| This article addresses the reality of the traditional network security flaws of SSLVPN record layer,the traditional public key signature verification system,digital signature of small-scale field being not strong and real-time recording layer being poor and other issues.Combined with the basic principles of the SSLVPN, especially after technology research analysis of its integrity check (IC) and digital signature (DS), the article gives the identified improvement measures:to introduce S and DD mechanisms of CPK-IC technology into the traditional SSLVPN record layer,abbreviated as DD -S-CPK-IC.CPK-IC is to enhance the security of SSLVPN recording layer, DS and DS-scale field of certification programs designed elements of the technology use CPK's own theory of characteristics to ensure the performance of these three areas.S mechanism is for the different levels of security to distinguish between information protection program elements.The mechanism is to decide the security level from high to low A, B, C three types of information separately CPK-IC strategy according to SLDT, enhanced IC IC strategy and the default strategy, which effectively raise the real-time recording layer.DD mechanism is to further improve the recording layer designed for real-time program elements, and the mechanism is to dynamically allocate the flow of every S-CPK-ICU traffic according to'busy'flag and FRT.After the full theoretical analysis and detailed experiments,the paper showes that the performance of SSLVPN record layer has been effectively improved in all objectives.At the same time,it gives some problems in the paper and points out direction for further research at last. |
