CN101883122B - Safety connection establishing method and client equipment for establishing safety connection - Google Patents
Safety connection establishing method and client equipment for establishing safety connection Download PDFInfo
- Publication number
- CN101883122B CN101883122B CN 201010241272 CN201010241272A CN101883122B CN 101883122 B CN101883122 B CN 101883122B CN 201010241272 CN201010241272 CN 201010241272 CN 201010241272 A CN201010241272 A CN 201010241272A CN 101883122 B CN101883122 B CN 101883122B
- Authority
- CN
- China
- Prior art keywords
- signature
- client
- framework
- jsse
- eap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method supporting the use of a hardware encryption card to establish SSL (Security Socket Layer) connection, and client equipment for realizing the method. In a detailed process for a JSSE (Java Secure Socket Extensions) framework of a client to obtain a certificate of a server terminal and a signed information summary, a key management service provider in the client reads the certificate information of the client from the hardware encryption card by utilizing a key service interface, temporarily constructs a virtual private key and returns the certificate information of the client and the virtual private key to the JSSE framework of the client; the JSSE framework of the client obtains the certificate information to generate the information summary, and transmits the information summary to be signed to a signature service provider; and the signature service provider in the client signs to the information summary of the private key of the client in the hardware encryption card by utilizing the signature service interface, and returns the signed information summary to the JSSE frame of the client.
Description
Technical field
The present invention relates to JSSE (expansion of Java safe socket character) technical field, especially design uses the control of JSSE interface to create the technology that safety connects.
Background technology
SSL (SSL; Secure Sockets Layer) be that Netscape company was exploitation in 1994; Be used for WEB (the Internet) browser at first; For the data passes between browser and server provides safety guarantee, the function of encryption, source authentication and data integrity is provided, can be regarded simply as safe TCP (transmission control protocol) connects.SSL3.0 has obtained general use now, and its modified version TLS (Transport Layer Security) has become internet standard.JSSE is that Java is that control SSL connects a framework (Framework) that provides, and promptly JSSE is used for Java realization SSL programming, and through using JSSE, the developer can be transmitted data through ICP/IP protocol safely between client and server.
JSSE has become the standard package in J2SE (Java2 standard edition) 1.4 versions at present, supports SSL 3.0.When JAVAC/S (client end/server end) program that makes up based on socket, can ensure data security and complete through the support of adding SSL.
SSL connection procedure between server end and client is following:
Separately JSSE framework initialization SSL context of a, server end, client (the SSL context comprises the data of creating needs in the SSL connection procedure and method etc.);
B, server end, client JSSE framework separately will be from cryptoguard file (the JKS file: JavaKeyStore of this locality; Be used for preserving private key and certificate information) get access to private key and certificate after; Generate eap-message digest (cryptographic hash), and with this eap-message digest of private key signature;
C, server end, client JSSE framework separately sends to the other side with certificate, the eap-message digest of having signed;
The eap-message digest of having signed that the certification authentication that the JSSE framework utilization separately of d, server end, client receives receives, verify successfully after, the JSSE framework of server end generates a symmetric cryptographic key and issues client;
The JSSE framework of e, server end, client uses this symmetric cryptographic key encryption and decryption communication data, and both sides set up data communication.
When using JSSE framework establishment SSL to connect and requiring to carry out bi-directional verification; Server end and client need provide a cryptoguard file (JKS file) when initialization SSL context; The SSL context object gets access to private key and certificate from the cryptoguard file after; In the SSL negotiations process, both sides send to the other side with certificate separately, and the JSSE framework is in the SSL negotiations process; Client is used MD5 WithSHA algorithm (a kind of hash algorithm; Be used to carry out the SSL3.0 client certificate) generate an eap-message digest (eap-message digest is a cryptographic hash), with client private key this eap-message digest cryptographic hash to be signed (this cryptographic hash being encrypted with client private key) then, client sends to server end with this eap-message digest of having signed.
Server end uses this digital signature of certification authentication of receiving from client: server end obtains the PKI of client and the hash algorithm of eap-message digest from the certificate of client; The same MD5 WithSHA that uses carries out Hash operation to receiving the eap-message digest of having signed, obtains an eap-message digest, and the deciphering that the uses public-key cryptographic hash of having signed; And judge whether the cryptographic hash after eap-message digest that server end self computing obtains and the deciphering is consistent; In this way, then checking is passed through, as denying; Authentication failed then; Checking is issued client through the communication key of a symmetric cryptography of server end generation afterwards, and both sides just use this key encryption and decryption data afterwards, realizes the encrypted transmission of intercommunication data.
The principle of JSSE framework is to use software to realize the encryption and decryption and the integrality of data; Though this settling mode uses simple; Upgrading easily; But at some to the client private key security requirement than under the condition with higher, the mode of preserving private key with file in the JSSE framework just can not be satisfied the demand, because file is to duplicate and get access to than being easier to; As to ecommerce, E-Government and so on concerning the very high application of security requirement, software cryptography obviously exists security intensity to reach problems such as poor performance inadequately.
Hardware encryption card not only has safety functions such as certificate storage, digital signature, data encryption; Can support multiple general asymmetrical encryption algorithm, symmetry algorithm and hash algorithm; Can be for fields such as management information system in enterprise, electronic equipment, ecommerce, network security, identification, key management provide a cover complete, safe solution, at present a lot of USB key (utilizing the USB stored encrypted data), electron key etc. just belong to this series products.
Therefore, the inventor is through discovering, is necessary to provide a kind of JSSE framework technology of supporting to use hardware encryption card to create that SSL connects, to solve the problem that exists in the prior art.
Summary of the invention
Technical problem to be solved by this invention is, provides a kind of and supports to use hardware encryption card to create the method that SSL connects, and the client device of realizing this method.
The present invention solves the problems of the technologies described above the technical scheme that is adopted to be, a kind of method of creating the safety connection comprises:
Server end, client JSSE framework separately gets access to private key, certificate separately and the eap-message digest of having signed; And certificate that will be separately, the eap-message digest of having signed send to the other side;
The eap-message digest of having signed that the certification authentication that the JSSE framework utilization separately of server end, client receives receives, verify successfully after, the JSSE framework of server end generates a symmetric cryptographic key and issues client; Server end, client both sides set up data communication, all use this symmetric cryptographic key encryption and decryption communication data;
Said client is used the security service interface function of the local calling technology encapsulation of JAVA Windows CSP, and the security service interface comprises key service interface, signature service interface; The self-defined key management services supplier of JAVA encryption system framework of client with the signature ISP, and with said key management services supplier with the signature service provider registers in JAVA encryption system framework;
Wherein, the JSSE framework of client obtains the certificate of server end and the detailed process of the eap-message digest of having signed is:
Key management services supplier in the client utilizes the key service interface, from hardware encryption card, reads client certificate information, and constructs a virtual private key temporarily, client certificate information and virtual private key is together returned to the JSSE framework of client;
The JSSE framework of client obtains certificate information, generates eap-message digest, and imports the eap-message digest that needs signature into to the signature ISP;
Signature ISP in the client utilizes the signature service interface, accomplish the signature of client private key to eap-message digest at hardware encryption card, and the eap-message digest that will sign is to the JSSE framework that returns client.
The applicant finds the JSSE framework, and the reason of support hardware encrypted card is not following:
(1) certificate information in the hardware encryption card can't be returned to the JSSE framework by the interface according to the JSSE definition;
(2) because the JSSE framework is before creating SSL and connecting, to obtain private key and certificate and be kept in the SSL context through being written into cryptoguard file (JKS file); And the private key in the hardware encryption card is to take out, and more can't be packaged into the private key object that the JSSE framework needs.
At present, most of hardware encryption card all is the Windows CryptoAPI standard realization encryption and decryption service according to Microsoft, and Windows CryptoAPI is the group encryption interface function that Microsoft defines.Windows CSP (Windows cryptographic services supplier) is the bottom encipher interface standard that Microsoft is used on windows platform, providing third party's encrypting module; The encryption device that is used for hardware management or form of software; Realize data encryption, deciphering; Digital signature, checking and eap-message digest (Hash operation) etc., the concrete implementor of these encipher interface functions can be software or hardware.
For the client of operation Windows operating system, the present invention uses the associated safety service interface function of JNI (JAVA calls this locality) technology encapsulation Windows CSP to use for the JAVA program.The security service interface here comprises the key service interface that reads all certificate informations in the local certificate repository of Windows and uses specified containers data to be carried out the signature service interface of RSA (asymmetrical public key encryption algorithm) signature.Though JSSE and windows CSP combined to use lost platform independence; But can effectively use Windows CryptoAPI Standard Encryption interface function; Thereby handling hardware encryption card cryptographic services is provided, is a good mode of resolving safely for the JAVA program that only operates in the Windows system.On the other hand; The present invention is in order to make the JSSE framework carry out according to normal SSL flow process; Satisfy the step that the JSSE framework obtains client private key; Virtual private key that meets the JSSE frame requirements of interim structure returns to the JSSE framework, with " deception " JSSE framework, makes the JSSE framework be able to normally carry out SSL and consults.In fact this virtual private key is disabled, and the real private key corresponding with PKI is kept in the hardware encryption card and can't takes out.When needs use real private key to sign, call packaged signature service interface and handle.
Further; When the JSSE framework uses virtual private key; Can know current JSSE framework is to want to use which private key signature according to the PKI of preserving and the corresponding relation of structure private key; So just can find correct hardware encryption card to carry out hardware signature: after the key service interface returns to the JSSE framework of client with virtual private key, the local corresponding relation that also writes down PKI in this virtual private key and the client certificate; The JSSE framework of client is after the eap-message digest of the needs signature that the signature ISP is imported into; The signature ISP writes down the eap-message digest of the needs signature that the JSSE framework imports into and the corresponding relation of this virtual private key; And according to the eap-message digest of said needs signature and the corresponding relation of this virtual private key, the eap-message digest that needs are signed is sent in the corresponding hardware encrypted card signs.
Further; In order to accomplish the seamless replacement software signature of hardware signature; The hard-wired signature class of use that the signature ISP of client need be called name " Signature.NONEwithRSA " is registered in the JCA framework, and the signature service interface of client uses the RSA signature function of the signature service interface module of Windows CSP realization to sign.
Another object of the present invention is; A kind of client device of realizing the safe method of attachment of above-mentioned establishment is provided, comprise JSSE frame module, JAVA encryption system frame module, by the self-defining key management services supplier's module of JAVA encryption system framework, by the self-defining signature of JAVA encryption system framework ISP module, utilize the security service interface module of the local calling technology encapsulation of JAVA Windows CSP; Said security service interface module comprises key service interface module, signature service interface module;
The JSSE frame module is used for, and obtains the certificate of server end and the eap-message digest of having signed, realizes being connected with the SSL of server end with JAVA;
Key management services supplier's module is used for; The key service interface is registered to the JCA framework; Obtain client certificate information through the key service interface module, construct a virtual private key temporarily, client certificate information and virtual private key are together returned to the JSSE framework;
Signature ISP module is used for; The service interface of will signing is registered in the JCA framework; After receiving the eap-message digest of the needs signature that the JSSE framework imports into; Import the eap-message digest of needs signature into signature service interface module, obtain the eap-message digest of having signed through signature service interface module, and the eap-message digest that will sign is returned the JSSE framework of client;
The key service interface module is used for, and in the local certificate repository of Windows, reads the certificate information of hardware encryption card;
Signature service interface module is used for, and accomplishes the signature of client private key to eap-message digest at hardware encryption card.
Further, after the key service interface module returns to the JSSE framework with virtual private key, the local corresponding relation that also writes down PKI in this virtual private key and the client certificate; Signature ISP module also is used for; After the JSSE framework imports the eap-message digest that needs to sign into to the ISP's module of signing; And, the eap-message digest of needs signature is sent in the service interface module of signing signs in the corresponding hardware encrypted card according to the eap-message digest and this virtual private key corresponding relation of said needs signature.
Further; Signature ISP module is registered to the signature service interface of client in the JCA framework with title " Signature.NONEwithRSA ", and the signature service interface module of client uses RSA signature function identical in the hardware encryption card to realize signature.
The invention has the beneficial effects as follows, let the JSSE frame application can use the hardware encryption card signature, make the fail safe of application system critical data obtain better guarantee, have better fail safe and autgmentability.
Description of drawings
Fig. 1 is for creating the system schematic that safety connects;
Fig. 2 is the client sketch map.
Embodiment
As shown in Figure 1; SSL builds and connects that the JAVA server end need not to change in the process, still uses JKS file initialization SSL context object in a conventional manner, and being provided with simultaneously needs the checking client option; Return SSL server end socket object and monitor connection request, wait client and connect;
It is following that the JAVA client of operation Windows operating system combines the concrete grammar of accomplishing establishment that SSL is connected and transfer of data encryption with JSSE framework and hardware encryption card:
Use the security service interface function of JNI technology (the local calling technology of JAVA) encapsulation Windows CSP; Comprise the key service interface function that is used to read the local certificate repository of Windows, be used to use specified containers data to be carried out the interface functions such as signature service interface function, encryption and decryption of RSA signature, forms the encapsulation class of a local dynamic link library and corresponding confession JAVA use;
The JAVA client realizes self-defining key management services supplier; Read all certificate informations in the local certificate repository of Windows with the key service interface; Certificate in the hardware encryption card and PKI are returned to the JSSE framework; Construct a legal RSA private key simultaneously and return to the JSSE framework, make the JSSE framework can obtain complete key of client and certificate information continuation and server and carry out the SSL negotiations process;
The JAVA client realizes self-defining signature ISP, and the eap-message digest of the needs signature that record JSSE framework imports into is carried out the RSA signature with the signature service interface to it, and returned digital signature value;
The key management services supplier who realizes to JCA framework (JAVA encryption system framework) registration during the JAVA client terminal start-up, signature ISP.
Can use key management services supplier initialization SSL context object after the realization above the JAVA client is accomplished, establishment SSL socket is set up SSL with the JAVA server and has been connected.
As shown in Figure 2; The JAVA client is except comprising the JSSE frame module that is used to realize being connected with the SSL of JAVA server end; In order in the JSSE framework, to use the interface of Windows CSP; The encapsulation that also need realize several JAVA classes and Windows CSP interface in the JAVA client realizes, needs the module of increase following:
1, key service interface module: inherit from a type KeyManagerFactorySpi; Be used to return to the realization class of X509KeyManager of JSSE framework (which decision uses verify the class of local security socket based on the key of X509 certificate), this realization class will be called and use the packaged Windows CSP interface of JNI technology to return the information such as certificate that the company of building needs as the JSSE framework, realize returning the private key method simultaneously; Return a virtual RSA private key in order to " deception " JSSE framework; Because for hardware encryption card products such as USBKEY, it has stored certificate and key, but private key can not be exported; All need the calculating of private key all must in hardware product, accomplish; So generate a RSA private key here temporarily, return to framework, guarantee that framework can continue the negotiations process of back.When needs use private key to calculate, call packaged Windows CSP interface and handle;
2, signature service interface module: inherit from a type java.security.SignatureSpi (such is used to the class definition Service Provider Interface that application program provides the Digital Signature Algorithm function); Because the present invention solves is that the JAVA client is used hardware product to set up SSL with the JAVA server of the standard of use JKS file to be connected, so this class need be carried out special processing to following several committed steps:
Be signature initialization RSA signature engine: the JSSE framework can pass into the RSA private key of constructing before in this step, and this private key is exactly the client private key that above-mentioned key supplier returns to the JSSE framework, does not have actual use;
Signature or confirm operation Updating Information: the JSSE framework can import the eap-message digest (cryptographic hash) that needs signature into, this cryptographic hash need note and function below in to its signature;
Carry out signature: call the cryptographic hash that Windows CSP package interface comes in to top renewal and carry out the RSA signature operation and return digital signature.
3, key management services supplier module: promptly realize key management services supplier class; It is registered in the JCA framework with title " MSKMF " (" MSKMF ", KeyManagerFactory.getInstance is the object of the key management algorithm generation of appointment based on the factory of the key management unit in key content source according to the program that provides of appointment).When client initialization SSL context object, will obtain self-defining Key management service and realize, accomplish the integrated of the local certificate repository of JSSE framework and Windows through KeyManagerFactory.getInstance.USBKEY is exactly a CSP, and it just can be identified by windows after having installed and having driven, and is loaded in the certificate information that is stored among the key in the local certificate repository of window.Third party software can be through the certificate among the local certificate repository visit Key.
4. signature ISP module: promptly realize signature supplier class; The realization class of Signature.NONEwithRSA (RSA sign implementor) is appointed as the signature service implementing type that realizes above us; Because the JSSE framework will use this realization class to carry out signature operation; So want to use the software signature of the signature service replacement JSSE framework in the hardware product, this step is necessary.Next integrated in the JCA framework this signature service provider registers.
Windows CSP encapsulation is mainly used in obtains certificate and SSL is built the cryptographic hash that connects in the process sign from the local certificate repository of Windows.The key point here is SSL is built the signature that the cryptographic hash in company's process is carried out; Because private key is stored in the hardware encryption card and can not be derived; So this signature process need be carried out in hardware encryption card; Need adopt CryptAcquireCertificatePrivateKey function creation cryptographic services supplier handle during signature, when using CryptCreateHash function creation Hash object, need to specify (the algorithm types definition of ALG_ID parameter; It is in the nature unsigned int) (a kind of hash algorithm defines for CALG_SSL3_SHAMD5; Effect is to carry out the SSL3 client certificate), otherwise can't cooperate with the described NONEwithRSA signature algorithm of preceding step, signature will be the result can't verify at server end.
Claims (7)
1. create the method that safety connects for one kind, comprise step:
Server end, client Java safe socket character expansion JSSE framework separately gets access to private key, certificate separately and the eap-message digest of having signed; And certificate that will be separately, the eap-message digest of having signed send to the other side;
The eap-message digest of having signed that the certification authentication that the Java safe socket character expansion JSSE framework utilization separately of server end, client receives receives; After verifying successfully, the Java safe socket character of server end expansion JSSE framework generates a symmetric cryptographic key and issues client; Server end, client both sides set up data communication, all use this symmetric cryptographic key encryption and decryption communication data;
It is characterized in that said client uses Java this locality to call the security service interface function of JNI encapsulation Windows cryptographic services supplier WindowsCSP, the security service interface comprises key service interface, signature service interface; Client according to the self-defining key management services supplier of JCA framework with the signature ISP, with said key management services supplier with the signature service provider registers in Java encryption system JCA framework;
The JSSE framework of said client obtains its private key, certificate and the detailed process of the eap-message digest of having signed is:
Key management services supplier in the client utilizes the key service interface, from hardware encryption card, reads client certificate information, and constructs a virtual private key temporarily, client certificate information and virtual private key is together returned to the JSSE framework of client;
The JSSE framework of client obtains certificate information, also will generate eap-message digest, and imports the eap-message digest that needs signature into to the signature ISP;
Signature ISP in the client utilizes the signature service interface, accomplishes the signature of client private key to eap-message digest at hardware encryption card, and the eap-message digest that will sign is back to the Java safe socket character expansion JSSE framework of client.
2. a kind of according to claim 1 method of creating the safety connection; It is characterized in that; Said server end obtains private key, certificate and the detailed process of the eap-message digest of having signed is from its JSSE framework: the JSSE framework of server end gets access to its private key and certificate from the cryptoguard file JKS of this locality; Also to generate eap-message digest, and with this eap-message digest of private key signature, thereby the eap-message digest of having been signed.
3. the creation method that connects of according to claim 1 or claim 2 a kind of safety is characterized in that, after the key service interface returns to the JSSE framework of client with virtual private key, and the local corresponding relation that also writes down PKI in this virtual private key and the client certificate;
The JSSE framework of client is after the eap-message digest of the needs signature that the signature ISP is imported into; The signature ISP writes down the eap-message digest of the needs signature that the JSSE framework imports into and the corresponding relation of this virtual private key; And according to the eap-message digest of said needs signature and the corresponding relation of this virtual private key, the eap-message digest that needs are signed is sent in the corresponding hardware encrypted card signs.
4. the creation method that a kind of safety as claimed in claim 1 connects; It is characterized in that; The hard-wired signature class of use that the signature ISP of client need be called name " Signature.NONEwithRSA " is registered in the JCA framework, and the signature service interface of client uses the RSA signature function of the signature service interface module of Windows CSP realization to sign.
5. be used to create the client device that safety connects; It is characterized in that, comprise Java safe socket character expansion JSSE frame module, call the security service interface module of JNI encapsulation Windows cryptographic services supplier Windows CSP by the self-defining key management services supplier's module of Java encryption system JCA framework, by the self-defining signature of Java encryption system JCA framework ISP module, by Java this locality; Said security service interface module comprises key service interface module, signature service interface module;
Said Java safe socket character expansion JSSE frame module is used for, and obtains the certificate of server end and the eap-message digest of having signed, realizes being connected with the SSL SSL of server end with JAVA;
Said key management services supplier's module is used for; The key service interface is registered to Java encryption system JCA framework; Obtain client certificate information through the key service interface module; Virtual private key of interim structure together returns to Java safe socket character expansion JSSE framework with client certificate information and virtual private key;
Said signature ISP module is used for; The service interface of will signing is registered in the Java encryption system JCA framework; After receiving the eap-message digest of the needs signature that Java safe socket character expansion JSSE framework imports into; Import the eap-message digest of needs signature into signature service interface module, obtain the eap-message digest of having signed, and the eap-message digest that will sign is returned the Java safe socket character expansion JSSE framework of client through signature service interface module;
Said key service interface module is used for, and in the local certificate repository of Windows, reads the certificate information of hardware encryption card;
Said signature service interface module is used for, and in hardware encryption card, accomplishes the asymmetrical public key encryption algorithm RSA signature of client private key to eap-message digest.
6. like the said client device that is used to create the safety connection of claim 5, it is characterized in that, after the key service interface module returns to the JSSE framework with virtual private key, the local corresponding relation that also writes down PKI in this virtual private key and the client certificate;
Said signature ISP module also is used for; When the JSSE framework after the eap-message digest of the needs signature that signature ISP module is imported into; The eap-message digest of the needs signature that signature ISP module records JSSE framework imports into and the corresponding relation of this virtual private key; And, the eap-message digest of needs signature is sent in the service interface module of signing signs in the corresponding hardware encrypted card according to the eap-message digest of said needs signature and the corresponding relation of this virtual private key.
7. like the said client device that is used to create the safety connection of claim 5; It is characterized in that; Signature ISP module is registered to the signature service interface of client in the JCA framework with title " Signature.NONEwithRSA ", and the signature service interface module of client uses RSA signature function identical in the hardware encryption card to realize signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010241272 CN101883122B (en) | 2010-07-30 | 2010-07-30 | Safety connection establishing method and client equipment for establishing safety connection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010241272 CN101883122B (en) | 2010-07-30 | 2010-07-30 | Safety connection establishing method and client equipment for establishing safety connection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101883122A CN101883122A (en) | 2010-11-10 |
| CN101883122B true CN101883122B (en) | 2012-12-05 |
Family
ID=43055007
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010241272 Active CN101883122B (en) | 2010-07-30 | 2010-07-30 | Safety connection establishing method and client equipment for establishing safety connection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101883122B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102780731A (en) * | 2011-05-13 | 2012-11-14 | 易程(苏州)软件股份有限公司 | Client-side communication method and device |
| CN103888432A (en) * | 2012-12-21 | 2014-06-25 | 上海格尔软件股份有限公司 | Method for sharing safety device in virtualization environment |
| CN103093136B (en) * | 2012-12-27 | 2015-05-27 | 飞天诚信科技股份有限公司 | Method enabling java application to access to intelligent secret key device |
| CN103457939B (en) * | 2013-08-19 | 2016-04-06 | 飞天诚信科技股份有限公司 | A kind of method realizing bidirectional authentication of smart secret key equipment |
| CN106685977B (en) * | 2017-01-03 | 2019-11-08 | 武汉虹信技术服务有限责任公司 | A kind of system of account building method based on intelligence community cloud platform |
| CN108737092B (en) * | 2018-06-15 | 2021-04-13 | 董绍锋 | Mobile terminal management server, mobile terminal, service cloud platform and application system |
| CN110691060B (en) * | 2018-07-06 | 2022-08-09 | 武汉信安珞珈科技有限公司 | Method and system for realizing remote equipment password service based on CSP interface |
| CN109981287B (en) * | 2019-03-14 | 2020-03-17 | 亚数信息科技(上海)有限公司 | Code signing method and storage medium thereof |
| CN110061996A (en) * | 2019-04-25 | 2019-07-26 | 深圳市元征科技股份有限公司 | A kind of data transmission method, device, equipment and readable storage medium storing program for executing |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1655523A (en) * | 2005-02-04 | 2005-08-17 | 南京邮电学院 | Method for realizing safety on-chip intelligent members |
| CN1955971A (en) * | 2005-10-27 | 2007-05-02 | 北京振戎融通通信技术有限公司 | Safety installation method suitable for Java application program |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090044281A1 (en) * | 2005-02-01 | 2009-02-12 | Matsushita Electric Industrial Co., Ltd. | Java conditional access apparatus |
-
2010
- 2010-07-30 CN CN 201010241272 patent/CN101883122B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1655523A (en) * | 2005-02-04 | 2005-08-17 | 南京邮电学院 | Method for realizing safety on-chip intelligent members |
| CN1955971A (en) * | 2005-10-27 | 2007-05-02 | 北京振戎融通通信技术有限公司 | Safety installation method suitable for Java application program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101883122A (en) | 2010-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101883122B (en) | Safety connection establishing method and client equipment for establishing safety connection | |
| EP3688930B1 (en) | System and method for issuing verifiable claims | |
| CN111541785B (en) | Block chain data processing method and device based on cloud computing | |
| US11165576B2 (en) | System and method for creating decentralized identifiers | |
| US11277268B2 (en) | System and method for verifying verifiable claims | |
| CN110933108B (en) | Data processing method and device based on block chain network, electronic equipment and storage medium | |
| CN112737779B (en) | Cryptographic machine service method, device, cryptographic machine and storage medium | |
| WO2022237123A1 (en) | Method and apparatus for acquiring blockchain data, electronic device, and storage medium | |
| US20180212952A1 (en) | Managing exchanges of sensitive data | |
| CN115580413B (en) | Zero-trust multi-party data fusion calculation method and device | |
| CN115442047A (en) | Electronic signature method and system for business management file | |
| CN115473648B (en) | Certificate issuing system and related equipment | |
| CN115333839B (en) | Data security transmission method, system, equipment and storage medium | |
| CN114372245A (en) | Block chain-based Internet of things terminal authentication method, system, device and medium | |
| KR100848966B1 (en) | Method for authenticating and decrypting of short message based on public key | |
| CN111953495B (en) | Private-key-free signing method under electronic signature mixed cloud scene | |
| CN118432826B (en) | Group device registration and identity authentication method, system, device and storage medium | |
| CN112862483B (en) | Identity verification method and device based on intelligent contract | |
| Heeb et al. | Crypto Agility: Transition to post-quantum safe algorithms for secure key exchange and certificate generation | |
| CN116796353A (en) | Method and device for modifying national cipher of data hub system based on block chain | |
| CN117874830A (en) | License processing method and device based on application service and electronic equipment | |
| CN116226932A (en) | Service data verification method and device, computer medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |