[go: up one dir, main page]

CN115514549A - Secure interaction method and system based on SSL (secure sockets layer) protocol - Google Patents

Secure interaction method and system based on SSL (secure sockets layer) protocol Download PDF

Info

Publication number
CN115514549A
CN115514549A CN202211131347.0A CN202211131347A CN115514549A CN 115514549 A CN115514549 A CN 115514549A CN 202211131347 A CN202211131347 A CN 202211131347A CN 115514549 A CN115514549 A CN 115514549A
Authority
CN
China
Prior art keywords
data
gateway
preset
encrypted
encrypted data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211131347.0A
Other languages
Chinese (zh)
Inventor
张茜
段波伟
刘泽三
李晓珍
孟雨
王子恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Information and Telecommunication Group Co Ltd
Original Assignee
State Grid Information and Telecommunication Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Information and Telecommunication Group Co Ltd filed Critical State Grid Information and Telecommunication Group Co Ltd
Priority to CN202211131347.0A priority Critical patent/CN115514549A/en
Publication of CN115514549A publication Critical patent/CN115514549A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本申请公开了一种基于SSL协议的安全交互方法、系统及设备,主要涉及安全交互技术领域,用以解决现有的安全交互出现的省侧业务重复开发工作量大等问题。包括:网关SDK将移动应用的传输数据进行加密处理,并上传至第一接入网关;进行移动应用的身份认证;在身份认证合格后,建立国密通道;通过第一接入网关对接收到的加密数据进行解密处理;通过预设省侧平台获取预设总部平台下发的需求指令;将需求指令对应的解密数据加密传输至预设总部平台的第二接入网关;进行身份认证;将身份认证合格的上传数据发送至预设数据安全接入服务,进而获得二次解密数据;将二次解密数据发送至需求移动终端。本申请通过上述方法降低省侧业务重复开发工作量。

Figure 202211131347

The application discloses a secure interaction method, system, and device based on the SSL protocol, mainly related to the technical field of secure interaction, and used to solve the problems of heavy workload of repeated development of provincial-side services in the existing secure interaction. Including: the gateway SDK encrypts the transmission data of the mobile application and uploads it to the first access gateway; conducts identity authentication of the mobile application; establishes a national secret channel after passing the identity authentication; Decrypt the encrypted data; obtain the demand command issued by the preset headquarters platform through the preset provincial platform; encrypt and transmit the decrypted data corresponding to the demand command to the second access gateway of the preset headquarters platform; perform identity authentication; The uploaded data that has passed the identity authentication is sent to the preset data security access service, and then the second decryption data is obtained; the second decryption data is sent to the mobile terminal in demand. This application reduces the repetitive development workload of the provincial side business through the above method.

Figure 202211131347

Description

一种基于SSL协议的安全交互方法及系统A secure interaction method and system based on SSL protocol

技术领域technical field

本申请涉及安全交互技术领域,尤其涉及一种基于SSL协议的安全交互方法及系统。The present application relates to the technical field of secure interaction, in particular to an SSL protocol-based secure interaction method and system.

背景技术Background technique

随着电力业务发展,数据成为支撑新型电力系统建设的关键要素。作为关键信息基础设施运营单位,公司管理着大量重要生产数据和高敏感用电客户信息数据,一旦发生业务数据丢失、泄露、破坏可能会造成公司日常经营决策和生产作业信息泄露,因此需提供充分的安全防护保证信息安全。With the development of power business, data has become a key element to support the construction of new power systems. As a key information infrastructure operating unit, the company manages a large amount of important production data and highly sensitive electricity customer information data. Once business data is lost, leaked, or destroyed, it may cause the company’s daily business decisions and production operation information to leak. Therefore, it is necessary to provide sufficient Advanced security protection ensures information security.

现有的安全防护以传统网络安全防护为主,通过(1)分区防护:通过网络分区对用户访问的权限进行严格认证和控制;(2)边界隔离:使用物理隔离装置保证数据传输安全性;(3)数据加密:数据加密保证数据被人截获后不能读懂其含义等措施保障传统数据存储、传输等环节的安全性。The existing security protection is mainly based on traditional network security protection, through (1) partition protection: strictly authenticate and control user access rights through network partitions; (2) boundary isolation: use physical isolation devices to ensure data transmission security; (3) Data encryption: Data encryption ensures that the meaning of the data cannot be understood after it is intercepted, and other measures to ensure the security of traditional data storage, transmission and other links.

但是,传统网络安全防护方法对应的移动终端上的移动应用与公司内部业务系统后台交互时需要开通访问互联网服务端口,互联网端口暴露会带来一定的安全风险;各网省公司移动应用的数据需要推送给总部公司,各移动应用均需针对总部数据安全接入组件单独定制开发,省侧业务重复开发工作量较大;此外,随着配电自动化系统、统一视频平台、边缘物联代理、融合终端的不断发展,只支持单一终端接入的安全接入网关无法满足现有需求。However, when the mobile application on the mobile terminal corresponding to the traditional network security protection method interacts with the background of the company's internal business system, it needs to open an access to the Internet service port, and the exposure of the Internet port will bring certain security risks; Pushed to the headquarters company, each mobile application needs to be customized and developed for the headquarters data security access components separately, and the repetitive development workload of the provincial side business is relatively large; in addition, with the power distribution automation system, unified video With the continuous development of terminals, a security access gateway that only supports a single terminal access cannot meet the existing needs.

发明内容Contents of the invention

针对现有技术的上述不足,本发明提供一种基于SSL协议的安全交互方法及系统,以解决上述技术问题。Aiming at the above-mentioned deficiencies of the prior art, the present invention provides an SSL protocol-based secure interaction method and system to solve the above-mentioned technical problems.

第一方面,本申请提供了一种基于SSL协议的安全交互方法,方法包括:根据国密算法,网关SDK将移动应用的传输数据进行加密处理,并上传加密数据至预设省侧平台的第一接入网关;基于加密数据中的身份信息,第一接入网关进行移动应用的身份认证;在身份认证合格后,通过第一接入网关和网关SDK建立国密通道,且国密通道采用基于国密算法的HTTPS协议;通过第一接入网关对接收到的加密数据进行解密处理,获得解密数据;通过预设省侧平台部署的数据推送代理服务,获取预设总部平台下发的需求指令;基于国密算法,将需求指令对应的解密数据加密传输至预设总部平台的第二接入网关;基于上传数据中的省侧身份信息,进行身份认证;将身份认证合格的上传数据发送至预设数据安全接入服务,进而获得二次解密数据;通过预设总部平台确定需求移动终端,以通过消息推送或数据拉取的方式,将二次解密数据发送至需求移动终端。In the first aspect, the present application provides a secure interaction method based on the SSL protocol. The method includes: according to the national secret algorithm, the gateway SDK encrypts the transmission data of the mobile application, and uploads the encrypted data to the preset province-side platform. An access gateway; based on the identity information in the encrypted data, the first access gateway performs identity authentication for the mobile application; after the identity authentication is qualified, a national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel adopts The HTTPS protocol based on the national secret algorithm; decrypt the received encrypted data through the first access gateway to obtain the decrypted data; obtain the requirements issued by the preset headquarters platform through the data push proxy service deployed on the preset provincial platform command; based on the national secret algorithm, encrypt and transmit the decrypted data corresponding to the demand command to the second access gateway of the preset headquarters platform; perform identity authentication based on the provincial identity information in the uploaded data; send the uploaded data that passes the identity authentication To the preset data security access service, and then obtain the secondary decryption data; determine the required mobile terminal through the preset headquarters platform, and send the secondary decryption data to the required mobile terminal through message push or data pull.

进一步地,根据国密算法,网关SDK将移动应用的传输数据进行加密处理,具体包括:生成随机sm4key,使用sm4key对传输数据进行国密加密处理,获得第一加密数据;其中,第一加密数据包含时间戳;使用国密算法中的sm3校验第一加密数据和时间戳的加密完整性;使用国密算法中的sm2和sm2公钥对随机sm4key进行加密,获得sm4key加密数据;使用国密算法中的sm2对时间戳+sm4key加密数据+加密传输数据进行加密,获得加密数据。Further, according to the national secret algorithm, the gateway SDK encrypts the transmission data of the mobile application, specifically including: generating a random sm4key, using the sm4key to perform national secret encryption on the transmission data, and obtaining the first encrypted data; among them, the first encrypted data Contains the timestamp; use the sm3 in the national secret algorithm to verify the encryption integrity of the first encrypted data and the timestamp; use the sm2 and sm2 public keys in the national secret algorithm to encrypt the random sm4key to obtain the sm4key encrypted data; use the national secret The sm2 in the algorithm encrypts the timestamp + sm4key encrypted data + encrypted transmission data to obtain encrypted data.

进一步地,在网关SDK根据国密算法,将移动应用的传输数据进行加密处理,并上传加密数据至预设省侧平台的第一接入网关之前,方法还包括:在移动应用初始化网关SDK时,以参数形式提供配置信息;其中,配置信息至少包括网关连接信息、业务服务信息、代理端口信息;通过网关SDK建立安全连接API,以接入第一接入网关,并向第一接入网关上传身份信息,完成身份认证、密钥协商和建立加密传输通道;使网关依据身份信息设置访问控制权限,并生成本地代理端口;以使移动应用通过本地代理端口向网关SDK发送传输数据。Further, before the gateway SDK encrypts the transmission data of the mobile application according to the national secret algorithm, and uploads the encrypted data to the first access gateway of the preset provincial side platform, the method also includes: when the mobile application initializes the gateway SDK , providing configuration information in the form of parameters; wherein, the configuration information includes at least gateway connection information, business service information, and proxy port information; establish a secure connection API through the gateway SDK to access the first access gateway, and send the first access gateway Upload identity information, complete identity authentication, key negotiation, and establish an encrypted transmission channel; enable the gateway to set access control permissions based on identity information, and generate a local proxy port; enable the mobile application to send transmission data to the gateway SDK through the local proxy port.

进一步地,通过第一接入网关对接收到的加密数据进行解密处理,获得解密数据,具体包括:使用国密算法中sm2的私钥对加密数据进行解密,获取加密传输数据和sm4key加密数据;使用国密算法中的sm3检验加密数据与预设消息摘要的一致性;若一致,对sm4key加密数据进行解密,获取sm4key;进而使用sm4key对加密数据进行解密,获取解密数据。Further, decrypting the received encrypted data through the first access gateway to obtain the decrypted data, specifically includes: using the private key of sm2 in the national secret algorithm to decrypt the encrypted data, and obtaining encrypted transmission data and sm4key encrypted data; Use sm3 in the national secret algorithm to check the consistency between the encrypted data and the preset message digest; if they are consistent, decrypt the sm4key encrypted data to obtain sm4key; then use sm4key to decrypt the encrypted data to obtain decrypted data.

进一步地,方法还包括:通过编辑界面触发指令,进入网关SDK配置文件编辑界面;通过配置文件编辑界面,获取SSAGClient类的实例,并对实例进行初始化,以使网关SDK支持实例对应的代理模式。Further, the method further includes: triggering an instruction through the editing interface to enter the gateway SDK configuration file editing interface; obtaining an instance of the SSAGClient class through the configuration file editing interface, and initializing the instance so that the gateway SDK supports the proxy mode corresponding to the instance.

进一步地,方法还包括:对网关SDK对应代码中的class文件进行混淆处理,以将class文件中的类名称、变量名称和方法名称替换为预设无意义的短变量。Further, the method further includes: obfuscating the class file in the corresponding code of the gateway SDK, so as to replace the class name, variable name and method name in the class file with preset meaningless short variables.

第二方面,本申请提供了一种基于SSL协议的安全交互系统,系统包括:上传模块,用于根据国密算法,网关SDK将移动应用的传输数据进行加密处理,并上传加密数据至预设省侧平台的第一接入网关;获得模块,用于基于加密数据中的身份信息,第一接入网关进行移动应用的身份认证;在身份认证合格后,通过第一接入网关和网关SDK建立国密通道,且国密通道采用基于国密算法的HTTPS协议;通过第一接入网关对接收到的加密数据进行解密处理,获得解密数据;传输模块,用于通过预设省侧平台部署的数据推送代理服务,获取预设总部平台下发的需求指令;基于国密算法,将需求指令对应的解密数据加密传输至预设总部平台的第二接入网关;发送模块,用于基于上传数据中的省侧身份信息,进行身份认证;将身份认证合格的上传数据发送至预设数据安全接入服务,进而获得二次解密数据;通过预设总部平台确定需求移动终端,以通过消息推送或数据拉取的方式,将二次解密数据发送至需求移动终端。In the second aspect, the present application provides a secure interaction system based on the SSL protocol. The system includes: an upload module, which is used to encrypt the transmission data of the mobile application by the gateway SDK according to the national secret algorithm, and upload the encrypted data to the preset The first access gateway of the provincial side platform; the obtaining module is used for the first access gateway to perform the identity authentication of the mobile application based on the identity information in the encrypted data; after the identity authentication is qualified, pass the first access gateway and the gateway SDK Establish a national secret channel, and the national secret channel adopts the HTTPS protocol based on the national secret algorithm; decrypt the received encrypted data through the first access gateway to obtain the decrypted data; the transmission module is used for deployment through the preset provincial side platform The data push proxy service of the preset headquarters platform obtains the demand instructions issued by the preset headquarters platform; based on the national secret algorithm, the decrypted data corresponding to the demand instructions is encrypted and transmitted to the second access gateway of the preset headquarters platform; the sending module is used for uploading based on The province-side identity information in the data is used for identity authentication; the uploaded data that has passed the identity authentication is sent to the preset data security access service, and then the second decryption data is obtained; the demand mobile terminal is determined through the preset headquarters platform, and pushed through the message Or the way of data pulling, and send the secondary decryption data to the mobile terminal in demand.

第三方面,本申请提供了一种基于SSL协议的安全交互设备,设备包括:处理器;以及存储器,其上存储有可执行代码,当可执行代码被执行时,使得处理器执行如上述任一项的一种基于SSL协议的安全交互方法。In a third aspect, the present application provides a secure interaction device based on the SSL protocol. The device includes: a processor; and a memory on which executable code is stored. When the executable code is executed, the processor performs any A secure interaction method based on the SSL protocol.

本领域技术人员能够理解的是,本发明至少具有如下有益效果:Those skilled in the art can appreciate that the present invention has at least the following beneficial effects:

(1)可统一配置移动应用接入情况,移动应用通过调用安全接入网关SDK API,建立与省侧安全接入网关(第一接入网关)的安全隧道,并生成本地代理端口,移动应用即可通过与本地代理端口交互实现数据交互,这种交互方法提高了移动应用安全接入的便捷性,并减少了互联网端口暴露,提升了安全性。(1) Mobile application access can be configured uniformly. The mobile application establishes a secure tunnel with the provincial side security access gateway (the first access gateway) by calling the secure access gateway SDK API, and generates a local proxy port. The mobile application Data interaction can be realized by interacting with the local agent port. This interaction method improves the convenience of secure access to mobile applications, reduces the exposure of Internet ports, and improves security.

(2)本申请通过网省侧的预设数据推送代理服务和总部侧的预设数据安全接入服务,实现若干网省侧数据传输至总部侧;统一数据推送代理服务,统一处理网省侧与总部侧数据融合的问题,减少了省侧重复开发工作量,将数据融合与数据传输安全与业务解耦,国密sm2和sm4混合加解密保证了传输安全。(2) This application uses the preset data push agency service on the network province side and the preset data security access service on the headquarters side to realize the transmission of several network province side data to the headquarters side; unify the data push proxy service and uniformly process the network province side The problem of data fusion with the headquarters side reduces the workload of repeated development on the provincial side, decouples data fusion from data transmission security and business, and the national secret sm2 and sm4 mixed encryption and decryption ensures transmission security.

(3)本申请存在网关SDK配置文件编辑界面,通过编辑网关SDK的SSAGClient类的实例,实现支持各种终端接入,减少了终端接入的改造量。(3) There is an interface for editing gateway SDK configuration files in this application. By editing the instance of the SSAGClient class of the gateway SDK, various terminal access can be supported, which reduces the amount of modification of terminal access.

附图说明Description of drawings

下面参照附图来描述本公开的部分实施例,附图中:Some embodiments of the present disclosure are described below with reference to the accompanying drawings, in which:

图1是本申请实施例提供的一种基于SSL协议的安全交互方法流程图。FIG. 1 is a flow chart of an SSL protocol-based secure interaction method provided by an embodiment of the present application.

图2是本申请实施例提供的一种基于SSL协议的安全交互系统内部结构示意图。FIG. 2 is a schematic diagram of the internal structure of an SSL protocol-based secure interaction system provided by an embodiment of the present application.

图3是本申请实施例提供的一种基于SSL协议的安全交互系统内部结构示意图。FIG. 3 is a schematic diagram of the internal structure of an SSL protocol-based secure interaction system provided by an embodiment of the present application.

具体实施方式detailed description

本领域技术人员应当理解的是,下文所描述的实施例仅仅是本公开的优选实施例,并不表示本公开仅能通过该优选实施例实现,该优选实施例仅仅是用于解释本公开的技术原理,并非用于限制本公开的保护范围。基于本公开提供的优选实施例,本领域普通技术人员在没有付出创造性劳动的情况下所获得的其它所有实施例,仍应落入到本公开的保护范围之内。It should be understood by those skilled in the art that the embodiments described below are only preferred embodiments of the present disclosure, and it does not mean that the present disclosure can only be realized through the preferred embodiments, and the preferred embodiments are only used to explain the present disclosure Technical principles are not intended to limit the protection scope of the present disclosure. Based on the preferred embodiments provided in the present disclosure, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts should still fall within the protection scope of the present disclosure.

还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes Other elements not expressly listed, or elements inherent in the process, method, commodity, or apparatus are also included. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article, or apparatus that includes the element.

下面通过附图对本申请实施例提出的技术方案进行详细的说明。The technical solutions proposed in the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

本申请实施例还提供了一种基于SSL协议的安全交互方法,如图1所示,本申请实施例提供的方法,主要包括以下步骤:The embodiment of the present application also provides a secure interaction method based on the SSL protocol. As shown in FIG. 1, the method provided in the embodiment of the present application mainly includes the following steps:

步骤110、根据国密算法,网关SDK将移动应用的传输数据进行加密处理,并上传加密数据至预设省侧平台的第一接入网关。Step 110, according to the national secret algorithm, the gateway SDK encrypts the transmission data of the mobile application, and uploads the encrypted data to the first access gateway of the preset provincial platform.

在网关SDK根据国密算法,将移动应用的传输数据进行加密处理,并上传加密数据至预设省侧平台的第一接入网关之前,本申请还可以在移动应用端生成本地代理端口,以通过与本地代理端口交互实现数据交互,提高移动应用安全接入的便捷性,减少互联网端口暴露,提升安全性。Before the gateway SDK encrypts the transmission data of the mobile application according to the national secret algorithm, and uploads the encrypted data to the first access gateway of the preset provincial platform, this application can also generate a local proxy port on the mobile application side to Realize data interaction by interacting with the local proxy port, improve the convenience of secure access to mobile applications, reduce Internet port exposure, and improve security.

具体地:在移动应用初始化网关SDK时,以参数形式提供配置信息;其中,配置信息至少包括网关连接信息、业务服务信息、代理端口信息;通过网关SDK建立安全连接API,以接入第一接入网关,并向第一接入网关上传身份信息,完成身份认证、密钥协商和建立加密传输通道;使网关依据身份信息设置访问控制权限,并生成本地代理端口;以使移动应用通过本地代理端口向网关SDK发送传输数据。其中,密钥协商为:在加密解密通信数据之前,移动应用端和服务器端协商出会话密钥,而会话密钥只有服务器端和特定的移动应用端才能知晓。为了保证不被泄露,这可以采用密钥协商算法解决。其中会话密钥就是该密钥不用存储,一旦移动应用端和服务器端的连接关闭,该密钥就会消失,也就是说密钥存储在移动应用端和服务器端的内存中,由于密钥不用存储,安全性就得到了很大的保障。建立加密传输通道为:基于上述密钥协商产生的会话密钥建立安全连接。Specifically: when the mobile application initializes the gateway SDK, configuration information is provided in the form of parameters; wherein, the configuration information includes at least gateway connection information, business service information, and agent port information; a secure connection API is established through the gateway SDK to access the first interface access gateway, and upload identity information to the first access gateway to complete identity authentication, key negotiation, and establish an encrypted transmission channel; enable the gateway to set access control permissions based on identity information, and generate a local proxy port; enable mobile applications to pass through the local proxy The port sends transmission data to the gateway SDK. Among them, the key negotiation is: before encrypting and decrypting communication data, the mobile application end and the server end negotiate a session key, and the session key can only be known by the server end and a specific mobile application end. In order to ensure that it is not leaked, this can be solved by using a key agreement algorithm. The session key is that the key does not need to be stored. Once the connection between the mobile application and the server is closed, the key will disappear, that is to say, the key is stored in the memory of the mobile application and the server. Since the key does not need to be stored, Safety is greatly guaranteed. Establishing an encrypted transmission channel is: establishing a secure connection based on the session key generated through the above key negotiation.

其中,根据国密算法,网关SDK将移动应用的传输数据进行加密处理,可以具体为:生成随机sm4key,使用sm4key对传输数据进行国密加密处理,获得第一加密数据;其中,第一加密数据包含时间戳;使用国密算法中的sm3校验第一加密数据和时间戳的加密完整性;使用国密算法中的sm2和sm2公钥对随机sm4key进行加密,获得sm4key加密数据;使用国密算法中的sm2对时间戳+sm4key加密数据+加密传输数据进行加密,获得加密数据。Among them, according to the national secret algorithm, the gateway SDK encrypts the transmission data of the mobile application, which can be specifically: generate a random sm4key, use the sm4key to perform national secret encryption on the transmission data, and obtain the first encrypted data; among them, the first encrypted data Contains the timestamp; use the sm3 in the national secret algorithm to verify the encryption integrity of the first encrypted data and the timestamp; use the sm2 and sm2 public keys in the national secret algorithm to encrypt the random sm4key to obtain the sm4key encrypted data; use the national secret The sm2 in the algorithm encrypts the timestamp + sm4key encrypted data + encrypted transmission data to obtain encrypted data.

步骤120、基于加密数据中的身份信息,第一接入网关进行移动应用的身份认证;在身份认证合格后,通过第一接入网关和网关SDK建立国密通道,且国密通道采用基于国密算法的HTTPS协议;通过第一接入网关对接收到的加密数据进行解密处理,获得解密数据。Step 120: Based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel adopts a national The encrypted HTTPS protocol; through the first access gateway, the received encrypted data is decrypted to obtain the decrypted data.

需要说明的是,第一接入网关存储了身份认证信息,能够对接收到的身份信息进行身份认证。It should be noted that the first access gateway stores the identity authentication information, and can perform identity authentication on the received identity information.

其中,通过第一接入网关对接收到的加密数据进行解密处理,获得解密数据,具体可以为:使用国密算法中sm2的私钥对加密数据进行解密,获取加密传输数据和sm4key加密数据;使用国密算法中的sm3检验加密数据与预设消息摘要的一致性;若一致,对sm4key加密数据进行解密,获取sm4key;进而使用sm4key对加密数据进行解密,获取解密数据。Wherein, the encrypted data received is decrypted by the first access gateway to obtain the decrypted data, which may specifically be: use the private key of sm2 in the national secret algorithm to decrypt the encrypted data, and obtain encrypted transmission data and sm4key encrypted data; Use sm3 in the national secret algorithm to check the consistency between the encrypted data and the preset message digest; if they are consistent, decrypt the sm4key encrypted data to obtain sm4key; then use sm4key to decrypt the encrypted data to obtain decrypted data.

步骤130、通过预设省侧平台部署的数据推送代理服务,获取预设总部平台下发的需求指令;基于国密算法,将需求指令对应的解密数据加密传输至预设总部平台的第二接入网关。Step 130: Obtain the demand command issued by the preset headquarters platform through the data push proxy service deployed by the preset provincial platform; based on the national secret algorithm, encrypt and transmit the decrypted data corresponding to the demand command to the second interface of the preset headquarters platform ingress gateway.

需要说明的是,数据推送代理服务:省侧部署的数据推送代理服务,用于与总部数据安全接入服务对接,实现省侧推送数据的加密安全传输,保证省侧应用统一接入。It should be noted that the data push proxy service: the data push proxy service deployed on the provincial side is used to connect with the data security access service of the headquarters, realize the encrypted and secure transmission of the push data on the provincial side, and ensure the unified access of the provincial side applications.

数据推送代理服务用于向总部推送省侧数据,为保证数据安全并简化省侧业务开发工作,在省侧部署数据推送代理服务,统一对与总部数据安全接入服务交互数据进行国密加密处理。省侧业务系统调用数据推送代理服务推送数据,通过国密加密传输给数据安全接入服务,数据安全接入服务将数据解密提交给移动应用支撑平台,移动应用支撑平台将通过消息推送或数据拉取的方式推送给移动终端,总部应用也可以看到各网省的对应的数据。The data push proxy service is used to push provincial-side data to the headquarters. In order to ensure data security and simplify provincial-side business development work, the data push proxy service is deployed on the provincial side, and the data that interacts with the headquarters' data security access service is uniformly encrypted with national secrets . The provincial-side business system calls the data push agent service to push data, and encrypts and transmits it to the data security access service through national secret encryption. The data security access service decrypts the data and submits it to the mobile application support platform, and the mobile application support platform will pass message push or data pull The method of fetching is pushed to the mobile terminal, and the headquarters application can also see the corresponding data of each network province.

步骤140、基于上传数据中的省侧身份信息,进行身份认证;将身份认证合格的上传数据发送至预设数据安全接入服务,进而获得二次解密数据;通过预设总部平台确定需求移动终端,以通过消息推送或数据拉取的方式,将二次解密数据发送至需求移动终端。Step 140: Perform identity authentication based on the provincial identity information in the uploaded data; send the uploaded data that passes the identity authentication to the preset data security access service, and then obtain the secondary decryption data; determine the required mobile terminal through the preset headquarters platform , to send the secondary decryption data to the mobile terminal in demand by means of message push or data pull.

需要说明的是,第二接入网关中存储了省侧身份信息,能够对上传的省侧身份信息进行核实是否一致,一致为合格。预设数据安全接入服务:部署于总部,用于对接各网省公司数据推送代理服务,支撑各省公司需汇总到总部的数据的国密通讯接入。It should be noted that the provincial-side identity information is stored in the second access gateway, and it is possible to verify whether the uploaded provincial-side identity information is consistent, and if it is consistent, it is qualified. Preset data security access service: Deployed at the headquarters, it is used to connect with the data push agency services of provincial companies, and supports the national secret communication access of the data that provincial companies need to aggregate to the headquarters.

此外,本申请可以根据场景的需求切换网关SDK的代理模式,使其能够进行多场景和多终端的适配。其中,向网关SDK增加代理模式的方法可以具体为:通过编辑界面触发指令,进入网关SDK配置文件编辑界面;通过配置文件编辑界面,获取SSAGClient类的实例,并对实例进行初始化,以使网关SDK支持实例对应的代理模式。In addition, this application can switch the proxy mode of the gateway SDK according to the needs of the scene, so that it can adapt to multiple scenarios and multiple terminals. Among them, the method of adding the proxy mode to the gateway SDK can be specifically: trigger the command through the editing interface to enter the editing interface of the gateway SDK configuration file; obtain an instance of the SSAGClient class through the editing interface of the configuration file, and initialize the instance so that the gateway SDK The proxy mode corresponding to the instance is supported.

此外,Java代码是非常容易反编码的,本申请为了保护网关SDK中的Java源代码。本申请能够:对网关SDK对应代码中的class文件进行混淆处理,以将class文件中的类名称、变量名称和方法名称替换为预设无意义的短变量。In addition, Java code is very easy to reverse code, this application is to protect the Java source code in the gateway SDK. This application can: obfuscate the class file in the gateway SDK corresponding code, so as to replace the class name, variable name and method name in the class file with preset meaningless short variables.

除此之外,图2为本申请实施例提供的一种基于SSL协议的安全交互系统。如图2所示,本申请实施例提供的系统,主要包括:In addition, FIG. 2 is a secure interaction system based on the SSL protocol provided by the embodiment of the present application. As shown in Figure 2, the system provided by the embodiment of the present application mainly includes:

上传模块210,用于根据国密算法,网关SDK将移动应用的传输数据进行加密处理,并上传加密数据至预设省侧平台的第一接入网关;The upload module 210 is used to encrypt the transmission data of the mobile application by the gateway SDK according to the national secret algorithm, and upload the encrypted data to the first access gateway of the preset provincial side platform;

获得模块220,用于基于加密数据中的身份信息,第一接入网关进行移动应用的身份认证;在身份认证合格后,通过第一接入网关和网关SDK建立国密通道,且国密通道采用基于国密算法的HTTPS协议;通过第一接入网关对接收到的加密数据进行解密处理,获得解密数据;The obtaining module 220 is used to perform identity authentication of the mobile application by the first access gateway based on the identity information in the encrypted data; after the identity authentication is qualified, a national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel Adopt the HTTPS protocol based on the national secret algorithm; decrypt the received encrypted data through the first access gateway to obtain the decrypted data;

传输模块230,用于通过预设省侧平台部署的数据推送代理服务,获取预设总部平台下发的需求指令;基于国密算法,将需求指令对应的解密数据加密传输至预设总部平台的第二接入网关;The transmission module 230 is used to obtain the demand command issued by the preset headquarters platform through the data push agency service deployed by the preset provincial platform; based on the national secret algorithm, encrypt and transmit the decrypted data corresponding to the demand command to the preset headquarters platform. the second access gateway;

发送模块240,用于基于上传数据中的省侧身份信息,进行身份认证;将身份认证合格的上传数据发送至预设数据安全接入服务,进而获得二次解密数据;通过预设总部平台确定需求移动终端,以通过消息推送或数据拉取的方式,将二次解密数据发送至需求移动终端。The sending module 240 is used to perform identity authentication based on the provincial identity information in the uploaded data; send the uploaded data that passes the identity authentication to the preset data security access service, and then obtain secondary decryption data; determine through the preset headquarters platform The demanded mobile terminal sends the secondary decryption data to the demanded mobile terminal by means of message push or data pull.

除此之外,本申请实施例还提供了一种基于SSL协议的安全交互设备,如图3所示,其上存储有可执行指令,在该可执行指令被执行时,实现如上述的一种基于SSL协议的安全交互方法。具体地,服务器端通过总线向存储器发送执行指令,当存储器接收到执行指令时,通过总线向处理器发送执行信号,以激活处理器。In addition, the embodiment of the present application also provides a secure interaction device based on the SSL protocol, as shown in Figure 3, on which executable instructions are stored, and when the executable instructions are executed, the above-mentioned one A secure interaction method based on the SSL protocol. Specifically, the server sends an execution instruction to the memory through the bus, and when the memory receives the execution instruction, it sends an execution signal to the processor through the bus to activate the processor.

需要说明的是,处理器用于根据国密算法,网关SDK将移动应用的传输数据进行加密处理,并上传加密数据至预设省侧平台的第一接入网关;基于加密数据中的身份信息,第一接入网关进行移动应用的身份认证;在身份认证合格后,通过第一接入网关和网关SDK建立国密通道,且国密通道采用基于国密算法的HTTPS协议;通过第一接入网关对接收到的加密数据进行解密处理,获得解密数据;通过预设省侧平台部署的数据推送代理服务,获取预设总部平台下发的需求指令;基于国密算法,将需求指令对应的解密数据加密传输至预设总部平台的第二接入网关;基于上传数据中的省侧身份信息,进行身份认证;将身份认证合格的上传数据发送至预设数据安全接入服务,进而获得二次解密数据;通过预设总部平台确定需求移动终端,以通过消息推送或数据拉取的方式,将二次解密数据发送至需求移动终端。It should be noted that the processor is used to encrypt the transmission data of the mobile application by the gateway SDK according to the national secret algorithm, and upload the encrypted data to the first access gateway of the preset provincial platform; based on the identity information in the encrypted data, The first access gateway performs the identity authentication of the mobile application; after the identity authentication is qualified, the national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel adopts the HTTPS protocol based on the national secret algorithm; through the first access The gateway decrypts the received encrypted data to obtain the decrypted data; through the data push proxy service deployed on the preset provincial platform, obtains the demand instructions issued by the preset headquarters platform; based on the national secret algorithm, decrypts the corresponding demand instructions The data is encrypted and transmitted to the second access gateway of the preset headquarters platform; identity authentication is performed based on the provincial identity information in the uploaded data; the uploaded data that passes the identity authentication is sent to the preset data security access service, and then the secondary Decrypt the data; determine the required mobile terminal through the preset headquarters platform, and send the secondary decrypted data to the required mobile terminal by means of message push or data pull.

至此,已经结合前文的多个实施例描述了本公开的技术方案,但是,本领域技术人员容易理解的是,本公开的保护范围并不仅限于这些具体实施例。在不偏离本公开技术原理的前提下,本领域技术人员可以对上述各个实施例中的技术方案进行拆分和组合,也可以对相关技术特征作出等同的更改或替换,凡在本公开的技术构思和/或技术原理之内所作的任何更改、等同替换、改进等都将落入本公开的保护范围之内。So far, the technical solutions of the present disclosure have been described in conjunction with the foregoing embodiments, but those skilled in the art can easily understand that the protection scope of the present disclosure is not limited to these specific embodiments. Without departing from the technical principles of the present disclosure, those skilled in the art can split and combine the technical solutions in the above-mentioned embodiments, and can also make equivalent changes or replacements to the relevant technical features. Any changes, equivalent replacements, improvements, etc. made within the concept and/or technical principles will fall within the protection scope of the present disclosure.

Claims (8)

1. A secure interaction method based on an SSL protocol, characterized in that the method comprises:
according to the state secret algorithm, the gateway SDK encrypts transmission data of the mobile application and uploads the encrypted data to a first access gateway of a preset provincial side platform;
based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established through a first access gateway and a gateway SDK, and the national secret channel adopts an HTTPS protocol based on a national secret algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data;
acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner;
performing identity authentication based on the provincial identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
2. The secure interaction method based on the SSL protocol as recited in claim 1, wherein the gateway SDK encrypts the transmission data of the mobile application according to a cryptographic algorithm, and specifically includes:
generating a random sm4key, and carrying out national encryption processing on the transmission data by using the sm4key to obtain first encryption data; wherein the first encrypted data contains a timestamp;
using sm3 in the cryptographic algorithm to check the cryptographic integrity of the first cryptographic data and the timestamp;
encrypting the random sm4key by using sm2 and sm2 public keys in the national cryptographic algorithm to obtain sm4key encrypted data;
and encrypting the timestamp + sm4key encrypted data + encrypted transmission data by using sm2 in the national cryptographic algorithm to obtain encrypted data.
3. The secure interaction method based on the SSL protocol as recited in claim 1, wherein before the gateway SDK encrypts the transmission data of the mobile application according to a cryptographic algorithm and uploads the encrypted data to the first access gateway of the default province-side platform, the method further comprises:
when the mobile application initializes the gateway SDK, the configuration information is provided in a parameter form; the configuration information at least comprises gateway connection information, service information and agent port information;
establishing a secure connection API through a gateway SDK to access a first access gateway, uploading identity information to the first access gateway, completing identity authentication, key agreement and establishing an encryption transmission channel;
enabling the gateway to set access control authority according to the identity information and generating a local proxy port; so that the mobile application sends the transport data to the gateway SDK through the home agent port.
4. The SSL protocol-based secure interaction method as recited in claim 1, wherein the decrypting the received encrypted data through the first access gateway to obtain decrypted data specifically includes:
decrypting the encrypted data by using a private key of sm2 in the national cryptographic algorithm to obtain encrypted transmission data and sm4key encrypted data;
using sm3 in the cryptographic algorithm to check the consistency of the encrypted data and the preset message digest;
if the encrypted data are consistent, decrypting the sm4key encrypted data to obtain sm4key; and then decrypting the encrypted data by using sm4key to obtain decrypted data.
5. The SSL protocol-based secure interaction method of claim 1, wherein the method further comprises:
triggering an instruction through an editing interface, and entering a gateway SDK configuration file editing interface;
and acquiring an instance of the SSAGclient class through a configuration file editing interface, and initializing the instance so that the gateway SDK supports an agent mode corresponding to the instance.
6. The SSL protocol-based secure interaction method of claim 1, wherein the method further comprises:
and performing confusion processing on the class file in the code corresponding to the SDK of the gateway so as to replace the class name, the variable name and the method name in the class file with preset meaningless short variables.
7. A secure interactive system based on SSL, the system comprising:
the uploading module is used for encrypting the transmission data of the mobile application by the gateway SDK according to a national secret algorithm and uploading the encrypted data to a first access gateway of a preset provincial side platform;
the obtaining module is used for carrying out identity authentication of the mobile application by the first access gateway based on the identity information in the encrypted data; after the identity authentication is qualified, a national password channel is established through the first access gateway and the gateway SDK, and the national password channel adopts an HTTPS protocol based on a national password algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data;
the transmission module is used for acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner;
the sending module is used for carrying out identity authentication based on the province and side identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
8. A secure interactive device based on SSL, the device comprising:
a processor;
and a memory having executable code stored thereon, which when executed, causes the processor to perform a secure interaction method based on SSL protocol as recited in any one of claims 1-6.
CN202211131347.0A 2022-09-16 2022-09-16 Secure interaction method and system based on SSL (secure sockets layer) protocol Pending CN115514549A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211131347.0A CN115514549A (en) 2022-09-16 2022-09-16 Secure interaction method and system based on SSL (secure sockets layer) protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211131347.0A CN115514549A (en) 2022-09-16 2022-09-16 Secure interaction method and system based on SSL (secure sockets layer) protocol

Publications (1)

Publication Number Publication Date
CN115514549A true CN115514549A (en) 2022-12-23

Family

ID=84504274

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211131347.0A Pending CN115514549A (en) 2022-09-16 2022-09-16 Secure interaction method and system based on SSL (secure sockets layer) protocol

Country Status (1)

Country Link
CN (1) CN115514549A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119109595A (en) * 2024-08-27 2024-12-10 公安部道路交通安全研究中心 Road traffic management information transmission and reception and safety protection system under public network environment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105577642A (en) * 2015-11-23 2016-05-11 江苏瑞中数据股份有限公司 Mass platform longitudinal communication realization method
CN109088870A (en) * 2018-08-14 2018-12-25 国网甘肃省电力公司电力科学研究院 A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform
CN111212429A (en) * 2019-12-11 2020-05-29 全球能源互联网研究院有限公司 Safety access system and method for mobile terminal
CN111371798A (en) * 2020-02-24 2020-07-03 迈普通信技术股份有限公司 Data security transmission method, system, device and storage medium
CN113127914A (en) * 2021-05-12 2021-07-16 国网山西省电力公司电力科学研究院 Electric power Internet of things data security protection method
WO2022170759A1 (en) * 2021-02-09 2022-08-18 中国银联股份有限公司 Information processing method and apparatus, and electronic device, server and medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105577642A (en) * 2015-11-23 2016-05-11 江苏瑞中数据股份有限公司 Mass platform longitudinal communication realization method
CN109088870A (en) * 2018-08-14 2018-12-25 国网甘肃省电力公司电力科学研究院 A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform
CN111212429A (en) * 2019-12-11 2020-05-29 全球能源互联网研究院有限公司 Safety access system and method for mobile terminal
CN111371798A (en) * 2020-02-24 2020-07-03 迈普通信技术股份有限公司 Data security transmission method, system, device and storage medium
WO2022170759A1 (en) * 2021-02-09 2022-08-18 中国银联股份有限公司 Information processing method and apparatus, and electronic device, server and medium
CN113127914A (en) * 2021-05-12 2021-07-16 国网山西省电力公司电力科学研究院 Electric power Internet of things data security protection method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119109595A (en) * 2024-08-27 2024-12-10 公安部道路交通安全研究中心 Road traffic management information transmission and reception and safety protection system under public network environment

Similar Documents

Publication Publication Date Title
US12155757B2 (en) Systems and methods for deployment, management and use of dynamic cipher key systems
CN109088870B (en) Method for safely accessing acquisition terminal of power generation unit of new energy plant station to platform
US11736304B2 (en) Secure authentication of remote equipment
CN118174967B (en) Information verification method and related equipment
US20120148044A1 (en) Method and device for negotiating encryption information
CN115801252B (en) Safe cloud desktop system combined with quantum encryption technology
CN113868684A (en) Signature method, device, server, medium and signature system
CN101170413A (en) Method and device for obtaining and distributing digital certificate and its private key
US20250260559A1 (en) Transmission of secure information in a content distribution network
CN118317299B (en) 5G encrypted communication method, device, electronic device and storage medium
CN119766437A (en) SSL VPN remote access method, system and related device supporting post quantum algorithm
CN115514549A (en) Secure interaction method and system based on SSL (secure sockets layer) protocol
CN120582782A (en) Gateway topology networking method, device, equipment and medium based on quantum key
CN113810422A (en) A secure connection method of IoT platform device data based on Emqx broker architecture
US11153288B2 (en) System and method for monitoring leakage of internal information by analyzing encrypted traffic
Weith DLMS/COSEM protocol security evaluation
Merrill et al. Covert channels in SSL session negotiation headers
JP2023138927A (en) System and method for managing data-file transmission and access right to data file
CN111130796B (en) Secure online cloud storage method in instant messaging
CN116032475A (en) A data sharing method, system, device and computer-readable storage medium
CN102857507B (en) Samba Disk Mapping method and samba Disk Mapping system
CN119892356B (en) Personal application-level global quantum security encryption proxy gateway and communication system
CN117596084B (en) A software continuous integration system and method for network information security
CN119276483B (en) A gateway-based heterogeneous TEE authentication method
CN120614127A (en) Software cryptographic system for end-to-end secure communication based on TLCP protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination