Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

HTTPS data flow audit method and system for carrier backbone network

A backbone network and operator technology, applied in the direction of transmission systems, electrical components, etc., can solve the problems of the middle section of the backbone network link, affecting the data transmission speed of the backbone network, and the impact of network users.

Active Publication Date: 2019-08-09
深圳市任子行科技开发有限公司 +1
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the above method is mainly used in a network environment with small network traffic (for example: the network traffic is lower than 1Gbps). If the data in the backbone network is to be audited, due to the large network traffic, once the backbone network link Inserting audit equipment in the middle will seriously affect the data transmission speed of the backbone network, and even cause the situation in the middle of the backbone network link, so that a large area of ​​network users will be affected

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTPS data flow audit method and system for carrier backbone network
  • HTTPS data flow audit method and system for carrier backbone network
  • HTTPS data flow audit method and system for carrier backbone network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] The embodiment of the present invention provides a kind of HTTPS data stream auditing method for operator's backbone network, is applicable to the HTTPS data stream auditing of operator's large-traffic backbone network (network traffic is above 1Gbps), see figure 1 , the method can include:

[0043] In step S11, the DNS request carrying the target domain name sent by the client in the operator's backbone network is obtained by means of bypass optical splitting.

[0044] In this embodiment, the backbone network is a high-speed network used to connect multiple regions or regions. The traffic of the backbone network of the operator is generally large. When performing a network security audit for this type of network, if the audit Equipment, will seriously affect the transmission speed of the backbone network, and even cause the backbone network link to be interrupted. Therefore, in order to avoid intrusion of audit equipment in the backbone network, the bypass splitting m...

Embodiment 2

[0065] The embodiment of the present invention provides a kind of HTTPS data flow auditing system oriented to the backbone network of the operator, which adopts the method described in the first embodiment, see Figure 4 , the system can include:

[0066] The DNS spoofing server 100 is connected to a client accessing the carrier's backbone network, and is used to obtain a DNS request carrying a target domain name sent by a client in the carrier's backbone network by bypassing optical splitting.

[0067] In this embodiment, the backbone network is a high-speed network used to connect multiple regions or regions (for example, in Figure 4 In the middle, it is a connection link between two different routers), the traffic of the backbone network of the operator is generally large, when performing network security audit for this type of network, if the audit device is connected in the middle of the backbone network, it will seriously Affect the transmission speed of the backbone n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an HTTPS data flow audit method and system oriented to an operator's backbone network. The method includes: adopting a bypass splitting method to obtain a DNS request carrying a target domain name sent by a client in an operator's backbone network; according to the obtained NDS request and the corresponding relationship between a preset domain name and a spoofed IP, Obtain the corresponding spoofed IP, and send the response information carrying the corresponding spoofed IP to the client; analyze the access data packet sent by the client according to the spoofed IP, and judge whether the access data packet is plaintext; when the access data packet is plaintext , audit access data packets through the SSLstrip audit server. The method of the invention does not need to insert auditing equipment into the backbone network, does not interfere with the transmission speed of the backbone network, can ensure the smooth progress of the audit work of sending clear text to the client, and does not interfere with the client's encrypted access to the target website.

Description

technical field [0001] The invention relates to the technical field of HTTPS auditing, in particular to an HTTPS data flow auditing method and system for an operator's backbone network. Background technique [0002] Hyper Text Transfer Protocol over Secure Socket Layer (HTTPS for short) is a transmission protocol for encrypted transmission by using Secure Socket Layer (Secure Socket Layer, "SSL" for short), which is equivalent to An SSL layer is added to the traditional Hyper Text Transfer Protocol (Hyper Text Transfer Protocol, referred to as "HTTP"), which is widely used in the transmission of sensitive information between the client and the website due to its security. [0003] The current general method for auditing HTTPS data streams is to use the middleman technology to proxy and forward the data flows sent from the client to the server. For example, the SSLstrip technology is a middleman technology that does not require the client to install an audit device certificat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/08H04L29/12H04L29/06
CPCH04L63/166H04L67/02H04L67/1036H04L61/4511H04L67/56
Inventor 刘永强程海龙沈智杰景晓军
Owner 深圳市任子行科技开发有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com