Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Sensitive data detection system for large-scale SSL/TLS encrypted session flow

A technology of sensitive data and detection system, applied in the field of network security, can solve the problems of inability to adapt to large-scale encrypted session stream processing, high task processing delay, affecting host business performance, etc., to improve the ability of rapid detection and processing, and improve parallelism The effect of processing power

Active Publication Date: 2020-09-25
CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
View PDF16 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its disadvantages are: it needs to obtain the encrypted private key, the key management process is complicated, and it cannot adapt to large-scale encrypted session flow; it is only suitable for the SSL / TLS protocol using the RSA key exchange mechanism
Its disadvantages are: the host application program needs to be modified, which affects the host business performance; the key management process is complicated and cannot adapt to the processing of large-scale encrypted session streams
Its disadvantages are that it will affect the communication process of both parties and reduce the performance of encrypted communication
[0008] In addition, the existing sensitive data leakage detection system uses a serial processing mechanism to process tasks such as data decryption and content detection, which cannot quickly process large-scale SSL / TLS encrypted session flows, and the task processing delay is relatively high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Sensitive data detection system for large-scale SSL/TLS encrypted session flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The present invention will be further described below in conjunction with the accompanying drawings.

[0033] like figure 1 As shown, a kind of sensitive data detection system facing large-scale SSL / TLS encrypted session flow of the present invention includes:

[0034] The proxy decryption module is set at the Internet entry and exit gate of the detection object, and acts as an intermediate proxy for the SSL / TLS encrypted data transmission process, and outputs plain text content;

[0035] The detection task production scheduling module calls the detection tool to generate the detection task and task information, and schedules the task processor to execute the detection task, and at the same time sends the task information to the detection result generation module;

[0036] The task processor module is used to perform detection tasks and generate task results;

[0037] Detection tool module, used to detect sensitive data contained in plaintext content;

[0038] The de...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a sensitive data detection system for a large-scale SSL / TLS encrypted session stream. The system comprises an agent decryption module which is disposed at an Internet access gateway of a detection object, carries out the intermediate agent of an SSL / TLS encrypted data transmission process, and outputs the plaintext content, a detection task production scheduling module whichcalls a detection tool to generate a detection task and task information, schedules a task processor to execute the detection task, and sends the task information to a detection result generation module, a task processor module which is used for executing the detection task and generating a task result, a detection tool module which is used for detecting sensitive data contained in the plaintextcontent, and the detection result generation module which is used for judging and combining according to the task information and the task result to generate a detection result. According to the system, a complex decryption key management process is not needed, detection task production and result processing are separated, detection tasks are asynchronously produced, task processing resources arescheduled as required, and large-scale SSL / TLS encrypted session streams can be rapidly processed in real time.

Description

technical field [0001] The invention relates to the field of network security, in particular to a sensitive data detection system for large-scale SSL / TLS encrypted session flow. Background technique [0002] Transport Layer Security (Transport Layer Security, TLS) and Secure Sockets Layer (SecureSockets Layer, SSL) are the most widely used security enhancement protocols in the current network, which use asymmetric encryption mechanism to complete the encryption of both identity authentication and key Exchange, and then use the symmetric encryption mechanism to encrypt the transmitted data to ensure data security. The SSL and TLS protocols work between the transport layer and the application layer. By combining with the application layer protocol, a high-security application layer protocol can be constructed, such as https, TLS / SSL-based instant messaging, secure email, etc. It is estimated that by 2020, more than 90% of Internet traffic will be encrypted traffic, most of wh...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0471H04L63/30H04L63/166H04L63/168
Inventor 张位冯毓刘赟王瑶郝楠程丽君毛得明
Owner CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products