CN117201200B - Data safety transmission method based on protocol stack - Google Patents
Data safety transmission method based on protocol stack Download PDFInfo
- Publication number
- CN117201200B CN117201200B CN202311468688.1A CN202311468688A CN117201200B CN 117201200 B CN117201200 B CN 117201200B CN 202311468688 A CN202311468688 A CN 202311468688A CN 117201200 B CN117201200 B CN 117201200B
- Authority
- CN
- China
- Prior art keywords
- data
- application server
- internet
- client
- session key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000005540 biological transmission Effects 0.000 title claims abstract description 43
- 238000012545 processing Methods 0.000 claims description 9
- 238000012790 confirmation Methods 0.000 claims description 6
- 230000002457 bidirectional effect Effects 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 3
- 238000000354 decomposition reaction Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Abstract
The invention discloses a data security transmission method based on a protocol stack, and relates to the technical field of network security. The invention improves the safety in the data transmission process by encrypting and protecting the data source. The lightweight authentication scheme of the digital certificate or the similar digital certificate is applied, and the problem of trusted access of the client is solved. The data transmission does not need to establish a tunnel, and is directly encrypted for transmission, so that the transmission efficiency is improved, the data transmission path is shortened, and the data delay is reduced. The secret key is updated periodically or in idle time, so that the safety strength of the secret key protection is improved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a data security transmission method based on a protocol stack.
Background
Along with popularization of information system construction, large-scale data leakage event frequently occurs, and a cryptographic technology is used as a core and a foundation of network security and becomes a focus of attention of all parties. Currently, the internet of things client devices in the critical information infrastructure are basically free of any protection measures, especially data privacy protection. How to ensure the self-safety and the credibility and safety of data transmission in a complex network environment where network attack events frequently occur is an urgent problem in the industry.
The current mainstream approach is to adopt a scheme of two-sided deployment of VPN. In the scheme of deploying the VPN, the cloud server and the client device are hidden, the cloud server and the client device are protected, meanwhile, the VPN on two sides establishes a tunnel, and data are protected through the VPN tunnel to transmit the data. However, when a large number of devices are accessed, the VPN server has a bottleneck, the cost of clients is increased by stacking the devices, and meanwhile, the transmission path of the data is modified for many times, so that the network transmission efficiency is reduced, the data delay is increased, and the reverse control instruction may not reach the client device in time, thereby causing unexpected results. Therefore, how to ensure the network transmission efficiency while ensuring the self security of the client device and the data transmission security is a problem which needs to be further solved in the industry.
Disclosure of Invention
The invention aims at overcoming the defects of the prior art, and provides a data security transmission method based on a protocol stack, so as to solve the problem that the prior art is difficult to ensure the security of client equipment and the security of data transmission and ensure the network transmission efficiency.
The invention provides a data security transmission method based on a protocol stack, wherein a network environment applied by the method comprises a user area and an application server area, the user area comprises a client and a user area firewall, the application server area comprises an application server and an application server area firewall, and the method comprises the following steps:
after the user zone firewall and the application server zone firewall perform bidirectional authentication access, the application server zone firewall safely transmits a session key to the user zone firewall in a digital envelope mode;
the user area firewall and the application server area firewall send the session key and the security policy to the protocol stack at the same time;
when a client accesses an application server, a user area firewall performs encryption privacy protection on network data to obtain user area encryption data;
the firewall of the application server area identifies the encrypted data of the user area through a security policy;
the firewall of the application server area analyzes the packet header of the encrypted data of the user area, and the corresponding session key is retrieved through the ID of the session key;
and the firewall of the application server area uses the session key to decrypt the encrypted data of the user area, and the encrypted data is forwarded to the application server after being decrypted to obtain plaintext data.
Further, the network environment to which the method is applied further includes a cloud server area and an internet of things device area, the cloud server area includes an internet of things platform and a cloud host, the internet of things device area includes an internet of things gateway and an internet of things device, and the method includes:
after the internet of things gateway and the cloud host carry out mutual authentication access, the cloud host safely transmits a session key to the internet of things gateway in a digital envelope mode;
the gateway of the Internet of things and the cloud host synchronously send the session key and the security policy to a protocol stack;
when the internet of things equipment is accessed to the internet of things gateway, and network data of the internet of things equipment is accessed to the internet of things platform through the internet of things gateway, the internet of things gateway encrypts and privacy protects the network data to obtain encrypted data of an internet of things equipment area;
the cloud host recognizes the encrypted data of the equipment area of the Internet of things through a security policy;
the cloud host analyzes the data packet header of the encrypted data of the equipment area of the Internet of things, and the corresponding session key is retrieved through the ID of the session key;
and the cloud host uses the session key to decrypt the encrypted data of the equipment area of the Internet of things, and the decrypted data is forwarded to the platform of the Internet of things after obtaining the plaintext data.
Further, the Internet of things equipment is accessed to the Internet of things gateway in an RS232 or RS485 mode.
Further, the method further comprises:
the session key is updated periodically or at leisure.
Further, the mutual authentication of the user zone firewall and the application server zone firewall adopts a lightweight identity authentication scheme of a digital certificate or a digital-like certificate.
Further, the mutual authentication includes:
after the client establishes connection with the application server, the client initiates an authentication challenge to the application server;
after receiving authentication challenge of the client, the application server inquires a local client white list, judges whether the client is matched with the local client white list, if so, sends a challenge response to the client, and if not, closes the connection.
Further, the method further comprises:
after receiving the challenge response of the application server, the client initiates authentication data to the application server;
after receiving authentication data of a client, an application server selects a password suite of the client, uses a public key of the client to check signature values in the authentication data, re-acquires random numbers as session keys after the signature checking passes, protects the session keys in a digital envelope mode, calculates multi-factor signature values by using a private key of the application server, and combines the obtained data to be used as authentication data to be sent to the client;
after receiving the authentication data of the application server, the client decrypts the digital envelope with the private key of the client to obtain a session password, decrypts the authentication data with the session key, verifies the correctness of the session key, verifies the signature value of the application server with the public key of the application server after confirming the correctness, encrypts the random number of the application server with the session key after verification success, and sends a confirmation packet to the application server;
after receiving the client confirmation packet, the application server decrypts by adopting the session key of the secure channel, verifies that the signature value of the application server is correct, completes the authentication flow, closes the connection and releases the resource.
Further, the method further comprises:
after the authentication flow is completed, the client and the application server synchronously synchronize the data packets of the session key and the session key ID to a protocol stack hash table for storage.
Further, the method further comprises:
after the data packet flows into the client protocol stack, the data packet is encrypted and protected in a sending queue: the method comprises the steps of (1) invoking a session key in a Hash table for plaintext data meeting 16-byte grouping, encrypting by using a symmetric algorithm specified by cipher suite parameters, and directly carrying out exclusive-or processing on grouping data with less than 16 bytes and a Hash value of a seed key for encryption protection; and then filling the ciphertext data into the payload of the transmission protocol, filling the session key ID into the IP header extension field, recalculating the IP checksum and the TCP checksum, and transmitting the ciphertext data out through a sending queue.
Further, the method further comprises:
after the data packet flows into an application server protocol stack, the data packet is subjected to buffer decomposition in a receiving queue, an IP head is analyzed, a session key ID is obtained, a local Hash table is searched, a session key is obtained, ciphertext packet data of integer multiples of 16 bytes are decrypted according to a symmetric algorithm specified by a cipher suite parameter and the session key searched in the last step, ciphertext data of less than 16 bytes are subjected to exclusive OR processing with a Hash value of a key seed, and decryption is performed; filling the decrypted plaintext data into payload of a transmission protocol, recalculating an IP checksum and a TCP checksum, processing the plaintext data through a protocol stack, and finally transmitting the data.
The invention has the following beneficial effects: according to the protocol stack-based data security transmission method, the data source is encrypted and protected, and the security in the data transmission process is improved. The lightweight authentication scheme of the digital certificate or the similar digital certificate is applied, and the problem of trusted access of the client is solved. The data transmission does not need to establish a tunnel, and is directly encrypted for transmission, so that the transmission efficiency is improved, the data transmission path is shortened, and the data delay is reduced. The secret key is updated periodically or in idle time, so that the safety strength of the secret key protection is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of the protocol stack-based data security transmission method of the present invention applied in an open internet application scenario;
fig. 2 is a flowchart of the protocol stack-based data security transmission method applied to the internet of things;
FIG. 3 is a schematic diagram of a network environment to which the protocol stack-based data security transmission method of the present invention is applied;
fig. 4 is an authentication flow diagram of a client and an application server.
Detailed Description
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The invention will be described in detail below with reference to the drawings in connection with embodiments. It should be noted that the following detailed description is illustrative and is intended to provide further explanation of the present application. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
The invention provides a data security transmission method based on a protocol stack, referring to fig. 1 and 3, a network environment applied by the method comprises a user area and an application server area, wherein the user area comprises a client and a user area firewall, and the application server area comprises an application server and an application server area firewall. Under the open internet application scene, under the network environment that throughput is big and high concurrency, traditional VPN scheme can't guarantee data privacy protection and does not influence other original business simultaneously. This method may be applied to border gateway devices, such as firewalls in the figure, referring to fig. 2, and includes:
s101, after the user area firewall and the application server area firewall perform two-way authentication access, the application server area firewall safely transmits a session key to the user area firewall in a digital envelope mode.
S102, the user area firewall and the application server area firewall simultaneously issue the session key and the security policy to the protocol stack.
And S103, when the client accesses the application server, the user area firewall performs encryption privacy protection on the network data to obtain user area encryption data.
S104, the firewall of the application server area recognizes the encrypted data of the user area through a security policy;
s105, the firewall of the application server area analyzes the packet header of the encrypted data of the user area, and the corresponding session key is retrieved through the ID of the session key.
And S106, the firewall of the application server area uses the session key to decrypt the encrypted data of the user area, and the decrypted data is forwarded to the application server after being decrypted to obtain plaintext data.
Referring to fig. 2 and fig. 3, the network environment to which the method is applied further includes a cloud server area and an internet of things device area, where the cloud server area includes an internet of things platform and a cloud host, and the internet of things device area includes an internet of things gateway and an internet of things device. The existing internet of things platform is basically based on the open internet, and no special safety protection measures exist. The data delay is increased while the data privacy of the traditional VPN scheme is protected, so that a reverse control instruction can not reach the Internet of things equipment in time, and the problem is unacceptable for the Internet of things with high real-time requirement, and the method comprises the following steps:
s201, after the Internet of things gateway and the cloud host are subjected to two-way authentication access, the cloud host safely transmits a session key to the Internet of things gateway in a digital envelope mode.
S202, the gateway of the Internet of things and the cloud host synchronously send the session key and the security policy to a protocol stack.
S203, when the Internet of things equipment is accessed to the Internet of things gateway, and network data of the Internet of things equipment is accessed to the Internet of things platform through the Internet of things gateway, the Internet of things gateway encrypts and protects the privacy of the network data to obtain encrypted data of an Internet of things equipment area.
Specifically, the internet of things equipment in the internet of things equipment area is accessed to the internet of things gateway in the modes of RS232, RS485 and the like.
And S204, the cloud host identifies the encryption data of the equipment area of the Internet of things through a security policy.
S205, the cloud host analyzes the data packet header of the encrypted data of the equipment area of the Internet of things, and the corresponding session key is retrieved through the ID of the session key.
S206, the cloud host uses the session key to decrypt the encrypted data of the equipment area of the Internet of things, and the decrypted data is forwarded to the platform of the Internet of things after the decrypted data is obtained.
The specific schemes of the protocol stack-based data security transmission method applied to the open internet application scene and the internet of things scene are given above, and downlink data are the same, and are not repeated here.
Furthermore, the method comprises the following steps: and periodically or intermittently updating the session key, for example, the client performs access authentication with the application server once a day or when no data traffic exists, so as to acquire a new session key and protect the security of the key. The bidirectional authentication of the user zone firewall and the application server zone firewall adopts a lightweight identity authentication scheme of a digital certificate or a similar digital certificate.
In this embodiment, referring to fig. 4, the mutual authentication specifically includes: after the client establishes a connection with the application server, the client initiates an authentication challenge to the application server. The authentication challenge contains data parameters: protocol version, message type, client nonce, device ID, channel type, etc.
After receiving authentication challenge of the client, the application server inquires a local client white list, judges whether the client is matched with the local client white list, if so, sends a challenge response to the client, and if not, closes the connection. The challenge response contains data parameters: protocol version, message type, client random number, server random number, etc.
After receiving the challenge response of the application server, the client initiates authentication data to the application server; the authentication data includes data parameters: protocol version, message type, client random number, mutual authentication identification, server random number, client cipher suite, client multi-factor signature value and the like.
After receiving the authentication data of the client, the application server selects a password suite of the client, uses a public key of the client to check a signature value in the authentication data, re-acquires a random number as a session key after the signature passes, protects the session key in a digital envelope mode, calculates a multi-factor signature value by using a private key of the application server, and combines the obtained data to be transmitted to the client as the authentication data. The authentication data includes data parameters: protocol version, message type, client random number, server signature value, session key ID, encrypted ciphertext of session key, etc.
After receiving the authentication data of the application server, the client decrypts the digital envelope with the private key of the client to obtain a session password, decrypts the authentication data with the session key, verifies the correctness of the session key, verifies the signature value of the application server with the public key of the application server after the correctness is confirmed, encrypts the random number of the application server with the session key after the verification is successful, and sends a confirmation packet to the application server. The acknowledgement packet contains data parameters: protocol version, message type, client random number, server random number ciphertext, etc.
After receiving the client confirmation packet, the application server decrypts by adopting the session key of the secure channel, verifies that the signature value of the application server is correct, completes the authentication flow, closes the connection and releases the resource. After the authentication flow is completed, the client and the application server synchronously synchronize the data packets of the session key and the session key ID to a protocol stack hash table for storage.
After the data packet flows into the client protocol stack, the data packet is encrypted and protected in a sending queue: the method comprises the steps of (1) calling a session key in a Hash table for plaintext data meeting 16-byte grouping, and encrypting by using a symmetric algorithm specified by cipher suite parameters, such as an SM4 grouping encryption algorithm; the packet data with the byte less than 16 is directly subjected to exclusive-or processing with the Hash value of the seed key to carry out encryption protection, for example, a client can obtain a new seed key after carrying out Hash on the session key twice, and then the new seed key is directly subjected to exclusive-or operation with a plaintext with the byte less than 16; and then filling the ciphertext data into the payload of the transmission protocol, filling the session key ID into the IP header extension field, recalculating the IP checksum and the TCP checksum, processing the plaintext data through a protocol stack, and finally transmitting the data.
After the data packet flows into the protocol stack of the application server, the data which is not allowed to be accessed in the security policy is directly discarded, the data packet which is allowed to be accessed in the security policy is cached and decomposed in a receiving queue, an IP header is analyzed, a session key ID is acquired, a local hash table is searched, a session key is acquired, ciphertext packet data which is an integer multiple of 16 bytes is decrypted according to a symmetric algorithm specified by the cipher suite parameter and the session key which is searched in the last step, for example, an SM4 block cipher algorithm; decrypting the ciphertext data with less than 16 bytes and performing exclusive OR treatment on the ciphertext data and a Hash value of the key seed, for example, obtaining a new seed key after performing Hash on the session key for 2 times, and then directly performing exclusive OR treatment on the new seed key and the ciphertext to obtain the ciphertext; filling the decrypted plaintext data into payload of a transmission protocol, recalculating an IP checksum and a TCP checksum, processing the plaintext data through a protocol stack, and finally transmitting the data. Reverse data flow is the same and will not be described in detail here.
In summary, the protocol stack-based data security transmission method of the present invention adopts the lightweight certificate system and the lightweight cryptographic protocol, without the need of key negotiation process, optimizes the access authentication efficiency, distributes the session key in a digital envelope manner, and updates the session key in a manner of periodically reinitiating the access authentication, thereby ensuring the security of the session key.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments in accordance with the present application. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be capable of being practiced otherwise than as specifically illustrated and described herein.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. A method for securely transmitting data based on a protocol stack, wherein a network environment to which the method is applied includes a user area and an application server area, the user area includes a client and a user area firewall, the application server area includes an application server and an application server area firewall, the method includes:
after the user zone firewall and the application server zone firewall perform bidirectional authentication access, the application server zone firewall safely transmits a session key to the user zone firewall in a digital envelope mode;
the user area firewall and the application server area firewall send the session key and the security policy to the protocol stack at the same time;
when a client accesses an application server, a user area firewall performs encryption privacy protection on network data to obtain user area encryption data;
the firewall of the application server area identifies the encrypted data of the user area through a security policy;
the firewall of the application server area analyzes the packet header of the encrypted data of the user area, and the corresponding session key is retrieved through the ID of the session key;
the firewall of the application server area uses the session key to decrypt the encrypted data of the user area, and the encrypted data is forwarded to the application server after being decrypted to obtain plaintext data;
the method further comprises the steps of: after the data packet flows into the client protocol stack, the data packet is encrypted and protected in a sending queue: the method comprises the steps of (1) invoking a session key in a Hash table for plaintext data meeting 16-byte grouping, encrypting by using a symmetric algorithm specified by cipher suite parameters, and directly carrying out exclusive-or processing on grouping data with less than 16 bytes and a Hash value of a seed key for encryption protection; filling ciphertext data into payload of a transmission protocol, filling a session key ID into an IP header extension field, recalculating an IP checksum and a TCP checksum, and transmitting the ciphertext data out through a sending queue;
the method further comprises the steps of: after the data packet flows into an application server protocol stack, the data packet is subjected to buffer decomposition in a receiving queue, an IP head is analyzed, a session key ID is obtained, a local Hash table is searched, a session key is obtained, ciphertext packet data of integer multiples of 16 bytes are decrypted according to a symmetric algorithm specified by a cipher suite parameter and the session key searched in the last step, ciphertext data of less than 16 bytes are subjected to exclusive OR processing with a Hash value of a key seed, and decryption is performed; filling the decrypted plaintext data into payload of a transmission protocol, recalculating an IP checksum and a TCP checksum, processing the plaintext data through a protocol stack, and finally transmitting the data.
2. The protocol stack-based data security transmission method according to claim 1, wherein the network environment to which the method is applied further comprises a cloud server area and an internet of things device area, the cloud server area comprises an internet of things platform and a cloud host, the internet of things device area comprises an internet of things gateway and an internet of things device, and the method comprises:
after the internet of things gateway and the cloud host carry out mutual authentication access, the cloud host safely transmits a session key to the internet of things gateway in a digital envelope mode;
the gateway of the Internet of things and the cloud host synchronously send the session key and the security policy to a protocol stack;
when the internet of things equipment is accessed to the internet of things gateway, and network data of the internet of things equipment is accessed to the internet of things platform through the internet of things gateway, the internet of things gateway encrypts and privacy protects the network data to obtain encrypted data of an internet of things equipment area;
the cloud host recognizes the encrypted data of the equipment area of the Internet of things through a security policy;
the cloud host analyzes the data packet header of the encrypted data of the equipment area of the Internet of things, and the corresponding session key is retrieved through the ID of the session key;
and the cloud host uses the session key to decrypt the encrypted data of the equipment area of the Internet of things, and the decrypted data is forwarded to the platform of the Internet of things after obtaining the plaintext data.
3. The protocol stack-based data security transmission method of claim 2, wherein the internet of things device is connected to the internet of things gateway in an RS232 or RS485 manner.
4. A method for secure transmission of protocol stack based data according to claim 3, said method further comprising:
the session key is updated periodically or at leisure.
5. The protocol stack-based data security transmission method according to claim 4, wherein the bidirectional authentication of the user zone firewall and the application server zone firewall adopts a lightweight identity authentication scheme of digital certificates or digital-like certificates.
6. The protocol stack based data security transmission method according to claim 5, wherein the bidirectional authentication comprises:
after the client establishes connection with the application server, the client initiates an authentication challenge to the application server;
after receiving authentication challenge of the client, the application server inquires a local client white list, judges whether the client is matched with the local client white list, if so, sends a challenge response to the client, and if not, closes the connection.
7. The protocol stack based data security transmission method of claim 6, further comprising:
after receiving the challenge response of the application server, the client initiates authentication data to the application server;
after receiving authentication data of a client, an application server selects a password suite of the client, uses a public key of the client to check signature values in the authentication data, re-acquires random numbers as session keys after the signature checking passes, protects the session keys in a digital envelope mode, calculates multi-factor signature values by using a private key of the application server, and combines the obtained data to be used as authentication data to be sent to the client;
after receiving the authentication data of the application server, the client decrypts the digital envelope with the private key of the client to obtain a session password, decrypts the authentication data with the session key, verifies the correctness of the session key, verifies the signature value of the application server with the public key of the application server after confirming the correctness, encrypts the random number of the application server with the session key after verification success, and sends a confirmation packet to the application server;
after receiving the client confirmation packet, the application server decrypts by adopting the session key of the secure channel, verifies that the signature value of the application server is correct, completes the authentication flow, closes the connection and releases the resource.
8. The protocol stack based data security transmission method of claim 7, further comprising:
after the authentication flow is completed, the client and the application server synchronously synchronize the data packets of the session key and the session key ID to a protocol stack hash table for storage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311468688.1A CN117201200B (en) | 2023-11-07 | 2023-11-07 | Data safety transmission method based on protocol stack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311468688.1A CN117201200B (en) | 2023-11-07 | 2023-11-07 | Data safety transmission method based on protocol stack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117201200A CN117201200A (en) | 2023-12-08 |
| CN117201200B true CN117201200B (en) | 2024-01-02 |
Family
ID=88985438
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311468688.1A Active CN117201200B (en) | 2023-11-07 | 2023-11-07 | Data safety transmission method based on protocol stack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117201200B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1509006A (en) * | 2002-12-13 | 2004-06-30 | 联想(北京)有限公司 | Firewall and invasion detecting system linkage method |
| CN108924112A (en) * | 2018-06-25 | 2018-11-30 | 深圳烟草工业有限责任公司 | A kind of method for connecting network and device |
| CN114499913A (en) * | 2020-10-26 | 2022-05-13 | 华为技术有限公司 | Encrypted message detection method and protection equipment |
| CN114726513A (en) * | 2022-03-18 | 2022-07-08 | 阿里巴巴(中国)有限公司 | Data transmission method, apparatus, medium, and product |
| CN114884647A (en) * | 2021-01-22 | 2022-08-09 | 腾讯科技(深圳)有限公司 | Network access management method and related equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9602498B2 (en) * | 2013-10-17 | 2017-03-21 | Fortinet, Inc. | Inline inspection of security protocols |
-
2023
- 2023-11-07 CN CN202311468688.1A patent/CN117201200B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1509006A (en) * | 2002-12-13 | 2004-06-30 | 联想(北京)有限公司 | Firewall and invasion detecting system linkage method |
| CN108924112A (en) * | 2018-06-25 | 2018-11-30 | 深圳烟草工业有限责任公司 | A kind of method for connecting network and device |
| CN114499913A (en) * | 2020-10-26 | 2022-05-13 | 华为技术有限公司 | Encrypted message detection method and protection equipment |
| CN114884647A (en) * | 2021-01-22 | 2022-08-09 | 腾讯科技(深圳)有限公司 | Network access management method and related equipment |
| CN114726513A (en) * | 2022-03-18 | 2022-07-08 | 阿里巴巴(中国)有限公司 | Data transmission method, apparatus, medium, and product |
Non-Patent Citations (1)
| Title |
|---|
| 基于HTTPS隧道防火墙穿透技术研究与探讨;杨顺韬;;河池学院学报(02);第86-90页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117201200A (en) | 2023-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107018134B (en) | Power distribution terminal safety access platform and implementation method thereof | |
| CN108650227B (en) | Handshaking method and system based on datagram secure transmission protocol | |
| US9742806B1 (en) | Accessing SSL connection data by a third-party | |
| US8984268B2 (en) | Encrypted record transmission | |
| US7584505B2 (en) | Inspected secure communication protocol | |
| US20080083011A1 (en) | Protocol/API between a key server (KAP) and an enforcement point (PEP) | |
| EP3213488A1 (en) | End-to-end service layer authentication | |
| CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
| Park et al. | Lightweight secure communication for CoAP-enabled internet of things using delegated DTLS handshake | |
| JP2011524669A (en) | Control signal encryption method | |
| CN104219217A (en) | SA (security association) negotiation method, device and system | |
| KR20180130203A (en) | APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME | |
| CN103227742B (en) | A kind of method of ipsec tunnel fast processing message | |
| CN117201200B (en) | Data safety transmission method based on protocol stack | |
| Bejarano et al. | Security in IP satellite networks: COMSEC and TRANSEC integration aspects | |
| Dai et al. | Analysis and research of security mechanism in IEEE 802.16 j | |
| Pandey et al. | A system and method for authentication in wireless local area networks (wlans) | |
| CN210839642U (en) | Device for safely receiving and sending terminal data of Internet of things | |
| Cisco | Introduction to Cisco IPsec Technology | |
| CN113746861A (en) | Data transmission encryption and decryption method and encryption and decryption system based on state encryption technology | |
| US20080059788A1 (en) | Secure electronic communications pathway | |
| CN108809888B (en) | Safety network construction method and system based on safety module | |
| CN110650016B (en) | Method for realizing network data security of AC/DC control protection system | |
| CN113660195B (en) | AES-RSA anti-man-in-the-middle attack method based on 104 protocol | |
| Budzko et al. | Analysis of the level of security provided by advanced information and communication technologies |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |