CN106302482A - A kind of browser-cross uses hardware encryption medium data safe transmission system and method - Google Patents
A kind of browser-cross uses hardware encryption medium data safe transmission system and method Download PDFInfo
- Publication number
- CN106302482A CN106302482A CN201610695183.2A CN201610695183A CN106302482A CN 106302482 A CN106302482 A CN 106302482A CN 201610695183 A CN201610695183 A CN 201610695183A CN 106302482 A CN106302482 A CN 106302482A
- Authority
- CN
- China
- Prior art keywords
- data
- browser
- encryption
- medium
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
One browser-cross of the present invention uses hardware encryption medium data safe transmission system and method, including the data deciphering terminal unit connected by network and data ciphering terminal equipment, it is characterized in that, described data encryption terminal unit includes customer end A, hardware encryption medium, and data encryption module, described data deciphering terminal unit includes customer end B, hardware decryption medium, and data decryption module, provide a kind of unified method and disposably realize the mutual of non-IE kernel browser and operating system, and security performance more preferably browser-cross data safe transmission system and method.
Description
Technical field
The present invention relates to Computer Applied Technology field, particularly relate to a kind of browser-cross and use hardware encryption medium data
Secure transmission system and method.
Background technology
The at present browser of main flow, as Microsoft Internet Explorer, Google Chrome, Mozilla,
Firefox, 360 secure browsers etc., needs use authentication, digital signature, application mandate, e-Bank payment etc. independent of
During specific function beyond browser, need to use browser plug-in technology and realize.
ActiveX plug-in part technology is the most general software engineering based on windows platform.ActiveX control is
Some component softwares or object, can insert it in WEB webpage or other application program.The extension merit of many browsers
Can, if the function such as Flash, Net silver is all to provide with the form of ActiveX control.And ACTIVEX control only has IE kernel
It is preferably supported by browser, rather than IE kernel browser acquiescence is not support the control of this form such as:
Chrome, firefox etc., be unfavorable for the mutual of browser and operating system.
Such as, notification number is the Chinese invention patent application of CN 102946314 A, entitled " a kind of slotting based on browser
The client-side user identity authentication method of part ", " it specifically includes following steps: step 1. user end to server asks body
Part certification;Step 2. client browser loads browser plug-in, and browser plug-in carries out initializing and to load external hardware close
Decoding apparatus, after external hardware encryption device loads, browser plug-in obtains digital certificate therein and cryptographic algorithm, and uses close
Server info is signed by code algorithm;Step 3. browser plug-in returns digital certificate and signature value to browser, browses
Device will return after digital certificate and signature value submit to server.By arranging browser plug-in on a web browser so that clear
Device of looking at can run specific cryptographic algorithm, improves the safety and efficacy of client user's authentication, and it is outside hard
Cryptographic algorithm and certificate in part encryption device can the most arbitrarily select." this is that present most of company is general
Plug-in part technology, but the browser that plug-in unit can only be IE kernel could use, rather than IE kernel browser acquiescence be not support
The control of this form.And this technology has merely related to authentication.
A lot of developers are in order to enable to support ACTIVEX control in the browser of non-IE kernel before, employ NPAPI and connect
The plug-in part technology of mouth, calls ACTIVEX control by the plug-in unit of NPAPI interface.Because for NPAPI interface safety and
The deficiency of stability makes the developer of numerous non-IE kernel browser select do not support or will not support this interface, so
Prior art has and is difficult to the shortcomings such as unified and unstable.
On the other hand, ActiveX control there may exist leak, and hacker may utilize the leak of ActiveX and carries out ActiveX
Operation in control extent of competence.General, ActiveX control and browser kernel (such as IE kernel) operate in same enter
In journey (i.e. browser process).The authority of browser process own is higher, read-write file, layout internal memory, carries out network service very
To reading and writing registration table.Once there is leak in ActiveX control, it is possible to is utilized to be written and read file, cloth intra-office by hacker
The senior limiting operation such as deposit, reach to control the purpose of subscriber computer.
Summary of the invention
The technical problem to be solved is for the above-mentioned problems in the prior art, it is provided that one is united
The method of one disposably realizes the mutual of non-IE kernel browser and operating system, and more preferably a kind of browser-cross of security performance
Use hardware encryption medium data safe transmission system and method.
For solving the problems referred to above, a kind of technical scheme of the present invention is:
A kind of browser-cross uses hardware encryption medium data safe transmission method, including the data deciphering connected by network eventually
End equipment and data ciphering terminal equipment, it is characterised in that described data encryption terminal unit includes that customer end A, hardware add
Close medium, and data encryption module, described data deciphering terminal unit includes customer end B, hardware decryption medium, and number
According to deciphering module;
Described data encryption module, carries out communication by communications protocol and described customer end A, adds in order to call data
Close medium is encrypted.
Described data decryption module, carries out communication, in order to call number by communications protocol and described customer end B
It is decrypted according to decrypting media.
As preferably, described data encryption module and/or the service that described data decryption module is a kind of socket
Program.
As preferably, described communications protocol is socket communication agreement.
As preferably, described hardware encryption device or hardware decryption equipment include the password corresponding with described cryptographic algorithm
Chip or independent process chip.
A kind of browser-cross uses hardware encryption medium to carry out data safe transmission method, comprises the following steps:
The most described customer end A obtains the protocol package being assembled into agreement by content to be encrypted by browser A;
Described protocol package is sent to data encryption module by S102. described browser A, waits described data encryption module
Return;
S103. described data encryption module obtains content to be encrypted after receiving protocol package, calls hardware encryption simultaneously
Medium calls AES and is encrypted;
The content encrypted is become protocol package, concurrently according to the protocol packing of agreement by S104. described data encryption module again
Give described browser A;
S105. described browser A obtains ciphertext.
As further, further comprising the steps of:
The ciphertext that the most described customer end B is sent by the browser A described in browser B reception;
Ciphertext is sent to described data decryption module by S202. described browser B, waits that described data decryption module returns;
S203., after described data decryption module receives protocol package, call hardware decryption medium simultaneously and call and described encryption
The corresponding decipherment algorithm of algorithm is decrypted;
Content after deciphering is become protocol package, concurrently according to the protocol packing of agreement by S204. described data encryption module again
Give described browser B.
As preferably, described browser A and browser B is the browser of any windows platform.
As preferably, described AES and decipherment algorithm are sm2 or RSA.
Being compared to prior art, the present invention possesses following advantage:
Data encryption module of the present invention and data decryption module, be service routine based on Socket, be registered as windows
The service of platform, realizes browser mutual of non-IE kernel by service routine as middleware.The present invention is with service
Mode substitutes ActiveX control and browser interacts, and solves verification incompatible the asking of ActiveX control in non-IE
All browsers all can be used a set of code, it is not necessary to develop targetedly, it is not necessary to worry that the compatibility of each version browser is asked by topic
Topic.The subsidiary encrypt or decrypt functions of service routine, it is not necessary to realize encrypting and decrypting by calling ActiveX control again, decrease because of
Use leak and the risk brought that ActiveX control exists, further increase safety.
Accompanying drawing explanation
Fig. 1 is principle of the invention schematic diagram.
Detailed description of the invention
Further describe the present invention with embodiment below in conjunction with the accompanying drawings, but protection scope of the present invention is not limited to
This.
With reference to Fig. 1, one browser-cross of the present invention uses hardware encryption medium data safe transmission method, including by net
The data deciphering terminal unit of network connection and data ciphering terminal equipment, it is characterised in that described data encryption terminal unit
Including customer end A, hardware encryption medium, and data encryption module, described data deciphering terminal unit include customer end B,
Hardware decryption medium, and data decryption module;Described data encryption module, by communications protocol and described customer end A
Carry out communication, be encrypted in order to call data encryption medium.Described data decryption module, by communications protocol and institute
The customer end B stated carries out communication, is decrypted in order to call data deciphering medium.Described data encryption module and/or
Described data decryption module is the service routine of a kind of socket.Described communications protocol is socket communication agreement.Described
Hardware encryption device or hardware decryption equipment include the crypto chip corresponding with described cryptographic algorithm or independent process chip.
A kind of browser-cross uses hardware encryption medium to carry out data safe transmission method, comprises the following steps:
The most described customer end A obtains the protocol package being assembled into agreement by content to be encrypted by browser A;
Described protocol package is sent to data encryption module by S102. described browser A, waits described data encryption module
Return;
S103. described data encryption module obtains content to be encrypted after receiving protocol package, calls hardware encryption simultaneously
Medium calls AES and is encrypted;
The content encrypted is become protocol package, concurrently according to the protocol packing of agreement by S104. described data encryption module again
Give described browser A;
S105. described browser A obtains ciphertext.
Further comprising the steps of:
The ciphertext that the most described customer end B is sent by the browser A described in browser B reception;
Ciphertext is sent to described data decryption module by S202. described browser B, waits that described data decryption module returns;
S203., after described data decryption module receives protocol package, call hardware decryption medium simultaneously and call and described encryption
The corresponding decipherment algorithm of algorithm is decrypted;
Content after deciphering is become protocol package, concurrently according to the protocol packing of agreement by S204. described data encryption module again
Give described browser B.
Described browser A and browser B is the browser of any windows platform.Described AES and deciphering are calculated
Method is sm2 or RSA.
In addition, the hardware encryption medium mentioned in the present invention and hardware decryption medium, refer to by dedicated encrypted core
Sheet or independent process chip etc. realize crypto-operation.By encryption chip, proprietary electron key, hard disk one_to_one corresponding to together
Time, encryption chip will carry out encryption chip information, proprietary key information, hard disk information correspondence and do cryptographic calculation, write simultaneously
Enter the primary partition table of hard disk.At this moment encryption chip, proprietary electron key, hard disk just bind together.After encryption, hard disk is such as
Fruit departs from corresponding encryption chip and electron key, on computers with regard to None-identified subregion, more cannot obtain any data.
As other embodiments of the present invention, data encryption module of the present invention and data decryption module are as service routine
Use Socket agreement, it is also possible to call ACTIVEX control by service routine, or spread can carry out I/O operation or
Call windowsAPI and carry out the various operation wanted.Suitable encryption can be made when webpage and widget interaction to ensure simultaneously
The safety of this way.
Present invention could apply to encrypt multiple fields such as file transmission, authentication, data signature, application mandate, this
Hardware encryption medium and the hardware decryption medium of invention can replace to different programs according to demand.Below with regard to the reality of the present invention
Execute example to do and illustrate further, but not as the restriction to technical solution of the present invention.
In one embodiment of the invention, as a example by encrypted transmission, it is respectively directed to this with customer end A and customer end B
The bright step that implements applied in the case of browser page and client is illustrated.
Described data encryption module and data decryption module are browser page program, with the encrypting step of customer end A
As a example by be illustrated,
1) customer end A starts page initialization, creates websocket object and also binds local IP and port;
2) inputting original text A to be encrypted, A is spliced into request message B, message B is to the machine IP in transmission, waits result to be returned
3) if returning mistake, then operation mistake is pointed out;Otherwise, resolve the Websocket message that receives, close after being encrypted
Ciphertext data are sent to customer end B by literary composition.
Again by described data encryption module and data decryption module be desktop data encrypt, with the encryption of customer end A
It is illustrated as a example by step,
1) socket server object A is created;
2) if bundling port failure or the connection failure of monitoring application, then error code is returned;
3) create socket object B, wait to be connected, connecting object is assigned to B, wait data C to be received;If reception data
Failure, then return error code;
4) by data C resolve obtain plaintext data D, D is encrypted and obtains ciphertext E by CALL hardware interface, send E to
Socket connecting object
Described data encryption module and data decryption module are browser page program, as a example by the decryption step of customer end B
It is illustrated,
1) customer end B starts page initialization, creates websocket object and also binds local IP and port;
2) ciphertext A to be decrypted to be received such as the customer end B described in,
3) receiving A and A is spliced into request message B, message B is to the machine IP in transmission, waits result to be returned
4) if returning mistake, then operation mistake is pointed out;Otherwise, resolve the Websocket message that receives, bright after being deciphered
Literary composition, shows cleartext information.
Described data encryption module and data decryption module are desktop data encipheror, walk with the deciphering of customer end B
It is illustrated as a example by Zhou,
1) socket server object A is created
2) if bundling port failure or the connection failure of monitoring application, then error code is returned;
3) creating socket object B, wait to be connected, connecting object is assigned to B, receive data C, losing if receiving data
Lose, then return error code;
4) resolving data and obtain ciphertext data D, D is decrypted and obtains E in plain text by CALL hardware interface, sends E to socket even
Connect object.
As an alternative embodiment of the invention, as a example by authentication and signature process, with customer end A and customer end B
The step that implements being respectively directed to the present invention is illustrated.
1) create websocket object and bind local IP and port
2) inputting user name A, A is spliced into request message B, message B is to the machine IP in transmission, waits result to be returned;
3) if returning mistake, then point out operation mistake, otherwise resolve the Websocket message received, obtain result of signing, will
Signature result is sent to sign test server;
4) if sign test failure, then prompting authentication failure, otherwise authentication is successful.
Below only highly preferred embodiment of the present invention is described, but is not to be construed as limitations on claims.This
Invention is not limited only to above example, and all various changes made in the protection domain of independent claims of the present invention are all at this
In the protection domain of invention.
Claims (10)
1. browser-cross uses a hardware encryption medium data safe transmission system, including the data deciphering connected by network
Terminal unit and data ciphering terminal equipment, it is characterised in that described data encryption terminal unit includes customer end A, hardware
Encryption medium, and data encryption module, described data deciphering terminal unit includes customer end B, hardware decryption medium, and
Data decryption module.
2. the data encryption module described in, carries out communication, in order to call data by communications protocol and described customer end A
Encryption medium is encrypted.
3. the data decryption module described in, carries out communication, in order to call data by communications protocol and described customer end B
Decrypting media is decrypted.
4. use hardware encryption medium data safe transmission system according to claim 1 browser-cross, it is characterised in that institute
The data encryption module stated and/or the service routine that described data decryption module is a kind of socket.
5. using hardware encryption medium data safe transmission system according to claim 1 or 2 one kind of browser-cross, its feature exists
In, described communications protocol is socket communication agreement.
6. use hardware encryption medium data safe transmission system according to claim 1 browser-cross, it is characterised in that institute
State hardware encryption device or hardware decryption equipment includes the crypto chip corresponding with described cryptographic algorithm or independent process core
Sheet.
7. browser-cross uses a hardware encryption medium data safe transmission method, uses data as claimed in claim 1
Ciphering terminal equipment, comprises the following steps:
The most described customer end A obtains the protocol package being assembled into agreement by content to be encrypted by browser A;
Described protocol package is sent to data encryption module by S102. described browser A, waits described data encryption module
Return;
S103. described data encryption module obtains content to be encrypted after receiving protocol package, calls hardware encryption simultaneously
Medium calls AES and is encrypted;
The content encrypted is become protocol package, concurrently according to the protocol packing of agreement by S104. described data encryption module again
Give described browser A;
S105. described browser A obtains ciphertext.
8. use hardware encryption medium to carry out data safe transmission method according to claim 5 one kind, it is characterised in that to use such as
Data deciphering terminal unit described in claim 1, further comprising the steps of:
The ciphertext that the most described customer end B is sent by the browser A described in browser B reception;
Ciphertext is sent to described data decryption module by S202. described browser B, waits that described data decryption module returns;
S203., after described data decryption module receives protocol package, call hardware decryption medium simultaneously and call and described encryption
The corresponding decipherment algorithm of algorithm is decrypted;
Content after deciphering is become protocol package, concurrently according to the protocol packing of agreement by S204. described data encryption module again
Give described browser B.
9. use hardware encryption medium data safe transmission method according to claim 6 browser-cross, it is characterised in that institute
State the browser that browser A and browser B is any windows platform.
10. use hardware encryption medium data safe transmission method according to claim 6 browser-cross, it is characterised in that
Described AES and decipherment algorithm are sm2 or RSA.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610695183.2A CN106302482A (en) | 2016-08-22 | 2016-08-22 | A kind of browser-cross uses hardware encryption medium data safe transmission system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610695183.2A CN106302482A (en) | 2016-08-22 | 2016-08-22 | A kind of browser-cross uses hardware encryption medium data safe transmission system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106302482A true CN106302482A (en) | 2017-01-04 |
Family
ID=57661009
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610695183.2A Pending CN106302482A (en) | 2016-08-22 | 2016-08-22 | A kind of browser-cross uses hardware encryption medium data safe transmission system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106302482A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108733989A (en) * | 2017-04-19 | 2018-11-02 | 湖南鼎源蓝剑信息科技有限公司 | A kind of communication protocol encryption method for Android applications |
| CN109725935A (en) * | 2018-12-29 | 2019-05-07 | 广东亿迅科技有限公司 | A kind of integrated method and device of the peripheral hardware control shielding browser difference |
| CN111756532A (en) * | 2020-06-08 | 2020-10-09 | 西安万像电子科技有限公司 | Data transmission method and device |
| CN116846689A (en) * | 2023-09-01 | 2023-10-03 | 建信金融科技有限责任公司 | Financial business data transmission method, device, computer equipment and storage medium |
| CN111756532B (en) * | 2020-06-08 | 2024-06-07 | 西安万像电子科技有限公司 | Data transmission method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101686225A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Methods of data encryption and key generation for on-line payment |
| CN102118426A (en) * | 2009-12-31 | 2011-07-06 | 北大方正集团有限公司 | Network security payment terminal and network security payment method thereof |
| CN102413064A (en) * | 2010-09-25 | 2012-04-11 | 上海中标软件有限公司 | Browser control-based webmail signing encrypting method |
| CN104217173A (en) * | 2014-08-27 | 2014-12-17 | 武汉理工大学 | Method of encrypting data and files for browser |
-
2016
- 2016-08-22 CN CN201610695183.2A patent/CN106302482A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101686225A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Methods of data encryption and key generation for on-line payment |
| CN102118426A (en) * | 2009-12-31 | 2011-07-06 | 北大方正集团有限公司 | Network security payment terminal and network security payment method thereof |
| CN102413064A (en) * | 2010-09-25 | 2012-04-11 | 上海中标软件有限公司 | Browser control-based webmail signing encrypting method |
| CN104217173A (en) * | 2014-08-27 | 2014-12-17 | 武汉理工大学 | Method of encrypting data and files for browser |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108733989A (en) * | 2017-04-19 | 2018-11-02 | 湖南鼎源蓝剑信息科技有限公司 | A kind of communication protocol encryption method for Android applications |
| CN109725935A (en) * | 2018-12-29 | 2019-05-07 | 广东亿迅科技有限公司 | A kind of integrated method and device of the peripheral hardware control shielding browser difference |
| CN111756532A (en) * | 2020-06-08 | 2020-10-09 | 西安万像电子科技有限公司 | Data transmission method and device |
| CN111756532B (en) * | 2020-06-08 | 2024-06-07 | 西安万像电子科技有限公司 | Data transmission method and device |
| CN116846689A (en) * | 2023-09-01 | 2023-10-03 | 建信金融科技有限责任公司 | Financial business data transmission method, device, computer equipment and storage medium |
| CN116846689B (en) * | 2023-09-01 | 2023-12-26 | 建信金融科技有限责任公司 | Financial business data transmission method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10609560B2 (en) | Using derived credentials for enrollment with enterprise mobile device management services | |
| US11722465B2 (en) | Password encryption for hybrid cloud services | |
| US9509692B2 (en) | Secured access to resources using a proxy | |
| CN104113552B (en) | A kind of platform authorization method, platform service end and applications client and system | |
| US10397778B2 (en) | Computer network providing secure mobile device enrollment features and related methods | |
| CN104969201B (en) | For calling the safe interface of privileged operation | |
| CN105095696B (en) | Method, system and the equipment of safety certification are carried out to application program | |
| US10356084B2 (en) | Mobile device using shared digital certificate for different managed enterprise applications and related methods | |
| TW201707468A (en) | Transaction processing method and client based on trusted execution environment | |
| CA3112002C (en) | Application scripts for cross-domain applications | |
| EP4246892A2 (en) | Method and system for controlling the exchange of privacy-sensitive information | |
| WO2020068632A1 (en) | Systems and methods for bridge protocol between diverse applications | |
| CN110049032A (en) | A kind of the data content encryption method and device of two-way authentication | |
| JP2022525840A (en) | Systems and methods for pre-authentication of customer support calls | |
| CN111566619A (en) | Locally mapped accounts in virtual desktops | |
| CN106302482A (en) | A kind of browser-cross uses hardware encryption medium data safe transmission system and method | |
| US10262161B1 (en) | Secure execution and transformation techniques for computing executables | |
| US11750566B1 (en) | Configuring virtual computer systems with a web service interface to perform operations in cryptographic devices | |
| CN113785547B (en) | Safety transmission method and corresponding device for Profile data | |
| CN113949566B (en) | Resource access method, device, electronic equipment and medium | |
| Tamrakar et al. | On rehoming the electronic id to TEEs | |
| Schwartz et al. | OpenID connect | |
| Jung et al. | An architecture for virtualization-based trusted execution environment on mobile devices | |
| CN117910057A (en) | Operation method of trusted execution environment, computer architecture system and encrypted hard disk |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170104 |
|
| RJ01 | Rejection of invention patent application after publication |