Method and device for controlling traffic of encrypted data flow

A flow control and data flow technology, applied in the field of network communication, which can solve the problems of lack of versatility, inability to identify and analyze, and unsystematic identification methods.

Active Publication Date: 2015-11-25
NEW H3C TECH CO LTD
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Even if there are very few identification and analysis methods, the identification methods are not systematic and unive

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for controlling traffic of encrypted data flow
  • Method and device for controlling traffic of encrypted data flow
  • Method and device for controlling traffic of encrypted data flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] In order to make the purpose, technical solutions and advantages of the present invention more clear, the solutions of the present invention will be further described in detail below with reference to the accompanying drawings.

[0019] The invention realizes the purpose of identifying the encrypted data flow by identifying the authentication process of the encryption protocol, thereby realizing the flow control of the encrypted data flow. The present invention takes the TLSv1 protocol as an example, introduces the identification process of the encryption protocol, so as to complete the control of the encrypted data flow of the protocol.

[0020] The TLSv1 protocol includes two protocol groups: the record protocol and the handshake protocol. In the handshake protocol, the certificate authentication part is included. Such as figure 1 As shown, when the TLSv1 protocol is used for single data stream transmission, the information transfer between the client (client) and t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a device for controlling traffic of an encrypted data flow. The method and the device are applied on bandwidth management equipment. The method comprises the steps of extracting the client IP address, the server end IP address and the target port number of an authentication message when the authentication message which carries authentication certificate using body information; inquiring whether the data flow item of the client IP address, the server end IP address and the target port number exists in a data flow table, and if not, creating a corresponding data flow item and adding the created data flow item into the data flow table; and if the encrypted data flow with the data flow item in the data flow table is detected, performing traffic control on the encrypted data flow. The method and the device realize traffic control for the authenticated encrypted data flow through identifying an authentication process.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a flow control method and device for an encrypted data flow. Background technique [0002] At present, there are more and more applications protected by SSL (SecureSocketsLayer, Secure Sockets Layer) / TLS (TransportLayerSecurity, Transport Layer Security), including Web-based and non-Web-based applications. SSL / TLS is a security protocol that provides security and data integrity for network communication, and encrypts network connections at the transport layer. TLS is the successor of SSL, and TLSv1 is the first version of the TLS protocol. [0003] In enterprise applications, facing more and more data encrypted by the TLSv1 protocol, it is particularly important to effectively identify these encrypted data through bandwidth management devices. It can help enterprises to limit the transmission of TLSv1 traffic in the network, and through the identification of TLSv1...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/801H04L29/06
Inventor 张惊申任方英
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap