CN114666132A - Method for encrypting and authenticating application layer based on TCP/IP protocol - Google Patents
Method for encrypting and authenticating application layer based on TCP/IP protocol Download PDFInfo
- Publication number
- CN114666132A CN114666132A CN202210288802.1A CN202210288802A CN114666132A CN 114666132 A CN114666132 A CN 114666132A CN 202210288802 A CN202210288802 A CN 202210288802A CN 114666132 A CN114666132 A CN 114666132A
- Authority
- CN
- China
- Prior art keywords
- application program
- certificate
- protocol
- remote server
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000004590 computer program Methods 0.000 claims abstract description 22
- 235000014510 cooky Nutrition 0.000 claims abstract description 7
- 238000012795 verification Methods 0.000 claims description 12
- 230000006870 function Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000012546 transfer Methods 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 238000012937 correction Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013515 script Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
Abstract
The present disclosure relates to a method, computer device, storage medium and computer program product for cryptographic authentication of an application layer based on a TCP/IP protocol. The method comprises the following steps: setting a secure attribute and an httpOnly attribute for the Cookie; transmitting data of the application program by using a POST method with XSRF token protection; prohibiting screen capture or screen recording of a screen image containing sensitive data of the application program; clearing the content of the buffer after the sensitive data of the application program is used; and confirming the legality of the link between the application program and the remote server when the application program is used. By adopting the method, the level of encryption authentication of the application layer can be improved, and the privacy safety of the user when the application program carries out data transmission is ensured.
Description
Technical Field
The present disclosure relates to the field of application software encryption technologies, and in particular, to a method, a computer device, and a storage medium for encrypting and authenticating an application layer based on a TCP/IP protocol.
Background
Most of the existing application programs have the problem of poor safety, wherein most of the application programs support the use of an http protocol, and because the safety of the http protocol is poor, and the application programs can not display the http protocol or the https protocol like browsing a webpage, a user cannot know whether data of the application programs are transmitted in a confidential mode or not when the application programs are used, and the privacy safety of the user cannot be guaranteed.
Disclosure of Invention
In view of the above, it is necessary to provide a method, a computer device and a storage medium for cryptographic authentication of an application layer based on a TCP/IP protocol, which can efficiently perform cryptographic authentication of the application layer.
In a first aspect, an embodiment of the present disclosure provides a method for cryptographic authentication of an application layer based on a TCP/IP protocol. The method comprises the following steps:
setting secure and httpOnly attributes for the Cookie;
transmitting data of the application program by using a POST method with XSRF token protection;
prohibiting screen capture or screen recording of a screen image containing sensitive data of the application program;
clearing the content of the buffer after the sensitive data of the application program is used;
and confirming the legality of the link between the application program and the remote server when the application program is used.
Preferably, the confirming the validity of the link of the application program with the remote server when using the application program comprises:
and performing certificate locking or certificate verification on the application program.
Further preferably, the certificate lock comprises:
the SSL/TLS certificate is built in the application program, when the application program initiates a link request with a remote server, the content of the certificate built in the application program and the content of the certificate of the remote server side are compared to determine the link validity;
the certificate verification comprises:
the application program verifies the certificate in the application program, and before the application program verifies the certificate in the application program: signed by a trusted CA certificate issuing authority.
Further preferably, the certificate verification comprises:
after the application program verifies the certificate in the application program, extracting hardware information or network information of a remote server from the certificate;
matching the hardware information or the network information of the remote server extracted from the certificate with the hardware information or the network information of the target server which is required by the application program to communicate with the target server, wherein if the matching is successful, the certificate passes the verification;
before the application program verifies the certificate in the application program: signed by a trusted CA certificate issuing authority.
Preferably, the method further comprises:
and detecting a link protocol between the application program and the remote server at intervals, and if the link protocol is an http protocol, redirecting to an https protocol.
Preferably, the method further comprises:
when the service time of the application program exceeds the preset time, popping up a message box to prompt a user that the application program will quit logging after counting down for a certain time;
prompting whether the user agrees to the application program to log out after the pop-up message box;
and clearing the cache data after the application program exits the login.
Preferably, the method further comprises:
and forbidding the mobile terminal to back up the application program.
Further preferably, the method further comprises:
caching of requests/responses for http protocol or https protocol is prohibited.
Further preferably, the method further comprises:
explicit Intent is used to transfer sensitive data between applications.
Further preferably, the method further comprises:
disabling an auto-correction function of the input method when sensitive information is input;
further preferably, the method further comprises: sensitive keywords are entered using a custom keyboard.
In a second aspect, the disclosed embodiment also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the steps of the method according to any of the embodiments of the present disclosure when executing the computer program.
In a third aspect, the disclosed embodiments also provide a computer-readable storage medium. The computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of any of the embodiments of the present disclosure.
In a fourth aspect, the disclosed embodiments also provide a computer program product. The computer program product comprising a computer program that when executed by a processor implements the steps of the method of any of the embodiments of the present disclosure.
According to the method, by setting secure and httpOnly attributes for Cookie, data of an application program is transmitted by using a POST method with XSRF token protection, screen capture or screen recording of a screen image containing sensitive data of the application program is prohibited, the content of a buffer area is cleared after the sensitive data of the application program is used, and the validity of the link between the application program and a remote server is confirmed when the application program is used; therefore, the level of encryption authentication of the application layer is improved, the user experience is further improved, and the privacy safety of the user when the application program carries out data transmission is guaranteed.
Drawings
FIG. 1 is a diagram of an application environment for a method for cryptographic authentication of an application layer based on a TCP/IP protocol in one embodiment;
FIG. 2 is a flow diagram illustrating a method for cryptographic authentication of an application layer based on a TCP/IP protocol in one embodiment;
FIG. 3 is a flow diagram that illustrates a method for cryptographic authentication of an application layer based on a TCP/IP protocol, according to an embodiment;
FIG. 4 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clearly understood, the embodiments of the present disclosure are described in further detail below with reference to the accompanying drawings and the embodiments. It is to be understood that the specific embodiments described herein are merely illustrative of the embodiments of the disclosure and that no limitation to the embodiments of the disclosure is intended.
The method for encrypting and authenticating the application layer based on the TCP/IP protocol provided by the embodiment of the disclosure can be applied to the application environment shown in FIG. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104, or may be located on the cloud or other network server. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices and portable wearable devices, and the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart car-mounted devices, and the like. The portable wearable device can be a smart watch, a smart bracelet, a head-mounted device, and the like. The server 104 may be implemented as a stand-alone server or as a server cluster comprised of multiple servers.
In one embodiment, as shown in fig. 2, a method for cryptographic authentication of an application layer based on a TCP/IP protocol is provided, which is described by taking the method as an example for being applied to the terminal in fig. 1, and includes the following steps:
step S201, setting secure and httpOnly attributes for Cookie;
in the embodiment of the invention, the setting is suitable for all Cookies of the application program of the mobile terminal, and the attack of cross site scripts (XSS) and the like is prevented.
Step S202, transmitting data of an application program by using a POST method with XSRF token protection;
in an embodiment of the invention, the fact that post data is not recorded is realized.
Step S203, prohibiting screen capture or screen recording of a screen image containing sensitive data of an application program;
in the embodiment of the invention, the sensitive data is prevented from being acquired by other application programs in a screen capture or recording manner.
Step S204, clearing the content of the buffer area after the sensitive data of the application program is used;
in the embodiment of the invention, the stealing of sensitive data is realized by avoiding the content of the dump buffer of other application programs; sensitive data includes not only: key, password.
Step S205, when the application program is used, the validity of the link between the application program and the remote server is confirmed;
in the embodiment of the invention, the communication link between the application program and the pseudo server on the pseudo base station is avoided, and sensitive data on the application program is stolen;
further preferably, the confirming the validity of the link of the application program with the remote server when the application program is used includes:
performing certificate locking or certificate verification on the application program;
wherein certificate locking comprises:
the SSL/TLS certificate is built in the application program, and when the application program initiates a link request with a remote server, the content of the certificate built in the application program and the content of the certificate of the remote server are compared to determine the link validity;
further, certificate verification includes:
the application program verifies the certificate in the application program, and before the application program verifies the certificate in the application program: signed by a trusted CA certificate issuing authority;
further preferably, the certificate verification comprises:
after the application program verifies the certificate in the application program, extracting the hardware information or the network information of the remote server from the certificate;
matching the hardware information or the network information of the remote server extracted from the certificate with the hardware information or the network information of a target server which is required to communicate with the target server by the application program, and if the matching is successful, the certificate passes the verification;
before the application program verifies the certificate in the application program: signed by a trusted CA certificate issuing authority.
In one embodiment, as shown in fig. 3, in step S206, a link protocol between the application program and the remote server is detected at intervals, and if the link protocol is an http protocol, the link protocol is redirected to an https protocol;
in the embodiment of the invention, the requirement that the remote server does not start the mandatory https protocol is met; further preferably, caching of http protocol or http protocol requests/responses is prohibited, and caching is precluded from the root.
Step S207, after the service time of the application program exceeds the preset time, popping up a message box to prompt a user that the application program will quit logging after counting down for a certain time, and clearing cache data after the application program quits logging;
in the embodiment of the invention, further realizing that no use trace of sensitive data is left, the method further comprises the following steps: forbidding the mobile terminal to back up the application program; preferably, after popping up the message box, prompting whether the user agrees to quit the login of the application program or not so as to verify whether the user leaves the control of the application program or not and meet different use requirements; further, when a user inputs sensitive information, the automatic correction function of the input method is forbidden, and the input method is indirectly forbidden from recording input contents; further comprising: sensitive keywords are input by using a custom keyboard, and the caching of a forbidden input method/keyboard is realized; the method also comprises the step of using the explicit Intent to transmit sensitive data between the application programs so as to transmit data to a fixed receiver and avoid being sniffed by other application programs.
In the embodiment of the invention, secure and httpOnly attributes are set for Cookie, a POST method with XSRF token protection is used for transmitting data of an application program, screen capture or screen recording of a screen image containing sensitive data of the application program is forbidden, the content of a buffer area is cleared after the sensitive data of the application program is used, and the legality of the link between the application program and a remote server is confirmed when the application program is used; after the validity of the link between the application program and the remote server is confirmed, a link protocol between the application program and the remote server is detected at intervals, if the link protocol is an http protocol, the link protocol is redirected to an http protocol, and after the service time of the application program exceeds a preset time, a message box is popped up to prompt a user that the application program will quit logging after counting down for a certain time, and cache data is cleared after the application program quits logging; therefore, the level of encryption and authentication of the application layer is improved, and the user experience is further improved.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in the figures may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or at least partially in sequence with other steps or other steps.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used to store the data generated and transmitted in this embodiment. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method for cryptographic authentication of an application layer based on a TCP/IP protocol.
Those skilled in the art will appreciate that the configuration shown in fig. 4 is a block diagram of only a portion of the configuration associated with embodiments of the present disclosure, and does not constitute a limitation on the computing devices to which embodiments of the present disclosure may be applied, and that a particular computing device may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
In an embodiment, a computer program product is provided, comprising a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) related to the embodiments of the present disclosure are information and data authorized by the user or sufficiently authorized by each party.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, databases, or other media used in the embodiments provided by the embodiments of the disclosure may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include a Read-Only Memory (ROM), a magnetic tape, a floppy disk, a flash Memory, an optical Memory, a high-density embedded nonvolatile Memory, a resistive Random Access Memory (ReRAM), a Magnetic Random Access Memory (MRAM), a Ferroelectric Random Access Memory (FRAM), a Phase Change Memory (PCM), a graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others. The databases involved in the various embodiments provided by the embodiments of the present disclosure may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided in the disclosure may be general processors, central processing units, graphics processors, digital signal processors, programmable logic devices, data processing logic devices based on quantum computing, etc., without being limited thereto.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The embodiments described above only represent several implementation manners of the embodiments of the present disclosure, and the descriptions are specific and detailed, but should not be construed as limiting the scope of the claims of the embodiments of the present disclosure. It should be noted that, for those skilled in the art, variations and modifications can be made without departing from the concept of the embodiments of the present disclosure, and these are all within the scope of the embodiments of the present disclosure. Therefore, the protection scope of the embodiments of the present disclosure should be subject to the appended claims.
Claims (15)
1. A method for cryptographic authentication of an application layer based on a TCP/IP protocol, the method comprising the steps of:
setting a secure attribute and an httpOnly attribute for the Cookie;
transmitting data of the application program by using a POST method with XSRF token protection;
prohibiting screen capture or screen recording of a screen image containing sensitive data of the application program;
clearing the content of the buffer area after the sensitive data of the application program is used;
and confirming the legality of the link between the application program and the remote server when the application program is used.
2. The method of claim 1, wherein validating the legitimacy of the application program linked to a remote server when using the application program comprises:
and performing certificate locking or certificate verification on the application program.
3. The method of claim 2, wherein the certificate lock comprises:
the SSL/TLS certificate is built in the application program, and when the application program initiates a link request with a remote server, the content of the certificate built in the application program and the content of the certificate of the remote server are compared to determine the link validity.
4. The method of claim 2, wherein the certificate verification comprises:
the application program verifies the certificate in the application program, and before the application program verifies the certificate in the application program: signed by a trusted CA certificate issuing authority.
5. The method of claim 4, wherein the certificate verification comprises:
after the application program verifies the certificate in the application program, extracting hardware information or network information of a remote server from the certificate;
matching the hardware information or the network information of the remote server extracted from the certificate with the hardware information or the network information of the target server which is required by the application program to communicate with the target server, wherein if the matching is successful, the certificate passes the verification;
before the application program verifies the certificate in the application program: signed by a trusted CA certificate issuing authority.
6. The method of claim 1, further comprising:
and detecting a link protocol between the application program and the remote server at intervals, and if the link protocol is an http protocol, redirecting to an https protocol.
7. The method of claim 1, further comprising:
when the service time of the application program exceeds the preset time, popping up a message box to prompt a user that the application program will quit logging after counting down for a certain time;
prompting whether the user agrees to the application program to log out after the pop-up message box;
and clearing the cache data after the application program exits the login.
8. The method of claim 1, further comprising:
and forbidding the mobile terminal to back up the application program.
9. The method of claim 1, further comprising:
caching of requests/responses for http protocol or https protocol is prohibited.
10. The method of claim 1, further comprising:
explicit Intent is used to transfer sensitive data between applications.
11. The method of claim 1, further comprising:
the auto-correcting function of the input method is disabled when sensitive information is entered.
12. The method of claim 1, further comprising entering sensitive keywords using a custom keyboard.
13. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program implements the steps of the method for cryptographic authentication of an application layer based on a TCP/IP protocol of any one of claims 1 to 12.
14. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for cryptographic authentication of an application layer based on a TCP/IP protocol of any one of claims 1 to 12.
15. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, carries out the steps of the method for cryptographic authentication of an application layer based on the TCP/IP protocol of any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210288802.1A CN114666132B (en) | 2022-03-22 | 2022-03-22 | Method for encrypting and authenticating application layer based on TCP/IP protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210288802.1A CN114666132B (en) | 2022-03-22 | 2022-03-22 | Method for encrypting and authenticating application layer based on TCP/IP protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666132A true CN114666132A (en) | 2022-06-24 |
| CN114666132B CN114666132B (en) | 2024-01-30 |
Family
ID=82031650
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210288802.1A Active CN114666132B (en) | 2022-03-22 | 2022-03-22 | Method for encrypting and authenticating application layer based on TCP/IP protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666132B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104007993A (en) * | 2014-06-11 | 2014-08-27 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
| CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
| CN105337977A (en) * | 2015-11-16 | 2016-02-17 | 苏州通付盾信息技术有限公司 | Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof |
| CN108880821A (en) * | 2018-06-28 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of authentication method and equipment of digital certificate |
| CN109634626A (en) * | 2018-12-18 | 2019-04-16 | 郑州云海信息技术有限公司 | A kind of method and system of the Remote Installation Server system drive based on BMC |
| CN110149354A (en) * | 2018-02-12 | 2019-08-20 | 北京京东尚科信息技术有限公司 | A kind of encryption and authentication method and device based on https agreement |
| CN111083132A (en) * | 2019-12-11 | 2020-04-28 | 北京明朝万达科技股份有限公司 | Safe access method and system for web application with sensitive data |
| CN111106928A (en) * | 2019-11-14 | 2020-05-05 | 西安电子科技大学 | NTP protocol enhanced information processing system and method based on cryptographic algorithm |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
| CN112492055A (en) * | 2020-11-11 | 2021-03-12 | 浪潮商用机器有限公司 | Method, device and equipment for redirecting transmission protocol and readable storage medium |
| CN113051540A (en) * | 2021-03-26 | 2021-06-29 | 中原银行股份有限公司 | Application program interface safety grading treatment method |
| CN113872990A (en) * | 2021-10-19 | 2021-12-31 | 南方电网数字电网研究院有限公司 | VPN network certificate authentication method and device based on SSL protocol and computer equipment |
-
2022
- 2022-03-22 CN CN202210288802.1A patent/CN114666132B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104007993A (en) * | 2014-06-11 | 2014-08-27 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
| CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
| CN105337977A (en) * | 2015-11-16 | 2016-02-17 | 苏州通付盾信息技术有限公司 | Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof |
| CN110149354A (en) * | 2018-02-12 | 2019-08-20 | 北京京东尚科信息技术有限公司 | A kind of encryption and authentication method and device based on https agreement |
| CN108880821A (en) * | 2018-06-28 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of authentication method and equipment of digital certificate |
| CN109634626A (en) * | 2018-12-18 | 2019-04-16 | 郑州云海信息技术有限公司 | A kind of method and system of the Remote Installation Server system drive based on BMC |
| CN111106928A (en) * | 2019-11-14 | 2020-05-05 | 西安电子科技大学 | NTP protocol enhanced information processing system and method based on cryptographic algorithm |
| CN111083132A (en) * | 2019-12-11 | 2020-04-28 | 北京明朝万达科技股份有限公司 | Safe access method and system for web application with sensitive data |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
| CN112492055A (en) * | 2020-11-11 | 2021-03-12 | 浪潮商用机器有限公司 | Method, device and equipment for redirecting transmission protocol and readable storage medium |
| CN113051540A (en) * | 2021-03-26 | 2021-06-29 | 中原银行股份有限公司 | Application program interface safety grading treatment method |
| CN113872990A (en) * | 2021-10-19 | 2021-12-31 | 南方电网数字电网研究院有限公司 | VPN network certificate authentication method and device based on SSL protocol and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666132B (en) | 2024-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11671425B2 (en) | Cross-region requests | |
| US11799845B2 (en) | Aggregation platform portal for displaying and updating data for third-party service providers | |
| US10680827B2 (en) | Asymmetric session credentials | |
| US20220156404A1 (en) | Early data breach detection | |
| US9996679B2 (en) | Methods and apparatus for device authentication and secure data exchange between a server application and a device | |
| US11790077B2 (en) | Methods, mediums, and systems for establishing and using security questions | |
| US10182044B1 (en) | Personalizing global session identifiers | |
| US20170063827A1 (en) | Data obfuscation method and service using unique seeds | |
| US10277569B1 (en) | Cross-region cache of regional sessions | |
| CN107547494B (en) | System and method for secure online authentication | |
| US9906364B2 (en) | Secure password management systems, methods and apparatuses | |
| EP3022867B1 (en) | Strong authentication method | |
| US20210399897A1 (en) | Protection of online applications and webpages using a blockchain | |
| US20140250499A1 (en) | Password based security method, systems and devices | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| CN114666132A (en) | Method for encrypting and authenticating application layer based on TCP/IP protocol | |
| EP2479696A1 (en) | Data security | |
| KR102552295B1 (en) | Method and System for User Authentication based on Private Blockchain in Open Cloud Platform Including Sensitive Information | |
| WO2020000789A1 (en) | Method and device for implementing access authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |