301 results about "Hypertext Transfer Protocol over Secure Socket Layer" patented technology

A method and apparatus for establishing a secure communication connection between a Java application or applet and a secure server is provided. An HTTPS handler is provided that may be used by Java applications or applets to establish secure communication connections with secure Web servers.

Methods and apparatus for implementing common authentication and security policies across applications served over a data transmission network, such as the internet, http or https, are disclosed. The common authentication and security policies are implemented without mandating specific changes to be applied to the applications themselves. An authentication process can be dynamically performed based on different needed security levels. Applications can be graphical (e.g., web) or voice in nature and can use any applicable and available security method.

A tunneling infrastructure provides TCP port forwarding from a client running on a client network to a server running on a server network, where the client and servers can be behind separate firewalls. To tunnel TCP, a "server socket" capability is provided, allowing the client to establish a connection to the server across the tunnel. A direct, port forwarding scheme is implemented. The client side is the driver for the tunnel operation. The client maintains multiple URL (Universal Resource Locator) connections to the server side tunnel allowing data to flow in both directions. The client's SendToServer connection(s) use the HTTP POST method to send data from the client side to the server side. The client's ReceiveFromServer connection(s) use the HTTP GET method, and allow data to be sent from the server side to the client side.

A key delivery mechanism that delivers keys to an OS platform (e.g., iOS platform) devices for decrypting encrypted HTTP live streaming data. An HTTPS URL for a stateless HTTPS service is included in the manifest for an encrypted HTTP live stream obtained by an application (e.g., a browser) on an OS platform device. The URL includes an encrypted key, for example as a query parameter value. The application passes the manifest to the OS. The OS contacts the HTTPS service to obtain the key using the URL indicated in the manifest. Since the encrypted key is a parameter of the URL, the encrypted key is provided to the HTTPS service along with information identifying the content. The HTTPS service decrypts the encrypted key and returns the decrypted key to the OS over HTTPS, thus eliminating the need for a database lookup at the HTTPS service.

Disclosed is a DDoS attack detection and response apparatus. The DDoS attack detection and response apparatus comprises: a receiver unit receiving HTTP requests from a client terminal which is characterized as an IP address; a data measuring unit computing the number of HTTP requests by IP and the number of URIs per HTTP over a certain time period; a DDoS discrimination unit comparing the number of HTTPs per URI with a threshold value and defining an access of the client terminal having the IP address as a DDoS attack when the number of HTTPs per URI is larger than the threshold value; and a blocking unit blocking packets from the IP address when the DDoS discrimination unit detects a DDoS attack.

A data center provides secure handling of HTTPS traffic using backend SSL decryption and encryption in combination with a load balancer such as a content switch. The load balancer detects HTTPS traffic and redirects it to an SSL offloading device for decryption and return to the load balancer. The load balancer then uses the clear text traffic for load balancing purposes before it redirects the traffic back to the SSL offloading device for re-encryption. Thereafter, the re-encrypted traffic is sent to the destination servers in the data center. In one embodiment, the combination with the back-end SSL with an intrusion detection system improves security by performing intrusion detection on the decrypted HTTPS traffic.

The invention discloses a public protocol Internet of things platform and a device access method. The public protocol Internet of things platform uses eMQTT message-oriented middleware based on an MQTT communication protocol, the EMQTT message-oriented middleware is deployed on server nodes in a cluster mode, and message synchronization is maintained among the server nodes. A database, a Redis database and an HTTPS protocol message access interface are also included. The HTTPS protocol message access interface adapts an HTTPS request to an MQTT protocol. The server nodes are deployed with a load balancing service, a device access service, a device management service, and a theme authority management service. Each service carries out communication through an RESTful API interface. By usingthe public protocol Internet of things platform and the device access method, the bidirectional authentication between a device end and a server side is realized, and the association between a certificate user and the theme authority of publishing subscription is also realized. At the same time, adaption to the MQTT protocol is implemented, and the controllability of a device access authority anda data transmission authority, and the safety of a data encryption transmission channel are ensured.

The invention provides a data interaction method, a client and a server, so as to solve the problems of requested replaying and client computer safety that cannot be solved by adopting HTTPS (Hyper Text Transfer Protocol Secure) technique. The method comprises the following steps: obtaining a timestamp from a service terminal; sending the first identifying information of a user, the timestamp and verifying data generated according to the first identifying information of the user and the timestamp to the service terminal; obtaining certified data encrypted by the service terminal, wherein the certified data comprises the encrypted data generated for the timestamp and second identifying information of the user; and using the certified data to access the service terminal. According to the method provided by the invention, HTTPS encryption and improved MD5 are used together while the encryptions at the client and service terminal are adopted, so that the possibility of distorting and falsifying data at 'end' and 'path' is efficiently avoided. Besides, the timeliness control is performed on interface calling by using effective time through the timestamp, so that the data damage risk caused by recording and largely replaying a user request is efficiently avoided.

The invention discloses a malicious URL detection intervention system. The system comprises a DNS proxy device, a credit evaluation device and a traffic intervention device, wherein the DNS proxy device is suitable for receiving a domain name resolution request, requesting a domain name credit evaluation device for the credit of a domain name, and returning back an IP address of the traffic intervention device to a user if the credit indicates that the domain name has security risks; the credit evaluation device comprises a domain name credit library, and is suitable for returning back the credit of the domain name in response to the request of the credit of the domain name; and the traffic intervention device is suitable for receiving an access request from the user and performing protocol identification for the access request, and is also suitable for extracting a URL from the access request which is identified as a request of a HTTP or HTTPS protocol, matching the URL with a malicious RUL library, and if matching is failed, being used as a reverse proxy to realize communication of the user and a destination server. The invention also discloses a corresponding domain name credit determining apparatus, a corresponding domain name credit library establishing apparatus and methods.

The present invention involves a new system and process for automatically controlling whether a displayed web page and associated frames displayed within a window of a web browser are secure or non-secure. For example, whether the displayed web page and associated frames are provided via a secure socket layer (SSL), i.e. a web page from an HTTPS address (secure), or simply via an HTTP address (non-secure), respectively. Specifically, the present invention uses a dynamic “Web Component” to remotely control web page security states. Further, the Web Component according to the present invention uses the same script and HTML for all implementations or instantiations of the Web Component, regardless of which, or how many, unique local clients make use of the Web Component. This code reuse is accomplished by using entry web pages, or “entry points,” as described in further detail below, to set the value of function properties or parameters of the Web Component for dynamically and controlling the security state of a web page having at least two frames. The script and/or HTML source code of the Web Component pages does not change based on each new implementation or instantiation. Consequently, little setup work is required for each implementation, and only a basic verification test pass is needed for each unique automatically customized Internet web page.

The invention provides a method for realizing WEB reverse proxy. After the user side inputs a first WEB reverse proxy processing request in the bookmark bar or the interface input box of a browser, the method comprises the following steps: the client transmits HTTP (Hyper Text Transport Protocol) / HTTPS request, the Uniform Resource Locator (URL) of the request includes an address of reverse proxy server SSLVPN (Secure Socket Layer Virtual Private Network), an address of an accessed background server and a resource route of the accessed background server; the reverse proxy server SSLNPN extracts the address and the resource route of the accessed background server and forwards the request normally after intercepting the request. In the invention, a response header processes the HTTP request without any replacement in the HTML (Hyper Text Markup Language) page, a relative URL process and an absolute URL format process based on the redirection can be efficiently finished on the Web server by a formative URL.

A system and method for uniquely identifying an SIP device extends the SIP communications protocol with an end point identifier, carried for example in the header of an SIP transmission. The end point identifier is useful for routing, registration, subscription, and authentication. The end point (device) of a given user epid can be uniquely identified by creating a key from an epid and a user's address-of-record (URI). This in turn enables improved connection management and security association management when the connections/IP addresses are transient, such as when HTTPS tunneling is used.

The invention discloses an HTTPS proxy forwarding method and device based on a transmission control protocol. The method comprises the steps that transmission control protocol connection is set up between a certificateless HTTPS proxy server and a client side; the certificateless HTTPS proxy server receives a security socket layer connection request from the client side; the certificateless HTTPS proxy server obtains a source station domain name by analyzing the security socket layer connection request; the certificateless HTTPS proxy server obtains a source station network interconnection protocol address corresponding to the source station domain name by inquiring a computer domain name system server; transmission control protocol connection is set up between the certificateless HTTPS proxy server and a source station corresponding to the source station network interconnection protocol address, and the certificateless HTTPS proxy server forwards the security socket layer connection request to a source station corresponding to the source station network interconnection protocol address. Through the HTTPS proxy forwarding method and device based on the transmission control protocol, a general HTTPS proxy forwarding function is achieved, and meanwhile the effect of saving IP sources is achieved.

The invention discloses a method achieving XenServer virtual machine remote control on https. The method comprises a VNC client capable of operating on a browser and a VNC agent server used for identity verification and RFB data transmission, wherein the VNC client is based on a Java Applet technology, transmits VNC remote control data through the https, deploys on a web and a Java application server and can operate on the browser provided with JVM. Because the https is adopted to transmit the data, the VNC client can solve the problem that a firewall limits outer network access well. The VNC agent server is used for solving the problem of Applet safe limit when the VNC client accesses a VNC service end of an XenServer, and at the same time achieves safe verification to client identity through an XML-RPC interface of the XenServer. The method enables any browser of the client to achieve the remote control and access of an XenServer virtual machine.

A system and methods for mitigation slow HTTP, SSL/HTTPS, SMTP, and/or SIP attacks. A protection system monitors each TCP connection between a client and a server. The protection system monitors the header request time and minimum transfer rate for each client and TCP connection. If the client has not completed the data transfer in the minimum time or the data are not transferred at the minimum transfer rate, the protection system determines the connections are potentially a slow attack and resets the connections for the protected devices.

The invention discloses a security certificate gateway, comprising a client crypto module, a client business module, a service business module and a service crypto module, wherein the client business module is used as an agent of an application client and used for calling the client crypto module and the service business module interactively to build an encrypted connection; and the service business module is used for calling the service crypto module and the service business module to build a secure encrypted channel. Based on the high-strength identity authentication service, the high-strength data link encryption service and the digital signature and authentication service of a digital certificate, the gateway provided by the invention effectively protects secure access of network resources, and supports B/S applications of a hypertext transport protocol (HTTP) and hypertext transfer protocol secure (HTTPS) as well as common C/S applications of a file transfer protocol (FTP), a remote desktop and the like.

The invention discloses a data communication method and device based on the https (hypertext transfer protocol over secure socket layer). The method comprises steps as follows: an access request for a server is initiated on a browser side on the basis of the Https; a digital certificate, returned by the server, of the server for the access request is received; whether a root certificate of the digital certificate of the server is issued by a root certificate authority trusted by a current operating system where a browser is located or not is judged; if no, whether the root certificate of the digital certificate of the server is issued by the root certificate authority trusted by the browser or not is judged; if yes, the browser and the server determine an encrypted communication message and communicate with each other through the encrypted communication message. With the adoption of the data communication method and device, authentication modes of the digital certificates are enriched, and the authentication passing probability of the digital certificates of the server is increased.