CN112995119A - Data monitoring method and device - Google Patents

Data monitoring method and device Download PDF

Info

Publication number
CN112995119A
CN112995119A CN201911310277.3A CN201911310277A CN112995119A CN 112995119 A CN112995119 A CN 112995119A CN 201911310277 A CN201911310277 A CN 201911310277A CN 112995119 A CN112995119 A CN 112995119A
Authority
CN
China
Prior art keywords
data
address
network
key
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911310277.3A
Other languages
Chinese (zh)
Inventor
郭卓越
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Gridsum Technology Co Ltd
Original Assignee
Beijing Gridsum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Gridsum Technology Co Ltd filed Critical Beijing Gridsum Technology Co Ltd
Priority to CN201911310277.3A priority Critical patent/CN112995119A/en
Publication of CN112995119A publication Critical patent/CN112995119A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses a data monitoring method and a device, wherein a monitoring device establishes trust connection with a first network device in advance, when the first network device sends a network message, the monitoring device intercepts a first target network message, and converts a target IP address, a target port and a target MAC address in the first target network message into the IP address, the port and the MAC address of the monitoring device. The monitoring equipment decrypts the converted first target network message by using the first symmetric key to obtain plaintext data, performs audit processing on data included in the plaintext data, and encrypts the plaintext data by using the second symmetric key to obtain a second target network message when the plaintext data is safe data. And converting the IP address, the port and the MAC address of the monitoring device in the second target network message into a target IPD address, a target port and a target MAC address, obtaining the converted second target network message and sending the converted second target network message to the second network device.

Description

Data monitoring method and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a data monitoring method and apparatus.
Background
The Hypertext Transfer Protocol Secure (HTTPS) is a Secure communication channel that is developed based on HTTP and used to exchange information between a computer and a server. Information exchange is mainly performed by using a Secure Socket Layer (SSL), and all data are encrypted in the transmission process. Today, with increasing importance on data security, the whole network is gradually trending to transmit data by using the HTTPS protocol. Due to the characteristics of high safety, reliability and monitoring prevention of the HTTPS protocol, the traditional content auditing method cannot effectively control network data, and the hidden danger that important data is leaked occurs.
Disclosure of Invention
In view of this, embodiments of the present disclosure provide a data monitoring method and apparatus to effectively monitor network data and avoid leakage of important data.
In order to solve the above problem, the technical solution provided by the embodiment of the present application is as follows:
in a first aspect of embodiments of the present application, there is provided a data monitoring method, where the method is applied to a monitoring device, and the method includes:
acquiring a first target network message sent by first network equipment;
converting the destination IP address, the destination port and the destination MAC address in the first target network message into the IP address, the port and the MAC address of the monitoring equipment to obtain a converted first target network message;
decrypting the converted first target network message by using a first symmetric key to obtain plaintext data so as to audit the plaintext data; the first symmetric key is obtained by the monitoring device and the first network device through key agreement;
when the plaintext data is the security data, encrypting the plaintext data by using a second symmetric key to obtain a second target network message; the second symmetric key is obtained by the monitoring equipment and second network equipment through key agreement; the second network equipment is network equipment corresponding to the destination IP address;
and converting the IP address, the port and the MAC address of the monitoring equipment in the second target network message into the target IP address, the target port and the target MAC address, obtaining the converted second target network message, and sending the converted second target network message to the second network equipment.
In one possible implementation, the method further includes:
and when the plaintext data is unsafe data, sending an alarm message to the first network equipment.
In a possible implementation manner, before converting the destination IP address, the destination port, and the destination MAC address of the first target network packet into the IP address, the port, and the MAC address of the monitoring device, the method further includes:
judging whether the source IP address of the first target network message is in a source address white list or not, and if the source IP address of the first target network message is in the source address white list, directly sending the first target network message to the second network equipment; the source IP address is an IP address corresponding to the first network device.
In a possible implementation manner, the auditing the plaintext data includes:
judging whether the plaintext data is matched with a preset security policy; the preset security policy at least comprises preset keywords, a preset regular expression and preset fingerprint information;
when the plaintext data is matched with the preset security policy, determining that the plaintext data is unsafe data; otherwise, determining the plaintext data as the security data.
In a possible implementation manner, the process of the monitoring device performing key agreement with the first network device includes:
the monitoring equipment acquires a first public key of the first network equipment from an authentication center;
decrypting first key data sent by the first network equipment by using the first public key to obtain a first symmetric key; the first key data is formed by the first network device encrypting the first symmetric key with a first private key; the first public keys correspond to the first private keys one by one and are generated by the authentication center;
the key negotiation process between the monitoring device and the second network device comprises the following steps:
the monitoring device encrypts a second symmetric key by using a second private key to generate second key data, and sends the second key data to the second network device, so that the second network device decrypts the second key data by using a second public key to obtain the second symmetric key, wherein the second public key corresponds to the second private key one to one and is generated by the authentication center.
In a possible implementation manner, the acquiring a first target network packet sent by a first network device includes:
acquiring a network message sent by the first network equipment;
and analyzing the protocol format of the network message, and determining the first target network message from the network message matched with the preset protocol format.
In a possible implementation manner, the first target network packet is an HTTPS protocol network packet.
In a second aspect of the embodiments of the present application, there is provided a data monitoring apparatus, where the apparatus is applied to a monitoring device, and the apparatus includes:
the device comprises an acquisition unit, a processing unit and a sending unit, wherein the acquisition unit is used for acquiring a first target network message sent by first network equipment;
a first conversion unit, configured to convert a destination IP address, a destination port, and a destination MAC address in the first target network packet into an IP address, a port, and an MAC address of the monitoring device, and obtain a converted first target network packet;
the decryption unit is used for decrypting the converted first target network message by using a first symmetric key to obtain plaintext data; the first symmetric key is obtained by the monitoring device and the first network device through key agreement;
the auditing unit is used for auditing the plaintext data;
the encryption unit is used for encrypting the plaintext data by using a second symmetric key to obtain a second target network message when the plaintext data is the security data; the second symmetric key is obtained by the monitoring equipment and second network equipment through key agreement; the second network equipment is the network equipment corresponding to the destination IP address
A second conversion unit, configured to convert the IP address, the port, and the MAC address of the monitoring device in the second target network packet into the destination IP address, the destination port, and the destination MAC address, and obtain a converted second target network packet;
and the first sending unit is used for sending the converted second target network message to the second network equipment.
In a third aspect of embodiments of the present application, there is provided a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to perform the data monitoring method of the first aspect.
In a fourth aspect of embodiments of the present application, there is provided an apparatus for data monitoring, the apparatus including a memory and a processor, the memory being configured to store one or more programs, and the processor being configured to call the programs in the memory to perform the data monitoring method of the first aspect.
Therefore, the embodiment of the application has the following beneficial effects:
according to the method and the device, the monitoring device establishes trust connection with the first network device in advance, and when the first network device sends the network message, the monitoring device intercepts the first target network message. In order to enable the monitoring device to process the first target network message, after the first target network message is obtained, the target IP address, the target port and the target MAC address in the first target network message are converted into the IP address, the port and the MAC address of the monitoring device, so as to obtain the converted first target network message. And then, decrypting the converted first target network message by using a first symmetric key obtained by negotiation between the monitoring equipment and the first network equipment to obtain plaintext data. And then, auditing data included in the plaintext data, namely judging whether the plaintext data includes sensitive data, and if not, indicating that the plaintext data is the safety data.
And when the plaintext data is the safety data, encrypting the plaintext data by using a second symmetric key obtained by negotiation between the monitoring equipment and the second network equipment to obtain a second target network message. And then, the IP address, the port and the MAC address of the monitoring device in the second target network message are converted into a target IPD address, a target port and a target MAC address, so as to obtain a converted second target network message, and the converted second target network message is sent to the target network device, i.e., the second network device. Namely, the method and the device can monitor the content of the HTTPS network message, avoid sensitive data from leaking, and protect data safety. In addition, the method and the device do not need to set a proxy server and allocate addresses for the proxy server, improve monitoring efficiency, and save cost and network resources.
Drawings
Fig. 1 is an exemplary diagram of an application scenario provided in an embodiment of the present application;
fig. 2 is a signaling diagram for session connection setup according to an embodiment of the present application;
fig. 3 is a flowchart of a data monitoring method according to an embodiment of the present application;
fig. 4 is a structural diagram of a monitoring device according to an embodiment of the present disclosure;
fig. 5 is a structural diagram of a data monitoring apparatus according to an embodiment of the present application;
fig. 6 is a structural diagram of a data monitoring device according to an embodiment of the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanying the drawings are described in detail below.
In order to facilitate understanding of the basic idea of the technical solution provided by the present application, the following description will be made on the background of the present application.
The inventor finds that, in the traditional HTTPS protocol message monitoring research, the following three types of traditional monitoring technologies are mainly used: (1) intermediate equipment is disguised as a gateway by using an Address Resolution Protocol (ARP) mode, but the communication quality is influenced by the ARP mode; (2) directing the traffic to a designated host by using Domain name resolution (DNS), which requires adding equipment and a designated DNS server if necessary; (3) by using the proxy server method, the method needs to set a browser proxy server, configure IP for the proxy server, and change the existing topology of the network.
Based on this, an embodiment of the present application provides a data monitoring method, where the method is applied to a monitoring device, and the monitoring device may capture a first target network packet sent by a first network device, and in order to ensure that the monitoring device can perform audit processing on the received first target network packet, when the monitoring device captures the first target network packet, convert an IP address, a port, and an MAC address of the monitoring device into an IP address, a port, and an MAC address of the monitoring device, and obtain a converted first target network packet. Then, the converted first target network message is decrypted by using the first symmetric key negotiated with the first network device to obtain plaintext data, so that the plaintext data can be audited. And when the auditing result is that the plaintext data is the safe data, indicating that the plaintext data does not comprise the sensitive data, encrypting the plaintext data by using a second symmetric key negotiated with the second network equipment in advance to obtain a second target network message. And converting the IP address, the port and the MAC address of the monitoring equipment corresponding to the second target network message into the target IP address, the port and the MAC address again to obtain a converted second target network message, and sending the converted second target network message to the target network equipment, namely the second network equipment.
That is, the content of the first target network packet is monitored by converting the information related to the target network device in the first target network packet into the information of the monitoring device, so that sensitive data is prevented from being leaked. Meanwhile, a proxy server does not need to be set and an IP (Internet protocol) is not needed to be configured for the proxy server, so that the cost and network resources are saved, and the monitoring equipment can be serially arranged on the network boundary, so that the communication is not influenced.
For convenience of understanding, referring to the scenario embodiment shown in fig. 1, in this embodiment, the first network device may be a terminal or a server, and the second network device may also be a terminal as a server. For convenience of understanding, the first network device is taken as a terminal, and the second network device is taken as a server for example.
In practical applications, when the terminal 102 sends a network packet to the server 103, the monitoring device 101 may capture the network packet, and if the network packet is a first target network packet that the monitoring device 101 needs to monitor, convert a destination address (a destination IP address and a destination MAC address) and a destination port of the first target network packet into an address and a port of the monitoring device. And then, decrypting the first target network message by using the first symmetric key to obtain plaintext data, auditing the content of the plaintext data, and judging whether the plaintext data comprises sensitive content. If the plaintext data does not contain sensitive content, the plaintext data is indicated to be safe data, the plaintext data is encrypted by using a second symmetric key to obtain a second target network message, and the IP address, the port and the MAC address of the monitoring equipment in the second target network message are converted into relevant information of the server. Finally, the second target network packet is sent to the server 103.
Those skilled in the art will appreciate that the block diagram shown in fig. 1 is only one example in which embodiments of the present application may be implemented. In this embodiment, the first network device may be not only a terminal, but also other devices, such as a base station, and the like.
It can be understood that, in order to obtain the network packet smoothly, the monitoring device must obtain the trust of the devices at both ends of the network in advance to establish the session connection. Based on this, in order to enable those skilled in the art to fully understand the implementation of the present application, a process of establishing a connection between a monitoring device and a first network device and a connection between a monitoring device and a second network device will be described below.
For convenience of understanding, in the embodiments of the present application, the first network device is still taken as a terminal, and the second network device is taken as a server for illustration, and the following embodiments are not limited thereto.
Method embodiment one
Referring to fig. 2, which is a session connection setup signaling interaction diagram provided in an embodiment of the present application, as shown in fig. 2, the method includes:
s201: the terminal device sends a first connection request to the server.
S201: the monitoring equipment captures a first connection request sent by the terminal to the server, and sends a second connection request to the server according to the first connection request.
When a client needs to establish a session with a server, a connection request, that is, a first connection request, is sent to the server through a terminal where the client is located, where the first connection request may be an HTTPS request. The operating system of the terminal is provided with a root certificate of the monitoring device. The root certificate is a certificate issued by a certificate authority and is the starting point of a chain of trust, and installing the root certificate means trust in the certificate authority.
When the monitoring device captures the first connection request, the destination address in the first connection request is converted into a virtual destination address, and then the first connection request is analyzed to obtain the data in the first connection request. And then, repackaging the data to form a second connection request and sending the second connection request to the server. That is, the monitoring device simulates a terminal and sends a connection request to the server.
S203: and after receiving a second connection request sent by the monitoring equipment, the server sends a first digital certificate.
S204: the monitoring device captures a first digital certificate sent by the server and acquires the first digital certificate and a public key.
And after receiving the second connection request, the server sends the first digital certificate in response to the second connection request. The monitoring device captures the first digital certificate to obtain the first digital certificate and a public key.
In specific implementation, in order to avoid tampering with the sent first digital certificate, the server encrypts the digest of the digital certificate in advance by using a certificate private key before sending the first digital certificate, and then performs external sending. After the monitoring device captures the first digital certificate, the digest of the first digital certificate may be decrypted by using the public key in the digital certificate to verify the validity of the first digital certificate.
Specifically, in order to ensure the integrity of the first digital certificate during transmission, the data signature of the first digital certificate may also be verified, and other steps may be performed if the verification is passed. Wherein the verification of the data signature of the first digital certificate by the monitoring device may include: and the monitoring equipment calculates a first abstract of the first digital certificate, compares the first abstract with a second abstract, and verifies the digital signature in the first digital certificate if the first abstract is consistent with the second abstract. And the second abstract is obtained by the server through calculation of the first digital certificate. That is, when the server sends the first digital certificate, the server first calculates a second digest of the first digital certificate by using a digest algorithm, and sends out the first digital certificate and the corresponding second digest. When the monitoring equipment captures the first digital certificate, calculating a first abstract of the first digital certificate by using the same abstract algorithm, judging whether the first abstract and the second abstract are the same, and if the first abstract and the second abstract are the same, indicating that the digital signature in the first digital certificate is verified to be passed; otherwise, the verification is not passed.
S205: and the monitoring equipment constructs a second digital certificate and sends the second digital certificate to the terminal so that the terminal acquires the public key of the second digital certificate.
It can be understood that, since the monitoring device captures the first connection request sent by the real terminal, at this time, the monitoring device simulates the server to construct the second digital certificate and sends the second digital certificate to the terminal. Because the terminal has pre-installed the root certificate of the monitoring device, which indicates that the monitoring device is trusted, when the terminal detects that the sender of the second digital certificate is the monitoring device, the public key of the second digital certificate is directly obtained, so that the public key is used for encryption.
S206: and the terminal generates a symmetric key, and encrypts the symmetric key by using the public key of the second digital certificate to obtain second ciphertext data.
S207: and the monitoring equipment acquires the second ciphertext data sent by the terminal equipment, and decrypts the ciphertext data by using the private key of the second digital certificate to obtain the symmetric key.
In this embodiment, the monitoring device may obtain a symmetric key of the terminal device in a subsequent communication process, and establish a trusted connection with the terminal. The symmetric key may include an encryption key and a decryption key, among others.
S208: the monitoring equipment encrypts the obtained symmetric key by using the public key of the first digital certificate to obtain third ciphertext data, and sends the third ciphertext data to the server.
S209: and the server decrypts the third ciphertext data by using the private key of the first digital certificate to obtain a symmetric key.
In this embodiment, the server obtains a symmetric key of the analog terminal (monitoring device) in subsequent communication, and establishes a trusted connection with the monitoring device.
It should be noted that, in this embodiment, the operations performed by the terminal are all performed by the client installed in the terminal, and then are transmitted through the terminal.
According to the embodiment, the monitoring equipment simulates the server to establish connection with the terminal, and then simulates the terminal to establish connection with the real server, so that the target network message sent by the terminal or the server can be intercepted.
Method embodiment two
Based on the first embodiment of the method, the data detection process will be described below with reference to the accompanying drawings.
Referring to fig. 3, which is a flowchart of a data monitoring method provided in an embodiment of the present application, as shown in fig. 3, the method is applied to a monitoring device, and may include:
s301: the method comprises the steps of obtaining a first target network message sent by first network equipment.
In this embodiment, the monitoring device may monitor whether the first network device sends the network packet in real time, and if so, capture the first target network packet sent by the first network device. The first network device may be a terminal, a server, a base station, and the like, which is not limited herein. In a specific implementation, the monitoring device may collect the network boundary packet through a fast packet capture tool such as PFRING or DPDK.
In practical applications, the first network device may send network packets in various formats, and some network packets may be directly passed through to the target network device (the second network device) without detecting the content included in the network packets. Therefore, when capturing a network packet sent by a first network device, it is further necessary to determine whether the network packet is a first target network packet, which specifically includes: acquiring a network message sent by first network equipment; and analyzing the protocol format of the network message, and determining the first target network message from the network message matched with the preset protocol format. That is, after capturing the network packet sent by the first network device, the protocol format of the network packet is analyzed, and if the protocol format of the packet is the preset protocol format, the network packet is determined as the first target network packet. The preset protocol format may be an HTTPS protocol format, and the first target network packet is an HTTPS packet.
It can be understood that, in some cases, although the message captured by the monitoring device is the first target network message, since the first network device is a secure network device and does not generally relate to sensitive data, in order to reduce the workload of the monitoring device, a device white list may be pre-configured, and the IP address of the secure network device is added to the white list, and when the monitoring device monitors that the source IP address in the first target network message sent by the first network device is included in the white list, the first target network message is not converted and directly transmitted through. Specifically, before the address of the first target network packet is converted, the monitoring device may further determine whether the source IP address of the first target network packet is in the source address white list, and if the source address of the first target network packet is in the source address white list, directly send the first target network packet to the second network device, without performing subsequent operations; otherwise, the destination IP address, the destination port and the destination MAC address of the first destination network message are converted. The source IP address refers to an IP address of the first network device.
S302: and converting the destination IP address, the destination port and the destination MAC address in the first target network message into the IP address, the port and the MAC address of the monitoring equipment to obtain the converted first target network message.
S303: and decrypting the converted first target network message by using the first symmetric key to obtain plaintext data so as to audit the plaintext data.
After capturing the first target network message, the monitoring device first converts the destination address (destination IP address and destination MAC address) in the first target network message into the address of the monitoring device and converts the destination port into the port of the monitoring device in order to audit the content in the target network message. And then, decrypting the first target network message by using a first symmetric key obtained by key negotiation with the first network equipment in advance to obtain plaintext data so as to audit the plaintext data, namely judging whether the plaintext data comprises sensitive content.
In specific implementation, the embodiment provides a way of auditing plaintext data, and specifically, determines whether the plaintext data matches a preset security policy; when the plaintext data is matched with a preset security policy, determining that the plaintext data is unsafe data; otherwise, the plaintext data is determined to be the security data. The preset security matching strategy can comprise preset keywords, preset regular expressions, preset fingerprint information, mailers and the like. The preset fingerprint information refers to characteristic information included in the insecure data, and specifically, the preset fingerprint information may include structured fingerprint information and unstructured fingerprint information.
For example, it may be determined whether the plaintext data includes a preset keyword and/or whether the plaintext data matches a preset regular expression; when the plaintext data comprises preset keywords or the plaintext data is matched with a preset regular expression, determining that the plaintext data is unsafe data; otherwise, determining the plaintext data as the security data. The preset keywords and the preset regular expressions can be set according to the practical application condition. When the monitoring device analyzes that the plaintext data comprises one or more preset keywords, the plaintext data is determined to be unsafe data if the plaintext data comprises sensitive content, or characters in the plaintext data conform to a preset regular expression, the plaintext data comprises sensitive content if the characters in the plaintext data conform to the preset regular expression, the plaintext data is determined to be unsafe data, and the plaintext data is not sent to the target network device. Otherwise, step S303 is executed.
In practical application, the monitoring device sends a warning message to the first network device when determining that the plaintext data is unsafe data, so as to effectively prevent sensitive information from leaking.
S304: and when the plaintext data is the security data, encrypting the plaintext data by using a second symmetric key to obtain a second target network message.
S305: and converting the IP address, the port and the MAC address of the monitoring equipment in the second target network message into a target IP address, a target port and a target MAC address, obtaining the converted second target network message and sending the converted second target network message to the second network equipment.
And when the safety of the first target network message sent by the first network equipment is determined, encrypting the plaintext data by using a second symmetric key negotiated with the second network equipment in advance to obtain a second target network message. Then, the IP address, port and MAC address of the monitoring device in the second target network packet are converted into a target IP address, a target port and a target MAC address, so as to obtain a converted second target network packet, and the second target network packet is sent to the real target network device, i.e. the second network device. The second network device is a network device corresponding to the destination IP address, the destination port, and the destination MAC address, and the second network device may be a terminal, a server, a base station, and the like.
It should be noted that, when the monitoring device converts the address information such as the destination IP address, the destination port, and the destination MAC address of the first target network packet into the address information corresponding to the monitoring device, the mapping relationship between the converted address information and the real address information may be pre-stored, and when it is determined that the plaintext data is the secure data, the address information in the second target network packet may be converted into the real address information according to the mapping relationship.
As can be seen from the foregoing embodiments, the monitoring device may capture a first target network packet sent by the first network device, convert a destination address (a destination IP address and a destination MAC address) and a destination port in the first target network packet into an IP address, an MAC address and a port of the monitoring device, and obtain the converted first target network packet. And then, decrypting the converted first target network message by using the first symmetric key to obtain plaintext data, thereby realizing auditing treatment of the plaintext data. And when the auditing result is that the plaintext data is the safe data, the plaintext data does not comprise the sensitive data, and the plaintext data is encrypted by using a second symmetric key to obtain a second target network message. And converting the IP address, the MAC address and the port of the monitoring equipment in the second target network message into a target IP address, a target MAC address and a target port again to obtain a converted second target network message, and sending the converted second target network message to target network equipment, namely the second network equipment.
That is, the content of the first target network packet is monitored by converting the address information of the target network device in the first target network packet into the address information of the monitoring device, so that sensitive data is prevented from being leaked. Meanwhile, a proxy server does not need to be set and an IP (Internet protocol) is not needed to be configured for the proxy server, so that the cost and network resources are saved, and the monitoring equipment can be serially arranged on the network boundary, so that the communication is not influenced.
In practical application, when the monitoring device performs symmetric key agreement with the first network device and the second network device, the symmetric key may also be encrypted to ensure the security of the symmetric key. Specifically, when the monitoring device performs key agreement with the first network device, the monitoring device obtains a first public key of the first network device from the authentication center; and decrypting the first key data sent by the first network equipment by using the first public key to obtain a first symmetric key. The first network device encrypts a first symmetric key by using a first private key to form first key data, and the first public key and the first private key exist in pair and are generated by the authentication center. That is, the certificate authority generates a pair of public key and private key, i.e. a first public key and a first private key, for the first network device, and sends the first public key to the monitoring device and the first private key to the first network device. After generating the first symmetric key, the first network device encrypts the first symmetric key by using the first private key to generate first key data, and sends the first key data to the monitoring device. The monitoring device decrypts the first key data by using the first public key to obtain a first symmetric key.
Similarly, when the monitoring device performs key agreement with the second network device, the monitoring device encrypts the second symmetric key by using the second private key to generate second key data, and sends the second key data to the second network device, so that the second network device decrypts the second key data by using the second public key to obtain the second symmetric key. The second public key corresponds to the second private key one by one and is generated by the authentication center. That is, the certificate authority generates a pair of public key and private key, namely a second public key and a second private key, for the second network device, and sends the second public key to the second network device, and sends the second private key to the monitoring device. After the monitoring device generates the second symmetric key, the monitoring device encrypts the second symmetric key by using the second private key to generate second key data and sends the second key data to the first network device. And the second network equipment decrypts the second key data by using the second public key to obtain a second symmetric key.
It can be understood by those skilled in the art that, in a complete session process, a plurality of network packets are transmitted, and when the monitoring device examines the content of a network packet, in a symmetric encryption communication stage, only one network packet may be processed at a time, and address information conversion and content audit are performed on the network packet, or after all network packets are received, address information conversion and content audit are performed on all network packets, which is not limited herein.
It should be noted that, in practical applications, the monitoring device may include a plurality of functional modules, so as to implement monitoring on the message content through the functional modules. Referring to fig. 4, the system may specifically include a capture module, a protocol parsing module, a message network address translation module, a user-mode or kernel-mode TCP/IP protocol stack, an agent module, a content auditing module, and a sending module.
During actual work, the monitoring equipment collects network boundary network messages through the capture module, identifies target network messages belonging to the HTTPS protocol through the protocol analysis module, and directly sends the rest non-HTTPS protocol messages. And then sending the HTTPS protocol message to a message network address conversion module, converting a target IP address in the target network message into an IP address of the monitoring equipment, converting a target MAC address into an MAC address of the monitoring equipment, converting a target port into a port of the monitoring equipment, repackaging the target network message and sending the target network message to a TCP/IP protocol stack. The proxy module can monitor the target network message sent to the TCP/IP protocol stack in real time, and then decrypt the target network message by using the first symmetric key to obtain plaintext data. And the content auditing module analyzes, matches and the like the plaintext data. If the plaintext data is the security data, the plaintext data is encrypted by using the second symmetric key, the network message is obtained again, the IP address and the MAC address of the monitoring equipment in the network message are converted into the destination IP address and the destination MAC address, the port is converted, and the destination IP address and the destination MAC address are sent to the target network equipment through the sending module. If the plaintext data is unsafe data, warning information is sent to the first network equipment or session connection with the first network equipment is disconnected, and sensitive information is prevented from being leaked.
In addition, it should be noted that, in the present application, the monitoring device is a transparent device for the first network device and the second network device, and both devices cannot sense the existence of the monitoring device.
Based on the above method embodiments, the present application provides a data monitoring device, which will be described below with reference to the accompanying drawings.
Referring to fig. 5, which is a structural diagram of a data monitoring apparatus provided in an embodiment of the present application, as shown in fig. 5, the apparatus applied to a monitoring device may include:
an obtaining unit 501, configured to obtain a first target network packet sent by a first network device;
a first converting unit 502, configured to convert a destination IP address, a destination port, and a destination MAC address in the first target network packet into an IP address, a port, and an MAC address of the monitoring device, so as to obtain a converted first target network packet;
a decryption unit 503, configured to decrypt the converted first target network packet with a first symmetric key to obtain plaintext data; the first symmetric key is obtained by the monitoring device and the first network device through key agreement;
an auditing unit 504, configured to perform auditing processing on the plaintext data;
an encrypting unit 505, configured to encrypt the plaintext data by using a second symmetric key to obtain a second target network packet when the plaintext data is secure data; the second symmetric key is obtained by the monitoring equipment and second network equipment through key agreement; the second network equipment is the network equipment corresponding to the destination IP address
A second converting unit 506, configured to convert the IP address, the port, and the MAC address of the monitoring device in the second target network packet into the destination IP address, the destination port, and the destination MAC address, and obtain a converted second target network packet;
a first sending unit 507, configured to send the converted second target network packet to the second network device.
In one possible implementation, the apparatus further includes:
and the second sending unit is used for sending an alarm message to the first network equipment when the plaintext data is unsafe data.
In one possible implementation, the apparatus further includes:
a determining unit, configured to determine, before executing the first converting unit, whether a source IP address of the first target network packet is in a source address white list, and if the source IP address of the first target network packet is in the source address white list, execute the first sending unit to directly send the first target network packet to the second network device; the source IP address is an IP address corresponding to the first network device.
In a possible implementation manner, the auditing unit is specifically configured to determine whether the plaintext data matches a preset security policy, where the preset security policy at least includes a preset keyword, a preset regular expression, and preset fingerprint information; when the plaintext data is matched with the preset security policy, determining that the plaintext data is unsafe data; otherwise, determining the plaintext data as the security data.
In a possible implementation manner, the process of the monitoring device performing key agreement with the first network device includes:
the monitoring equipment acquires a first public key of the first network equipment from an authentication center;
decrypting first key data sent by the first network equipment by using the first public key to obtain a first symmetric key; the first key data is formed by the first network device encrypting the first symmetric key with a first private key; the first public keys correspond to the first private keys one by one and are generated by the authentication center;
the key negotiation process between the monitoring device and the second network device comprises the following steps:
the monitoring device encrypts a second symmetric key by using a second private key to generate second key data, and sends the second key data to the second network device, so that the second network device decrypts the second key data by using a second public key to obtain the second symmetric key, wherein the second public key corresponds to the second private key one to one and is generated by the authentication center.
In a possible implementation manner, the obtaining unit includes:
an obtaining subunit, configured to obtain a network packet sent by the first network device;
and the analysis subunit is used for analyzing the protocol format of the network message and determining the first target network message from the network message matched with the preset protocol format.
In a possible implementation manner, the first target network packet is an HTTPS protocol network packet.
It should be noted that, implementation of each unit in this embodiment may refer to the above method embodiment, and this embodiment is not described herein again.
The data monitoring and extracting device comprises a processor and a memory, the acquiring unit 501, the first converting unit 502, the decrypting unit 503, the auditing unit 504, the encrypting unit 505, the second converting unit 506, the first sending unit 507, and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to one or more than one, and data monitoring is realized by adjusting kernel parameters.
In addition, the embodiment of the present application also provides a computer readable storage medium, on which a computer program is stored, and the computer program is executed by a processor to implement the data monitoring method.
The embodiment of the application provides a device for data monitoring, which is characterized by comprising a memory and a processor, wherein the memory is used for storing one or more programs, and the processor is used for calling the programs in the memory to execute the data monitoring method.
An embodiment of the present application further provides a device for data monitoring, refer to fig. 6, which is a schematic structural diagram of the device for data monitoring provided in the embodiment of the present application. The device 600 shown in fig. 6 comprises at least one processor 601, and at least one memory 602 connected to the processor 601, a bus 603; the processor 601 and the memory 602 complete communication with each other through the bus 603; the processor 601 is used to call the program instructions in the memory 602 to execute the data monitoring method according to any one of the above embodiments.
The data monitoring equipment in the application can be a server, a PC, a PAD, a mobile phone and the like.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device:
acquiring a first target network message sent by first network equipment;
converting the destination IP address, the destination port and the destination MAC address in the first target network message into the IP address, the port and the MAC address of the monitoring equipment to obtain a converted first target network message;
decrypting the converted first target network message by using a first symmetric key to obtain plaintext data so as to audit the plaintext data; the first symmetric key is obtained by the monitoring device and the first network device through key agreement;
when the plaintext data is the security data, encrypting the plaintext data by using a second symmetric key to obtain a second target network message; the second symmetric key is obtained by the monitoring equipment and second network equipment through key agreement; the second network equipment is the network equipment corresponding to the destination IP address
And converting the IP address, the port and the MAC address of the monitoring equipment in the second target network message into the target IP address, the target port and the target MAC address, obtaining the converted second target network message, and sending the converted second target network message to the second network equipment.
Optionally, the method further includes:
and when the plaintext data is unsafe data, sending an alarm message to the first network equipment.
Optionally, before converting the destination IP address, the destination port, and the destination MAC address of the first target network packet into the IP address, the port, and the MAC address of the monitoring device, the method further includes:
judging whether the source IP address of the first target network message is in a source address white list or not, and if the source IP address of the first target network message is in the source address white list, directly sending the first target network message to the second network equipment; the source IP address is an IP address corresponding to the first network device.
Optionally, the auditing the plaintext data includes:
judging whether the plaintext data is matched with a preset security policy; the preset security policy at least comprises preset keywords, preset regular expressions and preset fingerprint information
When the plaintext data is matched with the preset security policy, determining that the plaintext data is unsafe data; otherwise, determining the plaintext data as the security data.
Optionally, the process of performing key agreement between the monitoring device and the first network device includes:
the monitoring equipment acquires a first public key of the first network equipment from an authentication center;
decrypting first key data sent by the first network equipment by using the first public key to obtain a first symmetric key; the first key data is formed by the first network device encrypting the first symmetric key with a first private key; the first public keys correspond to the first private keys one by one and are generated by the authentication center;
the key negotiation process between the monitoring device and the second network device comprises the following steps:
the monitoring device encrypts a second symmetric key by using a second private key to generate second key data, and sends the second key data to the second network device, so that the second network device decrypts the second key data by using a second public key to obtain the second symmetric key, wherein the second public key corresponds to the second private key one to one and is generated by the authentication center.
Optionally, the obtaining the first target network packet sent by the first network device includes:
acquiring a network message sent by the first network equipment;
and analyzing the protocol format of the network message, and determining the first target network message from the network message matched with the preset protocol format.
Optionally, the first target network packet is an HTTPS protocol network packet.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a device includes one or more processors (CPUs), memory, and a bus. The device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip. The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A data monitoring method is applied to monitoring equipment, and the method comprises the following steps:
acquiring a first target network message sent by first network equipment;
converting the destination IP address, the destination port and the destination MAC address in the first target network message into the IP address, the port and the MAC address of the monitoring equipment to obtain a converted first target network message;
decrypting the converted first target network message by using a first symmetric key to obtain plaintext data so as to audit the plaintext data; the first symmetric key is obtained by the monitoring device and the first network device through key agreement;
when the plaintext data is the security data, encrypting the plaintext data by using a second symmetric key to obtain a second target network message; the second symmetric key is obtained by the monitoring equipment and second network equipment through key agreement; the second network equipment is network equipment corresponding to the destination IP address;
and converting the IP address, the port and the MAC address of the monitoring equipment in the second target network message into the target IP address, the target port and the target MAC address, obtaining the converted second target network message, and sending the converted second target network message to the second network equipment.
2. The method of claim 1, further comprising:
and when the plaintext data is unsafe data, sending an alarm message to the first network equipment.
3. The method of claim 1, wherein prior to converting the destination IP address, destination port, and destination MAC address of the first target network packet to the IP address, port, and MAC address of the monitoring device, the method further comprises:
judging whether the source IP address of the first target network message is in a source address white list or not, and if the source IP address of the first target network message is in the source address white list, directly sending the first target network message to the second network equipment; the source IP address is an IP address corresponding to the first network device.
4. The method of claim 1, wherein said auditing said plaintext data comprises:
judging whether the plaintext data is matched with a preset security policy; the preset security policy at least comprises preset keywords, a preset regular expression and preset fingerprint information;
when the plaintext data is matched with the preset security policy, determining that the plaintext data is unsafe data; otherwise, determining the plaintext data as the security data.
5. The method of claim 1, wherein the monitoring device performs key agreement with the first network device, comprising:
the monitoring equipment acquires a first public key of the first network equipment from an authentication center;
decrypting first key data sent by the first network equipment by using the first public key to obtain a first symmetric key; the first key data is formed by the first network device encrypting the first symmetric key with a first private key; the first public keys correspond to the first private keys one by one and are generated by the authentication center;
the key negotiation process between the monitoring device and the second network device comprises the following steps:
the monitoring device encrypts a second symmetric key by using a second private key to generate second key data, and sends the second key data to the second network device, so that the second network device decrypts the second key data by using a second public key to obtain the second symmetric key, wherein the second public key corresponds to the second private key one to one and is generated by the authentication center.
6. The method of claim 1, wherein the obtaining the first target network packet sent by the first network device comprises:
acquiring a network message sent by the first network equipment;
and analyzing the protocol format of the network message, and determining the first target network message from the network message matched with the preset protocol format.
7. The method according to any of claims 1-6, wherein the first target network packet is an HTTPS protocol network packet.
8. A data monitoring device, wherein the device is applied to a monitoring device, the device comprises:
the device comprises an acquisition unit, a processing unit and a sending unit, wherein the acquisition unit is used for acquiring a first target network message sent by first network equipment;
a first conversion unit, configured to convert a destination IP address, a destination port, and a destination MAC address in the first target network packet into an IP address, a port, and an MAC address of the monitoring device, and obtain a converted first target network packet;
the decryption unit is used for decrypting the converted first target network message by using a first symmetric key to obtain plaintext data; the first symmetric key is obtained by the monitoring device and the first network device through key agreement;
the auditing unit is used for auditing the plaintext data;
the encryption unit is used for encrypting the plaintext data by using a second symmetric key to obtain a second target network message when the plaintext data is the security data; the second symmetric key is obtained by the monitoring equipment and second network equipment through key agreement; the second network equipment is the network equipment corresponding to the destination IP address
A second conversion unit, configured to convert the IP address, the port, and the MAC address of the monitoring device in the second target network packet into the destination IP address, the destination port, and the destination MAC address, and obtain a converted second target network packet;
and the first sending unit is used for sending the converted second target network message to the second network equipment.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the data monitoring method of any one of claims 1 to 7.
10. An apparatus for data monitoring, the apparatus comprising a memory for storing one or more programs and a processor for invoking a program in the memory to perform the data monitoring method of any one of claims 1 to 7.
CN201911310277.3A 2019-12-18 2019-12-18 Data monitoring method and device Pending CN112995119A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911310277.3A CN112995119A (en) 2019-12-18 2019-12-18 Data monitoring method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911310277.3A CN112995119A (en) 2019-12-18 2019-12-18 Data monitoring method and device

Publications (1)

Publication Number Publication Date
CN112995119A true CN112995119A (en) 2021-06-18

Family

ID=76343964

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911310277.3A Pending CN112995119A (en) 2019-12-18 2019-12-18 Data monitoring method and device

Country Status (1)

Country Link
CN (1) CN112995119A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285593A (en) * 2021-11-08 2022-04-05 深圳市联洲国际技术有限公司 Method, device, equipment and storage medium for constructing secure local area network protocol
CN115001846A (en) * 2022-06-28 2022-09-02 湖北天融信网络安全技术有限公司 Method, isolation device, device and medium for cross-network data transmission

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106453610A (en) * 2016-11-09 2017-02-22 深圳市任子行科技开发有限公司 HTTPS data flow auditing method and system oriented on operator backbone network
CN107517183A (en) * 2016-06-15 2017-12-26 华为技术有限公司 The method and apparatus of encrypted content detection
US20180034854A1 (en) * 2016-07-29 2018-02-01 Alibaba Group Holding Limited Hypertext transfer protocol secure (https) based packet processing methods and apparatuses
CN109039810A (en) * 2018-07-17 2018-12-18 杭州迪普科技股份有限公司 A kind of message processing method and device
CN109413060A (en) * 2018-10-19 2019-03-01 深信服科技股份有限公司 Message processing method, device, equipment and storage medium
CN110278558A (en) * 2019-07-25 2019-09-24 迈普通信技术股份有限公司 The exchange method and wlan system of message

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107517183A (en) * 2016-06-15 2017-12-26 华为技术有限公司 The method and apparatus of encrypted content detection
US20180034854A1 (en) * 2016-07-29 2018-02-01 Alibaba Group Holding Limited Hypertext transfer protocol secure (https) based packet processing methods and apparatuses
CN106453610A (en) * 2016-11-09 2017-02-22 深圳市任子行科技开发有限公司 HTTPS data flow auditing method and system oriented on operator backbone network
CN109039810A (en) * 2018-07-17 2018-12-18 杭州迪普科技股份有限公司 A kind of message processing method and device
CN109413060A (en) * 2018-10-19 2019-03-01 深信服科技股份有限公司 Message processing method, device, equipment and storage medium
CN110278558A (en) * 2019-07-25 2019-09-24 迈普通信技术股份有限公司 The exchange method and wlan system of message

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285593A (en) * 2021-11-08 2022-04-05 深圳市联洲国际技术有限公司 Method, device, equipment and storage medium for constructing secure local area network protocol
CN114285593B (en) * 2021-11-08 2024-03-29 深圳市联洲国际技术有限公司 Method, device, equipment and storage medium for constructing secure local area network protocol
CN115001846A (en) * 2022-06-28 2022-09-02 湖北天融信网络安全技术有限公司 Method, isolation device, device and medium for cross-network data transmission

Similar Documents

Publication Publication Date Title
CN110138799B (en) SGX-based secure cloud storage method
CN106713320B (en) Terminal data transmission method and device
CN111371549B (en) Message data transmission method, device and system
US20180034854A1 (en) Hypertext transfer protocol secure (https) based packet processing methods and apparatuses
CN106899571B (en) Information interaction method and device
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
US11470060B2 (en) Private exchange of encrypted data over a computer network
CN110198297B (en) Flow data monitoring method and device, electronic equipment and computer readable medium
US8291227B2 (en) Method and apparatus for secure communication
CN114500054B (en) Service access method, service access device, electronic device, and storage medium
CN113204772B (en) Data processing method, device, system, terminal, server and storage medium
CN112689014B (en) Double-full-work communication method, device, computer equipment and storage medium
CN114338844A (en) Cross-protocol communication method and device between client servers
CN113542274A (en) Cross-domain data transmission method, device, server and storage medium
CN112954683A (en) Domain name resolution method, domain name resolution device, electronic equipment and storage medium
CN112995119A (en) Data monitoring method and device
CN115333839A (en) Data security transmission method, system, device and storage medium
CN112995120A (en) Data monitoring method and device
EP3242444A1 (en) Service processing method and device
CN111600948A (en) Cloud platform application and data security processing method, system, storage medium and program based on identification password
CN111249740A (en) Resource data access method and system
CN114172645A (en) Communication bypass auditing method and device, electronic equipment and storage medium
CN113992734A (en) Session connection method, device and equipment
CN112350922A (en) Mail processing method, device, server and storage medium
CN111431889B (en) Communication protection method for lightweight control channel in OpenFlow network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210618

RJ01 Rejection of invention patent application after publication