CN114666132B - Method for encrypting and authenticating application layer based on TCP/IP protocol - Google Patents
Method for encrypting and authenticating application layer based on TCP/IP protocol Download PDFInfo
- Publication number
- CN114666132B CN114666132B CN202210288802.1A CN202210288802A CN114666132B CN 114666132 B CN114666132 B CN 114666132B CN 202210288802 A CN202210288802 A CN 202210288802A CN 114666132 B CN114666132 B CN 114666132B
- Authority
- CN
- China
- Prior art keywords
- application program
- certificate
- protocol
- application
- remote server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000004590 computer program Methods 0.000 claims abstract description 22
- 235000014510 cooky Nutrition 0.000 claims abstract description 7
- 238000012795 verification Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000012546 transfer Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
Abstract
The present disclosure relates to a method, a computer device, a storage medium and a computer program product for cryptographically authenticating an application layer based on a TCP/IP protocol. The method comprises the following steps: setting a secure attribute and an httpOnly attribute for the Cookie; transmitting data of the application program using a POST method with XSRF token protection; disabling screen capturing or recording of screen images containing sensitive data of the application program; clearing the content of the buffer area after the sensitive data of the application program is used; and confirming the validity of the link between the application program and the remote server when the application program is used. The method can improve the encryption and authentication level of the application layer and ensure the privacy security of the user when the application program transmits data.
Description
Technical Field
The present disclosure relates to the field of application software encryption technologies, and in particular, to a method, a computer device, and a storage medium for encrypting and authenticating an application layer based on a TCP/IP protocol.
Background
Most of the existing application programs have the problem of poor safety, wherein most of the application programs support the use of an http protocol, and the application programs can not display the http protocol or the https protocol like browsing a webpage because the http protocol is poor in safety, so that a user cannot know whether data of the application programs are transmitted in a secret manner when the application programs are used, and the privacy safety of the user cannot be guaranteed.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a method, a computer device, and a storage medium for cryptographically authenticating an application layer based on a TCP/IP protocol that can effectively perform cryptographically authenticating the application layer.
In a first aspect, an embodiment of the present disclosure provides a method for encrypting and authenticating an application layer based on a TCP/IP protocol. The method comprises the following steps:
setting security and httpOnly attributes for the Cookie;
transmitting data of the application program using a POST method with XSRF token protection;
disabling screen capturing or recording of screen images containing sensitive data of the application program;
clearing the content of the buffer area after the sensitive data of the application program is used;
and confirming the validity of the link between the application program and the remote server when the application program is used.
Preferably, the validating that the application is linked to the remote server when the application is used comprises:
and performing certificate locking or certificate verification on the application program.
Further preferably, the certificate locking includes:
the SSL/TLS certificate is built in the application program, and when the application program initiates a link request with a remote server, the legality of the link is determined by comparing the built-in certificate of the application program with the content of the certificate of the remote server side;
the certificate verification includes:
the application program verifies the certificate in the application program, and before the application program verifies the certificate in the application program: the signature is performed by a trusted CA certificate issuing authority.
Further preferably, the certificate verification includes:
after the application program verifies the certificate in the application program, extracting hardware information or network information of a remote server from the certificate;
matching the hardware information or network information of the remote server extracted from the certificate with the hardware information or network information of the target server, which is to be communicated with the target server by the application program, and if the matching is successful, verifying the certificate;
before the application verifies the certificate in the application: the signature is performed by a trusted CA certificate issuing authority.
Preferably, the method further comprises:
and detecting a link protocol between the application program and the remote server at intervals, and redirecting to an https protocol if the link protocol is an http protocol.
Preferably, the method further comprises:
after the using time of the application program exceeds the preset time, a pop-up message box prompts a user that the application program will log off after counting down for a certain time;
prompting whether the user agrees to log out of the application program after the popup message box;
and after the application program exits login, clearing the cache data.
Preferably, the method further comprises:
and prohibiting the mobile terminal from backing up the application program.
Further preferably, the method further comprises:
caching of requests/responses of the http protocol or the https protocol is prohibited.
Further preferably, the method further comprises:
explicit Intent is used to transfer sensitive data between applications.
Further preferably, the method further comprises:
disabling the auto-correcting function of the input method when sensitive information is input;
further preferably, the method further comprises: sensitive keywords are entered using a custom keyboard.
In a second aspect, embodiments of the present disclosure also provide a computer device. The computer device comprises a memory storing a computer program and a processor implementing the steps of the method of any of the embodiments of the present disclosure when the computer program is executed.
In a third aspect, the disclosed embodiments also provide a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the method of any of the embodiments of the present disclosure.
In a fourth aspect, embodiments of the present disclosure also provide a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of the method according to any of the embodiments of the present disclosure.
According to the embodiment of the disclosure, the security and httpOnly attribute is set for the Cookie, the POST method with XSRF token protection is used for transmitting data of an application program, screen capturing or screen recording of a screen image containing sensitive data of the application program is forbidden, after the sensitive data of the application program are used, the content of a buffer area is cleared, and validity of a link between the application program and a remote server is confirmed when the application program is used; therefore, the encryption authentication level of the application layer is improved, the user experience is further improved, and the privacy security of the user when the application program transmits data is ensured.
Drawings
FIG. 1 is an application environment diagram of a method of cryptographically authenticating an application layer based on a TCP/IP protocol in one embodiment;
FIG. 2 is a flow diagram of a method of cryptographically authenticating an application layer based on a TCP/IP protocol in one embodiment;
FIG. 3 is a flow diagram of a method of cryptographically authenticating an application layer based on a TCP/IP protocol in one embodiment;
fig. 4 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the embodiments of the present disclosure will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the disclosed embodiments and are not intended to limit the disclosed embodiments.
The method for encrypting and authenticating the application layer based on the TCP/IP protocol provided by the embodiment of the disclosure can be applied to an application environment shown in figure 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be located on a cloud or other network server. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.
In one embodiment, as shown in fig. 2, a method for encrypting and authenticating an application layer based on a TCP/IP protocol is provided, and the method is applied to the terminal in fig. 1 for illustration, and includes the following steps:
step S201, setting security and httpOnly attributes for Cookie;
in the embodiment of the invention, the settings are applicable to all Cookies of the mobile terminal application program, and attacks such as cross-site scripting (XSS) are prevented.
Step S202, transmitting data of an application program by using a POST method with XSRF token protection;
in an embodiment of the present invention, it is achieved that post data is not recorded.
Step S203, forbidding screen capturing or screen recording of a screen image containing sensitive data of an application program;
in embodiments of the present invention, sensitive data is acquired by screen shots or recordings that prevent other applications from capturing it.
Step S204, clearing the content of the buffer area after the sensitive data of the application program is used;
in the embodiment of the invention, the content of the buffer area is prevented from being transferred by other application programs so as to steal sensitive data; wherein the sensitive data includes not only: key, password.
Step S205, confirming the validity of the link between the application program and the remote server when the application program is used;
in the embodiment of the invention, the application program is prevented from being in communication link with a pseudo server on a pseudo base station, so that sensitive data on the application program is prevented from being stolen;
further preferably, the confirming of the validity of the link of the application program with the remote server when the application program is used includes:
performing certificate locking or certificate verification on the application program;
wherein the certificate locking comprises:
the SSL/TLS certificate is built in the application program, and when the application program initiates a link request with the remote server, the content of the built-in certificate of the application program and the content of the certificate of the remote server side are compared to determine the validity of the link;
further, the certificate verification includes:
the application verifies the certificate in the application, and before the application verifies the certificate in the application: signing by a trusted CA certificate issuing authority;
further preferably, the certificate verification includes:
after the application program verifies the certificate in the application program, extracting hardware information or network information of the remote server from the certificate;
matching the hardware information or network information of the remote server extracted from the certificate with the hardware information or network information of a target server, which is to be communicated with the target server, of the application program, and if the matching is successful, verifying the certificate;
before an application verifies a certificate in the application: the signature is performed by a trusted CA certificate issuing authority.
In one embodiment, as shown in fig. 3, step S206, the interval detects a link protocol between the application program and the remote server, and redirects to https protocol if the link protocol is http protocol;
in the embodiment of the invention, the requirement that the remote server does not start the forced https protocol is met; further preferably, caching of requests/responses of the http protocol or the https protocol is prohibited, and the caching is radically stopped.
Step S207, after the using time of the application program exceeds the preset time, a pop-up message box prompts the user that the application program will log off after counting down for a certain time, and the cache data is cleared after the application program logs off;
in an embodiment of the present invention, further realizing that no usage trace of sensitive data is left, further comprising: disabling the mobile terminal from backing up the application program; preferably, after the message box is popped up, the user is prompted whether the application program is approved to log out or not, so that whether the user leaves the corresponding application program or not is verified, and different use requirements are met; further, when the user inputs sensitive information, the automatic correction function of the input method is disabled, and the input method is indirectly disabled to record the input content; further comprises: inputting sensitive keywords by using a custom keyboard, and realizing the forbidden input method/keyboard caching; the method further comprises the step of transmitting sensitive data between application programs by using the explicit Intent so as to transmit the data to a fixed receiver and avoid being sniffed by other application programs.
In the embodiment of the invention, the Cookie is provided with the security attribute and the httpOnly attribute, the POST method with XSRF token protection is used for transmitting the data of the application program, the screen image containing the sensitive data of the application program is forbidden to be subjected to screen capturing or recording, the content of the buffer area is cleared after the sensitive data of the application program is used, and the validity of the link between the application program and a remote server is confirmed when the application program is used; the method comprises the steps that after validity confirmation of the link between an application program and a remote server is passed, a link protocol between the application program and the remote server is detected at a later interval, if the link protocol is an http protocol, the link protocol is redirected to the https protocol, after the using time of the application program exceeds a preset time, a pop-up message box prompts a user that the application program is logged off after counting down for a certain time, and cache data is cleared after the login is stopped; therefore, the encryption authentication level of the application layer is improved, and the user experience is further improved.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps in the figures may include steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the steps or stages in other steps.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used to store the data generated and transmitted in this embodiment. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a method of cryptographically authenticating an application layer based on a TCP/IP protocol.
Those skilled in the art will appreciate that the architecture shown in fig. 4 is merely a block diagram of a portion of the architecture in connection with an embodiment of the present disclosure and is not intended to limit the computer device to which an embodiment of the present disclosure may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or may have a different arrangement of components.
In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including, but not limited to, user equipment information, user personal information, etc.) and the data (including, but not limited to, data for analysis, stored data, presented data, etc.) according to the embodiments of the present disclosure are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided by the present disclosure may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided by the present disclosure may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided in the present disclosure may be general-purpose processors, central processing units, graphic processors, digital signal processors, programmable logic units, data processing logic units based on quantum computing, and the like, without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples merely represent a few implementations of the disclosed embodiments, which are described in more detail and are not to be construed as limiting the scope of the disclosed embodiments. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made to the disclosed embodiments without departing from the spirit of the disclosed embodiments. Accordingly, the scope of the disclosed embodiments should be determined from the following claims.
Claims (9)
1. A method for cryptographically authenticating an application layer based on a TCP/IP protocol, the method comprising the steps of:
setting a secure attribute and an httpOnly attribute for a Cookie of an application program of the mobile terminal, wherein the application program does not display an http protocol or an https protocol;
transmitting data of the application program by using a POST method with XSRF token protection;
disabling screen capturing or recording of screen images containing sensitive data of the application program;
clearing the content of the buffer area after the sensitive data of the application program is used;
confirming the validity of the link between the application program and a remote server when the application program is used; the validating the validity of the application program to be linked with a remote server when the application program is used comprises: certificate verification is carried out on the application program; wherein the certificate verification includes: the application program verifies the certificate in the application program, and before the application program verifies the certificate in the application program: signing by a trusted CA certificate issuing authority; after the application program verifies the certificate in the application program, extracting hardware information or network information of a remote server from the certificate; matching the hardware information or network information of the remote server extracted from the certificate with the hardware information or network information of the target server, which is to be communicated with the target server by the application program, and if the matching is successful, verifying the certificate;
after the using time of the application program exceeds the preset time, a pop-up message box prompts a user that the application program will log off after counting down for a certain time; prompting whether the user agrees to log out of the application program after the popup message box; after the application program exits login, clearing cache data;
using explicit Intent to transfer sensitive data between applications;
inputting sensitive keywords by using a custom keyboard;
and detecting a link protocol between the application program and the remote server at intervals, and redirecting to an https protocol if the link protocol is an http protocol.
2. The method of claim 1, wherein validating the validity of the application to remote server link when using the application comprises:
and performing certificate locking on the application program.
3. The method of claim 2, wherein the certificate locking comprises:
and (3) embedding the SSL/TLS certificate into the application program, and when the application program initiates a link request with a remote server, determining the legality of the link by comparing the built-in certificate of the application program with the content of the certificate of the remote server side.
4. The method according to claim 1, wherein the method further comprises:
and prohibiting the mobile terminal from backing up the application program.
5. The method according to claim 1, wherein the method further comprises:
caching of requests/responses of the http protocol or the https protocol is prohibited.
6. The method according to claim 1, wherein the method further comprises:
the auto-correcting function of the input method is disabled when sensitive information is input.
7. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of cryptographically authenticating an application layer based on the TCP/IP protocol as claimed in any one of claims 1 to 6.
8. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the steps of the method of encrypted authentication of an application layer based on the TCP/IP protocol as claimed in any one of claims 1 to 6.
9. A computer program product comprising a computer program, characterized in that the computer program when executed by a processor implements the steps of the method of encrypted authentication of an application layer based on the TCP/IP protocol as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210288802.1A CN114666132B (en) | 2022-03-22 | 2022-03-22 | Method for encrypting and authenticating application layer based on TCP/IP protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210288802.1A CN114666132B (en) | 2022-03-22 | 2022-03-22 | Method for encrypting and authenticating application layer based on TCP/IP protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666132A CN114666132A (en) | 2022-06-24 |
| CN114666132B true CN114666132B (en) | 2024-01-30 |
Family
ID=82031650
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210288802.1A Active CN114666132B (en) | 2022-03-22 | 2022-03-22 | Method for encrypting and authenticating application layer based on TCP/IP protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666132B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104007993A (en) * | 2014-06-11 | 2014-08-27 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
| CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
| CN105337977A (en) * | 2015-11-16 | 2016-02-17 | 苏州通付盾信息技术有限公司 | Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof |
| CN108880821A (en) * | 2018-06-28 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of authentication method and equipment of digital certificate |
| CN109634626A (en) * | 2018-12-18 | 2019-04-16 | 郑州云海信息技术有限公司 | A kind of method and system of the Remote Installation Server system drive based on BMC |
| CN110149354A (en) * | 2018-02-12 | 2019-08-20 | 北京京东尚科信息技术有限公司 | A kind of encryption and authentication method and device based on https agreement |
| CN111083132A (en) * | 2019-12-11 | 2020-04-28 | 北京明朝万达科技股份有限公司 | Safe access method and system for web application with sensitive data |
| CN111106928A (en) * | 2019-11-14 | 2020-05-05 | 西安电子科技大学 | NTP protocol enhanced information processing system and method based on cryptographic algorithm |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
| CN112492055A (en) * | 2020-11-11 | 2021-03-12 | 浪潮商用机器有限公司 | Method, device and equipment for redirecting transmission protocol and readable storage medium |
| CN113051540A (en) * | 2021-03-26 | 2021-06-29 | 中原银行股份有限公司 | Application program interface safety grading treatment method |
| CN113872990A (en) * | 2021-10-19 | 2021-12-31 | 南方电网数字电网研究院有限公司 | VPN network certificate authentication method and device based on SSL protocol and computer equipment |
-
2022
- 2022-03-22 CN CN202210288802.1A patent/CN114666132B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104007993A (en) * | 2014-06-11 | 2014-08-27 | 中国科学院信息工程研究所 | Method and device for eliminating sensitive data of Linux system memory |
| CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
| CN105337977A (en) * | 2015-11-16 | 2016-02-17 | 苏州通付盾信息技术有限公司 | Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof |
| CN110149354A (en) * | 2018-02-12 | 2019-08-20 | 北京京东尚科信息技术有限公司 | A kind of encryption and authentication method and device based on https agreement |
| CN108880821A (en) * | 2018-06-28 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of authentication method and equipment of digital certificate |
| CN109634626A (en) * | 2018-12-18 | 2019-04-16 | 郑州云海信息技术有限公司 | A kind of method and system of the Remote Installation Server system drive based on BMC |
| CN111106928A (en) * | 2019-11-14 | 2020-05-05 | 西安电子科技大学 | NTP protocol enhanced information processing system and method based on cryptographic algorithm |
| CN111083132A (en) * | 2019-12-11 | 2020-04-28 | 北京明朝万达科技股份有限公司 | Safe access method and system for web application with sensitive data |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
| CN112492055A (en) * | 2020-11-11 | 2021-03-12 | 浪潮商用机器有限公司 | Method, device and equipment for redirecting transmission protocol and readable storage medium |
| CN113051540A (en) * | 2021-03-26 | 2021-06-29 | 中原银行股份有限公司 | Application program interface safety grading treatment method |
| CN113872990A (en) * | 2021-10-19 | 2021-12-31 | 南方电网数字电网研究院有限公司 | VPN network certificate authentication method and device based on SSL protocol and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666132A (en) | 2022-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11671425B2 (en) | Cross-region requests | |
| EP3453136B1 (en) | Methods and apparatus for device authentication and secure data exchange between a server application and a device | |
| US10680827B2 (en) | Asymmetric session credentials | |
| KR102311843B1 (en) | Key export techniques | |
| US20220156404A1 (en) | Early data breach detection | |
| US10182044B1 (en) | Personalizing global session identifiers | |
| US9088556B2 (en) | Methods and devices for detecting unauthorized access to credentials of a credential store | |
| US9589143B2 (en) | Semi-trusted Data-as-a-Service platform | |
| US20170063827A1 (en) | Data obfuscation method and service using unique seeds | |
| US9235732B2 (en) | Secure communication methods | |
| US10277569B1 (en) | Cross-region cache of regional sessions | |
| US20190026456A1 (en) | Methods and Apparatus for Authentication of Joint Account Login | |
| US9356787B2 (en) | Secure communication architecture including sniffer | |
| JP2022534677A (en) | Protecting online applications and web pages that use blockchain | |
| US11356478B2 (en) | Phishing protection using cloning detection | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| CN114666132B (en) | Method for encrypting and authenticating application layer based on TCP/IP protocol | |
| US20220353081A1 (en) | User authentication techniques across applications on a user device | |
| KR102552295B1 (en) | Method and System for User Authentication based on Private Blockchain in Open Cloud Platform Including Sensitive Information | |
| CN114629671A (en) | Data detection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |