CN105119894B - Communication system and communication means based on hardware security module - Google Patents

Communication system and communication means based on hardware security module Download PDF

Info

Publication number
CN105119894B
CN105119894B CN201510418539.3A CN201510418539A CN105119894B CN 105119894 B CN105119894 B CN 105119894B CN 201510418539 A CN201510418539 A CN 201510418539A CN 105119894 B CN105119894 B CN 105119894B
Authority
CN
China
Prior art keywords
client
ssl
certificate
security module
hardware security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510418539.3A
Other languages
Chinese (zh)
Other versions
CN105119894A (en
Inventor
金海青
张旭东
李敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Huiyin Information Technology Co Ltd
Original Assignee
Shanghai Huiyin Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Huiyin Information Technology Co Ltd filed Critical Shanghai Huiyin Information Technology Co Ltd
Priority to CN201510418539.3A priority Critical patent/CN105119894B/en
Publication of CN105119894A publication Critical patent/CN105119894A/en
Application granted granted Critical
Publication of CN105119894B publication Critical patent/CN105119894B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of communication system and method based on hardware security module, system includes:Including hardware security module and SSL forwarding servers;The hardware security module is set on the client, for matching corresponding client certificate when by client call to the client;The SSL forwarding servers, for the verification for carrying out client certificate and in verification by negotiating communication private key with the client afterwards, the SSL forwarding servers are communicated with the client using the private key that communicates afterwards, the communication data of the client is forwarded to intranet server to handle, and by the intranet server treated data feedback to the client, wherein the SSL forwarding servers are in same communication network with the intranet server.The present invention, which can realize, prevents data from being stolen by disabled user, ensures information safe transmission on the internet;Device certificate can be prevented to be illegally modified, ensure the private key safety of equipment.

Description

Communication system and communication means based on hardware security module
Technical field
The present invention relates to field of communication technology more particularly to a kind of communications securely communicated based on hardware security module Method.
Background technology
Communication mode between current client and server mainly has:
A) socket (Socket) communication mode:Socket is the foundation stone of communication, is that the network of ICP/IP protocol is supported to lead to The basic operation unit of letter.It is the abstract representation of endpoint during network communication, includes necessary five kinds of network communication of progress Information:The agreement that connection uses, the IP address of local host, the protocol port of local process, the IP address of remote ground host, far The protocol port of process.Application layer by transport layer into row data communication when, TCP can run into while for multiple program process The problem of concurrent services are provided.Multiple TCP connections or multiple program process may be needed through same Transmission Control Protocol port Transmit data.In order to distinguish different program process and connection, many computer operating systems are application program and TCP/ IP agreement interaction provides Socket interfaces.Application layer can be distinguished with transport layer by Socket interfaces from different application The concurrent services of data transmission are realized in program process or the communication of network connection.
With reference to figure 1, existing Socket traffic models schematic diagram.Communication between client 11 and public network server 12, can Can be to communicate without any encrypted Socket, data are plaintext transmissions, are easy to be trapped attack in transmission process, make It obtains the sensitive datas such as Transaction Information and there is leakage danger in transmission process.Even if between client 11 and public network server 12 Communication has used encryption, but every server will each realize the encryption and decryption Validation Code of oneself, different client end AP P It needs to realize encryption and decryption Validation Code for different servers, adds the difficulty of exploitation and maintenance.
B) symmetric cryptography (symmetric cryptography) communication mode:Symmetric encipherment algorithm is come using single private key Encrypting and decrypting data.Encryption ensure that the data transmitted between client-server are ciphertexts, add the peace of transmission Quan Xing.For same key not only for encrypting for decrypting, Encryption Algorithm is very fast (compared with asymmetric arithmetic) in symmetric cryptography, Especially suitable for performing encryption conversion to larger data flow.But symmetric cryptography is while data encryption, due to close The either side of key can use the secret key decryption data, it is therefore necessary to key be protected not obtained by unwarranted agency. Meanwhile attack people can also using great amount of samples it is exhaustive the methods of carry out malice breaking cryptographic keys, so as to manufacture attack.
C) asymmetric plus (asymmetric cryptography) communication mode:Asymmetric encryption must be right using one Unauthorized user secrecy private key and one can be to anyone disclosed public key.Public key is all mathematically related to private key Connection;It can only be decrypted with the data of public key encryption with private key, and public key verifications can only be used with the data of private key signature.Public key can carry Supply anyone;Public key is used to that the data of private key holder to be sent to be encrypted.Two keys for communication session all It is unique.But asymmetric encryption also requires one securely and reliably while the difficulty that symmetric cryptography is cracked is improved Key management system, once cipher key store is tampered, program also also can not will correctly work.
The content of the invention
It is an object of the present invention to it is used for socket communication mode in the prior art without any encrypted Socket During communication, data are plaintext transmissions, are easy to be trapped attack in transmission process, are verified using encryption and decryption during coded communication Code is cumbersome, the technical issues of adding the difficulty of exploitation and maintenance, provides a kind of communication system based on hardware security module System and method, realization prevent data from being stolen by disabled user, ensure information safe transmission on the internet;It can prevent equipment from demonstrate,proving Book is illegally modified, and ensures the private key safety of equipment.
To achieve the above object, the present invention provides a kind of communication system based on hardware security module, pacify including hardware Full module and SSL forwarding servers;The hardware security module is set on the client, for when by client call Corresponding client certificate is allotted to the client;The SSL forwarding servers, for carrying out the verification of client certificate simultaneously In verification by negotiating communication private key with the client afterwards, the SSL forwarding servers are used with the client afterwards The communication data of the client is forwarded to intranet server and handled and will be described interior by the communication private key communication Network server treated data feedback to the client, wherein the SSL forwarding servers at the intranet server In same communication network.
To achieve the above object, the present invention also provides a kind of communication means based on hardware security module, including:(1) Increase hardware security module on the client, hardware security module described in client call obtains corresponding client certificate;(2) The client certificate that client obtains is sent to SSL forwarding servers;(3) the SSL forwarding servers are to the client Certificate is verified, and in verification by negotiating communication private key with the client afterwards;(4) the SSL forwarding servers with The communication data of the client is forwarded at intranet server by the client using the communication private key communication Reason, and by the intranet server treated data feedback to the client, wherein the SSL forwarding servers with it is described Intranet server is in same communication network.
It is an advantage of the current invention that the present invention realizes the secure storage of certificate, prevents under the support of hardware security module Device certificate is illegally modified, and ensures the private key safety of equipment.It is communicated using SSL encryption, prevents data from being stolen by disabled user, Ensure information safe transmission on the internet;That is, the confidentiality in electronic payment process, integrality are improved using ssl protocol With customer data security, realize electronic transaction it is simple, practical and intimate the features such as, reach three easily i.e. easily uses, easy care, The effect of easy exploiting.Simultaneously by integrating SSL and HSM, realize that slave device arrives the data safety of transmission process in itself.It can also be certainly Definition meets the security providers of Java Security Provider standards, realizes SSL secure communication protocols, meets existing rule Model so that scheme is easy-to-use, safety, and simply several steps of developer can allow common non-SSL traffic client end AP P to realize and be based on The coded communication of hardware security module is rapidly completed the safe transmission of data, realizes quick exploitation.The present invention provides one and is based on The secure communication standard of HSM, specification protocol use, and promote the software of different manufacturers and have compatibility and can quickly develop, can be It performs on different hardware and software platforms and is accepted extensively by the whole world.
Description of the drawings
Fig. 1, existing Socket traffic models schematic diagram;
Fig. 2, the communication system architecture schematic diagram of the present invention based on hardware security module;
Fig. 3, the communication means flow diagram of the present invention based on hardware security module;
Fig. 4, the communication sequential chart between client and server of the present invention;
Fig. 5, client call hardware security module code sequence diagram of the present invention;
Fig. 6, SSL forwarding servers of the present invention initialize sequence diagram;
Fig. 7, client call hardware security module of the present invention obtain client certificate and preposition SSL forwarding servers into Row ssl protocol is shaken hands sequence diagram;
Fig. 8, the preposition SSL forwarding servers of the present invention start normal communication sequence diagram after trusting client.
Specific embodiment
The communication system provided by the invention based on hardware security module and communication means are done in detail below in conjunction with the accompanying drawings Explanation.
With reference to figure 2, the communication system architecture schematic diagram of the present invention based on hardware security module.The system comprises Hardware security module 22 and SSL forwarding servers 24.
The hardware security module 22 is arranged in client 21, corresponding for being matched when being called by client 21 Client certificate gives the client 21.That is, the hardware security module 22 is responsible for safely providing client certificate to visitor Family end 21.
Hardware security module (Hardware Security Module, abbreviation HSM) is exactly a kind of physics certificate repository, wherein House multiple private keys, corresponding public key and the corresponding public key certificate of each public key.Private key, public key and public key certificate are deposited It is placed in HSM, can effectively prevent external attack and distorts.HSM aims at protection encryption key life cycle and designs Dedicated encrypted processor.HSM is by safely managing, handling and preserving encryption key in reliable and anti-tamper equipment.
The SSL forwarding servers 24, for carrying out the verification of client certificate, and verification by afterwards with the client End 21 negotiates communication private key, and the SSL forwarding servers 24 are communicated with the client 21 using the private key that communicates afterwards, The communication data of the client is forwarded to that intranet server 25 is handled and treated by the intranet server 25 Data feedback is to client 21.Wherein described SSL forwarding servers 24 are in same communication network with the intranet server 25 29.The verification of certificate is a link during ssl protocol, and principle is the card that SSL forwarding servers 24 obtain client After book, compared with the certificate in oneself credentials stack room, if there are client certificate or client certificates in credentials stack room Label originator, then verification pass through.
SSL (Secure Sockets Layer, Secure Socket Layer) is to provide safety and data integrity for network communication A kind of security protocol, SSL is encrypted network connection in transport layer.Ssl protocol is divided into two parts:Handshake Protocol (Handshake Protocol) and record protocol (Record Protocol).Wherein Handshake Protocol are used for assisting Business's key, the most contents of agreement are exactly how communicating pair is utilized to security negotiation and goes out a key;Record Protocol then defines the form of transmission.Ssl protocol establishes an encrypted tunnel between two computers, establishes SSL Connection ensures that data are not stolen or distort in transmission process, it is ensured that the confidentiality of confidential information, integrality and reliability. The service that ssl protocol provides mainly has:Certification user and server, it is ensured that data sending to correct client-server; Encryption data with prevent data midway be stolen;Safeguard the integrality of data, it is ensured that data are not changed in transmission process.
After the client 21 initializes the connection of SSL sockets, transmission connection request to the SSL forwarding servers 24, After the connection request response of the return of SSL forwarding servers 24 and server certificate is received, the hardware is called to pacify Full module 22 obtains corresponding client certificate.Each client has a client certificate, increases hardware security on the client Module is used as client certificate by the way that hardware security module is called to match corresponding public key certificate, utilizes current mobile client The characteristics of end processing capacity itself is strong, in the work of the main authentication of client process, to reduce the load of server-side.
The hardware security module 22 is further used for when judging client certificate update, then according to updated client End certificate re-starts client certificate matching in the certificate repository inside the hardware security module 22.
The client 21 receives the SSL by carrying out SSL security protocol handshakes with the SSL forwarding servers 24 The server certificate that forwarding server 24 is sent, and then the acquisition of hardware security module 22 is called to match with server certificate Corresponding client certificate, the client certificate of acquisition is then sent to the SSL forwarding servers 24 and is verified, and In verification by negotiating communication private key with the SSL forwarding servers 24 afterwards.Client certificate is only sent in protocol authentication Once to SSL forwarding servers 24, to be verified and generated the communication private key to communicate with one another, communication afterwards is all logical It crosses this communication private key (being different from the private key in hardware security module 22) and encrypts message.After the completion of protocol authentication, client- Communication data between SSL forwarding servers is the normal messages (such as transaction request) after communication private key encryption.
By the communication system provided by the invention based on hardware security module, client end AP P only needs to call hardware peace Full module obtains corresponding client certificate and issues preposition SSL forwarding servers, and certificate school is carried out by SSL forwarding servers Test to verify the legitimacy of client;The communication data of client is transmitted to intranet server by SSL forwarding servers and is handled After return to client.It is inside client that client call hardware security module, which obtains client certificate,;SSL forwarding services Communication data transfer between device and intranet server is same communication network, such as in the secure networks such as LAN;Client Communication between end and SSL forwarding servers is communicated using SSL encryption using communication private key, ensure that entire communication process Safety.Client end AP P no longer needs to consider the server end (public network server that SSL forwarding servers are formed with intranet server End) using which kind of safety verification, without manual configuration certificate;Server end is without the safety verification for exclusively carrying out certificate;It is real The quick exploitation of program is showed, but also system is more prone to safeguard.
The present invention realizes the secure storage of certificate under the support of hardware security module, prevents that device certificate from illegally being repaiied Change, ensure the private key safety of equipment.It is communicated using SSL encryption, prevents data from being stolen by disabled user, ensure information in internet Upper safe transmission;That is, the confidentiality in electronic payment process, integrality and customer data security are improved using ssl protocol, Realize electronic transaction it is simple, practical and intimate the features such as, reach three easily i.e. easily uses, easy care, the effect of easy exploiting.Simultaneously By integrating SSL and HSM, realize that slave device arrives the data safety of transmission process in itself.Java can be met with self-defined The security providers of Security Provider standards realize SSL secure communication protocols, meet existing specification so that scheme is easy With, safety, simply several steps of developer can allow common non-SSL traffic client end AP P to realize based on hardware security module Coded communication, be rapidly completed the safe transmissions of data, realize quick exploitation.The present invention provides the safety based on HSM and leads to Beacon is accurate, and specification protocol uses, and promotes the software of different manufacturers and has compatibility and can quickly develop, can be in different software and hardwares It performs on platform and is accepted extensively by the whole world.
With reference to figure 3, the communication means flow diagram of the present invention based on hardware security module.The method bag It includes, S31:Increase hardware security module on the client, hardware security module described in client call obtains corresponding client Certificate;S32:The client certificate that client obtains is sent to SSL forwarding servers;S33:The SSL forwarding servers pair The client certificate is verified, and in verification by negotiating communication private key with the client afterwards;S34:The SSL turns The communication data of the client, using the private key communication that communicates, is forwarded to Intranet service by hair server with the client Device is handled, and by the intranet server treated data feedback to the client.Below to of the present invention Method is described in detail.
S31:Increase hardware security module on the client, hardware security module described in client call obtains corresponding visitor Family end certificate.
Increase hardware security module on the client, the private key of client and certificate be stored in hardware security module, It can effectively prevent external attack and distort.The hardware security module is responsible for safely providing client certificate to client End.
Step S31 further comprises:After the client initialization SSL sockets connection (SSLSocket), connection is sent Request is receiving connection request response and the server that the SSL forwarding servers return to the SSL forwarding servers After certificate, the hardware security module is called to obtain corresponding client certificate.
Step S31 further comprises:When judging client certificate update, then according to updated client certificate in institute It states and client certificate matching is re-started in the certificate repository inside hardware security module.
Each client has a client certificate, increases hardware security module on the client, by calling hardware security Module matches corresponding public key certificate as client certificate, utilizes the strong spy of current mobile client processing capacity itself Point, in the work of the main authentication of client process, to reduce the load of server-side.Client end AP P no longer needs to consider Which kind of safety verification server uses, without manual configuration certificate.
S32:The client certificate that client obtains is sent to SSL forwarding servers.
SSL is a kind of security protocol that safety and data integrity are provided for network communication, and SSL connects network in transport layer It connects and is encrypted.Ssl protocol ensures that data are not stolen or distort in transmission process, it is ensured that the confidentiality of confidential information, it is complete Whole property and reliability.By integrating SSL and HSM, realize that slave device arrives the data safety of transmission process in itself.It can be with self-defining character The security providers of Java Security Provider standards are closed, SSL secure communication protocols is realized, meets existing specification, make The scheme of obtaining is easy-to-use, safety.
S33:The SSL forwarding servers verify the client certificate, and verification by afterwards with the visitor Family end negotiates communication private key.
It is authenticated verifying the legitimacy of client to client certificate by SSL forwarding servers;Server end without Exclusively carry out the safety verification of certificate.
As optional embodiment, the method for the invention further comprises:Initialize the SSL forwarding servers.
S34:The SSL forwarding servers are communicated with the client using the private key that communicates, by the client Communication data is forwarded to intranet server and is handled, and by the intranet server treated data feedback to the client End.
Wherein, the SSL forwarding servers are in same communication network with the intranet server.Client call hardware is pacified It is inside client that full module, which obtains client certificate,;Communication data between SSL forwarding servers and intranet server passes Defeated is same communication network, such as in the secure networks such as LAN;Communication between client and SSL forwarding servers, makes It is communicated with communication private key using SSL encryption, ensure that the safety of entire communication process.
Each sequence diagram of the present invention is given below, to be further explained explanation to the present invention.Wherein, Fig. 4 is client Communication sequential chart between server end;Fig. 5 is client call hardware security module code sequence diagram, wherein, Provider is java security providers, WizarJCE is intelligent silver-colored security extension bag, SSLContext be SSL contexts, SSLContextImpl be SSL contexts realize, SSLSocketFactoryImpl be SSL sockets factory realize, SSLSocketImpl realizes for SSL sockets;Fig. 6 initializes sequence diagram for SSL forwarding servers, wherein, socketServer For socket middleware, TrustManagerFactory be trust library management factory, Acceptor be socket receiver, ChannelInitallizer is socket pipeline tickler, ChannelPipeline is socket pipeline;Fig. 7 is client Hardware security module is called to obtain client certificate, carrying out ssl protocol with preposition SSL forwarding servers shakes hands sequence diagram, In, AppOutputStream be client output stream, SSLSocketImpl be SSL sockets realize, ClientHandshaker is client hand shake procedure, HSMInterface be hardware security module interface, CertificateMsg is certificate message program, HandshakeOutputStream is output stream of shaking hands;Fig. 8 is preposition SSL forwarding servers start normal communication sequence diagram after trusting client, wherein, OutputRecord is message output record journey Sequence, OutputStream flow for output.Can be seen that the present invention by above-mentioned sequence diagram can prevent data from being stolen by disabled user It takes, ensures information safe transmission on the internet;Device certificate can be prevented to be illegally modified, ensure the private key safety of equipment; Meanwhile a secure communication standard based on HSM is provided, specification protocol uses, and promotes the software of different manufacturers and has compatibility And it can quickly develop, can be performed on different hardware and software platforms and be accepted extensively by the whole world.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art Member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications also should be regarded as Protection scope of the present invention.

Claims (7)

1. a kind of communication system based on hardware security module, which is characterized in that including hardware security module, SSL forwarding services Device and intranet server;
The hardware security module is set on the client, for matching corresponding client certificate when by client call To the client;The hardware security module is using the public key certificate that it is stored as client certificate;
The SSL forwarding servers, for the verification for carrying out client certificate and in verification by consulting afterwards with the client Go out the private key that communicates, the SSL forwarding servers are communicated with the client using the private key that communicates afterwards, by the client Communication data be forwarded to intranet server and handled and by the intranet server treated data feedback to described Client, wherein the SSL forwarding servers are in same communication network with the intranet server.
2. system according to claim 1, which is characterized in that after the client initialization SSL sockets connection, send Connection request is receiving connection request response and the clothes that the SSL forwarding servers return to the SSL forwarding servers It is engaged in after device certificate, the hardware security module is called to obtain corresponding client certificate.
3. system according to claim 1 or 2, which is characterized in that the hardware security module is further used for judging Client certificate update when, then according to updated client certificate in the certificate repository inside the hardware security module again Carry out client certificate matching.
4. a kind of communication means based on hardware security module, which is characterized in that including:
(1) hardware security module is increased on the client, hardware security module described in client call obtains corresponding client Certificate;The hardware security module is using the public key certificate that it is stored as client certificate;
(2) client certificate that client obtains is sent to SSL forwarding servers;
(3) the SSL forwarding servers verify the client certificate, and in verification by being assisted afterwards with the client Business goes out the private key that communicates;
(4) the SSL forwarding servers are communicated with the client using the private key that communicates, by the communication number of the client It is handled according to intranet server is forwarded to, and by the intranet server treated data feedback to the client, Described in SSL forwarding servers and the intranet server be in same communication network.
5. according to the method described in claim 4, it is characterized in that, the method is further included:Initialize the SSL forwardings Server.
6. according to the method described in claim 4, it is characterized in that, the step (1) further comprises:The client is initial After changing the connection of SSL sockets, connection request is sent to the SSL forwarding servers, is returned receiving the SSL forwarding servers After the connection request response returned and server certificate, the hardware security module is called to obtain corresponding client certificate.
7. the method according to claim 4 or 6, which is characterized in that the step (1) further comprises:
When judging client certificate update, then the card according to updated client certificate inside the hardware security module Client certificate matching is re-started in stack room.
CN201510418539.3A 2015-07-16 2015-07-16 Communication system and communication means based on hardware security module Active CN105119894B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510418539.3A CN105119894B (en) 2015-07-16 2015-07-16 Communication system and communication means based on hardware security module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510418539.3A CN105119894B (en) 2015-07-16 2015-07-16 Communication system and communication means based on hardware security module

Publications (2)

Publication Number Publication Date
CN105119894A CN105119894A (en) 2015-12-02
CN105119894B true CN105119894B (en) 2018-05-25

Family

ID=54667784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510418539.3A Active CN105119894B (en) 2015-07-16 2015-07-16 Communication system and communication means based on hardware security module

Country Status (1)

Country Link
CN (1) CN105119894B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107370778B (en) 2016-05-11 2020-06-30 阿里巴巴集团控股有限公司 Method and system for starting application
CN107566393A (en) * 2017-09-26 2018-01-09 山东浪潮商用系统有限公司 A kind of dynamic rights checking system and method based on trust certificate
CN107888582A (en) * 2017-11-07 2018-04-06 湖南中车时代通信信号有限公司 The system and method that a kind of APP softwares penetrate railway Intranet
EP3648430B1 (en) * 2018-11-05 2021-06-02 Wincor Nixdorf International GmbH Hardware security module
CN110417726B (en) 2019-05-27 2021-08-24 腾讯科技(深圳)有限公司 Key management method and related equipment
CN111628976B (en) * 2020-05-15 2022-06-07 绿盟科技集团股份有限公司 Message processing method, device, equipment and medium
CN113301034A (en) * 2021-05-17 2021-08-24 浪潮金融信息技术有限公司 Socket-based communication method, system and medium for internal and external networks
CN113904767A (en) * 2021-09-29 2022-01-07 深圳市惠尔顿信息技术有限公司 System for establishing communication based on SSL

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010078755A1 (en) * 2009-01-12 2010-07-15 中兴通讯股份有限公司 Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof
CN102811224A (en) * 2012-08-02 2012-12-05 天津赢达信科技有限公司 Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection
CN104170312A (en) * 2011-12-15 2014-11-26 英特尔公司 Method and device for secure communications over a network using a hardware security engine

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011120421A1 (en) * 2010-03-31 2011-10-06 北京飞天诚信科技有限公司 Method for implementing encryption engine

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010078755A1 (en) * 2009-01-12 2010-07-15 中兴通讯股份有限公司 Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof
CN104170312A (en) * 2011-12-15 2014-11-26 英特尔公司 Method and device for secure communications over a network using a hardware security engine
CN102811224A (en) * 2012-08-02 2012-12-05 天津赢达信科技有限公司 Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection

Also Published As

Publication number Publication date
CN105119894A (en) 2015-12-02

Similar Documents

Publication Publication Date Title
CN105119894B (en) Communication system and communication means based on hardware security module
US8904178B2 (en) System and method for secure remote access
US11271730B2 (en) Systems and methods for deployment, management and use of dynamic cipher key systems
US7584505B2 (en) Inspected secure communication protocol
US20080301433A1 (en) Secure Communications
CN108111301A (en) The method and its system for realizing SSH agreements are exchanged based on rear quantum key
CN109088870A (en) A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform
US11736304B2 (en) Secure authentication of remote equipment
CN111615105B (en) Information providing and acquiring method, device and terminal
CN108418691A (en) Dynamic network identity identifying method based on SGX
CN103229452A (en) Mobile handset identification and communication authentication
CN107659406A (en) A kind of resource operating methods and device
CN111756529B (en) Quantum session key distribution method and system
CN1977559B (en) Method and system for protecting information exchanged during communication between users
CN113411187B (en) Identity authentication method and system, storage medium and processor
CN111756528B (en) Quantum session key distribution method, device and communication architecture
CN102025748A (en) Method, device and system for acquiring user name of Kerberos authentication mode
US20060053288A1 (en) Interface method and device for the on-line exchange of content data in a secure manner
KR102128244B1 (en) Ssl/tls based network security apparatus and method
CN113904767A (en) System for establishing communication based on SSL
KR20010079161A (en) The equipment authentication and communication encryption key distribution method in a wireless local area network environments
CN116633530A (en) Quantum key transmission method, device and system
JP2008152737A (en) Service provision server, authentication server, and authentication system
WO2023151427A1 (en) Quantum key transmission method, device and system
JP2006121440A (en) Medical system, medical data management method and communications program for medical data management

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant