Information processing method and device based on secure socket layer protocol authentication

Abstract

The embodiment of the invention provides an information processing method and device based on secure socket layer protocol authentication. The firewall equipment respectively acquires a client randomnumber, a server random number, an encryption algorithm and encryption random data from a first handshake message, a second handshake message and a key exchange message which are interacted between the user equipment and the server. The firewall equipment sends the encrypted random data and the encryption algorithm to the server. the server decrypts the encrypted random data by using the private key of the server and an encryption algorithm to obtain the original random data, and sends the original random data to the firewall equipment. And the firewall equipment generates an encryption key for communication between the user equipment and the server according to the original random data, the client random number and the server random number. By applying the technical scheme provided by theembodiment of the invention, security detection can be carried out on the encrypted data subjected to SSL protocol bidirectional authentication.

Description

technical field [0001] The present application relates to the field of communication technology, and in particular to an information processing method and device based on secure socket layer protocol authentication. Background technique [0002] With the development of Internet technology, more and more devices are connected to the Internet. In order to improve the security of communication between two devices, a Secure Sockets Layer (English: Secure Sockets Layer, SSL for short) protocol is often used for authentication, to establish an SSL connection, and then to encrypt transmitted data. SSL protocol authentication is divided into one-way authentication and two-way authentication. One-way authentication is the authentication of the user equipment to the server. Two-way authentication includes authentication of the server by the user equipment and authentication of the user equipment by the server. [0003] For one-way authentication, the SSL protocol authentication can...

AI Technical Summary

Problems solved by technology

But for two-way authentication, its original intention is to enhance the security level of SSL authentication and avoid fake visitors (attackers) in the network. Therefore, no matter from the perspective of the SSL protocol itself or the security requirements of the service provider, Unable to support two-way authentication simply by forging a middleman in a one-way authentication scenario

On the one hand, unless the server installs a firewall certificate, the firewall device cannot complete two-way authentication by forging an intermediary; on the other hand, if the server installs a firewall certificate, it means that the firewall device must have the same certificate security detection capabilities as the server, This is not possible for firewall devices, and for servers, this "authorization" to install firewall certificates is not allowed

[0006] Therefore, during two-way authentication, the firewall device cannot obtain the encryption key negotiated between the user device and the server, and thus cannot decrypt the data transmitted between the user device and the server, and cannot perform security detection on the data.

Images