encrypted connection request message includes a handshake packet for requesting establishment of an encrypted connection;
detecting whether the transmission message of the session to be decrypted includes the encrypted connection request message, including:
under the condition that the transmission message of the session to be decrypted comprises the handshake data packet, determining that the transmission message of the session to be decrypted is the encryption connection request message;
and under the condition that the transmission message of the session to be decrypted does not comprise the handshake data packet, determining that the transmission message of the session to be decrypted is not the encryption connection request message.
7. The data processing method according to claim 1, wherein the determining a session to be decrypted in the session established by the intermediate proxy device for the client and the server includes:
and in the session established by the intermediate proxy equipment for the client and the server, if the session of which the connection information is matched with the pre-configured decryption connection information is detected, determining the corresponding session as the session to be decrypted.
8. The method for processing data according to claim 1, wherein the obtaining the message key information of the target session includes:
based on the encryption connection request message in the target session, carrying out encryption connection proxy with a target client and a target server to obtain a first symmetric key negotiated with the target client and a second symmetric key negotiated with the target server; the target client is the client corresponding to the target session, and the target server is the server corresponding to the target session;
and determining the first symmetric key and the second symmetric key as the message key information.
9. The data processing method of claim 8, wherein the target client stores the first symmetric key; the decrypting the transmission message of the target session based on the message key information includes:
acquiring a first encrypted transmission message sent by the target client in the target session; the first encrypted transmission message is a message generated by the target client based on the first symmetric key after the encryption connection agent is completed;
And decrypting the first encrypted transmission message based on the first symmetric key.
10. The data processing method according to claim 8, wherein the target server holds the second symmetric key; the decrypting the transmission message of the target session based on the message key information includes:
acquiring a second encrypted transmission message sent by the target server in the target session; the second encrypted transmission message is a message generated by the target server based on the second symmetric key after the encryption connection agent is completed;
and decrypting the second encrypted transmission message based on the second symmetric key.
11. The data processing method according to claim 9, wherein after decrypting the first encrypted transmission message based on the first symmetric key, the data processing method further comprises:
obtaining a first decryption message; the first decryption message is a message obtained by decrypting the first encrypted transmission message based on the first symmetric key;
detecting whether the first decryption message is a network attack message or not;
And under the condition that the first decryption message is detected to be a non-network attack message, encrypting the first decryption message based on the second symmetric key to obtain a corresponding first encryption message and sending the corresponding first encryption message to the target server.
12. The data processing method according to claim 10, wherein after decrypting the second encrypted transmission message based on the second symmetric key, the data processing method further comprises:
obtaining a second Jie Mibao text; the second Jie Mibao message is a message obtained by decrypting the second encrypted transmission message based on the second symmetric key;
detecting whether the second Jie Mibao message is a network attack message;
and under the condition that the second decrypted message is detected to be a non-network attack message, encrypting the second decrypted message based on the first symmetric key, obtaining a corresponding second encrypted message and sending the second encrypted message to the target client.
13. A data processing apparatus, characterized by being applied to an intermediate proxy device, the data processing method comprising: a first determination unit, a first detection unit, a first serving unit, a first acquisition unit, and a first decryption unit; wherein:
The first determining unit is configured to determine a session to be decrypted in a session established by the intermediate proxy device for the client and the server;
the first detecting unit is configured to detect whether the transmission packet of the session to be decrypted includes an encrypted connection request packet;
the first serving unit is configured to, when detecting that the transmission packet of the session to be decrypted includes an encrypted connection request packet, use the corresponding session to be decrypted as a target session;
the first obtaining unit is configured to obtain message key information of the target session, where the message key information is obtained in a process that the intermediate proxy device performs encryption connection with the client and the server;
the first decryption unit is configured to decrypt a transmission message of the target session based on the message key information.
CN202310280737.2A 2023-03-21 2023-03-21 Data processing method and device Pending CN116405536A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310280737.2A CN116405536A (en) 2023-03-21 2023-03-21 Data processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310280737.2A CN116405536A (en) 2023-03-21 2023-03-21 Data processing method and device

Publications (1)

Publication Number Publication Date
CN116405536A true CN116405536A (en) 2023-07-07

Family

ID=87013468

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310280737.2A Pending CN116405536A (en) 2023-03-21 2023-03-21 Data processing method and device

Country Status (1)

Country Link
CN (1) CN116405536A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116760868A (en) * 2023-08-16 2023-09-15 国网江苏省电力有限公司电力科学研究院 Automatic judging and detecting method and system for intelligent distribution transformer

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116760868A (en) * 2023-08-16 2023-09-15 国网江苏省电力有限公司电力科学研究院 Automatic judging and detecting method and system for intelligent distribution transformer
CN116760868B (en) * 2023-08-16 2023-10-20 国网江苏省电力有限公司电力科学研究院 Automatic judging and detecting method and system for intelligent distribution transformer

Similar Documents

Publication Publication Date Title
US11522838B2 (en) Secure end-to-end transport through in intermediary nodes
CN110190955B (en) Information processing method and device based on secure socket layer protocol authentication
US20210203697A1 (en) HTTPS request enrichment
CN108650227B (en) Handshaking method and system based on datagram secure transmission protocol
US8990569B2 (en) Secure communication session setup
US8549614B2 (en) Establishing internet protocol security sessions using the extensible messaging and presence protocol
CN113067828B (en) Message processing method, device, server, computer equipment and storage medium
US20150244520A1 (en) One-time-pad data encryption with media server
CN108769292B (en) Message data processing method and device
US9350711B2 (en) Data transmission method, system, and apparatus
US6725276B1 (en) Apparatus and method for authenticating messages transmitted across different multicast domains
WO2019178942A1 (en) Method and system for performing ssl handshake
CN114338844B (en) Cross-protocol communication method and device between client servers
WO2012083732A1 (en) Method and system for performing encryption/decryption when transmitting data in web
US20070266233A1 (en) Method and apparatus to minimize latency by avoiding small tcp segments in a ssl offload environment
CN110719248A (en) Method and device for forwarding user datagram protocol message
JP2017536776A (en) Method and system for collecting clear text of network confidential data
CN112637136A (en) Encrypted communication method and system
KR20180130203A (en) APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME
CN116405536A (en) Data processing method and device
WO2009082950A1 (en) Key distribution method, device and system
WO2022123384A1 (en) Providing enrichment information using hypertext transfer protocol secure (https)
CN108900584B (en) Data transmission method and system for content distribution network
CN117098123A (en) Quantum key-based Beidou short message encryption communication system
WO2017197968A1 (en) Data transmission method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination