CN108156178A - A kind of SSL/TLS data monitoring systems and method - Google Patents
A kind of SSL/TLS data monitoring systems and method Download PDFInfo
- Publication number
- CN108156178A CN108156178A CN201810090708.9A CN201810090708A CN108156178A CN 108156178 A CN108156178 A CN 108156178A CN 201810090708 A CN201810090708 A CN 201810090708A CN 108156178 A CN108156178 A CN 108156178A
- Authority
- CN
- China
- Prior art keywords
- master key
- session master
- ssl
- data
- tls
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of SSL/TLS data monitoring systems and methods, the process that session master key is generated in the SSL/TLS handshake procedures of client and server-side is acted on behalf of by dynamic proxy technology, session master key is obtained, and the session master key of acquisition is subjected to socket or monitoring file;It obtains the session master key of socket or monitoring file and is forwarded;The session master key of forwarding is obtained, by the session master key persistence of forwarding in database;The encryption data transmitted between client and server-side is exported;Corresponding session master key is inquired from database, corresponding decipherment algorithm is selected to decrypt derived encryption data, obtains clear data;Corresponding application layer decoder is selected to parse clear data.The present invention does not interfere with former encrypted link completely, obtains session master key by the direct access application memory of the dynamic proxy technology of each programming language, supports the SSL/TLS agreements of all versions.
Description
Technical field
The present invention relates to data monitoring technical fields, and in particular, to a kind of monitoring system to SSL/TLS encryption datas
And method.
Background technology
Transport Layer Security (Transport Layer Security, TLS) and its predecessor's Secure Socket Layer
(Secure Sockets Layer, SSL) is a kind of security protocol, it is therefore an objective to for internet communication, provide safety and data are complete
Whole property guarantee.In the application programs such as browser, Email, instant messaging, VoIP, fax through internet, this association is supported extensively
View.The industrial standard of secure communication on internet is become at present.
But while safety is provided and data integrity ensures, the monitor mode based on network flow is proposed and is chosen
War.To solve the problems, such as to be difficult to monitor using SSL/TLS data on internet, propose to obtain encryption meeting by embedded Agent
The mode of master key is talked about to decrypt the encryption data of monitor bypass acquisition.
Now common SSL/TLS data monitorings have following means:
1st, it is serially accessed between server-side and client by go-between's mode, passes through modification in SSL/TLS handshake phases
The handshake information of communicating pair transmission obtains the key that communicating pair is used for data encryption, reaches decryption private data.
2nd, the SSL/TLS agreement encryption datas that client-side/server-side is sent are decrypted into plain text, so by proxy server
Server/customer end will be sent to after the clear data encryption after audit again afterwards.
Said program is similar, and all there are following defects:
A, communication link can be invaded, initial data is changed, affects to the performance of application program;
B, it when using authentication mechanism between client and server, needs to obtain the certificate of user, there are safeties to ask
Topic.
3rd, for non-intruding mode, the scheme of encryption data is obtained with monitor bypass, is solved by load server certificate
Close encryption data.The program has following defect:
A, user is needed to provide privacy key, there are safety issues;
B, only support RSA as Diffie-Hellman.
Invention content
For the defects in the prior art, the object of the present invention is to provide a kind of SSL/TLS data monitoring systems and methods.
According to a kind of SSL/TLS data monitoring systems provided by the invention, including:
Key acquisition module:By dynamic proxy technology to being generated in the SSL/TLS handshake procedures of client and server-side
The process of session master key is acted on behalf of, and obtains session master key, and the session master key of acquisition is carried out socket or monitoring
File;
Forwarding module:It obtains the session master key of socket or monitoring file and is forwarded;
Dump module:The session master key of forwarding is obtained, by the session master key persistence of forwarding in database;
Data acquisition module:The encryption data transmitted between client and server-side is exported;
Deciphering module:Corresponding session master key is inquired from database, selects corresponding decipherment algorithm to decrypt export
Encryption data, obtain clear data;
Analysis module:Corresponding application layer decoder is selected to parse clear data.
Preferably, the key acquisition module marks corresponding ID to session master key, and the deciphering module is parsing
The ID, ID and the dump module by session master key of the session master key of current sessions are obtained when SSL/TLS shakes hands
The query interface of offer inquires corresponding session master key.
Preferably, the forwarding module monitors particular port or file directory as independent process, all close to receive
The session master key that key acquisition module is sent.
Preferably, the forwarding module establishes secure link with the dump module, and the session master key received is turned
It is sent to the dump module.
Preferably, the data acquisition module is exported encryption data to the deciphering module by network shunt device.
According to a kind of SSL/TLS data monitoring methods provided by the invention, including step:
Key acquisition step:By dynamic proxy technology to being generated in the SSL/TLS handshake procedures of client and server-side
The process of session master key is acted on behalf of, and obtains session master key, and the session master key of acquisition is carried out socket or monitoring
File;
Forward step:It obtains the session master key of socket or monitoring file and is forwarded;
Dump step:The session master key of forwarding is obtained, by the session master key persistence of forwarding in database;
Data collection steps:The encryption data transmitted between client and server-side is exported;
Decryption step:Corresponding session master key is inquired from database, selects corresponding decipherment algorithm to decrypt export
Encryption data, obtain clear data;
Analytical procedure:Corresponding application layer decoder is selected to parse clear data.
Preferably, the key acquisition step marks corresponding ID to session master key, and the decryption step is parsing
The ID, ID and the dump module by session master key of the session master key of current sessions are obtained when SSL/TLS shakes hands
The query interface of offer inquires corresponding session master key.
Preferably, the forwarding step monitors particular port or file directory as independent process, all close to receive
The session master key that key acquisition step is sent.
Preferably, session master key is forwarded by the forwarding step by establishing secure link.
Preferably, the data collection steps are exported encryption data by network shunt device.
Compared with prior art, the present invention has following advantageous effect:
1st, encryption data is acquired by way of monitor bypass, does not interfere with former encrypted link completely;
2nd, session master key is obtained by the direct access application memory of the dynamic proxy technology of each programming language, to
Family application program influence is minimum, and there is no limit for the monitored development language applied;
3rd, the SSL/TLS agreements of all versions and wherein all Encryption Algorithm can be supported;
4th, the certificate file of user need not be obtained;
5th, overhead is small, easily disposes.
Description of the drawings
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention,
Objects and advantages will become more apparent upon:
Fig. 1 is a kind of module relation diagram of SSL/TLS data monitoring systems of the present invention;
Fig. 2 is a kind of system flow chart of SSL/TLS data monitoring systems of the present invention.
Specific embodiment
With reference to specific embodiment, the present invention is described in detail.Following embodiment will be helpful to the technology of this field
Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill to this field
For personnel, without departing from the inventive concept of the premise, several changes and improvements can also be made.These belong to the present invention
Protection domain.
As shown in Figure 1, a kind of SSL/TLS data monitoring systems provided by the invention, including:Key acquisition module, forwarding
Module, dump module, data acquisition module, deciphering module and analysis module.
By Diffie-Hellman exchange session master key in SSL/TLS handshake procedures, negotiate in server-side and client
After the completion, both sides can hold identical session master key, and carry out symmetric cryptography using the key pair communication data.Therefore, only
Session master key can be obtained can just be decrypted the encryption data in communication process.And key exchange process is by password
It learns and ensures its safety, final session master key can not be obtained by way of bypass.Therefore dynamic proxy technology is used,
Key exchange process can be bypassed, session master key is directly acquired, realizes the decryption to encryption data.
Key acquisition module is set in any one in both client and server-side, passes through dynamic proxy technology
The process that session master key is generated in the SSL/TLS handshake procedures of client and server-side is acted on behalf of, to obtain client
The session master key that end is created with server-side.Such as the program based on JVM, javaagent mechanism may be used, in original
The logic for obtaining master key is woven into the certain logic of program, the session master key of acquisition is passed through into socket or monitoring file
Mode is sent to forwarding module, while marks ID to session master key, and reason is:Server may be same with multiple client
The a large amount of sessions of Shi Jianli, when obtaining session master key, we need to be labeled each key, to ensure in decryption number
According to when the corresponding session master key of the session can be found according to the information in data message, and between the different servers,
It is susceptible to session id conflicts, it is therefore desirable to which session master key mark ID is distinguished.
Forwarding module provides the interface for receiving master key, with the key acquisition module that tripartite is supported to realize, to master key
Protection is encrypted in communication, receives the collected session master key of all key acquisition modules of the machine, can on same server
One or more application program based on SSL/TLS can be simultaneously run, therefore forwarding module can be used as independent process to monitor
Particular port or file directory, to receive the session master key that all key acquisition modules of the machine are sent.Verification receives number
According to legitimacy and integrality, the session master key received is forwarded to dump module, due to this section communication may pass through
Public network transmits, and unreliable, in order to ensure master key hands over the safety of transmission process, it is therefore desirable to establish and pacify with dump intermodule
Full link is to avoid sensitive information leakage.In addition, key acquisition module may be for different applications using different specific
It realizes, the difference of different realizations can be shielded by forwarding module.
Dump module receives the session master key that different server forwarding comes, and by its persistence in database, and is solution
Close module provides query interface, so as to information such as Session ID or the client random according to SSL/TLS sessions
Inquire corresponding session master key.
The encryption that data acquisition module will be transmitted by network shunt device (Network Tap) between client and server-side
Data are exported to deciphering module.
The encryption data that deciphering module is provided based on SSL/TLS protocol specifications parsing data acquisition module, in parsing SSL/
TLS can obtain the ID of current sessions when shaking hands, the session master key query interface provided by dump module, and inquiry is corresponding
Session master key, session information when being shaken hands by SSL/TLS, the session master key obtained with reference to inquiry, it will be able to which selection corresponds to
Encryption Algorithm decrypt encryption data, so as to the clear data after being decrypted, and be provided to analysis module.SSL/
Pass through Diffie-Hellman exchange session master key in TLS handshake procedures.After the completion of server-side and client are negotiated, both sides meeting
Hold identical session master key, and symmetric cryptography is carried out using the key pair communication data.Therefore, as long as session master can be obtained
Key can just be decrypted the encryption data in communication process.And key exchange process is to ensure its safety by cryptography
, final session master key can not be obtained by way of bypass.Therefore using dynamic proxy technology, key can be bypassed and handed over
Process is changed, directly acquires session master key, realizes the decryption to encryption data.By collecting the cleartext information of handshake phase,
By session id or client random/server random come one encryption session of unique mark, key acquisition
Module can also be recorded when acquiring key with the corresponding above- mentioned information of key, this makes it possible in decrypting process according to shaking hands
Information finds key, to decrypt to obtain in plain text.
The corresponding application layer decoder parsing clear data of analysis module selection, provides monitoring based on application layer message and examines
Meter.
As shown in Fig. 2, the main flow of this system is as follows:
1) loading Agent (key acquisition module):Corresponding different platform, the loading correspondence when user's application starts
Agent.
2) master key is obtained:Logic is obtained by being woven into master key in personal code work in Agent, when SSL/TLS exists
Shake hands it is middle generation master key when, read session master key.Such as the program based on JVM, javaagent machines may be used
System is woven into the logic for obtaining master key in the certain logic of original program.
3) master key is received:Forwarding module is responsible for the session master key of Receiving Agent program acquisition, supports socket and prison
Listen file two ways.
4) it is sent to dump module:Forwarding module is responsible for establishing secure connection with dump module.It will be main by secure connection
Key information encryption is sent to dump module.
5) master key write-in database is received:It is close by the session master that safety chain is sent that dump module receives forwarding module
Key, and by master key write-in database for being inquired during decryption.
6) encryption data:By means such as network shunt devices (Network Tap), encryption data is exported to monitoring service
Device.
7) handshake information is parsed:Based on SSL/TLS agreements, session information can be obtained by parsing data message.
8) session id is calculated:It needs to inquire corresponding session master key according to session id.For the different meetings of SSL/TLS
Reuse mechanism is talked about, specific meeting can be identified using information such as the session id or cl ient random in handshake information
Words.
9) master key is inquired:Corresponding session master key is inquired in master key database according to the session id of calculating.
10) query timeout:Since master key acquisition and encryption data parsing all carry out in real time, since some are uncontrollable
System delay, master key may be later than data to be decrypted and reach monitoring server.Therefore waiting-timeout mechanism is needed to ensure
Session master key can be got during decryption.
11) ciphertext data:Use the encryption data of session master key decryption respective session inquired.
12) clear data is exported:The clear data obtained after decryption is exported to message queue and is done for follow-up monitoring service
It is further processed.
By taking the HTTP service for monitoring JBoss as an example, specific implementation is as follows:
1st, key acquisition module is loaded by the javaagent mechanism of JVM in the startup script of JBoss services.The mould
Block can be woven into the logic for obtaining session master key when JBoss is serviced and started in its encrypted component, whenever JBoss services and visitor
When connection is established at family end, it will will build the successful session master key of connection and be sent to forwarding module.
2nd, start forwarding module process on the host of JBoss services.The process can monitor local port and receive session master
Key, and attempt to establish secure link with dump module.It, will be by the session when linking successfully and receiving session master key
Master key is sent to dump module.It, can be in daily record if dump module (possible dump module is not actuated) can not be chained
The master key received is recorded, for troubleshooting.
3rd, start dump module process on decryption server, master key will be received and stored into database.
4th, start deciphering module process on decryption server, access data acquisition module passes through derived from network shunt device
Encryption data.Based on SSL/TLS protocol specifications, the data of access are decoded, by the data of SSL/TLS handshake phases,
Calculate the information such as ID, the Encryption Algorithm for obtaining processing session.Inquire corresponding session master key in the database using session id.
The data message after building connection can be just decrypted with reference to session master key and Encryption Algorithm.
5th, for the use-case, the clear data after decryption is exactly http protocol.It can be parsed based on the specification of http protocol
The clear data of acquisition.Different business information can therefrom be calculated:Such as return code, number of requests, response time etc..
Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited in above-mentioned
Particular implementation, those skilled in the art can make a variety of changes or change within the scope of the claims, this not shadow
Ring the substantive content of the present invention.In the absence of conflict, the feature in embodiments herein and embodiment can arbitrary phase
Mutually combination.
Claims (10)
1. a kind of SSL/TLS data monitoring systems, which is characterized in that including:
Key acquisition module:By dynamic proxy technology to generating session in the SSL/TLS handshake procedures of client and server-side
The process of master key is acted on behalf of, and obtains session master key, and the session master key of acquisition is carried out socket or monitoring file;
Forwarding module:It obtains the session master key of socket or monitoring file and is forwarded;
Dump module:The session master key of forwarding is obtained, by the session master key persistence of forwarding in database;
Data acquisition module:The encryption data transmitted between client and server-side is exported;
Deciphering module:Corresponding session master key is inquired from database, selects corresponding decipherment algorithm to decrypt derived add
Ciphertext data obtains clear data;
Analysis module:Corresponding application layer decoder is selected to parse clear data.
2. SSL/TLS data monitoring systems according to claim 1, which is characterized in that the key acquisition module is to meeting
It talks about master key and marks corresponding ID, the deciphering module obtains the session master key of current sessions when parsing SSL/TLS and shaking hands
ID, pass through the query interface that the ID of session master key and the dump module provide and inquire corresponding session master key.
3. SSL/TLS data monitoring systems according to claim 1, which is characterized in that the forwarding module is as independent
Process monitors particular port or file directory, to receive the session master key that all key acquisition modules are sent.
4. SSL/TLS data monitoring systems according to claim 1, which is characterized in that the forwarding module and described turn
Storage module establishes secure link, and the session master key received is forwarded to the dump module.
5. SSL/TLS data monitoring systems according to claim 1, which is characterized in that the data acquisition module passes through net
Network current divider exports encryption data to the deciphering module.
6. a kind of SSL/TLS data monitoring methods, which is characterized in that including step:
Key acquisition step:By dynamic proxy technology to generating session in the SSL/TLS handshake procedures of client and server-side
The process of master key is acted on behalf of, and obtains session master key, and the session master key of acquisition is carried out socket or monitoring file;
Forward step:It obtains the session master key of socket or monitoring file and is forwarded;
Dump step:The session master key of forwarding is obtained, by the session master key persistence of forwarding in database;
Data collection steps:The encryption data transmitted between client and server-side is exported;
Decryption step:Corresponding session master key is inquired from database, selects corresponding decipherment algorithm to decrypt derived add
Ciphertext data obtains clear data;
Analytical procedure:Corresponding application layer decoder is selected to parse clear data.
7. SSL/TLS data monitoring methods according to claim 6, which is characterized in that the key acquisition step is to meeting
It talks about master key and marks corresponding ID, the decryption step obtains the session master key of current sessions when parsing SSL/TLS and shaking hands
ID, pass through the query interface that the ID of session master key and the dump module provide and inquire corresponding session master key.
8. SSL/TLS data monitoring systems according to claim 6, which is characterized in that the forwarding step is as independent
Process monitors particular port or file directory, to receive the session master key that all key acquisition steps are sent.
9. SSL/TLS data monitoring systems according to claim 6, which is characterized in that the forwarding step passes through foundation
Session master key is forwarded by secure link.
10. SSL/TLS data monitoring systems according to claim 6, which is characterized in that the data collection steps pass through
Network shunt device exports encryption data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810090708.9A CN108156178B (en) | 2018-01-30 | 2018-01-30 | SSL/TLS data monitoring system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810090708.9A CN108156178B (en) | 2018-01-30 | 2018-01-30 | SSL/TLS data monitoring system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108156178A true CN108156178A (en) | 2018-06-12 |
| CN108156178B CN108156178B (en) | 2021-01-26 |
Family
ID=62459406
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810090708.9A Active CN108156178B (en) | 2018-01-30 | 2018-01-30 | SSL/TLS data monitoring system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108156178B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110620766A (en) * | 2019-09-05 | 2019-12-27 | 东南大学 | Method for extracting TLS data block in encrypted network flow |
| CN110990851A (en) * | 2019-11-26 | 2020-04-10 | 山东三未信安信息科技有限公司 | Static data encryption protection method and system |
| CN111224995A (en) * | 2020-01-15 | 2020-06-02 | 成都安舟信息技术有限公司 | SSL/TLS network encryption communication information real-time decryption method based on memory analysis |
| CN112468495A (en) * | 2020-11-26 | 2021-03-09 | 上海天旦网络科技发展有限公司 | Degradation monitoring method, system and medium for complete forward secrecy encryption system |
| CN112487483A (en) * | 2020-12-14 | 2021-03-12 | 深圳昂楷科技有限公司 | Encrypted database flow auditing method and device |
| CN113055334A (en) * | 2019-12-26 | 2021-06-29 | 国网山西省电力公司信息通信分公司 | Method and device for supervising network behaviors of end users |
| CN113225354A (en) * | 2021-06-02 | 2021-08-06 | 郑州信大捷安信息技术股份有限公司 | Method and system for analyzing secure channel encrypted data |
| CN114095195A (en) * | 2020-08-24 | 2022-02-25 | 瞻博网络公司 | Adaptive control of secure socket layer proxy |
| CN114139192A (en) * | 2022-02-07 | 2022-03-04 | 奇安信科技集团股份有限公司 | Encrypted traffic processing method, encrypted traffic processing apparatus, electronic device, medium, and program |
| CN115514583A (en) * | 2022-11-21 | 2022-12-23 | 北京长亭未来科技有限公司 | Flow acquisition and blocking method, system, equipment and storage medium |
| CN117938549A (en) * | 2024-03-22 | 2024-04-26 | 道普信息技术有限公司 | User non-perception decryption method for TLS and SSL encryption connection |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101695038A (en) * | 2009-10-27 | 2010-04-14 | 联想网御科技(北京)有限公司 | Method and device for detecting SSL enciphered data safety |
| US20160142440A1 (en) * | 2014-11-19 | 2016-05-19 | At&T Intellectual Property I, L.P. | Method and Apparatus for Decryption of Encrypted SSL Data from Packet Traces |
| CN106302507A (en) * | 2016-08-31 | 2017-01-04 | 北京盛世光明软件股份有限公司 | A kind of method based on SSL network data analytic technique |
| CN106790090A (en) * | 2016-12-23 | 2017-05-31 | 北京奇虎科技有限公司 | Communication means, apparatus and system based on SSL |
-
2018
- 2018-01-30 CN CN201810090708.9A patent/CN108156178B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101695038A (en) * | 2009-10-27 | 2010-04-14 | 联想网御科技(北京)有限公司 | Method and device for detecting SSL enciphered data safety |
| US20160142440A1 (en) * | 2014-11-19 | 2016-05-19 | At&T Intellectual Property I, L.P. | Method and Apparatus for Decryption of Encrypted SSL Data from Packet Traces |
| CN106302507A (en) * | 2016-08-31 | 2017-01-04 | 北京盛世光明软件股份有限公司 | A kind of method based on SSL network data analytic technique |
| CN106790090A (en) * | 2016-12-23 | 2017-05-31 | 北京奇虎科技有限公司 | Communication means, apparatus and system based on SSL |
Non-Patent Citations (1)
| Title |
|---|
| 孙恭鑫: "面向公共安全的数据分析系统设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110620766A (en) * | 2019-09-05 | 2019-12-27 | 东南大学 | Method for extracting TLS data block in encrypted network flow |
| CN110620766B (en) * | 2019-09-05 | 2021-12-14 | 东南大学 | Method for extracting TLS data block in encrypted network flow |
| CN110990851A (en) * | 2019-11-26 | 2020-04-10 | 山东三未信安信息科技有限公司 | Static data encryption protection method and system |
| CN113055334A (en) * | 2019-12-26 | 2021-06-29 | 国网山西省电力公司信息通信分公司 | Method and device for supervising network behaviors of end users |
| CN113055334B (en) * | 2019-12-26 | 2023-07-28 | 国网山西省电力公司信息通信分公司 | Method and device for supervising network behavior of terminal user |
| CN111224995A (en) * | 2020-01-15 | 2020-06-02 | 成都安舟信息技术有限公司 | SSL/TLS network encryption communication information real-time decryption method based on memory analysis |
| CN114095195B (en) * | 2020-08-24 | 2023-05-30 | 瞻博网络公司 | Method, network device, and non-transitory computer readable medium for adaptive control of secure socket layer proxy |
| US11777915B2 (en) | 2020-08-24 | 2023-10-03 | Juniper Networks, Inc. | Adaptive control of secure sockets layer proxy |
| CN114095195A (en) * | 2020-08-24 | 2022-02-25 | 瞻博网络公司 | Adaptive control of secure socket layer proxy |
| CN112468495A (en) * | 2020-11-26 | 2021-03-09 | 上海天旦网络科技发展有限公司 | Degradation monitoring method, system and medium for complete forward secrecy encryption system |
| CN112468495B (en) * | 2020-11-26 | 2022-05-17 | 上海天旦网络科技发展有限公司 | Degradation monitoring method, system and medium for complete forward secrecy encryption system |
| CN112487483A (en) * | 2020-12-14 | 2021-03-12 | 深圳昂楷科技有限公司 | Encrypted database flow auditing method and device |
| CN112487483B (en) * | 2020-12-14 | 2024-05-03 | 深圳昂楷科技有限公司 | Encryption database flow auditing method and device |
| CN113225354A (en) * | 2021-06-02 | 2021-08-06 | 郑州信大捷安信息技术股份有限公司 | Method and system for analyzing secure channel encrypted data |
| CN114139192B (en) * | 2022-02-07 | 2022-07-05 | 奇安信科技集团股份有限公司 | Encrypted traffic processing method, encrypted traffic processing apparatus, electronic device, medium, and program |
| CN114139192A (en) * | 2022-02-07 | 2022-03-04 | 奇安信科技集团股份有限公司 | Encrypted traffic processing method, encrypted traffic processing apparatus, electronic device, medium, and program |
| CN115514583A (en) * | 2022-11-21 | 2022-12-23 | 北京长亭未来科技有限公司 | Flow acquisition and blocking method, system, equipment and storage medium |
| CN117938549A (en) * | 2024-03-22 | 2024-04-26 | 道普信息技术有限公司 | User non-perception decryption method for TLS and SSL encryption connection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108156178B (en) | 2021-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108156178A (en) | A kind of SSL/TLS data monitoring systems and method | |
| US10880732B2 (en) | Authentication of phone caller identity | |
| US7992200B2 (en) | Secure sharing of transport layer security session keys with trusted enforcement points | |
| CN104618108B (en) | Safe communication system | |
| US11303431B2 (en) | Method and system for performing SSL handshake | |
| US20100191954A1 (en) | Method and apparatus for transmitting message in heterogeneous federated environment, and method and apparatus for providing service using the message | |
| CN109067803A (en) | A kind of SSL/TLS encryption and decryption communication means, device and equipment | |
| CN109245993A (en) | Instant communication method and device based on block chain | |
| WO2018223777A1 (en) | Data exchange system, method, and device | |
| CN102833253A (en) | Method and server for establishing safe connection between client and server | |
| CN108566361A (en) | A kind of safety parameter negotiation method and system based on SSL/TLS agreements | |
| CN109067739A (en) | Encryption of communicated data method and apparatus | |
| CN114338844B (en) | Cross-protocol communication method and device between client servers | |
| EP3375133B1 (en) | Method for securing and authenticating a telecommunication | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN106031097A (en) | Service processing method and device | |
| CN114586316A (en) | Method and system for managing secure IoT device applications | |
| CN105471896B (en) | Proxy Method, apparatus and system based on SSL | |
| CN109740319A (en) | Digital identity verification method and server | |
| US20200177566A1 (en) | Method and system for cooperative inspection of encrypted sessions | |
| CN114726865B (en) | Data mortgage method, system, electronic device and storage medium | |
| CN106961439B (en) | A kind of HTTPS encrypted transmission method and device | |
| CN115694873A (en) | Method, device and equipment for acquiring HTTPS (hypertext transfer protocol secure) plaintext data in container | |
| CN111404901A (en) | Information verification method and device | |
| Alhibshi | Encryption algorithms for data security in Local Area Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |