CN108848078A - A kind of online data monitoring method and device - Google Patents
A kind of online data monitoring method and device Download PDFInfo
- Publication number
- CN108848078A CN108848078A CN201810553312.3A CN201810553312A CN108848078A CN 108848078 A CN108848078 A CN 108848078A CN 201810553312 A CN201810553312 A CN 201810553312A CN 108848078 A CN108848078 A CN 108848078A
- Authority
- CN
- China
- Prior art keywords
- algorithm
- identified
- online data
- public key
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of online data monitoring method and device.This method includes acquisition online data, and parses the communication protocol of the online data;The Encryption Algorithm of the online data is identified and verified according to the communication protocol parsed;If the Encryption Algorithm identified is identified and by verifying, detect whether cipher application meets default safety regulation;If the cipher application meets default safety regulation, online data safety collected is confirmed;If the Encryption Algorithm identified is not identified or the unverified or described cipher application does not meet default safety regulation, confirm that there are risks for online data collected.In this way can be in online data transmission process by acquiring and parsing online data, and further by being identified and being verified to Encryption Algorithm, the encryption situation of data itself and data can effectively be monitored.
Description
Technical field
The present invention relates to field of information security technology more particularly to a kind of online data monitoring method and devices.
Background technique
With the development of internet technology, more and more data are transmitted by network, in order to ensure these pass through network
The safety of the data of transmitting is encrypted in data transmission procedure.Monitoring for the safe condition of these data is
It is realized based on data monitoring, however existing data monitoring process is mainly real by the analysis to Data Transport Protocol and loophole
It is existing, so existing data monitoring process is difficult to effectively monitor the encryption situation of data itself and data.
Summary of the invention
The embodiment of the present invention provides a kind of online data monitoring method and device, difficult to solve existing data monitoring process
The problem of effectively being monitored with the encryption situation to data itself and data.
In order to solve the above-mentioned technical problem, the invention is realized in this way:
In a first aspect, the embodiment of the invention provides a kind of online data monitoring methods, including:
Online data is acquired, and parses the communication protocol of the online data;
The Encryption Algorithm that cipher application verifies the online data is identified and passed through according to the communication protocol parsed;
If the Encryption Algorithm identified is identified and by verifying, detect whether the cipher application meets default peace
Full rule;
If the cipher application meets default safety regulation, online data safety collected is confirmed;
If the Encryption Algorithm identified is not identified or the unverified or described cipher application does not meet default peace
Full rule, then confirm that there are risks for online data collected.
Optionally, the step of acquisition online data, including:
Online data is acquired using bypass mirror image using data probe.
Optionally, the step of the Encryption Algorithm for being identified according to the communication protocol parsed and verifying the online data
Suddenly, including:The public key cryptography and/or symmetric cryptography of the online data are identified and verified according to the communication protocol parsed;
Wherein, the step of public key cryptography identified according to the communication protocol parsed and verify the online data packet
It includes:
Select public key algorithm, public key, private key and first in plain text;
It is signed in plain text using the public key algorithm to described first and obtains signature value;
The public key and the signature value are sent to cipher application hardware, and pass through the cipher application hardware verification institute
State public key and the signature value;
If the public key and the signature value confirm that the public key algorithm is identified and verified by verifying;
If the public key and the signature value are unverified, confirm that the public key algorithm is not identified or do not passed through
Verifying;
The step of symmetric cryptography identified according to the communication protocol parsed and verify the online data includes:
Select symmetry algorithm, key and second plaintext;
It is encrypted using second plaintext described in the symmetry algorithm and the key pair and obtains ciphertext;
The key and the ciphertext are sent to cipher application hardware, to and to the ciphertext decryption;
If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is identified and verified;
If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or do not passed through
Verifying.
Optionally, the step of Encryption Algorithm that the online data is identified according to the communication protocol parsed, including:
The algorithm mark transmitted during communication handshake is acquired, and identification Encryption Algorithm is identified according to algorithm collected;
Or
The algorithm protocol of negotiating algorithm process transmitting is read, and Encryption Algorithm is determined according to read algorithm protocol;Or
Person
The communication protocol parsed and predetermined encryption algorithm library traversal are compared, and determine that password is calculated according to comparing result
Method.
Optionally, the default safety regulation includes:Certificate validity, algorithm security, identity identify safety, key
Negotiate safety, ciphertext weak key detects, one or more in communication protocol Hole Detection.
Second aspect, the embodiment of the invention provides a kind of online data monitoring devices, including:
Parsing module is acquired, for acquiring online data, and parses the communication protocol of the online data;
Authentication module is identified, for identifying and verifying by cipher application described in line number according to the communication protocol parsed
According to Encryption Algorithm;
Detection module detects the cipher application if the Encryption Algorithm for being identified is identified and by verifying
Whether default safety regulation is met;
First confirmation module confirms collected in line number if meeting default safety regulation for the cipher application
According to safety;
Second confirmation module, if the Encryption Algorithm for being identified is not identified or unverified or described close
Code application does not meet default safety regulation, then confirms that there are risks for online data collected.
Optionally, the identification authentication module, is specifically used for:Identified according to the communication protocol parsed and verify it is described
The public key cryptography and/or symmetric cryptography of line number evidence;
Wherein, the identification authentication module includes:
Public key cryptography identification verifying submodule, for selecting public key algorithm, public key, private key and first in plain text;Using described
Public key algorithm signs in plain text to described first and obtains signature value;It is hard that the public key and the signature value are sent to cipher application
Part, and pass through public key described in the cipher application hardware verification and the signature value;If the public key and the signature value pass through
Verifying, then confirm that the public key algorithm is identified and verified;If the public key and the signature value are unverified, confirm
The public key algorithm is not identified or unverified;
Symmetric cryptography identification verifying submodule, for selecting symmetry algorithm, key and second plaintext;Utilize the symmetrical calculation
The encryption of second plaintext described in method and the key pair obtains ciphertext;It is hard that the key and the ciphertext are sent to cipher application
Part, to and to the ciphertext decryption;If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is known
Not and verify;If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or do not led to
Cross verifying.
Optionally, the identification authentication module, including:
First identification module, for acquiring the algorithm mark transmitted during communication handshake, and according to algorithm collected
Mark identification Encryption Algorithm;Or
Second identification module is assisted for reading the algorithm protocol of negotiating algorithm process transmitting, and according to read algorithm
It discusses and determines Encryption Algorithm;Or
Third identification module, for comparing the communication protocol parsed and predetermined encryption algorithm library traversal, and according to right
Cryptographic algorithm is determined than result.
The third aspect the embodiment of the invention provides a kind of electronic equipment, including processor, memory and is stored in described
It is real when the computer program is executed by the processor on memory and the computer program that can run on the processor
The step of existing online data monitoring method as described in any one of the above embodiments.
Fourth aspect, the embodiment of the invention provides a kind of computer readable storage mediums, are stored thereon with computer journey
The step of sequence, the computer program realizes online data monitoring method described in any of the above embodiments when being executed by processor.
In this way, in the embodiment of the present invention, including acquisition online data, and parse the communication protocol of the online data;Root
The Encryption Algorithm of the online data is identified and verified according to the communication protocol parsed;If the Encryption Algorithm identified is identified
And by verifying, then detect whether cipher application meets default safety regulation;If the cipher application meets default safety regulation,
Then confirm online data safety collected;If the Encryption Algorithm identified is not identified or unverified or described
Cipher application does not meet default safety regulation, then confirms that there are risks for online data collected.It in this way can be in online data
It, can be right by acquiring and parsing online data in transmission process, and further by being identified and being verified to Encryption Algorithm
The encryption situation of data itself and data is effectively monitored.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, needed in being described below to the embodiment of the present invention
Attached drawing to be used is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention,
For those of ordinary skill in the art, without any creative labor, it can also obtain according to these attached drawings
Obtain other attached drawings.
Fig. 1 is the flow chart of online data monitoring method provided in an embodiment of the present invention;
Fig. 2 is the structure chart of online data monitoring device provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall within the protection scope of the present invention.
It is a kind of flow chart of online data monitoring method provided in an embodiment of the present invention referring to Fig. 1, Fig. 1, such as Fig. 1 institute
Show, includes the following steps:
Step 101, acquisition online data, and parse the communication protocol of the online data.
The technical solution of the present embodiment is mainly used for carrying out data safety monitoring to communication service system.
In the present embodiment, acquisition online data and the online data by parsing acquisition obtain the online data and use first
Communication protocol.
Specifically, the mode of acquisition online data, which can be, carries out data acquisition using series connection solution control mode, it is clear that can also
To acquire online data using other connection types.
It is using data probe using bypass mirror image acquisition online data in a preferred embodiment, it is other
Road mirror image refers to replicating data, and further carry out the data of duplication by the way that the forms such as port arranged side by side are arranged
Processing solves control mode relative to series connection, carries out data acquisition using bypass mirror image pattern and is avoided that normally transmitting in line number
It is interfered according to generating, and can guarantee the integrality and accuracy of data, realized to the real-time synchronization of global data, monitoring and prison
It surveys.
And being parsed to online data and obtaining corresponding communication protocol then is realized based on various standard agreements, tool
Body, can be by being arranged protocol library, and built-in various standard communication protocols in protocol library, and will be used in online data
Communication protocol in communication protocol and protocol library is compared to determine communication protocol used in online data.
In a specific embodiment, built-in various standard communication protocols in protocol library, such as SSLVPN
(Security Socket Layer-SSL is based on secure socket layer protocol), Ipsecvpn, Pptpvpn (Point to
Point Tunneling Protocol, Point to Point Tunnel Protocol), SSH (Secure Shell, safety shell protocol), Skype
Etc. various international standard protocols, it is also possible to the agreements such as certain proprietary protocols, such as wechat payment.
In the present embodiment, by being parsed to telecommunication data protocol, and can further according to the type of communication protocol to
Line number is and further according to classifying, and carries out depth analysis and classification to cryptographic communication data according to agreement cipher suite
Step 102 identifies according to the communication protocol parsed and passes through the encryption that cipher application verifies the online data
Algorithm.
The Encryption Algorithm of online data is further identified and verified in the present embodiment, and Encryption Algorithm specifically can integrate domestic
The country such as commercial cipher algorithm standard rules SM1, SM2, SM3 and SM4 password standard algorithm, can also integrate international standard protocol encryption
External member support cryptographic algorithm such as RSA, ECC, AES, DES scheduling algorithm, so as to further by protocol suite interpret and
Emulate identification and verifying of the encryption and decryption communication realization to Encryption Algorithm.
The cryptographic communication data that being identified and verified to Encryption Algorithm in the present embodiment can be to communication applications carry out
Depth analysis and monitoring are also possible to the detection to information system communication circuit pack cipher application.It can also be both of which
It carries out.
As optional specific embodiment a kind of in the present embodiment, depth is carried out to the cryptographic communication data of communication applications
Analysis and monitoring mainly include identification and the verifying to public key cryptography and/or symmetric cryptography.Specifically, in the present embodiment by pair
Protocol suite is interpreted and identification and verifying to Encryption Algorithm are realized in emulation encryption and decryption communication, carries out the identification and verifying of algorithm.
In a specific embodiment, include to the identification of public key cryptography and verifying:
Select public key algorithm, public key, private key and first in plain text;
It is signed in plain text using the public key algorithm to described first and obtains signature value;
The public key and the signature value are sent to cipher application hardware, and pass through the cipher application hardware verification institute
State public key and the signature value;
If the public key and the signature value confirm that the public key algorithm is identified and verified by verifying;
If the public key and the signature value are unverified, confirm that the public key algorithm is not identified or do not passed through
Verifying.
In a specific embodiment, include to the identification of symmetric cryptography and verifying:
Select symmetry algorithm, key and second plaintext;
It is encrypted using second plaintext described in the symmetry algorithm and the key pair and obtains ciphertext;
The key and the ciphertext are sent to cipher application hardware, to and to the ciphertext decryption;
If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is identified and verified;
If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or do not passed through
Verifying.
It is then that standard cipher is installed in advance in detection architecture in the another optional specific embodiment of the present embodiment
Module carries out the identification and verifying of algorithm by carrying out screening extraction and comparison to the code data collected in real time.
Specifically, can be realized by following either type for the identification of algorithm:
The algorithm mark transmitted during method 1, acquisition communication handshake, and identification encryption is identified according to algorithm collected
Algorithm.
It can be by collecting according to Its Relevant Technology Standards for the VPN security protocol data such as SSLVPN and IPSecVPN
Communication handshake during the algorithm mark that transmits, and then realize identification to algorithm used in cryptographic communication.
Method 2, the algorithm protocol for reading the transmitting of negotiating algorithm process, and determine that encryption is calculated according to read algorithm protocol
Method.
For other agreement, such as SSH, Pptpvpn etc., communication handshake does not have algorithm mark transmission in the process
, then it can be identified by the specific algorithm protocol contents transmitted during negotiating algorithm.
The communication protocol parsed and predetermined encryption algorithm library traversal are compared, and are determined according to comparing result close by method 3
Code algorithm.
There are also some communication protocols, there is no transfer algorithm mark in handshake procedure, without transmission specific algorithm agreement yet
The secret communication algorithm information of content then can carry out traversal comparison, Jin Ershi using ordinary cryptographic algorithm according to protocol type
Now to the identification of algorithm.
After completing to the identification of Encryption Algorithm, need further to verify Encryption Algorithm.It is right in the present embodiment
Encryption Algorithm in the security protocol for having algorithm and key agreement on communication line, can be identified by identity in number
The partial informations such as signature, public key and eap-message digest realize the verifying of public key algorithm and the verifying of hashing algorithm.If without identity
Authentication information can realize the verifying to ECC class public key algorithm during arranging key.
If step 103, the Encryption Algorithm identified are identified and by verifyings, detect whether the cipher application accords with
Close default safety regulation.
For cipher application safety detection the purpose of be to be verified to the safety of cryptographic communication, specific detection side
Formula can select as the case may be, and in a specific embodiment, carrying out safety detection for cipher application includes:Card
Book validity, algorithm security, identity identify safety, key agreement safety, the detection of ciphertext weak key, communication protocol loophole
It is one or more in detection.
Whether the legitimacy and certificate that wherein the validity of certificate refers to certificate are still in service life.And algorithm is pacified
Full property detection can then refer to certain standard, such as the national standard of cryptosecurity, international standard and various for password
Certain examination criteria is specified in the analysis and research achievement of safety, and details are not described herein again.Identity in the present embodiment identifies safety
Property relate generally to public key algorithm and hashing algorithm, with reference to relevant national standard, international standard and newest can also specifically grind
Study carefully achievement etc..Key agreement safety then relates generally to public key algorithm, and the detection of ciphertext weak key is then for the encryption formed
Tunnel, communication protocol loophole then relate generally to ciphertext protocol data, and above-mentioned items can participate in relevant national standard, international mark
Quasi- and newest research results are verified.
If step 104, the cipher application meet default safety regulation, online data safety collected is confirmed.
At this point, due to data itself be it is comparatively safe, can without other processing, safety instruction can also be sent.
If step 105, the Encryption Algorithm identified are not identified or the unverified or described cipher application is not inconsistent
Default safety regulation is closed, then confirms that there are risks for online data collected.
If online data there are risk, can by taking appropriate measures further directed to risk data, such as
It interrupts data transmission, the transmission of pause data, issue the modes such as alarm signal.This is not further qualified in the present embodiment.
Even if being also able to achieve to data itself and data it should be understood that above-mentioned each optional step does not execute
Encryption situation is effectively monitored.
In this way, in the embodiment of the present invention, including acquisition online data, and parse the communication protocol of the online data;Root
The Encryption Algorithm of the online data is identified and verified according to the communication protocol parsed;If the Encryption Algorithm identified is identified
And by verifying, then detect whether cipher application meets default safety regulation;If the cipher application meets default safety regulation,
Then confirm online data safety collected;If the Encryption Algorithm identified is not identified or unverified or described
Cipher application does not meet default safety regulation, then confirms that there are risks for online data collected.It in this way can be in online data
It, can be right by acquiring and parsing online data in transmission process, and further by being identified and being verified to Encryption Algorithm
The encryption situation of data itself and data is effectively monitored.
As shown in Fig. 2, the embodiment of the invention also provides a kind of online data monitoring devices 200, including:
Parsing module 201 is acquired, for acquiring online data, and parses the communication protocol of the online data;
Identify authentication module 202, for identify according to the communication protocol parsed and by cipher application verify described in
The Encryption Algorithm of line number evidence;
Detection module 203 detects the password and answers if the Encryption Algorithm for being identified is identified and by verifying
With whether meeting default safety regulation;
First confirmation module 204 confirms collected online if meeting default safety regulation for the cipher application
Data safety;
Second confirmation module 205, if the Encryption Algorithm for being identified is not identified or unverified or described
Cipher application does not meet default safety regulation, then confirms that there are risks for online data collected.
Optionally, the acquisition parsing module 201 is specifically used for:
Online data is acquired using bypass mirror image using data probe.
Optionally, the identification authentication module 202, is specifically used for:It is identified according to the communication protocol parsed and verifies institute
State the public key cryptography and/or symmetric cryptography of online data;
Wherein, the identification authentication module 202 includes:
Public key cryptography identification verifying submodule, for selecting public key algorithm, public key, private key and first in plain text;Using described
Public key algorithm signs in plain text to described first and obtains signature value;It is hard that the public key and the signature value are sent to cipher application
Part, and pass through public key described in the cipher application hardware verification and the signature value;If the public key and the signature value pass through
Verifying, then confirm that the public key algorithm is identified and verified;If the public key and the signature value are unverified, confirm
The public key algorithm is not identified or unverified;
Symmetric cryptography identification verifying submodule, for selecting symmetry algorithm, key and second plaintext;Utilize the symmetrical calculation
The encryption of second plaintext described in method and the key pair obtains ciphertext;It is hard that the key and the ciphertext are sent to cipher application
Part, to and to the ciphertext decryption;If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is known
Not and verify;If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or do not led to
Cross verifying.
Optionally, the identification authentication module 202, including:
First identification module, for acquiring the algorithm mark transmitted during communication handshake, and according to algorithm collected
Mark identification Encryption Algorithm;Or
Second identification module is assisted for reading the algorithm protocol of negotiating algorithm process transmitting, and according to read algorithm
It discusses and determines Encryption Algorithm;Or
Third identification module, for comparing the communication protocol parsed and predetermined encryption algorithm library traversal, and according to right
Cryptographic algorithm is determined than result.
Optionally, the default safety regulation includes:Certificate validity, algorithm security, identity identify safety, key
Negotiate safety, ciphertext weak key detects, one or more in communication protocol Hole Detection.
Mobile terminal provided in an embodiment of the present invention can be realized each process in embodiment of the method shown in FIG. 1, be
It avoids repeating, which is not described herein again.
Preferably, the embodiment of the present invention also provides a kind of electronic equipment, including processor, and memory XX09 is stored in and deposits
On reservoir and the computer program that can run on the processor, the computer program realized when being executed by processor it is above-mentioned
Each process of line data monitoring method embodiment, and identical technical effect can be reached, it is no longer superfluous here to avoid repeating
It states.
The embodiment of the present invention also provides a kind of computer readable storage medium, and meter is stored on computer readable storage medium
Calculation machine program, the computer program realize each process of above-mentioned online data monitoring method embodiment when being executed by processor,
And identical technical effect can be reached, to avoid repeating, which is not described herein again.Wherein, the computer readable storage medium,
Such as read-only memory (Read-Only Memory, abbreviation ROM), random access memory (Random Access Memory, letter
Claim RAM), magnetic or disk etc..
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In embodiment provided herein, it should be understood that disclosed device and method can pass through others
Mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of device or unit
It connects, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.Some or all of unit therein can be selected to realize the embodiment of the present invention according to the actual needs
Purpose.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes:USB flash disk, mobile hard disk, ROM, RAM, magnetic or disk etc. are various to can store program code
Medium.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (10)
1. a kind of online data monitoring method, which is characterized in that including:
Online data is acquired, and parses the communication protocol of the online data;
The Encryption Algorithm that cipher application verifies the online data is identified and passed through according to the communication protocol parsed;
If the Encryption Algorithm identified is identified and by verifying, detect whether the cipher application meets default safety rule
Then;
If the cipher application meets default safety regulation, online data safety collected is confirmed;
If the Encryption Algorithm identified is not identified or the unverified or described cipher application does not meet default safety rule
Then, then confirm that there are risks for online data collected.
2. the method as described in claim 1, which is characterized in that the step of the acquisition online data, including:
Online data is acquired using bypass mirror image using data probe.
3. the method as described in claim 1, which is characterized in that described to be identified and verified described according to the communication protocol parsed
The step of Encryption Algorithm of online data, including:The public affairs of the online data are identified and verified according to the communication protocol parsed
Key password and/or symmetric cryptography;
Wherein, the step of public key cryptography identified according to the communication protocol parsed and verify the online data includes:
Select public key algorithm, public key, private key and first in plain text;
It is signed in plain text using the public key algorithm to described first and obtains signature value;
The public key and the signature value are sent to cipher application hardware, and pass through public affairs described in the cipher application hardware verification
Key and the signature value;
If the public key and the signature value confirm that the public key algorithm is identified and verified by verifying;
If the public key and the signature value are unverified, confirm that the public key algorithm is not identified or not by testing
Card;
The step of symmetric cryptography identified according to the communication protocol parsed and verify the online data includes:
Select symmetry algorithm, key and second plaintext;
It is encrypted using second plaintext described in the symmetry algorithm and the key pair and obtains ciphertext;
The key and the ciphertext are sent to cipher application hardware, to and to the ciphertext decryption;
If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is identified and verified;
If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or not by testing
Card.
4. method as claimed in claim 1 or 3, which is characterized in that it is described according to the communication protocol parsed identification it is described
The step of Encryption Algorithm of line number evidence, including:
The algorithm mark transmitted during communication handshake is acquired, and identification Encryption Algorithm is identified according to algorithm collected;Or
The algorithm protocol of negotiating algorithm process transmitting is read, and Encryption Algorithm is determined according to read algorithm protocol;Or
The communication protocol parsed and predetermined encryption algorithm library traversal are compared, and cryptographic algorithm is determined according to comparing result.
5. the method as described in claim 1, which is characterized in that the default safety regulation includes:Certificate validity, algorithm peace
Quan Xing, identity identify safety, key agreement safety, the detection of ciphertext weak key, one in communication protocol Hole Detection or
It is multinomial.
6. a kind of online data monitoring device, which is characterized in that including:
Parsing module is acquired, for acquiring online data, and parses the communication protocol of the online data;
It identifies authentication module, verifies the online data for cipher application to be identified and passed through according to the communication protocol parsed
Encryption Algorithm;
Whether detection module detects the cipher application if the Encryption Algorithm for being identified is identified and by verifying
Meet default safety regulation;
First confirmation module confirms online data peace collected if meeting default safety regulation for the cipher application
Entirely;
Second confirmation module, if the Encryption Algorithm for being identified is not identified or the unverified or described password is answered
With default safety regulation is not met, then confirm that there are risks for online data collected.
7. device as claimed in claim 6, which is characterized in that the identification authentication module is specifically used for:According to what is parsed
Communication protocol identifies and verifies the public key cryptography and/or symmetric cryptography of the online data;
Wherein, the identification authentication module includes:
Public key cryptography identification verifying submodule, for selecting public key algorithm, public key, private key and first in plain text;Utilize the public key
Algorithm signs in plain text to described first and obtains signature value;The public key and the signature value are sent to cipher application hardware, and
Pass through public key described in the cipher application hardware verification and the signature value;If the public key and the signature value pass through verifying,
Then confirm that the public key algorithm is identified and verified;If the public key and the signature value are unverified, described in confirmation
Public key algorithm is not identified or unverified;
Symmetric cryptography identification verifying submodule, for selecting symmetry algorithm, key and second plaintext;Using the symmetry algorithm and
The encryption of second plaintext described in the key pair obtains ciphertext;The key and the ciphertext are sent to cipher application hardware, it is right
And the ciphertext is decrypted;If decrypting the ciphertext obtains the second plaintext, confirm the symmetry algorithm obtain identification and
Verifying;If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or not by testing
Card.
8. device as claimed in claims 6 or 7, which is characterized in that the identification authentication module, including:
First identification module for acquiring the algorithm mark transmitted during communication handshake, and is identified according to algorithm collected
Identify Encryption Algorithm;Or
Second identification module, for reading the algorithm protocol of negotiating algorithm process transmitting, and it is true according to read algorithm protocol
Determine Encryption Algorithm;Or
Third identification module for comparing the communication protocol parsed and predetermined encryption algorithm library traversal, and is tied according to comparison
Fruit determines cryptographic algorithm.
9. a kind of electronic equipment, which is characterized in that including processor, memory and be stored on the memory and can be described
The computer program run on processor is realized when the computer program is executed by the processor as in claim 1 to 5
The step of described in any item online data monitoring methods.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of online data monitoring method described in any one of claims 1 to 5 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810553312.3A CN108848078A (en) | 2018-06-01 | 2018-06-01 | A kind of online data monitoring method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810553312.3A CN108848078A (en) | 2018-06-01 | 2018-06-01 | A kind of online data monitoring method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108848078A true CN108848078A (en) | 2018-11-20 |
Family
ID=64211267
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810553312.3A Pending CN108848078A (en) | 2018-06-01 | 2018-06-01 | A kind of online data monitoring method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108848078A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141243A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Device and method for carrying out security check and content filtering on communication data |
CN101296228A (en) * | 2008-06-19 | 2008-10-29 | 上海交通大学 | SSL VPN protocol detection method based on flow analysis |
CN101695038A (en) * | 2009-10-27 | 2010-04-14 | 联想网御科技(北京)有限公司 | Method and device for detecting SSL enciphered data safety |
US20110103584A1 (en) * | 2009-11-04 | 2011-05-05 | Stmicroelectronics (Rousset) Sas | Protection of a ciphering key |
CN104735058A (en) * | 2015-03-04 | 2015-06-24 | 深信服网络科技(深圳)有限公司 | Encryption method and system based on security protocol SSL |
US9531705B1 (en) * | 2013-03-14 | 2016-12-27 | United Services Automobile Association | Systems and methods for computer digital certificate management and analysis |
CN107612698A (en) * | 2017-08-08 | 2018-01-19 | 北京中海闻达信息技术有限公司 | A kind of commercial cipher detection method, device and system |
-
2018
- 2018-06-01 CN CN201810553312.3A patent/CN108848078A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141243A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Device and method for carrying out security check and content filtering on communication data |
CN101296228A (en) * | 2008-06-19 | 2008-10-29 | 上海交通大学 | SSL VPN protocol detection method based on flow analysis |
CN101695038A (en) * | 2009-10-27 | 2010-04-14 | 联想网御科技(北京)有限公司 | Method and device for detecting SSL enciphered data safety |
US20110103584A1 (en) * | 2009-11-04 | 2011-05-05 | Stmicroelectronics (Rousset) Sas | Protection of a ciphering key |
US9531705B1 (en) * | 2013-03-14 | 2016-12-27 | United Services Automobile Association | Systems and methods for computer digital certificate management and analysis |
CN104735058A (en) * | 2015-03-04 | 2015-06-24 | 深信服网络科技(深圳)有限公司 | Encryption method and system based on security protocol SSL |
CN107612698A (en) * | 2017-08-08 | 2018-01-19 | 北京中海闻达信息技术有限公司 | A kind of commercial cipher detection method, device and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Meyer et al. | Revisiting {SSL/TLS} implementations: New bleichenbacher side channels and attacks | |
CN111181928B (en) | Vehicle diagnosis method, server, and computer-readable storage medium | |
CN107770159B (en) | Vehicle accident data recording method and related device and readable storage medium | |
CN109309565A (en) | A kind of method and device of safety certification | |
CN110086608A (en) | User authen method, device, computer equipment and computer readable storage medium | |
CN110891061B (en) | Data encryption and decryption method and device, storage medium and encrypted file | |
CN106603234A (en) | Method, device and system for device identity authentication | |
CN102970676B (en) | A kind of method handled initial data, Internet of things system and terminal | |
CN109120649A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CA2969332C (en) | A method and device for authentication | |
US10021079B2 (en) | Security system, method, and apparatus | |
CN107358441A (en) | Method, system and the mobile device and safety certificate equipment of payment verification | |
CN111435913A (en) | Identity authentication method and device for terminal of Internet of things and storage medium | |
CN103974255B (en) | A kind of vehicle access system and method | |
CN108632259A (en) | A kind of mist calculate node device authentication system and method based on block chain | |
CN106650372B (en) | The activating method and device of administrator right | |
CN104935441A (en) | Authentication method and relevant devices and systems | |
CN106027574A (en) | Identity authentication method and device | |
CN105554008B (en) | User terminal, certificate server, intermediate server, system and transfer approach | |
CN109600296A (en) | A kind of certificate chain instant communicating system and its application method | |
CN110505185A (en) | Auth method, equipment and system | |
CN109101803A (en) | Biometric apparatus and method | |
CN109416716A (en) | Processing control apparatus, process control method and record have the recording medium of processing control program | |
WO2017040124A1 (en) | System and method for detection of cloned devices | |
CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181120 |