[go: up one dir, main page]

CN106961439B - A kind of HTTPS encrypted transmission method and device - Google Patents

A kind of HTTPS encrypted transmission method and device Download PDF

Info

Publication number
CN106961439B
CN106961439B CN201710209940.5A CN201710209940A CN106961439B CN 106961439 B CN106961439 B CN 106961439B CN 201710209940 A CN201710209940 A CN 201710209940A CN 106961439 B CN106961439 B CN 106961439B
Authority
CN
China
Prior art keywords
access request
request message
https
message
client device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710209940.5A
Other languages
Chinese (zh)
Other versions
CN106961439A (en
Inventor
吴庆
贾新奎
谢波
王挺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPtech Information Technology Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201710209940.5A priority Critical patent/CN106961439B/en
Publication of CN106961439A publication Critical patent/CN106961439A/en
Application granted granted Critical
Publication of CN106961439B publication Critical patent/CN106961439B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides a kind of HTTPS encrypted transmission method and device.In the application, HTTPS service-specific equipment is after the access request message for receiving client device transmission, it can determine in the message whether include HTTPS service keyword, if not including, then HTTPS redirection message is returned to client device, so that it sends the access request message including HTTPS service keyword, the encrypted transmission of data between client device and Web server is thereby guaranteed that, ensure the safety of data transmission.

Description

A kind of HTTPS encrypted transmission method and device
Technical field
This application involves network communication technology field more particularly to a kind of HTTPS encrypted transmission methods and device.
Background technique
Risk, client device and Web server both sides one are transmitted to avoid data tampering, privacy of user from the data such as stealing As by install corresponding HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, Hypertext transfer protocol on the basis of Secure Socket Layer) associated component, the encrypted transmission of Lai Shixian data.
And for some small-sized Web servers, such as Campus Network Server for, it is contemplated that encryption and decryption operation extremely consumes The case where taking the processor resource of server preciousness HTTPS service-specific equipment can be used generally to substitute Web server and carry out The encryption and decryption operation of data.But its deficiency is, user needs to be manually entered this clothes of HTTPS when carrying out server access Keyword be engaged in enable the data encrypting and deciphering function of special equipment, and when the service keyword of user's input is HTTP or omission When the input of service keyword, the access request of user directly will be pass-through to Web server by special equipment, that is to say, that In this case, there is no the encrypted transmissions for realizing data between client device and Web server, and this will be to be passed data Bury the transmission hidden danger for being maliciously tampered or stealing.
Summary of the invention
In view of this, the application provides a kind of HTTPS encrypted transmission method and device, when the service key of user's input When word is HTTP or omits the input of service keyword, avoid by biography data to bury the transmission for being maliciously tampered or stealing hidden Suffer from.
According to the embodiment of the present application in a first aspect, a kind of HTTPS encrypted transmission method is provided, applied to HTTPS service Special equipment, which comprises
Receive message;
Judge received message whether be client device send access request message;
When received message be the access request message that client device is sent when, determine in access request message whether Including HTTP service keyword;
If it is, HTTPS redirection message is returned to the client device, so that client device transmission includes The access request message of HTTPS service keyword;
After the access request message including HTTPS service keyword for receiving client device transmission, to the access Request message is decrypted, and the access request message after decryption is sent to Web server.
According to the second aspect of the embodiment of the present application, a kind of HTTPS encrypted transmission device is provided, is applied to HTTPS and services Special equipment, described device include:
Receiving unit, for receiving message;
Judging unit, for judging received message whether be client device send access request message;
HTTP determination unit, for when received message be client device send access request message when, determine It whether include HTTP service keyword in access request message;
Return unit, for when in access request message including HTTP service keyword, Xiang Suoshu client device to be returned HTTPS redirection message is returned, so that client device sends the access request message including HTTPS service keyword;
Decryption unit, in the access request report including HTTPS service keyword for receiving client device transmission The access request message is decrypted in Wen Hou;
Transmission unit, for the access request message after decryption to be sent to Web server.
In the application, HTTPS service-specific equipment, can be true after the access request message for receiving client device transmission Whether include HTTPS service keyword in the fixed message, if not including, returns to HTTPS to client device and redirect report Text thereby guarantees that client device and Web server so that it sends the access request message including HTTPS service keyword Between data encrypted transmission, ensure data transmission safety.
Detailed description of the invention
Fig. 1 is the schematic diagram of a scenario of the application HTTPS encrypted transmission method;
Fig. 2 is a kind of flow chart of HTTPS encrypted transmission method of the application;
Fig. 3 is a kind of one embodiment flow chart of HTTPS encrypted transmission method of the application;
Fig. 4 is a kind of the first structure chart of HTTPS encrypted transmission device of the application;
Fig. 5 is a kind of second of structure chart of HTTPS encrypted transmission device of the application;
Fig. 6 is a kind of the third structure chart of HTTPS encrypted transmission device of the application;
Fig. 7 is a kind of the 4th kind of structure chart of HTTPS encrypted transmission device of the application.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application. It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination ".
It is the schematic diagram of a scenario of the application HTTPS encrypted transmission method referring to Fig. 1, Fig. 1.The schematic diagram may include: visitor Family end equipment, Web server and HTTPS service-specific equipment, wherein client device and HTTPS service-specific equipment it Between, link is had between HTTPS service-specific equipment and Web server and between client device and Web server Connection.Under normal conditions, risk, client device and Web service are transmitted to avoid data tampering, privacy of user from the data such as stealing Device both sides generally pass through the corresponding HTTPS associated component of installation, the encrypted transmission of Lai Shixian data.And for some small-sized For Web server, such as Campus Network Server, it is contemplated that encryption and decryption operation very expends the processor resource of server preciousness The case where, and the corresponding HTTPS associated component of required installation itself may also have certain security breaches, so usually HTTPS service-specific equipment is selected to substitute the encryption and decryption operation that Web server carries out data.
It is done so that deficiency be that user needs to be manually entered this service of HTTPS when carrying out server access Keyword enables the data encrypting and deciphering function of special equipment, and when the service keyword of user's input is HTTP or omits clothes When the input of business keyword, the access request of user directly will be pass-through to Web server by special equipment, that is to say, that at this In the case of kind, there is no the encrypted transmissions for realizing data between client device and Web server, and this will be buried to be passed data Under the transmission hidden danger that is maliciously tampered or steals.
In view of this, the application provides a kind of HTTPS encrypted transmission method and device, when the service key of user's input When word is HTTP or omits the input of service keyword, avoid by biography data to bury the transmission for being maliciously tampered or stealing hidden Suffer from.
In order to make those skilled in the art more fully understand the technical solution in the embodiment of the present application, and keep the application real The above objects, features, and advantages for applying example can be more obvious and easy to understand, with reference to the accompanying drawing to technical side in the embodiment of the present application Case is described in further detail.
Referring to fig. 2, Fig. 2 is a kind of flow chart of HTTPS encrypted transmission method of the application, which may include following Step:
Step 201:HTTPS service-specific equipment receives message.
This method embodiment is applied to HTTPS service-specific equipment.
Step 202: judge received message whether be client device send access request message.If it is, Execute step 203.
In this method embodiment, HTTPS service-specific equipment can according to include in received message source IP address Determine institute received message whether be client device transmission access request message.
Step 203: determining in access request message whether include HTTP service keyword.If so, thening follow the steps 204。
In this method embodiment, before executing this step 203, HTTPS service-specific equipment can determine step first The mark of included website to be visited whether there is in preconfigured access list in access request message in 202, In the presence of mark when website to be visited included in access request message is in preconfigured access list, this step is executed Rapid 203;And when the mark of website to be visited included in access request message is not present in preconfigured access list When, then it can be by access request message transmission to Web server.
In this method embodiment, when in access request message not including HTTP service keyword, HTTPS service is dedicated to be set Whether standby can determine in the access request message includes HTTPS service keyword, when including that HTTPS takes in the access request message When business keyword, then the access request message is decrypted, and the access request message after decryption is sent to Web service Device;And when not including HTTPS service keyword in the access request message, then the access request message transmission to Web is taken Business device.
Step 204: HTTPS redirection message is returned to client device, so that it includes that HTTPS takes that client device, which is sent, The access request message of business keyword.
In this method embodiment, it for the explanation of this step, will be illustrated, wouldn't go to live in the household of one's in-laws on getting married herein in the examples below It states.
Step 205: after the access request message including HTTPS service keyword for receiving client device transmission, The access request message is decrypted, the access request message after decryption is sent to Web server.
In this method embodiment, it for the explanation of this step, will be illustrated, wouldn't go to live in the household of one's in-laws on getting married herein in the examples below It states.
HTTPS service-specific equipment is in the visit for receiving client device transmission it can be seen from above method embodiment After asking access request message, it may be determined that whether include HTTPS service keyword in the message, if not including, to client Equipment returns to HTTPS redirection message, so that it sends the access request message including HTTPS service keyword, thereby guarantees that The encrypted transmission of data between client device and Web server ensures the safety of data transmission.
It is a kind of one embodiment flow chart of HTTPS encrypted transmission method of the application referring to Fig. 3, Fig. 3.With the above method Unlike embodiment, the present embodiment will be illustrated part steps in conjunction with specific example, have stronger practical operation meaning Justice, specifically, the present embodiment may comprise steps of:
Step 301:HTTPS service-specific equipment receives message.
The present embodiment is applied to HTTPS service-specific equipment.It will be appreciated by persons skilled in the art that HTTPS is serviced The alternative Web server of special equipment and client device are established SSL and are connect or TLS (Transport Layer Security, Transport Layer Security) connection, to be carried out after receiving the message including HTTPS service keyword to the message Decryption, and the message after decryption is sent to Web server, and include that HTTP service closes receive Web server transmission After the message of key word, then the message can be encrypted, and encrypted message is sent to client device.
Step 302: judge received message whether be client device send access request message.If it is, Execute step 303.
In the present embodiment, HTTPS service-specific equipment can according to include in received message source IP address, determine institute Received message whether be client device send access request message.It will be appreciated by persons skilled in the art that HTTPS Service-specific equipment can pre-save the table to be checked that a record has client device IP address and server ip address in local, The table to be checked can be obtained by study.When receiving a message, HTTPS service-specific equipment can be by will be in message Source IP address is matched with the IP address in table to be checked, to determine that the source IP address is client device IP address or clothes Be engaged in device IP address, and thereby determine that institute received message whether be client device transmission access request message.
Step 303: determining the mark of website to be visited included in access request message in preconfigured Access Column It whether there is in table.If so, 304 are thened follow the steps, it is no to then follow the steps 310.
In the present embodiment, above-mentioned access list records the mark for the website for having this HTTPS service-specific equipment to be responsible for management With with the associated key in the website.It is worth noting that HTTPS service-specific equipment may be only to certain in Web server Website carries out the encryption and decryption operation of data, and the corresponding mark in these websites is recorded in list of websites for inquiry.And this The associated key in a little websites is then by HTTPS service-specific equipment during with client device establishes SSL or STL is connect Negotiate to obtain, the message data received is encrypted or be decrypted.Wherein, to data message carry out encryption or Person decryption key it is generally different, the two keys be generally comprised in the digital certificate of website unique association to be visited, but In view of message data involved in the application specific encryption and decryption operation not within the scope of the application is claimed, therefore not It repeats.
In the present embodiment, the mark of website to be visited can be by the domain name unique identification of website to be visited, and according to reality Situation, above-mentioned domain name are also possible to IP address or domain name and port numbers or IP address and port numbers etc..
Step 304: determining in access request message whether include HTTP service keyword.If so, thening follow the steps 305, it is no to then follow the steps 308.
In the present embodiment, if include in access request message is HTTP service keyword, show client device Transmitted access request message is transmitted in the form of plaintext.At this point, in order to guarantee subsequent institute's transmitting message content Safety, which can't be directly pass-through to Web server by HTTPS service-specific equipment, but with step Rapid 305 mode requires client device to retransmit the access request message that the service keyword for including is HTTPS.
Step 305: HTTPS redirection message is returned to client device, so that it includes that HTTPS takes that client device, which is sent, The access request message of business keyword.
In the present embodiment, after determining the service keyword for including in access request message is HTTP, HTTPS service is dedicated Equipment can send a feedback message to client device, so that client device is sent by service keyword of HTTPS for Web The access request message of server.It is close using consulting in advance with HTTPS service-specific equipment that this requires client devices Key encrypts transmitted access request message, obtains wherein website to send in the form of ciphertext to Web server The access request message of resource.And when HTTPS service-specific equipment receive Web server with plaintext version returns including upper After the request request response message for stating site resource, then response message can be requested to encrypt the request, in the form of ciphertext Request request response message is back to client device, thus between client device and HTTPS service-specific equipment Realize the encrypted transmission of data.
Step 306: after the access request message including HTTPS service keyword for receiving client device transmission, The corresponding key of mark of website to be visited included by the access request message is searched in above-mentioned access list.
In the present embodiment, if it is assumed that the website to be visited for including in access request message is the official website of Tsinghua University, and Assuming that in list of websites with the associated key in the website be KEY1, then HTTPS service-specific equipment inquires in list of websites List item can be expressed as the form of table 1:
Website logo Key
www.tsinghua.edu.cn KEY1
Table 1
Step 307: utilizing the found key pair access request message to be decrypted, by the access request report after decryption Text is sent to Web server.
So far, the present embodiment process can terminate.
Step 308: determining in access request message whether include HTTPS service keyword.If so, thening follow the steps 309, it is no to then follow the steps 310.
Step 309: the mark that website to be visited included by access request message is searched in above-mentioned access list is corresponding Key, utilize the found key pair access request message to be decrypted, the access request message after decryption be sent to Web server.
In the present embodiment, this step 309 is identical as the explanation that step 306 need to be made, therefore does not repeat.
Step 310: by access request message transmission to Web server.
In the present embodiment, if the service key for including in the access request message that HTTPS service-specific equipment receives Word then can determine that such access request message is not belonging to the more demanding report of security level neither HTTPS is also not HTTP Text, therefore can be directly by the message transmission to Web server.
In the present embodiment, if the received message of HTTPS service-specific equipment institute is by Web server in step 302 Response message is requested in the request of transmission, then can determine whether the mark for returning to the website of the message deposits in above-mentioned list of websites , and in the presence of, determine in the message whether to include HTTP service keyword, when including HTTP service keyword in the message When, then it searches in list of websites and is encrypted with the associated key in the website, the key pair message then found using this, And encrypted message is sent to client device.And in the list of websites there is no the mark for the website for returning to the message or It, then can be directly by the message transmission to visitor when the service keyword for including in person's message is other service keywords such as HTTPS Family end equipment.
As can be seen from the above embodiments, HTTPS service-specific equipment is asked in the access for receiving client device transmission After seeking message, it may be determined that whether include HTTPS service keyword in the message, if not including, returned to client device HTTPS redirection message thereby guarantees that client is set so that it sends the access request message including HTTPS service keyword The encrypted transmission of the standby data between Web server ensures the safety of data transmission.
Corresponding with a kind of aforementioned embodiment of HTTPS encrypted transmission method, present invention also provides a kind of HTTPS encryptions The embodiment of transmitting device.
Referring to fig. 4, Fig. 4 is a kind of the first structure chart of HTTPS encrypted transmission device of the application, which is used for HTTPS service-specific equipment may include: receiving unit 410, judging unit 420, HTTP determination unit 430, return unit 440, decryption unit 450, transmission unit 460.
Wherein, receiving unit 410, for receiving message;
Judging unit 420, for judging received message whether be client device send access request message;
HTTP determination unit 430, for when received message be client device send access request message when, really Determine in access request message whether to include HTTP service keyword;
Return unit 440, for being returned to client device when in access request message including HTTP service keyword HTTPS redirection message, so that client device sends the access request message including HTTPS service keyword;
Decryption unit 450, in the access request including HTTPS service keyword for receiving client device transmission After message, which is decrypted;
Transmission unit 460, for the access request message after decryption to be sent to Web server.
In the first implementation of present apparatus embodiment, judging unit 420 can be specifically used for: received according to institute The source IP address that includes in message determine the received message of institute whether be client device transmission access request message.
In second of implementation of present apparatus embodiment, above-mentioned apparatus can also include: mark determination unit 470, Transparent transmission unit 480 is a kind of second of structure chart of HTTPS encrypted transmission device of the application for details, reference can be made to Fig. 5, Fig. 5.
Wherein, identify determination unit 470, in determining access request message whether include HTTP service keyword it Before, determine that the mark of website to be visited included in access request message whether there is in preconfigured access list;
HTTP determination unit 430, specifically for when the mark of website to be visited included in access request message is pre- In the presence of in the access list first configured, determine in access request message whether include HTTP service keyword;
Transparent transmission unit 480, for when the mark of website to be visited included in access request message is preconfigured In the absence of in access list, by access request message transmission to Web server.
In the third implementation of present apparatus embodiment, device described in above-mentioned second of implementation can be with Include: HTTPS determination unit 490, searching unit 500, is a kind of HTTPS encrypted transmission of the application for details, reference can be made to Fig. 6, Fig. 6 The third structure chart of device.
HTTPS determination unit 490, for determining access when in access request message not including HTTP service keyword It whether include HTTPS service keyword in request message;
Searching unit 500 is used for when in access request message including HTTPS service keyword, in above-mentioned access list The middle corresponding key of mark for searching website to be visited included by access request message;
Then decryption unit 450 are also used to be decrypted using above-mentioned key pair access request message;
Transmission unit 460 is also used to the access request message after decryption being sent to Web server.
In the 4th kind of implementation of present apparatus embodiment, device corresponding to the first above-mentioned structure chart can also be wrapped Include: HTTPS determination unit 490, transparent transmission unit 480 are a kind of HTTPS encrypted transmission dresses of the application for details, reference can be made to Fig. 7, Fig. 7 The 4th kind of structure chart set.
Wherein, HTTPS determination unit 490, for determining when in access request message not including HTTP service keyword It whether include HTTPS service keyword in access request message;
Then decryption unit 450, when being also used in access request message including HTTPS service keyword, to access request Message is decrypted;
Transmission unit 460 is also used to the access request message after decryption being sent to Web server;
Transparent transmission unit 480, for when in access request message not including HTTPS service keyword, by access request report Text is pass-through to Web server.
It can be seen that HTTPS service-specific equipment in the visit for receiving client device transmission from apparatus above embodiment After asking request message, it may be determined that whether include HTTPS service keyword in the message, if not including, to client device HTTPS redirection message is returned, so that it sends the access request message including HTTPS service keyword, thereby guarantees that client The encrypted transmission of data between end equipment and Web server ensures the safety of data transmission.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.

Claims (8)

1. a kind of HTTPS encrypted transmission method is applied to HTTPS service-specific equipment, which is characterized in that the described method includes:
Receive message;
Judge received message whether be client device send access request message;
When received message be the access request message that client device is sent when, determine in access request message whether include HTTP service keyword;
If it is, HTTPS redirection message is returned to the client device, so that it includes HTTPS that client device, which is sent, The access request message of service keyword;
After the access request message including HTTPS service keyword for receiving client device transmission, to the access request Message is decrypted, and the access request message after decryption is sent to Web server;
Before whether including HTTP service keyword in determining access request message, further includes:
Determine in the access request message mark of included website to be visited in preconfigured access list whether In the presence of, wherein the mark for the website that access list record has the HTTPS service-specific equipment to be managed and with the website Associated key;
If it is present whether determine in access request message includes HTTP service keyword;
If it does not exist, then by the access request message transmission to Web server.
2. the method according to claim 1, wherein described judge whether the received message of institute is client device The access request message of transmission, comprising:
According to include in received message source IP address determine the received message of institute whether be client device transmission visit Ask request message.
3. the method according to claim 1, wherein the method also includes:
When in access request message not including HTTP service keyword, determine in the access request message whether include HTTPS service keyword;
If it is, the mark for searching website to be visited included by the access request message in the access list is corresponding Key;
It is decrypted using access request message described in the key pair, the access request message after decryption is sent to Web clothes Business device.
4. the method according to claim 1, wherein the method also includes:
When in access request message not including HTTP service keyword, determine in the access request message whether include HTTPS service keyword;
If it is, the access request message is decrypted, the access request message after decryption is sent to Web service Device;
If it is not, then by the access request message transmission to Web server.
5. a kind of HTTPS encrypted transmission device, it is applied to HTTPS service-specific equipment, which is characterized in that described device includes:
Receiving unit, for receiving message;
Judging unit, for judging received message whether be client device send access request message;
HTTP determination unit, for when received message be client device send access request message when, determine access It whether include HTTP service keyword in request message;
Return unit, for when in access request message including HTTP service keyword, Xiang Suoshu client device to be returned HTTPS redirection message, so that client device sends the access request message including HTTPS service keyword;
Decryption unit, for receive client device transmission the access request message including HTTPS service keyword after, The access request message is decrypted;
Transmission unit, for the access request message after decryption to be sent to Web server;
Described device further include:
Determination unit is identified, described in determining before whether including HTTP service keyword in determining access request message The mark of included website to be visited whether there is in preconfigured access list in access request message, wherein institute State access list record there is the HTTPS service-specific equipment to be managed website mark and with the associated key in the website;
The HTTP determination unit, specifically for when the mark of website to be visited included in the access request message is pre- In the presence of in the access list first configured, determine in access request message whether include HTTP service keyword;
Transparent transmission unit, for when the mark of website to be visited included in the access request message is in preconfigured access In the absence of in list, by the access request message transmission to Web server.
6. device according to claim 5, which is characterized in that the judging unit is specifically used for:
According to include in received message source IP address determine the received message of institute whether be client device transmission visit Ask request message.
7. device according to claim 5, which is characterized in that described device further include:
HTTPS determination unit, for determining the access request when in access request message not including HTTP service keyword It whether include HTTPS service keyword in message;
Searching unit, for being looked into the access list when in the access request message including HTTPS service keyword Look for the corresponding key of mark of website to be visited included by the access request message;
The decryption unit is also used to be decrypted using access request message described in the key pair;
The transmission unit is also used to the access request message after decryption being sent to Web server.
8. device according to claim 5, which is characterized in that described device further include:
HTTPS determination unit, for determining the access request when in access request message not including HTTP service keyword It whether include HTTPS service keyword in message;
The decryption unit asks the access when being also used in the access request message including HTTPS service keyword Message is asked to be decrypted;
The transmission unit is also used to the access request message after decryption being sent to Web server;
Transparent transmission unit, for when not including HTTPS service keyword in the access request message, by the access request report Text is pass-through to Web server.
CN201710209940.5A 2017-03-31 2017-03-31 A kind of HTTPS encrypted transmission method and device Active CN106961439B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710209940.5A CN106961439B (en) 2017-03-31 2017-03-31 A kind of HTTPS encrypted transmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710209940.5A CN106961439B (en) 2017-03-31 2017-03-31 A kind of HTTPS encrypted transmission method and device

Publications (2)

Publication Number Publication Date
CN106961439A CN106961439A (en) 2017-07-18
CN106961439B true CN106961439B (en) 2019-09-17

Family

ID=59483188

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710209940.5A Active CN106961439B (en) 2017-03-31 2017-03-31 A kind of HTTPS encrypted transmission method and device

Country Status (1)

Country Link
CN (1) CN106961439B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107634969B (en) * 2017-10-26 2020-07-10 迈普通信技术股份有限公司 Data interaction method and device
CN107995188A (en) * 2017-11-30 2018-05-04 杭州迪普科技股份有限公司 A kind of device and method for realizing test equipment and equipment under test data transfer

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034981A (en) * 2006-03-07 2007-09-12 上海品伟数码科技有限公司 Network access control system and its control method
CN101119274A (en) * 2007-09-12 2008-02-06 杭州华三通信技术有限公司 Method for improving treatment efficiency of SSL gateway and SSL gateway
CN102638346A (en) * 2012-05-12 2012-08-15 杭州迪普科技有限公司 Method and device for authorizing subscriber digital certificate
CN103618743A (en) * 2013-12-09 2014-03-05 北京星网锐捷网络技术有限公司 Service access method, speed-up client, speed-up server and system
CN105721479A (en) * 2016-03-02 2016-06-29 北京网康科技有限公司 URL filtering method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7093279B2 (en) * 2001-03-28 2006-08-15 Intel Corporation Method and system for automatic invocation of secure sockets layer encryption on a parallel array of Web servers
US7634572B2 (en) * 2004-12-22 2009-12-15 Slipstream Data Inc. Browser-plugin based method for advanced HTTPS data processing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034981A (en) * 2006-03-07 2007-09-12 上海品伟数码科技有限公司 Network access control system and its control method
CN101119274A (en) * 2007-09-12 2008-02-06 杭州华三通信技术有限公司 Method for improving treatment efficiency of SSL gateway and SSL gateway
CN102638346A (en) * 2012-05-12 2012-08-15 杭州迪普科技有限公司 Method and device for authorizing subscriber digital certificate
CN103618743A (en) * 2013-12-09 2014-03-05 北京星网锐捷网络技术有限公司 Service access method, speed-up client, speed-up server and system
CN105721479A (en) * 2016-03-02 2016-06-29 北京网康科技有限公司 URL filtering method and device

Also Published As

Publication number Publication date
CN106961439A (en) 2017-07-18

Similar Documents

Publication Publication Date Title
US9922207B2 (en) Storing user data in a service provider cloud without exposing user-specific secrets to the service provider
Chu et al. Security concerns in popular cloud storage services
JP6367375B2 (en) System and method for secure communication over a network using linking addresses
CN104094573B (en) Dynamic pseudonymization method for user data profiling networks and user data profiling network implementing the method
CN104283903B (en) The method for down loading and device of file
CN104348914B (en) A kind of tamper resistant systems file syn chronizing system and its method
CN105917630A (en) Redirect to inspection proxy using single-sign-on bootstrapping
CN108156178A (en) A kind of SSL/TLS data monitoring systems and method
CN104378379B (en) A kind of digital content encrypted transmission method, equipment and system
WO2014028757A1 (en) Secure data exchange using messaging service
JP2013243553A (en) Service requesting device, service providing system, service requesting method, and service requesting program
US10257171B2 (en) Server public key pinning by URL
US20040236962A1 (en) Method and apparatus for secure browser-based information service
US10250385B2 (en) Customer call logging data privacy in cloud infrastructure
CN104580086A (en) Information transmission method, client side, server and system
CN104065750A (en) Safety management method and system based on shared data
US10158610B2 (en) Secure application communication system
WO2016112580A1 (en) Service processing method and device
CN106357601A (en) Method for data access, device and system thereof
US11716374B2 (en) Forced identification with automated post resubmission
CN111885042A (en) Processing method, device and equipment for accessing website and storage medium
CN106961439B (en) A kind of HTTPS encrypted transmission method and device
CN109379345A (en) Sensitive information transmission method and system
CN106169990A (en) A kind of encrypt data on flows monitoring method, Apparatus and system
CN104811421A (en) Secure communication method and secure communication device based on digital rights management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210621

Address after: 310051 05, room A, 11 floor, Chung Cai mansion, 68 Tong Xing Road, Binjiang District, Hangzhou, Zhejiang.

Patentee after: Hangzhou Dip Information Technology Co.,Ltd.

Address before: 6 / F, Zhongcai building, 68 Tonghe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee before: Hangzhou DPtech Technologies Co.,Ltd.