CN106790090A - Communication means, apparatus and system based on SSL - Google Patents
Communication means, apparatus and system based on SSL Download PDFInfo
- Publication number
- CN106790090A CN106790090A CN201611206889.4A CN201611206889A CN106790090A CN 106790090 A CN106790090 A CN 106790090A CN 201611206889 A CN201611206889 A CN 201611206889A CN 106790090 A CN106790090 A CN 106790090A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- server
- client
- ssl
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention discloses a kind of communication means based on SSL, apparatus and system, it is related to communication technical field, main purpose be solve in the prior art security application program when client private key cannot be obtained, it is impossible to the problem of security protection is carried out to the communication data in secure connection.Main technical schemes of the invention include:Receive the security sockets SSL protocol handshake data bag that client sends;SSL handshake data bags are sent to key server, so that the key server is responded to the SSL handshake datas bag;Response message of the key server to the SSL handshake datas bag is received, and session key is generated according to the response message;The request of data that the client sends is decrypted using the session key, and verifies the security of data in the request of data.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of communication means based on SSL, apparatus and system.
Background technology
Hyper text transfer security protocol (Hyper Text Transfer Protocol over Secure Socket
Layer, HTTPS) it is HTTP passages with safety as target, the foundation for security of HTTPS is secure socket layer protocol (Secure
Sockets Layer, SSL), SSL utilizes data encryption technology, Logistics networks data transmission security.
During implementing, to ensure the safety of communication data, when client and server carry out data interaction,
The data in communication process can be encrypted using a SSL certificate;In order to further determine that the peace in data communication process
Entirely, can also carry out security protection by means of security application program, during security protection, client need by SSL certificate with
Client private key is sent to security application program, so as to security application program according to SSL certificate and client private key to encryption after
Data be decrypted, verify communication data safety.
But, for the client of some financial types, such as bank client, user is not intended to security application journey
Sequence provides the private key of client, causes security application program to get the data content of communication data, therefore cannot determine
Whether the communication data during secure connection is safe and legal.
The content of the invention
In view of this, the present invention is provided a kind of communication means based on SSL, apparatus and system, main purpose are to solve
Certainly in the prior art security application program when client private key cannot be obtained, it is impossible to the communication data in secure connection is carried out
The problem of security protection.
According to one aspect of the invention, the invention provides a kind of communication means based on SSL, methods described includes:
Receive the security sockets SSL protocol handshake data bag that client sends;
SSL handshake data bags are sent to key server, so that the key server is to the SSL handshake datas bag
Responded;
Response message of the key server to the SSL handshake datas bag is received, and is given birth to according to the response message
Into session key;
The request of data that the client sends is decrypted using the session key, and verifies the request of data
The security of middle data.
According to second aspect present invention, the invention provides a kind of communicator based on SSL, the device includes:
First receiving unit, the security sockets SSL protocol handshake data bag for receiving client transmission;
First transmitting element, the SSL handshake data bags for first receiving unit to be received are sent to key clothes
Business device, so that the key server is responded to the SSL handshake datas bag;
Second receiving unit, for sending to cipher key service the SSL handshake datas bag in first transmitting element
After device, response message of the key server to the SSL handshake datas bag is received;
Generation unit, the response message for being received according to second receiving unit generates session key;
Decryption unit, what the session key for being generated using second generation unit was sent to the client
Request of data is decrypted;
Authentication unit, verifies the security of data in the request of data after the decryption unit decryption.
According to third aspect present invention, the invention provides a kind of communication system based on SSL, the system includes:
Client, for sending security sockets SSL protocol handshake data bag to protection node;
The protection node, for receiving the SSL handshake data bags that the client sends, and by SSL handshake data bags
Send to key server;
The key server, for receiving the SSL handshake data bags that the protection node sends, and saves to the protection
Point sends the response message of the SSL handshake datas bag;
The protection node, is additionally operable to receive the response letter of the SSL handshake datas bag that the key server sends
Breath, session key is generated according to the response message, and the request of data that the client sends is entered using the session key
Row decryption, and verify the security of data in the request of data.
By the communication means based on SSL, apparatus and system that above-mentioned technical proposal, the present invention are provided, protection node connects
Receive the security sockets SSL protocol handshake data bag that client sends;SSL handshake data bags are sent to key server, with
Just key server is responded to SSL handshake data bags;Response message of the key server to SSL handshake data bags is received,
And session key is generated according to response message;The request of data that client sends is decrypted using session key, and is verified
The security of data in request of data;Compared with prior art, protection node of the present invention is in protection data communications security mistake
Cheng Zhong, without obtaining client private key, but is realized to SSL by means of the key server for specializing in user's storage client private key
The decryption of handshake data bag or signature, and then verify the data safety of SSL handshake data bag contents, it is ensured that data in secure connection
Safety.
Described above is only the general introduction of technical solution of the present invention, in order to better understand technological means of the invention,
And can be practiced according to the content of specification, and in order to allow the above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by specific embodiment of the invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows a kind of flow chart of communication means based on SSL provided in an embodiment of the present invention;
Fig. 2 shows a kind of block schematic illustration of data communication provided in an embodiment of the present invention;
Fig. 3 shows that the present invention implements a kind of client for providing with the interaction figure for protecting node to set up secure communication;
Fig. 4 shows that another client provided in an embodiment of the present invention sets up interacting for secure communication with protection node
Figure;
Fig. 5 shows a kind of composition frame chart of communicator based on SSL provided in an embodiment of the present invention;
Fig. 6 shows the composition frame chart of another communicator based on SSL provided in an embodiment of the present invention;
Fig. 7 shows a kind of composition frame chart of communication system based on SSL provided in an embodiment of the present invention;
Fig. 8 shows the composition frame chart of another communication system based on SSL provided in an embodiment of the present invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
Limited.Conversely, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
The embodiment of the present invention provides a kind of communication means based on SSL, as shown in figure 1, methods described includes:
101st, the security sockets SSL protocol handshake data bag that client sends is received.
The embodiment of the present invention can be applied to client and set up secure connection, and the process for being communicated with destination server
In, in secure connection communication process, the protection node that can be based on high in the clouds carries out security protection to the data in secure connection passage,
To protect node to launch to illustrate as executive agent, the protection node is located at server side to the embodiment of the present invention;Can not also position
In server side, but there is data interaction relation with server, illustrated as a example by protecting node to be located at high in the clouds below, but
It is, it is understood that, this kind of explanation mode is not intended to limit protects node to be only capable of being located at high in the clouds.
For the ease of the understanding to each node described in the embodiment of the present invention, the present invention below will be in exemplary fashion illustrated
The block schematic illustration of the data communication that embodiment is provided, as described in Figure 2, secure connection is set up in client and destination server
When, client needs to be shaken hands to destination server one secure socket layer protocol (Secure Socket Layer, SSL) of transmission
Packet, starts the session between client and destination server, can be included in the SSL handshake data bags that client sends
But herein below is not limited to, for example:Client random number, client support AES (symmetric cryptography and it is asymmetric plus
Close algorithm) content such as list;Server sends one after the SSL handshake data bags for receiving client transmission to client
The response data packet of SSL handshake data bags, can be including but not limited to herein below, such as in the corresponding data bag:Service
The information such as the session id of device random number, server public key and the unique session of ID.
To ensure the security of client, especially for the client that client type is government organs, financial transaction,
The security for transmitting data is particularly important, therefore, client is sending SSL handshake data bags to protection node, and is protected
After the response of node, client can be from data confidentiality and data integrity angle be ensured, it is determined that the data to sending are entered
Row encryption is signed.
During concrete application, to ensure the security and integrality of communication data, server can also be sent out to client
Server certificate is sent, the server certificate is decoded by Base64, result will be obtained and use ASN.1 said shanks, by server
Certificate is sent to client, and whether the legitimacy of the issuer of client validation server certificate, the term of validity and signature value are legal
Deng.Wherein, the detailed description of prior art is refer to about verifying the implementation process of certificate legitimacy, the embodiment of the present invention is herein
No longer repeated one by one.
It is Hyper text transfer security protocol (Hypertext that server sets up the agreement used during secure connection with client
Transfer Protocol Secure, HTTPS), in the embodiment of the present invention, relevant HTTPS's implements step, refer to
Related description of the prior art, the embodiment of the present invention is no longer repeated herein.
102nd, SSL handshake data bags are sent to key server, so that the key server is shaken hands number to the SSL
Responded according to bag.
Because protection node is not aware that client private key in advance, therefore, in embodiments of the present invention, by means of key clothes
Decryption/the signature to SSL handshake datas bag in client is realized in business device (third party's trusted servers).
Key server described in the embodiment of the present invention dedicated for storing the private key information of client, or, for right
Client random number, server random number are signed, client, server identity, the key server position is had verified that
In client-side, key server can't provide other service functions, for example, request of data response etc.;Also, it is not
Any network equipment can access the key server, access the premise of key server and be, based on client, the phase of server
Pass information, realizes authentication, and certification may have access to key server by rear.Please continue to refer to Fig. 2, be briefly given in Fig. 2
Interactive relation between key server and protection node, in specific implementation process, the key server can be included
But herein below is not limited to, cloudflare servers, the embodiment of the present invention is not limited the particular type of key server
It is fixed.
Protection node is the session key for generating SSL handshake data bags, and the SSL handshake data bags that will be received are sent to close
Key server, key server receives the SSL handshake data bags that protection node sends, and SSL handshake data bags are decrypted
Or signature, and the SSL handshake data bags after decryption or signature are sent to protection node, perform step 103.Actually should
During, the authority of client private key is not obtained due to protection node, therefore, connect with the safety of server in client
In termination process, protection node need to realize the exchange of key by key server.
103rd, response message of the key server to the SSL handshake datas bag is received, and according to the response letter
Breath generation session key.
Protection node has two kinds of generating modes when session key is generated, and both generating modes correspond to what is received
SSL handshake data bags are encryption types, or signature type.No matter generation session key is according to which type of handshake data
Bag generation, the necessary and sufficient condition of protection node generation session key is the life that generation parameter must generate session key with client
Identical into parameter, its reason is that the session key described in the embodiment of the present invention is symmetric key, in a session,
The response message that the solicited message that client sends sends with server can be encrypted using the session key, to ensure number
According to security.Exemplary, it is assumed that the generation parameter of client generation session key is included:Parameter 1, parameter 2, parameter 3,
So, when session key is generated, its generation parameter is also parameter 1, parameter 2, parameter 3 to protection node.The embodiment of the present invention pair
The generation parameter for generating session key is not especially limited.
104th, the request of data that the client sends is decrypted using the session key, and verifies the data
The security of data in request.
After protection node generation session key, each packet to being sent between client and destination server enters
The checking of row Information Security, to safeguard network data security.In specific implementation process, whether data in checking request of data
Safety, for example, checking data are in checking data with the presence or absence of data (fallacious message such as wooden horse, virus, binding data) are attacked
It is no to there is SQL injection etc..
If the data in checking request of data are secure data, node is protected to carry out request of data square, if checking number
It is malicious data according to the data in request, protection node is intercepted request of data, to ensure the transmission safety of network data.
As the optional implementation of the embodiment of the present invention, when the data in protecting node to determine request of data are malicious data, enter
One step determines the malice grade of data, if malice is higher ranked, disconnects the secure connection with destination service, or even forbid client
All network access at end;If malice grade is relatively low, this data access to destination server is intercepted.
Communication means based on SSL provided in an embodiment of the present invention, protection node receives the safe socket that client sends
Layer protocol SSL handshake data bags;SSL handshake data bags are sent to key server, so that key server is shaken hands number to SSL
Responded according to bag;Response message of the key server to SSL handshake data bags is received, and it is close to generate session according to response message
Key;The request of data that client sends is decrypted using session key, and verifies the security of data in request of data;With
Prior art is compared, and node is protected described in the embodiment of the present invention during data communications security is protected, without obtaining client
Private key, but realized to the decryption of SSL handshake data bags by means of the key server for specializing in user's storage client private key or
Signature, and then verify the data safety of SSL handshake data bag contents, it is ensured that the safety of data in secure connection.
In specific implementation process, the peace that the embodiment of the present invention is set up between client and protection node using two ways
Full communication, one kind is cipher mode, and one kind is signature scheme, and following examples can be said to above two secure communication respectively
It is bright.But, it is understood that, client and protection node set up mode that secure communication is connected not merely comprising above-mentioned two
The mode of kind.
First way:By encrypting and decrypting mode, the secure communication of client and protection node is set up.
Illustrated by taking RSA cryptographic algorithms (RSA algorithm) as an example, it is exemplary, as shown in figure 3, Fig. 3 shows
The present invention implements a kind of client for providing with the interaction figure for protecting node to set up secure communication.Client sends to protection node
Hello information, carries the AES list that client random number and client are supported in the hello information;Protection section
Point receives hello information, and to contents, client such as the server random number of client return, server public key and session ids
The first character section of 48byte, is arranged to major version number by the pre- master key of the random generation 48byte in end, and second byte is set
Into secondary version number, and pre- master key and server public key are encrypted with the private key of RSA cryptographic algorithms, by the pre-master after encryption
Key and server public key pass to protection node, and the decruption key of pre- master key and server public key is sent to cipher key service
Device is stored.Key server is parsed after SSL handshake data bags are received to it, and the pre-master obtained after encryption is close
Key and server public key, do not know the decruption key of pre-master key and server public key due to protection node, accordingly, it would be desirable to will add
Pre- master key and server public key after close are forwarded to key server, sent according to client so as to key server with plus
Pre- master key and the corresponding decruption key of server public key after close are decrypted.During implementing, except rsa encryption
Outside algorithm, the AES of client can also include:Elgamal, knapsack algorithm, Rabin, HD, ECC (elliptic curve cryptographies
Algorithm) etc., specifically, the embodiment of the present invention is not limited the particular type of AES.
After key server is to pre-master secret key decryption, the pre-master after encrypted tunnel returns to decryption to protection node is close
Key, the i.e. pre- master key of plaintext;After protection node obtains pre- master key in plain text, according to client random number, server random number and
Pre- master key generates session key, completes SSLs of the HTTPS without private key and shakes hands.
The second way:By encrypting and decrypting mode, the secure communication of client and protection node is set up.
Illustrated by taking Diffie-Hellman algorithms (DH algorithms) as an example, as shown in figure 4, Fig. 4 shows that the present invention is real
Another client for applying example offer sets up the interaction figure of secure communication with protection node.Client is generating a random number
Afterwards, it is placed in SSL handshake data bags, protection node is parsed to SSL handshake data bags, obtains SSL handshake datas
Client random number in bag;Meanwhile, protection node sends to client server random number, server public key and session id
End;Protection node sends to key server client random number, server public key, server random number DH parameters, by close
Key server is preset to client random number, server public key, server random number, server using the key weapon private key that flips
Signature parameter (server DH parameters) is signed, and after key server is signed, key server is signed and taken
Business device DH parameters are sent to client;Client receives the server DH parameters that protection node sends, and is joined according to server DH
Number and the preset signature parameter (client DH parameters) of client generate pre- master key, also, client according to client random number,
Server random number and pre- master key generation session key.
Described above is the explanation carried out by taking DH algorithms as an example, however, it should be clear that when signature is performed, can also adopt
With but be not limited to Message Digest Algorithm 5 (Message Digest Algorithm, MD5), Secure Hash Algorithm
(Secure Hash Algorithm, SHA) etc., specifically, the embodiment of the present invention is not construed as limiting to signature algorithm.
During implementing, client after pre- master key is generated, by pre- master key server public key to pre-master
Key is encrypted, and sends it to protection node;Protection node receives the pre- master key after the encryption that client sends, and uses
Privacy key to encryption after pre- master key be decrypted, obtain pre- master key.Protection node is additionally operable to receive client hair
The client DH parameters sent, and session key is generated according to server random number, client random number and pre- master key.So with
Come, client generates session key when session key is generated using server random number, client random number and pre- master key,
Protection node equally generates session when session key is generated using server random number, client random number and pre- master key
Key, therefore so that the session key of client is consistent with the session key of protection node.
Further, it is the security of data in secure connection between determination client and destination server, when it is determined that institute
After stating the data safety in request of data, ask to be encrypted using session key data, and the request of data after encryption is sent out
Destination server is delivered to, to ensure the security of request of data data transfer between protection node and destination server.Equally
, when client sends next data to protection node asks, it is still desirable to request of data is carried out using session key
Encryption;It is using the request of data after session key and close using session that protection node receives the client of client transmission
Key is decrypted to request of data, has verified that the safety of data in request of data.
In embodiments of the present invention, the protection node also effect with reverse proxy, mesh is received in protection node
After mark server is responded to the request of data of client, response message is stored, in order to follow-up other clients
During the request identical content of end, response contents can be locally directly obtained from protection node, and be sent to client, improve response
The request efficiency of client.
As another implementation of the embodiment of the present invention, the data peace in protection node determines the request of data
Quan Hou, the corresponding response message of the request of data it is determined that whether protection node is locally stored with, however, it is determined that be locally stored
The corresponding response message of request of data is stated, the request of data is responded.
Further, as the refinement to above-described embodiment, performed in step 102 and send to close SSL handshake data bags
During key server, following methods realization can be used but be not limited to, for example:Send to set up to connect to the key server and ask
Ask;The CertPubKey set up comprising protection node in connection request, so that the key server is based on protection node
CertPubKey carries out authentication;When the authentication that protection node receives the key server transmission successfully notifies to disappear
Breath, sets up with the key server and communicates to connect;Held to the key server transmission SSL based on described communication connection
Hand packet.
Further, as the realization to method shown in above-mentioned Fig. 1, another embodiment of the present invention additionally provides one kind and is based on
The communicator of SSL.The device embodiment is corresponding with preceding method embodiment, and for ease of reading, present apparatus embodiment is no longer right
Detail content in preceding method embodiment is repeated one by one, it should be understood that the device in the present embodiment can be corresponded in fact
Full content in existing preceding method embodiment.
The embodiment of the present invention provides a kind of communicator based on SSL, as shown in figure 5, described device includes:
First receiving unit 21, the security sockets SSL protocol handshake data bag for receiving client transmission;
First transmitting element 22, the SSL handshake data bags for first receiving unit 21 to be received are sent to close
Key server, so that the key server is responded to the SSL handshake datas bag;
Second receiving unit 23, for sending to key the SSL handshake datas bag in first transmitting element 22
After server, response message of the key server to the SSL handshake datas bag is received;
Generation unit 24, the response message generation session for being received according to second receiving unit 23 is close
Key;
Decryption unit 25, the session key for being generated using second generation unit 24 is sent out the client
The request of data sent is decrypted;
Authentication unit 26, verifies the security of data in the request of data after the decryption of decryption unit 25.
Further, as shown in fig. 6, first transmitting element 22 includes:
Parsing module 221, for being parsed to the SSL handshake datas bag;
Acquisition module 222, after being parsed in 221 pairs of SSL handshake datas bags of the parsing module, obtains
Pre- master key after encryption;
First sending module 223, for the pre- master key after the encryption that obtains the acquisition module 222 send to
The key server, so as to the key server to the encryption after pre- master key be decrypted.
Further, second receiving unit 23, is additionally operable to receive the key server based on encrypted tunnel transmission
Decryption after pre- master key;
Further, as shown in fig. 6, the generation unit 24 includes:
Acquisition module 241, for obtaining the client random number included in the SSL handshake datas bag;
First generation module 242, for the institute that the pre- master key after according to the decryption, the acquisition module 241 are obtained
State client random number and server random number generation session key.
Further, as shown in fig. 6, first transmitting element 22 includes:
Parsing module 224, for being parsed to the SSL handshake datas bag;
Acquisition module 225, for after 224 pairs of SSL handshake datas bags of the parsing module are parsed, obtaining institute
State the client random number included in SSL handshake data bags;
Second sending module 226, for the client random number, the server random number that obtain the acquisition module
And server public key is sent to the key server, so as to the key server using key server private key to the visitor
Family end random number, the server random number and the server public key are signed.
Further, second receiving unit 23, is additionally operable to receive the key clothes that the key server sends
Business device signature.
Further, as shown in fig. 6, described device also includes:
Second transmitting element 27, for receiving response message of the key server to the SSL handshake datas bag
Afterwards, send the preset signature parameter of server to the client and the key server is signed, so as to the client root
Pre- master key is generated according to the preset signature parameter of the server, key server signature and the preset signature parameter of client;
3rd transmitting element 28, for sending server random number to the client, so that the client is according to institute
State server random number, client random number and the pre- master key generation session key;
3rd receiving unit 29, for receiving the preset signature parameter of client that the client sends.
Further, as shown in fig. 6, the generation unit 24 includes:
Receiver module 243, for receiving the described pre- master key that the client sends;The pre- master key is the visitor
Family end group is in the pre- master key after server public key encryption;
Deciphering module 244, it is close for the pre-master after the encryption that is received to the receiver module 243 using privacy key
Key is decrypted, and obtains the pre- master key;
Second generation module 245, for according to the server random number, the client random number and the decryption mould
Described pre- master key after block 244 is decrypted generates session key.
Further, as shown in fig. 6, described device also includes:
4th transmitting element 210, for verifying the request of data in the authentication unit 26 in data security, and
Determine after the data safety in the request of data, then send to destination server the request of data, so as to the mesh
Mark server is responded to the request of data.
Determining unit 211, for when it is determined that during data safety in the request of data, it is determined that locally whether storing
State the corresponding response message of request of data;
Response unit 212, for determining the corresponding response letter of the request of data has been locally stored when the determining unit
During breath, the request of data is responded.
Further, as shown in fig. 6, the decryption unit 25 includes:
Receiver module 251, for receiving the request of data that the client sends, the request of data is used for client
Request after the session key;
Deciphering module 252, for being decrypted to the request of data using the session key.
Further, the embodiment of the present invention provides a kind of communication system based on SSL, as shown in fig. 7, the system bag
Include:
Client 31, for sending security sockets SSL protocol handshake data bag to protection node 32;
The protection node 32, the SSL handshake data bags for receiving the transmission of the client 31, and SSL is shaken hands number
Sent to key server according to bag;
The key server, for receiving the SSL handshake data bags that the protection node 32 sends, and to the protection
Node 32 sends the response message of the SSL handshake datas bag;
The protection node 32, is additionally operable to receive the response of the SSL handshake datas bag that the key server sends
Information, session key is generated according to the response message, and the data sent to the client 31 using the session key please
Ask and be decrypted, and verify the security of data in the request of data.
Further, as shown in figure 8, the system also includes:
The protection node 32, is additionally operable to when it is determined that during data safety in the request of data, by the request of data
Send to destination server 33;
The destination server 33, for receive it is described protection node 32 send the request of data, and to data
Request is responded.
Communicator and system based on SSL provided in an embodiment of the present invention, protection node receive the peace that client sends
A full set connects layer protocol SSL handshake data bags;SSL handshake data bags are sent to key server, so that key server is to SSL
Handshake data bag is responded;Response message of the key server to SSL handshake data bags is received, and is generated according to response message
Session key;The request of data that client sends is decrypted using session key, and verifies the peace of data in request of data
Quan Xing;Compared with prior art, node is protected described in the embodiment of the present invention during data communications security is protected, without obtaining
Client private key, but realized to SSL handshake data bags by means of the key server for specializing in user's storage client private key
Decryption is signed, and then verifies the data safety of SSL handshake data bag contents, it is ensured that the safety of data in secure connection.
The embodiment of the invention also discloses following technical scheme:
A1, a kind of communication means based on SSL, including:
Receive the security sockets SSL protocol handshake data bag that client sends;
SSL handshake data bags are sent to key server, so that the key server is to the SSL handshake datas bag
Responded;
Response message of the key server to the SSL handshake datas bag is received, and is given birth to according to the response message
Into session key;
The request of data that the client sends is decrypted using the session key, and verifies the request of data
The security of middle data.
A2, the method according to A1, SSL handshake data bags are sent to key server to be included:
The SSL handshake datas bag is parsed, the pre- master key after encryption is obtained;
Pre- master key after by the encryption is sent to the key server, so that the key server adds to described
Pre- master key after close is decrypted.
A3, the method according to A2, response of the reception key server to the SSL handshake datas bag are believed
Breath is specially:
Receive the pre- master key after the key server is based on the decryption that encrypted tunnel sends;
It is described to be specially according to response message generation session key:
Obtain the client random number included in the SSL handshake datas bag;
Pre- master key, the client random number and server random number generation session key after according to the decryption.
A4, the method according to A1, SSL handshake data bags are sent to key server to be included:
The SSL handshake datas bag is parsed, the client included in the SSL handshake datas bag is obtained random
Number;
The client random number, server random number and server public key are sent to the key server, so as to
The key server is using key server private key to the client random number, the server random number and the service
Device public key is signed.
A5, the method according to A4, receive response message bag of the key server to the SSL handshake datas bag
Include:
Receive the key server signature that the key server sends.
A6, the method according to A5, are receiving response message of the key server to the SSL handshake datas bag
Afterwards, methods described also includes:
The preset signature parameter of server is sent to the client and the key server is signed, so as to the client
It is close according to the preset signature parameter of the server, key server signature and the preset signature parameter generation pre-master of client
Key;
Server random number is sent to the client, so that the client is according to the server random number, client
End random number and the pre- master key generation session key;
Receive the preset signature parameter of client that the client sends.
A7, the method according to A6, generating session key according to the response message includes:
Receive the described pre- master key that the client sends;The pre- master key is that the client is based on server public affairs
Pre- master key after key encryption;
Using privacy key to encryption after pre- master key be decrypted, obtain the pre- master key;
According to the server random number, the client random number and the pre- master key generation session key.
A8, the method according to any one of A1-A7, after the security of data in verifying the request of data,
Methods described also includes:
If it is determined that the data safety in the request of data, then send to destination server the request of data, so as to
The destination server is responded to the request of data;
Or, however, it is determined that the data safety in the request of data, it is determined that the local request of data that whether is stored with
Corresponding response message, however, it is determined that the corresponding response message of the request of data has been locally stored, has been carried out to the request of data
Response.
A9, the method according to A8, are solved using the session key to the request of data that the client sends
It is close including:
The request of data that the client sends is received, the request of data is that client uses the session key
Request afterwards;
The request of data is decrypted using the session key.
B10, a kind of communicator based on SSL, including:
First receiving unit, the security sockets SSL protocol handshake data bag for receiving client transmission;
First transmitting element, the SSL handshake data bags for first receiving unit to be received are sent to key clothes
Business device, so that the key server is responded to the SSL handshake datas bag;
Second receiving unit, for sending to cipher key service the SSL handshake datas bag in first transmitting element
After device, response message of the key server to the SSL handshake datas bag is received;
Generation unit, the response message for being received according to second receiving unit generates session key;
Decryption unit, what the session key for being generated using second generation unit was sent to the client
Request of data is decrypted;
Authentication unit, verifies the security of data in the request of data after the decryption unit decryption.
B11, the device according to B10, first transmitting element include:
Parsing module, for being parsed to the SSL handshake datas bag;
Acquisition module, after being parsed to the SSL handshake datas bag in the parsing module, after obtaining encryption
Pre- master key;
First sending module, sends to described close for the pre- master key after the encryption that obtains the acquisition module
Key server, so as to the key server to the encryption after pre- master key be decrypted.
B12, the device according to B11, second receiving unit, are additionally operable to, and receive the key server and are based on
Pre- master key after the decryption that encrypted tunnel sends;
The generation unit includes:
Acquisition module, for obtaining the client random number included in the SSL handshake datas bag;
First generation module, for the client that the pre- master key after according to the decryption, the acquisition module are obtained
End random number and server random number generation session key.
B13, the device according to B10, first transmitting element include:
Parsing module, for being parsed to the SSL handshake datas bag;
Acquisition module, for after the parsing module is parsed to the SSL handshake datas bag, obtaining the SSL
The client random number included in handshake data bag;
Second sending module, for the acquisition module is obtained the client random number, server random number and
Server public key is sent to the key server, so as to the key server using key server private key to the client
End random number, the server random number and the server public key are signed.
B14, the device according to B13, second receiving unit are additionally operable to receive the key server hair
The key server for sending is signed.
B15, the device according to B14, described device also include:
Second transmitting element, for receive the key server to the response message of the SSL handshake datas bag it
Afterwards, to the client send server it is preset signature parameter and the key server sign, so as to the client according to
The preset signature parameter of server, key server signature and the preset signature parameter of client generate pre- master key;
3rd transmitting element, for sending server random number to the client, so that the client is according to
Server random number, client random number and the pre- master key generation session key;
3rd receiving unit, for receiving the preset signature parameter of client that the client sends.
B16, the device according to B15, the generation unit include:
Receiver module, for receiving the described pre- master key that the client sends;The pre- master key is the client
End group is in the pre- master key after server public key encryption;
Deciphering module, is carried out for the pre- master key after the encryption that is received to the receiver module using privacy key
Decryption, obtains the pre- master key;
Second generation module, for according to the server random number, the client random number and the deciphering module
Described pre- master key generation session key after decryption.
B17, the device according to any one of B11-B16, described device also include:
4th transmitting element, for the security of the data in the authentication unit checking request of data, and determines
After data safety in the request of data, then the request of data is sent to destination server, so that the target takes
Business device is responded to the request of data.
Determining unit, for when it is determined that during data safety in the request of data, it is determined that it is local whether be stored with it is described
The corresponding response message of request of data;
Response unit, for determining the corresponding response message of the request of data has been locally stored when the determining unit
When, the request of data is responded.
B18, the device according to B17, the decryption unit include:
Receiver module, for receiving the request of data that the client sends, the request of data uses institute for client
State the request after session key;
Deciphering module, for being decrypted to the request of data using the session key.
C19, a kind of communication system based on SSL, the system include:
Client, for sending security sockets SSL protocol handshake data bag to protection node;
The protection node, for receiving the SSL handshake data bags that the client sends, and by SSL handshake data bags
Send to key server;
The key server, for receiving the SSL handshake data bags that the protection node sends, and saves to the protection
Point sends the response message of the SSL handshake datas bag;
The protection node, is additionally operable to receive the response letter of the SSL handshake datas bag that the key server sends
Breath, session key is generated according to the response message, and the request of data that the client sends is entered using the session key
Row decryption, and verify the security of data in the request of data.
C20, the system according to C19, the system also include:
The protection node, is additionally operable to when it is determined that during data safety in the request of data, by request of data hair
Deliver to destination server;
The destination server, for receive it is described protection node send the request of data, and to request of data
Responded.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion described in detail in certain embodiment
Point, may refer to the associated description of other embodiment.
It is understood that the correlated characteristic in the above method and device can be referred to mutually.In addition, in above-described embodiment
" first ", " second " etc. be, for distinguishing each embodiment, and not represent the quality of each embodiment.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system
Structure be obvious.Additionally, the present invention is not also directed to any certain programmed language.It is understood that, it is possible to use it is various
Programming language realizes the content of invention described herein, and the description done to language-specific above is to disclose this hair
Bright preferred forms.
In specification mentioned herein, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention
Example can be put into practice in the case of without these details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify one or more that the disclosure and helping understands in each inventive aspect, exist
Above to the description of exemplary embodiment of the invention in, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
The application claims of shield features more more than the feature being expressly recited in each claim.More precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, and wherein each claim is in itself
All as separate embodiments of the invention.
Those skilled in the art are appreciated that can be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Unit or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, can use any
Combine to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit is required, summary and accompanying drawing) disclosed in each feature can the alternative features of or similar purpose identical, equivalent by offer carry out generation
Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection is appointed
One of meaning mode can be used in any combination.
All parts embodiment of the invention can be realized with hardware, or be run with one or more processor
Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) realize denomination of invention according to embodiments of the present invention (as determined in website
The device of Hyperlink rank) in some or all parts some or all functions.The present invention be also implemented as
Some or all equipment or program of device of method as described herein are performed (for example, computer program and calculating
Machine program product).It is such to realize that program of the invention be stored on a computer-readable medium, or can have one
Or the form of multiple signals.Such signal can be downloaded from internet website and obtained, or be provided on carrier signal,
Or provided in any other form.
It should be noted that above-described embodiment the present invention will be described rather than limiting the invention, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol being located between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not
Element listed in the claims or step.Word "a" or "an" before element is not excluded the presence of as multiple
Element.The present invention can come real by means of the hardware for including some different elements and by means of properly programmed computer
It is existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
Claims (10)
1. a kind of communication means based on SSL, it is characterised in that including:
Receive the security sockets SSL protocol handshake data bag that client sends;
SSL handshake data bags are sent to key server, so that the key server is carried out to the SSL handshake datas bag
Response;
Response message of the key server to the SSL handshake datas bag is received, and meeting is generated according to the response message
Words key;
The request of data that the client sends is decrypted using the session key, and verifies number in the request of data
According to security.
2. method according to claim 1, it is characterised in that sending to key server SSL handshake data bags includes:
The SSL handshake datas bag is parsed, the pre- master key after encryption is obtained;
Pre- master key after by the encryption is sent to the key server, so as to the key server to the encryption after
Pre- master key be decrypted.
3. method according to claim 2, it is characterised in that the reception key server is shaken hands to the SSL
The response message of packet is specially:
Receive the pre- master key after the key server is based on the decryption that encrypted tunnel sends;
It is described to be specially according to response message generation session key:
Obtain the client random number included in the SSL handshake datas bag;
Pre- master key, the client random number and server random number generation session key after according to the decryption.
4. method according to claim 1, it is characterised in that sending to key server SSL handshake data bags includes:
The SSL handshake datas bag is parsed, the client random number included in the SSL handshake datas bag is obtained;
The client random number, server random number and server public key are sent to the key server, so as to described
Key server is public to the client random number, the server random number and the server using key server private key
Key is signed.
5. method according to claim 4, it is characterised in that receive the key server to the SSL handshake datas
The response message of bag includes:
Receive the key server signature that the key server sends.
6. method according to claim 5, it is characterised in that shaken hands to the SSL number the key server is received
After response message according to bag, methods described also includes:
To the client send server it is preset signature parameter and the key server sign, so as to the client according to
The preset signature parameter of server, key server signature and the preset signature parameter of client generate pre- master key;
To the client send server random number, so as to the client according to the server random number, client with
Machine number and the pre- master key generation session key;
Receive the preset signature parameter of client that the client sends.
7. method according to claim 6, it is characterised in that generating session key according to the response message includes:
Receive the described pre- master key that the client sends;The pre- master key is added for the client based on server public key
Pre- master key after close;
Using privacy key to encryption after pre- master key be decrypted, obtain the pre- master key;
According to the server random number, the client random number and the pre- master key generation session key.
8. the method according to any one of claim 1-7, it is characterised in that the data in the request of data is verified
After security, methods described also includes:
If it is determined that the data safety in the request of data, then send to destination server the request of data, so as to described
Destination server is responded to the request of data;
Or, however, it is determined that the data safety in the request of data, it is determined that the local request of data correspondence that whether is stored with
Response message, however, it is determined that the corresponding response message of the request of data has been locally stored, the request of data has been responded.
9. a kind of communicator based on SSL, it is characterised in that including:
First receiving unit, the security sockets SSL protocol handshake data bag for receiving client transmission;
First transmitting element, the SSL handshake data bags for first receiving unit to be received are sent to key server,
So that the key server is responded to the SSL handshake datas bag;
Second receiving unit, for first transmitting element by the SSL handshake datas bag send to key server it
Afterwards, response message of the key server to the SSL handshake datas bag is received;
Generation unit, the response message for being received according to second receiving unit generates session key;
Decryption unit, the data that the session key for being generated using second generation unit is sent to the client
Request is decrypted;
Authentication unit, verifies the security of data in the request of data after the decryption unit decryption.
10. a kind of communication system based on SSL, it is characterised in that the system includes:
Client, for sending security sockets SSL protocol handshake data bag to protection node;
The protection node, for receiving the SSL handshake data bags that the client sends, and SSL handshake datas bag is sent
To key server;
The key server, for receiving the SSL handshake data bags that the protection node sends, and sends out to the protection node
Send the response message of the SSL handshake datas bag;
The protection node, is additionally operable to receive the response message of the SSL handshake datas bag that the key server sends, root
Session key is generated according to the response message, the request of data that the client sends is solved using the session key
It is close, and verify the security of data in the request of data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611206889.4A CN106790090A (en) | 2016-12-23 | 2016-12-23 | Communication means, apparatus and system based on SSL |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611206889.4A CN106790090A (en) | 2016-12-23 | 2016-12-23 | Communication means, apparatus and system based on SSL |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106790090A true CN106790090A (en) | 2017-05-31 |
Family
ID=58919658
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611206889.4A Pending CN106790090A (en) | 2016-12-23 | 2016-12-23 | Communication means, apparatus and system based on SSL |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790090A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107135233A (en) * | 2017-06-28 | 2017-09-05 | 百度在线网络技术(北京)有限公司 | Safe transmission method and device, the server and storage medium of information |
| CN108156178A (en) * | 2018-01-30 | 2018-06-12 | 上海天旦网络科技发展有限公司 | A kind of SSL/TLS data monitoring systems and method |
| CN108512849A (en) * | 2018-04-02 | 2018-09-07 | 北京奇艺世纪科技有限公司 | A kind of handshake method and system accessing server |
| CN108683641A (en) * | 2018-04-24 | 2018-10-19 | 广州亿航智能技术有限公司 | A kind of data communications method, device, unmanned plane and computer storage media |
| CN109302369A (en) * | 2017-07-24 | 2019-02-01 | 贵州白山云科技股份有限公司 | A kind of data transmission method and device based on key authentication |
| CN109756500A (en) * | 2019-01-11 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation https traffic method and system based on multiple unsymmetrical key ponds |
| CN109831464A (en) * | 2019-04-01 | 2019-05-31 | 北京百度网讯科技有限公司 | Method and apparatus for ciphertext data |
| CN109902515A (en) * | 2019-01-10 | 2019-06-18 | 西安纸贵互联网科技有限公司 | A kind of truthful data verification method and system |
| CN109962913A (en) * | 2019-03-11 | 2019-07-02 | 北京信安世纪科技股份有限公司 | Proxy server and Proxy Method based on secure socket layer protocol |
| WO2019178942A1 (en) * | 2018-03-23 | 2019-09-26 | 网宿科技股份有限公司 | Method and system for performing ssl handshake |
| CN110324365A (en) * | 2018-03-28 | 2019-10-11 | 网易(杭州)网络有限公司 | Without key front end cluster system, application method, storage medium, electronic device |
| CN110336666A (en) * | 2019-07-17 | 2019-10-15 | 武汉信安珞珈科技有限公司 | A method of random number randomness in enhancing SSL/TLS agreement |
| CN110380868A (en) * | 2019-08-22 | 2019-10-25 | 广东浪潮大数据研究有限公司 | A kind of communication means, device and communication system and storage medium |
| CN111182004A (en) * | 2020-03-10 | 2020-05-19 | 核芯互联(北京)科技有限公司 | SSL handshake method, device and equipment |
| CN112383541A (en) * | 2020-11-12 | 2021-02-19 | 镇江市金舟软件有限责任公司 | Welding man-hour collecting and receiving method based on encryption and decryption algorithms |
| CN112422530A (en) * | 2020-11-04 | 2021-02-26 | 无锡沐创集成电路设计有限公司 | Security protection method for server-side secret key in TLS (transport layer security) handshaking process and password equipment |
| CN113904773A (en) * | 2021-10-11 | 2022-01-07 | 博雅中科(北京)信息技术有限公司 | SSL connection establishment method and device, electronic equipment and computer readable storage medium |
| CN115174114A (en) * | 2022-07-07 | 2022-10-11 | 渔翁信息技术股份有限公司 | SSL tunnel establishment method, server and client |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101087196A (en) * | 2006-12-27 | 2007-12-12 | 北京大学 | Multi-layer honey network data transmission method and system |
| CN103516586A (en) * | 2012-06-30 | 2014-01-15 | 北京神州泰岳软件股份有限公司 | Online user behavior analysis system of instant messaging system |
| US8782774B1 (en) * | 2013-03-07 | 2014-07-15 | Cloudflare, Inc. | Secure session capability using public-key cryptography without access to the private key |
| CN104702611A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Equipment and method for protecting session key of secure socket layer |
| CN105791285A (en) * | 2016-03-01 | 2016-07-20 | 积成电子股份有限公司 | Online analyzing method of MMS (Manufacturing Message Specification) message in support of IEC62351 encryption |
| CN105812378A (en) * | 2016-04-21 | 2016-07-27 | 北京小米移动软件有限公司 | Access request processing method and device |
| CN106161449A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | Transmission method without key authentication and system |
-
2016
- 2016-12-23 CN CN201611206889.4A patent/CN106790090A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101087196A (en) * | 2006-12-27 | 2007-12-12 | 北京大学 | Multi-layer honey network data transmission method and system |
| CN103516586A (en) * | 2012-06-30 | 2014-01-15 | 北京神州泰岳软件股份有限公司 | Online user behavior analysis system of instant messaging system |
| US8782774B1 (en) * | 2013-03-07 | 2014-07-15 | Cloudflare, Inc. | Secure session capability using public-key cryptography without access to the private key |
| CN104702611A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Equipment and method for protecting session key of secure socket layer |
| CN105791285A (en) * | 2016-03-01 | 2016-07-20 | 积成电子股份有限公司 | Online analyzing method of MMS (Manufacturing Message Specification) message in support of IEC62351 encryption |
| CN105812378A (en) * | 2016-04-21 | 2016-07-27 | 北京小米移动软件有限公司 | Access request processing method and device |
| CN106161449A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | Transmission method without key authentication and system |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107135233A (en) * | 2017-06-28 | 2017-09-05 | 百度在线网络技术(北京)有限公司 | Safe transmission method and device, the server and storage medium of information |
| CN109302369A (en) * | 2017-07-24 | 2019-02-01 | 贵州白山云科技股份有限公司 | A kind of data transmission method and device based on key authentication |
| CN109302369B (en) * | 2017-07-24 | 2021-03-16 | 贵州白山云科技股份有限公司 | Data transmission method and device based on key verification |
| CN108156178A (en) * | 2018-01-30 | 2018-06-12 | 上海天旦网络科技发展有限公司 | A kind of SSL/TLS data monitoring systems and method |
| CN108156178B (en) * | 2018-01-30 | 2021-01-26 | 上海天旦网络科技发展有限公司 | SSL/TLS data monitoring system and method |
| US11303431B2 (en) | 2018-03-23 | 2022-04-12 | Wangsu Science & Technology Co., Ltd. | Method and system for performing SSL handshake |
| WO2019178942A1 (en) * | 2018-03-23 | 2019-09-26 | 网宿科技股份有限公司 | Method and system for performing ssl handshake |
| EP3633949A4 (en) * | 2018-03-23 | 2020-07-15 | Wangsu Science & Technology Co., Ltd. | Method and system for performing ssl handshake |
| CN110324365A (en) * | 2018-03-28 | 2019-10-11 | 网易(杭州)网络有限公司 | Without key front end cluster system, application method, storage medium, electronic device |
| CN108512849B (en) * | 2018-04-02 | 2020-06-30 | 北京奇艺世纪科技有限公司 | Handshake method and system for accessing server |
| CN108512849A (en) * | 2018-04-02 | 2018-09-07 | 北京奇艺世纪科技有限公司 | A kind of handshake method and system accessing server |
| CN108683641A (en) * | 2018-04-24 | 2018-10-19 | 广州亿航智能技术有限公司 | A kind of data communications method, device, unmanned plane and computer storage media |
| CN109902515A (en) * | 2019-01-10 | 2019-06-18 | 西安纸贵互联网科技有限公司 | A kind of truthful data verification method and system |
| CN109756500A (en) * | 2019-01-11 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation https traffic method and system based on multiple unsymmetrical key ponds |
| CN109962913A (en) * | 2019-03-11 | 2019-07-02 | 北京信安世纪科技股份有限公司 | Proxy server and Proxy Method based on secure socket layer protocol |
| CN109831464A (en) * | 2019-04-01 | 2019-05-31 | 北京百度网讯科技有限公司 | Method and apparatus for ciphertext data |
| CN110336666A (en) * | 2019-07-17 | 2019-10-15 | 武汉信安珞珈科技有限公司 | A method of random number randomness in enhancing SSL/TLS agreement |
| CN110336666B (en) * | 2019-07-17 | 2022-08-05 | 武汉信安珞珈科技有限公司 | Method for enhancing randomness of random number in SSL/TLS protocol |
| CN110380868A (en) * | 2019-08-22 | 2019-10-25 | 广东浪潮大数据研究有限公司 | A kind of communication means, device and communication system and storage medium |
| CN111182004A (en) * | 2020-03-10 | 2020-05-19 | 核芯互联(北京)科技有限公司 | SSL handshake method, device and equipment |
| CN111182004B (en) * | 2020-03-10 | 2022-01-04 | 核芯互联(北京)科技有限公司 | SSL handshake method, device and equipment |
| CN112422530A (en) * | 2020-11-04 | 2021-02-26 | 无锡沐创集成电路设计有限公司 | Security protection method for server-side secret key in TLS (transport layer security) handshaking process and password equipment |
| CN112422530B (en) * | 2020-11-04 | 2023-05-30 | 无锡沐创集成电路设计有限公司 | Key security protection method and password device for server in TLS handshake process |
| CN112383541B (en) * | 2020-11-12 | 2022-12-13 | 镇江市金舟软件有限责任公司 | Welding man-hour collecting and receiving method based on encryption and decryption algorithms |
| CN112383541A (en) * | 2020-11-12 | 2021-02-19 | 镇江市金舟软件有限责任公司 | Welding man-hour collecting and receiving method based on encryption and decryption algorithms |
| CN113904773A (en) * | 2021-10-11 | 2022-01-07 | 博雅中科(北京)信息技术有限公司 | SSL connection establishment method and device, electronic equipment and computer readable storage medium |
| CN113904773B (en) * | 2021-10-11 | 2023-07-07 | 博雅中科(北京)信息技术有限公司 | SSL connection establishment method, SSL connection establishment device, electronic equipment and computer readable storage medium |
| CN115174114A (en) * | 2022-07-07 | 2022-10-11 | 渔翁信息技术股份有限公司 | SSL tunnel establishment method, server and client |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106790090A (en) | Communication means, apparatus and system based on SSL | |
| US11165757B2 (en) | Method and apparatus for securing communications using multiple encryption keys | |
| CN109309565B (en) | Security authentication method and device | |
| US10652015B2 (en) | Confidential communication management | |
| KR20210134655A (en) | Security systems and related methods | |
| CN108347419A (en) | Data transmission method and device | |
| CN109600226A (en) | TLS protocol session key recovery method based on random number implicit negotiation | |
| CN108809633B (en) | Identity authentication method, device and system | |
| Lounis et al. | Bad-token: denial of service attacks on WPA3 | |
| CN109639697A (en) | Cloud mobile phone safe throws method, mobile terminal and the server of screen | |
| CN109891423A (en) | It is controlled using the data encryption of multiple control mechanisms | |
| CN114143117B (en) | Data processing method and device | |
| CN110493367A (en) | The non-public server of unaddressed IPv6, client computer and communication means | |
| JP2022540653A (en) | Data protection and recovery system and method | |
| CN113411187A (en) | Identity authentication method and system, storage medium and processor | |
| Kwon et al. | (In-) security of cookies in HTTPS: Cookie theft by removing cookie flags | |
| Das et al. | A decentralized open web cryptographic standard | |
| CN105871858A (en) | Method and system for ensuring high data safety | |
| CN104811421A (en) | Secure communication method and secure communication device based on digital rights management | |
| Faisal et al. | Graphene: a secure cloud communication architecture | |
| Haque | Web server vulnerability analysis in the context of transport layer security (tls) | |
| WO2018010957A1 (en) | Method for providing an enhanced level of authentication related to a secure software client application provided by an application distribution entity in order to be transmitted to a client computing device; system, application distribution entity, software client application, and client computing device for providing an enhanced level of authentication related to a secure software client application, program and computer program product | |
| US20230041783A1 (en) | Provision of digital content via a communication network | |
| Gilchrist | The Concise Guide to SSL/TLS for DevOps | |
| Lindström et al. | Mapping the current state of SSL/TLS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant after: Beijing Qihu Technology Co., Ltd. Applicant after: Qianxin Technology Group Co., Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: Beijing Qihu Technology Co., Ltd. Applicant before: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |
|
| RJ01 | Rejection of invention patent application after publication |