CN115514549A - Secure interaction method and system based on SSL (secure sockets layer) protocol - Google Patents
Secure interaction method and system based on SSL (secure sockets layer) protocol Download PDFInfo
- Publication number
- CN115514549A CN115514549A CN202211131347.0A CN202211131347A CN115514549A CN 115514549 A CN115514549 A CN 115514549A CN 202211131347 A CN202211131347 A CN 202211131347A CN 115514549 A CN115514549 A CN 115514549A
- Authority
- CN
- China
- Prior art keywords
- data
- gateway
- preset
- access gateway
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a secure interaction method, a system and equipment based on an SSL protocol, mainly relates to the technical field of secure interaction, and is used for solving the problems that the workload of repeated development of provincial side services is large and the like in the existing secure interaction. The method comprises the following steps: the gateway SDK encrypts transmission data of the mobile application and uploads the encrypted transmission data to the first access gateway; performing identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established; decrypting the received encrypted data through the first access gateway; acquiring a demand instruction issued by a preset headquarter platform through a preset province side platform; encrypting and transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform; performing identity authentication; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and sending the secondary decrypted data to the required mobile terminal. The method reduces the repeated development workload of the provincial side service.
Description
Technical Field
The present application relates to the field of secure interaction technologies, and in particular, to a secure interaction method and system based on an SSL protocol.
Background
With the development of power business, data becomes a key element for supporting the construction of a novel power system. As a key information infrastructure operation unit, a company manages a large amount of important production data and highly sensitive electricity customer information data, and once business data is lost, leaked and damaged, daily operation decision and production operation information of the company can be leaked, so that sufficient safety protection needs to be provided to ensure information safety.
The existing security protection is mainly based on the traditional network security protection and is protected by (1) subareas: strictly authenticating and controlling the access authority of the user through the network partition; (2) boundary isolation: the physical isolation device is used for ensuring the data transmission safety; and (3) data encryption: the data encryption ensures that the data cannot be read after being intercepted by a person and other measures ensure the safety of links such as traditional data storage, transmission and the like.
However, when a mobile application on a mobile terminal corresponding to a traditional network security protection method interacts with a background of a business system inside a company, an internet service port needs to be opened and accessed, and a certain security risk is brought by the exposure of the internet port; the data of the mobile application of each province company of the network needs to be pushed to a headquarter company, each mobile application needs to be individually customized and developed aiming at a headquarter data security access component, and the repeated development workload of province-side services is large; in addition, with the continuous development of distribution automation systems, unified video platforms, edge internet of things agents and converged terminals, a secure access gateway which only supports access of a single terminal cannot meet the existing requirements.
Disclosure of Invention
In view of the above-mentioned deficiencies of the prior art, the present invention provides a secure interaction method and system based on SSL protocol to solve the above-mentioned technical problems.
In a first aspect, the present application provides a secure interaction method based on an SSL protocol, where the method includes: according to the state secret algorithm, the gateway SDK encrypts the transmission data of the mobile application and uploads the encrypted data to a first access gateway of a preset provincial side platform; based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national password channel is established through the first access gateway and the gateway SDK, and the national password channel adopts an HTTPS protocol based on a national password algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data; acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner; performing identity authentication based on the provincial and sideline identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
Further, according to the cryptographic algorithm, the gateway SDK encrypts the transmission data of the mobile application, and specifically includes: generating a random sm4key, and carrying out national encryption processing on the transmission data by using the sm4key to obtain first encryption data; wherein the first encrypted data includes a timestamp; verifying the encryption integrity of the first encrypted data and the time stamp by using sm3 in a cryptographic algorithm; encrypting the random sm4key by using sm2 and sm2 public keys in a national cryptographic algorithm to obtain sm4key encrypted data; and encrypting the timestamp + sm4key encrypted data + encrypted transmission data by using sm2 in the national cryptographic algorithm to obtain encrypted data.
Further, before the gateway SDK encrypts the transmission data of the mobile application according to a national cryptographic algorithm and uploads the encrypted data to the first access gateway of the default provincial side platform, the method further includes: when the mobile application initializes the gateway SDK, configuration information is provided in a parameter form; the configuration information at least comprises gateway connection information, service information and agent port information; establishing a secure connection API through a gateway SDK to access a first access gateway, uploading identity information to the first access gateway, completing identity authentication, key agreement and establishing an encryption transmission channel; enabling the gateway to set access control authority according to the identity information and generating a local proxy port; so that the mobile application sends the transport data to the gateway SDK through the home agent port.
Further, the decrypting the received encrypted data through the first access gateway to obtain the decrypted data specifically includes: decrypting the encrypted data by using a private key of sm2 in the national cryptographic algorithm to obtain encrypted transmission data and sm4key encrypted data; using sm3 in the cryptographic algorithm to check the consistency of the encrypted data and the preset message digest; if the encrypted data are consistent, decrypting the sm4key encrypted data to obtain sm4key; and then decrypting the encrypted data by using sm4key to obtain decrypted data.
Further, the method further comprises: triggering an instruction through an editing interface, and entering a gateway SDK configuration file editing interface; and acquiring an instance of the SSAGclient class through a configuration file editing interface, and initializing the instance so that the gateway SDK supports an agent mode corresponding to the instance.
Further, the method further comprises: and performing confusion processing on the class file in the code corresponding to the SDK of the gateway so as to replace the class name, the variable name and the method name in the class file with preset meaningless short variables.
In a second aspect, the present application provides a secure interaction system based on an SSL protocol, the system including: the uploading module is used for encrypting the transmission data of the mobile application by the gateway SDK according to a national cryptographic algorithm and uploading the encrypted data to a first access gateway of a preset provincial side platform; the obtaining module is used for carrying out identity authentication of the mobile application by the first access gateway based on the identity information in the encrypted data; after the identity authentication is qualified, a national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel adopts an HTTPS protocol based on a national secret algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data; the transmission module is used for acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset province side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner; the sending module is used for carrying out identity authentication based on the province and side identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarter platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
In a third aspect, the present application provides a secure interaction device based on an SSL protocol, where the device includes: a processor; and a memory having executable code stored thereon, the executable code, when executed, causing the processor to perform a secure interaction method based on SSL protocol as in any one of the above.
As can be appreciated by those skilled in the art, the present invention has at least the following beneficial effects:
(1) The access conditions of the mobile applications can be configured in a unified mode, the mobile applications can establish a security tunnel with a provincial side security access gateway (a first access gateway) by calling a security access gateway SDK API (secure application layer), a local proxy port is generated, and the mobile applications can realize data interaction by interacting with the local proxy port.
(2) According to the method, if the data of the province side of the backbone network is transmitted to the head office side, the province side of the backbone network is transmitted to the head office side through the preset data push proxy service of the province side of the backbone network and the preset data safety access service of the head office side of the backbone network; unified data push agent service, unified processing net province side and headquarter side data fusion's problem, reduced province side repeated development work load, with data fusion and data transmission safety and business decoupling, state secret sm2 and sm4 mix the encryption and decryption and guaranteed transmission safety.
(3) The method and the device have the gateway SDK configuration file editing interface, support of various terminal accesses is achieved by editing the instance of the SSAGclient class of the gateway SDK, and the transformation amount of the terminal accesses is reduced.
Drawings
Some embodiments of the disclosure are described below with reference to the accompanying drawings, in which:
fig. 1 is a flowchart of a secure interaction method based on an SSL protocol according to an embodiment of the present disclosure.
Fig. 2 is a schematic diagram of an internal structure of a secure interaction system based on an SSL protocol according to an embodiment of the present application.
Fig. 3 is a schematic diagram of an internal structure of a secure interaction system based on an SSL protocol according to an embodiment of the present application.
Detailed Description
It should be understood by those skilled in the art that the embodiments described below are only preferred embodiments of the present disclosure, and do not mean that the present disclosure can be implemented only by the preferred embodiments, which are merely intended to explain the technical principles of the present disclosure and not to limit the scope of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the preferred embodiments provided by the disclosure without inventive step, shall fall within the scope of protection of the disclosure.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional identical elements in the process, method, article, or apparatus comprising the element.
The technical solutions proposed in the embodiments of the present application are described in detail below with reference to the accompanying drawings.
An embodiment of the present application further provides a secure interaction method based on the SSL protocol, and as shown in fig. 1, the method provided in the embodiment of the present application mainly includes the following steps:
and step 110, according to the national secret algorithm, the gateway SDK encrypts the transmission data of the mobile application and uploads the encrypted data to a first access gateway of a preset provincial side platform.
According to the method, the gateway SDK encrypts the transmission data of the mobile application according to a state secret algorithm, and before the encrypted data are uploaded to a first access gateway of a preset provincial side platform, a local proxy port can be generated at the mobile application end, so that data interaction is realized through interaction with the local proxy port, the convenience of safe access of the mobile application is improved, the exposure of an internet port is reduced, and the safety is improved.
Specifically, the method comprises the following steps: when the mobile application initializes the gateway SDK, configuration information is provided in a parameter form; the configuration information at least comprises gateway connection information, service information and agent port information; establishing a secure connection API through a gateway SDK to access a first access gateway, uploading identity information to the first access gateway, completing identity authentication, key agreement and establishing an encryption transmission channel; enabling the gateway to set access control authority according to the identity information and generating a local proxy port; so that the mobile application sends the transport data to the gateway SDK through the home agent port. Wherein, the key negotiation is as follows: before encrypting and decrypting communication data, the mobile application side and the server side negotiate out a session key, and the session key can only be known by the server side and a specific mobile application side. To ensure that it is not compromised, this can be solved using a key agreement algorithm. The session key is that the key is not required to be stored, and once the connection between the mobile application terminal and the server terminal is closed, the key disappears, that is, the key is stored in the memories of the mobile application terminal and the server terminal, and the security is greatly guaranteed because the key is not required to be stored. The establishment of the encrypted transmission channel comprises the following steps: and establishing a secure connection based on the session key generated by the key agreement.
The gateway SDK encrypts the transmission data of the mobile application according to the cryptographic algorithm, which may specifically be: generating a random sm4key, and carrying out national encryption processing on the transmission data by using the sm4key to obtain first encryption data; wherein the first encrypted data includes a timestamp; using sm3 in the cryptographic algorithm to check the cryptographic integrity of the first cryptographic data and the timestamp; encrypting the random sm4key by using sm2 and sm2 public keys in a national cryptographic algorithm to obtain sm4key encrypted data; and encrypting the timestamp + sm4key encrypted data + encrypted transmission data by using sm2 in the national cryptographic algorithm to obtain encrypted data.
Step 120, based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel adopts an HTTPS protocol based on a national secret algorithm; and decrypting the received encrypted data through the first access gateway to obtain decrypted data.
It should be noted that, the first access gateway stores the identity authentication information, and can perform identity authentication on the received identity information.
The first access gateway decrypts the received encrypted data to obtain decrypted data, which may specifically be: decrypting the encrypted data by using a private key of sm2 in the cryptographic algorithm to obtain encrypted transmission data and sm4key encrypted data; using sm3 in the cryptographic algorithm to check the consistency of the encrypted data and the preset message digest; if the encrypted data are consistent, decrypting the sm4key encrypted data to obtain sm4key; and then the encrypted data is decrypted by using sm4key to obtain decrypted data.
Step 130, acquiring a requirement instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; and based on the national encryption algorithm, encrypting and transmitting the decrypted data corresponding to the demand instruction to a second access gateway of the preset headquarters platform.
It should be noted that, the data push proxy service: and the provincial side deployed data push proxy service is used for being in butt joint with the headquarter data secure access service, so that the encrypted secure transmission of the provincial side push data is realized, and the provincial side application uniform access is ensured.
The data push proxy service is used for pushing provincial side data to the headquarters, deploying the data push proxy service at the provincial side for ensuring data security and simplifying provincial side service development work, and uniformly performing national encryption processing on data interacting with the headquarters data security access service. The provincial business system calls a data push agent service to push data, the data is transmitted to a data security access service through national encryption, the data security access service decrypts the data and submits the data to a mobile application supporting platform, the mobile application supporting platform pushes the data to a mobile terminal in a message push or data pull mode, and headquarter application can also see corresponding data of each province.
140, performing identity authentication based on the province and side identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
It should be noted that, the second access gateway stores the province-side identity information, and can verify whether the uploaded province-side identity information is consistent, and the consistency is qualified. Presetting data security access service: the system is deployed in headquarters and used for butting data push proxy services of various provincial and network companies and supporting the national secret communication access of data which are required to be summarized to the headquarters by the various provincial and network companies.
In addition, the method and the device can switch the proxy mode of the gateway SDK according to the scene requirements, so that the method and the device can adapt to multiple scenes and multiple terminals. The method for adding the proxy mode to the gateway SDK may specifically be: triggering an instruction through an editing interface, and entering a gateway SDK configuration file editing interface; and acquiring an instance of the SSAGclient class through a configuration file editing interface, and initializing the instance so that the gateway SDK supports a proxy mode corresponding to the instance.
Furthermore, java code is very easy to de-code, which is the purpose of this application to protect Java source code in the gateway SDK. The application can: and performing confusion processing on the class file in the code corresponding to the gateway SDK so as to replace the class name, the variable name and the method name in the class file with preset meaningless short variables.
In addition, fig. 2 is a secure interaction system based on the SSL protocol according to an embodiment of the present application. As shown in fig. 2, the system provided in the embodiment of the present application mainly includes:
the uploading module 210 is configured to encrypt, according to a cryptographic algorithm, transmission data of the mobile application by the gateway SDK, and upload the encrypted data to a first access gateway of a preset province-side platform;
an obtaining module 220, configured to perform identity authentication of the mobile application based on the identity information in the encrypted data by the first access gateway; after the identity authentication is qualified, a national password channel is established through the first access gateway and the gateway SDK, and the national password channel adopts an HTTPS protocol based on a national password algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data;
the transmission module 230 is configured to obtain a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset province-side platform; based on a state encryption algorithm, encrypting and transmitting decryption data corresponding to the demand instruction to a second access gateway of a preset headquarters platform;
a sending module 240, configured to perform identity authentication based on the provincial identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
Besides, the embodiment of the application also provides a secure interaction device based on the SSL protocol, as shown in fig. 3, and executable instructions are stored thereon, and when the executable instructions are executed, the secure interaction method based on the SSL protocol is implemented. Specifically, the server sends an execution instruction to the memory through the bus, and when the memory receives the execution instruction, sends an execution signal to the processor through the bus so as to activate the processor.
The processor is configured to encrypt transmission data of the mobile application according to a national cryptographic algorithm by the gateway SDK, and upload the encrypted data to a first access gateway of a preset provincial side platform; based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established through the first access gateway and the gateway SDK, and the national secret channel adopts an HTTPS protocol based on a national secret algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data; acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a state encryption algorithm, encrypting and transmitting decryption data corresponding to the demand instruction to a second access gateway of a preset headquarters platform; performing identity authentication based on the provincial identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarter platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
So far, the technical solutions of the present disclosure have been described in connection with the foregoing embodiments, but it is easily understood by those skilled in the art that the scope of the present disclosure is not limited to only these specific embodiments. A person skilled in the art may split and combine the technical solutions in the above embodiments, and may make equivalent changes or substitutions on the related technical features without departing from the technical principles of the present disclosure, and any changes, equivalents, improvements and the like made within the technical concept and/or technical principles of the present disclosure will fall within the protection scope of the present disclosure.
Claims (8)
1. A secure interaction method based on an SSL protocol, characterized in that the method comprises:
according to the state secret algorithm, the gateway SDK encrypts transmission data of the mobile application and uploads the encrypted data to a first access gateway of a preset provincial side platform;
based on the identity information in the encrypted data, the first access gateway performs identity authentication of the mobile application; after the identity authentication is qualified, a national secret channel is established through a first access gateway and a gateway SDK, and the national secret channel adopts an HTTPS protocol based on a national secret algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data;
acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner;
performing identity authentication based on the provincial identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
2. The secure interaction method based on the SSL protocol as recited in claim 1, wherein the gateway SDK encrypts the transmission data of the mobile application according to a cryptographic algorithm, and specifically includes:
generating a random sm4key, and carrying out national encryption processing on the transmission data by using the sm4key to obtain first encryption data; wherein the first encrypted data contains a timestamp;
using sm3 in the cryptographic algorithm to check the cryptographic integrity of the first cryptographic data and the timestamp;
encrypting the random sm4key by using sm2 and sm2 public keys in the national cryptographic algorithm to obtain sm4key encrypted data;
and encrypting the timestamp + sm4key encrypted data + encrypted transmission data by using sm2 in the national cryptographic algorithm to obtain encrypted data.
3. The secure interaction method based on the SSL protocol as recited in claim 1, wherein before the gateway SDK encrypts the transmission data of the mobile application according to a cryptographic algorithm and uploads the encrypted data to the first access gateway of the default province-side platform, the method further comprises:
when the mobile application initializes the gateway SDK, the configuration information is provided in a parameter form; the configuration information at least comprises gateway connection information, service information and agent port information;
establishing a secure connection API through a gateway SDK to access a first access gateway, uploading identity information to the first access gateway, completing identity authentication, key agreement and establishing an encryption transmission channel;
enabling the gateway to set access control authority according to the identity information and generating a local proxy port; so that the mobile application sends the transport data to the gateway SDK through the home agent port.
4. The SSL protocol-based secure interaction method as recited in claim 1, wherein the decrypting the received encrypted data through the first access gateway to obtain decrypted data specifically includes:
decrypting the encrypted data by using a private key of sm2 in the national cryptographic algorithm to obtain encrypted transmission data and sm4key encrypted data;
using sm3 in the cryptographic algorithm to check the consistency of the encrypted data and the preset message digest;
if the encrypted data are consistent, decrypting the sm4key encrypted data to obtain sm4key; and then decrypting the encrypted data by using sm4key to obtain decrypted data.
5. The SSL protocol-based secure interaction method of claim 1, wherein the method further comprises:
triggering an instruction through an editing interface, and entering a gateway SDK configuration file editing interface;
and acquiring an instance of the SSAGclient class through a configuration file editing interface, and initializing the instance so that the gateway SDK supports an agent mode corresponding to the instance.
6. The SSL protocol-based secure interaction method of claim 1, wherein the method further comprises:
and performing confusion processing on the class file in the code corresponding to the SDK of the gateway so as to replace the class name, the variable name and the method name in the class file with preset meaningless short variables.
7. A secure interactive system based on SSL, the system comprising:
the uploading module is used for encrypting the transmission data of the mobile application by the gateway SDK according to a national secret algorithm and uploading the encrypted data to a first access gateway of a preset provincial side platform;
the obtaining module is used for carrying out identity authentication of the mobile application by the first access gateway based on the identity information in the encrypted data; after the identity authentication is qualified, a national password channel is established through the first access gateway and the gateway SDK, and the national password channel adopts an HTTPS protocol based on a national password algorithm; decrypting the received encrypted data through the first access gateway to obtain decrypted data;
the transmission module is used for acquiring a demand instruction issued by a preset headquarter platform through a data push proxy service deployed by a preset provincial side platform; based on a national cryptographic algorithm, transmitting the decrypted data corresponding to the demand instruction to a second access gateway of a preset headquarters platform in an encrypted manner;
the sending module is used for carrying out identity authentication based on the province and side identity information in the uploaded data; sending the uploaded data qualified in identity authentication to a preset data security access service, and further obtaining secondary decrypted data; and determining the required mobile terminal through a preset headquarters platform, and sending the secondary decrypted data to the required mobile terminal in a message pushing or data pulling mode.
8. A secure interactive device based on SSL, the device comprising:
a processor;
and a memory having executable code stored thereon, which when executed, causes the processor to perform a secure interaction method based on SSL protocol as recited in any one of claims 1-6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211131347.0A CN115514549A (en) | 2022-09-16 | 2022-09-16 | Secure interaction method and system based on SSL (secure sockets layer) protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211131347.0A CN115514549A (en) | 2022-09-16 | 2022-09-16 | Secure interaction method and system based on SSL (secure sockets layer) protocol |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115514549A true CN115514549A (en) | 2022-12-23 |
Family
ID=84504274
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211131347.0A Pending CN115514549A (en) | 2022-09-16 | 2022-09-16 | Secure interaction method and system based on SSL (secure sockets layer) protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115514549A (en) |
-
2022
- 2022-09-16 CN CN202211131347.0A patent/CN115514549A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108512846B (en) | Bidirectional authentication method and device between terminal and server | |
US9055047B2 (en) | Method and device for negotiating encryption information | |
US11736304B2 (en) | Secure authentication of remote equipment | |
CN109302369B (en) | Data transmission method and device based on key verification | |
WO2010078755A1 (en) | Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof | |
CN102202299A (en) | Realization method of end-to-end voice encryption system based on 3G/B3G | |
CN113868684A (en) | Signature method, device, server, medium and signature system | |
JP2012100206A (en) | Cryptographic communication relay system, cryptographic communication relay method and cryptographic communication relay program | |
CN111654503A (en) | Remote control method, device, equipment and storage medium | |
CN105471896A (en) | Agent method, device and system based on SSL (Secure Sockets Layer) | |
CN115514549A (en) | Secure interaction method and system based on SSL (secure sockets layer) protocol | |
CN115865907A (en) | Secure communication method between desktop cloud server and terminal | |
CN114896608A (en) | Method, medium and device for realizing hardware password interface by adopting go language | |
CN112637140A (en) | Password transmission method, terminal, server and readable storage medium | |
KR100947326B1 (en) | Downloadable conditional access system host apparatus and method for reinforcing secure of the same | |
KR100444199B1 (en) | Session Key Sharable Simplex Information Service System And Method | |
CN112702305B (en) | System access authentication method and device | |
CN111130796B (en) | Secure online cloud storage method in instant messaging | |
US11979491B2 (en) | Transmission of secure information in a content distribution network | |
JP2023138927A (en) | System and method for managing data-file transmission and access right to data file | |
CN116248259A (en) | Method for encrypting and decrypting data based on mobile terminal commercial cryptographic algorithm | |
CN115102698A (en) | Quantum encrypted digital signature method and system | |
CN116761172A (en) | Secure network construction method based on SD-WAN | |
CN118317299A (en) | 5G encryption communication method and device, electronic equipment and storage medium | |
CN113360948A (en) | Method and device for protecting user secret data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |