CN109067803A - A kind of SSL/TLS encryption and decryption communication means, device and equipment - Google Patents
A kind of SSL/TLS encryption and decryption communication means, device and equipment Download PDFInfo
- Publication number
- CN109067803A CN109067803A CN201811178354.XA CN201811178354A CN109067803A CN 109067803 A CN109067803 A CN 109067803A CN 201811178354 A CN201811178354 A CN 201811178354A CN 109067803 A CN109067803 A CN 109067803A
- Authority
- CN
- China
- Prior art keywords
- encryption
- decryption
- client
- ssl
- enciphering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses a kind of SSL/TLS encryption and decryption communication means, applied to the network management device at the portal, comprising: receive the SSL/TLS handshake request that client is sent;It carries out SSL/TLS with client to shake hands, to determine the enciphering and deciphering algorithm and its algorithm parameter that share in this communication process with client;Receive the CIPHERING REQUEST message that client is sent;It uses enciphering and deciphering algorithm CIPHERING REQUEST message to be decrypted to generate plaintext challenge message, and is forwarded to server;After the plaintext response message for receiving server transmission, enciphering and deciphering algorithm is used to be encrypted to plaintext response message to generate encrypted response message, and be forwarded to client.The application avoids consumption of the encryption and decryption calculating to server process performance, and simplifies the maintenance work amoun of crypting component.A kind of SSL/TLS encryption and decryption communication device, equipment and computer readable storage medium is also disclosed in the application, it may have above-mentioned beneficial effect.
Description
Technical field
This application involves network encryption field of communication technology, in particular to a kind of SSL/TLS encryption and decryption communication means, dress
It sets, equipment and computer readable storage medium.
Background technique
With the progress of the development of network technology, internet security problem is increasingly prominent, attention of the people to information security
Degree has also obtained unprecedented promotion.
Since http protocol uses plaintext transmission information, thus there are the risk of leakage of private information, threat information is safe,
Therefore, SSL (Secure Sockets Layer, Secure Socket Layer) agreement and its successor TLS (Transport Layer
Security, Transport Layer Security) agreement is born in succession.In the prior art, server by utilizing security protocol TLS and SSL is being passed
Defeated layer encrypts the communication data of network connection.But since the SSL/TLS encryption process carried out is related to largely
Calculating process, therefore greatly consume the computing resource of server CPU, or even to enable the service feature of server be reduced to original
1/10th so that user has to expand number of servers.Also, the HTTP server of script needs to carry out complicated portion
It can just be adapted as supporting the HTTPS server of SSL/TLS encryption and decryption after administration;And after deployment success, every HTTPS service
Device needs continually to carry out the upgrade job of SSL/TLS encrypted component also to exclude loophole;And it can be along in escalation process
Various compatibling problems and abnormal problem etc..Therefore, the maintenance work amoun of SSL/TLS encryption and decryption is extremely huge in the prior art, fortune
Dimension personnel's heavy load, especially when the number of servers that user uses is larger.
It can be seen that using which kind of SSL/TLS encryption and decryption communication technology, so as to the business processing of effective guarantee server
Can, and simplify the maintenance work amoun to SSL/TLS crypting component, effectively mitigate the work load of operation maintenance personnel, is this field
Technical staff's technical problem urgently to be resolved.
Summary of the invention
The application's is designed to provide a kind of SSL/TLS encryption and decryption communication means, device, equipment and computer-readable deposits
Storage media so as to the service process performance of effective guarantee server, and simplifies the maintenance work to SSL/TLS crypting component
Amount effectively mitigates the work load of operation maintenance personnel.
In order to solve the above technical problems, the application provides a kind of SSL/TLS encryption and decryption communication means, it is applied to network and enters and leaves
Network management device at mouthful, comprising:
Receive the SSL/TLS handshake request that client is sent;
SSL/TLS is carried out with the client to shake hands, and is shared to determine in this communication process with the client
Enciphering and deciphering algorithm and its algorithm parameter;
The CIPHERING REQUEST message that the client is sent is received, the CIPHERING REQUEST message is as described in client use
Enciphering and deciphering algorithm encryption generates;
Use the enciphering and deciphering algorithm that the CIPHERING REQUEST message is decrypted to generate plaintext challenge message, and by institute
It states literary request message clearly and is forwarded to server;
After receiving the plaintext response message that the server is sent, using the enciphering and deciphering algorithm to the plaintext
Response message is encrypted to generate encrypted response message, and the encrypted response message is forwarded to the client.
Optionally, SSL/TLS during shake hands, the determination this communication process are carried out with the client described
In before the enciphering and deciphering algorithm and its algorithm parameter that are shared with the client, further includes:
The classification of the determining enciphering and deciphering algorithm supported jointly with the client, to determine that this is logical from the classification
The enciphering and deciphering algorithm and its algorithm parameter shared during letter with the client;
Wherein, the classification for the enciphering and deciphering algorithm that the network management device is supported includes that the close enciphering and deciphering algorithm of state and the world add
Decipherment algorithm.
Optionally, during described and client progress SSL/TLS shakes hands, further includes:
Determine that the encryption and decryption mode in this communication process, the encryption and decryption mode are that hardware enciphering and deciphering or software add solution
It is close;To call default encryption and decryption hardware device to carry out encryption and decryption, and in institute when the encryption and decryption mode is hardware enciphering and deciphering
When to state encryption and decryption mode be software encryption and decryption, default encryption and decryption processing routine is called to carry out encryption and decryption.
Optionally, the default encryption and decryption hardware device is specially FPGA or DSP.
Optionally, during described and client progress SSL/TLS shakes hands, further includes:
Obtain the client certificate information of the client;
Use the enciphering and deciphering algorithm that the CIPHERING REQUEST message is decrypted to generate plaintext challenge message described
It is later, described that the plaintext challenge message is forwarded to before server, further includes:
The client certificate information is inserted into the plaintext challenge message, so that the server is from the plaintext
The client certificate information is obtained in request message.
Present invention also provides a kind of SSL/TLS encryption and decryption communication devices, applied to the network management at the portal
Equipment, comprising:
Handshake module: for receiving the SSL/TLS handshake request of client transmission;SSL/TLS is carried out with the client
It shakes hands, to determine the enciphering and deciphering algorithm and its algorithm parameter that share in this communication process with the client;
Deciphering module: the CIPHERING REQUEST message sent for receiving the client, the CIPHERING REQUEST message is by described
Client is generated using enciphering and deciphering algorithm encryption;The CIPHERING REQUEST message is decrypted using the enciphering and deciphering algorithm
To generate plaintext challenge message, and the plaintext challenge message is forwarded to server;
Encrypting module: for after receiving the plaintext response message that the server is sent, using the encryption and decryption
Algorithm encrypts the plaintext response message to generate encrypted response message, and the encrypted response message is forwarded to institute
State client.
Optionally, the handshake module is also used to:
It is described carry out with the client SSL/TLS shake hands during, in the determination this communication process with institute
Before stating the enciphering and deciphering algorithm and its algorithm parameter that client shares, the determining encryption and decryption supported jointly with the client is calculated
The classification of method, so as to the enciphering and deciphering algorithm shared from this communication process determining in the classification with the client
And its algorithm parameter;
Wherein, the classification for the enciphering and deciphering algorithm that the network management device is supported includes that the close enciphering and deciphering algorithm of state and the world add
Decipherment algorithm.
Optionally, the handshake module is also used to:
During described and client progress SSL/TLS shakes hands, the encryption and decryption in this communication process is determined
Mode, the encryption and decryption mode are hardware enciphering and deciphering or software encryption and decryption;
When the encryption and decryption mode is hardware enciphering and deciphering, the deciphering module is specifically used for calling default encryption and decryption hardware
The CIPHERING REQUEST message is decrypted in device, and the encrypting module is specifically used for calling the default encryption and decryption hardware device
The plaintext response message is encrypted;
When the encryption and decryption mode is software encryption and decryption, the deciphering module is specifically used for calling default encryption and decryption processing
The CIPHERING REQUEST message is decrypted in program, and the encrypting module is specifically used for calling default encryption and decryption processing routine to institute
Literary response message is stated clearly to be encrypted.
Present invention also provides a kind of SSL/TLS encryption and decryption communication equipments, comprising:
Memory: for storing computer program;
Processor: for executing the computer program to realize any SSL/TLS encryption and decryption communication as described above
The step of method.
Present invention also provides a kind of computer readable storage medium, meter is stored in the computer readable storage medium
Calculation machine program, to realize that any SSL/TLS encryption and decryption as described above is logical when the computer program is executed by processor
The step of letter method.
SSL/TLS encryption and decryption communication means provided herein is applied to the network management device at the portal,
It include: the SSL/TLS handshake request for receiving client and sending;It carries out SSL/TLS with the client to shake hands, to determine this
The enciphering and deciphering algorithm and its algorithm parameter shared in communication process with the client;Receive the encryption that the client is sent
Request message, the CIPHERING REQUEST message are generated by the client using enciphering and deciphering algorithm encryption;Using described plus solution
Close algorithm is decrypted the CIPHERING REQUEST message to generate plaintext challenge message, and the plaintext challenge message is forwarded to
Server;After receiving the plaintext response message that the server is sent, using the enciphering and deciphering algorithm to the plaintext
Response message is encrypted to generate encrypted response message, and the encrypted response message is forwarded to the client.
As it can be seen that compared with the prior art, SSL/TLS encryption and decryption communication means provided herein will go out positioned at network
The network management device of entrance replaces server to carry out adding for communication data as the communication bridge between client and server
Decryption processing.The application not only effectively realizes the communication of SSL/TLS encryption and decryption as a result, but also also avoids encryption and decryption and calculated
Consumption of the journey to server process performance ensures that the operating of the business service of server is not affected, and without to original
HTTP server carry out biggish change.Further, since the HTTP service that the network management device is located at multiple servers enters
Mouthful, therefore, as long as completing the maintenance works such as deployment and upgrading of SSL/TLS crypting component in the network management device
Realize that the SSL/TLS encryption and decryption between multiple servers and client communicates, to effectively simplify to SSL/TLS encryption and decryption
The maintenance work amoun of component dramatically reduces the work load of operation maintenance personnel.SSL/TLS encryption and decryption provided herein is logical
Above-mentioned SSL/TLS encryption and decryption communication means may be implemented in T unit, equipment and computer readable storage medium, equally has above-mentioned
Beneficial effect.
Detailed description of the invention
In order to illustrate more clearly of the technical solution in the prior art and the embodiment of the present application, below will to the prior art and
Attached drawing to be used is needed to make brief introduction in the embodiment of the present application description.Certainly, in relation to the attached drawing of the embodiment of the present application below
A part of the embodiment in only the application of description is not paying creativeness to those skilled in the art
Under the premise of labour, other attached drawings can also be obtained according to the attached drawing of offer, other accompanying drawings obtained also belong to the application
Protection scope.
Fig. 1 is a kind of flow chart of SSL/TLS encryption and decryption communication means provided herein;
Fig. 2 is a kind of process frame diagram of SSL/TLS encryption and decryption communication means provided herein;
Fig. 3 is a kind of structural block diagram of SSL/TLS encryption and decryption communication device provided herein.
Specific embodiment
The core of the application is to provide a kind of SSL/TLS encryption and decryption communication means, device, equipment and computer-readable deposits
Storage media so as to the service process performance of effective guarantee server, and simplifies the maintenance work to SSL/TLS crypting component
Amount effectively mitigates the work load of operation maintenance personnel.
In order to which technical solutions in the embodiments of the present application is more clearly and completely described, below in conjunction with this Shen
Please attached drawing in embodiment, technical solutions in the embodiments of the present application is introduced.Obviously, described embodiment is only
Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall in the protection scope of this application.
Fig. 1 and Fig. 2 are please referred to, Fig. 1 is a kind of flow chart of SSL/TLS encryption and decryption communication means provided herein;
Fig. 2 is a kind of process frame diagram of SSL/TLS encryption and decryption communication means provided herein.
SSL/TLS encryption and decryption communication means provided herein is particularly applicable to the various nets positioned at the portal
In network management equipment, such as gateway etc..It as a preferred implementation manner, can also be as shown in Fig. 2, being applied to special responsible flow
The load-balancing device of distribution.
Load balancer is built upon network structure (the large-scale http network clothes being more especially made of multiple servers
Business system) in, for the unified equipment for carrying out traffic distribution.It provides a kind of cheap effectively transparent method to set for network
Standby and server spread bandwidth increases handling capacity, Strengthens network data-handling capacity, and then improves the flexibility of network and can be used
Property.Load balancer is that each network equipment and server in network execute net according to preset load balance rule
The load balance of network flow guides, and is actually the concentration entrance of HTTP application.
Below just by be applied to load balancer for, to SSL/TLS encryption and decryption communication means provided herein into
Row is introduced.As shown in Figure 1, SSL/TLS encryption and decryption communication means provided herein mainly comprises the steps that
Step 1: receiving the SSL/TLS handshake request that client is sent.
Specifically, SSL/TLS encryption and decryption communication means provided herein is set by network managements such as load balancers
It is standby come encryption and decryption communication data, and not as directly carrying out encryption and decryption by server in the prior art.
When realizing SSL/TLS encryption and decryption communication means provided herein using load balancer, load balancer
In addition to the equipment as traffic distribution is carried out, also by as the terminal during client and server communication, communicated
The encryption and decryption of data and forwarding service, that is, serve as the role of " agency ", the service request of client will all pass through load balancing
Device is sent to server.According to ssl protocol or tls protocol requirement, place of being shaken hands accordingly is needed before data communication
Reason, after load balancer receives the SSL handshake request or TLS handshake request of client, just correspondingly with client
Progress SSL shakes hands or TLS shakes hands.
Certainly, SSL/TLS encryption and decryption provided herein is not limited in the encryption and decryption to HTTPS agreement, can also be with
Encryption and decryption is carried out to other any agreements based on TCP.
Step 2: carrying out SSL/TLS with client and shake hands, shared with client in this communication process to determine
Enciphering and deciphering algorithm and its algorithm parameter.
By taking SSL shakes hands as an example, load balancer and client carry out SSL according to ssl protocol and shake hands, and are shaken hands really by SSL
Making in this communication process the algorithm parameter of institute's enciphering and deciphering algorithm to be used and the enciphering and deciphering algorithm, (including encryption is close
Key).It is easily understood that the enciphering and deciphering algorithm is load balancer and certain encryption and decryption calculation that the client is supported jointly
Method;Moreover, different enciphering and deciphering algorithms also has dedicated algorithm Handshake Protocol and different algorithm parameters, described SSL is held
Depending on hand process will be according to specific used enciphering and deciphering algorithm.As for the detailed process step that SSL shakes hands, existing skill can refer to
Particular content in art, the application are not limited thereto.TLS shakes hands to shake hands similar with SSL, just repeats no more here.
Step 3: receiving the CIPHERING REQUEST message that client is sent, CIPHERING REQUEST message uses enciphering and deciphering algorithm by client
Encryption generates.
After load balancer completes the handshake procedure with client, client will send CIPHERING REQUEST message
To load balancer.Described CIPHERING REQUEST message is exactly that client is calculated using the encryption and decryption that the both sides determined in step 2 share
Method and its algorithm parameter carry out encryption generation to plaintext challenge message.
Step 4: using enciphering and deciphering algorithm that CIPHERING REQUEST message is decrypted to generate plaintext challenge message, and will be in plain text
Request message is forwarded to server.
In order to mitigate the operation burden of server, CIPHERING REQUEST message can be decrypted by load balancer.Certainly,
The foundation of decryption is still enciphering and deciphering algorithm and its algorithm parameter that the both sides determined in step 2 share.After the completion of decryption, load
The plaintext challenge message that decryption obtains can be sent to server by server, be responded by server.
Step 5: after the plaintext response message for receiving server transmission, using enciphering and deciphering algorithm to plaintext response report
Text is encrypted to generate encrypted response message, and encrypted response message is forwarded to client.
Specifically, after server, which carries out response to the request of client, generates plaintext response message, load balancer
The plaintext response message can be encrypted using described enciphering and deciphering algorithm, and encrypted encrypted response message is sent out
It send to client, to complete entire coded communication process, ensures the safety of communication data, prevent the monitoring of significant data from letting out
Dew.
As previously mentioned, SSL/TLS encryption and decryption communication means described above can also be applied to positioned at the portal
Other network management devices, those skilled in the art can voluntarily select and be arranged according to practical situations.
As it can be seen that SSL/TLS encryption and decryption communication means provided herein, the network management for being located at the portal is set
It is standby to be handled as the communication bridge between client and server, and instead of the encryption and decryption that server carries out communication data.As a result, originally
Application not only effectively realizes the communication of SSL/TLS encryption and decryption, but also also avoids encryption and decryption calculating process to server process
The consumption of energy, ensures that the operating of the business service of server is not affected, and without carrying out to original HTTP server
Biggish change.Further, since the network management device is located at the HTTP service entrance of multiple servers, therefore, as long as completing
The maintenance works such as deployment and upgrading of SSL/TLS crypting component in the network management device, can be realized multiple servers with
SSL/TLS encryption and decryption communication between client, to effectively simplify the maintenance work to SSL/TLS crypting component
Amount, dramatically reduces the work load of operation maintenance personnel.
SSL/TLS encryption and decryption communication means provided herein, on the basis of the above embodiments:
As a kind of preferred embodiment, during shaking hands with client progress SSL/TLS, this communication process is determined
In before the enciphering and deciphering algorithm and its algorithm parameter that are shared with client, further includes:
The classification of the determining enciphering and deciphering algorithm supported jointly with client, to be determined in this communication process from classification
The enciphering and deciphering algorithm and its algorithm parameter shared with client;
Wherein, the classification for the enciphering and deciphering algorithm that network management device is supported includes the close enciphering and deciphering algorithm of state and international encryption and decryption
Algorithm.
Specifically, in SSL/TLS encryption and decryption communication means provided herein, in advance for positioned at the net of the portal
Network management equipment has carried out related setting, and the close enciphering and deciphering algorithm of state can be supported by making it not only, but also can support international enciphering and deciphering algorithm.Its
In, the close enciphering and deciphering algorithm of state is the commercial cipher enciphering and deciphering algorithm promulgated by State Commercial Cryptography Administration of China, including SM1, SM2, SM3 and
SM4;International enciphering and deciphering algorithm is enciphering and deciphering algorithm general in the world, including DES, 3DES, AES, RSA, SHA and ECDSA
Deng.Specifically, which can pass through the agreement in handshake request, that is, Client hello packet of client transmission
Version and the algorithm field of carrying are the close enciphering and deciphering algorithms of international enciphering and deciphering algorithm or state to confirm used in client.
Enciphering and deciphering algorithm close for state, State Commercial Cryptography Administration only give relevant criterion, and developer simultaneously can not obtain open source
Code;Also, it is needed using the server that the close enciphering and deciphering algorithm of state carries out coded communication by programs such as related examination & approval, therefore,
It is not only to execute encryption and decryption calculating by server in existing encryption and decryption communication means, and generally only supports to use state
Border enciphering and deciphering algorithm uses the close enciphering and deciphering algorithm of state without supporting.
But in fact, being to need while using a variety of enciphering and deciphering algorithms further to mention for some special industries
High security.For example, in the application scenarios such as Web bank, online trading, having to safety higher for financial industry
Demand, so therefore general requirement need to use these three enciphering and deciphering algorithms of SM2, RSA and ECDSA simultaneously.And it is provided herein
Network management device can support international enciphering and deciphering algorithm and the close enciphering and deciphering algorithm of state simultaneously, met financial this kind of high security
It is required that the application demand of industry, has preferable compatibility, has effectively expanded SSL/TLS enciphering and deciphering algorithm provided herein
The scope of application.
In addition, SSL/TLS agreement used at present also has all multi versions, for example, SSL3.0, TLS1.0, TLS1.1,
TLS1.2 etc., and the network management device in the application can support the various release protocols of current main-stream, also, can be same
Various enciphering and deciphering algorithms are supported in SSL/TLS encrypted tunnel.It can effective guarantee to the compatibility of various enciphering and deciphering algorithms and agreement
The network management device can preferably agree with requirement of the user to operation system function and safety.
As a kind of preferred embodiment, during shaking hands with client progress SSL/TLS, further includes:
Determine that the encryption and decryption mode in this communication process, encryption and decryption mode are hardware enciphering and deciphering or software encryption and decryption;
To call default encryption and decryption hardware device to carry out encryption and decryption, and in encryption and decryption side when encryption and decryption mode is hardware enciphering and deciphering
When formula is software encryption and decryption, default encryption and decryption processing routine is called to carry out encryption and decryption.
Specifically, the network management device in SSL/TLS encryption and decryption communication means provided herein is being communicated
When the encryption and decryption of data calculates, hardware specifically can be used and calculate and two methods of software calculating.For hardware calculation method, pass through
It calls default encryption and decryption hardware device specifically to execute the calculating of encryption and decryption, undertakes encryption and decryption and calculate bring performance consumption, it can
Effectively improve the process performance of the network management device.
It is easily understood that due to the close enciphering and deciphering algorithm of state and the corresponding different algorithm protocol of international enciphering and deciphering algorithm, recognizing
Certificate and interface are demonstrate,proved, therefore, can be respectively arranged to carry out the default encryption and decryption hardware device of the close encryption and decryption of state and be used to carry out
The default encryption and decryption hardware device of international encryption and decryption.By taking international enciphering and deciphering algorithm RSA as an example, using 2048bit key when, adopt
4~6 times of performance can be effectively improved compared to software calculation method with hardware calculation method.
As a kind of preferred embodiment, presetting encryption and decryption hardware device is specially FPGA or DSP.
Specifically, FPGA (Field Programmable Gate Array, field programmable gate array) be PAL,
The product further developed on the basis of the programming devices such as GAL, CPLD.As a kind of parallel processing device, can effectively be promoted
The computational efficiency of encryption and decryption improves the service performance of system entirety, therefore, SSL/TLS encryption and decryption communication provided herein
Described default encryption and decryption hardware device can specifically use FPGA in method.Certainly, those skilled in the art can also use
If other devices such as DSP (Digital Signal Processing, Digital Signal Processing) are as default encryption and decryption hardware device
Part, the application are not limited thereto.
As a kind of preferred embodiment, during shaking hands with client progress SSL/TLS, further includes:
Obtain the client certificate information of client;
Use enciphering and deciphering algorithm that CIPHERING REQUEST message is decrypted with after generating plaintext challenge message, will ask in plain text
Message is asked to be forwarded to before server, further includes:
Client certificate information is inserted into plaintext challenge message, so that server obtains visitor from plaintext challenge message
Family end certificate information.
Specifically, in the communication process of client and server, server generally requires the identity letter for obtaining client
The i.e. described client certificate information of breath.Therefore, in SSL/TLS encryption and decryption communication process provided herein, just specifically by
The network management device is come the client certificate information that forwards it to get to server.In SSL/TLS handshake procedure, generally
Will carry out proof of identity to client can be by the visitor after network management device gets client certificate information
Family end certificate information is added in the plaintext challenge message for being transmitted to server, so that server therefrom obtains client certificate letter
Breath.Specifically, which can be inserted into client certificate information the HTTP header or URL of plaintext challenge message
In (Uniform Resource Locator, uniform resource locator) or message text content, those skilled in the art can
Voluntarily to select to be arranged, the application is not limited thereto.
SSL/TLS encryption and decryption communication device provided herein is introduced below.
Referring to Fig. 3, Fig. 3 is a kind of structural block diagram of SSL/TLS encryption and decryption communication device provided herein;Using
Network management device at the portal, including handshake module 1, deciphering module 2 and encrypting module 3;
Handshake module 1 is used to receive the SSL/TLS handshake request of client transmission;SSL/TLS is carried out with client to shake hands,
To determine the enciphering and deciphering algorithm and its algorithm parameter that share in this communication process with client;
Deciphering module 2 is used to receive the CIPHERING REQUEST message of client transmission, and CIPHERING REQUEST message is used by client to be added
Decipherment algorithm encryption generates;Use enciphering and deciphering algorithm that CIPHERING REQUEST message is decrypted to generate plaintext challenge message, and will
Plaintext challenge message is forwarded to server;
Encrypting module 3 is used for after the plaintext response message for receiving server transmission, using enciphering and deciphering algorithm to bright
Literary response message is encrypted to generate encrypted response message, and encrypted response message is forwarded to client.
As it can be seen that SSL/TLS encryption and decryption communication device provided herein, the network management for being located at the portal is set
It is standby to be handled as the communication bridge between client and server, and instead of the encryption and decryption that server carries out communication data.As a result, originally
Application not only effectively realizes the communication of SSL/TLS encryption and decryption, but also also avoids encryption and decryption calculating process to server process
The consumption of energy, ensures that the operating of the business service of server is not affected, and without carrying out to original HTTP server
Biggish change.Further, since the network management device is located at the HTTP service entrance of multiple servers, therefore, as long as completing
The maintenance works such as deployment and upgrading of SSL/TLS crypting component in the network management device, can be realized multiple servers with
SSL/TLS encryption and decryption communication between client, to effectively simplify the maintenance work to SSL/TLS crypting component
Amount, dramatically reduces the work load of operation maintenance personnel.
SSL/TLS encryption and decryption communication device provided herein, on the basis of the above embodiments:
As a kind of preferred embodiment, handshake module 1 is also used to:
With client carry out SSL/TLS shake hands during, determine and shared with client in this communication process
Before enciphering and deciphering algorithm and its algorithm parameter, the classification of the determining enciphering and deciphering algorithm supported jointly with client, so as to from classification
The enciphering and deciphering algorithm and its algorithm parameter shared in this communication process of middle determination with client;
Wherein, the classification for the enciphering and deciphering algorithm which supports includes the close enciphering and deciphering algorithm of state and international plus solution
Close algorithm.
As a kind of preferred embodiment, handshake module 1 is also used to:
During shaking hands with client progress SSL/TLS, determines the encryption and decryption mode in this communication process, add solution
Close mode is hardware enciphering and deciphering or software encryption and decryption;
When encryption and decryption mode is hardware enciphering and deciphering, deciphering module 2 is specifically used for calling default encryption and decryption hardware device pair
CIPHERING REQUEST message is decrypted, encrypting module 3 be specifically used for calling default encryption and decryption hardware device to plaintext response message into
Row encryption;
When encryption and decryption mode is software encryption and decryption, deciphering module 2 is specifically used for calling default encryption and decryption processing routine pair
CIPHERING REQUEST message is decrypted, encrypting module 3 be specifically used for calling default encryption and decryption processing routine to plaintext response message into
Row encryption.
As a kind of preferred embodiment, handshake module 1 is also used to:
Obtain the client certificate information of client;
Deciphering module 2 is also used to:
Use enciphering and deciphering algorithm that CIPHERING REQUEST message is decrypted with after generating plaintext challenge message, will ask in plain text
It asks message to be forwarded to before server, client certificate information is inserted into plaintext challenge message, so that server obtains visitor
Family end certificate information.
Present invention also provides a kind of SSL/TLS encryption and decryption communication equipments, comprising:
Memory: for storing computer program;
Processor: for executing the computer program to realize any SSL/TLS encryption and decryption communication as described above
The step of method.
Present invention also provides a kind of computer readable storage medium, meter is stored in the computer readable storage medium
Calculation machine program, to realize that any SSL/TLS encryption and decryption as described above is logical when the computer program is executed by processor
The step of letter method.
The specific reality of SSL/TLS encryption and decryption communication device provided herein, equipment and computer readable storage medium
Reference can be corresponded to each other with SSL/TLS encryption and decryption communication means as described above by applying mode, just be repeated no more here.
Each embodiment is described in a progressive manner in the application, the highlights of each of the examples are with other realities
The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For device disclosed in embodiment
Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration
?.
It should be noted that in present specification, the relational terms of such as " first " and " second " etc are used merely to
One entity or operation and another entity or operate is distinguished, without necessarily requiring or implying these entities or
There are any actual relationship or orders between person's operation.In addition, the terms "include", "comprise" or its any other
Variant is intended to non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only
It including those elements, but also including other elements that are not explicitly listed, or further include for this process, method, object
Product or the intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...",
It is not precluded in the process, method, article or apparatus that includes the element that there is also other identical elements.
Technical solution provided herein is described in detail above.Specific case used herein is to this Shen
Principle and embodiment please is expounded, the present processes that the above embodiments are only used to help understand and its
Core concept.It should be pointed out that for those skilled in the art, in the premise for not departing from the application principle
Under, can also to the application, some improvement and modification can also be carried out, these improvement and modification also fall into the protection of the claim of this application
In range.
Claims (10)
1. a kind of SSL/TLS encryption and decryption communication means, which is characterized in that applied to the network management device at the portal,
Include:
Receive the SSL/TLS handshake request that client is sent;
It carries out SSL/TLS with the client to shake hands, to determine that is shared in this communication process with the client adds
Decipherment algorithm and its algorithm parameter;
The CIPHERING REQUEST message that the client is sent is received, the CIPHERING REQUEST message is by the client using described plus solution
Close algorithm for encryption generates;
It uses the enciphering and deciphering algorithm CIPHERING REQUEST message to be decrypted to generate plaintext challenge message, and will be stated clearly
Literary request message is forwarded to server;
After receiving the plaintext response message that the server is sent, using the enciphering and deciphering algorithm to the plaintext response
Message is encrypted to generate encrypted response message, and the encrypted response message is forwarded to the client.
2. SSL/TLS encryption and decryption communication means according to claim 1, which is characterized in that in the described and client
Carry out SSL/TLS shake hands during, the enciphering and deciphering algorithm that is shared in the determination this communication process with the client
And its before algorithm parameter, further includes:
The classification of the determining enciphering and deciphering algorithm supported jointly with the client, to determine that this was communicated from the classification
The enciphering and deciphering algorithm and its algorithm parameter that client described in Cheng Zhongyu shares;
Wherein, the classification for the enciphering and deciphering algorithm that the network management device is supported includes the close enciphering and deciphering algorithm of state and international encryption and decryption
Algorithm.
3. SSL/TLS encryption and decryption communication means according to claim 1, which is characterized in that in the described and client
During progress SSL/TLS shakes hands, further includes:
Determine that the encryption and decryption mode in this communication process, the encryption and decryption mode are hardware enciphering and deciphering or software encryption and decryption;
To call default encryption and decryption hardware device to carry out encryption and decryption, and described when the encryption and decryption mode is hardware enciphering and deciphering
When encryption and decryption mode is software encryption and decryption, default encryption and decryption processing routine is called to carry out encryption and decryption.
4. SSL/TLS encryption and decryption communication means according to claim 3, which is characterized in that the default encryption and decryption hardware
Device is specially FPGA or DSP.
5. SSL/TLS encryption and decryption communication means according to any one of claims 1 to 4, which is characterized in that in described and institute
Client is stated to carry out during SSL/TLS shakes hands, further includes:
Obtain the client certificate information of the client;
It is described use the enciphering and deciphering algorithm that the CIPHERING REQUEST message is decrypted with after generating plaintext challenge message,
It is described that the plaintext challenge message is forwarded to before server, further includes:
The client certificate information is inserted into the plaintext challenge message, so that the server is from the plaintext challenge
The client certificate information is obtained in message.
6. a kind of SSL/TLS encryption and decryption communication device, which is characterized in that applied to the network management device at the portal,
Include:
Handshake module: for receiving the SSL/TLS handshake request of client transmission;SSL/TLS is carried out with the client to shake hands,
To determine the enciphering and deciphering algorithm and its algorithm parameter that share in this communication process with the client;
Deciphering module: the CIPHERING REQUEST message sent for receiving the client, the CIPHERING REQUEST message is by the client
End is generated using enciphering and deciphering algorithm encryption;Use the enciphering and deciphering algorithm that the CIPHERING REQUEST message is decrypted with life
Server is forwarded at plaintext challenge message, and by the plaintext challenge message;
Encrypting module: for after receiving the plaintext response message that the server is sent, using the enciphering and deciphering algorithm
The plaintext response message is encrypted to generate encrypted response message, and the encrypted response message is forwarded to the visitor
Family end.
7. SSL/TLS encryption and decryption communication device according to claim 6, which is characterized in that the handshake module is also used to:
It is described carry out with the client SSL/TLS shake hands during, in the determination this communication process with the visitor
Before enciphering and deciphering algorithm and its algorithm parameter that family end shares, the determining enciphering and deciphering algorithm supported jointly with the client
Classification, so as to from determined in the classification in this communication process the enciphering and deciphering algorithm that is shared with the client and its
The algorithm parameter;
Wherein, the classification for the enciphering and deciphering algorithm that the network management device is supported includes the close enciphering and deciphering algorithm of state and international encryption and decryption
Algorithm.
8. SSL/TLS encryption and decryption communication device according to claim 6, which is characterized in that the handshake module is also used to:
During described and client progress SSL/TLS shakes hands, the encryption and decryption mode in this communication process is determined,
The encryption and decryption mode is hardware enciphering and deciphering or software encryption and decryption;
When the encryption and decryption mode is hardware enciphering and deciphering, the deciphering module is specifically used for calling default encryption and decryption hardware device
The CIPHERING REQUEST message is decrypted, the encrypting module is specifically used for calling the default encryption and decryption hardware device to institute
Literary response message is stated clearly to be encrypted;
When the encryption and decryption mode is software encryption and decryption, the deciphering module is specifically used for calling default encryption and decryption processing routine
The CIPHERING REQUEST message is decrypted, the encrypting module is specifically used for calling default encryption and decryption processing routine to being stated clearly
Literary response message is encrypted.
9. a kind of SSL/TLS encryption and decryption communication equipment characterized by comprising
Memory: for storing computer program;
Processor: for executing the computer program to realize that SSL/TLS described in any one of claim 1 to 5 such as adds solution
The step of close communication means.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer in the computer readable storage medium
Program, to realize that SSL/TLS described in any one of claim 1 to 5 such as adds when the computer program is executed by processor
The step of decrypting communication means.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811178354.XA CN109067803A (en) | 2018-10-10 | 2018-10-10 | A kind of SSL/TLS encryption and decryption communication means, device and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811178354.XA CN109067803A (en) | 2018-10-10 | 2018-10-10 | A kind of SSL/TLS encryption and decryption communication means, device and equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109067803A true CN109067803A (en) | 2018-12-21 |
Family
ID=64763717
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811178354.XA Pending CN109067803A (en) | 2018-10-10 | 2018-10-10 | A kind of SSL/TLS encryption and decryption communication means, device and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109067803A (en) |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109818939A (en) * | 2018-12-29 | 2019-05-28 | 深圳市创梦天地科技有限公司 | A kind of data processing method and equipment |
CN110381043A (en) * | 2019-07-08 | 2019-10-25 | 杭州迪普科技股份有限公司 | Server health detecting method, device, electronic equipment based on SSL |
CN111245814A (en) * | 2020-01-07 | 2020-06-05 | 深信服科技股份有限公司 | Data auditing method and device, electronic equipment and storage medium |
CN111327634A (en) * | 2020-03-09 | 2020-06-23 | 深信服科技股份有限公司 | Website access supervision method, secure socket layer agent device, terminal and system |
CN111711598A (en) * | 2020-04-23 | 2020-09-25 | 中国电子科技网络信息安全有限公司 | Sensitive data detection system for large-scale SSL/TLS encrypted session stream |
CN111865995A (en) * | 2020-07-24 | 2020-10-30 | 芯河半导体科技(无锡)有限公司 | Communication mode using hardware cryptographic algorithm in TR069 |
CN112235274A (en) * | 2020-09-30 | 2021-01-15 | 上海艾融软件股份有限公司 | Bank-enterprise direct connection system and method supporting multiple encryption algorithms to carry out secure communication |
CN112714053A (en) * | 2020-12-25 | 2021-04-27 | 北京天融信网络安全技术有限公司 | Communication connection method and device |
CN112787986A (en) * | 2019-11-11 | 2021-05-11 | 千寻位置网络有限公司 | Multi-path bidirectional authentication method and device |
CN113179323A (en) * | 2021-04-29 | 2021-07-27 | 杭州迪普科技股份有限公司 | HTTPS request processing method, device and system for load balancing equipment |
CN113364776A (en) * | 2021-06-04 | 2021-09-07 | 北银金融科技有限责任公司 | Method and system for verifying block link point usage cryptographic algorithm communication |
CN113746807A (en) * | 2021-08-11 | 2021-12-03 | 北银金融科技有限责任公司 | Block chain node point support cryptographic algorithm communication detection method |
CN114531272A (en) * | 2022-01-10 | 2022-05-24 | 网宿科技股份有限公司 | HTTPS request processing method and device based on national password and international algorithm |
CN114553957A (en) * | 2022-01-10 | 2022-05-27 | 网宿科技股份有限公司 | Service system and method compatible with national password and international HTTPS transmission |
CN114553476A (en) * | 2022-01-10 | 2022-05-27 | 网宿科技股份有限公司 | HTTPS request processing method and device based on national secret and international algorithm |
CN114844693A (en) * | 2022-04-27 | 2022-08-02 | 深圳云创数安科技有限公司 | Lightweight communication data encryption method, device, equipment and storage medium |
CN115086034A (en) * | 2022-06-15 | 2022-09-20 | 北京鼎普科技股份有限公司 | Method and system for realizing national cryptographic algorithm communication based on proxy and reverse proxy |
CN115085949A (en) * | 2021-03-10 | 2022-09-20 | 航天信息股份有限公司 | Data communication method and device based on national secret SSL transparent proxy |
CN117081840A (en) * | 2023-09-19 | 2023-11-17 | 中科驭数(北京)科技有限公司 | Secure socket layer communication method, device, special data processor and medium |
CN117938549A (en) * | 2024-03-22 | 2024-04-26 | 道普信息技术有限公司 | User non-perception decryption method for TLS and SSL encryption connection |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101621509A (en) * | 2009-07-31 | 2010-01-06 | 浪潮电子信息产业股份有限公司 | Design architecture and method for secure load balancing by utilizing SSL communication protocol |
CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
CN106506147A (en) * | 2016-10-27 | 2017-03-15 | 国网江苏省电力公司南京供电公司 | A kind of method that IPsec VPN are realized based on the close algorithm of state |
CN106790049A (en) * | 2016-12-19 | 2017-05-31 | 北京中电普华信息技术有限公司 | Data safe transmission method and device based on mixed cipher external member middleware |
-
2018
- 2018-10-10 CN CN201811178354.XA patent/CN109067803A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101621509A (en) * | 2009-07-31 | 2010-01-06 | 浪潮电子信息产业股份有限公司 | Design architecture and method for secure load balancing by utilizing SSL communication protocol |
CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
CN106506147A (en) * | 2016-10-27 | 2017-03-15 | 国网江苏省电力公司南京供电公司 | A kind of method that IPsec VPN are realized based on the close algorithm of state |
CN106790049A (en) * | 2016-12-19 | 2017-05-31 | 北京中电普华信息技术有限公司 | Data safe transmission method and device based on mixed cipher external member middleware |
Cited By (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109818939A (en) * | 2018-12-29 | 2019-05-28 | 深圳市创梦天地科技有限公司 | A kind of data processing method and equipment |
CN110381043A (en) * | 2019-07-08 | 2019-10-25 | 杭州迪普科技股份有限公司 | Server health detecting method, device, electronic equipment based on SSL |
CN110381043B (en) * | 2019-07-08 | 2022-03-01 | 杭州迪普科技股份有限公司 | SSL-based server health detection method and device and electronic equipment |
CN112787986A (en) * | 2019-11-11 | 2021-05-11 | 千寻位置网络有限公司 | Multi-path bidirectional authentication method and device |
CN112787986B (en) * | 2019-11-11 | 2023-04-07 | 千寻位置网络有限公司 | Multi-path bidirectional authentication method and device |
CN111245814A (en) * | 2020-01-07 | 2020-06-05 | 深信服科技股份有限公司 | Data auditing method and device, electronic equipment and storage medium |
CN111245814B (en) * | 2020-01-07 | 2022-08-09 | 深信服科技股份有限公司 | Data auditing method and device, electronic equipment and storage medium |
CN111327634A (en) * | 2020-03-09 | 2020-06-23 | 深信服科技股份有限公司 | Website access supervision method, secure socket layer agent device, terminal and system |
CN111711598A (en) * | 2020-04-23 | 2020-09-25 | 中国电子科技网络信息安全有限公司 | Sensitive data detection system for large-scale SSL/TLS encrypted session stream |
CN111711598B (en) * | 2020-04-23 | 2022-07-05 | 中国电子科技网络信息安全有限公司 | Sensitive data detection system for large-scale SSL/TLS encrypted session stream |
CN111865995A (en) * | 2020-07-24 | 2020-10-30 | 芯河半导体科技(无锡)有限公司 | Communication mode using hardware cryptographic algorithm in TR069 |
CN112235274A (en) * | 2020-09-30 | 2021-01-15 | 上海艾融软件股份有限公司 | Bank-enterprise direct connection system and method supporting multiple encryption algorithms to carry out secure communication |
CN112235274B (en) * | 2020-09-30 | 2023-01-24 | 上海艾融软件股份有限公司 | Bank-enterprise direct connection system and method supporting multiple encryption algorithms to carry out secure communication |
CN112714053A (en) * | 2020-12-25 | 2021-04-27 | 北京天融信网络安全技术有限公司 | Communication connection method and device |
CN112714053B (en) * | 2020-12-25 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Communication connection method and device |
CN115085949A (en) * | 2021-03-10 | 2022-09-20 | 航天信息股份有限公司 | Data communication method and device based on national secret SSL transparent proxy |
CN113179323A (en) * | 2021-04-29 | 2021-07-27 | 杭州迪普科技股份有限公司 | HTTPS request processing method, device and system for load balancing equipment |
CN113364776A (en) * | 2021-06-04 | 2021-09-07 | 北银金融科技有限责任公司 | Method and system for verifying block link point usage cryptographic algorithm communication |
CN113746807A (en) * | 2021-08-11 | 2021-12-03 | 北银金融科技有限责任公司 | Block chain node point support cryptographic algorithm communication detection method |
CN114531272A (en) * | 2022-01-10 | 2022-05-24 | 网宿科技股份有限公司 | HTTPS request processing method and device based on national password and international algorithm |
CN114553476A (en) * | 2022-01-10 | 2022-05-27 | 网宿科技股份有限公司 | HTTPS request processing method and device based on national secret and international algorithm |
CN114553957A (en) * | 2022-01-10 | 2022-05-27 | 网宿科技股份有限公司 | Service system and method compatible with national password and international HTTPS transmission |
CN114531272B (en) * | 2022-01-10 | 2024-02-23 | 网宿科技股份有限公司 | HTTPS request processing method and device based on national secret and international algorithm |
CN114553957B (en) * | 2022-01-10 | 2024-05-24 | 网宿科技股份有限公司 | Service system and method compatible with national cipher and international HTTPS transmission |
CN114844693A (en) * | 2022-04-27 | 2022-08-02 | 深圳云创数安科技有限公司 | Lightweight communication data encryption method, device, equipment and storage medium |
CN114844693B (en) * | 2022-04-27 | 2024-03-26 | 深圳云创数安科技有限公司 | Lightweight communication data encryption method, device, equipment and storage medium |
CN115086034A (en) * | 2022-06-15 | 2022-09-20 | 北京鼎普科技股份有限公司 | Method and system for realizing national cryptographic algorithm communication based on proxy and reverse proxy |
CN117081840A (en) * | 2023-09-19 | 2023-11-17 | 中科驭数(北京)科技有限公司 | Secure socket layer communication method, device, special data processor and medium |
CN117938549A (en) * | 2024-03-22 | 2024-04-26 | 道普信息技术有限公司 | User non-perception decryption method for TLS and SSL encryption connection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109067803A (en) | A kind of SSL/TLS encryption and decryption communication means, device and equipment | |
US9961103B2 (en) | Intercepting, decrypting and inspecting traffic over an encrypted channel | |
CN104580190B (en) | The implementation method and secure browser device of secure browser | |
CN104243419B (en) | Data processing method, apparatus and system based on safety shell protocol | |
CN107124281B (en) | Data security method and related system | |
CN106790090A (en) | Communication means, apparatus and system based on SSL | |
CN108401011A (en) | The accelerated method of handshake request, equipment and fringe node in content distributing network | |
CN109245993A (en) | Instant communication method and device based on block chain | |
US10505984B2 (en) | Exchange of control information between secure socket layer gateways | |
CN107800675A (en) | A kind of data transmission method, terminal and server | |
CN101299753A (en) | Web service security control mechanism based on proxy server | |
CN108156178A (en) | A kind of SSL/TLS data monitoring systems and method | |
CN101436933B (en) | HTTPS encipher access method, system and apparatus | |
CN108200104A (en) | The method and system that a kind of progress SSL shakes hands | |
CN108566361A (en) | A kind of safety parameter negotiation method and system based on SSL/TLS agreements | |
CN106972919B (en) | Key negotiation method and device | |
CN108234526A (en) | A kind of method, apparatus, equipment and readable medium that https data are obtained in sandbox | |
CN107124385B (en) | Mirror flow-based SSL/TLS protocol plaintext data acquisition method | |
CN106603388B (en) | Mail sending, viewing and viewing control method and equipment thereof | |
CN106656939A (en) | State cryptography SSL protocol and standard SSL protocol forwarding system and method | |
CN107276996A (en) | The transmission method and system of a kind of journal file | |
US10015208B2 (en) | Single proxies in secure communication using service function chaining | |
CN106169990A (en) | A kind of encrypt data on flows monitoring method, Apparatus and system | |
CN112291248A (en) | Method and equipment for protecting HTTPS DDoS attack | |
US20200177566A1 (en) | Method and system for cooperative inspection of encrypted sessions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181221 |
|
RJ01 | Rejection of invention patent application after publication |