CN102111349A - Security certificate gateway - Google Patents

Security certificate gateway Download PDF

Info

Publication number
CN102111349A
CN102111349A CN2009102009033A CN200910200903A CN102111349A CN 102111349 A CN102111349 A CN 102111349A CN 2009102009033 A CN2009102009033 A CN 2009102009033A CN 200910200903 A CN200910200903 A CN 200910200903A CN 102111349 A CN102111349 A CN 102111349A
Authority
CN
China
Prior art keywords
module
client
service
link block
blacklist
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2009102009033A
Other languages
Chinese (zh)
Inventor
韩洪慧
吴一博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GEER SOFTWARE CO Ltd SHANGHAI
Original Assignee
GEER SOFTWARE CO Ltd SHANGHAI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GEER SOFTWARE CO Ltd SHANGHAI filed Critical GEER SOFTWARE CO Ltd SHANGHAI
Priority to CN2009102009033A priority Critical patent/CN102111349A/en
Publication of CN102111349A publication Critical patent/CN102111349A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a security certificate gateway, comprising a client crypto module, a client business module, a service business module and a service crypto module, wherein the client business module is used as an agent of an application client and used for calling the client crypto module and the service business module interactively to build an encrypted connection; and the service business module is used for calling the service crypto module and the service business module to build a secure encrypted channel. Based on the high-strength identity authentication service, the high-strength data link encryption service and the digital signature and authentication service of a digital certificate, the gateway provided by the invention effectively protects secure access of network resources, and supports B/S applications of a hypertext transport protocol (HTTP) and hypertext transfer protocol secure (HTTPS) as well as common C/S applications of a file transfer protocol (FTP), a remote desktop and the like.

Description

Security Certificate gateway
Technical field:
The present invention relates to a kind of network security technology, particularly a kind of gateway that is used to improve network security.
Background technology:
Along with the fast development of network, network application with its efficiently, characteristics are used widely easily, as Internet securities, Web bank, E-Government, ecommerce, enterprise's telecommuting etc.Increasing important service is handled on the net; increasing important information transmits in network; how protecting the secure access of these valuable sources and the safety circulation of significant data is the major issue that network application faces, but all there is following potential safety hazard in common network application:
Do not have effective identity verification mechanism: generally all adopt the Weak authentication mode of user name+password, there is great hidden danger in the pattern of this authenticated user, is in particular in: (a) password is easily guessed; (b) password transmits in public network, is intercepted and captured easily; (c) in case password is divulged a secret, all security mechanisms promptly lost efficacy; (d) background service system need be safeguarded huge user password tabulation and be responsible for the safety that password is preserved, and management is difficulty very.
Transfer of data is dangerous: the packet that current most network application is provided all is to be clear-text way transmission according to ICP/IP protocol, and the opening of Internet causes transmission information to exist by eavesdropping, the safety problem of being distorted.
Operation is denied: network application is converted into the physical operation of real world the information flow of virtual world, the reproducibility of information flow has proposed challenge to the uniqueness and the credibility of operation, and operation can be become the serious problems that solution is needed in network application badly by denial.
The release of ssl protocol provides this security mechanism for us.The SSL of standard connects and can set up one 128 encrypted tunnel between user's browser and WEB server, comes the guarantee information transmission safety.But general SSL connects and has following problem:
1, use the digital certificate information that can't obtain calling party: general SSL connects can only be provided to the checking of user's certificate, to transmission data encipher, but can not from digital certificate, resolve user profile (user name, identity card, Subscriber Unit etc.), therefore use and to carry out trickleer authentication or to carry out secondary development the user according to certificate information.
2, to effective log record of neither one and audit functions such as the client ip of time of user, the visit of visit, visit, accessed resources.
3, the general SSL safety Connection Service and the service of application itself are installed on the same station server, because of the encryption and decryption computing of SSL safety Connection Service itself a large amount of taken the server cpu resource, thereby make the cpu resource of the computing of application own lack and cause the efficient of processing greatly to reduce.
4, the single protection at HTTP: because the limitation of ssl protocol, general SSL can only be transformed into HTTPS with HTTP, and invalid to other various ICP/IP protocol, promptly can only be applied to the B/S framework and can't be applied to the Network Transmission of C/S framework.
Summary of the invention:
The present invention is directed to the existing potential safety hazard of above-mentioned existing network; a kind of Security Certificate gateway is provided; this gateway is based on high strength authentication service, the service of high strength data link encryption, digital signature and the service for checking credentials of digital certificate; the effectively secure access of protecting network resource, and support general C/S such as the B/S application of HTTP, HTTPS and FTP, remote desktop to use.
In order to achieve the above object, the present invention adopts following technical scheme:
Security Certificate gateway, this gateway comprise client crypto module, client business module, service end business module and service end crypto module, and described client business module is set up encryption alternately with the service end business module and is connected as the agency of applications client; Described client crypto module is deposited medium and algorithm supplier as certificate, called by the client business module and finishes corresponding certificate operation and crypto-operation; Described service end business module is responsible for accepting the connection of client business module, treatment S SL agreement, use double certificate to finish authentication and cipher key change, specify cryptographic algorithm, set up the safety encipher passage with the client business module, send to application server with receiving the data decryption that comes, send to the client business module after the response data of application server is encrypted, inform client by the client business module; Described service end crypto module is deposited medium and algorithm supplier as certificate, called by the service end business module and finishes corresponding certificate operation and crypto-operation.
Described client business module comprises configuration module, and proxy module is encrypted link block, client cryptographic service module, log pattern; Described proxy module is accepted client and is connected, and carries out respective handling according to the type that client connects, and the agency who forms applications client connects; Described encryption link block is called client cryptographic service module, finishes with the encryption of service end business module to be connected; Described configuration module is responsible for reading, storing the relevant configuration of client; The daily record of each module in the described log pattern record client business module; Described client cryptographic service module invokes client crypto module provides cryptographic service to encrypting link block.
Described service end business module comprises that core link block, blacklist administration module, monitoring module, heat are equipped with module, log service module, configuration module, user management module, service end cryptographic service module; The server module of described core link block multi-process, its SSL that finishes with the service end business module shakes hands, and realizes the reverse proxy of backstage service, and handles all operation flows, comes accelerating RSA and symmetric encryption operation by encrypted card; User management module is finished management such as the granting, abolishment of user's voucher, cooperates the core link block to finish user's authentication; Notice core link block was carried out dynamically updating of blacklist after the blacklist administration module obtained up-to-date blacklist from the publishing point of appointment; Described log service module is responsible for the daily record and the warning of each module in the service end business module; Described configuration module provides the gateway configuration page, and realization is mutual with the user's; Described heat is equipped with the seamless switching between the module realization gateway; Described monitoring module monitoring core link block, blacklist administration module, heat are equipped with the running status of module, log service module, configuration module; Described service end cryptographic service module invokes service end crypto module provides cryptographic service to the core link block.
Described blacklist administration module cooperates dynamically updating by step once of the blacklist finished to realize with the core link block: described blacklist administration module obtains new blacklist to long-range publisher server, after download is finished with its organize in the file of specified path, notifying the core link block to carry out blacklist with the mode of signal then upgrades, the core link block obtains dynamically being written into blacklist after the update signal, finishes online updating.
When described blacklist administration module obtains new blacklist on long-range publisher server, carry out the one-level index.
Described monitoring module cooperates the hot module that is equipped with to carry out heat switching fully, and the running status of described monitoring module real-time detection core link block, blacklist administration module, log service module, configuration module is restarted corresponding module in case of necessity; In the core link block repeatedly fault takes place, and can't normally move after restarting repeatedly the time, monitoring module notice heat is equipped with module, carries out heat and is equipped with switching.
Described configuration module is finished after the corresponding configuration modification, can only control the startup of other each module in the service end business module and stops by monitoring module.
Complete authentication gateway according to technique scheme obtains is isolated in an independently network segment with application server in application, applications client is not set up SSL safety with this gateway and is connected, just can't the access application system.The present invention uses simply, connect in order to set up SSL safety, the application client end subscriber is generally as long as install Internet Explorer (5.0 above version) or corresponding Client Agent software (using in the network architecture of C/S or when client is used hardware certificate equipment) is installed.Set up corresponding SSL128 bit encryption safety for server end with subscription client by the present invention and be connected, effective authentication of data transmission security and client identity between the realization client and server.The present invention simultaneously can be applied to the network architecture of B/S, realizes safe transmission and authentication between browser and the WEB server.
Description of drawings:
Further specify the present invention below in conjunction with the drawings and specific embodiments.
Fig. 1 is a configuration diagram of the present invention.
Fig. 2 is the logic diagram of client business module.
Fig. 3 is the logic diagram of service end business module.
Fig. 4 upgrades schematic diagram for blacklist of the present invention.
Fig. 5 is monitoring of the present invention and two-node cluster hot backup schematic diagram.
Fig. 6 is configuration schematic diagram among the present invention.
Fig. 7 is log management schematic diagram among the present invention.
Embodiment:
For technological means, creation characteristic that the present invention is realized, reach purpose and effect is easy to understand, below in conjunction with concrete diagram, further set forth the present invention.
Referring to Security Certificate gateway shown in Figure 1, this gateway mainly comprises client and service end two parts.
Wherein client comprises client crypto module, client business module; And service end comprises service end business module and service end crypto module.
Wherein the client business module is set up encryption alternately with the service end business module and is connected as the applications client agency of (comprising browser).
The client crypto module is deposited medium and algorithm supplier as certificate, called by the client business module and finishes corresponding certificate operation and crypto-operation.
Service end adopts the hardware gateway mode, service end business module in the service end is responsible for accepting the connection of client business module, treatment S SL agreement, use double certificate to finish authentication and cipher key change, specify cryptographic algorithm, set up the safety encipher passage, send to application server receiving the data decryption that comes with the client business module, send to the client business module after the response data encryption with application server, inform applications client by the client business module.
The service end crypto module is deposited medium and algorithm supplier as certificate, called by the service end business module and finishes corresponding certificate operation and crypto-operation.
Customer end adopted proxy mode among the present invention, client business module wherein carries out SSL connection agency at user's various the application based on Transmission Control Protocol, set up the connection of 128 bit encryptions with far-end server, guarantee fail safe, there is the https agency in system at present, http agency, and the Client Agent of common c/s framework.
For this reason, the client business module comprises configuration module among the present invention, and proxy module is encrypted link block, client cryptographic service module, log pattern (as shown in Figure 2).
Wherein proxy module is accepted the client connection, carries out respective handling according to the type that client connects, and the agency who forms applications client connects.
The encryption link block is called client cryptographic service module, finishes with the encryption of service end business module to be connected.
Configuration module is responsible for reading, storing the relevant configuration of client.
The daily record of each module in the log pattern record client business module.
Client cryptographic service module invokes client crypto module provides cryptographic service to encrypting link block.
As shown in Figure 3, service end business module in the service end comprises corresponding functional modules: core link block (HRP), blacklist administration module (CRL), monitoring module (PMonitor), heat is equipped with module (HA), log service module (SYSLOG-NG), configuration module (WEBUI), user management module (USER) and service end cryptographic service module.
Core link block (HRP) is the most crucial functional module of service end business module, its SSL that finishes with client shakes hands, realize the reverse proxy of backstage service, be responsible for handling all operation flows, it is the server program of a multi-process, come accelerating RSA and symmetric encryption operation by encrypted card, the work of other subsystems all centers on HRP and launches.Service end cryptographic service module invokes service end crypto module provides cryptographic service to the core link block
User management module (USER) is the user management center, be responsible for finishing the management such as granting, abolishment of user's voucher, it cooperates the authentication of finishing the user with core link block (HRP), and the user management center has guaranteed the independence of whole service end business module, can establish one's own system.
Blacklist administration module (CRL) is an independent process, obtains behind the up-to-date blacklist notice core link block (HRP) from the publishing point of appointment and carries out blacklist and upgrade.
The blacklist of the professional mould of service end dynamically updates by blacklist administration module (CRL) and core link block (HRP) cooperation and finishes (as shown in Figure 4):
Blacklist administration module (CRL) obtains new blacklist to long-range ldap server, after download is finished with its organize in the file of specified path, notifying core link block (HRP) to carry out blacklist with the mode of signal then upgrades, core link block (HRP) obtains dynamically being written into blacklist after the update signal, finishes online updating.Blacklist administration module (CRL) only carries out the one-level index according to corresponding C A among the present invention when obtaining new blacklist.
Monitoring module (PMonitor) is a general watch-dog, monitoring core link block (HRP), and blacklist administration module (CRL), heat is equipped with module (HA), the running status of log service module (SYSLOG-NG) and configuration module (WEBUI)
Heat is equipped with module (HA), and the heat of two machines is equipped with module and connects each other, realizes the seamless switching of system.
Use monitoring module (PMonitor) to cooperate heat to be equipped with module (HA) among the present invention and carried out heat switching fully.As shown in Figure 5, monitoring module (PMonitor) is responsible for the operation of other module of monitoring, i.e. core link block (HRP), blacklist administration module (CRL), log service module (SYSLOG-NG) and configuration module (WEBUI).It is responsible for the startup of these 4 modules and stops, and constantly uses ps and curl utility program to survey the running status of corresponding module, restarts corresponding module in case of necessity.If repeatedly fault takes place in core link block (HRP), can't normally move after restarting repeatedly, then monitoring module (PMonitor) notifies the hot module (HA) that is equipped with to carry out heat switching fully (if there is no hot module (HA) fully, then monitoring module (PMonitor) can be configured to restart main frame).
Configuration module (WEBUI) provides the page to whole gateway configuration, and realization is mutual with the user's.As shown in Figure 6, the configuration that has among the present invention is all passed through configuration module (WEBUI) and is initiated, configuration module (WEBUI) writes the xml configuration file with the users' interfaces input, be the required configuration file of each module by xslt with the xml file conversion again, after finishing configuration modification, configuration module (WEBUI) can and can only be controlled the startup of other modules and stops by monitoring module (PMonitor).
Log service module (SYSLOG-NG) is responsible for the daily record and the warning of other each module in the service end business module.
As shown in Figure 7, in the service end business module except log service module (SYSLOG-NG), other modules all are the exporters of daily record, all daily record is mail to/dev/log equipment by the syslog system call, the SYSLOG-NG submodule obtains daily record from this equipment, it is shunted, write the journal file of each submodule correspondence and send to syslog server on the network, when critical mistake occurring in the daily record, log service module (SYSLOG-NG) uses the SNMP mode to report to the police.
The present invention who obtains according to technique scheme can be deployed as series model (bridge mode) or paralleling model (single armed pattern).
Series model (bridge mode) is deployed in physical department of the present invention between user and the protected server, and outer network interface promptly of the present invention is connected with user network, and interior network interface links to each other with protected server.Because protected server is connected with the present invention by internal network, so the user isolates with being connected by the present invention of server, and the user only knows gateway address, can't directly connect protected server, has only by gateway could obtain to serve.
Adopt the following advantage that has of series model:
Safe.The user must be by just obtaining service behind the authenticated encryption of gateway, and gateway has been avoided the directtissima to server with server and extraneous Network Isolation simultaneously.
Clear in structure.Series model is all very simple on physics deployment and logical construction, understands easily.
The performance height.With respect to paralleling model, the efficient and the bandwidth availability ratio of series model are higher.
Paralleling model (single armed pattern) refers to that logic section of the present invention is deployed between user and the protected server, and physical connection is in consolidated network, during outer network interface promptly of the present invention inserts original user and the network of service segment is connected.The user can obtain service by gateway, also can be directly connected to server (knowing under the server address situation) and obtain service.
Adopt paralleling model to have the characteristics easily of disposing, use and need not to change, the user only need change that reference address gets final product.
The present invention also can adopt two-node cluster hot backup to dispose, two-node cluster hot backup is disposed needs to dispose two equipment, one as main frame, one as standby host, two machines all are connected with network, use cross spider to connect heat between two equipment and be equipped with and mouthful detect, under normal circumstances provide service, automatically switch to standby host and serve when system takes place when unusual main frame by main frame.
More than show and described basic principle of the present invention and principal character and advantage of the present invention.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; that describes in the foregoing description and the specification just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.The claimed scope of the present invention is defined by appending claims and equivalent thereof.

Claims (7)

1. Security Certificate gateway, it is characterized in that, described gateway comprises client crypto module, client business module, service end business module and service end crypto module, and described client business module is set up encryption alternately with the service end business module and is connected as the agency of applications client; Described client crypto module is deposited medium and algorithm supplier as certificate, called by the client business module and finishes corresponding certificate operation and crypto-operation; Described service end business module is responsible for accepting the connection of client business module, treatment S SL agreement, use double certificate to finish authentication and cipher key change, specify cryptographic algorithm, set up the safety encipher passage with the client business module, send to application server with receiving the data decryption that comes, send to the client business module after the response data of application server is encrypted, inform client by the client business module; Described service end crypto module is deposited medium and algorithm supplier as certificate, called by the service end business module and finishes corresponding certificate operation and crypto-operation.
2. Security Certificate gateway according to claim 1 is characterized in that, described client business module comprises configuration module, and proxy module is encrypted link block, client cryptographic service module, log pattern; Described proxy module is accepted client and is connected, and carries out respective handling according to the type that client connects, and the agency who forms applications client connects; Described encryption link block is called client cryptographic service module, finishes with the encryption of service end business module to be connected; Described configuration module is responsible for reading, storing the relevant configuration of client; The daily record of each module in the described log pattern record client business module; Described client cryptographic service module invokes client crypto module provides cryptographic service to encrypting link block.
3. Security Certificate gateway according to claim 1, it is characterized in that described service end business module comprises that core link block, blacklist administration module, monitoring module, heat are equipped with module, log service module, configuration module, user management module, service end cryptographic service module; The server module of described core link block multi-process, its SSL that finishes with the service end business module shakes hands, and realizes the reverse proxy of backstage service, and handles all operation flows, comes accelerating RSA and symmetric encryption operation by encrypted card; User management module is finished management such as the granting, abolishment of user's voucher, cooperates the core link block to finish user's authentication; Notice core link block was carried out dynamically updating of blacklist after the blacklist administration module obtained up-to-date blacklist from the publishing point of appointment; Described log service module is responsible for the daily record and the warning of each module in the service end business module; Described configuration module provides the gateway configuration page, and realization is mutual with the user's; Described heat is equipped with the seamless switching between the module realization gateway; Described monitoring module monitoring core link block, blacklist administration module, heat are equipped with the running status of module, log service module, configuration module; Described service end cryptographic service module invokes service end crypto module provides cryptographic service to the core link block.
4. Security Certificate gateway according to claim 3, it is characterized in that, described blacklist administration module cooperates dynamically updating by step once of the blacklist finished to realize with the core link block: described blacklist administration module obtains new blacklist to long-range publisher server, after download is finished with its organize in the file of specified path, notifying the core link block to carry out blacklist with the mode of signal then upgrades, the core link block obtains dynamically being written into blacklist after the update signal, finishes online updating.
5. according to claim 3 or 4 described Security Certificate gateways, it is characterized in that, when described blacklist administration module obtains new blacklist on long-range publisher server, carry out the one-level index.
6. Security Certificate gateway according to claim 3, it is characterized in that, described monitoring module cooperates the hot module that is equipped with to carry out heat switching fully, the running status of described monitoring module real-time detection core link block, blacklist administration module, log service module, configuration module is restarted corresponding module in case of necessity; In the core link block repeatedly fault takes place, and can't normally move after restarting repeatedly the time, monitoring module notice heat is equipped with module, carries out heat and is equipped with switching.
7. Security Certificate gateway according to claim 3 is characterized in that, described configuration module is finished after the corresponding configuration modification, can only control the startup of other each module in the service end business module and stops by monitoring module.
CN2009102009033A 2009-12-25 2009-12-25 Security certificate gateway Pending CN102111349A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009102009033A CN102111349A (en) 2009-12-25 2009-12-25 Security certificate gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009102009033A CN102111349A (en) 2009-12-25 2009-12-25 Security certificate gateway

Publications (1)

Publication Number Publication Date
CN102111349A true CN102111349A (en) 2011-06-29

Family

ID=44175382

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009102009033A Pending CN102111349A (en) 2009-12-25 2009-12-25 Security certificate gateway

Country Status (1)

Country Link
CN (1) CN102111349A (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932359A (en) * 2012-11-08 2013-02-13 华为软件技术有限公司 Method, device and system for streaming media service request
CN103023926A (en) * 2012-12-28 2013-04-03 中科正阳信息安全技术有限公司 Reverse proxy based information leakage preventing security gateway system
CN103051598A (en) * 2011-10-17 2013-04-17 中兴通讯股份有限公司 Method, user equipment and packet access gateway for secure access to Internet services
CN103249045A (en) * 2013-05-13 2013-08-14 华为技术有限公司 Identification method, device and system
CN103281369A (en) * 2013-05-24 2013-09-04 华为技术有限公司 Message processing method and WOC (WAN (wide area network) optimization controller)
CN103546472A (en) * 2013-10-28 2014-01-29 中国软件与技术服务股份有限公司 Method and device for anti-fake protection of service system
CN104580129A (en) * 2013-10-29 2015-04-29 杭州迪普科技有限公司 SSL asynchronization agent method based on stream processing
CN104580225A (en) * 2015-01-14 2015-04-29 南京烽火星空通信发展有限公司 Cloud platform safety protection encryption device and method
CN105763566A (en) * 2016-04-19 2016-07-13 成都知道创宇信息技术有限公司 Communication method between client and server
CN106101007A (en) * 2016-05-24 2016-11-09 杭州迪普科技有限公司 Process the method and device of message
CN106488452A (en) * 2016-11-18 2017-03-08 国网江苏省电力公司南京供电公司 A kind of mobile terminal safety access authentication method of combination fingerprint
CN106934630A (en) * 2015-12-31 2017-07-07 济南大陆机电股份有限公司 A kind of measurement instrument magnitude tracing method
CN106982191A (en) * 2016-01-18 2017-07-25 天津赞普科技股份有限公司 Embedded Credential-Security authentication communication mechanism for business WiFi
CN107104929A (en) * 2016-02-23 2017-08-29 阿里巴巴集团控股有限公司 The methods, devices and systems of defending against network attacks
CN108205782A (en) * 2017-12-06 2018-06-26 信用宝金融信息服务(北京)有限公司 Personal credit manages system
CN108521463A (en) * 2018-04-11 2018-09-11 西安邮电大学 A kind of service gateway system based on open data
CN103036858B (en) * 2011-10-09 2018-10-26 南京中兴软件有限责任公司 System, implementation method, ACF and the PAG of user Internet access
CN109617897A (en) * 2018-12-28 2019-04-12 北京指掌易科技有限公司 A method of safe transmission is provided to public mobile application
CN110213346A (en) * 2019-05-14 2019-09-06 北京思源互联科技有限公司 The transmission method and device of encryption information
CN117544951A (en) * 2023-12-12 2024-02-09 中国人民解放军军事科学院系统工程研究院 5G internet of things security gateway

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1787513A (en) * 2004-12-07 2006-06-14 上海鼎安信息技术有限公司 System and method for safety remote access

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1787513A (en) * 2004-12-07 2006-06-14 上海鼎安信息技术有限公司 System and method for safety remote access

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036858B (en) * 2011-10-09 2018-10-26 南京中兴软件有限责任公司 System, implementation method, ACF and the PAG of user Internet access
CN103051598A (en) * 2011-10-17 2013-04-17 中兴通讯股份有限公司 Method, user equipment and packet access gateway for secure access to Internet services
CN103051598B (en) * 2011-10-17 2017-04-26 中兴通讯股份有限公司 Method, user equipment and packet access gateway for secure access to Internet services
CN102932359A (en) * 2012-11-08 2013-02-13 华为软件技术有限公司 Method, device and system for streaming media service request
CN103023926A (en) * 2012-12-28 2013-04-03 中科正阳信息安全技术有限公司 Reverse proxy based information leakage preventing security gateway system
CN103249045A (en) * 2013-05-13 2013-08-14 华为技术有限公司 Identification method, device and system
WO2014183526A1 (en) * 2013-05-13 2014-11-20 华为技术有限公司 Identity recognition method, device and system
CN103249045B (en) * 2013-05-13 2016-08-10 华为技术有限公司 A kind of methods, devices and systems of identification
CN103281369A (en) * 2013-05-24 2013-09-04 华为技术有限公司 Message processing method and WOC (WAN (wide area network) optimization controller)
CN103281369B (en) * 2013-05-24 2016-03-30 华为技术有限公司 Message processing method and wide area network acceleration controller WOC
CN103546472B (en) * 2013-10-28 2017-10-24 中国软件与技术服务股份有限公司 A kind of method and apparatus of the false proof protection of operation system
CN103546472A (en) * 2013-10-28 2014-01-29 中国软件与技术服务股份有限公司 Method and device for anti-fake protection of service system
CN104580129B (en) * 2013-10-29 2018-01-09 杭州迪普科技股份有限公司 A kind of asynchronous Proxy Methods of SSL based on stream process
CN104580129A (en) * 2013-10-29 2015-04-29 杭州迪普科技有限公司 SSL asynchronization agent method based on stream processing
CN104580225B (en) * 2015-01-14 2017-11-03 南京烽火星空通信发展有限公司 A kind of cloud platform security protection encryption device and method
CN104580225A (en) * 2015-01-14 2015-04-29 南京烽火星空通信发展有限公司 Cloud platform safety protection encryption device and method
CN106934630A (en) * 2015-12-31 2017-07-07 济南大陆机电股份有限公司 A kind of measurement instrument magnitude tracing method
CN106982191A (en) * 2016-01-18 2017-07-25 天津赞普科技股份有限公司 Embedded Credential-Security authentication communication mechanism for business WiFi
CN107104929A (en) * 2016-02-23 2017-08-29 阿里巴巴集团控股有限公司 The methods, devices and systems of defending against network attacks
CN107104929B (en) * 2016-02-23 2021-03-09 阿里巴巴集团控股有限公司 Method, device and system for defending network attack
CN105763566A (en) * 2016-04-19 2016-07-13 成都知道创宇信息技术有限公司 Communication method between client and server
CN105763566B (en) * 2016-04-19 2018-11-30 成都知道创宇信息技术有限公司 A kind of communication means between client and server
CN106101007B (en) * 2016-05-24 2019-05-07 杭州迪普科技股份有限公司 Handle the method and device of message
CN106101007A (en) * 2016-05-24 2016-11-09 杭州迪普科技有限公司 Process the method and device of message
CN106488452A (en) * 2016-11-18 2017-03-08 国网江苏省电力公司南京供电公司 A kind of mobile terminal safety access authentication method of combination fingerprint
CN106488452B (en) * 2016-11-18 2021-09-24 国网江苏省电力公司南京供电公司 Mobile terminal safety access authentication method combining fingerprint
CN108205782A (en) * 2017-12-06 2018-06-26 信用宝金融信息服务(北京)有限公司 Personal credit manages system
CN108521463B (en) * 2018-04-11 2021-09-17 西安邮电大学 Service gateway system based on open data
CN108521463A (en) * 2018-04-11 2018-09-11 西安邮电大学 A kind of service gateway system based on open data
CN109617897A (en) * 2018-12-28 2019-04-12 北京指掌易科技有限公司 A method of safe transmission is provided to public mobile application
CN110213346A (en) * 2019-05-14 2019-09-06 北京思源互联科技有限公司 The transmission method and device of encryption information
CN117544951A (en) * 2023-12-12 2024-02-09 中国人民解放军军事科学院系统工程研究院 5G internet of things security gateway
CN117544951B (en) * 2023-12-12 2024-06-11 中国人民解放军军事科学院系统工程研究院 5G internet of things security gateway

Similar Documents

Publication Publication Date Title
CN102111349A (en) Security certificate gateway
JP7045837B2 (en) Federated key management
US9547771B2 (en) Policy enforcement with associated data
US8059818B2 (en) Accessing protected data on network storage from multiple devices
CN110489996B (en) Database data security management method and system
CN109361668A (en) A kind of data trusted transmission method
US9043589B2 (en) System and method for safeguarding and processing confidential information
US20200082110A1 (en) Automatic key rotation
CN105162808B (en) A kind of safe login method based on national secret algorithm
US20080195740A1 (en) Maintaining session state information in a client server system
CN113849847B (en) Method, apparatus and medium for encrypting and decrypting sensitive data
CN109600226A (en) TLS protocol session key recovery method based on random number implicit negotiation
JP2003526836A (en) Method, system, server, and apparatus for securing a communication network
TW202036343A (en) Key management method, security chip, service server and information system
Perwej The hadoop security in big data: a technological viewpoint and analysis
CN104219077A (en) Information management system for middle and small-sized enterprises
KR100850506B1 (en) System and method for secure web service using double enforcement of user authentication
US8401183B2 (en) Method and system for keying and securely storing data
Alzomai et al. The mobile phone as a multi OTP device using trusted computing
CN102025748A (en) Method, device and system for acquiring user name of Kerberos authentication mode
Chaudhry et al. Security assessment of data management systems for cyber physical system applications
Nosrati et al. Security assessment of mobile-banking
CN113722726A (en) Encryption and decryption method and system based on software and hardware cooperation
Luo et al. Research on OPC UA Security Encryption Method
CN101453335B (en) User information secured inputting method, and customer terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20110629