CN105119894B - Communication system and communication means based on hardware security module - Google Patents
Communication system and communication means based on hardware security module Download PDFInfo
- Publication number
- CN105119894B CN105119894B CN201510418539.3A CN201510418539A CN105119894B CN 105119894 B CN105119894 B CN 105119894B CN 201510418539 A CN201510418539 A CN 201510418539A CN 105119894 B CN105119894 B CN 105119894B
- Authority
- CN
- China
- Prior art keywords
- client
- ssl
- certificate
- security module
- hardware security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of communication system and method based on hardware security module, system includes:Including hardware security module and SSL forwarding servers;The hardware security module is set on the client, for matching corresponding client certificate when by client call to the client;The SSL forwarding servers, for the verification for carrying out client certificate and in verification by negotiating communication private key with the client afterwards, the SSL forwarding servers are communicated with the client using the private key that communicates afterwards, the communication data of the client is forwarded to intranet server to handle, and by the intranet server treated data feedback to the client, wherein the SSL forwarding servers are in same communication network with the intranet server.The present invention, which can realize, prevents data from being stolen by disabled user, ensures information safe transmission on the internet;Device certificate can be prevented to be illegally modified, ensure the private key safety of equipment.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of communications securely communicated based on hardware security module
Method.
Background technology
Communication mode between current client and server mainly has:
A) socket (Socket) communication mode:Socket is the foundation stone of communication, is that the network of ICP/IP protocol is supported to lead to
The basic operation unit of letter.It is the abstract representation of endpoint during network communication, includes necessary five kinds of network communication of progress
Information:The agreement that connection uses, the IP address of local host, the protocol port of local process, the IP address of remote ground host, far
The protocol port of process.Application layer by transport layer into row data communication when, TCP can run into while for multiple program process
The problem of concurrent services are provided.Multiple TCP connections or multiple program process may be needed through same Transmission Control Protocol port
Transmit data.In order to distinguish different program process and connection, many computer operating systems are application program and TCP/
IP agreement interaction provides Socket interfaces.Application layer can be distinguished with transport layer by Socket interfaces from different application
The concurrent services of data transmission are realized in program process or the communication of network connection.
With reference to figure 1, existing Socket traffic models schematic diagram.Communication between client 11 and public network server 12, can
Can be to communicate without any encrypted Socket, data are plaintext transmissions, are easy to be trapped attack in transmission process, make
It obtains the sensitive datas such as Transaction Information and there is leakage danger in transmission process.Even if between client 11 and public network server 12
Communication has used encryption, but every server will each realize the encryption and decryption Validation Code of oneself, different client end AP P
It needs to realize encryption and decryption Validation Code for different servers, adds the difficulty of exploitation and maintenance.
B) symmetric cryptography (symmetric cryptography) communication mode:Symmetric encipherment algorithm is come using single private key
Encrypting and decrypting data.Encryption ensure that the data transmitted between client-server are ciphertexts, add the peace of transmission
Quan Xing.For same key not only for encrypting for decrypting, Encryption Algorithm is very fast (compared with asymmetric arithmetic) in symmetric cryptography,
Especially suitable for performing encryption conversion to larger data flow.But symmetric cryptography is while data encryption, due to close
The either side of key can use the secret key decryption data, it is therefore necessary to key be protected not obtained by unwarranted agency.
Meanwhile attack people can also using great amount of samples it is exhaustive the methods of carry out malice breaking cryptographic keys, so as to manufacture attack.
C) asymmetric plus (asymmetric cryptography) communication mode:Asymmetric encryption must be right using one
Unauthorized user secrecy private key and one can be to anyone disclosed public key.Public key is all mathematically related to private key
Connection;It can only be decrypted with the data of public key encryption with private key, and public key verifications can only be used with the data of private key signature.Public key can carry
Supply anyone;Public key is used to that the data of private key holder to be sent to be encrypted.Two keys for communication session all
It is unique.But asymmetric encryption also requires one securely and reliably while the difficulty that symmetric cryptography is cracked is improved
Key management system, once cipher key store is tampered, program also also can not will correctly work.
The content of the invention
It is an object of the present invention to it is used for socket communication mode in the prior art without any encrypted Socket
During communication, data are plaintext transmissions, are easy to be trapped attack in transmission process, are verified using encryption and decryption during coded communication
Code is cumbersome, the technical issues of adding the difficulty of exploitation and maintenance, provides a kind of communication system based on hardware security module
System and method, realization prevent data from being stolen by disabled user, ensure information safe transmission on the internet;It can prevent equipment from demonstrate,proving
Book is illegally modified, and ensures the private key safety of equipment.
To achieve the above object, the present invention provides a kind of communication system based on hardware security module, pacify including hardware
Full module and SSL forwarding servers;The hardware security module is set on the client, for when by client call
Corresponding client certificate is allotted to the client;The SSL forwarding servers, for carrying out the verification of client certificate simultaneously
In verification by negotiating communication private key with the client afterwards, the SSL forwarding servers are used with the client afterwards
The communication data of the client is forwarded to intranet server and handled and will be described interior by the communication private key communication
Network server treated data feedback to the client, wherein the SSL forwarding servers at the intranet server
In same communication network.
To achieve the above object, the present invention also provides a kind of communication means based on hardware security module, including:(1)
Increase hardware security module on the client, hardware security module described in client call obtains corresponding client certificate;(2)
The client certificate that client obtains is sent to SSL forwarding servers;(3) the SSL forwarding servers are to the client
Certificate is verified, and in verification by negotiating communication private key with the client afterwards;(4) the SSL forwarding servers with
The communication data of the client is forwarded at intranet server by the client using the communication private key communication
Reason, and by the intranet server treated data feedback to the client, wherein the SSL forwarding servers with it is described
Intranet server is in same communication network.
It is an advantage of the current invention that the present invention realizes the secure storage of certificate, prevents under the support of hardware security module
Device certificate is illegally modified, and ensures the private key safety of equipment.It is communicated using SSL encryption, prevents data from being stolen by disabled user,
Ensure information safe transmission on the internet;That is, the confidentiality in electronic payment process, integrality are improved using ssl protocol
With customer data security, realize electronic transaction it is simple, practical and intimate the features such as, reach three easily i.e. easily uses, easy care,
The effect of easy exploiting.Simultaneously by integrating SSL and HSM, realize that slave device arrives the data safety of transmission process in itself.It can also be certainly
Definition meets the security providers of Java Security Provider standards, realizes SSL secure communication protocols, meets existing rule
Model so that scheme is easy-to-use, safety, and simply several steps of developer can allow common non-SSL traffic client end AP P to realize and be based on
The coded communication of hardware security module is rapidly completed the safe transmission of data, realizes quick exploitation.The present invention provides one and is based on
The secure communication standard of HSM, specification protocol use, and promote the software of different manufacturers and have compatibility and can quickly develop, can be
It performs on different hardware and software platforms and is accepted extensively by the whole world.
Description of the drawings
Fig. 1, existing Socket traffic models schematic diagram;
Fig. 2, the communication system architecture schematic diagram of the present invention based on hardware security module;
Fig. 3, the communication means flow diagram of the present invention based on hardware security module;
Fig. 4, the communication sequential chart between client and server of the present invention;
Fig. 5, client call hardware security module code sequence diagram of the present invention;
Fig. 6, SSL forwarding servers of the present invention initialize sequence diagram;
Fig. 7, client call hardware security module of the present invention obtain client certificate and preposition SSL forwarding servers into
Row ssl protocol is shaken hands sequence diagram;
Fig. 8, the preposition SSL forwarding servers of the present invention start normal communication sequence diagram after trusting client.
Specific embodiment
The communication system provided by the invention based on hardware security module and communication means are done in detail below in conjunction with the accompanying drawings
Explanation.
With reference to figure 2, the communication system architecture schematic diagram of the present invention based on hardware security module.The system comprises
Hardware security module 22 and SSL forwarding servers 24.
The hardware security module 22 is arranged in client 21, corresponding for being matched when being called by client 21
Client certificate gives the client 21.That is, the hardware security module 22 is responsible for safely providing client certificate to visitor
Family end 21.
Hardware security module (Hardware Security Module, abbreviation HSM) is exactly a kind of physics certificate repository, wherein
House multiple private keys, corresponding public key and the corresponding public key certificate of each public key.Private key, public key and public key certificate are deposited
It is placed in HSM, can effectively prevent external attack and distorts.HSM aims at protection encryption key life cycle and designs
Dedicated encrypted processor.HSM is by safely managing, handling and preserving encryption key in reliable and anti-tamper equipment.
The SSL forwarding servers 24, for carrying out the verification of client certificate, and verification by afterwards with the client
End 21 negotiates communication private key, and the SSL forwarding servers 24 are communicated with the client 21 using the private key that communicates afterwards,
The communication data of the client is forwarded to that intranet server 25 is handled and treated by the intranet server 25
Data feedback is to client 21.Wherein described SSL forwarding servers 24 are in same communication network with the intranet server 25
29.The verification of certificate is a link during ssl protocol, and principle is the card that SSL forwarding servers 24 obtain client
After book, compared with the certificate in oneself credentials stack room, if there are client certificate or client certificates in credentials stack room
Label originator, then verification pass through.
SSL (Secure Sockets Layer, Secure Socket Layer) is to provide safety and data integrity for network communication
A kind of security protocol, SSL is encrypted network connection in transport layer.Ssl protocol is divided into two parts:Handshake Protocol
(Handshake Protocol) and record protocol (Record Protocol).Wherein Handshake Protocol are used for assisting
Business's key, the most contents of agreement are exactly how communicating pair is utilized to security negotiation and goes out a key;Record
Protocol then defines the form of transmission.Ssl protocol establishes an encrypted tunnel between two computers, establishes SSL
Connection ensures that data are not stolen or distort in transmission process, it is ensured that the confidentiality of confidential information, integrality and reliability.
The service that ssl protocol provides mainly has:Certification user and server, it is ensured that data sending to correct client-server;
Encryption data with prevent data midway be stolen;Safeguard the integrality of data, it is ensured that data are not changed in transmission process.
After the client 21 initializes the connection of SSL sockets, transmission connection request to the SSL forwarding servers 24,
After the connection request response of the return of SSL forwarding servers 24 and server certificate is received, the hardware is called to pacify
Full module 22 obtains corresponding client certificate.Each client has a client certificate, increases hardware security on the client
Module is used as client certificate by the way that hardware security module is called to match corresponding public key certificate, utilizes current mobile client
The characteristics of end processing capacity itself is strong, in the work of the main authentication of client process, to reduce the load of server-side.
The hardware security module 22 is further used for when judging client certificate update, then according to updated client
End certificate re-starts client certificate matching in the certificate repository inside the hardware security module 22.
The client 21 receives the SSL by carrying out SSL security protocol handshakes with the SSL forwarding servers 24
The server certificate that forwarding server 24 is sent, and then the acquisition of hardware security module 22 is called to match with server certificate
Corresponding client certificate, the client certificate of acquisition is then sent to the SSL forwarding servers 24 and is verified, and
In verification by negotiating communication private key with the SSL forwarding servers 24 afterwards.Client certificate is only sent in protocol authentication
Once to SSL forwarding servers 24, to be verified and generated the communication private key to communicate with one another, communication afterwards is all logical
It crosses this communication private key (being different from the private key in hardware security module 22) and encrypts message.After the completion of protocol authentication, client-
Communication data between SSL forwarding servers is the normal messages (such as transaction request) after communication private key encryption.
By the communication system provided by the invention based on hardware security module, client end AP P only needs to call hardware peace
Full module obtains corresponding client certificate and issues preposition SSL forwarding servers, and certificate school is carried out by SSL forwarding servers
Test to verify the legitimacy of client;The communication data of client is transmitted to intranet server by SSL forwarding servers and is handled
After return to client.It is inside client that client call hardware security module, which obtains client certificate,;SSL forwarding services
Communication data transfer between device and intranet server is same communication network, such as in the secure networks such as LAN;Client
Communication between end and SSL forwarding servers is communicated using SSL encryption using communication private key, ensure that entire communication process
Safety.Client end AP P no longer needs to consider the server end (public network server that SSL forwarding servers are formed with intranet server
End) using which kind of safety verification, without manual configuration certificate;Server end is without the safety verification for exclusively carrying out certificate;It is real
The quick exploitation of program is showed, but also system is more prone to safeguard.
The present invention realizes the secure storage of certificate under the support of hardware security module, prevents that device certificate from illegally being repaiied
Change, ensure the private key safety of equipment.It is communicated using SSL encryption, prevents data from being stolen by disabled user, ensure information in internet
Upper safe transmission;That is, the confidentiality in electronic payment process, integrality and customer data security are improved using ssl protocol,
Realize electronic transaction it is simple, practical and intimate the features such as, reach three easily i.e. easily uses, easy care, the effect of easy exploiting.Simultaneously
By integrating SSL and HSM, realize that slave device arrives the data safety of transmission process in itself.Java can be met with self-defined
The security providers of Security Provider standards realize SSL secure communication protocols, meet existing specification so that scheme is easy
With, safety, simply several steps of developer can allow common non-SSL traffic client end AP P to realize based on hardware security module
Coded communication, be rapidly completed the safe transmissions of data, realize quick exploitation.The present invention provides the safety based on HSM and leads to
Beacon is accurate, and specification protocol uses, and promotes the software of different manufacturers and has compatibility and can quickly develop, can be in different software and hardwares
It performs on platform and is accepted extensively by the whole world.
With reference to figure 3, the communication means flow diagram of the present invention based on hardware security module.The method bag
It includes, S31:Increase hardware security module on the client, hardware security module described in client call obtains corresponding client
Certificate;S32:The client certificate that client obtains is sent to SSL forwarding servers;S33:The SSL forwarding servers pair
The client certificate is verified, and in verification by negotiating communication private key with the client afterwards;S34:The SSL turns
The communication data of the client, using the private key communication that communicates, is forwarded to Intranet service by hair server with the client
Device is handled, and by the intranet server treated data feedback to the client.Below to of the present invention
Method is described in detail.
S31:Increase hardware security module on the client, hardware security module described in client call obtains corresponding visitor
Family end certificate.
Increase hardware security module on the client, the private key of client and certificate be stored in hardware security module,
It can effectively prevent external attack and distort.The hardware security module is responsible for safely providing client certificate to client
End.
Step S31 further comprises:After the client initialization SSL sockets connection (SSLSocket), connection is sent
Request is receiving connection request response and the server that the SSL forwarding servers return to the SSL forwarding servers
After certificate, the hardware security module is called to obtain corresponding client certificate.
Step S31 further comprises:When judging client certificate update, then according to updated client certificate in institute
It states and client certificate matching is re-started in the certificate repository inside hardware security module.
Each client has a client certificate, increases hardware security module on the client, by calling hardware security
Module matches corresponding public key certificate as client certificate, utilizes the strong spy of current mobile client processing capacity itself
Point, in the work of the main authentication of client process, to reduce the load of server-side.Client end AP P no longer needs to consider
Which kind of safety verification server uses, without manual configuration certificate.
S32:The client certificate that client obtains is sent to SSL forwarding servers.
SSL is a kind of security protocol that safety and data integrity are provided for network communication, and SSL connects network in transport layer
It connects and is encrypted.Ssl protocol ensures that data are not stolen or distort in transmission process, it is ensured that the confidentiality of confidential information, it is complete
Whole property and reliability.By integrating SSL and HSM, realize that slave device arrives the data safety of transmission process in itself.It can be with self-defining character
The security providers of Java Security Provider standards are closed, SSL secure communication protocols is realized, meets existing specification, make
The scheme of obtaining is easy-to-use, safety.
S33:The SSL forwarding servers verify the client certificate, and verification by afterwards with the visitor
Family end negotiates communication private key.
It is authenticated verifying the legitimacy of client to client certificate by SSL forwarding servers;Server end without
Exclusively carry out the safety verification of certificate.
As optional embodiment, the method for the invention further comprises:Initialize the SSL forwarding servers.
S34:The SSL forwarding servers are communicated with the client using the private key that communicates, by the client
Communication data is forwarded to intranet server and is handled, and by the intranet server treated data feedback to the client
End.
Wherein, the SSL forwarding servers are in same communication network with the intranet server.Client call hardware is pacified
It is inside client that full module, which obtains client certificate,;Communication data between SSL forwarding servers and intranet server passes
Defeated is same communication network, such as in the secure networks such as LAN;Communication between client and SSL forwarding servers, makes
It is communicated with communication private key using SSL encryption, ensure that the safety of entire communication process.
Each sequence diagram of the present invention is given below, to be further explained explanation to the present invention.Wherein, Fig. 4 is client
Communication sequential chart between server end;Fig. 5 is client call hardware security module code sequence diagram, wherein,
Provider is java security providers, WizarJCE is intelligent silver-colored security extension bag, SSLContext be SSL contexts,
SSLContextImpl be SSL contexts realize, SSLSocketFactoryImpl be SSL sockets factory realize,
SSLSocketImpl realizes for SSL sockets;Fig. 6 initializes sequence diagram for SSL forwarding servers, wherein, socketServer
For socket middleware, TrustManagerFactory be trust library management factory, Acceptor be socket receiver,
ChannelInitallizer is socket pipeline tickler, ChannelPipeline is socket pipeline;Fig. 7 is client
Hardware security module is called to obtain client certificate, carrying out ssl protocol with preposition SSL forwarding servers shakes hands sequence diagram,
In, AppOutputStream be client output stream, SSLSocketImpl be SSL sockets realize,
ClientHandshaker is client hand shake procedure, HSMInterface be hardware security module interface,
CertificateMsg is certificate message program, HandshakeOutputStream is output stream of shaking hands;Fig. 8 is preposition
SSL forwarding servers start normal communication sequence diagram after trusting client, wherein, OutputRecord is message output record journey
Sequence, OutputStream flow for output.Can be seen that the present invention by above-mentioned sequence diagram can prevent data from being stolen by disabled user
It takes, ensures information safe transmission on the internet;Device certificate can be prevented to be illegally modified, ensure the private key safety of equipment;
Meanwhile a secure communication standard based on HSM is provided, specification protocol uses, and promotes the software of different manufacturers and has compatibility
And it can quickly develop, can be performed on different hardware and software platforms and be accepted extensively by the whole world.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
Member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications also should be regarded as
Protection scope of the present invention.
Claims (7)
1. a kind of communication system based on hardware security module, which is characterized in that including hardware security module, SSL forwarding services
Device and intranet server;
The hardware security module is set on the client, for matching corresponding client certificate when by client call
To the client;The hardware security module is using the public key certificate that it is stored as client certificate;
The SSL forwarding servers, for the verification for carrying out client certificate and in verification by consulting afterwards with the client
Go out the private key that communicates, the SSL forwarding servers are communicated with the client using the private key that communicates afterwards, by the client
Communication data be forwarded to intranet server and handled and by the intranet server treated data feedback to described
Client, wherein the SSL forwarding servers are in same communication network with the intranet server.
2. system according to claim 1, which is characterized in that after the client initialization SSL sockets connection, send
Connection request is receiving connection request response and the clothes that the SSL forwarding servers return to the SSL forwarding servers
It is engaged in after device certificate, the hardware security module is called to obtain corresponding client certificate.
3. system according to claim 1 or 2, which is characterized in that the hardware security module is further used for judging
Client certificate update when, then according to updated client certificate in the certificate repository inside the hardware security module again
Carry out client certificate matching.
4. a kind of communication means based on hardware security module, which is characterized in that including:
(1) hardware security module is increased on the client, hardware security module described in client call obtains corresponding client
Certificate;The hardware security module is using the public key certificate that it is stored as client certificate;
(2) client certificate that client obtains is sent to SSL forwarding servers;
(3) the SSL forwarding servers verify the client certificate, and in verification by being assisted afterwards with the client
Business goes out the private key that communicates;
(4) the SSL forwarding servers are communicated with the client using the private key that communicates, by the communication number of the client
It is handled according to intranet server is forwarded to, and by the intranet server treated data feedback to the client,
Described in SSL forwarding servers and the intranet server be in same communication network.
5. according to the method described in claim 4, it is characterized in that, the method is further included:Initialize the SSL forwardings
Server.
6. according to the method described in claim 4, it is characterized in that, the step (1) further comprises:The client is initial
After changing the connection of SSL sockets, connection request is sent to the SSL forwarding servers, is returned receiving the SSL forwarding servers
After the connection request response returned and server certificate, the hardware security module is called to obtain corresponding client certificate.
7. the method according to claim 4 or 6, which is characterized in that the step (1) further comprises:
When judging client certificate update, then the card according to updated client certificate inside the hardware security module
Client certificate matching is re-started in stack room.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510418539.3A CN105119894B (en) | 2015-07-16 | 2015-07-16 | Communication system and communication means based on hardware security module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510418539.3A CN105119894B (en) | 2015-07-16 | 2015-07-16 | Communication system and communication means based on hardware security module |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105119894A CN105119894A (en) | 2015-12-02 |
CN105119894B true CN105119894B (en) | 2018-05-25 |
Family
ID=54667784
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510418539.3A Active CN105119894B (en) | 2015-07-16 | 2015-07-16 | Communication system and communication means based on hardware security module |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105119894B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107370778B (en) | 2016-05-11 | 2020-06-30 | 阿里巴巴集团控股有限公司 | Method and system for starting application |
CN107566393A (en) * | 2017-09-26 | 2018-01-09 | 山东浪潮商用系统有限公司 | A kind of dynamic rights checking system and method based on trust certificate |
CN107888582A (en) * | 2017-11-07 | 2018-04-06 | 湖南中车时代通信信号有限公司 | The system and method that a kind of APP softwares penetrate railway Intranet |
EP3648430B1 (en) * | 2018-11-05 | 2021-06-02 | Wincor Nixdorf International GmbH | Hardware security module |
CN110417726B (en) | 2019-05-27 | 2021-08-24 | 腾讯科技(深圳)有限公司 | Key management method and related equipment |
CN111628976B (en) * | 2020-05-15 | 2022-06-07 | 绿盟科技集团股份有限公司 | Message processing method, device, equipment and medium |
CN113301034A (en) * | 2021-05-17 | 2021-08-24 | 浪潮金融信息技术有限公司 | Socket-based communication method, system and medium for internal and external networks |
CN113904767A (en) * | 2021-09-29 | 2022-01-07 | 深圳市惠尔顿信息技术有限公司 | System for establishing communication based on SSL |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010078755A1 (en) * | 2009-01-12 | 2010-07-15 | 中兴通讯股份有限公司 | Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof |
CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
CN104170312A (en) * | 2011-12-15 | 2014-11-26 | 英特尔公司 | Method and device for secure communications over a network using a hardware security engine |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011120421A1 (en) * | 2010-03-31 | 2011-10-06 | 北京飞天诚信科技有限公司 | Method for implementing encryption engine |
-
2015
- 2015-07-16 CN CN201510418539.3A patent/CN105119894B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010078755A1 (en) * | 2009-01-12 | 2010-07-15 | 中兴通讯股份有限公司 | Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof |
CN104170312A (en) * | 2011-12-15 | 2014-11-26 | 英特尔公司 | Method and device for secure communications over a network using a hardware security engine |
CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
Also Published As
Publication number | Publication date |
---|---|
CN105119894A (en) | 2015-12-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105119894B (en) | Communication system and communication means based on hardware security module | |
US8904178B2 (en) | System and method for secure remote access | |
US11271730B2 (en) | Systems and methods for deployment, management and use of dynamic cipher key systems | |
US7584505B2 (en) | Inspected secure communication protocol | |
US20080301433A1 (en) | Secure Communications | |
CN108111301A (en) | The method and its system for realizing SSH agreements are exchanged based on rear quantum key | |
CN109088870A (en) | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform | |
US11736304B2 (en) | Secure authentication of remote equipment | |
CN111615105B (en) | Information providing and acquiring method, device and terminal | |
CN108418691A (en) | Dynamic network identity identifying method based on SGX | |
CN103229452A (en) | Mobile handset identification and communication authentication | |
CN107659406A (en) | A kind of resource operating methods and device | |
CN111756529B (en) | Quantum session key distribution method and system | |
CN1977559B (en) | Method and system for protecting information exchanged during communication between users | |
CN113411187B (en) | Identity authentication method and system, storage medium and processor | |
CN111756528B (en) | Quantum session key distribution method, device and communication architecture | |
CN102025748A (en) | Method, device and system for acquiring user name of Kerberos authentication mode | |
US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
KR102128244B1 (en) | Ssl/tls based network security apparatus and method | |
CN113904767A (en) | System for establishing communication based on SSL | |
KR20010079161A (en) | The equipment authentication and communication encryption key distribution method in a wireless local area network environments | |
CN116633530A (en) | Quantum key transmission method, device and system | |
JP2008152737A (en) | Service provision server, authentication server, and authentication system | |
WO2023151427A1 (en) | Quantum key transmission method, device and system | |
JP2006121440A (en) | Medical system, medical data management method and communications program for medical data management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |