Nothing Special   »   [go: up one dir, main page]

CN101141243A - A device and method for performing security inspection and content filtering on communication data - Google Patents

A device and method for performing security inspection and content filtering on communication data Download PDF

Info

Publication number
CN101141243A
CN101141243A CNA200610138738XA CN200610138738A CN101141243A CN 101141243 A CN101141243 A CN 101141243A CN A200610138738X A CNA200610138738X A CN A200610138738XA CN 200610138738 A CN200610138738 A CN 200610138738A CN 101141243 A CN101141243 A CN 101141243A
Authority
CN
China
Prior art keywords
ssl
data
tls
digital certificate
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA200610138738XA
Other languages
Chinese (zh)
Inventor
王磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fortinet Inc
Original Assignee
Fortinet Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fortinet Information Technology Beijing Co Ltd filed Critical Fortinet Information Technology Beijing Co Ltd
Priority to CNA200610138738XA priority Critical patent/CN101141243A/en
Publication of CN101141243A publication Critical patent/CN101141243A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提出了一种对通信数据进行检查过滤的装置,用于对客户端和服务器端之间相互发送的连接数据进行安全检查和内容过滤,其中,包括:SSL/TLS代理服务器,用于将客户端/服务器端发送的SSL/TLS协议加密数据解密成明文,发送至安全检查和内容过滤装置,并将安全检查和内容过滤装置处理完毕的明文数据加密为SSL/TLS数据,并发送至服务器端/客户端;安全检查和内容过滤装置,与SSL/TLS代理服务器连接,用于接受并检查明文数据,若发现有安全威胁存在,则将有威胁的数据过滤,并将处理后的明文数据返回SSL/TLS代理服务器,此外,本发明还提出了一种利用上述装置对通信数据进行检查过滤的方法,可以有效减少甚至消除恶意攻击者通过基于SSL/TLS加密的协议进行的网络攻击和安全威胁。

Figure 200610138738

The present invention proposes a device for checking and filtering communication data, which is used for security checking and content filtering for the connection data sent between the client and the server, which includes: an SSL/TLS proxy server for The SSL/TLS protocol encrypted data sent by the client/server is decrypted into plaintext and sent to the security check and content filtering device, and the plaintext data processed by the security check and content filtering device is encrypted into SSL/TLS data and sent to the server End/client; security inspection and content filtering device, connected with SSL/TLS proxy server, used to accept and check plaintext data, if security threats are found, the threat data will be filtered, and the processed plaintext data Returning to the SSL/TLS proxy server, in addition, the present invention also proposes a method for checking and filtering communication data by using the above-mentioned device, which can effectively reduce or even eliminate malicious attackers' network attacks and security through protocols based on SSL/TLS encryption. threaten.

Figure 200610138738

Description

一种对通信数据进行安全检查和内容过滤的装置和方法 A device and method for performing security inspection and content filtering on communication data

技术领域 technical field

本发明涉及信息安全领域,特别是有关于一种对通信数据进行安全检查和内容过滤的装置和方法。The invention relates to the field of information security, in particular to a device and method for performing security inspection and content filtering on communication data.

背景技术 Background technique

在现有技术中,客户端与服务器端之间的SSL/TLS加密连接是直接连接的,如图1所示,客户端110和服务器端120之间传输的数据始终都是加密的,没有明文出现。对于加密的数据。安全检查和内容过滤设备直接对数据进行分析和处理。由于基于SSL/TLS(Secure Sockets Layer/Transport Layer Security,安全套接字层/传输层安全性)的协议(如HTTPS(Hyper Text Transfer Protocolover SSL/TLS)、SMTPS(Short Message Transmission Protocol over SSL/TLS)、IMAPS(Internet Message Access Protocol over SSL/TLS)、POP3S(Post OfficeProtocol version 3 over SSL/TLS)等)其通信的数据是加密的,所以安全检查和内容过滤设备无法处理这种数据。就导致了客户端容易受到通过SSL/TLS通信隧道进行的网络攻击和安全威胁,这些攻击和威胁包括:1)通过HTTPS进行的针对浏览器漏洞的网络攻击和病毒传播,以及网络钓鱼攻击(Phishing);2)通过SMTPS/POP3S/IMAPS进行的垃圾邮件(Spam)传播,这些垃圾邮件中极可能携带有病毒和Phishing攻击脚本;3)在SSL/TLS通信隧道中进行违反网关访问策略的反向连接的问题;4)其它可能的攻击。In the prior art, the SSL/TLS encrypted connection between the client and the server is directly connected, as shown in Figure 1, the data transmitted between the client 110 and the server 120 is always encrypted, without plaintext Appear. for encrypted data. Security inspection and content filtering devices analyze and process data directly. Since protocols based on SSL/TLS (Secure Sockets Layer/Transport Layer Security, Secure Sockets Layer/Transport Layer Security) (such as HTTPS (Hyper Text Transfer Protocol over SSL/TLS), SMTPS (Short Message Transmission Protocol over SSL/TLS ), IMAPS (Internet Message Access Protocol over SSL/TLS), POP3S (Post Office Protocol version 3 over SSL/TLS), etc.), the communication data is encrypted, so security inspection and content filtering equipment cannot process this data. As a result, the client is vulnerable to network attacks and security threats carried out through the SSL/TLS communication tunnel, these attacks and threats include: 1) network attacks and virus propagation aimed at browser vulnerabilities through HTTPS, and phishing attacks (Phishing ); 2) Spreading of spam (Spam) through SMTPS/POP3S/IMAPS, these spam are likely to carry viruses and Phishing attack scripts; 3) reverse gateway access policy violation in SSL/TLS communication tunnel Connection problems; 4) other possible attacks.

发明内容 Contents of the invention

为解决上述问题,本发明的目的在于提供了一种在网关处对基于SSL/TLS加密的通信数据进行安全检查和内容过滤的设备和方法,从而减少甚至消除恶意攻击者通过基于SSL/TLS加密的协议(如HTTPS,IMAPS,SMTPS,POP3S等)进行的网络攻击和安全威胁。In order to solve the above problems, the object of the present invention is to provide a device and a method for performing security checks and content filtering on communication data based on SSL/TLS encryption at the gateway, thereby reducing or even eliminating malicious attackers through SSL/TLS encryption. Network attacks and security threats by advanced protocols (such as HTTPS, IMAPS, SMTPS, POP3S, etc.).

为实现上述目的,本发明提出了一种对通信数据进行安全检查和内容过滤的装置,用于对客户端和服务器端之间相互发送的连接数据进行安全检查和内容过滤,其中,包括:In order to achieve the above object, the present invention proposes a device for performing security inspection and content filtering on communication data, which is used to perform security inspection and content filtering on the connection data sent between the client and the server, including:

SSL/TLS代理服务器,用于将所述客户端/服务器端发送的SSL/TLS协议加密数据解密成明文,发送至安全检查和内容过滤装置,并将所述安全检查和内容过滤装置处理完毕的所述明文数据加密为SSL/TLS数据,并发送至所述服务器端/客户端;The SSL/TLS proxy server is used to decrypt the SSL/TLS protocol encrypted data sent by the client/server into plain text, send it to the security check and content filtering device, and process the security check and content filtering device The plaintext data is encrypted as SSL/TLS data and sent to the server/client;

安全检查和内容过滤装置,与所述SSL/TLS代理服务器连接,用于接受并检查所述明文数据,若发现有安全威胁存在,则将有威胁的数据过滤,并将处理后的明文数据返回所述SSL/TLS代理服务器。A security inspection and content filtering device, connected to the SSL/TLS proxy server, used to accept and check the plaintext data, if a security threat is found, filter the threatening data, and return the processed plaintext data The SSL/TLS proxy server.

上述的对通信数据进行安全检查和内容过滤的装置,其中,所述SSL/TLS代理服务器进一步包括:The above-mentioned device for performing security inspection and content filtering on communication data, wherein the SSL/TLS proxy server further includes:

客户端通信模块,与所述客户端和安全检查和内容过滤装置分别连接,用于接受所述客户端发送的SSL/TLS协议加密数据,并解密为明文数据发送至所述安全检查和内容过滤装置;和The client communication module is respectively connected with the client and the security check and content filtering device, and is used to accept the SSL/TLS protocol encrypted data sent by the client, and decrypt it as plaintext data and send it to the security check and content filter device; and

用于接受从所述安全检查和内容过滤装置发送的明文数据,以SSL/TLS协议加密所述明文数据,并发送至所述客户端。It is used to accept the plaintext data sent from the security inspection and content filtering device, encrypt the plaintext data with SSL/TLS protocol, and send the plaintext data to the client.

上述的对通信数据进行安全检查和内容过滤的装置,其中,所述SSL/TLS代理服务器进一步包括:The above-mentioned device for performing security inspection and content filtering on communication data, wherein the SSL/TLS proxy server further includes:

服务器端通信模块,与所述服务器端和安全检查和内容过滤装置分别连接,用于接受所述服务器端发送的SSL/TLS协议加密数据,并解密为明文数据发送至所述安全检查和内容过滤装置;和The server-side communication module is connected to the server-side and the security check and content filtering device respectively, and is used to accept the SSL/TLS protocol encrypted data sent by the server-side, and decrypt it as plaintext data and send it to the security check and content filter device; and

用于接受从所述安全检查和内容过滤装置发送的明文数据,以SSL/TLS协议加密所述明文数据并发送至所述服务器端。It is used for accepting the plaintext data sent from the security inspection and content filtering device, encrypting the plaintext data with SSL/TLS protocol and sending it to the server.

上述的对通信数据进行安全检查和内容过滤的装置,其中,进一步包括:The above-mentioned device for performing security inspection and content filtering on communication data further includes:

网关,与所述客户端、服务器端、SSL/TLS代理服务器分别连接,用于当所述客户端发送的通信数据是SSL/TLS协议加密数据时,将所述加密数据发送至所述SSL/TLS代理服务器,并从所述SSL/TLS代理服务器接受所述安全检查和内容过滤装置处理后的SSL/TLS协议加密数据,然后转发至所述服务器端;和The gateway is connected to the client, the server, and the SSL/TLS proxy server respectively, and is used to send the encrypted data to the SSL/TLS protocol encrypted data when the communication data sent by the client is SSL/TLS protocol encrypted data. TLS proxy server, and accept the SSL/TLS protocol encrypted data processed by the security check and content filtering device from the SSL/TLS proxy server, and then forward it to the server; and

用于当所述服务器端发送的通信数据是SSL/TLS协议加密数据时,将所述加密数据发送至所述SSL/TLS代理服务器,并从所述SSL/TLS代理服务器端接受所述安全检查和内容过滤装置处理后的SSL/TLS协议加密数据,转发至所述客户端。Used to send the encrypted data to the SSL/TLS proxy server when the communication data sent by the server is SSL/TLS protocol encrypted data, and accept the security check from the SSL/TLS proxy server The SSL/TLS protocol encrypted data processed by the content filtering device is forwarded to the client.

上述的对通信数据进行安全检查和内容过滤的装置,其中,进一步包括:The above-mentioned device for performing security inspection and content filtering on communication data further includes:

数字证书分析装置,用于接收所述SSL/TLS代理服务器发送的SSL/TLS连接数据中的数字证书,判断所述数字证书是否属于数字证书白名单列表,或者属于数字证书黑名单列表,或者是未知数字证书。A digital certificate analysis device, configured to receive the digital certificate in the SSL/TLS connection data sent by the SSL/TLS proxy server, and determine whether the digital certificate belongs to the digital certificate whitelist, or belongs to the digital certificate blacklist, or is Unknown digital certificate.

上述的对通信数据进行安全检查和内容过滤的装置,其中,所述数字证书分析装置进一步包括:The above-mentioned device for performing security inspection and content filtering on communication data, wherein the digital certificate analysis device further includes:

数字证书数据库,用于分别以数字证书黑名单列表和数字证书白名单列表来存储数字证书。The digital certificate database is used to store digital certificates in a digital certificate blacklist and a digital certificate whitelist respectively.

上述的对通信数据进行安全检查和内容过滤的装置,其中,进一步包括:The above-mentioned device for performing security inspection and content filtering on communication data further includes:

统一资源定位符分析装置,用于判断所述客户端向所述服务器端发送的SSL/TLS协议连接数据中的统一资源定位符是否属于统一资源定位符白名单列表,或者属于统一资源定位符黑名单列表,或者是未知的统一资源定位符。A Uniform Resource Locator analyzing device, configured to determine whether the Uniform Resource Locator in the SSL/TLS protocol connection data sent by the client to the server belongs to the Uniform Resource Locator white list, or whether it belongs to the Uniform Resource Locator black list. list of lists, or is an unknown URL.

上述的对通信数据进行安全检查和内容过滤的装置,其中,所述统一资源定位符分析装置进一步包括:In the above-mentioned device for performing security inspection and content filtering on communication data, the said uniform resource locator analysis device further includes:

统一资源定位符数据库,用于以统一资源定位符黑名单列表和统一资源定位符白名单列表来存储统一资源定位符名单。The uniform resource locator database is used to store the uniform resource locator list by using the uniform resource locator blacklist and the uniform resource locator whitelist.

上述的对通信数据进行安全检查和内容过滤的装置,其中,所述SSL/TLS代理服务器、安全检查和内容过滤装置、数字证书分析装置和/或统一资源定位符分析装置设置于所述网关中。The above-mentioned device for performing security inspection and content filtering on communication data, wherein the SSL/TLS proxy server, security inspection and content filtering device, digital certificate analysis device and/or uniform resource locator analysis device are set in the gateway .

为实现上述目的,本发明还提出了一种对通信数据进行安全检查和内容过滤的方法,其中,包括以下步骤:In order to achieve the above object, the present invention also proposes a method for performing security inspection and content filtering on communication data, which includes the following steps:

步骤1,客户端/服务器端发送SSL/TLS协议加密数据至SSL/TLS代理服务器;Step 1, the client/server sends SSL/TLS protocol encrypted data to the SSL/TLS proxy server;

步骤2,所述SSL/TLS代理服务器将所述SSL/TLS协议加密数据解密为明文数据并发送至安全检查和内容过滤装置;Step 2, the SSL/TLS proxy server decrypts the SSL/TLS protocol encrypted data into plaintext data and sends it to the security inspection and content filtering device;

步骤3,所述安全检查和内容过滤装置对所述明文数据进行安全检查,发现有安全威胁时,将有威胁的数据过滤,并将过滤后的明文数据发送至所述SSL/TLS代理服务器;Step 3, the security inspection and content filtering device performs a security inspection on the plaintext data, and when a security threat is found, the threatening data is filtered, and the filtered plaintext data is sent to the SSL/TLS proxy server;

步骤4,所述SSL/TLS代理服务器将所述处理后的明文数据加密为SSL/TLS协议加密数据,发送至所述服务器端/客户端。Step 4, the SSL/TLS proxy server encrypts the processed plaintext data into SSL/TLS protocol encrypted data, and sends it to the server/client.

上述的对通信数据进行安全检查和内容过滤的方法,其中,当所述客户端和服务器端通过网关进行数据连接时,所述步骤1进一步包括:In the above-mentioned method for performing security inspection and content filtering on communication data, when the client and the server are connected to each other through a gateway, the step 1 further includes:

步骤111,所述客户端/服务器端发送连接数据至网关;Step 111, the client/server sends connection data to the gateway;

步骤112,所述网关判断所述数据是否符合访问策略,若符合,则进入步骤113,若不符合,则拒绝连接;Step 112, the gateway judges whether the data conforms to the access policy, if so, proceeds to step 113, and if not, rejects the connection;

步骤113,所述网关判断所述数据是否为SSL/TLS协议加密数据,若是,则将所述SSL/TLS协议加密数据发送至所述SSL/TLS代理服务器,若否,则将所述数据直接发送至所述服务器端/客户端。Step 113, the gateway judges whether the data is SSL/TLS protocol encrypted data, if so, then sends the SSL/TLS protocol encrypted data to the SSL/TLS proxy server, if not, then sends the data directly sent to the server/client.

上述的对通信数据进行安全检查和内容过滤的方法,其中,当所述客户端和服务器端通过网关进行数据连接时,所述步骤1之后进一步包括:The above-mentioned method for performing security inspection and content filtering on communication data, wherein, when the client and the server perform data connection through a gateway, after step 1, further include:

步骤121,所述SSL/TLS代理服务器将所述SSL/TLS协议连接数据中的数字证书发送数字证书分析装置,所述数字证书分析装置判断所述数字证书是否属于数字证书白名单列表或者属于数字证书黑名单列表或者是未知数字证书;Step 121, the SSL/TLS proxy server sends the digital certificate in the SSL/TLS protocol connection data to a digital certificate analysis device, and the digital certificate analysis device judges whether the digital certificate belongs to a digital certificate white list or belongs to a digital certificate. Certificate blacklist or unknown digital certificate;

步骤122,若属于数字证书白名单列表,则所述SSl/TLS代理服务器将所述客户端与所述服务器端直接连接,若属于数字证书黑名单列表,则所述SSL/TLS代理服务器阻止所述客户端和所述服务器端的连接,若是未知的数字证书,则进入所述步骤2。Step 122, if it belongs to the digital certificate whitelist, then the SSL/TLS proxy server directly connects the client to the server, if it belongs to the digital certificate blacklist, then the SSL/TLS proxy server prevents all If the connection between the client and the server is an unknown digital certificate, then enter step 2.

上述的对通信数据进行安全检查和内容过滤的方法,其中,所述步骤1之后进一步包括:The above-mentioned method for performing security inspection and content filtering on communication data, wherein, after step 1, further includes:

步骤131,所述SSL/TLS代理服务器将所述SSL/TLS协议连接数据中的统一资源定位符发送统一资源定位符分析装置,所述统一资源定位符分析装置判断所述统一资源定位符是否属于统一资源定位符白名单列表或者属于统一资源定位符黑名单列表或者是未知的统一资源定位符;Step 131, the SSL/TLS proxy server sends the URL in the SSL/TLS protocol connection data to the URL analyzing device, and the URL analyzing device judges whether the URL belongs to Uniform resource locator whitelist or belonging to the uniform resource locator blacklist or unknown URL;

步骤132,若属于统一资源定位符白名单列表,则所述SSl/TLS代理服务器将所述客户端与所述服务器端直接连接,若属于统一资源定位符黑名单列表,则所述SSL/TLS代理服务器阻止所述客户端和所述服务器端的连接,若是未知的统一资源定位符,则进入所述步骤2。Step 132, if it belongs to the uniform resource locator whitelist, then the SSL/TLS proxy server directly connects the client to the server, if it belongs to the uniform resource locator blacklist, the SSL/TLS The proxy server prevents the connection between the client and the server, and if it is an unknown uniform resource locator, go to step 2.

上述的对通信数据进行安全检查和内容过滤的方法,其中,所述SSL/TLS协议加密数据包括:HTTPS数据、IMAPS数据、SMTPS数据和/或POP3S数据。In the above-mentioned method for performing security inspection and content filtering on communication data, the SSL/TLS protocol encrypted data includes: HTTPS data, IMAPS data, SMTPS data and/or POP3S data.

上述的对通信数据进行安全检查和内容过滤的方法,其中,当所述SSL/TLS协议加密数据为HTTPS数据时,所述步骤3进一步包括:对所述解密后的数据进行网页过滤、反病毒、入侵检测、反网络钓鱼和/或访问策略检查的处理的步骤;The above-mentioned method for performing security inspection and content filtering on communication data, wherein, when the encrypted data of the SSL/TLS protocol is HTTPS data, the step 3 further includes: performing webpage filtering and anti-virus on the decrypted data , processing steps of intrusion detection, anti-phishing and/or access policy checking;

当所述SSL/TLS协议加密数据为IMAPS、SMTPS或POP3S数据时,所述步骤3进一步包括:对所述解密后的数据进行反垃圾邮件、反病毒和/或访问策略检查的处理的步骤。When the SSL/TLS protocol encrypted data is IMAPS, SMTPS or POP3S data, the step 3 further includes: performing anti-spam, anti-virus and/or access policy check on the decrypted data.

本发明实现了在网关处对SSL/TLS加密的通信数据进行安全检查和内容过滤,从而减少甚至消除恶意攻击者通过基于SSL/TLS加密的协议(如HTTPS,IMAPS,SMTPS,POP3S等)进行的网络攻击和安全威胁,这些攻击和威胁包括:1)通过HTTPS进行的针对浏览器漏洞的网络攻击和病毒传播,以及网络钓鱼攻击(Phishing);2)通过SMTPS/POP3S/IMAPS进行的垃圾邮件(Spam)传播,这些垃圾邮件中极可能携带有病毒和Phishing攻击脚本;3)在SSL/TLS通信隧道中进行违反网关访问策略的反向连接的问题;4)其它可能的攻击。The present invention realizes security inspection and content filtering on the communication data encrypted by SSL/TLS at the gateway, thereby reducing or even eliminating malicious attackers through protocols based on SSL/TLS encryption (such as HTTPS, IMAPS, SMTPS, POP3S, etc.) Network attacks and security threats, these attacks and threats include: 1) network attacks and virus transmission against browser vulnerabilities through HTTPS, and phishing attacks (Phishing); 2) spam ( Spam), these spam are likely to carry viruses and Phishing attack scripts; 3) The problem of reverse connection that violates the gateway access policy in the SSL/TLS communication tunnel; 4) Other possible attacks.

附图说明 Description of drawings

图1是现有技术的SSL/TLS加密连接示意图;Fig. 1 is a schematic diagram of an SSL/TLS encrypted connection in the prior art;

图2是本发明第一实施例的结构示意图;Fig. 2 is the structural representation of the first embodiment of the present invention;

图3是本发明第二实施例的结构示意图;Fig. 3 is the structural representation of the second embodiment of the present invention;

图4是本发明第二实施例的工作流程示意图;Fig. 4 is a schematic diagram of the workflow of the second embodiment of the present invention;

图5是本发明第三实施例的结构示意图;Fig. 5 is a schematic structural view of a third embodiment of the present invention;

图6是本发明第三实施例的工作流程示意图;Fig. 6 is a schematic workflow diagram of the third embodiment of the present invention;

图7是本发明第四实施例的结构示意图;7 is a schematic structural view of a fourth embodiment of the present invention;

图8是本发明第四实施例的工作流程示意图。Fig. 8 is a schematic diagram of the workflow of the fourth embodiment of the present invention.

具体实施方式 Detailed ways

下面结合附图对本发明具体实施例进行说明。Specific embodiments of the present invention will be described below in conjunction with the accompanying drawings.

图2是本发明第一实施例的结构示意图。如图所示,客户端110发送SSL/TLS协议加密数据至SSL/TLS代理服务器130中的客户端通信模块131,客户端通信模块131将SSL/TLS协议加密数据解密为明文数据,发送至安全检查和内容过滤装置140,安全检查和内容过滤装置140对该明文数据进行安全检查,将有威胁的内容过滤掉,或者直接返回断开连接的指令,经过检查过滤的明文数据,被安全检查和内容过滤装置发送至服务器端通信模块132,服务器端通信模块132将过滤后的明文数据再按照SSL/TLS协议加密为密文数据,并发送至服务器端120。Fig. 2 is a schematic structural diagram of the first embodiment of the present invention. As shown in the figure, the client 110 sends SSL/TLS protocol encrypted data to the client communication module 131 in the SSL/TLS proxy server 130, and the client communication module 131 decrypts the SSL/TLS protocol encrypted data into plaintext data and sends it to the security Inspection and content filtering device 140, safety inspection and content filtering device 140 carry out security inspection to this plaintext data, will filter out the content of threat, or directly return disconnection instruction, the plaintext data of checking and filtering, be checked and The content filtering device sends it to the server-side communication module 132 , and the server-side communication module 132 encrypts the filtered plaintext data into ciphertext data according to the SSL/TLS protocol, and sends it to the server side 120 .

同理,当服务器端120向客户端110发送SSL/TLS协议加密数据时,首先,将数据发送至SSL/TLS代理服务器130中的服务器端通信模块132,解密为明文数据后,再发送至安全检查和内容过滤装置140,安全检查和内容过滤装置140对该明文数据进行一系列的检查,并对有威胁的数据进行过滤,或者直接返回拒绝连接的指令,将检查过滤之后的明文数据发送客户端通信模块132,将明文数据以SSL/TLS协议加密为密文数据,并发送至客户端110。In the same way, when the server end 120 sends SSL/TLS protocol encrypted data to the client 110, first, the data is sent to the server end communication module 132 in the SSL/TLS proxy server 130, and after being decrypted into plaintext data, it is sent to the secure Inspection and content filtering device 140, the security inspection and content filtering device 140 performs a series of checks on the plaintext data, and filters threatening data, or directly returns an instruction to refuse connection, and sends the plaintext data after checking and filtering to the client The terminal communication module 132 encrypts the plaintext data into ciphertext data with the SSL/TLS protocol, and sends it to the client 110.

图3是本发明第二实施例的结构示意图。如图3所示,包括SSL/TLS代理服务器130、安全检查和内容过滤装置140以及数字证书分析装置150。Fig. 3 is a schematic structural diagram of the second embodiment of the present invention. As shown in FIG. 3 , it includes an SSL/TLS proxy server 130 , a security checking and content filtering device 140 and a digital certificate analyzing device 150 .

SSL/TLS代理服务器130用于代理客户端110与服务器端120的SSL/TLS连接,其将客户端110向服务器端120所发送的SSL/TLS连接数据中的数字证书转发到数字证书分析装置150,以及对SSL/TLS连接数据进行解密。The SSL/TLS proxy server 130 is used to proxy the SSL/TLS connection between the client 110 and the server 120, and forwards the digital certificate in the SSL/TLS connection data sent by the client 110 to the server 120 to the digital certificate analysis device 150 , and decrypt the SSL/TLS connection data.

数字证书分析装置150中还包括数字证书数据库151,该数字证书数据库151用来存储数据证书,并将数字证书分类存储在两个列表中,分别为数字证书黑名单列表和数字证书白名单列表。数字证书白名单列表中列出受信任的数字证书,数字证书黑名单列表中列出已知的恶意网站的数字证书。数字证书分析装置150用于判断由SSL/TLS代理服务器130转发的数字证书是否属于数字证书白名单列表或者数字证书黑名单列表,并将分析结果返回给SSL/TLS代理服务器130。如果上述数字证书属于数字证书白名单列表,则SSL/TLS代理服务器130将使客户端110与服务器端120直接连接,不再进行加密、解密和安全检查等工作;如果上述数字证书属于数字证书黑名单列表,则SSL/TLS代理服务器130将阻止客户端110与服务器端120的连接;如果上述数字证书是一个未知的证书,即它既不在数字证书白名单列表中,也不在数字证书黑名单列表中,则SSL/TLS代理服务器130将解密的明文数据发送到安全检查和内容过滤装置140。The digital certificate analysis device 150 also includes a digital certificate database 151, which is used to store data certificates, and classify and store digital certificates in two lists, namely a digital certificate blacklist and a digital certificate whitelist. The trusted digital certificates are listed in the digital certificate whitelist, and the digital certificates of known malicious websites are listed in the digital certificate blacklist. The digital certificate analyzing device 150 is used for judging whether the digital certificate forwarded by the SSL/TLS proxy server 130 belongs to the digital certificate whitelist or the digital certificate blacklist, and returns the analysis result to the SSL/TLS proxy server 130 . If the above-mentioned digital certificate belongs to the digital certificate white list, then the SSL/TLS proxy server 130 will directly connect the client 110 to the server 120, and no longer perform encryption, decryption and security checks; if the above-mentioned digital certificate belongs to the digital certificate blacklist list, then the SSL/TLS proxy server 130 will prevent the connection between the client 110 and the server end 120; if the above-mentioned digital certificate is an unknown certificate, that is, it is neither in the digital certificate whitelist nor in the digital certificate blacklist , the SSL/TLS proxy server 130 sends the decrypted plaintext data to the security checking and content filtering device 140 .

安全检查和内容过滤装置140用于检查和处理SSL/TLS代理服务器130所发送的明文数据中的安全威胁。The security checking and content filtering device 140 is used for checking and processing security threats in the plaintext data sent by the SSL/TLS proxy server 130 .

图4是本发明第二实施例的系统流程图,如图4所示,本发明所提供的对SSL/TLS通信隧道中的安全威胁进行安全检查和内容过滤的方法包括以下几个步骤:Fig. 4 is the system flow chart of the second embodiment of the present invention, as shown in Fig. 4, the method for security inspection and content filtering to the security threat in the SSL/TLS communication tunnel provided by the present invention comprises the following several steps:

步骤S401、客户端110向服务器端120发送SSL/TLS连接数据;Step S401, the client 110 sends SSL/TLS connection data to the server 120;

步骤S402、SSL/TLS代理服务器130将SSL/TLS连接数据中的数字证书转发到数字证书分析装置150;Step S402, the SSL/TLS proxy server 130 forwards the digital certificate in the SSL/TLS connection data to the digital certificate analysis device 150;

步骤S403、数字证书分析装置150将SSL/TLS代理服务器130所发送的数字证书与数字证书数据库151中所存储的数字证书相比较,如果所述由SSL/TLS代理服务器130发送的数字证书属于数字证书白名单列表,则执行步骤S404;如果所述由SSL/TLS代理服务器130发送的数字证书属于数字证书黑名单列表,则执行步骤S405;如果所述由SSL/TLS代理服务器130发送的数字证书是未知数字证书,即它既不在数字证书白名单列表中,也不在数字证书黑名单列表中,则执行步骤S406;Step S403, the digital certificate analyzing device 150 compares the digital certificate sent by the SSL/TLS proxy server 130 with the digital certificate stored in the digital certificate database 151, if the digital certificate sent by the SSL/TLS proxy server 130 belongs to digital certificate whitelist list, then perform step S404; if the digital certificate sent by the SSL/TLS proxy server 130 belongs to the digital certificate blacklist list, then perform step S405; if the digital certificate sent by the SSL/TLS proxy server 130 is an unknown digital certificate, that is, it is neither in the digital certificate whitelist nor in the digital certificate blacklist, then execute step S406;

步骤S404、SSL/TLS代理服务器130将客户端110与服务器端120直接连接,不再进行加密、解密和安全检查等工作;Step S404, the SSL/TLS proxy server 130 directly connects the client 110 to the server 120, and no longer performs encryption, decryption and security checks;

步骤S405、SSL/TLS代理服务器130阻止客户端110与服务器端120进行连接;Step S405, the SSL/TLS proxy server 130 prevents the client 110 from connecting to the server 120;

步骤S406、SSL/TLS代理服务器130将SSL/TLS连接转换为客户端110向其自身的连接,并将SSL/TLS连接数据解密为明文数据,再将解密后的明文数据发送给安全检查和内容过滤装置140;Step S406, the SSL/TLS proxy server 130 converts the SSL/TLS connection into a connection from the client 110 to itself, and decrypts the SSL/TLS connection data into plaintext data, and then sends the decrypted plaintext data to the security check and content Filtration device 140;

步骤S407、安全检查和内容过滤装置140对SSL/TLS代理服务器130所发送的明文数据进行安全检查和内容过滤,包括以下方式至少之一:网页过滤(Web Filter),反病毒(Anti-Virus),入侵检测与防护(IDS/IPS),反网络钓鱼(Anti-Fishing)和访问策略(Access Policy)检查等。如果发现明文数据中有安全威胁存在,安全检查和内容过滤装置140可断开该连接并通知客户端110或者删除有威胁的数据;Step S407, safety inspection and content filtering device 140 carry out safety inspection and content filtering to the plaintext data sent by SSL/TLS proxy server 130, including at least one of the following methods: web page filtering (Web Filter), anti-virus (Anti-Virus) , Intrusion Detection and Protection (IDS/IPS), Anti-Fishing (Anti-Fishing) and Access Policy (Access Policy) inspection, etc. If it is found that there is a security threat in the plaintext data, the security check and content filtering device 140 can disconnect the connection and notify the client 110 or delete the threatening data;

步骤S408、安全检查和内容过滤装置140检查和处理完毕后,再将上述明文数据发送回SSL/TLS代理服务器130,SSL/TLS代理服务器130将上述明文数据加密后,代替客户端110向服务器端120发送SSL/TLS连接数据;Step S408, after the security inspection and content filtering device 140 checks and processes, the above-mentioned plaintext data is sent back to the SSL/TLS proxy server 130, and the SSL/TLS proxy server 130 encrypts the above-mentioned plaintext data, and then replaces the client 110 to the server 120 send SSL/TLS connection data;

步骤S409、服务器端120收到上述SSL/TLS连接数据后,向SSL/TLS代理服务器130返回回复数据,SSL/TLS代理服务器130再将上述回复数据转发到客户端110。Step S409 , after receiving the above SSL/TLS connection data, the server 120 returns reply data to the SSL/TLS proxy server 130 , and the SSL/TLS proxy server 130 forwards the above reply data to the client 110 .

在上述过程中,SSL/TLS代理服务器130将客户端110到服务器端120的连接分成两个部分,一部分是客户端110到SSL/TLS代理服务器130的连接,另一部分是SSL/TLS代理服务器130到服务器端120的连接,上述两个连接都是SSL/TLS加密的。In the above process, the SSL/TLS proxy server 130 divides the connection from the client 110 to the server end 120 into two parts, one part is the connection from the client 110 to the SSL/TLS proxy server 130, and the other part is the SSL/TLS proxy server 130. To the connection to the server end 120, the above two connections are all SSL/TLS encrypted.

图5是本发明第三实施例的结构示意图,如图所示,内网中的客户端110通过网关160与外网的服务器端120进行SSL/TLS连接。网关160与SSL/TLS代理服务器130连接,SSL/TLS代理服务器130与安全检查和内容过滤装置140连接。当网关160接受到服务器端120/客户端110发送至的连接数据时,将先判断该连接数据是否符合访问策略,若不符合,则终止连接,若符合,则进一步判断该连接数据是否属于SSL/TLS协议加密的数据,若不属于,则直接发送至客户端110/服务器端120,若属于,则将该SSL/TLS协议加密数据发送至SSL/TLS代理服务器130,进行解密处理,再经过安全检查和内容过滤装置的处理,和SSL/TLS代理服务器130的再加密之后,发送处理后的SSL/TLS协议解密数据返回网关160,再由网关160发送至客户端110/服务器端120。FIG. 5 is a schematic structural diagram of the third embodiment of the present invention. As shown in the figure, the client 110 in the internal network performs an SSL/TLS connection with the server 120 in the external network through the gateway 160 . The gateway 160 is connected to the SSL/TLS proxy server 130 , and the SSL/TLS proxy server 130 is connected to the security checking and content filtering device 140 . When the gateway 160 receives the connection data sent by the server 120/client 110, it will first judge whether the connection data conforms to the access policy, if not, then terminate the connection, if it does, then further judge whether the connection data belongs to SSL /TLS protocol encrypted data, if it does not belong, then it is directly sent to the client 110/server end 120, if it belongs, then the SSL/TLS protocol encrypted data is sent to the SSL/TLS proxy server 130 for decryption processing, and then through After the processing of the security check and content filtering device, and the re-encryption by the SSL/TLS proxy server 130, the processed SSL/TLS protocol decrypted data is sent back to the gateway 160, and then sent to the client 110/server 120 by the gateway 160.

图6是本发明第三实施例的工作流程示意图。如图6所示,以内网的客户端110向外网的服务器端120发送连接数据为例,如图所示,具体包括:Fig. 6 is a schematic workflow diagram of the third embodiment of the present invention. As shown in Figure 6, take the client 110 of the internal network to send connection data to the server 120 of the external network as an example, as shown in the figure, specifically include:

步骤S601,内网的客户端110发送连接数据至网关160;Step S601, the intranet client 110 sends connection data to the gateway 160;

步骤S602,网关160检查这个连接是否符合其访问策略,对于不符合访问策略的连接数据,进入步骤S603,对于符合访问策略的连接数据,进入步骤S604;Step S602, the gateway 160 checks whether the connection complies with its access policy, and for connection data that does not conform to the access policy, proceed to step S603, and for connection data that conforms to the access policy, proceed to step S604;

步骤S603,网关160拒绝客户端110发起的连接;Step S603, the gateway 160 rejects the connection initiated by the client 110;

步骤S604,网关160检查该连接数据是否是SSL/TLS协议解密数据,若不是,则进入步骤S605,若是,则进入步骤S606;Step S604, the gateway 160 checks whether the connection data is SSL/TLS protocol decrypted data, if not, then enters step S605, if so, then enters step S606;

步骤S605,网关160将连接数据直接转发至服务器端120;Step S605, the gateway 160 directly forwards the connection data to the server 120;

步骤S606,网关160将SSL/TLS协议加密数据发送至SSL/TLS代理服务器130,SSL/TLS代理服务器130代理这个连接,SSL/TLS代理服务器130对这个连接进行处理。它将这个客户端110向服务器端120的连接请求转化成为客户端110向自己的连接数据,再将这个连接数据发送给安全检查和内容过滤装置140,并将发送的加密数据解密为明文数据发送至安全检查和内容过滤装置140;Step S606, the gateway 160 sends the SSL/TLS protocol encrypted data to the SSL/TLS proxy server 130, the SSL/TLS proxy server 130 proxies the connection, and the SSL/TLS proxy server 130 processes the connection. It converts the connection request from the client 110 to the server 120 into connection data from the client 110 to itself, and then sends the connection data to the security inspection and content filtering device 140, and decrypts the encrypted data sent to plaintext data for transmission. to the security checking and content filtering means 140;

步骤S607,安全检查和内容过滤装置140处理SSL/TLS代理服务器130发送过来的明文数据。当明文数据为HTTPS协议,可以进行的处理有网页过滤(Web Filter),反病毒(Anti-Virus),入侵检测(IDS/IPS),反网络钓鱼(Anti-Phishing)和访问策略(Access Policy)检查,当明文数据为IMAPS、SMTPS或POP3S协议时,可以进行的处理有反垃圾邮件(Anti-Spam),反病毒(Anti-Virus),访问策略(Access Policy)检查。如果发现连接数据中有安全威胁存在,安全检查和内容过滤设备可以选择断开这个连接并通知用户,或者删除有威胁的数据;Step S607 , the security checking and content filtering device 140 processes the plaintext data sent by the SSL/TLS proxy server 130 . When the plaintext data is HTTPS protocol, the processing that can be performed includes web filter (Web Filter), anti-virus (Anti-Virus), intrusion detection (IDS/IPS), anti-phishing (Anti-Phishing) and access policy (Access Policy) Check, when the plaintext data is IMAPS, SMTPS or POP3S protocol, the processing that can be performed includes anti-spam (Anti-Spam), anti-virus (Anti-Virus), and access policy (Access Policy) checks. If a security threat is found in the connected data, the security inspection and content filtering device can choose to disconnect the connection and notify the user, or delete the threatening data;

步骤S608,安全检查和内容过滤装置140将处理后的明文数据返回SSL/TLS代理服务器130,SSL/TLS代理服务器130将该明文数据加密后,转化成SSL/TLS代理服务器130向服务器端120发送的连接数据,并将这个连接数据发送回网关160;Step S608, the security inspection and content filtering device 140 returns the processed plaintext data to the SSL/TLS proxy server 130, and the SSL/TLS proxy server 130 encrypts the plaintext data, and then converts the plaintext data into SSL/TLS proxy server 130 and sends it to the server end 120 and send the connection data back to the gateway 160;

步骤S609,网关160将SSL/TLS协议加密数据发送至外网的服务器端120。In step S609, the gateway 160 sends the SSL/TLS encrypted data to the server 120 on the external network.

服务器端120接收到这个数据,在服务器端120看来,这个数据是SSL/TLS代理服务器130发送的,于是他返回给SSL/TLS代理服务器130一个回复数据。这个数据沿着上述发送的路径再返回到用内网的客户端110,即沿着路径:服务器端120->网关160->SSL/TLS代理服务器130->安全检查和内容过滤装置140->SSL/TLS代理服务器130->网关160->客户端110。The server 120 receives the data. From the perspective of the server 120, the data is sent by the SSL/TLS proxy server 130, so it returns a reply data to the SSL/TLS proxy server 130. This data returns to the client 110 using the intranet along the path sent above, that is, along the path: server end 120->gateway 160->SSL/TLS proxy server 130->security inspection and content filtering device 140-> SSL/TLS proxy server 130 -> gateway 160 -> client 110.

在这个过程中,SSL/TLS代理服务器130的作用是将原先客户端110到服务器端120的连接被分成两个部分,一部分是客户端110到SSL/TLS代理服务器130的连接,另一部分是SSL/TLS代理服务器130到服务器端120的连接。这两个连接都是SSL/TLS加密的。但是在这两个连接之间的数据,即SSL/TLS服务器130发送到安全检查和内容过滤装置140的数据及其返回的数据都是未加密的明文。In this process, the role of the SSL/TLS proxy server 130 is to divide the original connection from the client 110 to the server 120 into two parts, one part is the connection from the client 110 to the SSL/TLS proxy server 130, and the other is the SSL /TLS proxy server 130 to server end 120 connection. Both connections are SSL/TLS encrypted. But the data between these two connections, that is, the data sent by the SSL/TLS server 130 to the security checking and content filtering device 140 and the returned data are all unencrypted plaintext.

图7为本发明第四实施例的结构示意图。如图7所示,本实施例除了包括SSL/TLS代理服务器130、安全检查和内容过滤装置140以及数字证书分析装置150,还包括URL(统一资源定位符)分析装置170。Fig. 7 is a schematic structural diagram of a fourth embodiment of the present invention. As shown in FIG. 7 , this embodiment includes an SSL/TLS proxy server 130 , a security check and content filtering device 140 , and a digital certificate analyzing device 150 , and also includes a URL (Uniform Resource Locator) analyzing device 170 .

URL(统一资源定位符)分析装置170中还包括URL数据库171,该URL数据库171用来存储URL名单,并将URL名单分类存储在两个列表中,分别为URL黑名单列表和URL白名单列表。URL白名单列表中列出受信任的URL,URL黑名单列表中列出已知的恶意URL。URL分析装置170根据URL数据库171所存储的URL名单来判断客户端110向服务器端120发送的SSL/TLS连接数据中的URL是否属于URL白名单列表或者URL黑名单列表。如果上述URL属于URL白名单列表,则将使客户端110与服务器端120直接连接,不再进行加密、解密和安全检查等工作;如果上述URL属于URL黑名单列表,则阻止客户端110与服务器端120的连接;如果上述URL是一个未知的URL,即它既不在URL白名单列表中,也不在URL黑名单列表中,则将客户端110向服务器端120发送的HTTPS连接数据发送到SSL/TLS代理服务器130。Also comprise URL database 171 in the URL (uniform resource locator) analysis device 170, this URL database 171 is used for storing URL list, and URL list classification is stored in two lists, is respectively URL blacklist list and URL whitelist list . Trusted URLs are listed in the URL whitelist, and known malicious URLs are listed in the URL blacklist. The URL analysis device 170 judges whether the URL in the SSL/TLS connection data sent from the client 110 to the server 120 belongs to the URL whitelist or the URL blacklist according to the URL list stored in the URL database 171 . If the above-mentioned URL belongs to the URL whitelist, then the client 110 will be directly connected to the server 120, and no longer perform work such as encryption, decryption and security checks; if the above-mentioned URL belongs to the URL blacklist, then the client 110 is prevented from connecting with the server If the above-mentioned URL is an unknown URL, that is, it is neither in the URL whitelist nor in the URL blacklist, then the HTTPS connection data sent by the client 110 to the server 120 is sent to the SSL/ TLS proxy server 130 .

SSL/TLS代理服务器130将客户端110向服务器端120所发送的SSL/TLS连接数据中的数字证书转发到数字证书分析装置150,以及对SSL/TLS连接数据进行解密。The SSL/TLS proxy server 130 forwards the digital certificate in the SSL/TLS connection data sent by the client 110 to the server 120 to the digital certificate analysis device 150, and decrypts the SSL/TLS connection data.

数字证书分析装置150中还包括数字证书数据库151,该数字证书数据库151用来存储数据证书,并将数字证书分类存储在两个列表中,分别为数字证书黑名单列表和数字证书白名单列表。数字证书白名单列表中列出受信任的数字证书,数字证书黑名单列表中列出已知的恶意网站的数字证书。数字证书分析装置150用于判断由SSL/TLS代理服务器端120转发的数字证书是否属于数字证书白名单列表或者数字证书黑名单列表,并将分析结果返回给SSL/TLS代理服务器130。如果上述数字证书属于数字证书白名单列表,则SSL/TLS代理服务器130将使客户端110与服务器端120直接连接,不再进行加密、解密和安全检查等工作;如果上述数字证书属于数字证书黑名单列表,则SSL/TLS代理服务器130将阻止客户端110与服务器端120的连接;如果上述数字证书是一个未知的证书,即它既不在数字证书白名单列表中,也不在数字证书黑名单列表中,则SSL/TLS代理服务器130将解密的明文数据发送到安全检查和内容过滤装置140。The digital certificate analysis device 150 also includes a digital certificate database 151, which is used to store data certificates, and classify and store digital certificates in two lists, namely a digital certificate blacklist and a digital certificate whitelist. The trusted digital certificates are listed in the digital certificate whitelist, and the digital certificates of known malicious websites are listed in the digital certificate blacklist. The digital certificate analyzing device 150 is used for judging whether the digital certificate forwarded by the SSL/TLS proxy server 120 belongs to the digital certificate whitelist or the digital certificate blacklist, and returns the analysis result to the SSL/TLS proxy server 130 . If the above-mentioned digital certificate belongs to the digital certificate white list, then the SSL/TLS proxy server 130 will directly connect the client 110 to the server 120, and no longer perform encryption, decryption and security checks; if the above-mentioned digital certificate belongs to the digital certificate blacklist list, then the SSL/TLS proxy server 130 will prevent the connection between the client 110 and the server end 120; if the above-mentioned digital certificate is an unknown certificate, that is, it is neither in the digital certificate whitelist nor in the digital certificate blacklist , the SSL/TLS proxy server 130 sends the decrypted plaintext data to the security checking and content filtering device 140 .

安全检查和内容过滤装置140用于检查和处理SSL/TLS代理服务器130所发送的明文数据中的安全威胁。安全检查和内容过滤装置140包括如下装置中的一个或多个:网页过滤(Web Filter)装置,用于屏蔽网页,如屏蔽六合彩网站、黄色网站、广告条等;反病毒(Anti-Virus)装置,用于检测和清除数据中的病毒;入侵检测与防护(IDS/IPS)装置,用于检测和防护网络入侵,如黑客通过网络对系统进行攻击;反网络钓鱼(Anti-Fishing)装置,用于清除以网络钓鱼形式进行的身份盗窃和欺诈;以及访问策略(Access Policy)检查装置,用于防止网络非授权访问。The security checking and content filtering device 140 is used for checking and processing security threats in the plaintext data sent by the SSL/TLS proxy server 130 . Safety inspection and content filtering device 140 comprise one or more in the following devices: web page filtering (Web Filter) device, is used for shielding webpage, as shielding lottery website, pornographic website, banner etc.; Anti-virus (Anti-Virus) device , used to detect and remove viruses in data; intrusion detection and prevention (IDS/IPS) devices, used to detect and protect network intrusions, such as hackers attacking systems through the network; anti-phishing (Anti-Fishing) devices, used Used to eliminate identity theft and fraud in the form of phishing; and access policy (Access Policy) inspection device to prevent unauthorized access to the network.

图8是本发明第四实施例的系统流程图,如图8所示,本发明所提供的对SSL/TLS通信数据进行安全检查和内容过滤的方法包括以下几个步骤:Fig. 8 is a system flow chart of the fourth embodiment of the present invention. As shown in Fig. 8, the method for performing security inspection and content filtering on SSL/TLS communication data provided by the present invention includes the following steps:

步骤S801、URL分析装置170根据URL数据库171所存储的URL名单来判断客户端110向服务器端120发送的SSL/TLS连接数据中的URL是否属于URL白名单列表或者URL黑名单列表;如果上述URL属于URL白名单列表,则执行步骤S802;如果上述URL属于URL黑名单列表,则执行步骤S803;如果上述URL是一个未知的URL,即它既不在URL白名单列表中,也不在URL黑名单列表中,则执行步骤S804;Step S801, the URL analysis device 170 judges whether the URL in the SSL/TLS connection data sent by the client 110 to the server 120 belongs to the URL whitelist or the URL blacklist according to the URL list stored in the URL database 171; Belong to the URL whitelist list, then perform step S802; If the above-mentioned URL belongs to the URL blacklist list, then perform step S803; if the above-mentioned URL is an unknown URL, that is, it is neither in the URL whitelist list nor in the URL blacklist list , execute step S804;

步骤S802、将使客户端110与服务器端120直接连接,不再进行加密、解密和安全检查等工作;In step S802, the client 110 is directly connected to the server 120, and encryption, decryption and security check are no longer performed;

步骤S803、阻止客户端110与服务器端120的连接;Step S803, preventing the connection between the client 110 and the server 120;

步骤S804、将客户端110向服务器端120发送的SSl/TLS连接数据发送到SSL/TLS代理服务器130;Step S804, sending the SSL/TLS connection data sent by the client 110 to the server 120 to the SSL/TLS proxy server 130;

步骤S805、SSlL/TLS代理服务器130将SSlL/TLS连接数据中的数字证书转发到数字证书分析装置150;Step S805, the SSL/TLS proxy server 130 forwards the digital certificate in the SSL/TLS connection data to the digital certificate analysis device 150;

步骤S806、数字证书分析装置150将SSlL/TLS代理服务器130所发送的数字证书与数字证书数据库131中所存储的数字证书相比较,如果所述由SSlL/TLS代理服务器130发送的数字证书属于数字证书白名单列表,则执行步骤S807;如果所述由SSlL/TLS代理服务器130发送的数字证书属于数字证步骤S807;如果所述由SSlL/TLS代理服务器130发送的数字证书属于数字证书黑名单列表,则执行步骤S808;如果所述由SSlL/TLS代理服务器130发送的数字证书是未知数字证书,即它既不在数字证书白名单列表中,也不在数字证书黑名单列表中,则执行步骤S809;Step S806, the digital certificate analyzing device 150 compares the digital certificate sent by the SSL/TLS proxy server 130 with the digital certificate stored in the digital certificate database 131, if the digital certificate sent by the SSL/TLS proxy server 130 belongs to digital Certificate white list list, then perform step S807; If the digital certificate sent by the SSL/TLS proxy server 130 belongs to the digital certificate step S807; If the digital certificate sent by the SSL/TLS proxy server 130 belongs to the digital certificate blacklist , then execute step S808; if the digital certificate sent by the SSL/TLS proxy server 130 is an unknown digital certificate, that is, it is neither in the digital certificate whitelist nor in the digital certificate blacklist, then execute step S809;

步骤S807、SSL/TLS代理服务器130将客户端110与服务器端120直接连接,不再进行加密、解密和安全检查等工作;Step S807, the SSL/TLS proxy server 130 directly connects the client 110 to the server 120, and no longer performs encryption, decryption and security checks;

步骤S808、SSL/TLS代理服务器130阻止客户端110与服务器端120进行连接;Step S808, the SSL/TLS proxy server 130 prevents the client 110 from connecting to the server 120;

步骤S809、SSL/TLS代理服务器130将SSL/TLS连接转换为客户端110向其自身的连接,并将SSL/TLS连接数据解密为明文数据,再将解密后的明文数据发送给安全检查和内容过滤装置140;Step S809, the SSL/TLS proxy server 130 converts the SSL/TLS connection into a connection from the client 110 to itself, and decrypts the SSL/TLS connection data into plaintext data, and then sends the decrypted plaintext data to the security check and content Filtration device 140;

步骤S810、安全检查和内容过滤装置140对SSL/TLS代理服务器130所发送的明文数据进行安全检查和内容过滤,包括以下方式至少之一:网页过滤(Web Filter),反病毒(Anti-Virus),入侵检测与防护(IDS/IPS),反网络钓鱼(Anti-Fishing)和访问策略(Access Policy)检查等。如果发现明文数据中有安全威胁存在,安全检查和内容过滤装置140可断开该连接并通知客户端110或者删除有威胁的数据;Step S810, safety inspection and content filtering device 140 carry out safety inspection and content filtering to the plaintext data sent by SSL/TLS proxy server 130, including at least one of the following methods: web page filtering (Web Filter), anti-virus (Anti-Virus) , Intrusion Detection and Protection (IDS/IPS), Anti-Fishing (Anti-Fishing) and Access Policy (Access Policy) inspection, etc. If it is found that there is a security threat in the plaintext data, the security check and content filtering device 140 can disconnect the connection and notify the client 110 or delete the threatening data;

步骤S811、安全检查和内容过滤装置140检查和处理完毕后,再将上述明文数据发送回SSL/TLS代理服务器130,SSL/TLS代理服务器130将上述明文数据加密后,代替客户端110向服务器端120发送SSL/TLS连接数据;Step S811, after the security inspection and content filtering device 140 completes the inspection and processing, the above-mentioned plaintext data is sent back to the SSL/TLS proxy server 130. 120 send SSL/TLS connection data;

步骤S812、服务器端120收到上述SSL/TLS连接数据后,向SSL/TLS代理服务器130返回回复数据,SSL/TLS代理服务器130再将上述回复数据转发到客户端110。Step S812 , after receiving the above SSL/TLS connection data, the server 120 returns reply data to the SSL/TLS proxy server 130 , and the SSL/TLS proxy server 130 forwards the above reply data to the client 110 .

上述的四个实施例可以单独实行,也可以多个实施例之间进行组合,其中,SSL/TLS代理服务器130、安全检查和内容过滤装置140、数字证书分析装置150和统一资源定位符分析装置170可以全部设置在网关160中,以方便维护和使用。The above-mentioned four embodiments can be implemented independently, and can also be combined among multiple embodiments, wherein, the SSL/TLS proxy server 130, the security check and content filtering device 140, the digital certificate analyzing device 150 and the Uniform Resource Locator analyzing device 170 can all be set in the gateway 160 to facilitate maintenance and use.

当然,本发明还可有其它多种实施例,在不背离本发明精神及其实质的情况下,熟悉本领域的普通技术人员当可根据本发明做出各种相应的改变和变形,但这些相应的改变和变形都应属于本发明所附的权利要求的保护范围。Certainly, the present invention also can have other various embodiments, without departing from the spirit and essence of the present invention, those skilled in the art can make various corresponding changes and deformations according to the present invention, but these Corresponding changes and deformations should belong to the scope of protection of the appended claims of the present invention.

Claims (15)

1. one kind is carried out the device of safety inspection and information filtering to communication data, is used for the connection data that send mutually between the client and server end are carried out safety inspection and information filtering, it is characterized in that, comprising:
The SSL/TLS acting server, be used for the SSL/TLS agreement enciphered data that described client end/server end sends is decrypted into expressly, be sent to safety inspection and content filtering device, and the described clear data that described safety inspection and content filtering device dispose is encrypted as the SSL/TLS data, and be sent to described server end/client;
Safety inspection and content filtering device, be connected with described SSL/TLS acting server, be used for accepting and checking described clear data, if find to have security threat to exist, the data filter that threat then will be arranged, and the clear data after will handling returns described SSL/TLS acting server.
2. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that described SSL/TLS acting server further comprises:
The client communication module is connected respectively with content filtering device with safety inspection with described client, be used to accept the SSL/TLS agreement enciphered data that described client sends, and deciphering is sent to described safety inspection and content filtering device for clear data; With
Be used to accept the clear data that sends from described safety inspection and content filtering device, encrypt described clear data with the SSL/TLS agreement, and be sent to described client.
3. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that described SSL/TLS acting server further comprises:
The server end communication module, be connected respectively with content filtering device with safety inspection with described server end, be used to accept the SSL/TLS agreement enciphered data that described server end sends, and deciphering is sent to described safety inspection and content filtering device for clear data; With
Be used to accept the clear data that sends from described safety inspection and content filtering device, encrypt described clear data and be sent to described server end with the SSL/TLS agreement.
4. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that, further comprise:
Gateway, be connected respectively with described client, server end, SSL/TLS acting server, be used for when the communication data of described client transmission is SSL/TLS agreement enciphered data, described enciphered data is sent to described SSL/TLS acting server, and accept SSL/TLS agreement enciphered data after described safety inspection and content filtering device are handled from described SSL/TLS acting server, be forwarded to described server end then; With
Be used for when the communication data of described server end transmission is SSL/TLS agreement enciphered data, described enciphered data is sent to described SSL/TLS acting server, and be subjected to SSL/TLS agreement enciphered data after described safety inspection and content filtering device are handled from described SSL/TLS acting server termination, be forwarded to described client.
5. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that, further comprise:
The digital certificate analytical equipment, be used for receiving the digital certificate that SSL/TLS that described SSL/TLS acting server sends connects data, judge whether described digital certificate belongs to the digital certificate white list tabulation, perhaps belongs to the digital certificate blacklist list, or unknown digital certificate.
6. according to claim 5 communication data is carried out the device of safety inspection and information filtering, it is characterized in that described digital certificate analytical equipment further comprises:
The digital certificate data storehouse, being used for tabulates with digital certificate blacklist list and digital certificate white list respectively stores digital certificate.
7. according to claim 1 communication data is carried out the device of safety inspection and information filtering, it is characterized in that, further comprise:
The URL(uniform resource locator) analytical equipment, be used for judging whether described client belongs to the tabulation of URL(uniform resource locator) white list to the URL(uniform resource locator) of the SSL/TLS agreement connection data of described server end transmission, perhaps belong to the URL(uniform resource locator) blacklist list, or unknown URL(uniform resource locator).
8. according to claim 7 communication data is carried out the device of safety inspection and information filtering, it is characterized in that described URL(uniform resource locator) analytical equipment further comprises:
The URL(uniform resource locator) database is used for tabulating with URL(uniform resource locator) blacklist list and URL(uniform resource locator) white list and stores the URL(uniform resource locator) list.
9. according to claim 4,5, the 7 described devices that communication data carried out safety inspection and information filtering, it is characterized in that described SSL/TLS acting server, safety inspection and content filtering device, digital certificate analytical equipment and/or URL(uniform resource locator) analytical equipment are arranged in the described gateway.
10. one kind is carried out the method for safety inspection and information filtering to communication data, it is characterized in that, may further comprise the steps:
Step 1, client end/server end send SSL/TLS agreement enciphered data to the SSL/TLS acting server;
Step 2, described SSL/TLS acting server is clear data and is sent to safety inspection and content filtering device described SSL/TLS agreement enciphered data deciphering;
Step 3, described safety inspection and content filtering device are carried out safety inspection to described clear data, when finding security threat is arranged, the data filter of threat will be arranged, and the clear data after will filtering are sent to described SSL/TLS acting server;
Step 4, the described SSL/TLS acting server clear data after with described processing is encrypted as SSL/TLS agreement enciphered data, is sent to described server end/client.
11. according to claim 10 communication data is carried out the method for safety inspection and information filtering, it is characterized in that when described client and server end carries out data when connecting by gateway, described step 1 further comprises:
Step 111, described client end/server end send and connect data to gateway;
Step 112, described gateway judge whether described data meet access strategy, if meet, then enter step 113, if do not meet, then refusal connects;
Step 113, described gateway judges whether described data are SSL/TLS agreement enciphered data, if then described SSL/TLS agreement enciphered data is sent to described SSL/TLS acting server, if not, then described data directly are sent to described server end/client.
12. according to claim 10 communication data is carried out the method for safety inspection and information filtering, it is characterized in that, when described client and server end carries out data when connecting by gateway, further comprise after the described step 1:
Step 121, described SSL/TLS acting server sends the digital certificate analytical equipment with the digital certificate that described SSL/TLS agreement connects in the data, and described digital certificate analytical equipment judges whether described digital certificate belongs to the digital certificate white list tabulation or belong to digital certificate blacklist list or unknown digital certificate;
Step 122, if belong to the digital certificate white list tabulation, then described SSl/TLS acting server directly is connected described client with described server end, if belong to the digital certificate blacklist list, then described SSL/TLS acting server stops being connected of described client and described server end, if unknown digital certificate then enters described step 2.
13. according to claim 10 communication data is carried out the method for safety inspection and information filtering, it is characterized in that, further comprise after the described step 1:
Step 131, described SSL/TLS acting server sends the URL(uniform resource locator) analytical equipment with the URL(uniform resource locator) that described SSL/TLS agreement connects in the data, and described URL(uniform resource locator) analytical equipment judges whether described URL(uniform resource locator) belongs to the tabulation of URL(uniform resource locator) white list or belong to the URL(uniform resource locator) blacklist list or unknown URL(uniform resource locator);
Step 132, if belong to the tabulation of URL(uniform resource locator) white list, then described SSl/TLS acting server directly is connected described client with described server end, if belong to the URL(uniform resource locator) blacklist list, then described SSL/TLS acting server stops being connected of described client and described server end, if unknown URL(uniform resource locator) then enters described step 2.
14. according to claim 10 communication data is carried out the method for safety inspection and information filtering, it is characterized in that described SSL/TLS agreement enciphered data comprises: HTTPS data, IMAPS data, SMTPS data and/or POP3S data.
15. method of communication data being carried out safety inspection and information filtering according to claim 14, it is characterized in that, when described SSL/TLS agreement enciphered data was the HTTPS data, described step 3 further comprised: the step of the data after the described deciphering being carried out the processing of home page filter, anti-virus, intrusion detection, anti-phishing and/or access strategy inspection;
When described SSL/TLS agreement enciphered data was IMAPS, SMTPS or POP3S data, described step 3 further comprised: the step of the data after the described deciphering being carried out the processing of anti-rubbish mail, anti-virus and/or access strategy inspection.
CNA200610138738XA 2006-09-08 2006-11-13 A device and method for performing security inspection and content filtering on communication data Pending CN101141243A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA200610138738XA CN101141243A (en) 2006-09-08 2006-11-13 A device and method for performing security inspection and content filtering on communication data

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN200610113076.0 2006-09-08
CN200610113076 2006-09-08
CNA200610138738XA CN101141243A (en) 2006-09-08 2006-11-13 A device and method for performing security inspection and content filtering on communication data

Publications (1)

Publication Number Publication Date
CN101141243A true CN101141243A (en) 2008-03-12

Family

ID=39193013

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA200610138738XA Pending CN101141243A (en) 2006-09-08 2006-11-13 A device and method for performing security inspection and content filtering on communication data

Country Status (1)

Country Link
CN (1) CN101141243A (en)

Cited By (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820414A (en) * 2010-01-29 2010-09-01 蓝盾信息安全技术股份有限公司 Host access control system and method
CN101282250B (en) * 2008-05-12 2011-02-09 华为终端有限公司 Method, system and network equipment for snooping safety conversation
CN102098285A (en) * 2010-12-14 2011-06-15 成都市华为赛门铁克科技有限公司 Method and device for preventing phishing attacks
CN102202036A (en) * 2010-03-24 2011-09-28 北京创世网赢高科技有限公司 Method for issuing information
CN102202037A (en) * 2010-03-24 2011-09-28 北京创世网赢高科技有限公司 Information publishing system
CN101656736B (en) * 2009-08-28 2012-01-25 深圳市茁壮网络股份有限公司 Device and method for processing service data, and service processing system
CN102480437A (en) * 2010-11-23 2012-05-30 中兴通讯股份有限公司 Method and device for controlling internet surfing data of home gateway
CN102685165A (en) * 2011-03-16 2012-09-19 中兴通讯股份有限公司 Method and device for controlling access request on basis of proxy gateway
CN102868694A (en) * 2012-09-17 2013-01-09 北京奇虎科技有限公司 Method, device and system for detecting whether to control client to visit network
CN103036883A (en) * 2012-12-14 2013-04-10 公安部第一研究所 Secure communication method and system of secure server
CN103188255A (en) * 2011-12-31 2013-07-03 北京市国路安信息技术有限公司 Application proxy and security module separated network security protection method
CN103428196A (en) * 2012-12-27 2013-12-04 北京安天电子设备有限公司 URL white list-based WEB application intrusion detecting method and apparatus
CN103607392A (en) * 2010-12-14 2014-02-26 华为数字技术(成都)有限公司 Method and device used for preventing fishing attack
CN103701819A (en) * 2013-12-30 2014-04-02 北京网康科技有限公司 Hypertext transfer protocol decoding processing method and device
CN103905425A (en) * 2013-12-27 2014-07-02 哈尔滨安天科技股份有限公司 Method and system for capturing malicious code network behavior enciphered data
CN105429934A (en) * 2014-09-19 2016-03-23 腾讯科技(深圳)有限公司 HTTPS connection verification method and device
CN105490998A (en) * 2014-12-12 2016-04-13 哈尔滨安天科技股份有限公司 Security credit assessment method and system based on digital certificate authentication
CN105516169A (en) * 2015-12-23 2016-04-20 北京奇虎科技有限公司 Method and device for detecting website security
CN105577738A (en) * 2014-11-10 2016-05-11 中国移动通信集团公司 A method, device and system for processing terminal information
CN105592051A (en) * 2015-09-08 2016-05-18 杭州华三通信技术有限公司 Secure socket layer SSL session establishment method and device
CN105743868A (en) * 2014-12-11 2016-07-06 中国科学院声学研究所 Data acquisition system supporting encrypted and non-encrypted protocols and method
CN106302391A (en) * 2016-07-27 2017-01-04 上海华为技术有限公司 A kind of enciphered data transmission method and proxy server
CN106355101A (en) * 2015-07-15 2017-01-25 中国科学院声学研究所 Transparent file encryption and decryption system and method for simple storage services
CN106411899A (en) * 2016-09-30 2017-02-15 北京奇虎科技有限公司 Security detection method and device for data files
CN106470191A (en) * 2015-08-19 2017-03-01 国基电子(上海)有限公司 Filter system, the method and device of HTTPS transferring content
WO2017031691A1 (en) * 2015-08-25 2017-03-02 华为技术有限公司 Service processing method and apparatus
CN107079048A (en) * 2015-03-10 2017-08-18 华为技术有限公司 Data transmission method and equipment
CN107104929A (en) * 2016-02-23 2017-08-29 阿里巴巴集团控股有限公司 The methods, devices and systems of defending against network attacks
CN107135233A (en) * 2017-06-28 2017-09-05 百度在线网络技术(北京)有限公司 Safe transmission method and device, the server and storage medium of information
US9892931B2 (en) 2013-10-14 2018-02-13 Taiwan Semiconductor Manufacturing Company Ltd. Semiconductor manufacturing apparatus and method thereof
CN107733841A (en) * 2016-08-12 2018-02-23 阿里巴巴集团控股有限公司 Method for message transmission and device based on multi-enciphering
CN108259406A (en) * 2016-12-28 2018-07-06 中国电信股份有限公司 Examine the method and system of SSL certificate
CN108848078A (en) * 2018-06-01 2018-11-20 北京中海闻达信息技术有限公司 A kind of online data monitoring method and device
CN108898020A (en) * 2018-05-31 2018-11-27 深圳壹账通智能科技有限公司 Leak detection method, device, mobile terminal and storage medium based on agent side
CN109088889A (en) * 2018-10-16 2018-12-25 深信服科技股份有限公司 A kind of SSL encipher-decipher method, system and computer readable storage medium
CN109413201A (en) * 2018-11-27 2019-03-01 东软集团股份有限公司 SSL traffic method, apparatus and storage medium
CN109413060A (en) * 2018-10-19 2019-03-01 深信服科技股份有限公司 Message processing method, device, equipment and storage medium
CN109818939A (en) * 2018-12-29 2019-05-28 深圳市创梦天地科技有限公司 A kind of data processing method and equipment
CN110324282A (en) * 2018-03-29 2019-10-11 华耀(中国)科技有限公司 The load-balancing method and its system of SSL/TLS visualization flow
CN110445802A (en) * 2019-08-16 2019-11-12 国家计算机网络与信息安全管理中心 Threat based on digital certificate finds model construction techniques
WO2020024377A1 (en) * 2018-08-02 2020-02-06 密信技术(深圳)有限公司 Email encryption method and apparatus, and computer-readable storage medium
CN110826065A (en) * 2019-10-30 2020-02-21 亚信科技(成都)有限公司 Scanning method, device and system
CN111147465A (en) * 2019-12-18 2020-05-12 深圳市任子行科技开发有限公司 Method for auditing HTTPS (hypertext transfer protocol secure) content and proxy server
WO2020117676A1 (en) * 2018-12-04 2020-06-11 Citrix Systems, Inc. System and apparatus for enhanced qos, steering and policy enforcement for https traffic via intelligent inline path discovery of tls terminating node
CN111711598A (en) * 2020-04-23 2020-09-25 中国电子科技网络信息安全有限公司 Sensitive data detection system for large-scale SSL/TLS encrypted session stream
US10944769B2 (en) 2018-09-25 2021-03-09 Oracle International Corporation Intrusion detection on load balanced network traffic
CN113507438A (en) * 2021-06-04 2021-10-15 茂名市群英网络有限公司 Multistage defense system for ensuring use safety of network user
CN114389809A (en) * 2022-02-18 2022-04-22 山西清网信息技术有限公司 Information network security protection method for encrypted https protocol

Cited By (68)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101282250B (en) * 2008-05-12 2011-02-09 华为终端有限公司 Method, system and network equipment for snooping safety conversation
CN101656736B (en) * 2009-08-28 2012-01-25 深圳市茁壮网络股份有限公司 Device and method for processing service data, and service processing system
CN101820414A (en) * 2010-01-29 2010-09-01 蓝盾信息安全技术股份有限公司 Host access control system and method
CN102202036A (en) * 2010-03-24 2011-09-28 北京创世网赢高科技有限公司 Method for issuing information
CN102202037A (en) * 2010-03-24 2011-09-28 北京创世网赢高科技有限公司 Information publishing system
CN102480437A (en) * 2010-11-23 2012-05-30 中兴通讯股份有限公司 Method and device for controlling internet surfing data of home gateway
CN102098285B (en) * 2010-12-14 2013-12-04 华为数字技术(成都)有限公司 Method and device for preventing phishing attacks
CN102098285A (en) * 2010-12-14 2011-06-15 成都市华为赛门铁克科技有限公司 Method and device for preventing phishing attacks
CN103607392A (en) * 2010-12-14 2014-02-26 华为数字技术(成都)有限公司 Method and device used for preventing fishing attack
CN102685165A (en) * 2011-03-16 2012-09-19 中兴通讯股份有限公司 Method and device for controlling access request on basis of proxy gateway
CN102685165B (en) * 2011-03-16 2015-01-28 中兴通讯股份有限公司 Method and device for controlling access request on basis of proxy gateway
CN103188255A (en) * 2011-12-31 2013-07-03 北京市国路安信息技术有限公司 Application proxy and security module separated network security protection method
WO2014040571A1 (en) * 2012-09-17 2014-03-20 北京奇虎科技有限公司 Inspection method, device, and system for controlling network access of client
CN102868694B (en) * 2012-09-17 2015-08-19 北京奇虎科技有限公司 Control the detection method of client-access network, device and system
CN102868694A (en) * 2012-09-17 2013-01-09 北京奇虎科技有限公司 Method, device and system for detecting whether to control client to visit network
CN103036883A (en) * 2012-12-14 2013-04-10 公安部第一研究所 Secure communication method and system of secure server
CN103036883B (en) * 2012-12-14 2015-11-04 公安部第一研究所 A secure communication method and system for a secure server
CN103428196A (en) * 2012-12-27 2013-12-04 北京安天电子设备有限公司 URL white list-based WEB application intrusion detecting method and apparatus
CN103428196B (en) * 2012-12-27 2016-08-03 北京安天电子设备有限公司 A kind of WEB application intrusion detection method based on URL white list
US9892931B2 (en) 2013-10-14 2018-02-13 Taiwan Semiconductor Manufacturing Company Ltd. Semiconductor manufacturing apparatus and method thereof
CN103905425A (en) * 2013-12-27 2014-07-02 哈尔滨安天科技股份有限公司 Method and system for capturing malicious code network behavior enciphered data
CN103701819A (en) * 2013-12-30 2014-04-02 北京网康科技有限公司 Hypertext transfer protocol decoding processing method and device
CN105429934A (en) * 2014-09-19 2016-03-23 腾讯科技(深圳)有限公司 HTTPS connection verification method and device
CN105429934B (en) * 2014-09-19 2019-07-19 腾讯科技(深圳)有限公司 Method and apparatus, readable storage medium storing program for executing, the terminal of HTTPS connectivity verification
CN105577738A (en) * 2014-11-10 2016-05-11 中国移动通信集团公司 A method, device and system for processing terminal information
CN105577738B (en) * 2014-11-10 2019-08-02 中国移动通信集团公司 A kind of method, apparatus and system of processing terminal information
CN105743868B (en) * 2014-12-11 2019-01-25 中国科学院声学研究所 A data acquisition system and method supporting encrypted and non-encrypted protocols
CN105743868A (en) * 2014-12-11 2016-07-06 中国科学院声学研究所 Data acquisition system supporting encrypted and non-encrypted protocols and method
CN105490998B (en) * 2014-12-12 2019-05-07 哈尔滨安天科技股份有限公司 A kind of safety credit appraisal procedure and system based on digital certificate authentication
CN105490998A (en) * 2014-12-12 2016-04-13 哈尔滨安天科技股份有限公司 Security credit assessment method and system based on digital certificate authentication
CN107079048A (en) * 2015-03-10 2017-08-18 华为技术有限公司 Data transmission method and equipment
CN106355101B (en) * 2015-07-15 2019-04-26 中国科学院声学研究所 A transparent file encryption and decryption system and method for simple storage service
CN106355101A (en) * 2015-07-15 2017-01-25 中国科学院声学研究所 Transparent file encryption and decryption system and method for simple storage services
CN106470191B (en) * 2015-08-19 2019-12-10 国基电子(上海)有限公司 system, method and device for filtering HTTPS transmission content
CN106470191A (en) * 2015-08-19 2017-03-01 国基电子(上海)有限公司 Filter system, the method and device of HTTPS transferring content
KR102095893B1 (en) * 2015-08-25 2020-04-01 후아웨이 테크놀러지 컴퍼니 리미티드 Service processing method and device
WO2017031691A1 (en) * 2015-08-25 2017-03-02 华为技术有限公司 Service processing method and apparatus
KR20180038496A (en) * 2015-08-25 2018-04-16 후아웨이 테크놀러지 컴퍼니 리미티드 Service processing method and apparatus
CN105592051A (en) * 2015-09-08 2016-05-18 杭州华三通信技术有限公司 Secure socket layer SSL session establishment method and device
CN105516169A (en) * 2015-12-23 2016-04-20 北京奇虎科技有限公司 Method and device for detecting website security
CN107104929A (en) * 2016-02-23 2017-08-29 阿里巴巴集团控股有限公司 The methods, devices and systems of defending against network attacks
CN106302391A (en) * 2016-07-27 2017-01-04 上海华为技术有限公司 A kind of enciphered data transmission method and proxy server
CN106302391B (en) * 2016-07-27 2019-09-13 上海华为技术有限公司 A kind of enciphered data transmission method and proxy server
CN107733841A (en) * 2016-08-12 2018-02-23 阿里巴巴集团控股有限公司 Method for message transmission and device based on multi-enciphering
CN106411899A (en) * 2016-09-30 2017-02-15 北京奇虎科技有限公司 Security detection method and device for data files
CN108259406B (en) * 2016-12-28 2020-12-29 中国电信股份有限公司 Method and system for verifying SSL certificates
CN108259406A (en) * 2016-12-28 2018-07-06 中国电信股份有限公司 Examine the method and system of SSL certificate
CN107135233A (en) * 2017-06-28 2017-09-05 百度在线网络技术(北京)有限公司 Safe transmission method and device, the server and storage medium of information
CN110324282A (en) * 2018-03-29 2019-10-11 华耀(中国)科技有限公司 The load-balancing method and its system of SSL/TLS visualization flow
CN108898020A (en) * 2018-05-31 2018-11-27 深圳壹账通智能科技有限公司 Leak detection method, device, mobile terminal and storage medium based on agent side
CN108848078A (en) * 2018-06-01 2018-11-20 北京中海闻达信息技术有限公司 A kind of online data monitoring method and device
WO2020024377A1 (en) * 2018-08-02 2020-02-06 密信技术(深圳)有限公司 Email encryption method and apparatus, and computer-readable storage medium
US10944769B2 (en) 2018-09-25 2021-03-09 Oracle International Corporation Intrusion detection on load balanced network traffic
CN109088889A (en) * 2018-10-16 2018-12-25 深信服科技股份有限公司 A kind of SSL encipher-decipher method, system and computer readable storage medium
CN109413060A (en) * 2018-10-19 2019-03-01 深信服科技股份有限公司 Message processing method, device, equipment and storage medium
CN109413201A (en) * 2018-11-27 2019-03-01 东软集团股份有限公司 SSL traffic method, apparatus and storage medium
CN109413201B (en) * 2018-11-27 2021-06-29 东软集团股份有限公司 SSL communication method, device and storage medium
US11716314B2 (en) 2018-12-04 2023-08-01 Citrix Systems, Inc. System and apparatus for enhanced QOS, steering and policy enforcement for HTTPS traffic via intelligent inline path discovery of TLS terminating node
US11025601B2 (en) 2018-12-04 2021-06-01 Citrix Systems, Inc. System and apparatus for enhanced QOS, steering and policy enforcement for HTTPS traffic via intelligent inline path discovery of TLS terminating node
WO2020117676A1 (en) * 2018-12-04 2020-06-11 Citrix Systems, Inc. System and apparatus for enhanced qos, steering and policy enforcement for https traffic via intelligent inline path discovery of tls terminating node
CN109818939A (en) * 2018-12-29 2019-05-28 深圳市创梦天地科技有限公司 A kind of data processing method and equipment
CN110445802A (en) * 2019-08-16 2019-11-12 国家计算机网络与信息安全管理中心 Threat based on digital certificate finds model construction techniques
CN110826065A (en) * 2019-10-30 2020-02-21 亚信科技(成都)有限公司 Scanning method, device and system
CN111147465A (en) * 2019-12-18 2020-05-12 深圳市任子行科技开发有限公司 Method for auditing HTTPS (hypertext transfer protocol secure) content and proxy server
CN111711598A (en) * 2020-04-23 2020-09-25 中国电子科技网络信息安全有限公司 Sensitive data detection system for large-scale SSL/TLS encrypted session stream
CN113507438A (en) * 2021-06-04 2021-10-15 茂名市群英网络有限公司 Multistage defense system for ensuring use safety of network user
CN114389809A (en) * 2022-02-18 2022-04-22 山西清网信息技术有限公司 Information network security protection method for encrypted https protocol
CN114389809B (en) * 2022-02-18 2024-05-03 山西清网信息技术有限公司 Information network security protection method for encrypting https protocol

Similar Documents

Publication Publication Date Title
CN101141243A (en) A device and method for performing security inspection and content filtering on communication data
US10425387B2 (en) Credentials enforcement using a firewall
CN111034150B (en) Method and apparatus for selectively decrypting SSL/TLS communications
US10003616B2 (en) Destination domain extraction for secure protocols
US9197628B1 (en) Data leak protection in upper layer protocols
EP2147390B1 (en) Detection of adversaries through collection and correlation of assessments
US20180332079A1 (en) Efficient and secure user credential store for credentials enforcement using a firewall
US7953969B2 (en) Reduction of false positive reputations through collection of overrides from customer deployments
Adeyinka Internet attack methods and internet security technology
CN101141244B (en) Network enciphered data virus detection and elimination system and proxy server and method
CN101141447B (en) HTTPS communication tunnel safety examination and content filtering system and method
JP2024178324A (en) ENCRYPTED SNI FILTERING METHOD AND SYSTEM FOR CYBER SECURITY APPLICATIONS - Patent application
US20130103944A1 (en) Hypertext Link Verification In Encrypted E-Mail For Mobile Devices
US20160127316A1 (en) Highly secure firewall system
Mani et al. An extensive evaluation of the internet's open proxies
KR20220081145A (en) AI-based mysterious symptom intrusion detection and system
CA2793422C (en) Hypertext link verification in encrypted e-mail for mobile devices
Saxena et al. A study on vulnerable risks in security of cloud computing and proposal of its remedies
SOX This White Paper
Tariq et al. Evaluating the Effectiveness and Resilience of SSL/TLS, HTTPS, IPSec, SSH, and WPA/WPA2 in Safeguarding Data Transmission
Liubinskii The Great Firewall’s active probing circumvention technique with port knocking and SDN
Ganapathy Virtual Dispersive Network in the Prevention of Third Party Interception: A Way of Dealing with Cyber Threat
Geetu A Comprehensive Discussion on Network Security
Kumar et al. Analysis of Network Security Issue and Its Attack and Defence
Magpayo et al. Prevent a Wireless Attack

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: FORTINET INC.

Free format text: FORMER OWNER: FORTINET INFORMATION TECHNOLOGY (BEIJING) CO., LTD.

Effective date: 20090925

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20090925

Address after: California, USA

Applicant after: Fortinet, Inc.

Address before: Room 7, digital media building, No. 507 information road, Beijing, Haidian District, China: 100085

Applicant before: Fortinet,Inc.

C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20080312