CN105119894A - Communication system and communication method based on hardware safety module - Google Patents
Communication system and communication method based on hardware safety module Download PDFInfo
- Publication number
- CN105119894A CN105119894A CN201510418539.3A CN201510418539A CN105119894A CN 105119894 A CN105119894 A CN 105119894A CN 201510418539 A CN201510418539 A CN 201510418539A CN 105119894 A CN105119894 A CN 105119894A
- Authority
- CN
- China
- Prior art keywords
- client
- ssl
- certificate
- server
- security module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a communication system and method based on a hardware safety module. The system comprises the hardware safety module and an SSL forwarding server. The hardware safety module is disposed on a client side, and is used to match a corresponding client certificate to the client side when the hardware safety module is called by the client side; the SSL forwarding server is used to perform verification of the client certificate and to negotiate with the client side to obtain a communication private key after the verification is passes, the SSL forwarding server and the client side adopt the communication private key later, communication data of the client side is forwarded to an intranet server to be processes, and data after being processed by the intranet server is fed back to the client side; and the SSL forwarding server and the intranet server are located in the same communication network. The data can be prevented from being stolen by an illegal user, and safe transmission of information on the Internet is guaranteed; and an equipment certificate can be prevented from being illegally modified, and safety the private key of equipment is guaranteed.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of communication means securely communicated based on hardware security module.
Background technology
Communication mode between current client and server mainly contains:
A) socket (Socket) communication mode: Socket is the foundation stone of communication, is the basic operation unit of the network service supporting ICP/IP protocol.It is the abstract representation of end points in network service process, comprises and carries out five kinds of necessary information of network service: connect the agreement used, the IP address of local host, the protocol port of local process, far the IP address of main frame, far the protocol port of process.When application layer carries out data communication by transport layer, TCP can run into simultaneously for multiple program process provides the problem of concurrent services.Multiple TCP connects or multiple program process may need by same Transmission Control Protocol port transmission data.In order to distinguish different program process and connection, many computer operating systems are that application program and ICP/IP protocol provide Socket interface alternately.Application layer with transport layer by Socket interface, can be distinguished the communication connected from different application process or network, realizes the concurrent services of transfer of data.
With reference to figure 1, existing Socket traffic model schematic diagram.Communication between client 11 and public network server 12, may be communicate without the Socket of any encryption, its data be plaintext transmission, are easy to be intercepted and captured attack in transmitting procedure, the sensitive datas such as Transaction Information are existed in transmitting procedure reveal dangerous.Even if the communication between client 11 and public network server 12 employs encryption, but every station server all will realize the encryption and decryption Validation Code of oneself separately, different client end AP P needs to realize encryption and decryption Validation Code for different servers, the difficulty adding exploitation and safeguard.
B) symmetric cryptography (symmetriccryptography) communication mode: symmetric encipherment algorithm uses single private key to carry out encryption and decryption data.Encryption ensure that the data transmitted between client-server are ciphertexts, adds the fail safe of transmission.In symmetric cryptography, same key is not only for encryption but also for deciphering, cryptographic algorithm is (compared with asymmetric arithmetic) quickly, is specially adapted to perform encryption conversion to larger data flow.But symmetric cryptography, while data encryption, because any one party with key can use this secret key decryption data, therefore must not obtained by unwarranted agency by Protective Key.Meanwhile, attack the methods such as people also can use great amount of samples exhaustive and carry out malice breaking cryptographic keys, thus manufacture attack.
C) asymmetricly add (asymmetriccryptography) communication mode: asymmetric encryption use one must can to PKI disclosed in anyone to the private key of unwarranted user cipher device and one.PKI and private key are all mathematically associated; Can only decipher with private key by the data of public key encryption, and can only public key verifications be used by the data of private key signature.PKI can be supplied to anyone; PKI is used for being encrypted the data that will be sent to private key holder.Two keys are all unique for communication session.But asymmetric encryption also requires a safe and reliable key management system while improving the difficulty that symmetric cryptography is cracked, once cipher key store is tampered, program also will also cannot correctly work.
Summary of the invention
The object of the invention is to, when adopting the Socket without any encryption to communicate for socket communication mode in prior art, its data are plaintext transmission, be easy to be intercepted and captured attack in transmitting procedure, during employing coded communication, encryption and decryption Validation Code is more loaded down with trivial details, adds the technical problem of the difficulty of exploitation and maintenance, provides a kind of communication system based on hardware security module and method, realization prevents data from being stolen by disabled user, and guarantee information is safe transmission on the internet; Device certificate can be prevented to be illegally modified, to ensure the private key safety of equipment.
For achieving the above object, the invention provides a kind of communication system based on hardware security module, comprise hardware security module and SSL forwarding server; Described hardware security module is arranged on the client, for being matched corresponding client certificate during client call to described client; Described SSL forwarding server, for carrying out the verification of client certificate and being gone out to communicate private key by rear and described client negotiate in verification, described SSL forwarding server and described client adopt described communication private key to communicate afterwards, the communication data of described client is forwarded to intranet server process, and by the data feedback after described intranet server process to described client, wherein said SSL forwarding server and described intranet server are in same communication network.
For achieving the above object, present invention also offers a kind of communication means based on hardware security module, comprising: (1) increases hardware security module on the client, hardware security module described in client call obtains corresponding client certificate; (2) client certificate that client obtains is sent to SSL forwarding server; (3) described SSL forwarding server verifies described client certificate, and to be gone out to communicate private key by rear and described client negotiate in verification; (4) described SSL forwarding server and described client adopt described communication private key to communicate, the communication data of described client is forwarded to intranet server process, and by the data feedback after described intranet server process to described client, wherein said SSL forwarding server and described intranet server are in same communication network.
The invention has the advantages that, the present invention, under the support of hardware security module, realizes the safe storage of certificate, prevents device certificate to be illegally modified, and ensures the private key safety of equipment.Adopt SSL coded communication, prevent data from being stolen by disabled user, guarantee information is safe transmission on the internet; Also namely, use ssl protocol to improve confidentiality in electronic payment process, integrality and customer data fail safe, realize the feature such as simple, practical and intimate of electronic transaction, namely reach three easily easily uses, easy care, the effect of easy exploiting.Simultaneously by integrating SSL and HSM, realize the data security from equipment itself to transmitting procedure.Can also the self-defined security providers meeting JavaSecurityProvider standard, realize SSL secure communication protocols, meet existing specification, make that scheme is easy-to-use, safety, the simple a few step of developer just can allow common non-SSL traffic client end AP P realization based on the coded communication of hardware security module, complete the safe transmission of data fast, realize fast Development.The invention provides a secure communication standard based on HSM, specification protocol uses, and impels the software of different manufacturers to have compatible also energy fast Development, can perform on different hardware and software platforms and be accepted extensively by the whole world.
Accompanying drawing explanation
Fig. 1, existing Socket traffic model schematic diagram;
Fig. 2, the communication system architecture schematic diagram based on hardware security module of the present invention;
Fig. 3, the communication means schematic flow sheet based on hardware security module of the present invention;
Fig. 4, the communication sequential chart between client and server of the present invention;
Fig. 5, client call hardware security module code sequential chart of the present invention;
Fig. 6, SSL forwarding server initialization sequential chart of the present invention;
Fig. 7, client call hardware security module of the present invention obtains client certificate and preposition SSL forwarding server and carries out ssl protocol and to shake hands sequential chart;
Fig. 8, starts proper communication sequential chart after the SSL forwarding server trust client that the present invention is preposition.
Embodiment
Below in conjunction with accompanying drawing, the communication system based on hardware security module provided by the invention and communication means are elaborated.
With reference to figure 2, the communication system architecture schematic diagram based on hardware security module of the present invention.Described system comprises hardware security module 22 and SSL forwarding server 24.
Described hardware security module 22 is arranged in client 21, for matching corresponding client certificate when being called by client 21 to described client 21.Also namely, described hardware security module 22 is responsible for providing client certificate to client 21 safely.
Hardware security module (HardwareSecurityModule is called for short HSM) is exactly a kind of physics certificate repository, wherein houses multiple private key, corresponding PKI, and the public key certificate that each PKI is corresponding.Private key, PKI and public key certificate are left in HSM, effectively can prevent external attack and distort.HSM is the dedicated encrypted processor aiming at protection encryption key life cycle and design.HSM by managing safely, processing and preserve encryption key in reliable and anti-tamper equipment.
Described SSL forwarding server 24, for carrying out the verification of client certificate, and negotiate communication private key in verification by rear and described client 21, described SSL forwarding server 24 and described client 21 adopt described communication private key to communicate afterwards, the communication data of described client is forwarded to intranet server 25 and processes, and the data feedback after described intranet server 25 being processed is to client 21.Wherein said SSL forwarding server 24 is in same communication network 29 with described intranet server 25.The verification of certificate is a link in ssl protocol process, its principle is after SSL forwarding server 24 obtains the certificate of client, compared with the certificate in oneself credentials stack room, if there is the label originator of client certificate or client certificate in credentials stack room, then verification is passed through.
SSL (SecureSocketsLayer, SSL) is for network service provides a kind of security protocol of safety and data integrity, and SSL to connect network in transport layer and is encrypted.Ssl protocol is divided into two parts: Handshake Protocol (HandshakeProtocol) and record protocol (RecordProtocol).Wherein HandshakeProtocol is used for arranging key, and the most contents of agreement is exactly how communicating pair utilizes it to carry out security negotiation to go out a key; RecordProtocol then defines the form of transmission.Ssl protocol establishes an encrypted tunnel between two computers, sets up SSL connection and ensures that data are not stolen or distort in transmitting procedure, guarantee the confidentiality of confidential information, integrality and reliability.The service that ssl protocol provides mainly contains: authenticated user and server, guarantees that data are sent to correct client-server; Enciphered data is stolen to prevent data midway; The integrality of service data, guarantees that data are not changed in transmitting procedure.
After described client 21 initialization SSL socket connects, send connection request to described SSL forwarding server 24, after receiving the connection request response and server certificate that described SSL forwarding server 24 returns, call described hardware security module 22 and obtain corresponding client certificate.Each client has a client certificate, increase hardware security module on the client, corresponding public key certificate is matched as client certificate by calling hardware security module, utilize the feature that the disposal ability of current mobile client own is strong, in the work of the main authentication of client process, to reduce the load of service end.
Described hardware security module 22 is further used for when judging that client certificate upgrades, then in the certificate repository of described hardware security module 22 inside, re-start client certificate coupling according to the client certificate after renewal.
Described client 21 is by carrying out SSL security protocol handshake with described SSL forwarding server 24, receive the server certificate that described SSL forwarding server 24 sends, and then call described hardware security module 22 and obtain the corresponding client certificate matched to server certificate, then the client certificate of acquisition is sent to described SSL forwarding server 24 to verify, and negotiates communication private key in verification by rear and described SSL forwarding server 24.Client certificate only sends once to SSL forwarding server 24 when protocol authentication, in order to carry out verifying and to produce the communication private key communicated with one another, communication is afterwards all by this communication private key (being different from the private key in hardware security module 22) encrypting messages.After protocol authentication completes, the communication data between client-SSL forwarding server is the normal messages (as transaction request etc.) after communication encrypted private key.
By the communication system based on hardware security module provided by the invention, client end AP P only needs to call hardware security module and obtains corresponding client certificate and issue preposition SSL forwarding server, carries out certificate verify with the legitimacy verifying client by SSL forwarding server; The communication data of client is transmitted to after intranet server processes by SSL forwarding server and returns to client.It is inner in client that client call hardware security module obtains client certificate; Communication data transfer between SSL forwarding server and intranet server is same communication network, such as, in the secure networks such as local area network (LAN); Communication between client and SSL forwarding server, uses communication private key to adopt SSL coded communication, ensure that the safety of whole communication process.Client end AP P no longer needs to consider which kind of safety verification server end (the public network server end that SSL forwarding server and intranet server are formed) adopts, without the need to manual configuration certificate; Server end is also without the need to carrying out the safety verification of certificate specially; Achieve the fast Development of program, also make system be more prone to safeguard.
The present invention, under the support of hardware security module, realizes the safe storage of certificate, prevents device certificate to be illegally modified, and ensures the private key safety of equipment.Adopt SSL coded communication, prevent data from being stolen by disabled user, guarantee information is safe transmission on the internet; Also namely, use ssl protocol to improve confidentiality in electronic payment process, integrality and customer data fail safe, realize the feature such as simple, practical and intimate of electronic transaction, namely reach three easily easily uses, easy care, the effect of easy exploiting.Simultaneously by integrating SSL and HSM, realize the data security from equipment itself to transmitting procedure.Can also the self-defined security providers meeting JavaSecurityProvider standard, realize SSL secure communication protocols, meet existing specification, make that scheme is easy-to-use, safety, the simple a few step of developer just can allow common non-SSL traffic client end AP P realization based on the coded communication of hardware security module, complete the safe transmission of data fast, realize fast Development.The invention provides a secure communication standard based on HSM, specification protocol uses, and impels the software of different manufacturers to have compatible also energy fast Development, can perform on different hardware and software platforms and be accepted extensively by the whole world.
With reference to figure 3, the communication means schematic flow sheet based on hardware security module of the present invention.Described method comprises, S31: increase hardware security module on the client, and hardware security module described in client call obtains corresponding client certificate; S32: the client certificate that client obtains is sent to SSL forwarding server; S33: described SSL forwarding server verifies described client certificate, and to be gone out to communicate private key by rear and described client negotiate in verification; S34: described SSL forwarding server and described client adopt described communication private key to communicate, and the communication data of described client is forwarded to intranet server and processes, and by the data feedback after described intranet server process to described client.Below method of the present invention is described in detail.
S31: increase hardware security module on the client, hardware security module described in client call obtains corresponding client certificate.
Increase hardware security module on the client, the private key of client and certificate are left in hardware security module, effectively can prevent external attack and distort.Described hardware security module is responsible for providing client certificate to client safely.
Step S31 comprises further: after described client initialization SSL socket connects (SSLSocket), send connection request to described SSL forwarding server, after receiving the connection request response and server certificate that described SSL forwarding server returns, call described hardware security module and obtain corresponding client certificate.
Step S31 comprises further: when judging that client certificate upgrades, then in the certificate repository of described hardware security module inside, re-start client certificate coupling according to the client certificate after renewal.
Each client has a client certificate, increase hardware security module on the client, corresponding public key certificate is matched as client certificate by calling hardware security module, utilize the feature that the disposal ability of current mobile client own is strong, in the work of the main authentication of client process, to reduce the load of service end.Client end AP P no longer needs to consider which kind of safety verification server adopts, without the need to manual configuration certificate.
S32: the client certificate that client obtains is sent to SSL forwarding server.
SSL is for network service provides a kind of security protocol of safety and data integrity, and SSL to connect network in transport layer and is encrypted.Ssl protocol ensures that data are not stolen or distort in transmitting procedure, guarantees the confidentiality of confidential information, integrality and reliability.By integrating SSL and HSM, realize the data security from equipment itself to transmitting procedure.Self-definedly can meet the security providers of JavaSecurityProvider standard, realize SSL secure communication protocols, meet existing specification, such that scheme is easy-to-use, safety.
S33: described SSL forwarding server verifies described client certificate, and to be gone out to communicate private key by rear and described client negotiate in verification.
By SSL forwarding server, certification is carried out to verify the legitimacy of client to client certificate; Server end is also without the need to carrying out the safety verification of certificate specially.
As optional execution mode, the method for the invention comprises further: SSL forwarding server described in initialization.
S34: described SSL forwarding server and described client adopt described communication private key to communicate, and the communication data of described client is forwarded to intranet server and processes, and by the data feedback after described intranet server process to described client.
Wherein, described SSL forwarding server and described intranet server are in same communication network.It is inner in client that client call hardware security module obtains client certificate; Communication data transfer between SSL forwarding server and intranet server is same communication network, such as, in the secure networks such as local area network (LAN); Communication between client and SSL forwarding server, uses communication private key to adopt SSL coded communication, ensure that the safety of whole communication process.
Below provide each sequential chart of the present invention, to be further explained explanation to the present invention.Wherein, Fig. 4 is the communication sequential chart between client and server; Fig. 5 is client call hardware security module code sequential chart, wherein, Provider is java security providers, WizarJCE is intelligent silver-colored security extension bag, SSLContext is SSL context, SSLContextImpl is that SSL context realizes, SSLSocketFactoryImpl is that SSL socket factory realizes, SSLSocketImpl is that SSL socket realizes; Fig. 6 is SSL forwarding server initialization sequential chart, wherein, socketServer is socket middleware, in order to trust, library management factory, Acceptor are socket receiver to TrustManagerFactory, ChannelInitallizer is socket pipeline tickler, ChannelPipeline is socket pipeline; Fig. 7 is that client call hardware security module obtains client certificate, carry out ssl protocol with preposition SSL forwarding server to shake hands sequential chart, wherein, AppOutputStream is client output stream, SSLSocketImpl is that SSL socket realizes, ClientHandshaker is client hand shake procedure, HSMInterface is hardware security module interface, CertificateMsg is certificate message program, HandshakeOutputStream is output stream of shaking hands; Fig. 8 starts proper communication sequential chart after preposition SSL forwarding server trusts client, and wherein, OutputRecord is message output writing program, OutputStream is output stream.Can be found out by above-mentioned sequential chart, the present invention can prevent data from being stolen by disabled user, and guarantee information is safe transmission on the internet; Device certificate can be prevented to be illegally modified, to ensure the private key safety of equipment; Meanwhile, provide one based on the secure communication standard of HSM, specification protocol uses, and impels the software of different manufacturers to have compatible also energy fast Development, can perform on different hardware and software platforms and be accepted extensively by the whole world.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (7)
1. based on a communication system for hardware security module, it is characterized in that, comprise hardware security module and SSL forwarding server;
Described hardware security module is arranged on the client, for being matched corresponding client certificate during client call to described client;
Described SSL forwarding server, for carrying out the verification of client certificate and being gone out to communicate private key by rear and described client negotiate in verification, described SSL forwarding server and described client adopt described communication private key to communicate afterwards, the communication data of described client is forwarded to intranet server process, and by the data feedback after described intranet server process to described client, wherein said SSL forwarding server and described intranet server are in same communication network.
2. system according to claim 1, it is characterized in that, after described client initialization SSL socket connects, send connection request to described SSL forwarding server, after receiving the connection request response and server certificate that described SSL forwarding server returns, call described hardware security module and obtain corresponding client certificate.
3. system according to claim 1 and 2, it is characterized in that, described hardware security module is further used for when judging that client certificate upgrades, then in the certificate repository of described hardware security module inside, re-start client certificate coupling according to the client certificate after renewal.
4. based on a communication means for hardware security module, it is characterized in that, comprising:
(1) increase hardware security module on the client, hardware security module described in client call obtains corresponding client certificate;
(2) client certificate that client obtains is sent to SSL forwarding server;
(3) described SSL forwarding server verifies described client certificate, and to be gone out to communicate private key by rear and described client negotiate in verification;
(4) described SSL forwarding server and described client adopt described communication private key to communicate, the communication data of described client is forwarded to intranet server process, and by the data feedback after described intranet server process to described client, wherein said SSL forwarding server and described intranet server are in same communication network.
5. method according to claim 4, is characterized in that, described method comprises further: SSL forwarding server described in initialization.
6. method according to claim 4, it is characterized in that, described step (1) comprises further: after described client initialization SSL socket connects, send connection request to described SSL forwarding server, after receiving the connection request response and server certificate that described SSL forwarding server returns, call described hardware security module and obtain corresponding client certificate.
7. the method according to claim 4 or 6, it is characterized in that, described step (1) comprises further: when judging that client certificate upgrades, then in the certificate repository of described hardware security module inside, re-start client certificate coupling according to the client certificate after renewal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510418539.3A CN105119894B (en) | 2015-07-16 | 2015-07-16 | Communication system and communication means based on hardware security module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510418539.3A CN105119894B (en) | 2015-07-16 | 2015-07-16 | Communication system and communication means based on hardware security module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105119894A true CN105119894A (en) | 2015-12-02 |
| CN105119894B CN105119894B (en) | 2018-05-25 |
Family
ID=54667784
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510418539.3A Active CN105119894B (en) | 2015-07-16 | 2015-07-16 | Communication system and communication means based on hardware security module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105119894B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107370778A (en) * | 2016-05-11 | 2017-11-21 | 阿里巴巴集团控股有限公司 | A kind of method and system for starting application |
| CN107566393A (en) * | 2017-09-26 | 2018-01-09 | 山东浪潮商用系统有限公司 | A kind of dynamic rights checking system and method based on trust certificate |
| CN107888582A (en) * | 2017-11-07 | 2018-04-06 | 湖南中车时代通信信号有限公司 | The system and method that a kind of APP softwares penetrate railway Intranet |
| CN111628976A (en) * | 2020-05-15 | 2020-09-04 | 绿盟科技集团股份有限公司 | Message processing method, device, equipment and medium |
| WO2020238694A1 (en) * | 2019-05-27 | 2020-12-03 | 腾讯科技(深圳)有限公司 | Key management method and related device |
| CN113301034A (en) * | 2021-05-17 | 2021-08-24 | 浪潮金融信息技术有限公司 | Socket-based communication method, system and medium for internal and external networks |
| CN113508568A (en) * | 2018-11-05 | 2021-10-15 | 温科尼克斯多夫国际有限公司 | Hardware security module |
| CN113904767A (en) * | 2021-09-29 | 2022-01-07 | 深圳市惠尔顿信息技术有限公司 | System for establishing communication based on SSL |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010078755A1 (en) * | 2009-01-12 | 2010-07-15 | 中兴通讯股份有限公司 | Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof |
| CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
| US20130010955A1 (en) * | 2010-03-31 | 2013-01-10 | Zhou Lu | Method for implementing an encryption engine |
| CN104170312A (en) * | 2011-12-15 | 2014-11-26 | 英特尔公司 | Method and device for secure communications over a network using a hardware security engine |
-
2015
- 2015-07-16 CN CN201510418539.3A patent/CN105119894B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010078755A1 (en) * | 2009-01-12 | 2010-07-15 | 中兴通讯股份有限公司 | Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof |
| US20130010955A1 (en) * | 2010-03-31 | 2013-01-10 | Zhou Lu | Method for implementing an encryption engine |
| CN104170312A (en) * | 2011-12-15 | 2014-11-26 | 英特尔公司 | Method and device for secure communications over a network using a hardware security engine |
| CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11210365B2 (en) | 2016-05-11 | 2021-12-28 | Advanced New Technologies Co., Ltd. | Method and system for starting application |
| CN107370778B (en) * | 2016-05-11 | 2020-06-30 | 阿里巴巴集团控股有限公司 | Method and system for starting application |
| US11170068B2 (en) | 2016-05-11 | 2021-11-09 | Advanced New Technologies Co., Ltd. | Method and system for starting application |
| CN107370778A (en) * | 2016-05-11 | 2017-11-21 | 阿里巴巴集团控股有限公司 | A kind of method and system for starting application |
| CN107566393A (en) * | 2017-09-26 | 2018-01-09 | 山东浪潮商用系统有限公司 | A kind of dynamic rights checking system and method based on trust certificate |
| CN107888582A (en) * | 2017-11-07 | 2018-04-06 | 湖南中车时代通信信号有限公司 | The system and method that a kind of APP softwares penetrate railway Intranet |
| CN113508568A (en) * | 2018-11-05 | 2021-10-15 | 温科尼克斯多夫国际有限公司 | Hardware security module |
| WO2020238694A1 (en) * | 2019-05-27 | 2020-12-03 | 腾讯科技(深圳)有限公司 | Key management method and related device |
| US11784801B2 (en) | 2019-05-27 | 2023-10-10 | Tencent Technology (Shehnzhen) Company Limited | Key management method and related device |
| CN111628976A (en) * | 2020-05-15 | 2020-09-04 | 绿盟科技集团股份有限公司 | Message processing method, device, equipment and medium |
| CN111628976B (en) * | 2020-05-15 | 2022-06-07 | 绿盟科技集团股份有限公司 | Message processing method, device, equipment and medium |
| CN113301034A (en) * | 2021-05-17 | 2021-08-24 | 浪潮金融信息技术有限公司 | Socket-based communication method, system and medium for internal and external networks |
| CN113904767A (en) * | 2021-09-29 | 2022-01-07 | 深圳市惠尔顿信息技术有限公司 | System for establishing communication based on SSL |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105119894B (en) | 2018-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8904178B2 (en) | System and method for secure remote access | |
| US8763097B2 (en) | System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication | |
| US7584505B2 (en) | Inspected secure communication protocol | |
| CN105119894A (en) | Communication system and communication method based on hardware safety module | |
| US11736304B2 (en) | Secure authentication of remote equipment | |
| JP5845393B2 (en) | Cryptographic communication apparatus and cryptographic communication system | |
| US20130227286A1 (en) | Dynamic Identity Verification and Authentication, Dynamic Distributed Key Infrastructures, Dynamic Distributed Key Systems and Method for Identity Management, Authentication Servers, Data Security and Preventing Man-in-the-Middle Attacks, Side Channel Attacks, Botnet Attacks, and Credit Card and Financial Transaction Fraud, Mitigating Biometric False Positives and False Negatives, and Controlling Life of Accessible Data in the Cloud | |
| CN101127604B (en) | Information secure transmission method and system | |
| WO2006032214A1 (en) | Method for realizng transmission of syncml synchronous data | |
| CN101809964A (en) | Method for securing information exchange, and corresponding device and computer software product | |
| CN113225352A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN100589390C (en) | An authentication method and authentication system | |
| WO2023151427A1 (en) | Quantum key transmission method, device and system | |
| CN113411187A (en) | Identity authentication method and system, storage medium and processor | |
| CN114513345A (en) | Information transmission system, user device and information security hardware module | |
| CN105634720A (en) | Cryptographic security profiles | |
| CN116633530A (en) | Quantum key transmission method, device and system | |
| CN113904767A (en) | System for establishing communication based on SSL | |
| KR101448866B1 (en) | Security apparatus for decrypting data encrypted according to the web security protocol and operating method thereof | |
| CN114928491A (en) | Internet of things security authentication method, device and system based on identification cryptographic algorithm | |
| CN103986716B (en) | Establishing method for SSL connection and communication method and device based on SSL connection | |
| CN201479154U (en) | BGP routing system and apparatus | |
| CN115915116A (en) | Data transmission method and device and electronic equipment | |
| JP4976794B2 (en) | Station service system and security communication method | |
| JP2008152737A (en) | Service provision server, authentication server, and authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |