Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

HTTPS data flow auditing method and system oriented on operator backbone network

A backbone network, operator technology, applied in the direction of transmission system, electrical components, etc., can solve the problems of the middle section of the backbone network link, affecting the data transmission speed of the backbone network, and the impact of network users.

Active Publication Date: 2017-02-22
深圳市任子行科技开发有限公司 +1
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the above method is mainly used in a network environment with small network traffic (for example: the network traffic is lower than 1Gbps). If the data in the backbone network is to be audited, due to the large network traffic, once the backbone network link Inserting audit equipment in the middle will seriously affect the data transmission speed of the backbone network, and even cause the situation in the middle of the backbone network link, so that a large area of ​​network users will be affected

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTPS data flow auditing method and system oriented on operator backbone network
  • HTTPS data flow auditing method and system oriented on operator backbone network
  • HTTPS data flow auditing method and system oriented on operator backbone network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] The embodiment of the present invention provides a kind of HTTPS data stream auditing method for operator's backbone network, is applicable to the HTTPS data stream auditing of operator's large-traffic backbone network (network traffic is above 1Gbps), see figure 1 , the method can include:

[0043] In step S11, the DNS request carrying the target domain name sent by the client in the operator's backbone network is obtained by means of bypass optical splitting.

[0044] In this embodiment, the backbone network is a high-speed network used to connect multiple regions or regions. The traffic of the backbone network of the operator is generally large. When performing a network security audit for this type of network, if the audit Equipment, will seriously affect the transmission speed of the backbone network, and even cause the backbone network link to be interrupted. Therefore, in order to avoid intrusion of audit equipment in the backbone network, the bypass splitting m...

Embodiment 2

[0065] The embodiment of the present invention provides a kind of HTTPS data flow auditing system oriented to the backbone network of the operator, which adopts the method described in the first embodiment, see Figure 4 , the system can include:

[0066] The DNS spoofing server 100 is connected to a client accessing the carrier's backbone network, and is used to obtain a DNS request carrying a target domain name sent by a client in the carrier's backbone network by bypassing optical splitting.

[0067] In this embodiment, the backbone network is a high-speed network used to connect multiple regions or regions (for example, in Figure 4 In the middle, it is a connection link between two different routers), the traffic of the backbone network of the operator is generally large, when performing network security audit for this type of network, if the audit device is connected in the middle of the backbone network, it will seriously Affect the transmission speed of the backbone n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a HTTPS data flow auditing method and system oriented on an operator backbone network. The method comprises the following steps of: obtaining a DNS request sent by a client side and carrying a target domain name in the operator backbone network through a bypass spectroscopic manner; according to the obtained DNS request and a pre-set corresponding relationship between the domain name and a deception IP, obtaining a corresponding deception IP, and sending response information carrying the corresponding deception IP to the client side; analyzing an access data message sent by the client side according to the deception IP, and judging whether the access data message is a plaintext or not; and, when the access data message is the plaintext, auditing the access data message through an SSLstrip auditing server. By means of the method disclosed by the invention, auditing equipment does not need to be inserted in the backbone network; the transmission speed of the backbone network is not interfered; the audio work for sending the plaintext to the client side can be carried out smoothly; and furthermore, encrypted access of the client side to a target website is not interfered.

Description

technical field [0001] The invention relates to the technical field of HTTPS auditing, in particular to an HTTPS data flow auditing method and system for an operator's backbone network. Background technique [0002] Hyper Text Transfer Protocol over Secure Socket Layer (HTTPS for short) is a transmission protocol for encrypted transmission by using Secure Socket Layer (Secure Socket Layer, "SSL" for short), which is equivalent to An SSL layer is added to the traditional Hyper Text Transfer Protocol (Hyper Text Transfer Protocol, referred to as "HTTP"), which is widely used in the transmission of sensitive information between the client and the website due to its security. [0003] The current general method for auditing HTTPS data streams is to use the middleman technology to proxy and forward the data flows sent from the client to the server. For example, the SSLstrip technology is a middleman technology that does not require the client to install an audit device certificat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L29/12H04L29/06
CPCH04L63/166H04L67/02H04L67/1036H04L61/4511H04L67/56
Inventor 刘永强程海龙沈智杰景晓军
Owner 深圳市任子行科技开发有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com