CN113507479A - Gateway type encryption and decryption transparent SDK technology for WEB codes and data - Google Patents
Gateway type encryption and decryption transparent SDK technology for WEB codes and data Download PDFInfo
- Publication number
- CN113507479A CN113507479A CN202110835180.5A CN202110835180A CN113507479A CN 113507479 A CN113507479 A CN 113507479A CN 202110835180 A CN202110835180 A CN 202110835180A CN 113507479 A CN113507479 A CN 113507479A
- Authority
- CN
- China
- Prior art keywords
- decryption
- encryption
- data
- gateway
- sdk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a gateway type encryption and decryption transparent SDK technology aiming at WEB codes and data, which belongs to the technical field of network security and encryption and decryption algorithms, and comprises a front-end browser which sends a corresponding request to a WEB server, the WEB server processes the request and sends the code to a gateway reverse proxy, the gateway reverse proxy sends information for identity authentication to the front-end browser for execution, the browser verifies whether the identity of the gateway reverse proxy is legal or not, the front-end browser negotiates an encryption and decryption algorithm SDK, an encryption and decryption key and encryption and decryption strength with the legal gateway reverse proxy, the gateway reverse proxy encrypts the codes and calculates the integrity, the front-end browser decrypts the codes and verifies the integrity, the front-end browser encrypts the data, and the gateway reverse proxy decrypts the data; the technology can realize various safety effects aiming at the WEB system, and is realized in a transparent and non-inductive mode, namely, the method can be automatically completed without modifying server codes by research personnel and without installing software and plug-ins by a user computer.
Description
Technical Field
The invention belongs to the technical field of IT information network security and encryption and decryption algorithms, and particularly relates to a gateway type encryption and decryption transparent SDK technology for WEB codes and data.
Background
The application field of the existing computer encryption and decryption technology is wider, and particularly the combination of the symmetric encryption and decryption technology and the asymmetric encryption and decryption technology can realize a plurality of security and confidentiality effects, such as data confidentiality, data integrity verification, server identity verification effect and the like.
In the field of WEB application systems, especially codes of WEB systems, such as HTML and JavaScript, can hardly achieve transparent encryption and decryption effects. After the codes of the WEB application layer are released, due to the principle of openness of the browser, it is determined that all the codes seen by the browser in various ways such as a self-contained debugging tool are almost plaintext information at present, for example, HTML codes, JavaScript codes, a lot of service data and the like are readable in plaintext, and the browser does not provide any encryption and decryption technology to ensure the security of the HTML and JavaScript codes of the application layer. Although HTTPS encryption is used in many cases, HTTPS is encrypted for four layers of a network layer and a communication link, and encryption processing is not performed on seven layers of data and codes of an application layer, so seven layers of data acquired at a seven-layer WEB agent, a CDN cache, or an illegal third party are still in the clear. The unencrypted codes often have great potential safety hazards, such as security incidents that plaintext information is easy to leak, code information is easy to tamper, WEB information is easy to forge, and the like. The same phenomenon has similar security problems at the mobile WEB H5 side, the public number side, the small program side, the service number side and the like.
As shown in fig. 1, if the HTML code is not encrypted, the automatic attack software (e.g., awvs, appscan, news, bug, etc.) can easily obtain and analyze the plaintext code, so as to obtain more information behind the WEB system, such as the link address of the website, the sensitive content in the code, etc. If the JavaScript code is not encrypted, a lawless person can analyze the JavaScript code logic, can bypass the code logic and enter a service system, and can even tamper the code logic to achieve the purpose of invading a WEB system. Besides exposing all business logic, the unencrypted codes cannot protect self copyright information, and third-party developers can freely copy all codes for the third-party developers. For example, the logged account and password sensitive data, the interactive service data and the like are not encrypted, many WEB systems do not perform encryption and decryption operations at present during development, when a computer is poisoned or is attacked by phishing, the information may be monitored or leaked by a third party, and particularly, the account and password sensitive data have imaginable consequences once plaintext information is leaked.
As shown in fig. 2, the seventh layer application layer link of the OSI model is between a and B, and between C and D, and the codes are almost all plaintext, and at present, the encryption and decryption technology mainly has the following forms to achieve the encryption and decryption effect in the WEB application system:
the encryption and decryption technology is used in an end-to-end proxy communication mode, and the transparent encryption and decryption effect on a fourth layer network layer of an OSI model is only realized;
the transparent encryption and decryption effects on the WEB system disk file are realized by using a code injection or loading drive technology;
the transparent encryption and decryption effects of the fourth layer network layer of the OSI model and the HTTPS in the transmission link are realized by utilizing the encryption and decryption support function of the browser;
the research and development personnel call the corresponding encryption and decryption interfaces to encrypt and decrypt partial service data when developing the WEB application system;
most of these encryption and decryption technologies require a user side to install software or plug-in, or deploy an encryption side and a decryption side to implement them, or during development, a developer needs to invoke a third party encryption and decryption interface to implement them. These encryption and decryption modes are more for four layers of the network layer of the OSI model or for partial encryption and decryption of service communication data. The encryption and decryption of HTML and JavaScript codes of a WEB application system are almost not carried out, namely, the seven-layer codes of the application layer of the OSI model are not encrypted and protected. The encryption and decryption of the WEB service data are realized only by actively calling an interface by developers, and the method is realized by a non-transparent technology, so that a gateway type encryption and decryption transparent SDK technology for WEB codes and data is provided.
Disclosure of Invention
The invention aims to provide a gateway type encryption and decryption transparent SDK technology aiming at WEB codes and data, so as to solve the problems in the background technology.
In order to achieve the purpose, the invention adopts the following technical scheme: a gateway type encryption and decryption transparent SDK technology aiming at WEB codes and data comprises the following steps:
s1, sending HTTP request from the front browser to the opposite end through the seventh layer to the fourth layer of OSI model, receiving the HTTP request by the gateway reverse proxy Server role and sending the corresponding request information to the WEB Server by the Client role, and sending HTML and JavaScript plaintext code after the processing by the WEB Server;
s2, after receiving the authentication information, the gateway reverse proxy sends the authentication information to the front-end browser to execute, wherein the authentication information comprises a Hash ciphertext of a random character string encrypted by a private key, the random character string, an encryption and decryption SDK and a server public key, and the front-end browser verifies whether the gateway reverse proxy identity is legal or not according to the received information;
s3, the front-end browser and the legal gateway reverse proxy negotiate an encryption and decryption algorithm SDK, a symmetric encryption and decryption key and encryption and decryption strength;
s4, the gateway reverse proxy encrypts the code and calculates the integrity according to the negotiated algorithm;
s5, the front-end browser decrypts the code by using the decryption SDK and verifies the integrity;
s6, the front-end browser encrypts data according to the negotiated algorithm and the symmetric key;
s7, the gateway reverse proxy decrypts the data.
Further, S1 specifically includes: the front-end browser receives a target domain name input by a user, then sends an HTTP request and keeps long connection, the request is received by a gateway reverse proxy Server role, the gateway reverse proxy sends corresponding request information by a Client role, and the request information is received by a target WEB Server, processed and then sent to an HTML (hypertext markup language) and JavaScript (JavaScript) code to the browser end.
Further, the specific step in S2 is that the WEB Server source station finishes processing the request sent by the Client, and sends the data to the Client role of the gateway reverse proxy, the gateway reverse proxy role generates a random character string, and obtains Hash information of the random character string, encrypts the Hash information with a private key to obtain a Hash ciphertext, the Server role sends the Hash ciphertext, the random character string, the encryption/decryption SDK, and the public key information as a whole to the front-end browser, the front-end browser obtains the random character string and obtains its Hash plaintext by encrypting/decrypting the SDK, decrypts the received Hash ciphertext with the public key to obtain the Hash plaintext, determines whether the two Hash plaintext are equal, and if equal, can confirm that the Server identity is legal, and can subsequently use the public key safely.
Further, in the specific step S3, the browser generates a symmetric key using the encryption and decryption SDK, encrypts the symmetric key using a legal public key, and sends the encrypted symmetric key to the Server role of the gateway reverse proxy, and the Server role receives the ciphertext and decrypts the ciphertext with the private key to obtain the symmetric key, thereby determining the encryption and decryption mode or the symmetric encryption and decryption algorithm and the strength thereof.
Further, S4 is specifically that the gateway reverse proxy Server role first obtains the Hash of the plaintext code, encrypts the Hash with the private key, encrypts the plaintext code with the symmetric key and the determined encryption/decryption manner and strength thereof to form a ciphertext code, and sends the ciphertext code, the encrypted Hash, the symmetric encryption/decryption SDK, and the strength thereof as a whole to the front-end browser.
Further, S5 is that the front-end browser receives the ciphertext code, the encrypted Hash, the symmetric encryption/decryption SDK, and the strength information thereof, compares the two Hash values, and performs integrity verification, the front-end browser may automatically complete decryption operation on the ciphertext code by using the encryption/decryption SDK and the symmetric key, obtains the Hash of the plaintext code, compares the two Hash values, and if equal, determines that the code has integrity, and the specific execution flow is described in the following two steps.
Further, the two Hash values in S5 are equal, that is, the decrypted code has integrity, decryption operation can be performed, and the browser parses the complete HTML plaintext code and executes the complete JavaScript plaintext code.
Further, the two Hash values in S5 are not equal, that is, the decrypted code has no integrity, the browser does not analyze the incomplete HTML code any more, does not execute the incomplete JavaScript plaintext code, and performs an error prompt.
Further, the specific step in S6 is that the browser encrypts data using the encryption/decryption SDK and the symmetric key and sends the encrypted data to the gateway reverse proxy Server role, where the data includes a logged-in account, a logged-in password, a Cookie, service interaction data, and the like, and at this time, the encrypted data has confidentiality. The gateway reverse proxy Server role decrypts the ciphertext data by using the encryption and decryption SDK and the symmetric key to obtain plaintext data comprising an account number, a password, Cookie, service interaction data and the like, and sends the plaintext data to the Client role which then sends the plaintext data to the WEB Server source station.
Further, the specific step in S7 is that the WEB Server source station receives plaintext data, which includes an account, a password, a Cookie, and service interaction data, and performs logic processing, and returns result data, the gateway reverse-proxy Client role receives data and delivers a Server role, the Server role encrypts the data with a symmetric key and returns a ciphertext to the front-end browser, and the front-end browser decrypts the data with the decryption SDK and the symmetric key to obtain a plaintext, and delivers the plaintext to subsequent processes for normal operation.
Compared with the prior art, the invention has the beneficial effects that:
the application relates to a gateway type encryption and decryption transparent SDK technology for WEB codes and data, which can realize various security effects for a WEB system, such as security effects of preventing information leakage, information tampering and information counterfeiting, authenticating identities and the like. The method is realized in a transparent and non-inductive mode, namely, the method is automatically finished without modifying server codes by research personnel and without installing software and plug-ins by a user computer;
the invention aims at the seventh layer of the OSI model, and the browser does not provide functions such as encryption and decryption and the like for the seventh layer, so the technology of the invention is realized by adopting a SDK (secure digital Key) technology mode of issuing encryption and decryption. The system comprises a plurality of transparent SDKs, such as an encryption SDK, a decryption SDK, an integrity verification SDK, an identity verification SDK and the like, and can well solve various security problems of the current WEB system by combined use, thereby improving the threshold of lawless persons for analyzing or attacking the WEB system to the maximum extent. If the HTML code is encrypted, the automatic attack software can be prevented from obtaining and analyzing the plaintext code, and the whole WEB site directory and related information can be further obtained. Obfuscating and encrypting the Javascript code can well protect the code implementation logic, protect the code copyright information and the like. After data is encrypted, a man-in-the-middle can be prevented from tampering service data, in addition, a third party such as a CDN node or a Cache point can also encrypt all readable plaintext into unreadable ciphertext, and the third party can not illegally leak or maliciously tamper;
the technology only needs to deploy a gateway type reverse proxy product between a user browser and a WEB server, does not need a user side computer to install any software or browser plug-in, does not need developers to do any technology docking work, does not need a WEB server source station to do any code change, and all encryption and decryption operations are automatically completed by a system and the browser, namely the gateway type encryption and decryption transparent SDK effect.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a flow chart of a conventional WEB server;
fig. 2 is a schematic diagram of a prior art OSI application layer seven layer code;
FIG. 3 is a flow chart of the present invention;
FIG. 4 is a schematic diagram of the present invention after encryption;
FIG. 5 is a schematic diagram of the present invention before encryption of the WEB code;
FIG. 6 is a schematic diagram of the present invention before encryption of WEB data;
FIG. 7.1 is a schematic diagram of the invention after the WEB code is encrypted (the encryption strength is low);
FIG. 7.2 is a schematic diagram of the invention after the WEB code is encrypted (the encryption strength is high);
FIG. 8 is a schematic diagram of the present invention after encrypting the WEB data;
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only some embodiments of the present invention, not all embodiments.
In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are only for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention.
Referring to fig. 3 to 8, a technical solution proposed by the present invention: a gateway type encryption and decryption transparent SDK technology aiming at WEB codes and data comprises the following steps:
the steps 1 to 3 mainly complete the sending of the request, the verification of the gateway identity and the negotiation of the algorithm or the key and the encryption strength.
And 4, gateway reverse proxy processing-front-end browser processing, wherein the gateway reverse proxy Server role decrypts the ciphertext by using a private key after receiving the ciphertext to obtain a symmetric key, and determines an encryption and decryption mode or a symmetric encryption and decryption algorithm and the strength of the symmetric encryption and decryption algorithm. The Server role firstly obtains the Hash of a plaintext code, encrypts the Hash by using a private key, encrypts the plaintext code into a ciphertext code by using a symmetric key and a determined encryption and decryption mode and strength thereof, and sends the ciphertext code, the encrypted Hash, the symmetric encryption and decryption SDK and the strength thereof to a front-end browser as a whole;
and 5, the front-end browser finishes processing, receives the ciphertext codes and the encrypted Hash sent by the Server role, and at the moment, the encrypted codes have confidentiality, and can automatically finish decryption operation on the ciphertext codes by using the encryption and decryption SDK and the symmetric key and acquire the Hash of the plaintext codes. And decrypting the received ciphertext Hash by using the public key to obtain a plaintext Hash, comparing the two Hash values, if the two Hash values are equal, the decrypted code has integrity, and the browser can normally analyze and display the HTML plaintext code and call and execute the JavaScript plaintext code. If the two Hash values are not equal, namely the decrypted code has no integrity, displaying prompt information: "current display content is different from the source station, please operate cautiously";
and (5) completing encryption and decryption of the WEB code, comparing the Hash value after decryption, and performing integrity check.
And 6, the processing flow is front-end browser processing-gateway reverse proxy-WEB Server source station, the browser encrypts data by using an encryption and decryption SDK and a symmetric key and then sends the encrypted data to the role of the gateway reverse proxy Server, the data comprises a login account number and a password, Cookie, service interaction data and the like, and the encrypted data has confidentiality at the moment. The gateway reverse proxy Server role decrypts the ciphertext data by using the encryption and decryption SDK and the symmetric key to obtain plaintext data, wherein the plaintext data comprises an account number, a password, Cookie, service interaction data and the like;
and 7, the processing flow is WEB server source station-gateway reverse proxy-front-end browser processing, the WEB server source station receives plaintext data, and the plaintext data comprises account numbers, passwords, Cookie, service interaction data and the like to be logically processed, and result data is returned. The gateway reverse proxy Client role receives data and delivers a Server role, the Server role encrypts the data by using a symmetric key and returns a ciphertext to the front-end browser, and the front-end browser decrypts the data by using a decryption SDK and the symmetric key to obtain a plaintext and delivers the plaintext to subsequent flow normal operation;
and 6, step 7, encryption and decryption of WEB data including but not limited to a login account number, a login password, a Cookie and service interaction data are completed.
In this embodiment, the Client role and the Server role are both two roles that the gateway reverse proxy serves as a broker.
It is noted that the present embodiment includes a description of one-way authentication (like HTTPS one-way), i.e., the authentication process of the client to the server. The principle of authentication of the client by the server (like two-way of HTTPS) is similar to that, and therefore not described in detail. If the Server needs to verify the identity of the user side, the user side needs to import the certificate and sends the certificate information and the public key to the gateway reverse proxy Server role, the Server role verifies whether the certificate is legal or not through the user side public key, if so, the public key is used for encrypting the symmetric encryption and decryption algorithm and the use strength adopted by the encryption and decryption SDK and integrally issuing the encrypted certificate and the use strength to the user browser side, and then the negotiation of the symmetric encryption and decryption algorithm and the difficulty is completed.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and equivalent alternatives or modifications according to the technical solution and the inventive concept of the present invention should be covered by the scope of the present invention.
Claims (10)
1. A gateway type encryption and decryption transparent SDK technology aiming at WEB codes and data is characterized by comprising the following steps:
s1, sending HTTP request from the front browser to the opposite end through the seventh layer to the fourth layer of OSI model, receiving the HTTP request by the gateway reverse proxy Server role, sending corresponding request to the WEB Server by the Client role, and issuing HTML and JavaScript plaintext code after the WEB Server processes the HTTP request;
s2, the gateway reverse proxy receives the plaintext code, the following process is required to be completed before the plaintext code is sent to the browser, the authentication information is sent to the front-end browser to be executed, the authentication information comprises a Hash ciphertext of a random character string encrypted by a private key, the random character string, an encryption and decryption SDK and a server public key, and the front-end browser verifies whether the gateway reverse proxy identity is legal or not according to the received information;
s3, the front-end browser and the legal gateway reverse proxy negotiate an encryption and decryption algorithm SDK, a symmetric encryption and decryption key and encryption and decryption strength;
s4, the gateway reverse proxy encrypts the code and carries out integrity calculation according to the negotiated algorithm;
s5, the front-end browser decrypts the code by using the decryption SDK and verifies the integrity;
s6, the front-end browser encrypts data according to the negotiated algorithm and the symmetric key;
s7, the gateway reverse proxy decrypts the data.
2. The gateway-type encryption and decryption transparent SDK technology for WEB codes and data according to claim 1, wherein: s1 specifically includes: the front-end browser receives a target domain name input by a user, then sends an HTTP request and keeps long connection, the request is received by a gateway reverse proxy Server role, the gateway reverse proxy sends corresponding request information by a Client role, and the request information is received by a target WEB Server, processed and then sent to the browser end.
3. The gateway-type encryption and decryption transparent SDK technology for WEB codes and data according to claim 1, wherein: the specific steps in S2 are that the WEB Server source station processes the request sent by the Client and sends the data to the Client role of the gateway reverse proxy, the gateway reverse proxy Server role generates a random character string and obtains the Hash information of the random character string, the Hash information is encrypted by a private key to obtain a Hash ciphertext, the Server role sends the Hash ciphertext, the random character string, the encryption and decryption SDK and the public key information as a whole to the front-end browser, the front-end browser obtains the random character string and obtains the Hash plaintext thereof by the encryption and decryption SDK, the received Hash ciphertext is decrypted by the public key to obtain the Hash plaintext, whether the two Hash plaintexts are equal is judged, the identity of the Server can be confirmed to be legal by equal, and the public key can be safely used subsequently.
4. The gateway-type encryption and decryption transparent SDK technology for WEB codes and data according to claim 1, wherein: in the specific step of S3, the browser generates a symmetric key using the encryption and decryption SDK, encrypts the symmetric key with a valid public key, and sends the encrypted symmetric key to the Server role of the gateway reverse proxy, and the Server role receives the ciphertext and decrypts the ciphertext with a private key to obtain the symmetric key, and determines the encryption and decryption mode or the symmetric encryption and decryption algorithm and the strength thereof.
5. The gateway-type encryption and decryption transparent SDK technology for WEB codes and data according to claim 1, wherein: s4 is concrete that the gateway reverse proxy Server role first obtains the Hash of the plaintext code, encrypts the Hash with the private key, encrypts the plaintext code with the symmetric key and the determined encryption and decryption mode and intensity thereof to form a ciphertext code, and sends the ciphertext code, the encrypted Hash, the symmetric encryption and decryption SDK and the intensity thereof to the front-end browser as a whole.
6. The gateway-type encryption and decryption transparent SDK technology for WEB codes and data according to claim 1, wherein: s5 is that the front-end browser receives the cipher text code, the encrypted Hash, the symmetric encryption and decryption SDK and the strength information, compares the two Hash values, carries out integrity verification, the front-end browser can automatically finish decryption operation on the cipher text code by using the encryption and decryption SDK and the symmetric key, obtains the Hash of the plain text code, compares the two Hash values, if equal, the code is determined to have integrity, and the specific execution flow is described in 7 and 8.
7. The gateway-type encryption and decryption transparent SDK technology for WEB codes and data according to claim 6, wherein: and S5, the two Hash values are equal, namely the decrypted code has integrity, decryption operation can be carried out, and the browser analyzes the complete HTML plaintext code and executes the complete JavaScript plaintext code.
8. The gateway-type encryption and decryption transparent SDK technology for WEB codes and data according to claim 6, wherein: and (4) the two Hash values in the S5 are not equal, namely the decrypted code has no integrity, the browser does not analyze the incomplete HTML code any more, does not execute the incomplete JavaScript plain text code, and carries out error reminding.
9. The gateway-type encryption and decryption transparent SDK technology for WEB codes and data according to claim 1, wherein: the specific step in S6 is that the browser encrypts data using the encryption/decryption SDK and the symmetric key and sends the encrypted data to the gateway reverse proxy Server role, where the data includes a logged-in account, a password, a Cookie, service interaction data, and the like, and at this time, the encrypted data has confidentiality. The gateway reverse proxy Server role decrypts the ciphertext data by using the encryption and decryption SDK and the symmetric key to obtain plaintext data, wherein the plaintext data comprises an account number, a password, Cookie, service interaction data and the like, the Server role sends the plaintext data to the Client role, and the Client role sends the plaintext data to the WEB Server source station.
10. The gateway-type encryption and decryption transparent SDK technology for WEB codes and data according to claim 9, wherein: the concrete steps in S7 are that the WEB Server source station receives plaintext data, which includes account and password, Cookie, service interaction data and the like, and performs logic processing, and returns result data, the gateway reverse proxy Client role receives data and delivers the data to the Server role, the Server role encrypts the data by using a symmetric key and returns a ciphertext to the front-end browser, and the front-end browser decrypts the data by using a decryption SDK and the symmetric key to obtain plaintext and delivers the plaintext to subsequent processes for normal operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110835180.5A CN113507479B (en) | 2021-07-23 | 2021-07-23 | Gateway type encryption and decryption transparent SDK method for WEB codes and data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110835180.5A CN113507479B (en) | 2021-07-23 | 2021-07-23 | Gateway type encryption and decryption transparent SDK method for WEB codes and data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113507479A true CN113507479A (en) | 2021-10-15 |
CN113507479B CN113507479B (en) | 2022-11-08 |
Family
ID=78014289
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110835180.5A Active CN113507479B (en) | 2021-07-23 | 2021-07-23 | Gateway type encryption and decryption transparent SDK method for WEB codes and data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113507479B (en) |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020178353A1 (en) * | 2001-04-11 | 2002-11-28 | Graham Randall James | Secure messaging using self-decrypting documents |
US20060136724A1 (en) * | 2004-12-02 | 2006-06-22 | Yoshiteru Takeshima | Relay method of encryption communication, gateway server, and program and program memory medium of encryption communication |
CN103139185A (en) * | 2011-12-02 | 2013-06-05 | 中科信息安全共性技术国家工程研究中心有限公司 | Method of achieving safe reverse proxy service |
CN103763308A (en) * | 2013-12-31 | 2014-04-30 | 北京明朝万达科技有限公司 | Method and device for having access to webpage safely and downloading data through intelligent terminal |
CN104217173A (en) * | 2014-08-27 | 2014-12-17 | 武汉理工大学 | Method of encrypting data and files for browser |
CN104243475A (en) * | 2014-09-18 | 2014-12-24 | 东软集团股份有限公司 | Method and system for dynamic mixing based on WEB reverse proxy |
CN104506517A (en) * | 2014-12-22 | 2015-04-08 | 中软信息系统工程有限公司 | Encryption transmission method for MIPS (Million Instructions Per Second) platform on basis of HTTP (Hyper Text Transfer Protocol) |
CN106789476A (en) * | 2016-12-29 | 2017-05-31 | Tcl集团股份有限公司 | A kind of gateway communication method and system |
CN107209830A (en) * | 2014-11-13 | 2017-09-26 | 克丽夫有限公司 | Method for recognizing and resisting network attack |
CN107302541A (en) * | 2017-07-31 | 2017-10-27 | 成都蓝码科技发展有限公司 | A kind of data encryption and transmission method based on http protocol |
CN109962784A (en) * | 2019-03-22 | 2019-07-02 | 西安电子科技大学 | A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope |
CN111159684A (en) * | 2019-12-31 | 2020-05-15 | 郑州信大捷安信息技术股份有限公司 | Safety protection system and method based on browser |
CN111884986A (en) * | 2019-12-13 | 2020-11-03 | 马上消费金融股份有限公司 | Data encryption processing method and device |
CN112613037A (en) * | 2020-12-29 | 2021-04-06 | 北京永新视博数字电视技术有限公司 | Code checking method and device |
CN113010856A (en) * | 2021-03-02 | 2021-06-22 | 北京顶象技术有限公司 | Dynamic asymmetric encryption and decryption JavaScript code obfuscation method and system |
-
2021
- 2021-07-23 CN CN202110835180.5A patent/CN113507479B/en active Active
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020178353A1 (en) * | 2001-04-11 | 2002-11-28 | Graham Randall James | Secure messaging using self-decrypting documents |
US20060136724A1 (en) * | 2004-12-02 | 2006-06-22 | Yoshiteru Takeshima | Relay method of encryption communication, gateway server, and program and program memory medium of encryption communication |
CN103139185A (en) * | 2011-12-02 | 2013-06-05 | 中科信息安全共性技术国家工程研究中心有限公司 | Method of achieving safe reverse proxy service |
CN103763308A (en) * | 2013-12-31 | 2014-04-30 | 北京明朝万达科技有限公司 | Method and device for having access to webpage safely and downloading data through intelligent terminal |
CN104217173A (en) * | 2014-08-27 | 2014-12-17 | 武汉理工大学 | Method of encrypting data and files for browser |
CN104243475A (en) * | 2014-09-18 | 2014-12-24 | 东软集团股份有限公司 | Method and system for dynamic mixing based on WEB reverse proxy |
CN107209830A (en) * | 2014-11-13 | 2017-09-26 | 克丽夫有限公司 | Method for recognizing and resisting network attack |
CN104506517A (en) * | 2014-12-22 | 2015-04-08 | 中软信息系统工程有限公司 | Encryption transmission method for MIPS (Million Instructions Per Second) platform on basis of HTTP (Hyper Text Transfer Protocol) |
CN106789476A (en) * | 2016-12-29 | 2017-05-31 | Tcl集团股份有限公司 | A kind of gateway communication method and system |
CN107302541A (en) * | 2017-07-31 | 2017-10-27 | 成都蓝码科技发展有限公司 | A kind of data encryption and transmission method based on http protocol |
CN109962784A (en) * | 2019-03-22 | 2019-07-02 | 西安电子科技大学 | A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope |
CN111884986A (en) * | 2019-12-13 | 2020-11-03 | 马上消费金融股份有限公司 | Data encryption processing method and device |
CN111159684A (en) * | 2019-12-31 | 2020-05-15 | 郑州信大捷安信息技术股份有限公司 | Safety protection system and method based on browser |
CN112613037A (en) * | 2020-12-29 | 2021-04-06 | 北京永新视博数字电视技术有限公司 | Code checking method and device |
CN113010856A (en) * | 2021-03-02 | 2021-06-22 | 北京顶象技术有限公司 | Dynamic asymmetric encryption and decryption JavaScript code obfuscation method and system |
Also Published As
Publication number | Publication date |
---|---|
CN113507479B (en) | 2022-11-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108418691B (en) | Dynamic network identity authentication method based on SGX | |
US8321924B2 (en) | Method for protecting software accessible over a network using a key device | |
US8275984B2 (en) | TLS key and CGI session ID pairing | |
US8745394B1 (en) | Methods and systems for secure electronic communication | |
KR101381789B1 (en) | Method for web service user authentication | |
US20090055642A1 (en) | Method, system and computer program for protecting user credentials against security attacks | |
US8904195B1 (en) | Methods and systems for secure communications between client applications and secure elements in mobile devices | |
CN106453361B (en) | A kind of security protection method and system of the network information | |
CN105850073A (en) | Access authentication method and device for information system | |
CA2438357A1 (en) | System and method for secure remote access | |
WO2011103561A2 (en) | Encryption system using web browsers and untrusted web servers | |
CN104469767A (en) | Implementation method for integrated security protection subsystem of mobile office system | |
CN110933078B (en) | H5 unregistered user session tracking method | |
CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
AU2005255513A1 (en) | Method, system and computer program for protecting user credentials against security attacks | |
CN111918284B (en) | Safe communication method and system based on safe communication module | |
Jøsang et al. | Security in mobile communications: challenges and opportunities | |
CN109040079A (en) | The establishment of live streaming chained address and verification method and related device | |
CN108768613A (en) | A kind of ciphertext password method of calibration based on multiple encryption algorithms | |
CN104754571A (en) | User authentication realizing method, device and system thereof for multimedia data transmission | |
CN105119894A (en) | Communication system and communication method based on hardware safety module | |
CN113225352A (en) | Data transmission method and device, electronic equipment and storage medium | |
WO2008053279A1 (en) | Logging on a user device to a server | |
CN111464532A (en) | Information encryption method and system | |
CN112910867B (en) | Double verification method for trusted equipment to access application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |