CN106961439A - A kind of HTTPS encrypted transmission methods and device - Google Patents

A kind of HTTPS encrypted transmission methods and device Download PDF

Info

Publication number
CN106961439A
CN106961439A CN201710209940.5A CN201710209940A CN106961439A CN 106961439 A CN106961439 A CN 106961439A CN 201710209940 A CN201710209940 A CN 201710209940A CN 106961439 A CN106961439 A CN 106961439A
Authority
CN
China
Prior art keywords
access request
request message
https
message
client device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710209940.5A
Other languages
Chinese (zh)
Other versions
CN106961439B (en
Inventor
吴庆
贾新奎
谢波
王挺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPtech Information Technology Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201710209940.5A priority Critical patent/CN106961439B/en
Publication of CN106961439A publication Critical patent/CN106961439A/en
Application granted granted Critical
Publication of CN106961439B publication Critical patent/CN106961439B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Abstract

The application provides a kind of HTTPS encrypted transmission methods and device.In the application, HTTPS service-specific equipments are after the access request message of client device transmission is received, whether can determine that in the message includes HTTPS service keywords, if do not included, then HTTPS redirection messages are returned to client device, so that its transmission includes the access request message of HTTPS service keywords, the encrypted transmission of data between client device and Web server is thereby guaranteed that, the security of data transfer is ensured.

Description

A kind of HTTPS encrypted transmission methods and device
Technical field
The application is related to network communication technology field, more particularly to a kind of HTTPS encrypted transmission methods and device.
Background technology
For data transfer risk, client device and the Web server both sides one such as avoid data tampering, privacy of user from stealing As by install corresponding HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, HTTP on the basis of SSL) associated component, to realize the encrypted transmission of data.
And for some small-sized Web servers, such as Campus Network Server, it is contemplated that encryption and decryption computing extremely consumes Take the situation of the valuable processor resource of server, HTTPS service-specific equipments typically can be used and are carried out to substitute Web server The encryption and decryption computing of data.But its deficiency is, user is when carrying out server access, it is necessary to be manually entered this clothes of HTTPS Keyword is engaged in enable the data encrypting and deciphering function of special equipment, and when the service keyword of user input is HTTP or omission During the input of service keyword, the access request of user directly will be pass-through to Web server by special equipment, that is to say, that In this case, the encrypted transmission of data is not realized between client device and Web server, and this will be to be passed data Bury the transmission hidden danger for being maliciously tampered or stealing.
The content of the invention
In view of this, the application provides a kind of HTTPS encrypted transmission methods and device, with when the service key of user input Word is HTTP or during the input for omitting service keyword, it is to avoid by biography data to bury the transmission that is maliciously tampered or steals hidden Suffer from.
According to the first aspect of the embodiment of the present application there is provided a kind of HTTPS encrypted transmission methods, applied to HTTPS services Special equipment, methods described includes:
Receive message;
Whether judge received message is access request message that client device is sent;
When the message received is the access request message that client device is sent, determine in access request message whether Including HTTP service keyword;
If it is, returning to HTTPS redirection messages to the client device, include so that client device is sent The access request message of HTTPS service keywords;
After the access request message including HTTPS service keywords of client device transmission is received, to the access Request message is decrypted, and the access request message after decryption is sent to Web server.
According to the second aspect of the embodiment of the present application there is provided a kind of HTTPS encrypted transmissions device, applied to HTTPS services Special equipment, described device includes:
Receiving unit, for receiving message;
Judging unit, for judging whether received message is access request message that client device is sent;
HTTP determining units, for when the message received be client device send access request message when, it is determined that Whether include HTTP service keyword in access request message;
Returning unit, for when access request message includes HTTP service keyword, being returned to the client device HTTPS redirection messages are returned, so that client device, which is sent, includes the access request message of HTTPS service keywords;
Decryption unit, for receive client device transmission include the access request report of HTTPS service keywords Wen Hou, the access request message is decrypted;
Transmitting element, for the access request message after decryption to be sent to Web server.
In the application, HTTPS service-specific equipments, can be true after the access request message of client device transmission is received Whether include HTTPS service keywords in the fixed message, if do not included, return to HTTPS to client device and redirect report Text, so that its transmission includes the access request message of HTTPS service keywords, thereby guarantees that client device and Web server Between data encrypted transmission, ensure data transfer security.
Brief description of the drawings
Fig. 1 is the schematic diagram of a scenario of the application HTTPS encrypted transmission methods;
Fig. 2 is a kind of flow chart of HTTPS encrypted transmission methods of the application;
Fig. 3 is a kind of one embodiment flow chart of HTTPS encrypted transmission methods of the application;
Fig. 4 is a kind of the first structure chart of HTTPS encrypted transmissions device of the application;
Fig. 5 is a kind of second of structure chart of HTTPS encrypted transmissions device of the application;
Fig. 6 is a kind of the third structure chart of HTTPS encrypted transmissions device of the application;
Fig. 7 is a kind of the 4th kind of structure chart of HTTPS encrypted transmissions device of the application.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent apparatus and method of some aspects be described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, and is not intended to be limiting the application. " one kind ", " described " and "the" of singulative used in the application and appended claims are also intended to including majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, not departing from In the case of the application scope, the first information can also be referred to as the second information, similarly, and the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
Referring to Fig. 1, Fig. 1 is the schematic diagram of a scenario of the application HTTPS encrypted transmission methods.The schematic diagram can include:Visitor Family end equipment, Web server and HTTPS service-specific equipments, wherein, client device and HTTPS service-specific equipments it Between, link is had between HTTPS service-specific equipments and Web server, and between client device and Web server Connection.Under normal circumstances, it is data transfer risk, client device and the Web service such as avoid data tampering, privacy of user from stealing Device both sides are general by installing corresponding HTTPS associated components, to realize the encrypted transmission of data.And it is small-sized for some For Web server, such as Campus Network Server, it is contemplated that encryption and decryption computing extremely expends the valuable processor resource of server Situation, and the corresponding HTTPS associated components of required installation may also possess certain security breaches in itself, so generally The encryption and decryption computing that Web server carries out data is substituted from HTTPS service-specific equipments.
It is done so that deficiency be, user carry out server access when, it is necessary to be manually entered this service of HTTPS Keyword enables the data encrypting and deciphering function of special equipment, and when user input service keyword is HTTP or omit clothes During the input of business keyword, the access request of user directly will be pass-through to Web server by special equipment, that is to say, that at this In the case of kind, the encrypted transmission of data is not realized between client device and Web server, and this will be buried to be passed data Under the transmission hidden danger that is maliciously tampered or steals.
In view of this, the application provides a kind of HTTPS encrypted transmission methods and device, with when the service key of user input Word is HTTP or during the input for omitting service keyword, it is to avoid by biography data to bury the transmission that is maliciously tampered or steals hidden Suffer from.
In order that those skilled in the art more fully understand the technical scheme in the embodiment of the present application, and make the application real Applying the above-mentioned purpose of example, feature and advantage can be more obvious understandable, below in conjunction with the accompanying drawings to technical side in the embodiment of the present application Case is described in further detail.
Referring to Fig. 2, Fig. 2 is a kind of flow chart of HTTPS encrypted transmission methods of the application, and the flow chart can include following Step:
Step 201:HTTPS service-specific equipments receive message.
This method embodiment is applied to HTTPS service-specific equipments.
Step 202:Whether judge received message is access request message that client device is sent.If it is, Perform step 203.
In this method embodiment, the source IP address that HTTPS service-specific equipments can include according to the message received Whether determine received message is access request message that client device is sent.
Step 203:Determine whether include HTTP service keyword in access request message.If it is, performing step 204。
In this method embodiment, before this step 203 is performed, HTTPS service-specific equipments can determine step first The mark of included website to be visited whether there is in the access list being pre-configured with access request message in 202, In the presence of the mark of website to be visited included in access request message is in the access list being pre-configured with, this step is performed Rapid 203;And when the mark of website to be visited included in access request message is not present in the access list being pre-configured with When, then can be by access request message transmission to Web server.
In this method embodiment, when not including HTTP service keyword in access request message, HTTPS services are special to be set It is standby to can determine that in the access request message whether include HTTPS service keywords, when the access request message includes HTTPS clothes During business keyword, then the access request message is decrypted, and the access request message after decryption is sent to Web service Device;And when not including HTTPS service keywords in the access request message, then take the access request message transmission to Web Business device.
Step 204:HTTPS redirection messages are returned to client device, so that client device, which is sent, includes HTTPS clothes The access request message of business keyword.
In this method embodiment, it for the explanation of this step, will in the examples below be illustrated, wouldn't go to live in the household of one's in-laws on getting married herein State.
Step 205:After the access request message including HTTPS service keywords of client device transmission is received, The access request message is decrypted, the access request message after decryption is sent to Web server.
In this method embodiment, it for the explanation of this step, will in the examples below be illustrated, wouldn't go to live in the household of one's in-laws on getting married herein State.
HTTPS service-specific equipments are receiving the visit of client device transmission it can be seen from above method embodiment Ask after access request message, it may be determined that whether include HTTPS service keywords in the message, if do not included, to client Equipment returns to HTTPS redirection messages, so that its transmission includes the access request message of HTTPS service keywords, thereby guarantees that The encrypted transmission of data between client device and Web server, ensures the security of data transfer.
Referring to Fig. 3, Fig. 3 is a kind of one embodiment flow chart of HTTPS encrypted transmission methods of the application.With the above method Unlike embodiment, the present embodiment will be illustrated with reference to specific example to part steps, be anticipated with stronger practical operation Justice, specifically, the present embodiment may comprise steps of:
Step 301:HTTPS service-specific equipments receive message.
The present embodiment is applied to HTTPS service-specific equipments.It will be appreciated by persons skilled in the art that HTTPS is serviced The alternative Web server of special equipment is set up SSL with client device and is connected or TLS (Transport Layer Security, Transport Layer Security) connection, so as to after the message including HTTPS service keywords is received, be carried out to the message Decryption, and the message after decryption is sent to Web server, and closed in the HTTP service that includes for receiving Web server transmission After the message of key word, then the message can be encrypted, and the message after encryption is sent to client device.
Step 302:Whether judge received message is access request message that client device is sent.If it is, Perform step 303.
In the present embodiment, the source IP address that HTTPS service-specific equipments can include according to the message received determines institute The message of reception whether be client device send access request message.It will be appreciated by persons skilled in the art that HTTPS Service-specific equipment can have the table to be checked of client device IP address and server ip address locally pre-saving a record, The table to be checked can be obtained by study.When receiving a message, HTTPS service-specific equipments can be by by message Source IP address is matched with the IP address in table to be checked, to determine that the source IP address is client device IP address or clothes Be engaged in device IP address, and thereby determine that received message whether be client device send access request message.
Step 303:Determine the mark of website to be visited included in access request message in the Access Column being pre-configured with It whether there is in table.If it is, performing step 304, step 310 is otherwise performed.
In the present embodiment, the mark for the website that above-mentioned access list record has this HTTPS service-specific equipments to be responsible for The key associated with the website.It is worthy of note that, HTTPS service-specific equipments may be only to some of Web server Website carries out the encryption and decryption computing of data, and the corresponding mark in these websites is recorded in list of websites for inquiry.And this The key of a little websites associations then by HTTPS service-specific equipments with during client device sets up SSL or STL is connected Consult to obtain, the message data received is encrypted or decrypted.Wherein, data message to be encrypted or The key of person's decryption is typically different, and the two keys are generally comprised within the digital certificate with website unique association to be visited, but In view of the specific encryption and decryption computing of the message data involved by the application is not within the scope of the application is claimed, therefore not Repeat.
In the present embodiment, the mark of website to be visited can by website to be visited domain name unique mark, and according to reality Situation, above-mentioned domain name can also be IP address or domain name and port numbers or IP address and port numbers etc..
Step 304:Determine whether include HTTP service keyword in access request message.If it is, performing step 305, otherwise perform step 308.
In the present embodiment, if what access request message included is HTTP service keyword, show client device Transmitted access request message is transmitted in the form of plaintext.Now, in order to ensure follow-up institute's transmitting message content Security, the access request message can't directly be pass-through to Web server by HTTPS service-specific equipments, but with step Rapid 305 mode require client device resend including service keyword be HTTPS access request message.
Step 305:HTTPS redirection messages are returned to client device, so that client device, which is sent, includes HTTPS clothes The access request message of business keyword.
In the present embodiment, after it is determined that the service keyword that access request message includes is HTTP, HTTPS services are special Equipment can send a feedback message to client device, so that client device is sent for Web by service keyword of HTTPS The access request message of server.This require client device use with HTTPS service-specific equipments consult in advance it is close Transmitted access request message is encrypted key, and wherein website is obtained so as to be sent in the form of ciphertext to Web server The access request message of resource.And when HTTPS service-specific equipments receive Web server with plaintext version return include it is upper After the request request response message for stating site resource, then request request response message can be encrypted, in the form of ciphertext Request request response message is back to client device, thus between client device and HTTPS service-specific equipments Realize the encrypted transmission of data.
Step 306:After the access request message including HTTPS service keywords of client device transmission is received, The corresponding key of mark of the website to be visited included by the access request message is searched in above-mentioned access list.
In the present embodiment, if it is assumed that the website to be visited that access request message includes is the official website of Tsing-Hua University, and Assuming that the key associated in list of websites with the website is KEY1, then HTTPS service-specific equipments are inquired in list of websites List item can be expressed as the form of table 1:
Website logo Key
www.tsinghua.edu.cn KEY1
Table 1
Step 307:Utilize found key that the access request message is decrypted, by the access request report after decryption Text is sent to Web server.
So far, the present embodiment flow can terminate.
Step 308:Determine whether include HTTPS service keywords in access request message.If it is, performing step 309, otherwise perform step 310.
Step 309:The mark correspondence of the website to be visited included by access request message is searched in above-mentioned access list Key, utilize found key that the access request message is decrypted, by the access request message after decryption send to Web server.
In the present embodiment, this step 309 is identical with the explanation that step 306 need to be made, therefore does not repeat.
Step 310:By access request message transmission to Web server.
In the present embodiment, if the service key that the access request message that HTTPS service-specific equipments are received includes Word is neither HTTPS nor HTTP, then can determine that such access request message is not belonging to the report that safe class requires higher Text, therefore can be directly by the message transmission to Web server.
In the present embodiment, if the message that HTTPS service-specific equipments are received in step 302 is by Web server The request request response message of transmission, then can determine whether whether the mark for returning to the website of the message deposits in above-mentioned list of websites , and in the presence of, determine whether include HTTP service keyword in the message, when the message includes HTTP service keyword When, then the key associated with the website is searched in list of websites, then message is encrypted using the key that this finds, And send the message after encryption to client device.And be not present in the list of websites website for returning to the message mark or , then can be directly by the message transmission to visitor when the service keyword that person's message includes is other service keywords such as HTTPS Family end equipment.
As can be seen from the above embodiments, HTTPS service-specific equipments please in the access for receiving client device transmission Ask after message, it may be determined that whether include HTTPS service keywords in the message, if do not included, returned to client device HTTPS redirection messages, so that its transmission includes the access request message of HTTPS service keywords, thereby guarantee that client is set The encrypted transmission of the standby data between Web server, ensures the security of data transfer.
Corresponding with a kind of foregoing embodiment of HTTPS encrypted transmission methods, present invention also provides a kind of HTTPS encryptions The embodiment of transmitting device.
Referring to Fig. 4, Fig. 4 is a kind of the first structure chart of HTTPS encrypted transmissions device of the application, and the device is used for HTTPS service-specific equipments, can include:Receiving unit 410, judging unit 420, HTTP determining units 430, returning unit 440th, decryption unit 450, transmitting element 460.
Wherein, receiving unit 410, for receiving message;
Judging unit 420, for judging whether received message is access request message that client device is sent;
HTTP determining units 430, for when the message received be client device send access request message when, really Determine whether include HTTP service keyword in access request message;
Returning unit 440, for when access request message includes HTTP service keyword, being returned to client device HTTPS redirection messages, so that client device, which is sent, includes the access request message of HTTPS service keywords;
Decryption unit 450, for receive client device transmission include the access request of HTTPS service keywords After message, the access request message is decrypted;
Transmitting element 460, for the access request message after decryption to be sent to Web server.
In the first implementation of present apparatus embodiment, judging unit 420 can be specifically for:According to what is received Source IP address that message includes determines whether received message is access request message that client device is sent.
In second of implementation of present apparatus embodiment, said apparatus can also include:Mark determining unit 470, Transparent transmission unit 480, for details, reference can be made to Fig. 5, and Fig. 5 is a kind of second of structure chart of HTTPS encrypted transmissions device of the application.
Wherein, identify determining unit 470, for it is determined that in access request message whether include HTTP service keyword it Before, determine that the mark of website to be visited included in access request message whether there is in the access list being pre-configured with;
HTTP determining units 430, specifically for the mark when website to be visited included in access request message pre- In the presence of in the access list first configured, determine whether include HTTP service keyword in access request message;
Transparent transmission unit 480, is being pre-configured with for mark when website to be visited included in access request message When being not present in access list, by access request message transmission to Web server.
In the third implementation of present apparatus embodiment, device described in above-mentioned second of implementation can be with Including:HTTPS determining units 490, searching unit 500, for details, reference can be made to Fig. 6, and Fig. 6 is a kind of HTTPS encrypted transmissions of the application The third structure chart of device.
HTTPS determining units 490, for when not including HTTP service keyword in access request message, it is determined that accessing Whether include HTTPS service keywords in request message;
Searching unit 500, for when access request message includes HTTPS service keywords, in above-mentioned access list The middle corresponding key of mark for searching the website to be visited included by access request message;
Then decryption unit 450, are additionally operable to that access request message is decrypted using above-mentioned key;
Transmitting element 460, is additionally operable to send the access request message after decryption to Web server.
In the 4th kind of implementation of present apparatus embodiment, the device corresponding to the first above-mentioned structure chart can also be wrapped Include:HTTPS determining units 490, transparent transmission unit 480, for details, reference can be made to Fig. 7, and Fig. 7 is a kind of HTTPS encrypted transmissions dress of the application The 4th kind of structure chart put.
Wherein, HTTPS determining units 490, for when in access request message not include HTTP service keyword when, it is determined that Whether include HTTPS service keywords in access request message;
Then decryption unit 450, are additionally operable to when access request message includes HTTPS service keywords, to access request Message is decrypted;
Transmitting element 460, is additionally operable to send the access request message after decryption to Web server;
Transparent transmission unit 480, for when not including HTTPS service keywords in access request message, by access request report Text is pass-through to Web server.
HTTPS service-specific equipments, which are can be seen that, from apparatus above embodiment is receiving the visit of client device transmission Ask after request message, it may be determined that whether include HTTPS service keywords in the message, if do not included, to client device HTTPS redirection messages are returned, so that its transmission includes the access request message of HTTPS service keywords, client are thereby guaranteed that The encrypted transmission of data between end equipment and Web server, ensures the security of data transfer.
The function of unit and the implementation process of effect specifically refer to correspondence step in the above method in said apparatus Implementation process, will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method Apply the part explanation of example.Device embodiment described above is only schematical, wherein described be used as separating component The unit of explanation can be or may not be physically separate, and the part shown as unit can be or can also It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality Selection some or all of module therein is needed to realize the purpose of application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
The preferred embodiment of the application is the foregoing is only, not to limit the application, all essences in the application God is with principle, and any modifications, equivalent substitutions and improvements done etc. should be included within the scope of the application protection.

Claims (10)

1. a kind of HTTPS encrypted transmission methods, applied to HTTPS service-specific equipments, it is characterised in that methods described includes:
Receive message;
Whether judge received message is access request message that client device is sent;
When the message received is the access request message that client device is sent, determine whether include in access request message HTTP service keyword;
If it is, HTTPS redirection messages are returned to the client device, so that client device, which is sent, includes HTTPS The access request message of service keyword;
After the access request message including HTTPS service keywords of client device transmission is received, to the access request Message is decrypted, and the access request message after decryption is sent to Web server.
2. according to the method described in claim 1, it is characterised in that described to judge whether received message is client device The access request message of transmission, including:
Source IP address that message according to being received includes determines whether received message is visit that client device is sent Ask request message.
3. according to the method described in claim 1, it is characterised in that methods described also includes:
Before it is determined that whether including HTTP service keyword in access request message,
Determine in the access request message mark of included website to be visited in the access list being pre-configured with whether In the presence of;
If it is present performing the step:Determine whether include HTTP service keyword in access request message;
If it does not exist, then by the access request message transmission to Web server.
4. method according to claim 3, it is characterised in that methods described also includes:
When not including HTTP service keyword in access request message, determine whether include in the access request message HTTPS service keywords;
If it is, searching the mark correspondence of the website to be visited included by the access request message in the access list Key;
The access request message is decrypted using the key, the access request message after decryption is sent to Web and taken Business device.
5. according to the method described in claim 1, it is characterised in that methods described also includes:
When not including HTTP service keyword in access request message, determine whether include in the access request message HTTPS service keywords;
If it is, the access request message is decrypted, the access request message after decryption is sent to Web service Device;
If it is not, then by the access request message transmission to Web server.
6. a kind of HTTPS encrypted transmissions device, applied to HTTPS service-specific equipments, it is characterised in that described device includes:
Receiving unit, for receiving message;
Judging unit, for judging whether received message is access request message that client device is sent;
HTTP determining units, for when the message received is the access request message that client device is sent, it is determined that accessing Whether include HTTP service keyword in request message;
Returning unit, for when access request message includes HTTP service keyword, being returned to the client device HTTPS redirection messages, so that client device, which is sent, includes the access request message of HTTPS service keywords;
Decryption unit, for receive client device transmission the access request message including HTTPS service keywords after, The access request message is decrypted;
Transmitting element, for the access request message after decryption to be sent to Web server.
7. device according to claim 6, it is characterised in that the judging unit, specifically for:
Source IP address that message according to being received includes determines whether received message is visit that client device is sent Ask request message.
8. device according to claim 6, it is characterised in that described device also includes:
Determining unit is identified, for before it is determined that whether including HTTP service keyword in access request message, it is determined that described The mark of included website to be visited whether there is in the access list being pre-configured with access request message;
The HTTP determining units, specifically for the mark when website to be visited included in the access request message pre- In the presence of in the access list first configured, determine whether include HTTP service keyword in access request message;
Transparent transmission unit, for the mark when website to be visited included in the access request message in the access being pre-configured with When being not present in list, by the access request message transmission to Web server.
9. device according to claim 8, it is characterised in that described device also includes:
HTTPS determining units, for when not including HTTP service keyword in access request message, determining the access request Whether include HTTPS service keywords in message;
Searching unit, for when the access request message includes HTTPS service keywords, being looked into the access list Look for the corresponding key of mark of the website to be visited included by the access request message;
The decryption unit, is additionally operable to that the access request message is decrypted using the key;
The transmitting element, is additionally operable to send the access request message after decryption to Web server.
10. device according to claim 6, it is characterised in that described device also includes:
HTTPS determining units, for when not including HTTP service keyword in access request message, determining the access request Whether include HTTPS service keywords in message;
The decryption unit, is additionally operable to when the access request message includes HTTPS service keywords, please to the access Message is asked to be decrypted;
The transmitting element, is additionally operable to send the access request message after decryption to Web server;
Transparent transmission unit, for when not including HTTPS service keywords in the access request message, by the access request report Text is pass-through to Web server.
CN201710209940.5A 2017-03-31 2017-03-31 A kind of HTTPS encrypted transmission method and device Active CN106961439B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710209940.5A CN106961439B (en) 2017-03-31 2017-03-31 A kind of HTTPS encrypted transmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710209940.5A CN106961439B (en) 2017-03-31 2017-03-31 A kind of HTTPS encrypted transmission method and device

Publications (2)

Publication Number Publication Date
CN106961439A true CN106961439A (en) 2017-07-18
CN106961439B CN106961439B (en) 2019-09-17

Family

ID=59483188

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710209940.5A Active CN106961439B (en) 2017-03-31 2017-03-31 A kind of HTTPS encrypted transmission method and device

Country Status (1)

Country Link
CN (1) CN106961439B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107634969A (en) * 2017-10-26 2018-01-26 迈普通信技术股份有限公司 Data interactive method and device
CN107995188A (en) * 2017-11-30 2018-05-04 杭州迪普科技股份有限公司 A kind of device and method for realizing test equipment and equipment under test data transfer

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020188862A1 (en) * 2001-03-28 2002-12-12 Trethewey James R. Method and system for automatic invocation of secure sockets layer encryption on a parallel array of Web servers
US20060155869A1 (en) * 2004-12-22 2006-07-13 Slipstream Data Inc. Browser-plugin based method for advanced HTTPS data processing
CN101034981A (en) * 2006-03-07 2007-09-12 上海品伟数码科技有限公司 Network access control system and its control method
CN101119274A (en) * 2007-09-12 2008-02-06 杭州华三通信技术有限公司 Method for improving treatment efficiency of SSL gateway and SSL gateway
CN102638346A (en) * 2012-05-12 2012-08-15 杭州迪普科技有限公司 Method and device for authorizing subscriber digital certificate
CN103618743A (en) * 2013-12-09 2014-03-05 北京星网锐捷网络技术有限公司 Service access method, speed-up client, speed-up server and system
CN105721479A (en) * 2016-03-02 2016-06-29 北京网康科技有限公司 URL filtering method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020188862A1 (en) * 2001-03-28 2002-12-12 Trethewey James R. Method and system for automatic invocation of secure sockets layer encryption on a parallel array of Web servers
US20060155869A1 (en) * 2004-12-22 2006-07-13 Slipstream Data Inc. Browser-plugin based method for advanced HTTPS data processing
CN101034981A (en) * 2006-03-07 2007-09-12 上海品伟数码科技有限公司 Network access control system and its control method
CN101119274A (en) * 2007-09-12 2008-02-06 杭州华三通信技术有限公司 Method for improving treatment efficiency of SSL gateway and SSL gateway
CN102638346A (en) * 2012-05-12 2012-08-15 杭州迪普科技有限公司 Method and device for authorizing subscriber digital certificate
CN103618743A (en) * 2013-12-09 2014-03-05 北京星网锐捷网络技术有限公司 Service access method, speed-up client, speed-up server and system
CN105721479A (en) * 2016-03-02 2016-06-29 北京网康科技有限公司 URL filtering method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107634969A (en) * 2017-10-26 2018-01-26 迈普通信技术股份有限公司 Data interactive method and device
CN107634969B (en) * 2017-10-26 2020-07-10 迈普通信技术股份有限公司 Data interaction method and device
CN107995188A (en) * 2017-11-30 2018-05-04 杭州迪普科技股份有限公司 A kind of device and method for realizing test equipment and equipment under test data transfer

Also Published As

Publication number Publication date
CN106961439B (en) 2019-09-17

Similar Documents

Publication Publication Date Title
US9922207B2 (en) Storing user data in a service provider cloud without exposing user-specific secrets to the service provider
Chu et al. Security concerns in popular cloud storage services
US9537861B2 (en) Method of mutual verification between a client and a server
JP6622196B2 (en) Virtual service provider zone
JP6561149B2 (en) Technology for managing the privacy of network communications
CN104580086A (en) Information transmission method, client side, server and system
US20040236962A1 (en) Method and apparatus for secure browser-based information service
WO2014028757A1 (en) Secure data exchange using messaging service
EP2354996B1 (en) Apparatus and method for remote processing while securing classified data
US20120163598A1 (en) Session secure web content delivery
CN107172001B (en) Control method and device of website proxy server and key proxy server
CN105791451A (en) Message response method and device
CN103220261A (en) Proxy method, device and system of open authentication application program interface
Ban et al. Fine-grained support of security services for resource constrained internet of things
CN106060099A (en) Data access method and system, and devices
CN103634399A (en) Method and device for realizing cross-domain data transmission
CN104348838A (en) Document management system and method
WO2016112580A1 (en) Service processing method and device
CN106961439B (en) A kind of HTTPS encrypted transmission method and device
CN106453399B (en) A kind of domain name resolution service method and system of user oriented secret protection
Gill et al. Secure remote access to home automation networks
Sodagudi et al. An approach to identify data leakage in secure communication
US20140258129A1 (en) Method, apparatus and system for establishing a secure communications session
Breeding Key Technologies with Implications for Privacy: Encryption, Analytics, and Advertising Tracking
CN110519292B (en) Encoding method for social network, social method, apparatus, device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210621

Address after: 310051 05, room A, 11 floor, Chung Cai mansion, 68 Tong Xing Road, Binjiang District, Hangzhou, Zhejiang.

Patentee after: Hangzhou Dip Information Technology Co.,Ltd.

Address before: 6 / F, Zhongcai building, 68 Tonghe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee before: Hangzhou DPtech Technologies Co.,Ltd.

TR01 Transfer of patent right