Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A sensitive data detection system for large-scale ssl/tls encrypted session streams

A technology of sensitive data and detection system, applied in the field of network security, can solve the problems of inability to adapt to large-scale encrypted session stream processing, high task processing delay, affecting host business performance, etc., to improve the ability of rapid detection and processing, and improve parallelism The effect of processing power

Active Publication Date: 2022-07-05
CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
View PDF16 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its disadvantages are: it needs to obtain the encrypted private key, the key management process is complicated, and it cannot adapt to large-scale encrypted session flow; it is only suitable for the SSL / TLS protocol using the RSA key exchange mechanism
Its disadvantages are: the host application program needs to be modified, which affects the host business performance; the key management process is complicated and cannot adapt to the processing of large-scale encrypted session streams
Its disadvantages are that it will affect the communication process of both parties and reduce the performance of encrypted communication
[0008] In addition, the existing sensitive data leakage detection system uses a serial processing mechanism to process tasks such as data decryption and content detection, which cannot quickly process large-scale SSL / TLS encrypted session flows, and the task processing delay is relatively high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A sensitive data detection system for large-scale ssl/tls encrypted session streams

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The present invention will be further described below with reference to the accompanying drawings.

[0033] like figure 1 As shown, a sensitive data detection system for large-scale SSL / TLS encrypted session flow of the present invention includes:

[0034] The proxy decryption module is set at the Internet entrance and exit of the detection object, and performs intermediate proxy for the SSL / TLS encrypted data transmission process, and outputs the plaintext content;

[0035] The detection task production scheduling module calls the detection tool to generate detection tasks and task information, schedules the task processor to execute the detection task, and sends the task information to the detection result generation module;

[0036] The task processor module is used to perform detection tasks and generate task results;

[0037] Detection tool module, used to detect sensitive data contained in plaintext content;

[0038] The detection result generation module judge...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a sensitive data detection system oriented to large-scale SSL / TLS encrypted session flow, including: a proxy decryption module, which is set at the Internet entry and exit gateway of the detection object, performs intermediate proxy for the SSL / TLS encrypted data transmission process, and outputs plaintext Content; detection task production scheduling module, which calls detection tools to generate detection tasks and task information, schedules the task processor to execute detection tasks, and sends the task information to the detection result generation module; task processor module is used to execute detection tasks and generate The task result; the detection tool module is used to detect the sensitive data contained in the plaintext content; the detection result generation module is used to judge and merge according to the task information and the task result to generate the detection result. This system does not require complex decryption key management process, separates detection task production and result processing, produces detection tasks asynchronously, schedules task processing resources on demand, and can quickly process large-scale SSL / TLS encrypted session streams in real time.

Description

technical field [0001] The invention relates to the field of network security, in particular to a sensitive data detection system for large-scale SSL / TLS encrypted session flow. Background technique [0002] Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are the most widely used security enhancement protocols in the current network. They use an asymmetric encryption mechanism to complete the identity authentication and key of the encryption parties. Exchange, and then use a symmetric encryption mechanism to encrypt the transmitted data to ensure data security. The SSL and TLS protocols work between the transport layer and the application layer. By combining with the application layer protocols, high-security application layer protocols can be constructed, such as https and TLS / SSL-based instant messaging and secure mail. It is estimated that by 2020, more than 90% of Internet traffic will be encrypted traffic, most of which is based on SSL / TLS encryption. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/0471H04L63/30H04L63/166H04L63/168
Inventor 张位冯毓刘赟王瑶郝楠程丽君毛得明
Owner CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com