CN114238916A - Communication method, communication apparatus, computer device, and storage medium - Google Patents

Communication method, communication apparatus, computer device, and storage medium Download PDF

Info

Publication number
CN114238916A
CN114238916A CN202111492000.4A CN202111492000A CN114238916A CN 114238916 A CN114238916 A CN 114238916A CN 202111492000 A CN202111492000 A CN 202111492000A CN 114238916 A CN114238916 A CN 114238916A
Authority
CN
China
Prior art keywords
certificate
cloud
server
target server
transaction message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111492000.4A
Other languages
Chinese (zh)
Inventor
杨成海
赵娜
谢晖
钱俊杰
吴孟晴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202111492000.4A priority Critical patent/CN114238916A/en
Publication of CN114238916A publication Critical patent/CN114238916A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application relates to a communication method, a communication device, a computer device and a storage medium. Generating and returning certificate information based on user identity information in a certificate application request sent by a cloud server through a target server, storing a first certificate in the certificate information sent by the target server and a local certificate in a second certificate by the cloud server, and sending a cloud certificate in the second certificate to the target server for storage; and the target server establishes communication connection with the cloud server after verifying the cloud server according to the cloud certificate, the local certificate in the communication request sent by the cloud server and the first certificate. Compared with the traditional mode of accessing the bank system through physical hardware, the scheme utilizes the certificate information corresponding to the user identity as the verification basis, and divides the certificate information into the locally stored certificate and the cloud-stored certificate, so that the certificate is prevented from being stolen by other people, and the safety of accessing the bank system is improved.

Description

Communication method, communication apparatus, computer device, and storage medium
Technical Field
The present application relates to the field of big data access technologies, and in particular, to a communication method, an apparatus, a computer device, and a storage medium.
Background
The bank is one of important mechanisms which need to be used in daily life of people, and with the development of network technology, the online banking technology appears, a user can access a bank system through a network, and a bank server is taken as an important system, the safety of the bank server needs to be ensured, and at present, in order to ensure the safety of the bank server, the user needs to use specific physical hardware as an identity certificate for accessing the bank server when accessing the bank server. However, there is a high risk of loss when accessing the bank server by means of physical hardware, resulting in security accidents.
Therefore, the current access method with the bank server through a physical hardware method has the following defects: the bank server is accessed in a physical hardware-based mode, and the physical hardware is easy to lose, so that safety accidents can be caused once the physical hardware is lost, and the method for communicating with the bank has the defect of low safety.
Disclosure of Invention
In view of the above, it is necessary to provide a communication method, an apparatus, a computer device, and a storage medium capable of improving security of accessing a bank server in view of the above technical problems.
A communication method is applied to a cloud server, and the method comprises the following steps:
generating a certificate application request according to the user identity information corresponding to the cloud server and sending the certificate application request to a target server; the target server is used for generating certificate information according to the user identity information and returning the certificate information; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms;
acquiring certificate information sent by the target server, storing the first certificate and the local certificate, and sending the cloud certificate to the target server; the target server is used for storing the cloud certificate;
sending a communication request to the target server according to the first certificate and the local certificate; the target server is used for establishing communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate.
In one embodiment, the first certificate is an RSA certificate, the second certificate is an SM2 certificate, the local certificate is a local SM2 certificate, and the cloud certificate is a cloud SM2 certificate;
the acquiring the certificate information sent by the target server, storing the first certificate and the local certificate, and sending the cloud certificate to the target server includes:
acquiring an RSA certificate and an SM2 certificate sent by the target server;
storing the RSA certificate and the local SM2 certificate, and sending the cloud SM2 certificate to the target server; the target server is used for storing the cloud SM2 certificate.
In one embodiment, the sending the communication request to the target server according to the first certificate and the local certificate includes:
and generating a two-way hypertext transfer security protocol communication request of request information comprising the RSA certificate and the local SM2 certificate, and sending the request information to the target server.
In one embodiment, after the sending the communication request to the target server according to the first certificate and the local certificate, the method further includes:
receiving a transaction request, generating a collaborative signature request according to a transaction message, and sending the collaborative signature request to the target server; the target server is used for sending a processing passing result to the cloud server after the collaborative signature request is processed;
receiving a processing passing result sent by the target server, generating a transaction message signature corresponding to the transaction message, and encrypting the transaction message to obtain an encrypted transaction message;
sending the encrypted transaction message and the transaction message signature to the target server; and the target server is used for processing the transaction message after the encrypted transaction message and the transaction message signature are verified.
A communication method is applied to a target server, and the method comprises the following steps:
receiving a certificate application request of requesting information including user identity information sent by a cloud server, generating corresponding certificate information according to the user identity information, and returning the certificate information to the cloud server; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms; the cloud server is used for storing the first certificate and the local certificate and sending the cloud certificate to the target server;
receiving and storing a cloud certificate sent by the cloud server;
and acquiring request information sent by the cloud server, wherein the request information comprises a communication request of the first certificate and the local certificate, verifying the cloud certificate, the local certificate and the first certificate, and establishing communication connection with the cloud server when the verification is passed.
In one embodiment, after establishing a communication connection with the cloud server when the authentication is passed, the method further includes:
acquiring a collaborative signature request sent by the cloud server, processing the system signature request through a security server interface, and sending a processing passing result to the cloud server; the cloud server is used for receiving the processing passing result and sending the encrypted transaction message and the transaction message signature to the target server;
and acquiring the encrypted transaction message and the transaction message signature, decrypting the encrypted transaction message, verifying the decrypted transaction message and the transaction message signature through the security server interface, and processing the transaction message if the verification is passed.
A communication system, the system comprising: cloud server and target server:
the cloud server is used for generating a certificate application request according to the user identity information corresponding to the cloud server and sending the certificate application request to a target server;
the target server is used for receiving a certificate application request of which the request information comprises user identity information and sent by the cloud server, generating corresponding certificate information according to the user identity information and returning the certificate information to the cloud server; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms;
the cloud server is used for storing the first certificate and the local certificate and sending the cloud certificate to the target server;
the target server is used for storing the cloud certificate;
the cloud server is used for sending a communication request to the target server according to the first certificate and the local certificate;
and the target server is used for establishing communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate.
A communication device is applied to a cloud server, and the device comprises:
the application module is used for generating a certificate application request according to the user identity information corresponding to the cloud server and sending the certificate application request to a target server; the target server is used for generating certificate information according to the user identity information and returning the certificate information; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms;
the acquisition module is used for acquiring the certificate information sent by the target server, storing the first certificate and the local certificate and sending the cloud certificate to the target server; the target server is used for storing the cloud certificate;
the communication module is used for sending a communication request to the target server according to the first certificate and the local certificate; the target server is used for establishing communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate.
In one embodiment, the first certificate is an RSA certificate, the second certificate is an SM2 certificate, the local certificate is a local SM2 certificate, and the cloud certificate is a cloud SM2 certificate;
the acquisition module is specifically configured to:
acquiring an RSA certificate and an SM2 certificate sent by the target server;
storing the RSA certificate and the local SM2 certificate, and sending the cloud SM2 certificate to the target server; the target server is used for storing the cloud SM2 certificate.
In one embodiment, the communication module is specifically configured to:
and generating a two-way hypertext transfer security protocol communication request of request information comprising the RSA certificate and the local SM2 certificate, and sending the request information to the target server.
In one embodiment, the apparatus further comprises: a transaction request module to:
receiving a transaction request, generating a collaborative signature request according to a transaction message, and sending the collaborative signature request to the target server; the target server is used for sending a processing passing result to the cloud server after the collaborative signature request is processed;
receiving a processing passing result sent by the target server, generating a transaction message signature corresponding to the transaction message, and encrypting the transaction message to obtain an encrypted transaction message;
sending the encrypted transaction message and the transaction message signature to the target server; and the target server is used for processing the transaction message after the encrypted transaction message and the transaction message signature are verified.
A communication apparatus applied to a target server, the apparatus comprising:
the receiving module is used for receiving a certificate application request of which the request information comprises user identity information and sent by the cloud server, generating corresponding certificate information according to the user identity information and returning the certificate information to the cloud server; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms; the cloud server is used for storing the first certificate and the local certificate and sending the cloud certificate to the target server;
the storage module is used for receiving and storing the cloud terminal certificate sent by the cloud server;
and the verification module is used for acquiring the request information sent by the cloud server and including the communication request of the first certificate and the local certificate, verifying the cloud certificate, the local certificate and the first certificate, and establishing communication connection with the cloud server when the verification is passed.
In one embodiment, the apparatus further comprises: a transaction processing module to:
acquiring a collaborative signature request sent by the cloud server, processing the system signature request through a security server interface, and sending a processing passing result to the cloud server; the cloud server is used for receiving the processing passing result and sending the encrypted transaction message and the transaction message signature to the target server;
and acquiring the encrypted transaction message and the transaction message signature, decrypting the encrypted transaction message, verifying the decrypted transaction message and the transaction message signature through the security server interface, and processing the transaction message if the verification is passed.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method described above when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the above-mentioned method when executed by a processor.
Compared with the traditional mode of accessing a bank system through physical hardware, the communication method, the communication device, the computer equipment and the storage medium can achieve the following technical effects:
by using the certificate information corresponding to the user identity as the verification basis and dividing the certificate information into the locally stored certificate and the cloud-stored certificate, the certificate is prevented from being stolen by others, and the security of accessing the bank system is improved.
In addition, the embodiment of the scheme initiates the communication request to the target server through the request information generated based on the RSA certificate and the local SM2 certificate, and the certificate information in the cloud server is closely connected with the user identity information of the cloud server, so that the target server verifies the communication qualification of the cloud server through a verification mode based on the certificate, and the security of accessing the bank system is improved. In addition, the cloud server can also communicate with the target server in a collaborative signature, encryption and signature mode, so that the safety of accessing the bank system is improved.
Drawings
FIG. 1 is a diagram of an application environment of a communication method in one embodiment;
FIG. 2 is a flow diagram of a communication method in one embodiment;
FIG. 3 is a flow chart illustrating a communication method according to another embodiment;
FIG. 4 is a flow chart illustrating a communication method according to another embodiment;
FIG. 5 is a flowchart illustrating the certificate generation step in one embodiment;
FIG. 6 is a flow diagram illustrating steps in processing transaction messages according to one embodiment;
FIG. 7 is a block diagram of a communication device in one embodiment;
fig. 8 is a block diagram showing the structure of a communication apparatus in another embodiment;
FIG. 9 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. It should be noted that, in the technical solution of the present application, the acquisition, storage, use, processing, and the like of data all conform to relevant regulations of national laws and regulations, and user information (including but not limited to user equipment information, user personal information, and the like) and data (including but not limited to data for display, data for analysis, and the like) related to the present application are information and data authorized by a user or fully authorized by each party; correspondingly, the application also provides a corresponding user authorization entrance for the user to select authorization or to select denial.
The communication method provided by the application can be applied to the application environment shown in fig. 1. Wherein the cloud server 102 communicates with the target server 104 over a network. The cloud server 102 may send a certificate application to the target server 104 according to user identity information corresponding to the cloud server 102, the target server 104 may return corresponding certificate information to the cloud server 102 based on the user identity information, the cloud server 102 may divide the certificate information, one part of the certificate information is stored locally, the other part of the certificate information is stored to the target server 104, the cloud server 102 may also send a communication request to the target server 104 according to a local certificate, and the target server 104 establishes communication connection with the cloud server 102 after the certificate is verified. The cloud server 102 and the target server 104 may be implemented by independent servers or a server cluster composed of a plurality of servers.
It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data authorized by the user or sufficiently authorized by each party; correspondingly, the present disclosure also provides a corresponding user authorization entry for the user to select authorization or to select denial.
In one embodiment, as shown in fig. 2, a communication method is provided, which is described by taking the method as an example applied to the cloud server in fig. 1, and includes the following steps:
step S202, according to the user identity information corresponding to the cloud server, a certificate application request is generated and sent to a target server; the target server is used for generating certificate information according to the user identity information and returning the certificate information; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms.
The communication method may be a communication method based on a bank system, and the cloud server 102 may be a server disposed in a cloud, for example, an enterprise financial system disposed in a third party public cloud. Because the cloud server 102 is installed in a public cloud, the cloud server cannot be connected with a banking system by inserting physical hardware. And the cloud server 102 has the corresponding user identity information, so that when the cloud server 102 needs to be connected to the bank system, the cloud server 102 may apply for a certificate corresponding to the life history and send the certificate to the target server 104 based on the user identity information corresponding to the cloud server 102, so that the target server 104 may generate corresponding certificate information according to the user identity information and return the certificate information to the cloud server 102. The public cloud is a cloud which can be used and is provided by a third-party provider for a user, the public cloud can be generally used through the Internet and can be free or low in cost, and the core attribute of the public cloud is shared resource service. There are many instances of such a cloud that can provide services throughout the open public network today. The cloud server 102 may be a service user, for example, an enterprise financial system deployed in a third-party public cloud directly calls an interface provided by a bank through the internet to use a related financial service; the target server 104 may be a bank server, the bank server may be a server corresponding to a bank system, and the bank system may be a service provider, for example, a bank-enterprise direct connection system of a bank provides related financial services for an enterprise through an open interface form. The bank-enterprise direct connection means that financial systems of enterprises are directly interconnected with bank systems, and the enterprise financial systems directly use related financial services by calling internet interfaces issued by banks.
The digital certificate is a digital certificate for marking identity information of each communication party in internet communication, and people can use the digital certificate to identify the identity of the other party on the internet. The certificate information includes a first certificate and a second certificate, and the second certificate may be further divided into a local certificate and a cloud certificate. The first certificate and the second certificate may be certificates obtained by using different encryption algorithms. For example, in one embodiment, the first certificate is an RSA certificate, the second certificate is an SM2 certificate, the local certificate is a local SM2 certificate, and the cloud certificate is a cloud SM2 certificate. In this embodiment, SM2 is an elliptic curve public key cryptographic algorithm issued by the national cryptology authority. RSA is an encryption algorithm, and the RSA public key cryptosystem is a cryptosystem that uses different encryption and decryption keys, and it is computationally infeasible to derive a decryption key from a known encryption key. The SM2 certificate may be split into two parts, one is a local SM2 certificate that is local to the presence cloud server 102, and the other is a cloud SM2 certificate that is local to the presence target server 104.
Step S204, acquiring certificate information sent by a target server, storing the first certificate and the local certificate and sending the cloud certificate to the target server; the target server is used for storing the cloud certificate.
The target server 104 may send, to the cloud server 102, certificate information generated according to the user identity information of the cloud server 102, where the certificate information may include a first certificate and a second certificate, and the second certificate may be divided into a local certificate and a cloud certificate. After the cloud server 102 obtains the certificate information sent by the target server 104, the local certificate part in the first certificate and the second certificate may be stored in the cloud server 102, and the cloud certificate part in the second certificate is sent to the target server 104, and the target server 104 stores the cloud certificate after receiving the cloud certificate.
Wherein, the first certificate may be an RSA certificate, and the second certificate may be an SM2 certificate, the cloud server 102 may store the two digital certificates obtained according to different encryption algorithms. For example, in one embodiment, obtaining certificate information sent by a target server, storing a first certificate and a local certificate, and sending a cloud certificate to the target server includes: acquiring an RSA certificate and an SM2 certificate sent by a target server; storing the RSA certificate and the local SM2 certificate, and sending the cloud SM2 certificate to a target server; the target server is used for storing the cloud SM2 certificate. In this embodiment, the cloud server 102 may obtain the RSA certificate and the SM2 certificate sent by the target server 104, and the cloud server 102 may further divide the SM2 certificate into a local SM2 certificate and a cloud SM2 certificate, and the cloud server 102 may store the RSA certificate and the local SM2 certificate, and send the cloud SM2 certificate to the target server 104 for storage, and the target server 104 may store the cloud SM2 certificate after receiving it. Therefore, the risk of copy and appropriation existing in the file certificate used in the bank-enterprise direct connection service can be prevented, because the cloud server 102 stores partial local signature certificate information in the bank-enterprise direct connection service end, namely the target server 104, partial signature certificate information is stored in the client local and closely associated with local environment information, and the partial signature certificate cannot be used after being copied.
Step S206, according to the first certificate and the local certificate, sending a communication request to a target server; and the target server is used for establishing communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate.
After the cloud server 102 completes the application and storage of the certificate information, communication with the target server 104 may be established based on the certificate information. The cloud server 102 may generate a corresponding communication request based on the local certificate in the first certificate and the second certificate, and send the communication request to the target server 104, and the target server 104 may verify the communication qualification of the cloud server 102 with the cloud certificate stored therein, the local certificate and the first certificate in the received communication request, and establish a communication connection with the cloud server 102 after the verification is passed, thereby implementing the communication between the cloud server 102 on the third party public cloud and the target server 104 of the bank system having the security requirement. After the cloud server 102 establishes a communication connection with the target server 104, interaction of the transaction messages may be performed.
In the communication method, the target server generates and returns the certificate information based on the user identity information in the certificate application request sent by the cloud server, and the cloud server stores the first certificate in the certificate information sent by the target server and the local certificate in the second certificate and sends the cloud certificate in the second certificate to the target server for storage; the cloud server sends a communication request to the target server according to the first certificate and the local certificate, and the target server establishes communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate. Compared with the traditional mode of accessing the bank system through physical hardware, the scheme utilizes the certificate information corresponding to the user identity as the verification basis, and divides the certificate information into the locally stored certificate and the cloud-stored certificate, so that the certificate is prevented from being stolen by other people, and the safety of accessing the bank system is improved.
In one embodiment, sending the communication request to the target server based on the first certificate and the local certificate comprises: a two-way hypertext transfer security protocol communication request is generated requesting information including the RSA certificate and the local SM2 certificate and sent to the target server.
In this embodiment, the certificate information received by the cloud server 102 includes a first certificate and a second certificate generated based on different encryption algorithms, and the cloud server 102 may divide the second certificate into a local certificate and a cloud certificate, and generate a communication request based on the first certificate and the local certificate to send to the target server 104. Where the first certificate may be an RSA certificate and the second certificate may be an SM2 certificate, the cloud server 102 may generate an https (two-way hypertext transfer security protocol) communication request requesting information including the RSA certificate and the local SM2 certificate and send the communication request to the target server 104. The target server 104 may thereby verify the credentials of the cloud server 102 based on the respective credentials in the received communication request. For example, target server 104 may determine whether cloud server 102 is authenticated by authenticating information of the received certificate.
Through the embodiment, the cloud server 102 initiates the communication request to the target server 104 through the request information generated based on the RSA certificate and the local SM2 certificate, and since the certificate information in the cloud server 102 is closely connected with the user identity information of the cloud server 102, the target server 104 verifies the communication qualification of the cloud server 102 through a certificate-based verification method, thereby improving the security of accessing the bank system.
In one embodiment, after sending the communication request to the target server according to the first certificate and the local certificate, the method further includes: receiving a transaction request, generating a collaborative signature request according to a transaction message, and sending the collaborative signature request to a target server; the target server is used for sending a processing passing result to the cloud server after the collaborative signature request is processed; receiving a processing passing result sent by the target server, generating a transaction message signature corresponding to the transaction message, and encrypting the transaction message to obtain an encrypted transaction message; sending the encrypted transaction message and the transaction message signature to a target server; the target server is used for processing the transaction message after the encrypted transaction message and the transaction message signature pass verification.
In this embodiment, after the cloud server 102 establishes the communication connection with the target server 104, the interaction of the transaction message may be performed. When receiving a transaction request, the cloud server 102 may generate a collaborative signature request according to a transaction message in the transaction request, and send the collaborative signature request to the target server 104, the target server 104 may process the collaborative signature request, and send a processing pass result to the cloud server 102 after the processing pass result is passed, after receiving the processing pass result sent by the target server 104, the cloud server 102 may generate a transaction message signature corresponding to the transaction message, and the cloud server 102 may also encrypt the transaction message to obtain an encrypted transaction message; for example, the cloud server 102 may encrypt the transaction message through a 3DES algorithm. Among them, 3DES is a generic name of TDEA (Triple Data Encryption Algorithm) block cipher. It is equivalent to applying the DES encryption algorithm three times per block. The cloud server 102 may send the encrypted transaction message and the transaction message signature to the target server 104, so that the target server 104 may verify the encrypted transaction message and the transaction message signature and process the transaction message after the verification is passed. For example, the target server 104 may decrypt the encrypted transaction message and verify the decrypted transaction message and the transaction message signature, so that the target server 104 may process the business logic of the transaction message after the verification passes.
Through the embodiment, the cloud server 102 can communicate with the target server 104 in a collaborative signature, encryption and signature manner, so that the security of accessing the bank system is improved.
In one embodiment, as shown in fig. 3, a communication method is provided, which is described by taking the method as an example applied to the terminal in fig. 1, and includes the following steps:
step S302, receiving a certificate application request of request information including user identity information sent by a cloud server, generating corresponding certificate information according to the user identity information and returning the certificate information to the cloud server; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the encryption algorithm of the first certificate is different from that of the second certificate; the cloud server is used for storing the first certificate and the local certificate and sending the cloud certificate to the target server.
The cloud server 102 may be a server disposed in the cloud, for example, an enterprise financial system disposed in a third party public cloud. Because the cloud server 102 is installed in a public cloud, the cloud server cannot be connected with a banking system by inserting physical hardware. And the cloud server 102 has the corresponding user identity information, so that when the cloud server 102 needs to be connected to the bank system, the cloud server 102 may apply for a certificate corresponding to the life history and send the certificate to the target server 104 based on the user identity information corresponding to the cloud server 102, so that the target server 104 may generate corresponding certificate information according to the user identity information and return the certificate information to the cloud server 102. The public cloud is a cloud which can be used and is provided by a third-party provider for a user, the public cloud can be generally used through the Internet and can be free or low in cost, and the core attribute of the public cloud is shared resource service. There are many instances of such a cloud that can provide services throughout the open public network today. The cloud server 102 may be a service user, for example, an enterprise financial system deployed in a third-party public cloud directly calls an interface provided by a bank through the internet to use a related financial service; and the bank system can be a service provider, for example, a bank-enterprise direct connection system of a bank provides related financial services for enterprises in an open interface form. The bank-enterprise direct connection means that financial systems of enterprises are directly interconnected with bank systems, and the enterprise financial systems directly use related financial services by calling internet interfaces issued by banks.
The digital certificate is a digital certificate for marking identity information of each communication party in internet communication, and people can use the digital certificate to identify the identity of the other party on the internet. The certificate information includes a first certificate and a second certificate, and the second certificate may be further divided into a local certificate and a cloud certificate. The first certificate and the second certificate may be certificates obtained by using different encryption algorithms. For example, in one embodiment, the first certificate is an RSA certificate, the second certificate is an SM2 certificate, the local certificate is a local SM2 certificate, and the cloud certificate is a cloud SM2 certificate. The SM2 certificate may be split into two parts, one is a local SM2 certificate that is local to the presence cloud server 102, and the other is a cloud SM2 certificate that is local to the presence target server 104.
And step S304, receiving and storing the cloud certificate sent by the cloud server.
The target server 104 may send, to the cloud server 102, certificate information generated according to the user identity information of the cloud server 102, where the certificate information may include a first certificate and a second certificate, and the second certificate may be divided into a local certificate and a cloud certificate. After the cloud server 102 obtains the certificate information sent by the target server 104, the local certificate part in the first certificate and the second certificate may be stored in the cloud server 102, and the cloud certificate part in the second certificate is sent to the target server 104, and the target server 104 stores the cloud certificate after receiving the cloud certificate. Wherein, the first certificate may be an RSA certificate, and the second certificate may be an SM2 certificate, the cloud server 102 may store the two digital certificates obtained according to different encryption algorithms. For example, the cloud server 102 may store the RSA certificate and the local SM2 certificate and send the cloud SM2 certificate to the target server; the target server is used for storing the cloud SM2 certificate.
Step S306, a communication request that request information sent by the cloud server includes the first certificate and the local certificate is obtained, the cloud certificate, the local certificate and the first certificate are verified, and when the verification is passed, communication connection is established with the cloud server.
After the cloud server 102 completes the application and storage of the certificate information, communication with the target server 104 may be established based on the certificate information. The cloud server 102 may generate a corresponding communication request based on the local certificate in the first certificate and the second certificate, and send the communication request to the target server 104, and the target server 104 may verify the communication qualification of the cloud server 102 with the cloud certificate stored therein, the local certificate and the first certificate in the received communication request, and establish a communication connection with the cloud server 102 after the verification is passed, thereby implementing the communication between the cloud server 102 on the third party public cloud and the target server 104 of the bank system having the security requirement. After the cloud server 102 establishes a communication connection with the target server 104, interaction of the transaction messages may be performed.
In the communication method, the target server generates and returns the certificate information based on the user identity information in the certificate application request sent by the cloud server, and the cloud server stores the first certificate in the certificate information sent by the target server and the local certificate in the second certificate and sends the cloud certificate in the second certificate to the target server for storage; the cloud server sends a communication request to the target server according to the first certificate and the local certificate, and the target server establishes communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate. Compared with the traditional mode of accessing the bank system through physical hardware, the scheme utilizes the certificate information corresponding to the user identity as the verification basis, and divides the certificate information into the locally stored certificate and the cloud-stored certificate, so that the certificate is prevented from being stolen by other people, and the safety of accessing the bank system is improved.
In one embodiment, after establishing a communication connection with the cloud server when the authentication is passed, the method further includes: acquiring a collaborative signature request sent by a cloud server, processing the system signature request through a security server interface, and sending a processing passing result to the cloud server; the cloud server is used for receiving the processing passing result and sending the encrypted transaction message and the transaction message signature to the target server; and acquiring the encrypted transaction message and the transaction message signature, decrypting the encrypted transaction message, verifying the decrypted transaction message and the transaction message signature through a secure server interface, and processing the transaction message if the verification is passed.
In this embodiment, after the cloud server 102 establishes the communication connection with the target server 104, the interaction of the transaction message may be performed. When receiving the transaction request, the cloud server 102 may generate a collaborative signature request according to a transaction message in the transaction request, and send the collaborative signature request to the target server 104, and the target server 104 may process the collaborative signature request and send a processing pass result to the cloud server 102 after the processing pass. For example, the target server 104 may call a secure server interface to process the collaborative signature and return the result to the cloud server 102, the cloud server 102 may send the encrypted transaction message and the transaction message signature to the target server 104 after receiving the processing pass result, and the target server 104 may verify the encrypted transaction message and the transaction message signature and process the transaction message after the verification passes. For example, the target server 104 may decrypt the encrypted transaction message and verify the decrypted transaction message and the transaction message signature through the security server, so that the target server 104 may process the business logic of the transaction message after the verification passes.
By the embodiment, the target server 104 can determine whether the cloud server 102 has the qualification for communicating with the target server 104 by calling the security server to process the collaborative signature, decrypt the transaction message and verify the signature, so that the security of accessing the bank system is improved.
In one embodiment, as shown in fig. 4, fig. 4 is a flow chart illustrating a communication method in another embodiment. The cloud server 102 may be an enterprise financial system deployed on a third-party public cloud, that is, a client; the target server 104 may be a bank-enterprise direct connection system in a banking system, that is, a server. The method comprises the following steps: as shown in fig. 4, the method flow includes that the client initiates a request to the server to generate a client certificate, the client initiates a request to establish a transaction link, and the client initiates a transaction message, and the server responds to the above flows respectively.
The flow of certificate generation is shown in fig. 5, and fig. 5 is a schematic flow diagram of a certificate generation step in one embodiment. And the enterprise financial system deployed in the public cloud initiates a certificate generation request to the bank server. The bank server receives a certificate generating request initiated by the client financial system, calls the certificate system to generate related certificate information and returns the related certificate information to the client financial system, and meanwhile binds the certificate information with the client identity. Wherein the client identity information may be derived from the certificate generation request. The enterprise financial system receives bank processing results, including RSA certificates and SM2 certificates, and can store the RSA certificates in the financial system local; the SM2 certificate is divided into two parts, one part exists locally to the financial system and the other part exists at the target server. After the enterprise financial system finishes certificate application and storage, a transaction link can be established with the bank-enterprise direct connection application. For example, the enterprise financial system uses local RSA certificate information to initiate a request for establishing bidirectional https communication to a bank server; and the bank server verifies the relevant information of the client certificate, and if the verification is passed, the connection is successfully established.
After the client of the enterprise financial system completes the establishment of the transaction link, the client can interact with the transaction message of the server of the bank system. The interaction flow between the client and the server may be as shown in fig. 6, and fig. 6 is a schematic flow chart illustrating the transaction message processing steps in one embodiment. The server may be in communication connection with a security server, and the security server may be a server for authentication that is disposed inside the banking system. In the transaction message processing process, the client can firstly carry out signature initialization on the transaction message; then, a collaborative signature request is sent to the server; the server side calls a security server interface to process the collaborative signature, and returns the result to the client side; when the client obtains the collaborative signature result, the client signs the transaction message completely, and the client can encrypt the transaction message by using a 3DES algorithm; the client sends the transaction message encryption result and the transaction message signature result to the server; the server side decrypts the encrypted message result and sends the decrypted result and the message signature to the security server for signature verification; when the transaction of the security server fails, an error report result is returned to the client; if the verification is passed, the server side can continue to process the business logic of the transaction message and return the result to the client side; and the client receives the transaction message processing result and the transaction process is ended.
Through the embodiment, the certificate information corresponding to the user identity is used as the verification basis, and is divided into the locally stored certificate and the cloud-stored certificate, so that the certificate is prevented from being stolen by other people, the security of accessing the bank system is improved, the transaction message can be processed by verifying the information such as the signature of the transaction message after the communication link is established, the bank-enterprise direct connection service can be safely and reliably used on the premise that the financial system deployed in the public cloud of the third party does not need to use a physical U shield, the security of accessing the bank system is improved, and the bank-enterprise financial service is protected for enterprises.
It should be understood that although the various steps in the flowcharts of fig. 2-6 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-6 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, there is provided a communication system including: cloud server 102 and target server 104, wherein:
the cloud server is used for generating a certificate application request according to the user identity information corresponding to the cloud server and sending the certificate application request to the target server;
the target server is used for receiving a certificate application request of which the request information comprises user identity information and sent by the cloud server, generating corresponding certificate information according to the user identity information and returning the certificate information to the cloud server; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the encryption algorithm of the first certificate is different from that of the second certificate;
the cloud server is used for storing the first certificate and the local certificate and sending the cloud certificate to the target server;
the target server is used for storing the cloud certificate;
the cloud server is used for sending a communication request to the target server according to the first certificate and the local certificate;
and the target server is used for establishing communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate.
For the specific limitations of the communication system, reference may be made to the above limitations of the communication method, which are not described herein again.
In one embodiment, as shown in fig. 7, there is provided a communication apparatus including: an application module 500, an acquisition module 502, and a communication module 504, wherein:
the application module 500 is configured to generate a certificate application request according to user identity information corresponding to the cloud server and send the certificate application request to a target server; the target server is used for generating certificate information according to the user identity information and returning the certificate information; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms.
An obtaining module 502, configured to obtain certificate information sent by a target server, store the first certificate and the local certificate, and send the cloud certificate to the target server; the target server is used for storing the cloud certificate.
A communication module 504, configured to send a communication request to a target server according to the first certificate and the local certificate; and the target server is used for establishing communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate.
In an embodiment, the obtaining module 502 is specifically configured to obtain an RSA certificate and an SM2 certificate sent by a target server; storing the RSA certificate and the local SM2 certificate, and sending the cloud SM2 certificate to a target server; the target server is used for storing the cloud SM2 certificate.
In one embodiment, the communication module 504 is specifically configured to generate a two-way hypertext transfer security protocol communication request requesting information including an RSA certificate and a local SM2 certificate, and send the request to the target server.
In one embodiment, the above apparatus further comprises: the transaction request module is used for receiving the transaction request, generating a collaborative signature request according to the transaction message and sending the collaborative signature request to the target server; the target server is used for sending a processing passing result to the cloud server after the collaborative signature request is processed; receiving a processing passing result sent by the target server, generating a transaction message signature corresponding to the transaction message, and encrypting the transaction message to obtain an encrypted transaction message; sending the encrypted transaction message and the transaction message signature to a target server; the target server is used for processing the transaction message after the encrypted transaction message and the transaction message signature pass verification.
In one embodiment, as shown in fig. 8, there is provided a communication apparatus including: a receiving module 600, a storing module 602, and a verifying module 604, wherein:
the receiving module 600 is configured to receive a certificate application request that request information sent by a cloud server includes user identity information, generate corresponding certificate information according to the user identity information, and return the certificate information to the cloud server; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the encryption algorithm of the first certificate is different from that of the second certificate; the cloud server is used for storing the first certificate and the local certificate and sending the cloud certificate to the target server.
The storage module 602 is configured to receive and store the cloud certificate sent by the cloud server.
The verification module 604 is configured to obtain a communication request that includes the first certificate and the local certificate and is sent by the cloud server, verify the cloud certificate, the local certificate, and the first certificate, and establish a communication connection with the cloud server when the verification is passed.
In one embodiment, the above apparatus further comprises: the transaction processing module is used for acquiring the collaborative signature request sent by the cloud server, processing the system signature request through the security server interface and then sending a processing passing result to the cloud server; the cloud server is used for receiving the processing passing result and sending the encrypted transaction message and the transaction message signature to the target server; and acquiring the encrypted transaction message and the transaction message signature, decrypting the encrypted transaction message, verifying the decrypted transaction message and the transaction message signature through a secure server interface, and processing the transaction message if the verification is passed.
For the specific limitations of the communication device, reference may be made to the above limitations of the communication method, which are not described herein again. The respective modules in the above-described communication apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a communication method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory in which a computer program is stored and a processor which, when executing the computer program, implements the communication method described above.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which, when being executed by a processor, carries out the above-mentioned communication method.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the communication method described above.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (16)

1. A communication method is applied to a cloud server, and the method comprises the following steps:
generating a certificate application request according to the user identity information corresponding to the cloud server and sending the certificate application request to a target server; the target server is used for generating certificate information according to the user identity information and returning the certificate information; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms;
acquiring certificate information sent by the target server, storing the first certificate and the local certificate, and sending the cloud certificate to the target server; the target server is used for storing the cloud certificate;
sending a communication request to the target server according to the first certificate and the local certificate; the target server is used for establishing communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate.
2. The method of claim 1, wherein the first certificate is an RSA certificate, the second certificate is an SM2 certificate, the local certificate is a local SM2 certificate, and the cloud certificate is a cloud SM2 certificate;
the acquiring the certificate information sent by the target server, storing the first certificate and the local certificate, and sending the cloud certificate to the target server includes:
acquiring an RSA certificate and an SM2 certificate sent by the target server;
storing the RSA certificate and the local SM2 certificate, and sending the cloud SM2 certificate to the target server; the target server is used for storing the cloud SM2 certificate.
3. The method of claim 2, wherein sending a communication request to the target server based on the first certificate and the local certificate comprises:
and generating a two-way hypertext transfer security protocol communication request of request information comprising the RSA certificate and the local SM2 certificate, and sending the request information to the target server.
4. The method of claim 1, wherein after sending the communication request to the target server according to the first certificate and the local certificate, further comprising:
receiving a transaction request, generating a collaborative signature request according to a transaction message, and sending the collaborative signature request to the target server; the target server is used for sending a processing passing result to the cloud server after the collaborative signature request is processed;
receiving a processing passing result sent by the target server, generating a transaction message signature corresponding to the transaction message, and encrypting the transaction message to obtain an encrypted transaction message;
sending the encrypted transaction message and the transaction message signature to the target server; and the target server is used for processing the transaction message after the encrypted transaction message and the transaction message signature are verified.
5. A communication method applied to a target server, the method comprising:
receiving a certificate application request of requesting information including user identity information sent by a cloud server, generating corresponding certificate information according to the user identity information, and returning the certificate information to the cloud server; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms; the cloud server is used for storing the first certificate and the local certificate and sending the cloud certificate to the target server;
receiving and storing a cloud certificate sent by the cloud server;
and acquiring request information sent by the cloud server, wherein the request information comprises a communication request of the first certificate and the local certificate, verifying the cloud certificate, the local certificate and the first certificate, and establishing communication connection with the cloud server when the verification is passed.
6. The method of claim 5, further comprising, after establishing a communication connection with the cloud server when the authentication is passed:
acquiring a collaborative signature request sent by the cloud server, processing the system signature request through a security server interface, and sending a processing passing result to the cloud server; the cloud server is used for receiving the processing passing result and sending the encrypted transaction message and the transaction message signature to the target server;
and acquiring the encrypted transaction message and the transaction message signature, decrypting the encrypted transaction message, verifying the decrypted transaction message and the transaction message signature through the security server interface, and processing the transaction message if the verification is passed.
7. A communication system, the system comprising: cloud server and target server:
the cloud server is used for generating a certificate application request according to the user identity information corresponding to the cloud server and sending the certificate application request to a target server;
the target server is used for receiving a certificate application request of which the request information comprises user identity information and sent by the cloud server, generating corresponding certificate information according to the user identity information and returning the certificate information to the cloud server; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms;
the cloud server is used for storing the first certificate and the local certificate and sending the cloud certificate to the target server;
the target server is used for storing the cloud certificate;
the cloud server is used for sending a communication request to the target server according to the first certificate and the local certificate;
and the target server is used for establishing communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate.
8. A communication device applied to a cloud server, the device comprising:
the application module is used for generating a certificate application request according to the user identity information corresponding to the cloud server and sending the certificate application request to a target server; the target server is used for generating certificate information according to the user identity information and returning the certificate information; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms;
the acquisition module is used for acquiring the certificate information sent by the target server, storing the first certificate and the local certificate and sending the cloud certificate to the target server; the target server is used for storing the cloud certificate;
the communication module is used for sending a communication request to the target server according to the first certificate and the local certificate; the target server is used for establishing communication connection with the cloud server after the cloud server is verified according to the cloud certificate, the local certificate and the first certificate.
9. The apparatus of claim 8, wherein the first certificate is an RSA certificate, the second certificate is an SM2 certificate, the local certificate is a local SM2 certificate, and the cloud certificate is a cloud SM2 certificate;
the acquisition module is specifically configured to:
acquiring an RSA certificate and an SM2 certificate sent by the target server;
storing the RSA certificate and the local SM2 certificate, and sending the cloud SM2 certificate to the target server; the target server is used for storing the cloud SM2 certificate.
10. The apparatus according to claim 9, wherein the communication module is specifically configured to:
and generating a two-way hypertext transfer security protocol communication request of request information comprising the RSA certificate and the local SM2 certificate, and sending the request information to the target server.
11. The apparatus of claim 8, further comprising: a transaction request module to:
receiving a transaction request, generating a collaborative signature request according to a transaction message, and sending the collaborative signature request to the target server; the target server is used for sending a processing passing result to the cloud server after the collaborative signature request is processed;
receiving a processing passing result sent by the target server, generating a transaction message signature corresponding to the transaction message, and encrypting the transaction message to obtain an encrypted transaction message;
sending the encrypted transaction message and the transaction message signature to the target server; and the target server is used for processing the transaction message after the encrypted transaction message and the transaction message signature are verified.
12. A communication apparatus, applied to a target server, the apparatus comprising:
the receiving module is used for receiving a certificate application request of which the request information comprises user identity information and sent by the cloud server, generating corresponding certificate information according to the user identity information and returning the certificate information to the cloud server; the certificate information comprises a first certificate and a second certificate; the second certificate comprises a local certificate and a cloud certificate; the first certificate and the second certificate have different encryption algorithms; the cloud server is used for storing the first certificate and the local certificate and sending the cloud certificate to the target server;
the storage module is used for receiving and storing the cloud terminal certificate sent by the cloud server;
and the verification module is used for acquiring the request information sent by the cloud server and including the communication request of the first certificate and the local certificate, verifying the cloud certificate, the local certificate and the first certificate, and establishing communication connection with the cloud server when the verification is passed.
13. The apparatus of claim 12, further comprising: a transaction processing module to:
acquiring a collaborative signature request sent by the cloud server, processing the system signature request through a security server interface, and sending a processing passing result to the cloud server; the cloud server is used for receiving the processing passing result and sending the encrypted transaction message and the transaction message signature to the target server;
and acquiring the encrypted transaction message and the transaction message signature, decrypting the encrypted transaction message, verifying the decrypted transaction message and the transaction message signature through the security server interface, and processing the transaction message if the verification is passed.
14. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 6.
15. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
16. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 6 when executed by a processor.
CN202111492000.4A 2021-12-08 2021-12-08 Communication method, communication apparatus, computer device, and storage medium Pending CN114238916A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111492000.4A CN114238916A (en) 2021-12-08 2021-12-08 Communication method, communication apparatus, computer device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111492000.4A CN114238916A (en) 2021-12-08 2021-12-08 Communication method, communication apparatus, computer device, and storage medium

Publications (1)

Publication Number Publication Date
CN114238916A true CN114238916A (en) 2022-03-25

Family

ID=80754046

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111492000.4A Pending CN114238916A (en) 2021-12-08 2021-12-08 Communication method, communication apparatus, computer device, and storage medium

Country Status (1)

Country Link
CN (1) CN114238916A (en)

Similar Documents

Publication Publication Date Title
US11558381B2 (en) Out-of-band authentication based on secure channel to trusted execution environment on client device
US11818120B2 (en) Non-custodial tool for building decentralized computer applications
US11102191B2 (en) Enabling single sign-on authentication for accessing protected network services
JP2023502346A (en) Quantum secure networking
CN114024710A (en) Data transmission method, device, system and equipment
EP2251810B1 (en) Authentication information generation system, authentication information generation method, and authentication information generation program utilizing a client device and said method
CN110942382A (en) Electronic contract generating method and device, computer equipment and storage medium
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
CN111355591A (en) Block chain account safety management method based on real-name authentication technology
CN110176989B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN114238912A (en) Digital certificate processing method and device, computer equipment and storage medium
CN112039857B (en) Calling method and device of public basic module
CN116049802B (en) Application single sign-on method, system, computer equipment and storage medium
CN113094190A (en) Micro-service calling method, calling device, electronic equipment and storage medium
CN117294484A (en) Method, apparatus, device, medium and product for data interaction
US12034851B2 (en) Transaction security techniques
CN115529591A (en) Token-based authentication method, device, equipment and storage medium
CN110401535B (en) Digital certificate generation, secure communication and identity authentication method and device
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
CN210745178U (en) Identity authentication system
CN114117471A (en) Confidential data management method, electronic device, storage medium, and program product
CN114238916A (en) Communication method, communication apparatus, computer device, and storage medium
CN117118759B (en) Method for reliable use of user control server terminal key
CN117834242A (en) Verification method, device, apparatus, storage medium, and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination