CN115514549A - Secure interaction method and system based on SSL (secure sockets layer) protocol - Google Patents

Secure interaction method and system based on SSL (secure sockets layer) protocol Download PDF

Info

Publication number
CN115514549A
CN115514549A CN202211131347.0A CN202211131347A CN115514549A CN 115514549 A CN115514549 A CN 115514549A CN 202211131347 A CN202211131347 A CN 202211131347A CN 115514549 A CN115514549 A CN 115514549A
Authority
CN
China
Prior art keywords
data
gateway
preset
access gateway
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211131347.0A
Other languages
Chinese (zh)
Inventor
张茜
段波伟
刘泽三
李晓珍
孟雨
王子恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Information and Telecommunication Co Ltd
Original Assignee
State Grid Information and Telecommunication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Information and Telecommunication Co Ltd filed Critical State Grid Information and Telecommunication Co Ltd
Priority to CN202211131347.0A priority Critical patent/CN115514549A/en
Publication of CN115514549A publication Critical patent/CN115514549A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a secure interaction method, a system and equipment based on an SSL protocol, mainly relates to the technical field of secure interaction, and is used for solving the problems that the workload of repeated development of provincial side services is large and the like in the existing secure interaction. The method comprises the following steps: the gateway SDK encrypts transmission data of the mobile application and uploads the encrypted transmission data to the first access gateway; performing identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established; decrypting the received encrypted data through the first access gateway; acquiring a demand instruction issued by a preset headquarter platform through a preset province side platform; encrypting and transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform; performing identity authentication; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and sending the secondary decrypted data to the required mobile terminal. The method reduces the repeated development workload of the provincial side service.

Description

Secure interaction method and system based on SSL (secure sockets layer) protocol
Technical Field
The present application relates to the field of secure interaction technologies, and in particular, to a secure interaction method and system based on an SSL protocol.
Background
With the development of power business, data becomes a key element for supporting the construction of a novel power system. As a key information infrastructure operation unit, a company manages a large amount of important production data and highly sensitive electricity customer information data, and once business data is lost, leaked and damaged, daily operation decision and production operation information of the company can be leaked, so that sufficient safety protection needs to be provided to ensure information safety.
The existing security protection is mainly based on the traditional network security protection and is protected by (1) subareas: strictly authenticating and controlling the access authority of the user through the network partition; (2) boundary isolation: the physical isolation device is used for ensuring the data transmission safety; and (3) data encryption: the data encryption ensures that the data cannot be read after being intercepted by a person and other measures ensure the safety of links such as traditional data storage, transmission and the like.
However, when a mobile application on a mobile terminal corresponding to a traditional network security protection method interacts with a background of a business system inside a company, an internet service port needs to be opened and accessed, and a certain security risk is brought by the exposure of the internet port; the data of the mobile application of each province company of the network needs to be pushed to a headquarter company, each mobile application needs to be individually customized and developed aiming at a headquarter data security access component, and the repeated development workload of province-side services is large; in addition, with the continuous development of distribution automation systems, unified video platforms, edge internet of things agents and converged terminals, a secure access gateway which only supports access of a single terminal cannot meet the existing requirements.
Disclosure of Invention
In view of the above-mentioned deficiencies of the prior art, the present invention provides a secure interaction method and system based on SSL protocol to solve the above-mentioned technical problems.
In a first aspect, the present application provides a secure interaction method based on an SSL protocol, where the method includes: according to the state secret algorithm, the gateway SDK encrypts the transmission data of the mobile application and uploads the encrypted data to a first access gateway of a preset provincial side platform; based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national password channel is established through the first access gateway and the gateway SDK, and the national password channel adopts an HTTPS protocol based on a national password algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data; acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner; performing identity authentication based on the provincial and sideline identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
Further, according to the cryptographic algorithm, the gateway SDK encrypts the transmission data of the mobile application, and specifically includes: generating a random sm4key, and carrying out national encryption processing on the transmission data by using the sm4key to obtain first encryption data; wherein the first encrypted data includes a timestamp; verifying the encryption integrity of the first encrypted data and the time stamp by using sm3 in a cryptographic algorithm; encrypting the random sm4key by using sm2 and sm2 public keys in a national cryptographic algorithm to obtain sm4key encrypted data; and encrypting the timestamp + sm4key encrypted data + encrypted transmission data by using sm2 in the national cryptographic algorithm to obtain encrypted data.
Further, before the gateway SDK encrypts the transmission data of the mobile application according to a national cryptographic algorithm and uploads the encrypted data to the first access gateway of the default provincial side platform, the method further includes: when the mobile application initializes the gateway SDK, configuration information is provided in a parameter form; the configuration information at least comprises gateway connection information, service information and agent port information; establishing a secure connection API through a gateway SDK to access a first access gateway, uploading identity information to the first access gateway, completing identity authentication, key agreement and establishing an encryption transmission channel; enabling the gateway to set access control authority according to the identity information and generating a local proxy port; so that the mobile application sends the transport data to the gateway SDK through the home agent port.
Further, the decrypting the received encrypted data through the first access gateway to obtain the decrypted data specifically includes: decrypting the encrypted data by using a private key of sm2 in the national cryptographic algorithm to obtain encrypted transmission data and sm4key encrypted data; using sm3 in the cryptographic algorithm to check the consistency of the encrypted data and the preset message digest; if the encrypted data are consistent, decrypting the sm4key encrypted data to obtain sm4key; and then decrypting the encrypted data by using sm4key to obtain decrypted data.
Further, the method further comprises: triggering an instruction through an editing interface, and entering a gateway SDK configuration file editing interface; and acquiring an instance of the SSAGclient class through a configuration file editing interface, and initializing the instance so that the gateway SDK supports an agent mode corresponding to the instance.
Further, the method further comprises: and performing confusion processing on the class file in the code corresponding to the SDK of the gateway so as to replace the class name, the variable name and the method name in the class file with preset meaningless short variables.
In a second aspect, the present application provides a secure interaction system based on an SSL protocol, the system including: the uploading module is used for encrypting the transmission data of the mobile application by the gateway SDK according to a national cryptographic algorithm and uploading the encrypted data to a first access gateway of a preset provincial side platform; the obtaining module is used for carrying out identity authentication of the mobile application by the first access gateway based on the identity information in the encrypted data; after the identity authentication is qualified, a national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel adopts an HTTPS protocol based on a national secret algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data; the transmission module is used for acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset province side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner; the sending module is used for carrying out identity authentication based on the province and side identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarter platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
In a third aspect, the present application provides a secure interaction device based on an SSL protocol, where the device includes: a processor; and a memory having executable code stored thereon, the executable code, when executed, causing the processor to perform a secure interaction method based on SSL protocol as in any one of the above.
As can be appreciated by those skilled in the art, the present invention has at least the following beneficial effects:
(1) The access conditions of the mobile applications can be configured in a unified mode, the mobile applications can establish a security tunnel with a provincial side security access gateway (a first access gateway) by calling a security access gateway SDK API (secure application layer), a local proxy port is generated, and the mobile applications can realize data interaction by interacting with the local proxy port.
(2) According to the method, if the data of the province side of the backbone network is transmitted to the head office side, the province side of the backbone network is transmitted to the head office side through the preset data push proxy service of the province side of the backbone network and the preset data safety access service of the head office side of the backbone network; unified data push agent service, unified processing net province side and headquarter side data fusion's problem, reduced province side repeated development work load, with data fusion and data transmission safety and business decoupling, state secret sm2 and sm4 mix the encryption and decryption and guaranteed transmission safety.
(3) The method and the device have the gateway SDK configuration file editing interface, support of various terminal accesses is achieved by editing the instance of the SSAGclient class of the gateway SDK, and the transformation amount of the terminal accesses is reduced.
Drawings
Some embodiments of the disclosure are described below with reference to the accompanying drawings, in which:
fig. 1 is a flowchart of a secure interaction method based on an SSL protocol according to an embodiment of the present disclosure.
Fig. 2 is a schematic diagram of an internal structure of a secure interaction system based on an SSL protocol according to an embodiment of the present application.
Fig. 3 is a schematic diagram of an internal structure of a secure interaction system based on an SSL protocol according to an embodiment of the present application.
Detailed Description
It should be understood by those skilled in the art that the embodiments described below are only preferred embodiments of the present disclosure, and do not mean that the present disclosure can be implemented only by the preferred embodiments, which are merely intended to explain the technical principles of the present disclosure and not to limit the scope of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the preferred embodiments provided by the disclosure without inventive step, shall fall within the scope of protection of the disclosure.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional identical elements in the process, method, article, or apparatus comprising the element.
The technical solutions proposed in the embodiments of the present application are described in detail below with reference to the accompanying drawings.
An embodiment of the present application further provides a secure interaction method based on the SSL protocol, and as shown in fig. 1, the method provided in the embodiment of the present application mainly includes the following steps:
and step 110, according to the national secret algorithm, the gateway SDK encrypts the transmission data of the mobile application and uploads the encrypted data to a first access gateway of a preset provincial side platform.
According to the method, the gateway SDK encrypts the transmission data of the mobile application according to a state secret algorithm, and before the encrypted data are uploaded to a first access gateway of a preset provincial side platform, a local proxy port can be generated at the mobile application end, so that data interaction is realized through interaction with the local proxy port, the convenience of safe access of the mobile application is improved, the exposure of an internet port is reduced, and the safety is improved.
Specifically, the method comprises the following steps: when the mobile application initializes the gateway SDK, configuration information is provided in a parameter form; the configuration information at least comprises gateway connection information, service information and agent port information; establishing a secure connection API through a gateway SDK to access a first access gateway, uploading identity information to the first access gateway, completing identity authentication, key agreement and establishing an encryption transmission channel; enabling the gateway to set access control authority according to the identity information and generating a local proxy port; so that the mobile application sends the transport data to the gateway SDK through the home agent port. Wherein, the key negotiation is as follows: before encrypting and decrypting communication data, the mobile application side and the server side negotiate out a session key, and the session key can only be known by the server side and a specific mobile application side. To ensure that it is not compromised, this can be solved using a key agreement algorithm. The session key is that the key is not required to be stored, and once the connection between the mobile application terminal and the server terminal is closed, the key disappears, that is, the key is stored in the memories of the mobile application terminal and the server terminal, and the security is greatly guaranteed because the key is not required to be stored. The establishment of the encrypted transmission channel comprises the following steps: and establishing a secure connection based on the session key generated by the key agreement.
The gateway SDK encrypts the transmission data of the mobile application according to the cryptographic algorithm, which may specifically be: generating a random sm4key, and carrying out national encryption processing on the transmission data by using the sm4key to obtain first encryption data; wherein the first encrypted data includes a timestamp; using sm3 in the cryptographic algorithm to check the cryptographic integrity of the first cryptographic data and the timestamp; encrypting the random sm4key by using sm2 and sm2 public keys in a national cryptographic algorithm to obtain sm4key encrypted data; and encrypting the timestamp + sm4key encrypted data + encrypted transmission data by using sm2 in the national cryptographic algorithm to obtain encrypted data.
Step 120, based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel adopts an HTTPS protocol based on a national secret algorithm; and decrypting the received encrypted data through the first access gateway to obtain decrypted data.
It should be noted that, the first access gateway stores the identity authentication information, and can perform identity authentication on the received identity information.
The first access gateway decrypts the received encrypted data to obtain decrypted data, which may specifically be: decrypting the encrypted data by using a private key of sm2 in the cryptographic algorithm to obtain encrypted transmission data and sm4key encrypted data; using sm3 in the cryptographic algorithm to check the consistency of the encrypted data and the preset message digest; if the encrypted data are consistent, decrypting the sm4key encrypted data to obtain sm4key; and then the encrypted data is decrypted by using sm4key to obtain decrypted data.
Step 130, acquiring a requirement instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; and based on the national encryption algorithm, encrypting and transmitting the decrypted data corresponding to the demand instruction to a second access gateway of the preset headquarters platform.
It should be noted that, the data push proxy service: and the provincial side deployed data push proxy service is used for being in butt joint with the headquarter data secure access service, so that the encrypted secure transmission of the provincial side push data is realized, and the provincial side application uniform access is ensured.
The data push proxy service is used for pushing provincial side data to the headquarters, deploying the data push proxy service at the provincial side for ensuring data security and simplifying provincial side service development work, and uniformly performing national encryption processing on data interacting with the headquarters data security access service. The provincial business system calls a data push agent service to push data, the data is transmitted to a data security access service through national encryption, the data security access service decrypts the data and submits the data to a mobile application supporting platform, the mobile application supporting platform pushes the data to a mobile terminal in a message push or data pull mode, and headquarter application can also see corresponding data of each province.
140, performing identity authentication based on the province and side identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
It should be noted that, the second access gateway stores the province-side identity information, and can verify whether the uploaded province-side identity information is consistent, and the consistency is qualified. Presetting data security access service: the system is deployed in headquarters and used for butting data push proxy services of various provincial and network companies and supporting the national secret communication access of data which are required to be summarized to the headquarters by the various provincial and network companies.
In addition, the method and the device can switch the proxy mode of the gateway SDK according to the scene requirements, so that the method and the device can adapt to multiple scenes and multiple terminals. The method for adding the proxy mode to the gateway SDK may specifically be: triggering an instruction through an editing interface, and entering a gateway SDK configuration file editing interface; and acquiring an instance of the SSAGclient class through a configuration file editing interface, and initializing the instance so that the gateway SDK supports a proxy mode corresponding to the instance.
Furthermore, java code is very easy to de-code, which is the purpose of this application to protect Java source code in the gateway SDK. The application can: and performing confusion processing on the class file in the code corresponding to the gateway SDK so as to replace the class name, the variable name and the method name in the class file with preset meaningless short variables.
In addition, fig. 2 is a secure interaction system based on the SSL protocol according to an embodiment of the present application. As shown in fig. 2, the system provided in the embodiment of the present application mainly includes:
the uploading module 210 is configured to encrypt, according to a cryptographic algorithm, transmission data of the mobile application by the gateway SDK, and upload the encrypted data to a first access gateway of a preset province-side platform;
an obtaining module 220, configured to perform identity authentication of the mobile application based on the identity information in the encrypted data by the first access gateway; after the identity authentication is qualified, a national password channel is established through the first access gateway and the gateway SDK, and the national password channel adopts an HTTPS protocol based on a national password algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data;
the transmission module 230 is configured to obtain a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset province-side platform; based on a state encryption algorithm, encrypting and transmitting decryption data corresponding to the demand instruction to a second access gateway of a preset headquarters platform;
a sending module 240, configured to perform identity authentication based on the provincial identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
Besides, the embodiment of the application also provides a secure interaction device based on the SSL protocol, as shown in fig. 3, and executable instructions are stored thereon, and when the executable instructions are executed, the secure interaction method based on the SSL protocol is implemented. Specifically, the server sends an execution instruction to the memory through the bus, and when the memory receives the execution instruction, sends an execution signal to the processor through the bus so as to activate the processor.
The processor is configured to encrypt transmission data of the mobile application according to a national cryptographic algorithm by the gateway SDK, and upload the encrypted data to a first access gateway of a preset provincial side platform; based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel adopts an HTTPS protocol based on a national secret algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data; acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a state encryption algorithm, encrypting and transmitting decryption data corresponding to the demand instruction to a second access gateway of a preset headquarters platform; performing identity authentication based on the provincial identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarter platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
So far, the technical solutions of the present disclosure have been described in connection with the foregoing embodiments, but it is easily understood by those skilled in the art that the scope of the present disclosure is not limited to only these specific embodiments. A person skilled in the art may split and combine the technical solutions in the above embodiments, and may make equivalent changes or substitutions on the related technical features without departing from the technical principles of the present disclosure, and any changes, equivalents, improvements and the like made within the technical concept and/or technical principles of the present disclosure will fall within the protection scope of the present disclosure.

Claims (8)

1. A secure interaction method based on an SSL protocol, characterized in that the method comprises:
according to the state secret algorithm, the gateway SDK encrypts transmission data of the mobile application and uploads the encrypted data to a first access gateway of a preset provincial side platform;
based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established through a first access gateway and a gateway SDK, and the national secret channel adopts an HTTPS protocol based on a national secret algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data;
acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner;
performing identity authentication based on the provincial identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
2. The secure interaction method based on the SSL protocol as recited in claim 1, wherein the gateway SDK encrypts the transmission data of the mobile application according to a cryptographic algorithm, and specifically includes:
generating a random sm4key, and carrying out national encryption processing on the transmission data by using the sm4key to obtain first encryption data; wherein the first encrypted data contains a timestamp;
using sm3 in the cryptographic algorithm to check the cryptographic integrity of the first cryptographic data and the timestamp;
encrypting the random sm4key by using sm2 and sm2 public keys in the national cryptographic algorithm to obtain sm4key encrypted data;
and encrypting the timestamp + sm4key encrypted data + encrypted transmission data by using sm2 in the national cryptographic algorithm to obtain encrypted data.
3. The secure interaction method based on the SSL protocol as recited in claim 1, wherein before the gateway SDK encrypts the transmission data of the mobile application according to a cryptographic algorithm and uploads the encrypted data to the first access gateway of the default province-side platform, the method further comprises:
when the mobile application initializes the gateway SDK, the configuration information is provided in a parameter form; the configuration information at least comprises gateway connection information, service information and agent port information;
establishing a secure connection API through a gateway SDK to access a first access gateway, uploading identity information to the first access gateway, completing identity authentication, key agreement and establishing an encryption transmission channel;
enabling the gateway to set access control authority according to the identity information and generating a local proxy port; so that the mobile application sends the transport data to the gateway SDK through the home agent port.
4. The SSL protocol-based secure interaction method as recited in claim 1, wherein the decrypting the received encrypted data through the first access gateway to obtain decrypted data specifically includes:
decrypting the encrypted data by using a private key of sm2 in the national cryptographic algorithm to obtain encrypted transmission data and sm4key encrypted data;
using sm3 in the cryptographic algorithm to check the consistency of the encrypted data and the preset message digest;
if the encrypted data are consistent, decrypting the sm4key encrypted data to obtain sm4key; and then decrypting the encrypted data by using sm4key to obtain decrypted data.
5. The SSL protocol-based secure interaction method of claim 1, wherein the method further comprises:
triggering an instruction through an editing interface, and entering a gateway SDK configuration file editing interface;
and acquiring an instance of the SSAGclient class through a configuration file editing interface, and initializing the instance so that the gateway SDK supports an agent mode corresponding to the instance.
6. The SSL protocol-based secure interaction method of claim 1, wherein the method further comprises:
and performing confusion processing on the class file in the code corresponding to the SDK of the gateway so as to replace the class name, the variable name and the method name in the class file with preset meaningless short variables.
7. A secure interactive system based on SSL, the system comprising:
the uploading module is used for encrypting the transmission data of the mobile application by the gateway SDK according to a national secret algorithm and uploading the encrypted data to a first access gateway of a preset provincial side platform;
the obtaining module is used for carrying out identity authentication of the mobile application by the first access gateway based on the identity information in the encrypted data; after the identity authentication is qualified, a national password channel is established through the first access gateway and the gateway SDK, and the national password channel adopts an HTTPS protocol based on a national password algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data;
the transmission module is used for acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner;
the sending module is used for carrying out identity authentication based on the province and side identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
8. A secure interactive device based on SSL, the device comprising:
a processor;
and a memory having executable code stored thereon, which when executed, causes the processor to perform a secure interaction method based on SSL protocol as recited in any one of claims 1-6.
CN202211131347.0A 2022-09-16 2022-09-16 Secure interaction method and system based on SSL (secure sockets layer) protocol Pending CN115514549A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211131347.0A CN115514549A (en) 2022-09-16 2022-09-16 Secure interaction method and system based on SSL (secure sockets layer) protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211131347.0A CN115514549A (en) 2022-09-16 2022-09-16 Secure interaction method and system based on SSL (secure sockets layer) protocol

Publications (1)

Publication Number Publication Date
CN115514549A true CN115514549A (en) 2022-12-23

Family

ID=84504274

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211131347.0A Pending CN115514549A (en) 2022-09-16 2022-09-16 Secure interaction method and system based on SSL (secure sockets layer) protocol

Country Status (1)

Country Link
CN (1) CN115514549A (en)

Similar Documents

Publication Publication Date Title
CN108512846B (en) Bidirectional authentication method and device between terminal and server
US9055047B2 (en) Method and device for negotiating encryption information
US11736304B2 (en) Secure authentication of remote equipment
CN109302369B (en) Data transmission method and device based on key verification
WO2010078755A1 (en) Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof
CN102202299A (en) Realization method of end-to-end voice encryption system based on 3G/B3G
CN113868684A (en) Signature method, device, server, medium and signature system
JP2012100206A (en) Cryptographic communication relay system, cryptographic communication relay method and cryptographic communication relay program
CN111654503A (en) Remote control method, device, equipment and storage medium
CN105471896A (en) Agent method, device and system based on SSL (Secure Sockets Layer)
CN115514549A (en) Secure interaction method and system based on SSL (secure sockets layer) protocol
CN115865907A (en) Secure communication method between desktop cloud server and terminal
CN114896608A (en) Method, medium and device for realizing hardware password interface by adopting go language
CN112637140A (en) Password transmission method, terminal, server and readable storage medium
KR100947326B1 (en) Downloadable conditional access system host apparatus and method for reinforcing secure of the same
KR100444199B1 (en) Session Key Sharable Simplex Information Service System And Method
CN112702305B (en) System access authentication method and device
CN111130796B (en) Secure online cloud storage method in instant messaging
US11979491B2 (en) Transmission of secure information in a content distribution network
JP2023138927A (en) System and method for managing data-file transmission and access right to data file
CN116248259A (en) Method for encrypting and decrypting data based on mobile terminal commercial cryptographic algorithm
CN115102698A (en) Quantum encrypted digital signature method and system
CN116761172A (en) Secure network construction method based on SD-WAN
CN118317299A (en) 5G encryption communication method and device, electronic equipment and storage medium
CN113360948A (en) Method and device for protecting user secret data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination