CN114428965A - Secure communication method, system, electronic device, and storage medium - Google Patents

Secure communication method, system, electronic device, and storage medium Download PDF

Info

Publication number
CN114428965A
CN114428965A CN202111591426.5A CN202111591426A CN114428965A CN 114428965 A CN114428965 A CN 114428965A CN 202111591426 A CN202111591426 A CN 202111591426A CN 114428965 A CN114428965 A CN 114428965A
Authority
CN
China
Prior art keywords
client
token
server
information
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111591426.5A
Other languages
Chinese (zh)
Inventor
姚林林
黄烨
代书林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Beidu Technology Co ltd
Original Assignee
Hangzhou Beidu Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Beidu Technology Co ltd filed Critical Hangzhou Beidu Technology Co ltd
Priority to CN202111591426.5A priority Critical patent/CN114428965A/en
Publication of CN114428965A publication Critical patent/CN114428965A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application relates to a secure communication method, a system, an electronic device and a storage medium, wherein the secure communication method comprises the steps of obtaining an initial token corresponding to a first application program and current identity information of the first application program, and verifying the validity of the current identity information of the first application program according to the initial token; initiating a request message to a server under the condition that the current identity information of the first application program is verified to be legal, wherein the request message carries an initial token, equipment information of a client and a first ciphertext; under the condition that the client is verified to be legal through the server according to the initial token, the equipment information of the client and the first ciphertext, the first communication token sent by the server is received, the communication data is encrypted according to the encryption key indicated by the first communication token, and the communication data is sent to the server.

Description

Secure communication method, system, electronic device, and storage medium
Technical Field
The present application relates to the field of communication security, and more particularly, to a secure communication method, system, electronic device, and storage medium.
Background
In order to ensure the security of information transmission between a client and a server, HTTPS (Hyper Text Transfer Protocol over Secure Layer) is widely used.
HTTPS is a security-targeted HTTP channel that requires a three-way handshake procedure that includes TCP. The method specifically comprises the following steps: the client sends a SYN (handshaking signal) connection request message to the server, the server returns a SYN/ACK (Acknowledgement character) confirmation message to the client after receiving the SYN connection request message, and the client sends an ACK confirmation message to the server after receiving the SYN/ACK confirmation message. Based on the above process, the three-way handshake process of the TCP can be completed, and the TCP connection is established. On the basis of HTTP, the SSL/TLS technology is utilized to realize data encryption, identity authentication and data integrity verification, thereby ensuring the safety of information transmission between the client and the server. However, there is a possibility that the client is tampered when initiating the request, and the validity of the client initiating the request cannot be guaranteed in the information transmission process between the client and the server.
Aiming at the problem that the legality of a client initiating a request cannot be guaranteed in the related art, no effective solution is provided at present.
Disclosure of Invention
The embodiment provides a secure communication method, a system, an electronic device and a storage medium, so as to solve the problem that the validity of a client initiating a request cannot be guaranteed in the related art.
In a first aspect, in this embodiment, a secure communication method is provided, which is applied to a client, where an application and an initial token corresponding to at least one application are set, and the method includes:
acquiring an initial token corresponding to a first application program and current identity information of the first application program, and verifying the validity of the current identity information of the first application program according to the initial token, wherein the initial token comprises identity information carried before the first application program is downloaded and installed to the client;
initiating a request message to a server under the condition that the current identity information of the first application program is verified to be legal, wherein the request message carries the initial token, the equipment information of the client and a first ciphertext;
and under the condition that the client is verified to be legal through the server according to the initial token, the equipment information of the client and the first ciphertext, receiving a first communication token sent by the server, encrypting communication data according to an encryption key indicated by the first communication token, and sending the communication data to the server.
In some of these embodiments, verifying the legitimacy of the current identity information of the first application from the initial token comprises:
encrypting the current identity information according to a preset first encryption algorithm, and judging whether the encrypted current identity information is the same as identity authentication information in the initial token or not, wherein the identity authentication information comprises information generated by encrypting the identity information according to the preset first encryption algorithm;
and determining that the first application program is legal when the encrypted current identity information is judged to be the same as the identity authentication information in the initial token.
In some of these embodiments, in the event that the client is verified to be legitimate via the server from the initial token, the device information of the client, and the first ciphertext, receiving the first communication token sent by the server comprises:
and receiving a first communication token sent by the server when the server judges that a second ciphertext generated by encrypting the equipment information of the client according to the initial token is the same as the first ciphertext, wherein the first ciphertext comprises a ciphertext generated by encrypting the equipment information of the client by the initial token based on an encryption algorithm negotiated by the client and the server.
In some embodiments, before encrypting the communication data according to the encryption key indicated by the first communication token and sending the communication data to the server, the method includes:
judging whether the first communication token is expired or not according to preset token expiration time;
when the first communication token is judged to be out of date, the current identity information of the first application program is obtained again and verified, and a request message is initiated to the server again when the fact that the obtained current identity information is legal is verified;
and under the condition that the client is verified to be legal by the server, receiving a second communication token sent by the server, encrypting communication data according to an encryption algorithm indicated by the second communication token, and sending the communication data to the server.
In some embodiments, the initial token further includes domain name verification information obtained by encrypting the domain name where the server is located according to a preset second encryption algorithm.
In some embodiments, after verifying the validity of the current identity information of the first application according to the initial token, the method includes:
acquiring a current request domain name of the first application program, encrypting the current request domain name according to the preset second encryption algorithm, and judging whether the encrypted current request domain name is the same as domain name verification information in the initial token or not;
and when judging that the encrypted current request domain name is the same as the domain name verification information in the initial token, determining that the current request domain name is legal.
In some embodiments, after verifying the validity of the current identity information of the first application according to the initial token, the method includes:
acquiring a current request domain name and a trust list of the first application program, wherein the trust list comprises a trusted domain name;
judging whether the current request domain name exists in the trust list or not;
and when the current request domain name exists in the trust list, determining that the current request domain name is legal.
In a second aspect, there is provided in this embodiment a secure communication system comprising: a client and a server, wherein,
the client is used for executing the secure communication method of the first aspect;
and the server is used for verifying whether the client is legal or not according to the initial token, the equipment information of the client and the first ciphertext and sending a first communication token to the client under the condition that the client is legal.
In a third aspect, in this embodiment, there is provided an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the secure communication method according to the first aspect when executing the computer program.
In a fourth aspect, in the present embodiment, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the secure communication method of the first aspect described above.
Compared with the related art, in the secure communication method provided in this embodiment, the initial token corresponding to the first application program and the current identity information of the first application program are obtained, and the validity of the current identity information of the first application program is verified according to the initial token, where the initial token includes the identity information carried by the first application program before the first application program is downloaded and installed to the client; initiating a request message to a server under the condition that the current identity information of the first application program is verified to be legal, wherein the request message carries the initial token, the equipment information of the client and a first ciphertext; and under the condition that the client is verified to be legal by the server according to the initial token, the equipment information of the client and the first ciphertext, receiving a first communication token sent by the server, encrypting communication data according to an encryption key indicated by the first communication token, and sending the communication data to the server, so that the problem that the legality of the client initiating the request cannot be guaranteed is solved, and the safety of information transmission is improved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a block diagram of a hardware configuration of a terminal of a secure communication method according to an embodiment of the present application;
fig. 2 is a flowchart of a secure communication method according to an embodiment of the present application.
Detailed Description
For a clearer understanding of the objects, aspects and advantages of the present application, reference is made to the following description and accompanying drawings.
Unless defined otherwise, technical or scientific terms used herein shall have the same general meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The use of the terms "a" and "an" and "the" and similar referents in the context of this application do not denote a limitation of quantity, either in the singular or the plural. The terms "comprises," "comprising," "has," "having," and any variations thereof, as referred to in this application, are intended to cover non-exclusive inclusions; for example, a process, method, and system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or modules, but may include other steps or modules (elements) not listed or inherent to such process, method, article, or apparatus. Reference throughout this application to "connected," "coupled," and the like is not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference to "a plurality" in this application means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. In general, the character "/" indicates a relationship in which the objects associated before and after are an "or". The terms "first," "second," "third," and the like in this application are used for distinguishing between similar items and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided in the present embodiment may be executed in a terminal, a computer, or a similar computing device. For example, the method is executed on a terminal, and fig. 1 is a block diagram of a hardware structure of the terminal according to the secure communication method of the present embodiment. As shown in fig. 1, the terminal may include one or more processors 102 (only one shown in fig. 1) and a memory 104 for storing data, wherein the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA. The terminal may also include a transmission device 106 for communication functions and an input-output device 108. It will be understood by those of ordinary skill in the art that the structure shown in fig. 1 is merely an illustration and is not intended to limit the structure of the terminal described above. For example, the terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used for storing computer programs, for example, software programs and modules of application software, such as a computer program corresponding to the secure communication method in the embodiment, and the processor 102 executes various functional applications and data processing by running the computer programs stored in the memory 104, so as to implement the above-mentioned method. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. The network described above includes a wireless network provided by a communication provider of the terminal. In one example, the transmission device 106 includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
In the actual information transmission process, local information of a client may be tampered, and when the tampered client initiates a request to a server, the prior art cannot find whether the client is tampered, so that the tampered client communicates with the server, and information security events such as information leakage occur.
In this embodiment, a secure communication method is provided, and it should be noted that, first of all, the secure communication method in this embodiment is applied to a client, when the secure communication method is actually applied, at least one application program and an initial token corresponding to the application program are set in the client, where the initial token is generated by a server and sent to the client before the application program formally comes online, fig. 2 is a flowchart of the secure communication method in this embodiment, and as shown in fig. 2, the flowchart includes the following steps:
step S201, obtaining an initial token corresponding to the first application and current identity information of the first application, and verifying validity of the current identity information of the first application according to the initial token, where the initial token includes identity information carried before the first application is downloaded and installed to the client.
Specifically, the package name and the signature are unique identifiers of the application program, and therefore, in this embodiment, the identity information in the initial token includes the package name and the signature when the application program is first put into use, and the current identity information includes the package name and the signature of the application program when the client initiates the request.
Through the steps, the identity information of the application program is verified before the client side sends the request to the server, the legality of the application program when the request is sent can be guaranteed, and therefore the safety of information transmission is improved.
Step S202, under the condition that the current identity information of the first application program is verified to be legal, a request message is sent to the server, wherein the request message carries an initial token, the equipment information of the client and a first ciphertext.
Specifically, the client may be a notebook computer, a smart phone, a tablet computer, or other devices that can communicate with the server.
And step S203, receiving the first communication token sent by the server under the condition that the client is verified to be legal through the server according to the initial token, the equipment information of the client and the first ciphertext, encrypting the communication data according to the encryption key indicated by the first communication token, and sending the communication data to the server.
Specifically, after the server receives a request sent by the client, the client initiating the request is verified according to an initial token, device information of the client and a first ciphertext in request information, and after the verification is passed, the server token system generates a first communication token. So that the client sends the information to be transmitted to the server after symmetric encryption by using the encryption key indicated by the first communication token, wherein the encryption key can be a random number generated by the server.
In the above steps S201 to S203, the identity information carried by the initial token in the client is used to verify the identity information of the application program that is to initiate the request, so as to ensure the validity of the application program that initiates the request.
In some of these embodiments, verifying the legitimacy of the current identity information of the first application from the initial token comprises:
encrypting the current identity information according to a preset first encryption algorithm, and judging whether the encrypted current identity information is the same as the identity authentication information in the initial token or not, wherein the identity authentication information comprises information generated by encrypting the identity information according to the preset first encryption algorithm; and determining that the first application program is legal when the encrypted current identity information is judged to be the same as the identity authentication information in the initial token.
Specifically, the identity authentication information in the initial token is generated by encrypting the identity information of the first application program according to a preset first encryption algorithm preset by the client and the server, when the first application program initiating the request is verified to be legal, a ciphertext generated by encrypting the identity information when the first application program initiates the request according to the preset first encryption algorithm is compared with the identity authentication information in the initial token, and when the two are completely the same, it is indicated that the first application program initiating the request is not tampered and is legal.
In some of these embodiments, in the case where the client is verified to be legitimate via the server based on the initial token, the device information of the client, and the first ciphertext, receiving the first communication token sent by the server includes:
and receiving a first communication token sent by the server when the server judges that a second ciphertext generated by encrypting the equipment information of the client according to the initial token is the same as a first ciphertext, wherein the first ciphertext comprises a ciphertext generated by encrypting the equipment information of the client by the initial token based on an encryption algorithm negotiated by the client and the server.
Specifically, the first ciphertext is generated by encrypting the device information using the initial token through an encryption algorithm negotiated between the client and the server, after the request information is sent to the server, the server also uses the negotiated encryption algorithm to encrypt the received device information using the received initial token to generate a second ciphertext, and if the request information is not tampered, the first ciphertext is the same as the second ciphertext, which can prove that the client initiating the request is legal.
In this embodiment, after the received request information is once verified to determine the validity of the client, the first communication token may be sent to the client, where the first communication token includes an encryption algorithm and an encryption key for subsequent communication between the client and the server. After receiving the first communication token, the client can acquire that the request is successfully verified and passes, and also acquire an encryption algorithm and an encryption key communicated with the server.
In some embodiments, before encrypting the communication data according to the encryption key indicated by the first communication token and sending the communication data to the server, the method includes:
judging whether the first communication token is expired according to preset token expiration time; when the first communication token is judged to be out of date, the current identity information of the first application program is acquired and verified again, and a request message is initiated to the server again under the condition that the acquired current identity information is verified to be legal; and in the case that the client is verified to be legal through the server, receiving a second communication token sent by the server, encrypting communication data according to an encryption algorithm indicated by the second communication token, and sending the communication data to the server.
Specifically, when receiving a first communication token, the client determines time for issuing the first communication token according to parameter information in the first communication token, and then determines whether the first communication token is expired according to preset token expiration time. When the first communication token is judged to be expired, the secure communication method in the implementation is executed again, namely the local information (identity information of the application program) of the client is verified again according to the initial token, and then a request is initiated to acquire the second communication token.
In practical application, the request information sent by the client to the server not only carries the initial token, the equipment information and the first ciphertext, but also carries a time stamp, a random number and other parameters, the first ciphertext is a ciphertext generated by encrypting the equipment information, the time stamp, the random number and other parameters by the initial token, and when the client initiates a request to the service each time, the time stamp, the random number and other parameters are updated to form a new first ciphertext.
In some embodiments, the initial token further includes domain name verification information obtained by encrypting the domain name where the server is located according to a preset second encryption algorithm.
Specifically, in practical applications, the preset second encryption algorithm for encrypting the domain name where the server is located and the preset first encryption algorithm for encrypting the identity information of the application program may be the same encryption algorithm.
Further, after the client verifies that the identity information of the application program is legal, the validity of the request domain name can be verified, that is, the validity of the server information is verified. The method comprises the steps of encrypting a current request domain name according to a preset second encryption algorithm by acquiring the current request domain name of a first application program, and judging whether the encrypted current request domain name is the same as domain name verification information in an initial token or not; and when judging that the encrypted current request domain name is the same as the domain name verification information in the initial token, determining that the current request domain name is legal.
The client side can verify the validity of the request domain name by acquiring the current request domain name and a trust list of the first application program, wherein the trust list comprises a trusted domain name; judging whether a current request domain name exists in a trust list; and when judging that the current request domain name exists in the trust list, determining that the current request domain name is legal.
The validity of the local information of the client and the server information is verified before the client sends the request information, so that the safety of the communication between the client and the server is ensured.
In some embodiments, after verifying the validity of the current identity information of the first application program according to the initial token, the client may also verify the validity of the server identity by receiving a server certificate sent by the server.
In a second aspect, there is provided in this embodiment a secure communication system comprising: a client and a server, wherein,
the client is used for executing the secure communication method in any method embodiment;
the server is used for verifying whether the client is legal or not according to the initial token, the equipment information of the client and the first ciphertext and sending the first communication token to the client under the condition that the client is legal through verification.
It should be noted that the steps illustrated in the above-described flow diagrams or in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order different than here.
There is also provided in this embodiment an electronic device comprising a memory having a computer program stored therein and a processor configured to execute the computer program to perform the steps of any of the method embodiments described above.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s301, an initial token corresponding to the first application program and current identity information of the first application program are obtained, and the validity of the current identity information of the first application program is verified according to the initial token, wherein the initial token comprises identity information carried before the first application program is downloaded and installed to the client.
S302, under the condition that the current identity information of the first application program is verified to be legal, a request message is sent to a server, wherein the request message carries an initial token, the equipment information of the client and a first ciphertext.
And S303, receiving the first communication token sent by the server under the condition that the client is verified to be legal through the server according to the initial token, the equipment information of the client and the first ciphertext, encrypting the communication data according to the encryption key indicated by the first communication token, and sending the communication data to the server.
It should be noted that, for specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and optional implementations, and details are not described again in this embodiment.
In addition, in combination with the secure communication method provided in the foregoing embodiment, a storage medium may also be provided to implement in this embodiment. The storage medium having stored thereon a computer program; the computer program, when executed by a processor, implements any of the secure communication methods of the above embodiments.
It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to be limiting. All other embodiments, which can be derived by a person skilled in the art from the examples provided herein without any inventive step, shall fall within the scope of protection of the present application.
It is obvious that the drawings are only examples or embodiments of the present application, and it is obvious to those skilled in the art that the present application can be applied to other similar cases according to the drawings without creative efforts. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
The term "embodiment" is used herein to mean that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly or implicitly understood by one of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the patent protection. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.

Claims (10)

1. A secure communication method applied to a client, the client having an application program and an initial token corresponding to at least one application program, the method comprising:
acquiring an initial token corresponding to a first application program and current identity information of the first application program, and verifying the validity of the current identity information of the first application program according to the initial token, wherein the initial token comprises identity information carried before the first application program is downloaded and installed to the client;
initiating a request message to a server under the condition that the current identity information of the first application program is verified to be legal, wherein the request message carries the initial token, the equipment information of the client and a first ciphertext;
and under the condition that the client is verified to be legal through the server according to the initial token, the equipment information of the client and the first ciphertext, receiving a first communication token sent by the server, encrypting communication data according to an encryption key indicated by the first communication token, and sending the communication data to the server.
2. The secure communication method of claim 1, wherein verifying the validity of the current identity information of the first application according to the initial token comprises:
encrypting the current identity information according to a preset first encryption algorithm, and judging whether the encrypted current identity information is the same as identity authentication information in the initial token or not, wherein the identity authentication information comprises information generated by encrypting the identity information according to the preset first encryption algorithm;
and determining that the first application program is legal when the encrypted current identity information is judged to be the same as the identity authentication information in the initial token.
3. The secure communication method according to claim 1, wherein, in a case where the client is verified to be legitimate from the initial token, the device information of the client, and the first ciphertext via the server, receiving the first communication token transmitted by the server comprises:
and receiving a first communication token sent by the server when the server judges that a second ciphertext generated by encrypting the equipment information of the client according to the initial token is the same as the first ciphertext, wherein the first ciphertext comprises a ciphertext generated by encrypting the equipment information of the client by the initial token based on an encryption algorithm negotiated by the client and the server.
4. The secure communication method according to claim 1, wherein before encrypting the communication data according to the encryption key indicated by the first communication token and transmitting the communication data to the server, the secure communication method comprises:
judging whether the first communication token is expired or not according to preset token expiration time;
when the first communication token is judged to be out of date, the current identity information of the first application program is obtained and verified again, and a request message is initiated to the server again under the condition that the obtained current identity information is verified to be legal;
and under the condition that the client is verified to be legal by the server, receiving a second communication token sent by the server, encrypting communication data according to an encryption algorithm indicated by the second communication token, and sending the communication data to the server.
5. The secure communication method according to claim 1, wherein the initial token further includes domain name verification information obtained by encrypting a domain name where the server is located according to a preset second encryption algorithm.
6. The secure communication method according to claim 5, wherein after verifying the validity of the current identity information of the first application according to the initial token, the method comprises:
acquiring a current request domain name of the first application program, encrypting the current request domain name according to the preset second encryption algorithm, and judging whether the encrypted current request domain name is the same as domain name verification information in the initial token or not;
and when judging that the encrypted current request domain name is the same as the domain name verification information in the initial token, determining that the current request domain name is legal.
7. The secure communication method according to claim 1, wherein after verifying validity of the current identity information of the first application according to the initial token, the method comprises:
acquiring a current request domain name and a trust list of the first application program, wherein the trust list comprises a trusted domain name;
judging whether the current request domain name exists in the trust list or not;
and when the current request domain name exists in the trust list, determining that the current request domain name is legal.
8. A secure communication system, comprising: a client and a server, wherein,
the client is used for executing the secure communication method of any one of claims 1 to 7;
and the server is used for verifying whether the client is legal or not according to the initial token, the equipment information of the client and the first ciphertext and sending a first communication token to the client under the condition that the client is legal.
9. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to run the computer program to perform the secure communication method of any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the secure communication method of any one of claims 1 to 7.
CN202111591426.5A 2021-12-23 2021-12-23 Secure communication method, system, electronic device, and storage medium Pending CN114428965A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111591426.5A CN114428965A (en) 2021-12-23 2021-12-23 Secure communication method, system, electronic device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111591426.5A CN114428965A (en) 2021-12-23 2021-12-23 Secure communication method, system, electronic device, and storage medium

Publications (1)

Publication Number Publication Date
CN114428965A true CN114428965A (en) 2022-05-03

Family

ID=81311362

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111591426.5A Pending CN114428965A (en) 2021-12-23 2021-12-23 Secure communication method, system, electronic device, and storage medium

Country Status (1)

Country Link
CN (1) CN114428965A (en)

Similar Documents

Publication Publication Date Title
CN109246053B (en) Data communication method, device, equipment and storage medium
CN110380852B (en) Bidirectional authentication method and communication system
CN107277061B (en) IOT (Internet of things) equipment based end cloud secure communication method
US9288234B2 (en) Security policy enforcement
CN108401011A (en) The accelerated method of handshake request, equipment and fringe node in content distributing network
CN112714053B (en) Communication connection method and device
CN110839240B (en) Method and device for establishing connection
CN107786515B (en) Certificate authentication method and equipment
Li et al. A secure sign-on protocol for smart homes over named data networking
US20180069836A1 (en) Tiered attestation for resource-limited devices
CN111800377B (en) Mobile terminal identity authentication system based on safe multi-party calculation
CN113556321A (en) Password authentication method, system, electronic device and storage medium
CN111541716A (en) Data transmission method and related device
CN110601825A (en) Ciphertext processing method and device, storage medium and electronic device
CN113159766A (en) Data protection method, device, system, electronic device and storage medium
JP5614465B2 (en) Encryption communication device, proxy server, encryption communication device program, and proxy server program
CN103986716A (en) Establishing method for SSL connection and communication method and device based on SSL connection
CN109088731B (en) Internet of things cloud communication method and device
CN107466466B (en) Secure communication method, controlled device and equipment, remote control device and equipment
CN116232683A (en) Authentication method, device and computer medium of industrial micro-service system
CN114428965A (en) Secure communication method, system, electronic device, and storage medium
CN115499837A (en) Communication method, device, equipment and storage medium based on secure transport layer protocol
CN114726865A (en) Data pledge method, system, electronic device and storage medium
CN114707158A (en) Network communication authentication method and network communication authentication system based on TEE
CN115567195A (en) Secure communication method, client, server, terminal and network side equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination