CN115529148A - Message processing method, device, equipment, system and readable storage medium - Google Patents
Message processing method, device, equipment, system and readable storage medium Download PDFInfo
- Publication number
- CN115529148A CN115529148A CN202111069732.2A CN202111069732A CN115529148A CN 115529148 A CN115529148 A CN 115529148A CN 202111069732 A CN202111069732 A CN 202111069732A CN 115529148 A CN115529148 A CN 115529148A
- Authority
- CN
- China
- Prior art keywords
- detection function
- csb
- terminal device
- message
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 42
- 238000001514 detection method Methods 0.000 claims abstract description 788
- 238000000034 method Methods 0.000 claims abstract description 138
- 230000004044 response Effects 0.000 claims abstract description 56
- 230000006870 function Effects 0.000 claims description 813
- 238000012545 processing Methods 0.000 claims description 137
- 230000002155 anti-virotic effect Effects 0.000 claims description 23
- 235000014510 cooky Nutrition 0.000 claims description 16
- 238000012546 transfer Methods 0.000 claims description 15
- 230000005540 biological transmission Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 13
- 238000013473 artificial intelligence Methods 0.000 claims description 5
- 230000002265 prevention Effects 0.000 claims description 5
- 238000007726 management method Methods 0.000 description 88
- 238000004891 communication Methods 0.000 description 22
- 230000008569 process Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 10
- 230000003993 interaction Effects 0.000 description 8
- 230000003287 optical effect Effects 0.000 description 8
- 238000012795 verification Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000011951 anti-virus test Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- RGNPBRKPHBKNKX-UHFFFAOYSA-N hexaflumuron Chemical compound C1=C(Cl)C(OC(F)(F)C(F)F)=C(Cl)C=C1NC(=O)NC(=O)C1=C(F)C=CC=C1F RGNPBRKPHBKNKX-UHFFFAOYSA-N 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000004549 pulsed laser deposition Methods 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a message processing method, a device, equipment, a system and a readable storage medium. The method comprises the following steps: the terminal equipment provides CSB detection function information corresponding to the terminal equipment to other equipment; the method comprises the steps that a safety device intercepts a first message sent by an external network to an internal network; after intercepting a first message, the safety equipment determines a CSB detection function to be executed corresponding to the first message; in response to that the terminal equipment has all or part of the CSB detection function to be executed, the safety equipment omits the execution of all or part of the function on the first message before forwarding the first message to the terminal equipment; and the terminal equipment receives the first message sent by the safety equipment and executes the CSB detection function which is not executed by the safety equipment on the first message. The method can reduce the occupation of the equipment resource of the security gateway for executing the CSB detection, and reduce the requirement of the execution of the CSB detection function on the performance of the security equipment.
Description
The present application claims priority of chinese patent application No. 202110714768.5 entitled "method, apparatus and system for content security detection" filed 26/06/2021, the entire contents of which are incorporated herein by reference.
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, a system, and a readable storage medium for processing a packet.
Background
With the rapid development of the internet, the network traffic has increased explosively. The security gateway device needs to perform processing such as Content Security Business (CSB) detection on network traffic flowing through the security gateway device, so as to ensure that the network device of the internal network can operate safely. With the explosive growth of traffic caused by the increasing enrichment of internet service types and the increasingly diversified and complicated CSB functions, the limited processing performance of the security gateway device is more likely to become a service bottleneck.
A related technique for alleviating the bottleneck problem is to replace a secure gateway device with a higher-performance Central Processing Unit (CPU) and more memory. However, this technique requires a relatively high hardware cost on one hand, and requires a relatively long development and debugging period to debug the replaced high-performance security gateway device before the replaced high-performance security gateway device accesses the network. The implementation of this technique is therefore costly.
Disclosure of Invention
The application provides a message processing method, a message processing device, a message processing apparatus, a message processing system and a readable storage medium, so as to reduce the requirement of the execution of a CSB detection function on the performance of a security device and reduce the occupation of device resources of the security device for executing CSB detection.
In a first aspect, a method for processing a packet is provided, where the method is applied to a security device, and the security device is deployed at a boundary between an external network and an internal network, and the method includes: the method comprises the steps that a safety device intercepts a first message sent by an external network to an internal network, wherein the first message carries resources provided by a server of the external network according to a request of a terminal device of the internal network; after intercepting a first message, the safety equipment determines a CSB detection function to be executed corresponding to the first message; and responding to that the terminal equipment has a first CSB detection function, and omitting the execution of the first CSB detection function on the first message before the safety equipment forwards the first message to the terminal equipment, wherein the first CSB detection function is all or part of the CSB detection functions to be executed corresponding to the first message.
According to the method, the security device omits the first CSB detection function executed on the first message, so that the device resource occupation of the security device when the security device executes the CSB detection function can be reduced, and the requirement of the CSB detection function on the performance of the security device is reduced. In addition, because the method reduces the occupation of the equipment resource for executing the CSB detection function, the unoccupied equipment resource of the safety equipment can be used for executing other functions, and the performance of the safety equipment is improved.
In a possible implementation manner, the first CSB detection function is a partial function of the to-be-executed CSB detection function corresponding to the first packet, and before the security device forwards the first packet to the terminal device, the method further includes: the security device executes a second CSB detection function on the first message, wherein the second CSB detection function is a function except the first CSB detection function in the CSB detection functions to be executed corresponding to the first message.
The first CSB detection function of the terminal equipment is part of the CSB detection function to be executed corresponding to the first message, the safety equipment executes the second CSB detection function except the first CSB detection function, and the safety equipment and the terminal equipment jointly complete the CSB detection function corresponding to the first message, so that the safety of the first message is ensured under the condition of reducing the resource consumption of the safety equipment.
In a possible implementation manner, before the security device intercepts the first message sent by the external network to the internal network, the method further includes: the security device intercepts a second message sent by the terminal device, wherein the second message is used for requesting to acquire resources provided by a server of an external network; based on the second message, the safety equipment acquires a CSB detection function of the terminal equipment; after the security device determines the to-be-executed CSB detection function corresponding to the first packet, the method further includes: and the safety equipment determines that the terminal equipment has the first CSB detection function according to the CSB detection function of the terminal equipment and the CSB detection function to be executed corresponding to the first message.
In a possible implementation manner, the second message includes an identity keyword of the terminal device, and based on the second message, the security device obtains a CSB detection function that the terminal device has, including: the safety equipment obtains the identity key words of the terminal equipment included in the second message by analyzing the second message; and the safety equipment acquires the CSB detection function of the terminal equipment according to the identity key words of the terminal equipment.
In a possible implementation manner, the acquiring, by the security device, the CSB detection function that the terminal device has according to the identity keyword of the terminal device includes: the method comprises the steps that safety equipment sends a query request to capacity management equipment, the capacity management equipment stores CSB detection function information corresponding to terminal equipment, the query request carries identity keywords of the terminal equipment, and the CSB detection function information corresponding to the terminal equipment is used for indicating a CSB detection function of the terminal equipment; receiving CSB detection function information corresponding to the terminal equipment sent by the capacity management equipment in response to the query request; and determining the CSB detection function of the terminal equipment according to the CSB detection function information.
In one possible implementation, sending the query request to the capability management device includes: sending a query request to the capability management device based on HTTP, HTTPS or API. The method has more flexible mode for sending the query request.
In a possible implementation manner, the acquiring, by the security device, the CSB detection function that the terminal device has according to the identity keyword of the terminal device includes: the safety equipment inquires the corresponding relation between the identity key words stored in the safety equipment and the CSB detection function according to the identity key words of the terminal equipment, and obtains the CSB detection function corresponding to the identity key words of the terminal equipment. Because the relevant information of the CSB detection function of the terminal equipment can be stored in the capacity management equipment and also can be stored on the safety equipment, the method has flexible mode for storing the relevant information of the CSB detection function of the terminal equipment.
In one possible implementation, the identity key includes at least one of a random ID, an IP address, or user information in a local certificate. The type of the identity keyword of the terminal equipment in the method is flexible, and the accuracy of acquiring the first CSB detection function of the terminal equipment according to the identity keyword of the terminal equipment is high because the identity keyword of the terminal equipment can comprise various types of information.
In a possible implementation manner, the second message carries the CSB detection function information corresponding to the terminal device, and based on the second message, the security device obtains the CSB detection function that the terminal device has, including: the safety equipment acquires CSB detection function information corresponding to the terminal equipment carried by the second message by analyzing the second message; and the safety equipment determines the CSB detection function of the terminal equipment according to the CSB detection function information corresponding to the terminal equipment carried by the second message. Because the second packet can directly carry the CSB detection function information corresponding to the terminal device, the security device can directly obtain the CSB detection function information corresponding to the terminal device by analyzing the second packet, and the efficiency of obtaining the CSB detection function information corresponding to the terminal device is high.
In one possible implementation, the CSB detection function to be performed includes at least one of an IPS detection function, an AV detection function, a URL detection function, an AIE detection function, or an SA detection function.
In a possible implementation manner, the terminal device is a device that completes login authentication, and the login authentication manner includes any one of local authentication, server authentication, or certificate authentication.
In a second aspect, a method for processing a packet is provided, where the method is applied to a terminal device, and the terminal device is deployed in an internal network, and the method includes:
the terminal equipment provides CSB detection function information corresponding to the terminal equipment for other equipment, and the CSB detection function information corresponding to the terminal equipment is used for indicating a CSB detection function of the terminal equipment; the method comprises the steps that terminal equipment receives a first message sent by safety equipment, wherein the safety equipment is deployed at the boundary of an external network and an internal network, the first message is used for bearing resources provided by a server of the external network according to a request of the terminal equipment, the first message is a message that the safety equipment does not execute a first CSB detection function, and the CSB detection function of the terminal equipment comprises the first CSB detection function; the terminal equipment executes the first CSB detection function on the first message. The terminal equipment can execute the CSB detection function which is not executed by the safety equipment on the first message, so the method ensures the safety of the first message.
In a possible implementation manner, the providing, by the terminal device, the CSB detection function information corresponding to the terminal device to the other device includes: and the terminal equipment sends a third message to the capacity management equipment, wherein the third message carries CSB detection function information corresponding to the terminal equipment, and the capacity management equipment is used for storing the CSB detection function information corresponding to the terminal equipment.
In a possible implementation manner, the providing, by the terminal device, the CSB detection function information corresponding to the terminal device to the other device includes: and the terminal equipment sends a third message to the safety equipment, wherein the third message carries the CSB detection function information corresponding to the terminal equipment, and the safety equipment is used for storing the CSB detection function information corresponding to the terminal equipment.
In a possible implementation manner, the providing, by the terminal device, the CSB detection function information corresponding to the terminal device to the other device includes: and the terminal equipment sends a second message to a server of the external network, wherein the second message is used for requesting to acquire resources provided by the server of the external network, and the second message carries CSB detection function information corresponding to the terminal equipment.
In a possible implementation manner, the second message is a message transmitted based on HTTPS, and the CSB detection function information corresponding to the terminal device is carried in a Cookie, or a URL parameter, or an HTTPS header field, or an HTTPS custom field of the second message.
In a possible implementation manner, the second message is a message transmitted based on HTTP, and the CSB detection function information corresponding to the terminal device is carried in a Cookie, or an HTTP header field, or an HTTP custom field of the second message.
In a possible implementation manner, the second message is a message based on FTP transmission, and the CSB detection function information corresponding to the terminal device is carried in an FTP redundant field or an FTP self-defined field of the second message. Because the second message can be transmitted based on different transmission protocols, the method has more flexible mode for transmitting the second message. In addition, the second message can carry the CSB detection function information corresponding to the terminal device in different modes, and the mode of carrying the CSB detection function information corresponding to the terminal device is flexible.
In a possible implementation manner, after the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: and the terminal equipment sends a second message to a server of the external network, wherein the second message is used for requesting to acquire resources provided by the server of the external network, the second message comprises an identity keyword of the terminal equipment, and the identity keyword is used for acquiring a CSB detection function which the terminal equipment has.
In a possible implementation manner, in response to that the other device is a capability management device, after the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: the terminal equipment receives the random ID of the terminal equipment sent by the capacity management equipment, and the random ID of the terminal equipment is used as an identity keyword of the terminal equipment; or in response to that the other device is a security device, after the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: and the terminal equipment receives the random ID of the terminal equipment sent by the safety equipment, wherein the random ID of the terminal equipment is used as the identity key word of the terminal equipment.
In a possible implementation manner, the third packet further includes an IP address of the terminal device, and the IP address of the terminal device is used as an identity keyword of the terminal device.
In a possible implementation manner, the third packet further includes a local certificate of the terminal device, and the user information in the local certificate of the terminal device is used as the identity keyword of the terminal device.
In one possible implementation, the CSB detection function that the terminal device has includes at least one of an IPS detection function, an AV detection function, a URL detection function, an AIE detection function, or an SA detection function.
In a possible implementation manner, before the terminal device provides the CSB detection function information corresponding to the terminal device to another device, the method further includes: the terminal equipment sends a login request to the safety equipment, wherein the login request comprises user information; receiving an authentication result sent by the safety equipment based on the user information, wherein the authentication result is used for indicating whether the terminal equipment successfully logs in; and responding to the successful login of the terminal equipment, and executing the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment by the terminal equipment.
In a possible implementation manner, before the terminal device provides the CSB detection function information corresponding to the terminal device to another device, the method further includes: the terminal equipment sends a login request to login authentication equipment, wherein the login request comprises user information; receiving an authentication result sent by the login authentication device based on the user information, wherein the authentication result is used for indicating whether the terminal device successfully logs in; and responding to the successful login of the terminal equipment, and executing the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment by the terminal equipment.
In a possible implementation manner, before the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: the terminal equipment sends a login request to login authentication equipment, wherein the login request comprises a local certificate of the terminal equipment; receiving an authentication result sent by the login authentication device based on a local certificate of the terminal device, wherein the authentication result is used for indicating whether the terminal device successfully logs in; and responding to the successful login of the terminal equipment, and the terminal equipment executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
The terminal equipment can perform login authentication through different login authentication modes, so that the login authentication mode of the terminal equipment is flexible.
In a third aspect, a packet processing apparatus is provided, where the apparatus is applied to a security device, and the security device is deployed at a boundary between an external network and an internal network, and the apparatus includes:
the acquisition module is used for intercepting a first message sent by an external network to an internal network, wherein the first message is used for bearing resources provided by a server of the external network according to a request of terminal equipment of the internal network;
the determining module is used for determining a CSB detection function to be executed corresponding to the first message;
and the processing module is used for responding to the first CSB detection function of the terminal equipment, and omitting the execution of the first CSB detection function on the first message before forwarding the first message to the terminal equipment, wherein the first CSB detection function is all or part of the CSB detection functions to be executed corresponding to the first message.
In a possible implementation manner, the first CSB detection function is a partial function of the to-be-executed CSB detection function corresponding to the first packet, and the processing module is further configured to execute a second CSB detection function on the first packet, where the second CSB detection function is a function other than the first CSB detection function in the to-be-executed CSB detection function corresponding to the first packet.
In a possible implementation manner, the obtaining module is further configured to intercept a second message sent by the terminal device, where the second message is used to request to obtain a resource provided by a server of an external network; acquiring a CSB detection function of the terminal equipment based on the second message; the determining module is further configured to determine that the terminal device has the first CSB detection function according to the CSB detection function that the terminal device has and the to-be-executed CSB detection function corresponding to the first packet.
In a possible implementation manner, the second message includes an identity keyword of the terminal device, and the obtaining module is configured to obtain the identity keyword of the terminal device included in the second message by analyzing the second message; and acquiring the CSB detection function of the terminal equipment according to the identity keyword of the terminal equipment.
In a possible implementation manner, the obtaining module is configured to send a query request to the capability management device, where the capability management device stores CSB detection function information corresponding to the terminal device, where the query request carries an identity keyword of the terminal device, and the CSB detection function information corresponding to the terminal device is used to indicate a CSB detection function that the terminal device has; receiving CSB detection function information corresponding to the terminal equipment sent by the capacity management equipment in response to the query request; and determining the CSB detection function of the terminal equipment according to the CSB detection function information.
In a possible implementation manner, the obtaining module is configured to send the query request to the capability management device based on HTTP, HTTPs, or API.
In a possible implementation manner, the obtaining module is configured to query, according to the identity keyword of the terminal device, a correspondence between the identity keyword stored in the security device and the CSB detection function, and obtain the CSB detection function corresponding to the identity keyword of the terminal device.
In one possible implementation, the identity key includes at least one of a random ID, an IP address, or user information in a local certificate.
In a possible implementation manner, the second message carries the CSB detection function information corresponding to the terminal device, and the obtaining module is configured to obtain the CSB detection function information corresponding to the terminal device carried by the second message by analyzing the second message; and determining the CSB detection function of the terminal equipment according to the CSB detection function information corresponding to the terminal equipment carried by the second message.
In one possible implementation, the CSB detection function to be performed includes at least one of an IPS detection function, an AV detection function, a URL detection function, an AIE detection function, or an SA detection function.
In a possible implementation manner, the terminal device is a device that completes login authentication, and the login authentication manner includes any one of local authentication, server authentication, or certificate authentication.
In a fourth aspect, a packet processing apparatus is provided, where the apparatus is applied to a terminal device, and the terminal device is deployed in an internal network, and the apparatus includes:
the supply module is used for providing CSB detection function information corresponding to the terminal equipment for other equipment, and the CSB detection function information corresponding to the terminal equipment is used for indicating a CSB detection function which the terminal equipment has;
the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving a first message sent by a safety device, the safety device is deployed at the boundary of an external network and an internal network, the first message is used for bearing resources provided by a server of the external network according to a request of a terminal device, the first message is a message that the safety device does not execute a first CSB detection function, and the CSB detection function of the terminal device comprises the first CSB detection function;
and the processing module is used for executing a first CSB detection function on the first message.
In a possible implementation manner, the provisioning module is configured to send a third packet to the capability management device, where the third packet carries the CSB detection function information corresponding to the terminal device, and the capability management device is configured to store the CSB detection function information corresponding to the terminal device.
In a possible implementation manner, the providing module is configured to send a third packet to the security device, where the third packet carries the CSB detection function information corresponding to the terminal device, and the security device is configured to store the CSB detection function information corresponding to the terminal device.
In a possible implementation manner, the provisioning module is configured to send a second message to a server of an external network, where the second message is used to request to acquire a resource provided by the server of the external network, and the second message carries the CSB detection function information corresponding to the terminal device.
In a possible implementation manner, the second message is a message transmitted based on HTTPS, and the CSB detection function information corresponding to the terminal device is carried in a Cookie, or a URL parameter, or an HTTPS header field, or an HTTPS custom field of the second message.
In a possible implementation manner, the second message is a message transmitted based on HTTP, and the CSB detection function information corresponding to the terminal device is carried in a Cookie, or an HTTP header field, or an HTTP custom field of the second message.
In a possible implementation manner, the second message is a message based on FTP transmission, and the CSB detection function information corresponding to the terminal device is carried in an FTP redundant field or an FTP self-defined field of the second message.
In one possible implementation, the apparatus further includes: and the sending module is used for sending a second message to the server of the external network, wherein the second message is used for requesting to acquire the resource provided by the server of the external network, the second message comprises the identity keyword of the terminal equipment, and the identity keyword is used for acquiring the CSB detection function of the terminal equipment.
In a possible implementation manner, in response to that the other device is a capability management device, the receiving module is further configured to receive a random ID of the terminal device sent by the capability management device, where the random ID of the terminal device is used as an identity keyword of the terminal device; or in response to that the other device is a security device, the receiving module is further configured to receive a random ID of the terminal device sent by the security device, where the random ID of the terminal device is used as an identity key of the terminal device.
In a possible implementation manner, the third packet further includes an IP address of the terminal device, and the IP address of the terminal device is used as an identity keyword of the terminal device.
In a possible implementation manner, the third packet further includes a local certificate of the terminal device, and the user information in the local certificate of the terminal device is used as the identity keyword of the terminal device.
In one possible implementation, the CSB detection function that the terminal device has includes at least one of an IPS detection function, an AV detection function, a URL detection function, an AIE detection function, or an SA detection function.
In one possible implementation, the apparatus further includes: the request module is used for sending a login request to the safety equipment, wherein the login request comprises user information; receiving an authentication result sent by the safety equipment based on the user information, wherein the authentication result is used for indicating whether the terminal equipment successfully logs in; and responding to the successful login of the terminal equipment, and the supply module executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
In one possible implementation, the apparatus further includes: the request module is used for sending a login request to the login authentication equipment, and the login request comprises user information; receiving an authentication result sent by the login authentication equipment based on the user information, wherein the authentication result is used for indicating whether the terminal equipment successfully logs in; and responding to the successful login of the terminal equipment, and the supply module executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
In one possible implementation, the apparatus further includes: the request module is used for sending a login request to the login authentication equipment, wherein the login request comprises a local certificate of the terminal equipment; receiving an authentication result sent by the login authentication device based on a local certificate of the terminal device, wherein the authentication result is used for indicating whether the terminal device successfully logs in; and responding to the successful login of the terminal equipment, and the supply module executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
In a fifth aspect, a message processing device is provided, where the message processing device includes: a processor coupled to the memory, wherein the memory stores at least one program instruction or code, and the at least one program instruction or code is loaded and executed by the processor to enable the message processing apparatus to implement the message processing method according to any one of the first aspect or the second aspect.
In a sixth aspect, a message processing system is provided, which includes: the security device is configured to execute the message processing method according to the first aspect or the first aspect, and the terminal device is configured to execute the message processing method according to the second aspect or the second aspect.
In a seventh aspect, a computer-readable storage medium is provided, in which at least one program instruction or code is stored, and the program instruction or code is loaded by a processor and executed to make a computer implement the message processing method according to any one of the first aspect and the second aspect.
In an eighth aspect, there is provided a computer program product comprising a computer program which, when executed by a computer, causes the computer to implement the message processing method of any one of the first or second aspects.
In a ninth aspect, there is provided a communication apparatus, the apparatus comprising: a transceiver, a memory, and a processor. Wherein the transceiver, the memory and the processor communicate with each other via an internal connection path, the memory is configured to store instructions, and the processor is configured to execute the instructions stored by the memory to control the transceiver to receive signals and control the transceiver to transmit signals, and when the processor executes the instructions stored by the memory, to cause the processor to perform the method of the first aspect or any of the possible embodiments of the first aspect, or to perform the method of the second aspect or any of the possible embodiments of the second aspect.
In one possible implementation, the processor is one or more, and the memory is one or more.
In one possible implementation, the memory may be integrated with the processor or provided separately from the processor.
In a specific implementation process, the memory may be a memory, for example, a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately disposed on different chips.
In a tenth aspect, a chip is provided, which includes a processor, and is configured to invoke and execute instructions stored in a memory, so that a communication device in which the chip is installed executes a method in the first aspect or any one of the possible embodiments of the first aspect, or executes a method in the second aspect or any one of the possible embodiments of the second aspect.
In an eleventh aspect, there is provided another chip comprising: an input interface, an output interface, a processor and a memory, which are connected by an internal connection path, wherein the processor is configured to execute code in the memory, and wherein the processor is configured to perform the method of the first aspect or any of the possible embodiments of the first aspect or the second aspect or any of the possible embodiments of the second aspect when the code is executed.
Drawings
Fig. 1 is a schematic view of an implementation scenario of a message processing method according to an embodiment of the present application;
fig. 2 is a flowchart of a message processing method according to an embodiment of the present application;
fig. 3 is a schematic process diagram of a message processing method according to an embodiment of the present application;
fig. 4 is a flowchart of another message processing method according to an embodiment of the present application;
fig. 5 is a flowchart of another message processing method according to an embodiment of the present application;
fig. 6 is a schematic diagram illustrating a local certificate of a verification terminal device according to an embodiment of the present application;
fig. 7 is a flowchart of another message processing method according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a message processing apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of another message processing apparatus according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a message processing apparatus according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of another message processing device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, the following detailed description of the embodiments of the present application will be made with reference to the accompanying drawings.
In the field of communication technology, security devices perform a CSB detection function on messages sent from an external network to an internal network to ensure the safe operation of devices in the internal network. The embodiment of the application provides a message processing method, which can be applied to the implementation scenario shown in fig. 1. As shown in fig. 1, the implementation scenario includes a secure device 101, terminal devices 102A to 102C (collectively referred to as terminal devices 102), and a server 103. Optionally, the implementation scenario further includes a capability management device 104 and a login authentication device 105.
The security device 101 is deployed at the boundary between an external network and an internal network, the terminal device 102 is deployed in the internal network, and the server 103 is deployed in the external network. The information interaction between the security device 101 and the terminal device 102, the information interaction between the security device 101 and the server 103, the information interaction between the security device 101 and the capability management device 104, and the information interaction between the security device 101 and the login authentication device 105 can be performed; information interaction can be performed between the terminal device 102 and the capability management device 104, and information interaction can be performed between the terminal device 102 and the login authentication device 105. It should be noted that fig. 1 only shows information interaction between the terminal device 102C and the capacity management device 104 and the login authentication device 105, and information interaction between the terminal device 102A and the terminal device 102B and the capacity management device 104 and the login authentication device 105 is not shown in fig. 1, but the implementation scenario is not limited.
Illustratively, the security device 101 includes, but is not limited to, a security gateway device, a firewall, and the like, the terminal device 102 includes, but is not limited to, a smartphone, a desktop computer, a laptop computer, a tablet computer, and the like, and the server 103, the capability management device 104, and the login authentication device 105 may be servers. In the implementation scenario shown in fig. 1, the number of each device is only the number illustrated in the embodiment of the present application, and the embodiment of the present application does not limit this.
With reference to the implementation scenario shown in fig. 1, a message processing method provided in the embodiment of the present application is shown in fig. 2, and the message processing method includes, but is not limited to, steps 200 to 205. Steps 201 to 203 are processes of executing message processing by the security device side, and steps 200, 204 and 205 are processes of executing message processing by the terminal device side. Next, the message processing method will be described with reference to fig. 2.
Step 200, the terminal device provides the CSB detection function information corresponding to the terminal device to other devices.
The CSB detection function information corresponding to the terminal device is used for indicating the CSB detection function of the terminal device.
Illustratively, the CSB detection function that the terminal device has includes at least one of an Intrusion Prevention System (IPS) detection function, an anti-virus (AV) detection function, a Uniform Resource Locator (URL) detection function, an Artificial Intelligence Engine (AIE) detection function, or a Service Awareness (SA) detection function.
In a possible implementation manner, the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, which includes but is not limited to the following two manners.
In the first mode, the terminal device provides the CSB detection function information corresponding to the terminal device to the capability management device.
Illustratively, the providing, by the terminal device, the CSB detection function information corresponding to the terminal device to the other device includes: and the terminal equipment sends a third message to the capacity management equipment, wherein the third message carries CSB detection function information corresponding to the terminal equipment, and the capacity management equipment is used for storing the CSB detection function information corresponding to the terminal equipment.
The above-mentioned "third message" and the following "first message", "second message" and other messages do not represent a sequential relationship, but are used to distinguish different messages, and the following description refers to the first, second, etc. to distinguish different information, data, requests, messages, etc.
For example, the third message is a message transmitted based on a hypertext transfer protocol over secure socket layer (HTTPS), and the CSB detection function information corresponding to the terminal device is carried in a small data (Cookie ) or a URL parameter or an HTTPS header field (authorization) or an HTTPS custom field on the user local terminal of the third message. If the third message is a message transmitted based on HTTPS, the third message may be a message transmitted through an encrypted communication channel. For another example, the third message is a message transmitted based on a hypertext transfer protocol (HTTP), and the CSB detection function information of the terminal device is carried in a Cookie, or an HTTP header field, or an HTTP custom field of the third message. For another example, the third message is a message transmitted based on a File Transfer Protocol (FTP), and the CSB detection function information of the terminal device is carried in an FTP redundant field or a custom field of the FTP of the third message.
Because the third message can be transmitted based on a plurality of transmission protocols, the method has more flexible mode for transmitting the third message. For a third packet transmitted based on one transmission protocol, the third packet may carry the CSB detection function information corresponding to the terminal device in multiple ways, and the way in which the third packet carries the CSB detection function information corresponding to the terminal device is flexible.
Illustratively, the step of the terminal device providing the CSB detection function information corresponding to the terminal device to the capability management device corresponds to the related content of the capability management performed by the terminal device and the capability management device shown in fig. 3.
And in the second mode, the terminal equipment provides the CSB detection function information corresponding to the terminal equipment to the safety equipment.
In a possible implementation manner, the providing, by the terminal device, the CSB detection function information corresponding to the terminal device to the other device includes: and the terminal equipment sends a second message to a server of the external network, wherein the second message is used for requesting to acquire resources provided by the server of the external network, and the second message carries CSB detection function information corresponding to the terminal equipment. The second message can be intercepted by the security device, so that the security device can acquire the CSB detection function information corresponding to the terminal device carried by the second message.
It should be noted that the manner in which the terminal device sends the second packet to the server of the external network and the manner in which the second packet carries the CSB detection function information corresponding to the terminal device are similar to the principle of the related process in the above-mentioned manner one, and details are not described here again.
When no capacity management device is deployed at the boundary between the external network and the internal network and only one security device is deployed, when the terminal device sends a request message (i.e., a second message) for requesting to acquire a resource provided by a server of the external network, the terminal device may directly multiplex the second message to send CSB detection function information corresponding to the terminal device, and the security device may acquire the CSB detection function information corresponding to the terminal device based on the message. The method improves the efficiency of the security device for acquiring the CSB detection function information corresponding to the terminal device. In addition, the second message can be transmitted based on a plurality of transmission protocols, so that the method for transmitting the second message is flexible. For a second packet transmitted based on one transmission protocol, the second packet may carry the CSB detection function information corresponding to the terminal device in multiple ways, and the way in which the second packet carries the CSB detection function information corresponding to the terminal device is flexible.
In another possible implementation manner, the providing, by the terminal device, the CSB detection function information corresponding to the terminal device to the other device includes: and the terminal equipment sends a third message to the safety equipment, wherein the third message carries the CSB detection function information corresponding to the terminal equipment, and the safety equipment is used for storing the CSB detection function information corresponding to the terminal equipment.
It should be noted that a manner in which the terminal device sends the third packet to the security device and a manner in which the third packet carries the CSB detection function information corresponding to the terminal device are similar to the principle of the related contents in the first manner, and are not described herein again. In addition, no matter the CSB detection function information corresponding to the terminal device is sent to the safety device in the second message mode or the CSB detection function information corresponding to the terminal device is sent to the safety device in the third message mode, the safety device can store the received CSB detection function information corresponding to the terminal device, so that the CSB detection function information corresponding to the terminal device can be directly obtained from the local place when the safety device detects in the subsequent process, and the detection efficiency is further improved.
Because the terminal device can provide the CSB detection function information corresponding to the terminal device in different manners, the manner of providing the CSB detection function information corresponding to the terminal device in the embodiment of the present application is flexible.
Illustratively, the CSB detection function information corresponding to the terminal device is represented by binary digits.
For example, for any CSB detection function, 00 indicates that the CSB detection function that the terminal device has does not include the detection function, and 01 indicates that the CSB detection function that the terminal device has includes the detection function. Illustratively, the CSB detection function information corresponding to the terminal device may be represented by the following manner a or manner B.
In the mode A, the CSB detection function information corresponding to the terminal equipment is represented by a binary number.
Illustratively, CSB detection function information corresponding to the terminal device is denoted by xxxxxxxxxx, where, starting from the right, the 0 th and 1 st bits are used to indicate whether an IPS detection function is included, the 2 nd and 3 rd bits are used to indicate whether an AV detection function is included, the 4 th and 5 th bits are used to indicate whether a URL detection function is included, the 6 th and 7 th bits are used to indicate whether an AIE detection function is included, and the 8 th and 9 th bits are used to indicate whether an SA detection function is included. For example, if the CSB detection function of the terminal device includes an IPS detection function, an AV detection function, and an AIE detection function, the CSB detection function information corresponding to the terminal device is represented as 0001000101.
And in the mode B, the CSB detection function information corresponding to the terminal equipment is represented by a binary array.
Illustratively, the CSB detection function information corresponding to the terminal device can be represented by binary number group [ a, B, C, D, E ], where A, B, C, D, E are used to indicate one detection function and are represented by binary numbers. Illustratively, a is used to indicate an IPS detection function, a is denoted xx, where xx is 00 denotes no IPS detection function and xx is 01 denotes an IPS detection function. Similarly, B indicates an AV detection function, C indicates a URL detection function, D indicates an AIE detection function, and E indicates an SA detection function. For example, the CSB detection function that the terminal device has includes an IPS detection function and an AV detection function, and the CSB detection function information corresponding to the terminal device is represented as [01, 01, 00, 00, 00].
The CSB detection function information corresponding to the terminal device may be expressed in other manners, and the manner of expressing the CSB detection function information corresponding to the terminal device is only the manner of expressing the CSB detection function information by way of example in the embodiment of the present application, and the embodiment of the present application is not limited thereto.
In one possible implementation, the method further includes: in response to a change in the CSB detection function of the terminal device, the terminal device sends the changed CSB detection function information corresponding to the terminal device to the device storing the CSB detection function information corresponding to the terminal device, so that the device storing the CSB detection function information corresponding to the terminal device updates the stored CSB detection function information corresponding to the terminal device. Illustratively, the sending, by the terminal device, the changed CSB detection function information corresponding to the terminal device to the device storing the CSB detection function information corresponding to the terminal device includes: the terminal device sends all CSB detection function information to the device storing the CSB detection function information corresponding to the terminal device, or sends differential CSB detection function information to the device storing the CSB detection function information corresponding to the terminal device, wherein the differential CSB detection function information is the CSB detection function information determined according to the CSB detection function before change and the CSB detection function after change.
For example, the capability management device stores CSB detection function information corresponding to the terminal device, and the terminal device transmits all CSB detection function information to the capability management device, or transmits differentiated CSB detection function information to the capability management device.
In one possible implementation, the method further includes: the terminal device periodically sends the CSB detection function information corresponding to the terminal device to the device storing the CSB detection function information corresponding to the terminal device, so that the device storing the CSB detection function information corresponding to the terminal device updates the stored CSB detection function information corresponding to the terminal device. For example, when a device storing the CSB detection function information corresponding to the terminal device requests the terminal device, the terminal device may send the CSB detection function information corresponding to the terminal device to the device storing the CSB detection function information corresponding to the terminal device.
In a possible implementation manner, after the terminal device provides the CSB detection function information corresponding to the terminal device to another device, the method further includes: and the terminal equipment receives a first result or a second result sent by the other equipment, wherein the first result is used for indicating the other equipment to successfully store the CSB detection function information corresponding to the terminal equipment, and the second result is used for indicating the other equipment to unsuccessfully store the CSB detection function information corresponding to the terminal equipment.
For example, the terminal device provides the CSB detection function information corresponding to the terminal device to the capability management device, and the terminal device receives the first result or the second result sent by the capability management device.
In the two manners of providing, by the terminal device, the CSB detection function information corresponding to the terminal device to the other device, because the CSB detection function information corresponding to the terminal device is stored in the capability management device or the security device, when the security device intercepts the second message sent by the terminal device and used for requesting to acquire the resource provided by the server of the external network, the second message may include the identity keyword of the terminal device, so that the security device can acquire the CSB detection function information corresponding to the terminal device based on the identity keyword of the terminal device. Next, a case where the capacity management device stores the CSB detection function information corresponding to the terminal device and a case where the security device stores the CSB detection function information corresponding to the terminal device will be described.
In case a, the capability management device stores CSB detection function information corresponding to the terminal device.
Exemplarily, after the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: and the terminal equipment sends a second message to the server of the external network, wherein the second message is used for requesting to acquire the resource provided by the server of the external network. The second message comprises an identity keyword of the terminal equipment, and the identity keyword is used for acquiring a CSB detection function of the terminal equipment. It should be noted that the second message can be intercepted by the security device, so that the security device obtains the identity keyword of the terminal device carried in the second message.
Illustratively, the identity key includes at least one of a random identity number (ID), an Internet Protocol (IP) address, or user information in a local certificate.
For example, after responding that the other device is a capability management device, that is, the terminal device provides the CSB detection function information corresponding to the terminal device to the capability management device, and the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: and the terminal equipment receives the random ID of the terminal equipment sent by the capacity management equipment, and the random ID of the terminal equipment is used as an identity key word of the terminal equipment. The random ID of the terminal device may be a random ID generated by the capability management device. For another example, the third packet further includes an IP address of the terminal device, and the IP address of the terminal device is used as an identity key of the terminal device. For another example, the third packet further includes a local certificate of the terminal device, and the user information in the local certificate of the terminal device is used as the identity key of the terminal device.
For example, if the terminal device receives the random ID of the terminal device sent by the capability management device, as shown in fig. 3, the terminal device may store the random ID as the identity key of the terminal device.
And in case B, the security device stores the CSB detection function information corresponding to the terminal device.
Exemplarily, after the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: and the terminal equipment sends a second message to a server of the external network, wherein the second message is used for requesting to acquire resources provided by the server of the external network, the second message comprises an identity keyword of the terminal equipment, and the identity keyword is used for acquiring a CSB detection function which the terminal equipment has. It should be noted that the second message can be intercepted by the security device, so that the security device obtains the identity keyword of the terminal device carried in the second message.
In case B, the identity key comprises at least one of a random ID, an IP address, or user information in a local certificate, in the same principle as described above in case a.
For example, after responding that the other device is a security device, that is, the terminal device provides the security device with the CSB detection function information corresponding to the terminal device, and the terminal device provides the other device with the CSB detection function information corresponding to the terminal device, the method further includes: and the terminal equipment receives the random ID of the terminal equipment sent by the safety equipment, wherein the random ID of the terminal equipment is used as the identity key word of the terminal equipment. The random ID of the terminal device may be a random ID generated by the security device. For another example, the third packet further includes an IP address of the terminal device, and the IP address of the terminal device is used as an identity key of the terminal device. For another example, the third message further includes a local certificate of the terminal device, and the user information in the local certificate of the terminal device is used as the identity key of the terminal device.
For example, if the terminal device receives the random ID of the terminal device sent by the security device, as shown in fig. 3, the terminal device may store the random ID as the identity key of the terminal device.
It should be noted that, in the embodiment of the present application, the manner of carrying the identity keyword of the terminal device in the second message, the manner of carrying the IP address of the terminal device in the third message, and the manner of carrying the local certificate of the terminal device in the third message are not limited.
In the embodiment of the application, the types of the identity keywords of the terminal equipment are flexible. Moreover, the identity keyword of the terminal device can include various types of information, and the accuracy of acquiring the CSB detection function of the terminal device according to the identity keyword of the terminal device is high.
Step 201, the security device intercepts a first message sent by an external network to an internal network.
Illustratively, the first message is used for carrying resources provided by a server of the external network to a terminal device of the internal network.
In a possible implementation manner, the first message is used to carry a resource provided by a server of the external network according to a request of a terminal device of the internal network. For example, in the implementation scenario shown in fig. 1, the security device 101 intercepts a first message sent by an external network to an internal network, where the first message is used to carry a resource provided by the server 103 of the external network according to a request of the terminal device 102C of the internal network.
In another possible implementation manner, the first message is used to carry a resource that a server of an external network actively provides to a terminal device of an internal network. For example, in the implementation scenario shown in fig. 1, the terminal device 102C of the internal network does not request to acquire the resource provided by the server of the external network, and the security device 101 intercepts a first message sent by the external network to the internal network, where the first message carries the resource actively provided by the server 103 of the external network to the terminal device 102C of the internal network.
Illustratively, the terminal device is a device which completes login authentication, and the login authentication mode includes any one of local authentication, server authentication or certificate authentication. The process related to the login authentication of the terminal device is referred to below, and will not be described herein for the moment.
Step 202, the security device determines a to-be-executed CSB detection function corresponding to the first packet.
In one possible implementation, the CSB detection function to be performed includes: at least one of an IPS detection function, an AV detection function, a URL detection function, an AIE detection function, or an SA detection function.
Illustratively, the security device stores a plurality of CSB detection policies, wherein each CSB detection policy corresponds to a resource type, and each CSB detection policy includes at least one CSB detection function. The method for determining the CSB detection function to be executed corresponding to the first message by the security device includes: the security device obtains a resource type of a resource carried by the first message, searches a CSB detection strategy corresponding to the resource type according to the resource type, and determines a CSB detection function included in the CSB detection strategy as a to-be-executed CSB detection function corresponding to the first message.
Optionally, the resource types include, but are not limited to: a portable document format (pdf) file, a document (doc) file, a text (text,. Txt) file, a Graphics Interchange Format (GIF) file, an executable file (exe) file, a dynamic link library (dll) file, and the like. Of course, resource types can also be a broader category, such as exe files and dll files being categorized into Portable Executable (PE) files, joint Photographic Experts Group (JPEG) files, bitmap (BMP) and GIF files being categorized as image files, and so on.
Optionally, after the security device intercepts the first message, the security device determines the resource type of the resource borne by the first message according to data in the file content borne by the first message, for example, a feature word in a file header, or according to a suffix name of a resource name in a URL in an acquisition request (i.e., a second message) sent by the terminal device that is cached before, or in another manner.
Step 203, in response to that the terminal device has the first CSB detection function, the security device omits to execute the first CSB detection function on the first packet before forwarding the first packet to the terminal device.
The first CSB detection function is all or part of the CSB detection functions to be executed corresponding to the first packet. Illustratively, the security device omitting the first CSB detection function from being performed on the first packet according to the situation of the function included in the first CSB detection function includes the following cases 1 and 2.
In case 1, the first CSB detection function is all functions of the to-be-executed CSB detection function corresponding to the first packet.
For the case 1, in response to that the first CSB detection function is all the functions in the to-be-executed CSB detection function corresponding to the first packet, that is, the terminal device can independently complete all the CSB detection functions for the first packet, the security device may omit the CSB detection process for the first packet, and directly forward the first packet to the terminal device. In case 1, resources consumed by the security device for performing CSB detection can be saved.
In case 2, the first CSB detection function is a partial function of the to-be-executed CSB detection function corresponding to the first packet.
For the case 2, since the first CSB detection function is a part of the CSB detection functions to be executed corresponding to the first packet, it means that the terminal device cannot independently complete all the CSB detection functions for the first packet, and thus, the CSB detection functions need to be completed together with the security device. Therefore, in case 2, before the security device forwards the first packet to the terminal device, the method further includes: the security device executes a second CSB detection function on the first message, wherein the second CSB detection function is a function except the first CSB detection function in the CSB detection functions to be executed corresponding to the first message.
For example, the to-be-executed CSB detection function corresponding to the first packet includes an IPS detection function, an AV detection function, and an AIE detection function, and the terminal device has a first CSB detection function, where the first CSB detection function includes: IPS test function and AV test function. The second CSB detection function comprises an AIE detection function and the security device performs the AIE detection function on the first packet.
Illustratively, the process of step 203 corresponds to the manner of determining the CSB detection function performed on the first packet and the related content of performing the CSB detection function shown in fig. 3.
Exemplarily, if the first message is a message actively sent by a server of an external network to a terminal device of an internal network, after determining the to-be-executed CSB detection function corresponding to the first message, the security device executes all the to-be-executed CSB detection functions by default.
In a possible implementation manner, after the security device performs the second CSB detection function on the first packet, the method further includes: obtaining a detection result of the security device executing a second CSB detection function on the first message; and responding to the security detection result, and forwarding the first message to the terminal equipment by the security equipment. Illustratively, in response to that the second CSB detection function includes at least one detection function, the detection result of the security device performing the at least one detection function on the first packet is safe, and the detection result of the security device performing the second CSB detection function on the first packet is safe.
In a possible implementation manner, after obtaining a detection result of the security device executing the second CSB detection function on the first packet, the method further includes: and responding to the detection result that the security device executes the second CSB detection function on the first message as danger, and not forwarding the first message to the terminal device by the security device. Illustratively, in response to that the second CSB detection function includes at least one detection function, among detection results obtained by the security device executing the at least one detection function on the first packet, at least one detection result is dangerous, and a detection result obtained by the security device executing the second CSB detection function on the first packet is dangerous.
Optionally, the method further includes a process of acquiring, by the security device, a CSB detection function that the terminal device has. For example, before the security device intercepts a first message sent by an external network to an internal network in step 201, the method further includes the following steps 1-1 and 1-2.
Step 1-1, the security device intercepts a second message sent by the terminal device, and the second message is used for requesting to acquire resources provided by a server of an external network.
The second message is, for example, the request message in the foregoing to request to acquire the resource provided by the server of the external network.
In a possible implementation manner, the second message includes an identity keyword of the terminal device. In another possible implementation manner, the second packet carries CSB detection function information corresponding to the terminal device. It should be noted that the type of the identity keyword of the terminal device, the representation manner of the CSB detection function information corresponding to the terminal device, and the manner in which the second packet carries the CSB detection function information corresponding to the terminal device are the same as the principle of the related content in the foregoing, and are not described here again.
And step 1-2, based on the second message, the security equipment acquires the CSB detection function of the terminal equipment.
Illustratively, based on the second message, the security device obtains the CSB detection function that the terminal device has, including but not limited to the following two ways.
In the mode 1, for the condition that the second message includes the identity keyword of the terminal device, the security device obtains the identity keyword of the terminal device included in the second message by analyzing the second message; and the safety equipment acquires the CSB detection function of the terminal equipment according to the identity key words of the terminal equipment.
In a possible implementation manner, the acquiring, by the security device, the CSB detection function that the terminal device has according to the identity keyword of the terminal device includes: the method comprises the steps that safety equipment sends a query request to capacity management equipment, the capacity management equipment stores CSB detection function information corresponding to terminal equipment, the query request carries identity keywords of the terminal equipment, and the CSB detection function information corresponding to the terminal equipment is used for indicating a CSB detection function of the terminal equipment; and the receiving capacity management equipment responds to the CSB detection function information corresponding to the terminal equipment sent by the inquiry request, and determines the CSB detection function of the terminal equipment according to the CSB detection function information.
Illustratively, when the secure device sends the query request to the capability management device, the query request is sent to the capability management device based on HTTP, HTTPs, or Application Programming Interface (API). It should be noted that the security device may also send the query request to the capability management device based on another public protocol or a private protocol, which is not limited in this embodiment of the present application.
In another possible implementation manner, the acquiring, by the security device, the CSB detection function that the terminal device has according to the identity keyword of the terminal device includes: the safety equipment inquires the corresponding relation between the identity key words stored in the safety equipment and the CSB detection function according to the identity key words of the terminal equipment, and obtains the CSB detection function corresponding to the identity key words of the terminal equipment. Illustratively, as shown in fig. 3, the security device stores a correspondence of an identity key and a CSB detection function. The correspondence between the identity keywords stored in the security device and the CSB detection function includes a plurality of identity keywords and a CSB detection function corresponding to each identity keyword. Therefore, the security device can obtain the CSB detection function corresponding to the identity keyword of the terminal device in the correspondence between the identity keyword and the CSB detection function by querying the correspondence between the identity keyword and the CSB detection function according to the identity keyword of the terminal device.
In the mode 2, for the condition that the second message carries the CSB detection function information corresponding to the terminal device, the security device obtains the CSB detection function information corresponding to the terminal device carried by the second message by analyzing the second message; and the safety equipment determines the CSB detection function of the terminal equipment according to the CSB detection function information corresponding to the terminal equipment carried by the second message.
The method includes, but is not limited to, acquiring, by the security device, the CSB detection function information corresponding to the terminal device carried in the second packet by analyzing the second packet according to the type of the second packet.
In case one, the second packet is a packet transmitted based on HTTPS. That is, the second message is a message of the HTTPS protocol.
Exemplarily, if the CSB detection function information corresponding to the terminal device is carried in a Cookie of the second packet, the security device analyzes the second packet and obtains the CSB detection function information corresponding to the terminal device carried in the Cookie; if the CSB detection function information corresponding to the terminal equipment is carried in the URL parameter of the second message, the safety equipment analyzes the second message and acquires the CSB detection function information corresponding to the terminal equipment carried in the URL parameter; if the CSB detection function information corresponding to the terminal equipment is carried in the HTTPS header field of the second message, the security equipment analyzes the second message and acquires the CSB detection function information corresponding to the terminal equipment carried in the HTTPS header field; if the CSB detection function information corresponding to the terminal equipment is carried in the HTTPS custom field of the second message, the security equipment analyzes the second message and acquires the CSB detection function information corresponding to the terminal equipment carried in the HTTPS custom field.
In case two, the second message is a message transmitted based on HTTP. That is, the second message is a message of the HTTP protocol.
Exemplarily, if the CSB detection function information corresponding to the terminal device is carried in a Cookie of the second packet, the security device analyzes the second packet and obtains the CSB detection function information corresponding to the terminal device carried in the Cookie; if the CSB detection function information corresponding to the terminal equipment is carried in the HTTP header field of the second message, the security equipment analyzes the second message and acquires the CSB detection function information corresponding to the terminal equipment carried in the HTTP header field; if the CSB detection function information corresponding to the terminal equipment is carried in the HTTP self-defined field of the second message, the safety equipment analyzes the second message and acquires the CSB detection function information corresponding to the terminal equipment carried in the HTTP self-defined field.
And in case three, the second message is a message based on FTP transmission. I.e. the second message is a message of the FTP protocol.
Exemplarily, if the CSB detection function information corresponding to the terminal device is carried in the FTP redundant field of the second packet, the security device analyzes the second packet, and obtains the CSB detection function information corresponding to the terminal device carried in the FTP redundant field; and if the CSB detection function information corresponding to the terminal equipment is carried in the FTP custom field of the second message, the security equipment analyzes the second message and acquires the CSB detection function information corresponding to the terminal equipment carried in the FTP custom field.
No matter which of the three cases obtains the CSB detection function information corresponding to the terminal device, after obtaining the CSB detection function information corresponding to the terminal device, the security device determines the CSB detection function that the terminal device has according to the CSB detection function information corresponding to the terminal device carried in the second message.
Illustratively, the step of the security device acquiring the CSB detection function that the terminal device has based on the second packet corresponds to identifying the second packet and acquiring the relevant content of the CSB detection function that the terminal device has, as shown in fig. 3.
Because the security device acquires the CSB detection function that the terminal device has, the security device can determine which CSB detection functions of the to-be-executed CSB detection functions corresponding to the first packet are the CSB detection functions that the terminal device has, and which CSB detection functions are the CSB detection functions that the terminal device does not have. That is, the security device can determine the first CSB detection function and the second CSB detection function of the CSB detection functions to be performed.
Exemplarily, after the security device determines the to-be-executed CSB detection function corresponding to the first packet, the method further includes: and the safety equipment determines that the terminal equipment has the first CSB detection function according to the CSB detection function of the terminal equipment and the CSB detection function to be executed corresponding to the first message. For example, the to-be-executed CSB detection function corresponding to the first packet includes an IPS detection function, an AV detection function, and a URL detection function, and the CSB detection function that the terminal device has includes the URL detection function and the AIE detection function, the security device determines that the terminal device has the first CSB detection function, where the first CSB detection function includes the URL detection function.
Next, with continuing reference to fig. 2, the method provided by the embodiment of the present application includes step 204.
Step 204, the terminal device receives a first message sent by the security device.
The security device is deployed at a boundary between an external network and an internal network, the first message is used for bearing resources provided by a server of the external network according to a request of the terminal device, the first message is a message in which the security device does not execute a first CSB detection function, and the CSB detection function which the terminal device has includes the first CSB detection function.
Exemplarily, in the implementation scenario shown in fig. 1, the to-be-executed CSB detection function corresponding to the first packet includes an IPS detection function, an AV detection function, a URL detection function, an AIE detection function, and an SA detection function; the CSB detection function that the terminal apparatus 102B has includes an IPS detection function, an AV detection function, and an AIE detection function, which are respectively the same as those included in the CSB detection function that the security apparatus 101 has. The first CSB detection function includes an IPS detection function, an AV detection function, and an AIE detection function, and the second CSB detection function includes a URL detection function and an SA detection function. The terminal device 102B receives a first packet sent by the security device 101, where the first packet is a packet in which the security device 101 performs the URL detection function and the SA detection function, and does not perform the IPS detection function, the AV detection function, and the AIE detection function.
Step 205, the terminal device executes the first CSB detection function on the first packet.
In a possible implementation manner, the terminal device executes the CSB detection function that the terminal device has on the first packet. In other words, the terminal device executes all CSB detection functions that the terminal device has by default on the received message.
In a possible implementation manner, before the terminal device performs the first CSB detection function on the first packet, the method further includes: the terminal equipment determines a CSB detection function to be executed corresponding to the first message, and determines the first CSB detection function according to the CSB detection function to be executed corresponding to the first message and the CSB detection function to be executed corresponding to the first message.
Illustratively, the terminal device stores a plurality of CSB detection policies, where each CSB detection policy corresponds to a resource type, and each CSB detection policy includes at least one CSB detection function. The method for determining the CSB detection function to be executed corresponding to the first message by the terminal device includes: the terminal equipment obtains the resource type of the resource carried by the first message, searches a CSB detection strategy corresponding to the resource type according to the resource type, and determines the CSB detection function included in the CSB detection strategy as a to-be-executed CSB detection function corresponding to the first message. Illustratively, the CSB detection policy stored by the end device is the same as the CSB detection policy stored by the security device in step 202.
Exemplarily, after determining the first CSB detection function, the terminal device performs an operation of performing the first CSB detection function on the first packet.
In another possible implementation manner, before the terminal device performs the first CSB detection function on the first packet, the method further includes: the terminal equipment receives indication information sent by the safety equipment, wherein the indication information is used for indicating a first CSB detection function; and the terminal equipment acquires the first CSB detection function according to the indication information and executes the operation of executing the first CSB detection function on the first message.
Exemplarily, before the terminal device performs the first CSB detection function on the first packet, the method further includes: the terminal equipment detects whether the received first message is a part of a message (which can also be data or a file) transmitted by adopting a segmented transmission mode; responding to the first message being a part of the message transmitted by the segmentation, the terminal equipment splices a plurality of first messages to obtain a spliced message, and the terminal equipment executes a first CSB detection function on the spliced message. The embodiment of the present application is not limited to a manner in which the terminal device detects whether the first packet is a part of a packet transmitted in a segmented transmission manner, and a manner in which the terminal device splices a plurality of first packets.
In a possible implementation manner, before the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: the terminal device sends authentication information to the login authentication device so that the login authentication device performs login authentication on the terminal device joining the internal network based on the authentication information, and the login authentication mode includes any one of local authentication, server authentication or certificate authentication. The internal network may be accessed locally through the internal network hardware of the enterprise, or remotely through a Virtual Private Network (VPN). Next, the login authentication performed by the terminal device using the three login authentication methods will be described.
And in the first login authentication mode, the terminal equipment performs login authentication in a local authentication mode.
For example, if the security device has a function of a login authentication device, that is, the security device is a login authentication device, the terminal device may perform login authentication in a local authentication manner. Illustratively, before the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: the terminal equipment sends a login request to the safety equipment, wherein the login request comprises user information; and receiving an authentication result sent by the safety equipment based on the user information, wherein the authentication result is used for indicating whether the terminal equipment successfully logs in. The user information may include a user name and a password, among others.
And the terminal equipment performs login authentication in a server authentication mode.
For example, if the login authentication device is a security device or another device other than the terminal device, the terminal device may perform login authentication by means of server authentication.
In a possible implementation manner, before the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: the terminal equipment sends a login request to login authentication equipment, wherein the login request comprises user information; and receiving an authentication result sent by the login authentication device based on the user information, wherein the authentication result is used for indicating whether the terminal device successfully logs in. The user information may include a user name and a password, among others.
In another possible implementation manner, before the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: the method comprises the steps that terminal equipment sends a login request to safety equipment, wherein the login request comprises user information, and the login request is used for the safety equipment to send a login authentication request to login authentication equipment based on the login request so that the login authentication equipment can carry out login authentication on the terminal equipment based on the user information; and receiving an authentication result sent by the security device, wherein the authentication result is generated by the login authentication device based on the user information, and the authentication result is used for indicating whether the terminal device successfully logs in. The user information may include a user name and a password, among others.
And a third login authentication mode, wherein the terminal equipment performs login authentication in a certificate authentication mode.
The terminal equipment can perform login authentication in a certificate authentication mode no matter the login authentication equipment is the safety equipment or the safety equipment and other equipment except the terminal equipment. Exemplarily, before the terminal device provides the CSB detection function information corresponding to the terminal device to the other device, the method further includes: the terminal equipment sends a login request to login authentication equipment, wherein the login request comprises a local certificate of the terminal equipment; and receiving an authentication result sent by the login authentication device based on the local certificate of the terminal device, wherein the authentication result is used for indicating whether the terminal device successfully logs in. Because the terminal equipment can complete login authentication through different login authentication modes, the login authentication mode of the terminal equipment is flexible.
In addition, regardless of the login authentication method, in response to successful login of the terminal device, the terminal device performs an operation of providing the CSB detection function information corresponding to the terminal device to another device. Illustratively, the message processing method is not executed by the terminal device in response to the terminal device not successfully logging in. In addition, the local authentication, the server authentication and the certificate authentication are only login authentication methods exemplified in the embodiment of the present application, and the terminal device may perform login authentication by other login authentication methods, which is not limited in the embodiment of the present application.
Exemplarily, the step of the terminal device performing login authentication corresponds to the related content of the terminal device login authentication shown in fig. 3. As shown in fig. 3, if the login authentication device is a secure device or a device other than the terminal device, the secure device may perform login authentication to join the internal network. The login authentication mode includes any one of local authentication, server authentication or certificate authentication. Of course, the security device may also perform login authentication in other login authentication manners, which is not limited in this embodiment of the present application.
In the method provided by the embodiment of the present application, for a first packet sent to an internal network by an intercepted external network, when a terminal device has all or part of a to-be-executed CSB detection function corresponding to the first packet, the security device omits to execute all or part of the to-be-executed CSB detection function on the first packet, so that the device resource occupation of the security device when executing the CSB detection function can be reduced, thereby reducing the requirement for the performance of the security device when executing the CSB detection function. In addition, because the method reduces the occupation of the device resources for executing the CSB detection function, the unoccupied device resources of the security device can be used for executing other functions, and the performance of the security device is improved.
In addition, after the terminal device receives the first message sent by the security device, the terminal device can execute the first CSB detection function on the first message, so as to implement all CSB detections to be executed corresponding to the first message, thereby ensuring the security of the first message. In addition, the terminal equipment can splice the messages transmitted in segments and execute a first CSB detection function on the spliced messages. Since the segment-transmitted packet includes only a part of the content, performing the first CSB detection function on the segment-transmitted packet separately may not detect the threat. The terminal equipment splices the messages transmitted in segments, and executes a first CSB detection function on the spliced messages, so that the CSB detection effect is improved.
The following three scenarios are taken as examples to describe the message processing method provided in the embodiment of the present application.
In a first scenario, the terminal device is a device that performs login authentication through local authentication or server authentication, and the security device queries the capacity management device for a CSB detection function that the terminal device has.
In one possible implementation, the function of the login authentication device is integrated into the security device, i.e., the login authentication function is implemented by the security device. In another possible implementation, the login authentication function and the capability management function are implemented by the same device, i.e. the device is both a login authentication device and a capability management device. In another possible implementation manner, the login authentication function and the capability management function are implemented by two devices other than the security device, that is, the security device, the login authentication device, and the capability management device are different devices respectively.
For example, in the embodiment of the present application, a login authentication function is implemented by a login authentication device, and a capability management function is implemented by a capability management device, as shown in fig. 4, a message processing method provided in the embodiment of the present application includes, but is not limited to, steps 401 to 422.
Step 401, the terminal device sends a login request to the login authentication device, where the login request includes user information.
For example, the login request includes user information including a username and password.
Step 402, the login authentication device performs login authentication on the terminal device based on the user information.
Step 403, the login authentication device sends the authentication result to the terminal device.
The relevant contents of the local authentication and the server authentication in steps 401 to 403 can be referred to in the foregoing, and are not described herein again.
And step 404, responding to the authentication result that the authentication is passed, logging in the authentication device and sending user information to the security device.
Illustratively, the user information is used for login authentication of the terminal device through a local authentication mode. After the terminal device successfully logs in, step 405 is executed.
Step 405, the terminal device provides the CSB detection function information corresponding to the terminal device to the capability management device.
Step 406, the capability management device stores the CSB detection function information corresponding to the terminal device and the identity keyword of the terminal device.
Illustratively, the identity key of the terminal device includes a random ID of the terminal device. Illustratively, step 406 includes: the capacity management device stores CSB detection function information corresponding to the terminal device, and generates and stores a random ID of the terminal device.
Step 407, the capability management device sends the first result or the second result and the random ID of the terminal device to the terminal device.
In step 408, the terminal device stores the random ID of the terminal device.
It should be noted that, in steps 405 to 407, reference may be made to the foregoing content that the terminal device provides the relevant content of the CSB detection function information corresponding to the terminal device to the capability management device, and details are not described herein again.
Step 409, the terminal equipment sends a second message to a server of the external network.
The second message includes an identity keyword of the terminal device, and the second message is used for requesting to acquire a resource provided by a server of the external network.
Step 410, after intercepting the second message, the security device sends a query request to the capability management device.
Step 411, in response to the query request, the capability management device sends CSB detection function information corresponding to the terminal device to the security device.
In step 412, the security device forwards the second message to a server of the external network.
In response to the second message, the server of the external network sends the first message to the terminal device, step 413.
It should be noted that, the related contents of step 409 to step 413 in step 200 and step 201 can be referred to, and are not described herein again.
Step 414, after the security device intercepts the first packet, determining a to-be-executed CSB detection function corresponding to the first packet.
Step 415, the security device determines the CSB detection function that the terminal device has.
Responding to that the terminal device has the first CSB detection function, wherein the first CSB detection function is all the to-be-executed CSB detection functions corresponding to the first message, and executing step 416 and step 417; in response to that the terminal device has the first CSB detection function, which is a partial function of the to-be-executed CSB detection function corresponding to the first packet, performing steps 418 to 420; in response to the terminal device not having the first CSB detection function, steps 421 and 422 are performed.
Step 416, in response to that the terminal device has the first CSB detection function, where the first CSB detection function is all the functions of the CSB detection functions to be executed corresponding to the first packet, the security device sends the first packet to the terminal device.
Step 417, the terminal device executes the first CSB detection function on the first packet.
Step 418, in response to that the terminal device has the first CSB detection function, where the first CSB detection function is a partial function of the to-be-executed CSB detection functions corresponding to the first packet, the security device executes the second CSB detection function on the first packet, and the second CSB detection function is a function other than the first CSB detection function in the to-be-executed CSB detection functions corresponding to the first packet.
Step 419, in response to that the detection result of the security device executing the second CSB detection function on the first packet is security, the security device sends the first packet to the terminal device.
Step 420, the terminal device executes a first CSB detection function on the first packet.
Step 421, in response to that the terminal device does not have the first CSB detection function, the security device performs all the to-be-executed CSB detection functions on the first packet.
Step 422, in response to that the security device performs all the detection results of the CSB detection functions to be performed on the first packet as safe, the security device sends the first packet to the terminal device.
The related contents of step 414 to step 422 can be referred to in the foregoing description of step 202 and step 203, and are not described herein again.
And in a second scenario, the terminal device is a device performing login authentication through certificate authentication, and the security device queries a capacity management device about a CSB detection function of the terminal device.
In one possible implementation, the function of the login authentication device is integrated into the security device, i.e., the login authentication function is implemented by the security device. In another possible implementation, the login authentication function and the capability management function are implemented by the same device, i.e. the device is both a login authentication device and a capability management device. In another possible implementation manner, the login authentication function and the capability management function are implemented by two devices other than the security device, that is, the security device, the login authentication device, and the capability management device are different devices respectively.
For example, in the embodiment of the present application, a login authentication function is implemented by a security device, and a capability management function is implemented by a capability management device, as shown in fig. 5, a message processing method provided in the embodiment of the present application includes, but is not limited to, steps 501 to 521.
Step 501, the terminal device sends a login request to the security device, where the login request includes a local certificate of the terminal device.
Step 502, the security device performs login authentication on the terminal device based on the local certificate of the terminal device.
Illustratively, the security device performs login authentication on the terminal device based on the local certificate of the terminal device, including but not limited to step 1 to step 3.
Step 1, the safety equipment receives a local certificate of the terminal equipment sent by the terminal equipment.
Step 2, the secure device invokes a Certificate Authority (CA) certificate of the secure device.
And 3, the safety equipment verifies the local certificate of the terminal equipment based on the CA certificate of the safety equipment to obtain a verification result.
For example, as shown in fig. 6, the terminal device sends the local certificate of the terminal device to the security device; the security equipment calls a CA certificate of the security equipment, the CA certificate is stored in a certificate module of the security equipment, and the CA certificate is a certificate issued by CA; the safety equipment verifies a local certificate of the terminal equipment according to the CA certificate of the safety equipment; and the safety equipment sends the verification result to the terminal equipment.
In response to the verification result being authentic, the secure device adds user information, step 503.
Illustratively, the user information is used for login authentication of the terminal device through a local authentication mode. After the security device performs login authentication on the terminal device based on the local certificate of the terminal device, step 504 is performed.
Step 504, the security device sends the authentication result to the terminal device.
It should be noted that steps 501 to 504 correspond to the related contents of certificate authentication in the foregoing, and are not described herein again.
After the terminal device successfully logs in, step 505 is executed.
Step 505, the terminal device provides the CSB detection function information corresponding to the terminal device and the local certificate of the terminal device to the capability management device.
Illustratively, the local certificate includes user information, which is used as an identity key for the terminal device.
Step 506, the capacity management device stores the CSB detection function information corresponding to the terminal device and the identity keyword of the terminal device.
Illustratively, the identity key of the terminal device includes user information in the local certificate of the terminal device.
Step 507, the capability management device sends the first result or the second result to the terminal device.
It should be noted that, in steps 505 to 507, reference may be made to the foregoing description that the terminal device provides the relevant content of the CSB detection function information corresponding to the terminal device to the capability management device, and details are not described herein again.
Step 508, the terminal device sends the second message to a server of the external network.
The second message includes an identity keyword of the terminal device, and the second message is used for requesting to acquire a resource provided by a server of the external network.
In step 509, after intercepting the second packet, the security device sends a query request to the capability management device.
Step 510, in response to the query request, the capability management device sends CSB detection function information corresponding to the terminal device to the security device.
Step 511, the security device forwards the second packet to a server of the external network.
Step 512, in response to the second message, the server of the external network sends the first message to the terminal device.
It should be noted that, steps 508 to 512 can refer to the related contents of steps 200 and 201 in the foregoing, and are not described herein again.
Step 513, after the security device intercepts the first packet, determining a to-be-executed CSB detection function corresponding to the first packet.
And 514, the security device determines the CSB detection function of the terminal device.
Responding to the terminal device having the first CSB detection function, where the first CSB detection function is all the CSB detection functions to be executed corresponding to the first packet, and executing step 515 and step 516; responding to that the terminal equipment has a first CSB detection function, wherein the first CSB detection function is a part of the CSB detection function to be executed corresponding to the first message, and executing the steps 517 to 519; in response to the terminal device not having the first CSB detection function, steps 520 and 521 are performed.
Step 515, in response to that the terminal device has the first CSB detection function, where the first CSB detection function is all functions of the to-be-executed CSB detection function corresponding to the first packet, the security device sends the first packet to the terminal device.
In step 516, the terminal device performs a first CSB detection function on the first packet.
Step 517, responding to that the terminal device has a first CSB detection function, where the first CSB detection function is a partial function of the to-be-executed CSB detection functions corresponding to the first packet, and the security device executes a second CSB detection function on the first packet, where the second CSB detection function is a function other than the first CSB detection function in the to-be-executed CSB detection functions corresponding to the first packet.
Step 518, in response to that the detection result of the security device executing the second CSB detection function on the first packet is security, the security device sends the first packet to the terminal device.
In step 519, the terminal device performs a first CSB detection function on the first packet.
Step 520, in response to that the terminal device does not have the first CSB detection function, the security device performs all the to-be-executed CSB detection functions on the first packet.
Step 521, in response to that the detection result of the security device executing all the CSB detection functions to be executed on the first packet is safe, the security device sends the first packet to the terminal device.
Steps 513 to 521 are the same as the related content in steps 414 to 422 in the foregoing, and are not described herein again.
And in the third scenario, the security device acquires the CSB detection function information corresponding to the terminal device sent by the terminal device.
In one possible implementation, the functions of the capability management device are integrated in the security device, i.e. the capability management functions are implemented by the security device. For example, the terminal device remotely accesses the internal network, establishes Secure Socket Layer (SSL) connection with the secure device, and sends the second message to the server of the external network based on the HTTPS protocol. The message processing method provided in the embodiment of the present application is shown in fig. 7, and includes, but is not limited to, steps 701 to 718.
Step 701, the terminal device establishes SSL connection with the security device.
In one possible implementation manner, the terminal device authenticates the security device in a single direction, and in response to passing of the authentication, the terminal device establishes an SSL connection with the security device. In another possible implementation manner, the terminal device performs mutual authentication with the security device, and in response to the authentication passing, the terminal device establishes an SSL connection with the security device.
The authentication process mentioned above is similar to the related description of step 503 in fig. 5 or fig. 6, and the specific process refers to the related description of fig. 5 or fig. 6, and is not described in detail here.
No matter which mode is adopted to establish the SSL connection, an encrypted communication channel is established between the terminal equipment and the safety equipment through the SSL connection. Therefore, the security of the message transmission between the terminal device and the security device through the encrypted communication channel is higher.
Step 702, the terminal device sends a login request to the security device.
Step 703, the security device forwards the login request to the login authentication device.
Step 704, the login authentication device sends the authentication result of the terminal device to the security device.
Step 705, the security device forwards the authentication result to the terminal device.
In addition, the related contents of the server authentication in the foregoing steps 702 to 705 can be referred to, and are not described herein again.
It should be noted that, if the terminal device does not need to establish an SSL connection with the security device, the terminal device may perform login authentication through local authentication, server authentication, certificate authentication, or other login authentication methods. The steps of the login authentication of the terminal device may refer to the related contents of the login authentication manner in the foregoing, and are not described herein again.
After the terminal device successfully logs in, step 706 is executed.
Step 706, the terminal device sends the second message to a server of the external network.
The second message carries the CSB detection function information corresponding to the terminal device, and the second message is used to request to acquire a resource provided by a server of an external network.
And 707, after the security device intercepts the second packet, obtaining the CSB detection function information corresponding to the terminal device.
Step 708, the security device forwards the second message to a server of the external network.
Step 709, in response to the second message, the server of the external network sends the first message to the terminal device.
It should be noted that, the related contents of step 200 and step 201 in the foregoing can be referred to in steps 706 to 709, and are not described herein again.
Step 710, after the security device intercepts the first packet, determining a to-be-executed CSB detection function corresponding to the first packet.
Step 711, the security device determines the CSB detection function that the terminal device has.
In response to that the terminal device has the first CSB detection function, which is all the to-be-executed CSB detection functions corresponding to the first packet, step 712 and step 713 are executed; responding to the terminal device having the first CSB detection function, which is a part of the CSB detection function to be executed corresponding to the first packet, and executing steps 714 to 716; in response to the terminal device not having the first CSB detection function, steps 717 and 718 are performed.
Step 712, in response to the terminal device having the first CSB detection function, where the first CSB detection function is all the functions of the to-be-executed CSB detection function corresponding to the first packet, the security device sends the first packet to the terminal device.
Step 713, the terminal device performs a first CSB detection function on the first packet.
Step 714, in response to that the terminal device has the first CSB detection function, where the first CSB detection function is a partial function of the to-be-executed CSB detection functions corresponding to the first packet, the security device executes the second CSB detection function on the first packet, and the second CSB detection function is a function other than the first CSB detection function in the to-be-executed CSB detection functions corresponding to the first packet.
Step 715, in response to that the detection result of the security device performing the second CSB detection function on the first packet is security, the security device sends the first packet to the terminal device.
In step 716, the terminal device performs a first CSB detection function on the first packet.
Step 717, in response to that the terminal device does not have the first CSB detection function, the security device performs all the to-be-executed CSB detection functions on the first packet.
Step 718, in response to that the security device executes all the detection results of the CSB detection functions to be executed on the first packet as security, the security device sends the first packet to the terminal device.
Steps 710 to 718 are the same as those of steps 414 to 422 in the foregoing description, and are not repeated herein.
Fig. 8 is a schematic structural diagram of a message processing apparatus according to an embodiment of the present application, where the apparatus is applied to a security device, and the security device is the security device shown in fig. 2 to 5 and fig. 7. The message processing apparatus shown in fig. 8 can perform all or part of the operations performed by the security device based on the following modules shown in fig. 8. For example, the message processing apparatus having the structure shown in fig. 8 implements the function of the security device in the solutions described in the above embodiments. Optionally, the message processing apparatus is a function of the security device described in the embodiments related to fig. 2 to 5 and fig. 7, and can omit the function of performing the first CSB detection on the first message, and reduce the occupation of device resources when performing the CSB detection function, thereby reducing the requirement on performance for performing the CSB detection function. It should be understood that the apparatus may include more additional modules than those shown or omit some of the modules shown therein, which is not limited by the embodiments of the present application. As shown in fig. 8, the apparatus includes:
an acquiring module 801, configured to intercept a first message sent by an external network to an internal network, where the first message is used to carry a resource provided by a server of the external network according to a request of a terminal device of the internal network;
a determining module 802, configured to determine a to-be-executed CSB detection function corresponding to the first packet;
a processing module 803, configured to, in response to that the terminal device has the first CSB detection function, omit to execute the first CSB detection function on the first packet before forwarding the first packet to the terminal device, where the first CSB detection function is all or part of the to-be-executed CSB detection functions corresponding to the first packet.
In a possible implementation manner, the first CSB detection function is a partial function of the to-be-executed CSB detection function corresponding to the first packet, and the processing module 803 is further configured to execute a second CSB detection function on the first packet, where the second CSB detection function is a function other than the first CSB detection function in the to-be-executed CSB detection function corresponding to the first packet.
In a possible implementation manner, the obtaining module 801 is further configured to intercept a second message sent by the terminal device, where the second message is used to request to obtain a resource provided by a server of an external network; acquiring a CSB detection function of the terminal equipment based on the second message; the determining module 802 is further configured to determine that the terminal device has the first CSB detection function according to the CSB detection function that the terminal device has and the to-be-executed CSB detection function corresponding to the first packet.
In a possible implementation manner, the second message includes an identity keyword of the terminal device, and the obtaining module 801 is configured to obtain the identity keyword of the terminal device included in the second message by analyzing the second message; and acquiring the CSB detection function of the terminal equipment according to the identity keyword of the terminal equipment.
In a possible implementation manner, the obtaining module 801 is configured to send a query request to a capability management device, where the capability management device stores CSB detection function information corresponding to a terminal device, where the query request carries an identity keyword of the terminal device, and the CSB detection function information corresponding to the terminal device is used to indicate a CSB detection function that the terminal device has; receiving CSB detection function information corresponding to the terminal equipment sent by the capacity management equipment in response to the query request; and determining the CSB detection function of the terminal equipment according to the CSB detection function information.
In a possible implementation manner, the obtaining module 801 is configured to send a query request to the capability management device based on HTTP, HTTPs, or API.
In a possible implementation manner, the obtaining module 801 is configured to query, according to an identity keyword of a terminal device, a correspondence between the identity keyword stored in the security device and a CSB detection function, and obtain the CSB detection function corresponding to the identity keyword of the terminal device.
In one possible implementation, the identity key includes at least one of a random ID, an IP address, or user information in a local certificate.
In a possible implementation manner, the second message carries the CSB detection function information corresponding to the terminal device, and the obtaining module 801 is configured to obtain the CSB detection function information corresponding to the terminal device carried by the second message by analyzing the second message; and determining the CSB detection function of the terminal equipment according to the CSB detection function information corresponding to the terminal equipment carried by the second message.
In one possible implementation, the CSB detection function to be performed includes at least one of an IPS detection function, an AV detection function, a URL detection function, an AIE detection function, or an SA detection function.
In a possible implementation manner, the terminal device is a device that completes login authentication, and the login authentication manner includes any one of local authentication, server authentication, or certificate authentication.
Fig. 9 is a schematic structural diagram of a message processing apparatus according to an embodiment of the present application, where the apparatus is applied to a terminal device, and the terminal device is the terminal device shown in fig. 2 to 7. The message processing apparatus shown in fig. 9 can perform all or part of the operations performed by the terminal device based on a plurality of modules shown in fig. 9. For example, the message processing apparatus having the structure shown in fig. 9 implements the functions of the terminal device in the solutions described in the above embodiments. Optionally, the message processing apparatus is a function of the terminal device described in the embodiments related to fig. 2 to 7, and is capable of performing a first CSB detection function on the received first message. It should be understood that the apparatus may include more additional modules than those shown or omit some of the modules shown therein, which is not limited by the embodiments of the present application. As shown in fig. 9, the apparatus includes:
a providing module 901, configured to provide, to other devices, CSB detection function information corresponding to a terminal device, where the CSB detection function information corresponding to the terminal device is used to indicate a CSB detection function that the terminal device has;
a receiving module 902, configured to receive a first packet sent by a security device, where the security device is deployed at a boundary between an external network and an internal network, the first packet is used to carry a resource provided by a server of the external network according to a request of a terminal device, the first packet is a packet in which the security device does not execute a first CSB detection function, and a CSB detection function that the terminal device has includes the first CSB detection function;
the processing module 903 is configured to execute a first CSB detection function on the first packet.
In a possible implementation manner, the providing module 901 is configured to send a third message to the capability management device, where the third message carries the CSB detection function information corresponding to the terminal device, and the capability management device is configured to store the CSB detection function information corresponding to the terminal device.
In a possible implementation manner, the providing module 901 is configured to send a third packet to the security device, where the third packet carries the CSB detection function information corresponding to the terminal device, and the security device is configured to store the CSB detection function information corresponding to the terminal device.
In a possible implementation manner, the providing module 901 is configured to send a second message to a server of an external network, where the second message is used to request to acquire a resource provided by the server of the external network, and the second message carries the CSB detection function information corresponding to the terminal device.
In a possible implementation manner, the second message is a message transmitted based on HTTPS, and the CSB detection function information corresponding to the terminal device is carried in a Cookie, or a URL parameter, or an HTTPS header field, or an HTTPS custom field of the second message.
In a possible implementation manner, the second message is a message transmitted based on HTTP, and the CSB detection function information corresponding to the terminal device is carried in a Cookie, or an HTTP header field, or an HTTP custom field of the second message.
In a possible implementation manner, the second message is a message based on FTP transmission, and the CSB detection function information corresponding to the terminal device is carried in an FTP redundant field or an FTP self-defined field of the second message.
In one possible implementation, the apparatus further includes: and the sending module is used for sending a second message to the server of the external network, wherein the second message is used for requesting to acquire the resource provided by the server of the external network, the second message comprises the identity keyword of the terminal equipment, and the identity keyword is used for acquiring the CSB detection function of the terminal equipment.
In a possible implementation manner, in response to that the other device is a capability management device, the receiving module 902 is further configured to receive a random ID of the terminal device sent by the capability management device, where the random ID of the terminal device is used as an identity keyword of the terminal device; or in response to that the other device is a security device, the receiving module 902 is further configured to receive a random ID of the terminal device sent by the security device, where the random ID of the terminal device is used as an identity key of the terminal device.
In a possible implementation manner, the third packet further includes an IP address of the terminal device, and the IP address of the terminal device is used as an identity keyword of the terminal device.
In a possible implementation manner, the third packet further includes a local certificate of the terminal device, and the user information in the local certificate of the terminal device is used as the identity keyword of the terminal device.
In one possible implementation, the CSB detection function that the terminal device has includes at least one of an IPS detection function, an AV detection function, a URL detection function, an AIE detection function, or an SA detection function.
In one possible implementation, the apparatus further includes: the request module is used for sending a login request to the safety equipment, wherein the login request comprises user information; receiving an authentication result sent by the safety equipment based on the user information, wherein the authentication result is used for indicating whether the terminal equipment successfully logs in; in response to successful login of the terminal device, the providing module 901 performs an operation of providing CSB detection function information corresponding to the terminal device to the other device.
In one possible implementation, the apparatus further includes: the request module is used for sending a login request to the login authentication equipment, and the login request comprises user information; receiving an authentication result sent by the login authentication device based on the user information, wherein the authentication result is used for indicating whether the terminal device successfully logs in; in response to successful login of the terminal device, the providing module 901 performs an operation of providing CSB detection function information corresponding to the terminal device to another device.
In one possible implementation, the apparatus further includes: the request module is used for sending a login request to the login authentication equipment, wherein the login request comprises a local certificate of the terminal equipment; receiving an authentication result sent by the login authentication device based on a local certificate of the terminal device, wherein the authentication result is used for indicating whether the terminal device successfully logs in; in response to successful login of the terminal device, the providing module 901 performs an operation of providing CSB detection function information corresponding to the terminal device to another device.
It should be understood that the apparatuses provided in fig. 8 and 9 are only illustrated by dividing the functional modules when implementing the functions thereof, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure of the apparatus may be divided into different functional modules to implement all or part of the functions described above. In addition, the apparatus and method embodiments provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments for details, which are not described herein again.
Referring to fig. 10, fig. 10 is a schematic structural diagram illustrating a message processing apparatus 2000 according to an exemplary embodiment of the present application. The message processing device 2000 shown in fig. 10 may be a security device or a terminal device, and is configured to perform the operations related to the message processing methods shown in fig. 2 to 7. The message processing device 2000 is, for example, a switch, a router, or the like, and the message processing device 2000 may be implemented by a general bus architecture.
As shown in fig. 10, the message processing apparatus 2000 includes at least one processor 2001, a memory 2003, and at least one communication interface 2004.
The processor 2001 is, for example, a Central Processing Unit (CPU), a Digital Signal Processor (DSP), a Network Processor (NP), a Graphics Processing Unit (GPU), a neural-Network Processing Unit (NPU), a Data Processing Unit (DPU), a microprocessor, or one or more integrated circuits for implementing the present disclosure. For example, the processor 2001 includes an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD) or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. PLDs are, for example, complex Programmable Logic Devices (CPLDs), field-programmable gate arrays (FPGAs), general Array Logic (GAL), or any combination thereof. Which may implement or perform the various logical blocks, modules, and circuits described in connection with the embodiment disclosure of the present application. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
Optionally, the message processing device 2000 further comprises a bus. The bus is used to transfer information between the components of the message processing apparatus 2000. The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 10, but this is not intended to represent only one bus or type of bus.
The memory 2003 is, for example, but not limited to, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disk read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program instructions in the form of instructions or data structures and that can be accessed by a computer. The memory 2003 is, for example, independent and connected to the processor 2001 via a bus. The memory 2003 may also be integrated with the processor 2001.
In particular implementations, processor 2001 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 10, as one embodiment. Each of these processors may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
In a specific implementation, the message processing apparatus 2000 may include a plurality of processors, such as the processor 2001 and the processor 2005 shown in fig. 10, as an example. Each of these processors may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
In a specific implementation, the message processing device 2000 may further include an output device and an input device, as an embodiment. An output device communicates with the processor 2001 and may display information in a variety of ways. For example, the output device may be a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display device, a Cathode Ray Tube (CRT) display device, a projector (projector), or the like. The input device communicates with the processor 2001 and may receive user input in a variety of ways. For example, the input device may be a mouse, a keyboard, a touch screen device, a sensing device, or the like.
In some embodiments, the memory 2003 is used to store program instructions 2010 for performing aspects of the present application, and the processor 2001 may execute the program instructions 2010 stored in the memory 2003. That is, the message processing apparatus 2000 may implement the message processing method provided in the method embodiment by using the processor 2001 and the program instructions 2010 in the memory 2003. The program instructions 2010 may include one or more software modules therein. Optionally, the processor 2001 itself may also store program code or instructions to perform aspects of the present application.
In a specific embodiment, the message processing device 2000 in the embodiment of the present application may correspond to a security device in each of the message processing method embodiments described above, and the processor 2001 in the message processing device 2000 reads an instruction in the memory 2003, so that the message processing device 2000 shown in fig. 10 can perform all or part of operations performed by the security device.
In a specific embodiment, the message processing device 2000 in the embodiment of the present application may correspond to a terminal device in each of the message processing method embodiments described above, and the processor 2001 in the message processing device 2000 reads instructions in the memory 2003, so that the message processing device 2000 shown in fig. 10 can perform all or part of operations performed by the terminal device.
The message processing device 2000 may also correspond to the message processing apparatus shown in fig. 8 to 9 described above, and each functional module in the message processing apparatus is implemented by software of the message processing device 2000. In other words, the functional blocks included in the message processing apparatus are generated by the processor 2001 of the message processing device 2000 reading the program instructions 2010 stored in the memory 2003.
The steps of the message processing method shown in fig. 2-7 are performed by instructions in the form of hardware integrated logic circuits or software in the processor of the message processing device 2000. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and performs the steps of the above method in combination with hardware thereof, which are not described in detail herein to avoid repetition.
Referring to fig. 11, fig. 11 is a schematic structural diagram illustrating a message processing apparatus 2100 according to another exemplary embodiment of the present application. The message processing device 2100 shown in fig. 11 may be a security device or a terminal device, and is configured to perform all or part of the operations related to the message processing methods shown in fig. 2 to 7. The message processing device 2100 is, for example, a switch, a router, or the like, and the message processing device 2100 may be implemented by a general bus architecture.
As shown in fig. 11, the message processing apparatus 2100 includes: a main control board 2110 and an interface board 2130.
The main control board is also called a Main Processing Unit (MPU) or a route processor card (route processor card), and the main control board 2110 is used for controlling and managing various components in the message processing apparatus 2100, including routing computation, apparatus management, apparatus maintenance, and protocol processing functions. The main control board 2110 includes: a central processor 2111 and a memory 2112.
The interface board 2130 is also referred to as a Line Processing Unit (LPU), a line card (line card), or a service board. The interface board 2130 is used for providing various service interfaces and forwarding data packets. The service interfaces include, but are not limited to, ethernet interfaces such as flexible ethernet services interfaces (FlexE Clients), POS (packet over SONET/SDH) interfaces, etc. The interface board 2130 includes: central processor 2131 a network processor 2132, a forwarding table entry memory 2134, and a Physical Interface Card (PIC) 2133.
The central processor 2131 on the interface board 2130 is used for controlling and managing the interface board 2130 and communicating with the central processor 2111 on the main control board 2110.
The network processor 2132 is configured to implement forwarding processing of the packet. The network processor 2132 may take the form of a forwarding chip. The forwarding chip may be a Network Processor (NP). In some embodiments, the forwarding chip may be implemented by an application-specific integrated circuit (ASIC) or a Field Programmable Gate Array (FPGA). Specifically, the network processor 2132 is configured to forward the received message based on a forwarding table stored in the forwarding table entry memory 2134, and if a destination address of the message is an address of the message processing apparatus 2100, send the message to a CPU (e.g., the central processing unit 2131) for processing; if the destination address of the message is not the address of the message processing apparatus 2100, the next hop and the outbound interface corresponding to the destination address are found from the forwarding table according to the destination address, and the message is forwarded to the outbound interface corresponding to the destination address. The processing of the uplink packet may include: processing a message input interface and searching a forwarding table; the processing of the downlink message may include: forwarding table lookups, and the like. In some embodiments, the central processing unit may also perform the functions of a forwarding chip, such as implementing software forwarding based on a general purpose CPU, so that no forwarding chip is needed in the interface board.
The physical interface card 2133 is used to implement a physical layer interface function, from which the original traffic enters the interface board 2130, and the processed message is sent out from the physical interface card 2133. The physical interface card 2133 is also called a daughter card, and may be installed on the interface board 2130, and is responsible for converting the photoelectric signal into a message, performing validity check on the message, and forwarding the message to the network processor 2132 for processing. In some embodiments, the central processor 2131 may also perform the functions of the network processor 2132, such as implementing software forwarding based on a general purpose CPU, so that the network processor 2132 is not required in the physical interface card 2133.
Illustratively, the packet processing device 2100 includes a plurality of interface boards, for example, the packet processing device 2100 further includes an interface board 2140, and the interface board 2140 includes: a central processor 2141, a network processor 2142, a forwarding table entry memory 2144, and a physical interface card 2143. The functions and implementations of the components in the interface board 2140 are the same as or similar to those of the interface board 2130, and are not described herein again.
Illustratively, the message processing device 2100 also includes a switch board 2120. The switch board 2120 may also be called a Switch Fabric Unit (SFU). In the case that the message processing apparatus has a plurality of interface boards, the switch network board 2120 is used to complete data exchange between the interface boards. For example, the interface board 2130 and the interface board 2140 can communicate with each other via the switch board 2120.
The main control board 2110 is coupled to the interface board. For example. The main control board 2110, the interface board 2130, the interface board 2140, and the switch board 2120 are connected to the system backplane through the system bus to realize intercommunication. In a possible implementation manner, an inter-process communication (IPC) channel is established between the main control board 2110 and the interface board 2130 and between the main control board 2110 and the interface board 2140, and the main control board 2110 communicates with the interface board 2130 and between the main control board 2110 and the interface board 2140 through the IPC channel.
Logically, the message processing apparatus 2100 comprises a control plane including the main control board 2110 and the central processor 2111, and a forwarding plane including various components performing forwarding, such as a forwarding table entry memory 2134, a physical interface card 2133, and a network processor 2132. The control plane executes functions of a router, generating a forwarding table, processing signaling and protocol messages, configuring and maintaining the state of the network device, and the like, and issues the generated forwarding table to the forwarding plane, and in the forwarding plane, the network processor 2132 looks up the table of the message received by the physical interface card 2133 and forwards the message based on the forwarding table issued by the control plane. The forwarding table issued by the control plane may be stored in the forwarding table entry storage 2134. In some embodiments, the control plane and the forwarding plane may be completely separate and not on the same network device.
It should be noted that there may be one or more main control boards, and when there are more main control boards, the main control boards may include a main control board and a standby main control board. The interface board may have one or more blocks, and the stronger the data processing capability of the message processing device, the more interface boards are provided. There may also be one or more physical interface cards on an interface board. The exchange network board may not have one or more blocks, and when there are more blocks, the load sharing redundancy backup can be realized together. Under the centralized forwarding architecture, the message processing device can not need a switching network board, and the interface board undertakes the processing function of the service data of the whole system. Under the distributed forwarding architecture, the message processing equipment can have at least one exchange network board, and the exchange of data among a plurality of interface boards is realized through the exchange network board, so that the large-capacity data exchange and processing capacity is provided. Therefore, the data access and processing capabilities of the message processing apparatus with the distributed architecture are greater than those of the message processing apparatus with the centralized architecture. For example, the message processing device may also be in the form of only one board card, that is, there is no switching network board, and the functions of the interface board and the main control board are integrated on the one board card, and at this time, the central processing unit on the interface board and the central processing unit on the main control board may be combined into one central processing unit on the one board card to perform the function after the two are superimposed, where the data switching and processing capability of the message processing device is low (for example, a network device such as a low-end switch or a router). Which architecture is specifically adopted depends on a specific networking deployment scenario, and is not limited herein.
In a specific embodiment, the message processing apparatus 2100 corresponds to the message processing device applied to the security apparatus shown in fig. 8. In some embodiments, the acquisition module 801 in the message processing apparatus shown in fig. 8 corresponds to the physical interface card 2133 in the message processing device 2100; the determination module 802 and the processing module 803 correspond to the central processor 2111 or the network processor 2132 in the message processing apparatus 2100.
In some embodiments, the message processing device 2100 also corresponds to the message processing apparatus applied to the terminal device shown in fig. 9. In some embodiments, the provisioning module 901 in the message processing apparatus shown in fig. 9 corresponds to the physical interface card 2133 in the message processing device 2100; the receiving module 902 and the processing module 903 correspond to the central processor 2111 or the network processor 2132 in the message processing apparatus 2100.
Based on the message processing device shown in fig. 10 and 11, an embodiment of the present application further provides a message processing system, where the system includes: a security device and a terminal device. Optionally, the security device is the message processing device 2000 shown in fig. 10 or the message processing device 2100 shown in fig. 11, and the terminal device is the message processing device 2000 shown in fig. 10 or the message processing device 2100 shown in fig. 11.
The message processing method executed by the security device and the terminal device may refer to the related description of the embodiments shown in fig. 2 to 7, and will not be described again here.
An embodiment of the present application further provides a communication apparatus, including: a transceiver, a memory, and a processor. The transceiver, the memory and the processor are communicated with each other through an internal connection path, the memory is used for storing instructions, the processor is used for executing the instructions stored by the memory to control the transceiver to receive signals and control the transceiver to transmit signals, and when the processor executes the instructions stored by the memory, the processor is enabled to execute a message processing method required to be executed by the safety equipment.
An embodiment of the present application further provides a communication apparatus, including: a transceiver, a memory, and a processor. The transceiver, the memory and the processor are communicated with each other through an internal connection path, the memory is used for storing instructions, the processor is used for executing the instructions stored by the memory to control the transceiver to receive signals and control the transceiver to transmit signals, and when the processor executes the instructions stored by the memory, the processor is enabled to execute a message processing method required to be executed by the terminal equipment.
It should be understood that the processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a field-programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor or the like. It is noted that the processor may be an advanced reduced instruction set machine (ARM) architecture supported processor.
Further, in an alternative embodiment, the memory may include both read-only memory and random access memory, and provide instructions and data to the processor. The memory may also include non-volatile random access memory. For example, the memory may also store device type information.
The memory may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available. For example, static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct memory bus RAM (DR RAM).
An embodiment of the present application further provides a computer-readable storage medium, where at least one instruction is stored in the storage medium, and the instruction is loaded and executed by a processor to implement the message processing method as described in any of the above.
Embodiments of the present application further provide a computer program (product), which, when executed by a computer, can enable the processor or the computer to execute each step and/or flow of the message processing method corresponding to the foregoing method embodiments.
The embodiment of the present application further provides a chip, which includes a processor, and is configured to invoke and run an instruction stored in a memory from the memory, so that a communication device equipped with the chip executes the message processing method in the foregoing aspects.
The embodiment of the present application further provides another chip, including: the message processing system comprises an input interface, an output interface, a processor and a memory, wherein the input interface, the output interface, the processor and the memory are connected through an internal connection path, the processor is used for executing codes in the memory, and when the codes are executed, the processor is used for executing the message processing method in the aspects.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedures or functions described in accordance with the present application are generated, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, digital subscriber line) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), among others.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer program instructions. By way of example, the methods of embodiments of the present application may be described in the context of machine-executable instructions, such as those included in program modules, being executed in devices on target real or virtual processors. Generally, program modules include routines, programs, libraries, objects, classes, components, data structures, etc. that perform particular tasks or implement particular abstract data types. In various embodiments, the functionality of the program modules may be combined or divided between program modules as described. Machine-executable instructions for program modules may be executed within a local or distributed device. In a distributed facility, program modules may be located in both local and remote memory storage media.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the device and the module described above may refer to corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the module is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. Further, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may also be an electrical, mechanical or other form of connection.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present application.
In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may be stored in a computer readable storage medium. A computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may be a machine readable signal medium or a machine readable storage medium. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination thereof. More detailed examples of a computer-readable storage medium include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical storage device, a magnetic storage device, or any suitable combination thereof.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the scope of the application. Thus, it is intended that the present application also cover such modifications and variations as come within the scope of the appended claims.
Claims (54)
1. A message processing method is applied to a security device, wherein the security device is deployed at the boundary of an external network and an internal network, and the method comprises the following steps:
the security device intercepts a first message sent by the external network to the internal network, wherein the first message is used for bearing resources provided by a server of the external network according to a request of a terminal device of the internal network;
the security equipment determines a CSB detection function of a content security service to be executed corresponding to the first message;
and in response to that the terminal device has a first CSB detection function, the security device omits executing the first CSB detection function on the first packet before forwarding the first packet to the terminal device, wherein the first CSB detection function is all or part of the CSB detection functions to be executed corresponding to the first packet.
2. The method according to claim 1, wherein the first CSB detection function is a partial function of the to-be-executed CSB detection function corresponding to the first packet, and before the security device forwards the first packet to the terminal device, the method further includes:
and the safety equipment executes a second CSB detection function on the first message, wherein the second CSB detection function is a function except the first CSB detection function in the CSB detection functions to be executed corresponding to the first message.
3. The method according to claim 1 or 2, wherein before intercepting, by the security device, the first packet sent by the external network to the internal network, the method further comprises:
the security device intercepts a second message sent by the terminal device, wherein the second message is used for requesting to acquire the resource provided by the server of the external network;
based on the second message, the safety equipment acquires a CSB detection function which the terminal equipment has;
after the security device determines the CSB detection function of the content security service to be executed corresponding to the first packet, the method further includes:
and the safety equipment determines that the terminal equipment has the first CSB detection function according to the CSB detection function of the terminal equipment and the to-be-executed CSB detection function corresponding to the first message.
4. The method according to claim 3, wherein the second packet includes an identity key of the terminal device, and the obtaining, by the security device, the CSB detection function that the terminal device has based on the second packet includes:
the safety equipment obtains the identity key word of the terminal equipment included in the second message by analyzing the second message;
and the safety equipment acquires the CSB detection function of the terminal equipment according to the identity keyword of the terminal equipment.
5. The method according to claim 4, wherein the obtaining, by the security device, the CSB detection function that the terminal device has according to the identity keyword of the terminal device includes:
the safety equipment sends a query request to capacity management equipment, and the capacity management equipment stores CSB detection function information corresponding to the terminal equipment, wherein the query request carries an identity keyword of the terminal equipment, and the CSB detection function information corresponding to the terminal equipment is used for indicating a CSB detection function of the terminal equipment;
receiving CSB detection function information corresponding to the terminal equipment, which is sent by the capacity management equipment in response to the query request;
and determining the CSB detection function of the terminal equipment according to the CSB detection function information.
6. The method of claim 5, wherein sending the query request to the capability management device comprises:
and sending a query request to the capacity management equipment based on a hypertext transfer protocol (HTTP), a hypertext transfer security protocol (HTTPS) or an Application Programming Interface (API).
7. The method according to claim 4, wherein the acquiring, by the security device, the CSB detection function that the terminal device has according to the identity keyword of the terminal device includes:
and the safety equipment inquires the corresponding relation between the identity key words stored in the safety equipment and the CSB detection function according to the identity key words of the terminal equipment, and acquires the CSB detection function corresponding to the identity key words of the terminal equipment.
8. The method of any of claims 4-7, wherein the identity key comprises at least one of a random identity number, ID, an Internet protocol, IP, address, or user information in a local certificate.
9. The method according to claim 3, wherein the second packet carries information of a CSB detection function corresponding to the terminal device, and the obtaining, by the security device, the CSB detection function that the terminal device has based on the second packet includes:
the security device acquires CSB detection function information corresponding to the terminal device carried by the second message by analyzing the second message;
and the safety equipment determines the CSB detection function of the terminal equipment according to the CSB detection function information corresponding to the terminal equipment carried by the second message.
10. The method according to any of claims 1-9, wherein the content security service CSB detection function to be performed comprises at least one of an intrusion prevention system IPS detection function, an antivirus AV detection function, a uniform resource locator URL detection function, an artificial intelligence engine AIE detection function, or a service-aware SA detection function.
11. A message processing method is characterized in that the method is applied to a terminal device, the terminal device is deployed in an internal network, and the method comprises the following steps:
the terminal device provides content security service (CSB) detection function information corresponding to the terminal device to other devices, wherein the CSB detection function information corresponding to the terminal device is used for indicating a CSB detection function of the terminal device;
the terminal device receives a first message sent by a security device, wherein the security device is deployed at a boundary between an external network and the internal network, the first message is used for bearing a resource provided by a server of the external network according to a request of the terminal device, the first message is a message in which the security device does not execute a first CSB detection function, and the CSB detection function of the terminal device includes the first CSB detection function;
and the terminal equipment executes the first CSB detection function on the first message.
12. The method of claim 11, wherein the providing, by the terminal device, the content security service CSB detection function information corresponding to the terminal device to the other device comprises:
the terminal device sends a third message to a capability management device, the third message carries CSB detection function information corresponding to the terminal device, and the capability management device is used for storing the CSB detection function information corresponding to the terminal device.
13. The method of claim 11, wherein the providing, by the terminal device, the content security service CSB detection function information corresponding to the terminal device to the other device comprises:
and the terminal equipment sends a third message to the safety equipment, wherein the third message carries CSB detection function information corresponding to the terminal equipment, and the safety equipment is used for storing the CSB detection function information corresponding to the terminal equipment.
14. The method of claim 11, wherein the providing, by the terminal device, the content security service CSB detection function information corresponding to the terminal device to the other device comprises:
and the terminal equipment sends a second message to a server of the external network, wherein the second message is used for requesting to acquire resources provided by the server of the external network, and the second message carries CSB detection function information corresponding to the terminal equipment.
15. The method according to claim 14, wherein the second packet is a packet transmitted based on a hypertext transfer security protocol HTTPS, and the CSB detection function information corresponding to the terminal device is carried in a Cookie, a URL parameter of a uniform resource locator, an HTTPS header field, or an HTTPS custom field on a local terminal of the user of the second packet.
16. The method according to claim 14, wherein the second packet is a packet transmitted based on a hypertext transfer protocol HTTP, and the CSB detection function information corresponding to the terminal device is carried in a small data Cookie, or an HTTP header field, or an HTTP custom field of the second packet.
17. The method according to claim 14, wherein the second packet is a packet based on a file transfer protocol FTP transmission, and the CSB detection function information corresponding to the terminal device is carried in an FTP redundant field or an FTP custom field of the second packet.
18. The method according to claim 12 or 13, wherein after the terminal device provides the content security service CSB detection function information corresponding to the terminal device to the other device, the method further comprises:
the terminal device sends a second message to a server of the external network, where the second message is used to request to acquire a resource provided by the server of the external network, and the second message includes an identity keyword of the terminal device, and the identity keyword is used to acquire a CSB detection function that the terminal device has.
19. The method of claim 18, wherein in response to the other device being a capability management device, after the terminal device provides content security service CSB detection function information corresponding to the terminal device to the other device, the method further comprises:
the terminal equipment receives a random identity identification number ID of the terminal equipment sent by the capacity management equipment, wherein the random ID of the terminal equipment is used as an identity key word of the terminal equipment; or
In response to that the other device is the security device, after the terminal device provides, to the other device, content security service CSB detection function information corresponding to the terminal device, the method further includes:
and the terminal equipment receives the random ID of the terminal equipment sent by the safety equipment, wherein the random ID of the terminal equipment is used as an identity key word of the terminal equipment.
20. The method according to claim 18 or 19, wherein the third packet further includes an IP address of the terminal device, and the IP address of the terminal device is used as an identity key of the terminal device.
21. The method according to any of claims 18-20, wherein the third message further comprises a local certificate of the terminal device, and wherein the user information in the local certificate of the terminal device is used as the identity key of the terminal device.
22. The method according to any of claims 11-21, wherein the CSB detection function that the terminal device has comprises at least one of an intrusion prevention system IPS detection function, an antivirus AV detection function, a URL detection function, an artificial intelligence engine AIE detection function, or a service-aware SA detection function.
23. The method according to any one of claims 11 to 22, wherein before the terminal device provides the content security service CSB detection function information corresponding to the terminal device to other devices, the method further comprises:
the terminal equipment sends a login request to the safety equipment, wherein the login request comprises user information;
receiving an authentication result sent by the safety equipment based on the user information, wherein the authentication result is used for indicating whether the terminal equipment successfully logs in;
and responding to the successful login of the terminal equipment, and the terminal equipment executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
24. The method according to any of claims 11-22, wherein before the terminal device provides the content security service CSB detection function information corresponding to the terminal device to other devices, the method further comprises:
the terminal equipment sends a login request to login authentication equipment, wherein the login request comprises user information;
receiving an authentication result sent by the login authentication device based on the user information, wherein the authentication result is used for indicating whether the terminal device successfully logs in;
and responding to the successful login of the terminal equipment, and the terminal equipment executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
25. The method according to any of claims 11-22, wherein before the terminal device provides the content security service CSB detection function information corresponding to the terminal device to other devices, the method further comprises:
the terminal equipment sends a login request to login authentication equipment, wherein the login request comprises a local certificate of the terminal equipment;
receiving an authentication result sent by the login authentication device based on a local certificate of the terminal device, wherein the authentication result is used for indicating whether the terminal device successfully logs in;
and responding to the successful login of the terminal equipment, and the terminal equipment executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
26. A message processing apparatus, wherein the apparatus is applied to a security device, the security device is deployed at a boundary between an external network and an internal network, and the apparatus comprises:
an acquisition module, configured to intercept a first message sent by the external network to the internal network, where the first message is used to carry a resource provided by a server of the external network according to a request of a terminal device of the internal network;
a determining module, configured to determine a CSB detection function of the to-be-executed content security service corresponding to the first packet;
and the processing module is configured to, in response to that the terminal device has a first CSB detection function, omit performing the first CSB detection function on the first packet before forwarding the first packet to the terminal device, where the first CSB detection function is all or part of CSB detection functions to be performed corresponding to the first packet.
27. The apparatus of claim 26, wherein the first CSB detection function is a part of a to-be-executed CSB detection function corresponding to the first packet, and wherein the processing module is further configured to execute a second CSB detection function on the first packet, where the second CSB detection function is a function other than the first CSB detection function in the to-be-executed CSB detection function corresponding to the first packet.
28. The apparatus according to claim 26 or 27, wherein the obtaining module is further configured to intercept a second message sent by the terminal device, where the second message is used to request to obtain the resource provided by a server of the external network; acquiring a CSB detection function of the terminal equipment based on the second message; the determining module is further configured to determine that the terminal device has the first CSB detection function according to the CSB detection function that the terminal device has and the to-be-executed CSB detection function corresponding to the first packet.
29. The apparatus according to claim 28, wherein the second packet includes an identity key of the terminal device, and the obtaining module is configured to obtain the identity key of the terminal device included in the second packet by parsing the second packet; and acquiring the CSB detection function of the terminal equipment according to the identity keyword of the terminal equipment.
30. The apparatus of claim 29, wherein the obtaining module is configured to send an inquiry request to a capability management device, where the capability management device stores CSB detection function information corresponding to the terminal device, where the inquiry request carries an identity keyword of the terminal device, and the CSB detection function information corresponding to the terminal device is used to indicate a CSB detection function that the terminal device has; receiving CSB detection function information corresponding to the terminal equipment, which is sent by the capacity management equipment in response to the query request; and determining the CSB detection function of the terminal equipment according to the CSB detection function information.
31. The apparatus of claim 30, wherein the obtaining module is configured to send a query request to the capability management device based on a hypertext transfer protocol (HTTP), a hypertext transfer security protocol (HTTPs), or an Application Programming Interface (API).
32. The apparatus of claim 29, wherein the obtaining module is configured to query, according to the identity keyword of the terminal device, a correspondence between the identity keyword stored in the security device and a CSB detection function, and obtain the CSB detection function corresponding to the identity keyword of the terminal device.
33. The apparatus according to any of claims 29-32, wherein the identity key comprises at least one of a random identity number, ID, an internet protocol, IP, address, or user information in a local certificate.
34. The apparatus according to claim 28, wherein the second packet carries CSB detection function information corresponding to the terminal device, and the obtaining module is configured to obtain, by parsing the second packet, the CSB detection function information corresponding to the terminal device that is carried by the second packet; and determining the CSB detection function of the terminal equipment according to the CSB detection function information corresponding to the terminal equipment carried by the second message.
35. The apparatus according to any of claims 26-34, wherein the content security service CSB detection function to be performed comprises at least one of an intrusion prevention system IPS detection function, an antivirus AV detection function, a uniform resource locator URL detection function, an artificial intelligence engine AIE detection function, or a service-aware SA detection function.
36. A message processing device is characterized in that the device is applied to a terminal device, the terminal device is deployed in an internal network, and the device comprises:
a providing module, configured to provide content security service CSB detection function information corresponding to the terminal device to other devices, where the CSB detection function information corresponding to the terminal device is used to indicate a CSB detection function that the terminal device has;
a receiving module, configured to receive a first packet sent by a security device, where the security device is deployed at a boundary between an external network and the internal network, the first packet is used to carry a resource provided by a server of the external network according to a request of the terminal device, the first packet is a packet in which the security device does not execute a first CSB detection function, and a CSB detection function that the terminal device has includes the first CSB detection function;
and the processing module is used for executing the first CSB detection function on the first message.
37. The apparatus of claim 36, wherein the provisioning module is configured to send a third packet to a capability management device, where the third packet carries CSB detection function information corresponding to the terminal device, and the capability management device is configured to store the CSB detection function information corresponding to the terminal device.
38. The apparatus of claim 36, wherein the provisioning module is configured to send a third packet to the security device, where the third packet carries CSB detection function information corresponding to the terminal device, and the security device is configured to store the CSB detection function information corresponding to the terminal device.
39. The apparatus of claim 36, wherein the provisioning module is configured to send a second packet to a server of the external network, where the second packet is used to request to acquire a resource provided by the server of the external network, and the second packet carries the CSB detection function information corresponding to the terminal device.
40. The apparatus according to claim 39, wherein the second packet is a packet transmitted based on a hypertext transfer security protocol (HTTPS), and the CSB detection function information corresponding to the terminal device is carried in a Cookie, a Uniform Resource Locator (URL) parameter, an HTTPS header field, or an HTTPS custom field on the local terminal of the user of the second packet.
41. The apparatus according to claim 39, wherein the second packet is a packet transmitted based on a hypertext transfer protocol (HTTP), and the CSB detection function information corresponding to the terminal device is carried in a small data Cookie, or an HTTP header field, or an HTTP custom field of the second packet.
42. The apparatus according to claim 39, wherein the second packet is a packet based on a File Transfer Protocol (FTP) transmission, and the CSB detection function information corresponding to the terminal device is carried in an FTP redundancy field or an FTP custom field of the second packet.
43. The apparatus of claim 37 or 38, further comprising: a sending module, configured to send a second packet to a server of the external network, where the second packet is used to request to acquire a resource provided by the server of the external network, and the second packet includes an identity keyword of the terminal device, where the identity keyword is used to acquire a CSB detection function that the terminal device has.
44. The apparatus according to claim 43, wherein in response to the other device being a capability management device, the receiving module is further configured to receive a random identity number ID of the terminal device sent by the capability management device, where the random ID of the terminal device is used as an identity key of the terminal device; or
In response to that the other device is the security device, the receiving module is further configured to receive the random ID of the terminal device sent by the security device, where the random ID of the terminal device is used as the identity key of the terminal device.
45. The apparatus according to claim 43 or 44, wherein the third packet further includes an IP address of the terminal device, and the IP address of the terminal device is used as an identity key of the terminal device.
46. The apparatus according to any of claims 43-45, wherein the third message further comprises a local certificate of the terminal device, and the user information in the local certificate of the terminal device is used as the identity key of the terminal device.
47. The apparatus of any of claims 36-46, wherein the CSB detection function provided by the terminal device comprises at least one of an Intrusion Prevention System (IPS) detection function, an antivirus AV detection function, a URL detection function, an Artificial Intelligence Engine (AIE) detection function, or a service-aware (SA) detection function.
48. The apparatus of any one of claims 36-47, further comprising: the request module is used for sending a login request to the safety equipment, wherein the login request comprises user information; receiving an authentication result sent by the safety equipment based on the user information, wherein the authentication result is used for indicating whether the terminal equipment successfully logs in; and responding to the successful login of the terminal equipment, the supply module executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
49. The apparatus of any one of claims 36-47, further comprising: the system comprises a request module, a login authentication device and a login processing module, wherein the request module is used for sending a login request to the login authentication device, and the login request comprises user information; receiving an authentication result sent by the login authentication device based on the user information, wherein the authentication result is used for indicating whether the terminal device successfully logs in; and responding to the successful login of the terminal equipment, the supply module executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
50. The apparatus of any one of claims 36-47, further comprising: the request module is used for sending a login request to login authentication equipment, wherein the login request comprises a local certificate of the terminal equipment; receiving an authentication result sent by the login authentication device based on a local certificate of the terminal device, wherein the authentication result is used for indicating whether the terminal device successfully logs in; and responding to the successful login of the terminal equipment, the supply module executes the operation of providing the CSB detection function information corresponding to the terminal equipment to other equipment.
51. A message processing apparatus, characterized in that the message processing apparatus comprises: a processor coupled to a memory having stored therein at least one program instruction or code, the at least one program instruction or code loaded and executed by the processor to cause the message processing apparatus to implement the message processing method of any of claims 1-25.
52. A message handling system, characterized in that the message handling system comprises a security device for performing the message handling method according to any of claims 1-10 and a terminal device for performing the message handling method according to any of claims 11-25.
53. A computer-readable storage medium, having stored therein at least one program instruction or code, the program instruction or code being loaded and executed by a processor to cause a computer to implement the message processing method according to any one of claims 1-25.
54. A computer program product, characterized in that it comprises a computer program which is executed by a computer to cause the computer to implement the message processing method according to any one of claims 1-25.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2022/080721 WO2022267564A1 (en) | 2021-06-26 | 2022-03-14 | Packet processing method and apparatus, device, system, and readable storage medium |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110714768 | 2021-06-26 | ||
| CN2021107147685 | 2021-06-26 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115529148A true CN115529148A (en) | 2022-12-27 |
Family
ID=84694737
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111069732.2A Pending CN115529148A (en) | 2021-06-26 | 2021-09-13 | Message processing method, device, equipment, system and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115529148A (en) |
-
2021
- 2021-09-13 CN CN202111069732.2A patent/CN115529148A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11178188B1 (en) | Synthetic request injection to generate metadata for cloud policy enforcement | |
| US11303647B1 (en) | Synthetic request injection to disambiguate bypassed login events for cloud policy enforcement | |
| EP3494682B1 (en) | Security-on-demand architecture | |
| US10798157B2 (en) | Technologies for transparent function as a service arbitration for edge systems | |
| US11190550B1 (en) | Synthetic request injection to improve object security posture for cloud security enforcement | |
| US11985168B2 (en) | Synthetic request injection for secure access service edge (SASE) cloud architecture | |
| US11271972B1 (en) | Data flow logic for synthetic request injection for cloud security enforcement | |
| US8464335B1 (en) | Distributed, multi-tenant virtual private network cloud systems and methods for mobile security and policy enforcement | |
| US9130937B1 (en) | Validating network communications | |
| US11336698B1 (en) | Synthetic request injection for cloud policy enforcement | |
| US11888902B2 (en) | Object metadata-based cloud policy enforcement using synthetic request injection | |
| CN112153049B (en) | Intrusion detection method, device, electronic equipment and computer readable medium | |
| US11647052B2 (en) | Synthetic request injection to retrieve expired metadata for cloud policy enforcement | |
| US11637702B2 (en) | Verifiable computation for cross-domain information sharing | |
| US20220247768A1 (en) | Dynamic distribution of unified policies in a cloud-based policy enforcement system | |
| CN112491776B (en) | Security authentication method and related equipment | |
| WO2023065969A1 (en) | Access control method, apparatus, and system | |
| US11736531B1 (en) | Managing and monitoring endpoint activity in secured networks | |
| CN109660504A (en) | System and method for controlling the access to enterprise network | |
| CN116325655A (en) | Manipulating traffic on a per-flow basis through a single sign-on service | |
| WO2022100020A1 (en) | Vulnerability testing method and apparatus | |
| US20220247761A1 (en) | Dynamic routing of access request streams in a unified policy enforcement system | |
| WO2022267564A1 (en) | Packet processing method and apparatus, device, system, and readable storage medium | |
| CN114070618A (en) | Data processing method and system based on micro front end | |
| US8640189B1 (en) | Communicating results of validation services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |