CN108848078A - A kind of online data monitoring method and device - Google Patents

A kind of online data monitoring method and device Download PDF

Info

Publication number
CN108848078A
CN108848078A CN201810553312.3A CN201810553312A CN108848078A CN 108848078 A CN108848078 A CN 108848078A CN 201810553312 A CN201810553312 A CN 201810553312A CN 108848078 A CN108848078 A CN 108848078A
Authority
CN
China
Prior art keywords
algorithm
identified
online data
public key
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810553312.3A
Other languages
Chinese (zh)
Inventor
孙国胜
王海平
汤琦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhonghai Wenda Information Technology Co Ltd
Original Assignee
Beijing Zhonghai Wenda Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhonghai Wenda Information Technology Co Ltd filed Critical Beijing Zhonghai Wenda Information Technology Co Ltd
Priority to CN201810553312.3A priority Critical patent/CN108848078A/en
Publication of CN108848078A publication Critical patent/CN108848078A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of online data monitoring method and device.This method includes acquisition online data, and parses the communication protocol of the online data;The Encryption Algorithm of the online data is identified and verified according to the communication protocol parsed;If the Encryption Algorithm identified is identified and by verifying, detect whether cipher application meets default safety regulation;If the cipher application meets default safety regulation, online data safety collected is confirmed;If the Encryption Algorithm identified is not identified or the unverified or described cipher application does not meet default safety regulation, confirm that there are risks for online data collected.In this way can be in online data transmission process by acquiring and parsing online data, and further by being identified and being verified to Encryption Algorithm, the encryption situation of data itself and data can effectively be monitored.

Description

A kind of online data monitoring method and device
Technical field
The present invention relates to field of information security technology more particularly to a kind of online data monitoring method and devices.
Background technique
With the development of internet technology, more and more data are transmitted by network, in order to ensure these pass through network The safety of the data of transmitting is encrypted in data transmission procedure.Monitoring for the safe condition of these data is It is realized based on data monitoring, however existing data monitoring process is mainly real by the analysis to Data Transport Protocol and loophole It is existing, so existing data monitoring process is difficult to effectively monitor the encryption situation of data itself and data.
Summary of the invention
The embodiment of the present invention provides a kind of online data monitoring method and device, difficult to solve existing data monitoring process The problem of effectively being monitored with the encryption situation to data itself and data.
In order to solve the above-mentioned technical problem, the invention is realized in this way:
In a first aspect, the embodiment of the invention provides a kind of online data monitoring methods, including:
Online data is acquired, and parses the communication protocol of the online data;
The Encryption Algorithm that cipher application verifies the online data is identified and passed through according to the communication protocol parsed;
If the Encryption Algorithm identified is identified and by verifying, detect whether the cipher application meets default peace Full rule;
If the cipher application meets default safety regulation, online data safety collected is confirmed;
If the Encryption Algorithm identified is not identified or the unverified or described cipher application does not meet default peace Full rule, then confirm that there are risks for online data collected.
Optionally, the step of acquisition online data, including:
Online data is acquired using bypass mirror image using data probe.
Optionally, the step of the Encryption Algorithm for being identified according to the communication protocol parsed and verifying the online data Suddenly, including:The public key cryptography and/or symmetric cryptography of the online data are identified and verified according to the communication protocol parsed;
Wherein, the step of public key cryptography identified according to the communication protocol parsed and verify the online data packet It includes:
Select public key algorithm, public key, private key and first in plain text;
It is signed in plain text using the public key algorithm to described first and obtains signature value;
The public key and the signature value are sent to cipher application hardware, and pass through the cipher application hardware verification institute State public key and the signature value;
If the public key and the signature value confirm that the public key algorithm is identified and verified by verifying;
If the public key and the signature value are unverified, confirm that the public key algorithm is not identified or do not passed through Verifying;
The step of symmetric cryptography identified according to the communication protocol parsed and verify the online data includes:
Select symmetry algorithm, key and second plaintext;
It is encrypted using second plaintext described in the symmetry algorithm and the key pair and obtains ciphertext;
The key and the ciphertext are sent to cipher application hardware, to and to the ciphertext decryption;
If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is identified and verified;
If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or do not passed through Verifying.
Optionally, the step of Encryption Algorithm that the online data is identified according to the communication protocol parsed, including:
The algorithm mark transmitted during communication handshake is acquired, and identification Encryption Algorithm is identified according to algorithm collected; Or
The algorithm protocol of negotiating algorithm process transmitting is read, and Encryption Algorithm is determined according to read algorithm protocol;Or Person
The communication protocol parsed and predetermined encryption algorithm library traversal are compared, and determine that password is calculated according to comparing result Method.
Optionally, the default safety regulation includes:Certificate validity, algorithm security, identity identify safety, key Negotiate safety, ciphertext weak key detects, one or more in communication protocol Hole Detection.
Second aspect, the embodiment of the invention provides a kind of online data monitoring devices, including:
Parsing module is acquired, for acquiring online data, and parses the communication protocol of the online data;
Authentication module is identified, for identifying and verifying by cipher application described in line number according to the communication protocol parsed According to Encryption Algorithm;
Detection module detects the cipher application if the Encryption Algorithm for being identified is identified and by verifying Whether default safety regulation is met;
First confirmation module confirms collected in line number if meeting default safety regulation for the cipher application According to safety;
Second confirmation module, if the Encryption Algorithm for being identified is not identified or unverified or described close Code application does not meet default safety regulation, then confirms that there are risks for online data collected.
Optionally, the identification authentication module, is specifically used for:Identified according to the communication protocol parsed and verify it is described The public key cryptography and/or symmetric cryptography of line number evidence;
Wherein, the identification authentication module includes:
Public key cryptography identification verifying submodule, for selecting public key algorithm, public key, private key and first in plain text;Using described Public key algorithm signs in plain text to described first and obtains signature value;It is hard that the public key and the signature value are sent to cipher application Part, and pass through public key described in the cipher application hardware verification and the signature value;If the public key and the signature value pass through Verifying, then confirm that the public key algorithm is identified and verified;If the public key and the signature value are unverified, confirm The public key algorithm is not identified or unverified;
Symmetric cryptography identification verifying submodule, for selecting symmetry algorithm, key and second plaintext;Utilize the symmetrical calculation The encryption of second plaintext described in method and the key pair obtains ciphertext;It is hard that the key and the ciphertext are sent to cipher application Part, to and to the ciphertext decryption;If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is known Not and verify;If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or do not led to Cross verifying.
Optionally, the identification authentication module, including:
First identification module, for acquiring the algorithm mark transmitted during communication handshake, and according to algorithm collected Mark identification Encryption Algorithm;Or
Second identification module is assisted for reading the algorithm protocol of negotiating algorithm process transmitting, and according to read algorithm It discusses and determines Encryption Algorithm;Or
Third identification module, for comparing the communication protocol parsed and predetermined encryption algorithm library traversal, and according to right Cryptographic algorithm is determined than result.
The third aspect the embodiment of the invention provides a kind of electronic equipment, including processor, memory and is stored in described It is real when the computer program is executed by the processor on memory and the computer program that can run on the processor The step of existing online data monitoring method as described in any one of the above embodiments.
Fourth aspect, the embodiment of the invention provides a kind of computer readable storage mediums, are stored thereon with computer journey The step of sequence, the computer program realizes online data monitoring method described in any of the above embodiments when being executed by processor.
In this way, in the embodiment of the present invention, including acquisition online data, and parse the communication protocol of the online data;Root The Encryption Algorithm of the online data is identified and verified according to the communication protocol parsed;If the Encryption Algorithm identified is identified And by verifying, then detect whether cipher application meets default safety regulation;If the cipher application meets default safety regulation, Then confirm online data safety collected;If the Encryption Algorithm identified is not identified or unverified or described Cipher application does not meet default safety regulation, then confirms that there are risks for online data collected.It in this way can be in online data It, can be right by acquiring and parsing online data in transmission process, and further by being identified and being verified to Encryption Algorithm The encryption situation of data itself and data is effectively monitored.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, needed in being described below to the embodiment of the present invention Attached drawing to be used is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, For those of ordinary skill in the art, without any creative labor, it can also obtain according to these attached drawings Obtain other attached drawings.
Fig. 1 is the flow chart of online data monitoring method provided in an embodiment of the present invention;
Fig. 2 is the structure chart of online data monitoring device provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts Example, shall fall within the protection scope of the present invention.
It is a kind of flow chart of online data monitoring method provided in an embodiment of the present invention referring to Fig. 1, Fig. 1, such as Fig. 1 institute Show, includes the following steps:
Step 101, acquisition online data, and parse the communication protocol of the online data.
The technical solution of the present embodiment is mainly used for carrying out data safety monitoring to communication service system.
In the present embodiment, acquisition online data and the online data by parsing acquisition obtain the online data and use first Communication protocol.
Specifically, the mode of acquisition online data, which can be, carries out data acquisition using series connection solution control mode, it is clear that can also To acquire online data using other connection types.
It is using data probe using bypass mirror image acquisition online data in a preferred embodiment, it is other Road mirror image refers to replicating data, and further carry out the data of duplication by the way that the forms such as port arranged side by side are arranged Processing solves control mode relative to series connection, carries out data acquisition using bypass mirror image pattern and is avoided that normally transmitting in line number It is interfered according to generating, and can guarantee the integrality and accuracy of data, realized to the real-time synchronization of global data, monitoring and prison It surveys.
And being parsed to online data and obtaining corresponding communication protocol then is realized based on various standard agreements, tool Body, can be by being arranged protocol library, and built-in various standard communication protocols in protocol library, and will be used in online data Communication protocol in communication protocol and protocol library is compared to determine communication protocol used in online data.
In a specific embodiment, built-in various standard communication protocols in protocol library, such as SSLVPN (Security Socket Layer-SSL is based on secure socket layer protocol), Ipsecvpn, Pptpvpn (Point to Point Tunneling Protocol, Point to Point Tunnel Protocol), SSH (Secure Shell, safety shell protocol), Skype Etc. various international standard protocols, it is also possible to the agreements such as certain proprietary protocols, such as wechat payment.
In the present embodiment, by being parsed to telecommunication data protocol, and can further according to the type of communication protocol to Line number is and further according to classifying, and carries out depth analysis and classification to cryptographic communication data according to agreement cipher suite
Step 102 identifies according to the communication protocol parsed and passes through the encryption that cipher application verifies the online data Algorithm.
The Encryption Algorithm of online data is further identified and verified in the present embodiment, and Encryption Algorithm specifically can integrate domestic The country such as commercial cipher algorithm standard rules SM1, SM2, SM3 and SM4 password standard algorithm, can also integrate international standard protocol encryption External member support cryptographic algorithm such as RSA, ECC, AES, DES scheduling algorithm, so as to further by protocol suite interpret and Emulate identification and verifying of the encryption and decryption communication realization to Encryption Algorithm.
The cryptographic communication data that being identified and verified to Encryption Algorithm in the present embodiment can be to communication applications carry out Depth analysis and monitoring are also possible to the detection to information system communication circuit pack cipher application.It can also be both of which It carries out.
As optional specific embodiment a kind of in the present embodiment, depth is carried out to the cryptographic communication data of communication applications Analysis and monitoring mainly include identification and the verifying to public key cryptography and/or symmetric cryptography.Specifically, in the present embodiment by pair Protocol suite is interpreted and identification and verifying to Encryption Algorithm are realized in emulation encryption and decryption communication, carries out the identification and verifying of algorithm.
In a specific embodiment, include to the identification of public key cryptography and verifying:
Select public key algorithm, public key, private key and first in plain text;
It is signed in plain text using the public key algorithm to described first and obtains signature value;
The public key and the signature value are sent to cipher application hardware, and pass through the cipher application hardware verification institute State public key and the signature value;
If the public key and the signature value confirm that the public key algorithm is identified and verified by verifying;
If the public key and the signature value are unverified, confirm that the public key algorithm is not identified or do not passed through Verifying.
In a specific embodiment, include to the identification of symmetric cryptography and verifying:
Select symmetry algorithm, key and second plaintext;
It is encrypted using second plaintext described in the symmetry algorithm and the key pair and obtains ciphertext;
The key and the ciphertext are sent to cipher application hardware, to and to the ciphertext decryption;
If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is identified and verified;
If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or do not passed through Verifying.
It is then that standard cipher is installed in advance in detection architecture in the another optional specific embodiment of the present embodiment Module carries out the identification and verifying of algorithm by carrying out screening extraction and comparison to the code data collected in real time.
Specifically, can be realized by following either type for the identification of algorithm:
The algorithm mark transmitted during method 1, acquisition communication handshake, and identification encryption is identified according to algorithm collected Algorithm.
It can be by collecting according to Its Relevant Technology Standards for the VPN security protocol data such as SSLVPN and IPSecVPN Communication handshake during the algorithm mark that transmits, and then realize identification to algorithm used in cryptographic communication.
Method 2, the algorithm protocol for reading the transmitting of negotiating algorithm process, and determine that encryption is calculated according to read algorithm protocol Method.
For other agreement, such as SSH, Pptpvpn etc., communication handshake does not have algorithm mark transmission in the process , then it can be identified by the specific algorithm protocol contents transmitted during negotiating algorithm.
The communication protocol parsed and predetermined encryption algorithm library traversal are compared, and are determined according to comparing result close by method 3 Code algorithm.
There are also some communication protocols, there is no transfer algorithm mark in handshake procedure, without transmission specific algorithm agreement yet The secret communication algorithm information of content then can carry out traversal comparison, Jin Ershi using ordinary cryptographic algorithm according to protocol type Now to the identification of algorithm.
After completing to the identification of Encryption Algorithm, need further to verify Encryption Algorithm.It is right in the present embodiment Encryption Algorithm in the security protocol for having algorithm and key agreement on communication line, can be identified by identity in number The partial informations such as signature, public key and eap-message digest realize the verifying of public key algorithm and the verifying of hashing algorithm.If without identity Authentication information can realize the verifying to ECC class public key algorithm during arranging key.
If step 103, the Encryption Algorithm identified are identified and by verifyings, detect whether the cipher application accords with Close default safety regulation.
For cipher application safety detection the purpose of be to be verified to the safety of cryptographic communication, specific detection side Formula can select as the case may be, and in a specific embodiment, carrying out safety detection for cipher application includes:Card Book validity, algorithm security, identity identify safety, key agreement safety, the detection of ciphertext weak key, communication protocol loophole It is one or more in detection.
Whether the legitimacy and certificate that wherein the validity of certificate refers to certificate are still in service life.And algorithm is pacified Full property detection can then refer to certain standard, such as the national standard of cryptosecurity, international standard and various for password Certain examination criteria is specified in the analysis and research achievement of safety, and details are not described herein again.Identity in the present embodiment identifies safety Property relate generally to public key algorithm and hashing algorithm, with reference to relevant national standard, international standard and newest can also specifically grind Study carefully achievement etc..Key agreement safety then relates generally to public key algorithm, and the detection of ciphertext weak key is then for the encryption formed Tunnel, communication protocol loophole then relate generally to ciphertext protocol data, and above-mentioned items can participate in relevant national standard, international mark Quasi- and newest research results are verified.
If step 104, the cipher application meet default safety regulation, online data safety collected is confirmed.
At this point, due to data itself be it is comparatively safe, can without other processing, safety instruction can also be sent.
If step 105, the Encryption Algorithm identified are not identified or the unverified or described cipher application is not inconsistent Default safety regulation is closed, then confirms that there are risks for online data collected.
If online data there are risk, can by taking appropriate measures further directed to risk data, such as It interrupts data transmission, the transmission of pause data, issue the modes such as alarm signal.This is not further qualified in the present embodiment.
Even if being also able to achieve to data itself and data it should be understood that above-mentioned each optional step does not execute Encryption situation is effectively monitored.
In this way, in the embodiment of the present invention, including acquisition online data, and parse the communication protocol of the online data;Root The Encryption Algorithm of the online data is identified and verified according to the communication protocol parsed;If the Encryption Algorithm identified is identified And by verifying, then detect whether cipher application meets default safety regulation;If the cipher application meets default safety regulation, Then confirm online data safety collected;If the Encryption Algorithm identified is not identified or unverified or described Cipher application does not meet default safety regulation, then confirms that there are risks for online data collected.It in this way can be in online data It, can be right by acquiring and parsing online data in transmission process, and further by being identified and being verified to Encryption Algorithm The encryption situation of data itself and data is effectively monitored.
As shown in Fig. 2, the embodiment of the invention also provides a kind of online data monitoring devices 200, including:
Parsing module 201 is acquired, for acquiring online data, and parses the communication protocol of the online data;
Identify authentication module 202, for identify according to the communication protocol parsed and by cipher application verify described in The Encryption Algorithm of line number evidence;
Detection module 203 detects the password and answers if the Encryption Algorithm for being identified is identified and by verifying With whether meeting default safety regulation;
First confirmation module 204 confirms collected online if meeting default safety regulation for the cipher application Data safety;
Second confirmation module 205, if the Encryption Algorithm for being identified is not identified or unverified or described Cipher application does not meet default safety regulation, then confirms that there are risks for online data collected.
Optionally, the acquisition parsing module 201 is specifically used for:
Online data is acquired using bypass mirror image using data probe.
Optionally, the identification authentication module 202, is specifically used for:It is identified according to the communication protocol parsed and verifies institute State the public key cryptography and/or symmetric cryptography of online data;
Wherein, the identification authentication module 202 includes:
Public key cryptography identification verifying submodule, for selecting public key algorithm, public key, private key and first in plain text;Using described Public key algorithm signs in plain text to described first and obtains signature value;It is hard that the public key and the signature value are sent to cipher application Part, and pass through public key described in the cipher application hardware verification and the signature value;If the public key and the signature value pass through Verifying, then confirm that the public key algorithm is identified and verified;If the public key and the signature value are unverified, confirm The public key algorithm is not identified or unverified;
Symmetric cryptography identification verifying submodule, for selecting symmetry algorithm, key and second plaintext;Utilize the symmetrical calculation The encryption of second plaintext described in method and the key pair obtains ciphertext;It is hard that the key and the ciphertext are sent to cipher application Part, to and to the ciphertext decryption;If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is known Not and verify;If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or do not led to Cross verifying.
Optionally, the identification authentication module 202, including:
First identification module, for acquiring the algorithm mark transmitted during communication handshake, and according to algorithm collected Mark identification Encryption Algorithm;Or
Second identification module is assisted for reading the algorithm protocol of negotiating algorithm process transmitting, and according to read algorithm It discusses and determines Encryption Algorithm;Or
Third identification module, for comparing the communication protocol parsed and predetermined encryption algorithm library traversal, and according to right Cryptographic algorithm is determined than result.
Optionally, the default safety regulation includes:Certificate validity, algorithm security, identity identify safety, key Negotiate safety, ciphertext weak key detects, one or more in communication protocol Hole Detection.
Mobile terminal provided in an embodiment of the present invention can be realized each process in embodiment of the method shown in FIG. 1, be It avoids repeating, which is not described herein again.
Preferably, the embodiment of the present invention also provides a kind of electronic equipment, including processor, and memory XX09 is stored in and deposits On reservoir and the computer program that can run on the processor, the computer program realized when being executed by processor it is above-mentioned Each process of line data monitoring method embodiment, and identical technical effect can be reached, it is no longer superfluous here to avoid repeating It states.
The embodiment of the present invention also provides a kind of computer readable storage medium, and meter is stored on computer readable storage medium Calculation machine program, the computer program realize each process of above-mentioned online data monitoring method embodiment when being executed by processor, And identical technical effect can be reached, to avoid repeating, which is not described herein again.Wherein, the computer readable storage medium, Such as read-only memory (Read-Only Memory, abbreviation ROM), random access memory (Random Access Memory, letter Claim RAM), magnetic or disk etc..
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In embodiment provided herein, it should be understood that disclosed device and method can pass through others Mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of device or unit It connects, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.Some or all of unit therein can be selected to realize the embodiment of the present invention according to the actual needs Purpose.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes:USB flash disk, mobile hard disk, ROM, RAM, magnetic or disk etc. are various to can store program code Medium.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.

Claims (10)

1. a kind of online data monitoring method, which is characterized in that including:
Online data is acquired, and parses the communication protocol of the online data;
The Encryption Algorithm that cipher application verifies the online data is identified and passed through according to the communication protocol parsed;
If the Encryption Algorithm identified is identified and by verifying, detect whether the cipher application meets default safety rule Then;
If the cipher application meets default safety regulation, online data safety collected is confirmed;
If the Encryption Algorithm identified is not identified or the unverified or described cipher application does not meet default safety rule Then, then confirm that there are risks for online data collected.
2. the method as described in claim 1, which is characterized in that the step of the acquisition online data, including:
Online data is acquired using bypass mirror image using data probe.
3. the method as described in claim 1, which is characterized in that described to be identified and verified described according to the communication protocol parsed The step of Encryption Algorithm of online data, including:The public affairs of the online data are identified and verified according to the communication protocol parsed Key password and/or symmetric cryptography;
Wherein, the step of public key cryptography identified according to the communication protocol parsed and verify the online data includes:
Select public key algorithm, public key, private key and first in plain text;
It is signed in plain text using the public key algorithm to described first and obtains signature value;
The public key and the signature value are sent to cipher application hardware, and pass through public affairs described in the cipher application hardware verification Key and the signature value;
If the public key and the signature value confirm that the public key algorithm is identified and verified by verifying;
If the public key and the signature value are unverified, confirm that the public key algorithm is not identified or not by testing Card;
The step of symmetric cryptography identified according to the communication protocol parsed and verify the online data includes:
Select symmetry algorithm, key and second plaintext;
It is encrypted using second plaintext described in the symmetry algorithm and the key pair and obtains ciphertext;
The key and the ciphertext are sent to cipher application hardware, to and to the ciphertext decryption;
If decrypting the ciphertext obtains the second plaintext, confirm that the symmetry algorithm is identified and verified;
If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or not by testing Card.
4. method as claimed in claim 1 or 3, which is characterized in that it is described according to the communication protocol parsed identification it is described The step of Encryption Algorithm of line number evidence, including:
The algorithm mark transmitted during communication handshake is acquired, and identification Encryption Algorithm is identified according to algorithm collected;Or
The algorithm protocol of negotiating algorithm process transmitting is read, and Encryption Algorithm is determined according to read algorithm protocol;Or
The communication protocol parsed and predetermined encryption algorithm library traversal are compared, and cryptographic algorithm is determined according to comparing result.
5. the method as described in claim 1, which is characterized in that the default safety regulation includes:Certificate validity, algorithm peace Quan Xing, identity identify safety, key agreement safety, the detection of ciphertext weak key, one in communication protocol Hole Detection or It is multinomial.
6. a kind of online data monitoring device, which is characterized in that including:
Parsing module is acquired, for acquiring online data, and parses the communication protocol of the online data;
It identifies authentication module, verifies the online data for cipher application to be identified and passed through according to the communication protocol parsed Encryption Algorithm;
Whether detection module detects the cipher application if the Encryption Algorithm for being identified is identified and by verifying Meet default safety regulation;
First confirmation module confirms online data peace collected if meeting default safety regulation for the cipher application Entirely;
Second confirmation module, if the Encryption Algorithm for being identified is not identified or the unverified or described password is answered With default safety regulation is not met, then confirm that there are risks for online data collected.
7. device as claimed in claim 6, which is characterized in that the identification authentication module is specifically used for:According to what is parsed Communication protocol identifies and verifies the public key cryptography and/or symmetric cryptography of the online data;
Wherein, the identification authentication module includes:
Public key cryptography identification verifying submodule, for selecting public key algorithm, public key, private key and first in plain text;Utilize the public key Algorithm signs in plain text to described first and obtains signature value;The public key and the signature value are sent to cipher application hardware, and Pass through public key described in the cipher application hardware verification and the signature value;If the public key and the signature value pass through verifying, Then confirm that the public key algorithm is identified and verified;If the public key and the signature value are unverified, described in confirmation Public key algorithm is not identified or unverified;
Symmetric cryptography identification verifying submodule, for selecting symmetry algorithm, key and second plaintext;Using the symmetry algorithm and The encryption of second plaintext described in the key pair obtains ciphertext;The key and the ciphertext are sent to cipher application hardware, it is right And the ciphertext is decrypted;If decrypting the ciphertext obtains the second plaintext, confirm the symmetry algorithm obtain identification and Verifying;If decrypting the ciphertext does not obtain the second plaintext, confirm that the symmetry algorithm is not identified or not by testing Card.
8. device as claimed in claims 6 or 7, which is characterized in that the identification authentication module, including:
First identification module for acquiring the algorithm mark transmitted during communication handshake, and is identified according to algorithm collected Identify Encryption Algorithm;Or
Second identification module, for reading the algorithm protocol of negotiating algorithm process transmitting, and it is true according to read algorithm protocol Determine Encryption Algorithm;Or
Third identification module for comparing the communication protocol parsed and predetermined encryption algorithm library traversal, and is tied according to comparison Fruit determines cryptographic algorithm.
9. a kind of electronic equipment, which is characterized in that including processor, memory and be stored on the memory and can be described The computer program run on processor is realized when the computer program is executed by the processor as in claim 1 to 5 The step of described in any item online data monitoring methods.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of online data monitoring method described in any one of claims 1 to 5 is realized when being executed by processor.
CN201810553312.3A 2018-06-01 2018-06-01 A kind of online data monitoring method and device Pending CN108848078A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810553312.3A CN108848078A (en) 2018-06-01 2018-06-01 A kind of online data monitoring method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810553312.3A CN108848078A (en) 2018-06-01 2018-06-01 A kind of online data monitoring method and device

Publications (1)

Publication Number Publication Date
CN108848078A true CN108848078A (en) 2018-11-20

Family

ID=64211267

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810553312.3A Pending CN108848078A (en) 2018-06-01 2018-06-01 A kind of online data monitoring method and device

Country Status (1)

Country Link
CN (1) CN108848078A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141243A (en) * 2006-09-08 2008-03-12 飞塔信息科技(北京)有限公司 Device and method for carrying out security check and content filtering on communication data
CN101296228A (en) * 2008-06-19 2008-10-29 上海交通大学 SSL VPN protocol detection method based on flow analysis
CN101695038A (en) * 2009-10-27 2010-04-14 联想网御科技(北京)有限公司 Method and device for detecting SSL enciphered data safety
US20110103584A1 (en) * 2009-11-04 2011-05-05 Stmicroelectronics (Rousset) Sas Protection of a ciphering key
CN104735058A (en) * 2015-03-04 2015-06-24 深信服网络科技(深圳)有限公司 Encryption method and system based on security protocol SSL
US9531705B1 (en) * 2013-03-14 2016-12-27 United Services Automobile Association Systems and methods for computer digital certificate management and analysis
CN107612698A (en) * 2017-08-08 2018-01-19 北京中海闻达信息技术有限公司 A kind of commercial cipher detection method, device and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141243A (en) * 2006-09-08 2008-03-12 飞塔信息科技(北京)有限公司 Device and method for carrying out security check and content filtering on communication data
CN101296228A (en) * 2008-06-19 2008-10-29 上海交通大学 SSL VPN protocol detection method based on flow analysis
CN101695038A (en) * 2009-10-27 2010-04-14 联想网御科技(北京)有限公司 Method and device for detecting SSL enciphered data safety
US20110103584A1 (en) * 2009-11-04 2011-05-05 Stmicroelectronics (Rousset) Sas Protection of a ciphering key
US9531705B1 (en) * 2013-03-14 2016-12-27 United Services Automobile Association Systems and methods for computer digital certificate management and analysis
CN104735058A (en) * 2015-03-04 2015-06-24 深信服网络科技(深圳)有限公司 Encryption method and system based on security protocol SSL
CN107612698A (en) * 2017-08-08 2018-01-19 北京中海闻达信息技术有限公司 A kind of commercial cipher detection method, device and system

Similar Documents

Publication Publication Date Title
Meyer et al. Revisiting {SSL/TLS} implementations: New bleichenbacher side channels and attacks
CN111181928B (en) Vehicle diagnosis method, server, and computer-readable storage medium
CN107770159B (en) Vehicle accident data recording method and related device and readable storage medium
CN109309565A (en) A kind of method and device of safety certification
CN110086608A (en) User authen method, device, computer equipment and computer readable storage medium
CN110891061B (en) Data encryption and decryption method and device, storage medium and encrypted file
CN106603234A (en) Method, device and system for device identity authentication
CN102970676B (en) A kind of method handled initial data, Internet of things system and terminal
CN109120649A (en) Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CA2969332C (en) A method and device for authentication
US10021079B2 (en) Security system, method, and apparatus
CN107358441A (en) Method, system and the mobile device and safety certificate equipment of payment verification
CN111435913A (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN103974255B (en) A kind of vehicle access system and method
CN108632259A (en) A kind of mist calculate node device authentication system and method based on block chain
CN106650372B (en) The activating method and device of administrator right
CN104935441A (en) Authentication method and relevant devices and systems
CN106027574A (en) Identity authentication method and device
CN105554008B (en) User terminal, certificate server, intermediate server, system and transfer approach
CN109600296A (en) A kind of certificate chain instant communicating system and its application method
CN110505185A (en) Auth method, equipment and system
CN109101803A (en) Biometric apparatus and method
CN109416716A (en) Processing control apparatus, process control method and record have the recording medium of processing control program
WO2017040124A1 (en) System and method for detection of cloned devices
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181120