CN110971616A - Connection establishing method based on secure transport layer protocol, client and server - Google Patents
Connection establishing method based on secure transport layer protocol, client and server Download PDFInfo
- Publication number
- CN110971616A CN110971616A CN201911351004.3A CN201911351004A CN110971616A CN 110971616 A CN110971616 A CN 110971616A CN 201911351004 A CN201911351004 A CN 201911351004A CN 110971616 A CN110971616 A CN 110971616A
- Authority
- CN
- China
- Prior art keywords
- server
- client
- certificate
- connection
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 87
- 230000004044 response Effects 0.000 claims abstract description 50
- 230000005540 biological transmission Effects 0.000 claims abstract description 43
- 238000004422 calculation algorithm Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 abstract description 19
- 238000012545 processing Methods 0.000 abstract description 11
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a connection establishing method based on a secure transport layer protocol, a client and a server. The method applied to the client comprises the following steps: reporting a corresponding handshake request to a server based on a secure transport layer protocol; and replacing the disguised certificate issued by the server in response to the handshake request with a private certificate prestored locally by the server, and establishing connection with the server by adopting the private certificate. According to the technical scheme provided by the embodiment of the invention, the connection is established between the client and the server by adopting a secure transport layer protocol, extra disguised data does not need to be added at the head of a data packet, the calculated amount of data processing is reduced, the security of data transmission is improved, and meanwhile, the private certificate of the server does not need to be transmitted in the connection establishment process, so that a forbidden party cannot identify the real private certificate of the server, the normal connection between the client and the server is realized, the normal connection is prevented from being maliciously forbidden, and the high availability of the anti-forbidden connection is ensured.
Description
Technical Field
The embodiment of the invention relates to the technical field of internet communication, in particular to a connection establishing method based on a secure transport layer protocol, a client and a server.
Background
With the rapid development of internet technology, more and more clients in application scenes need to have sessions with a server, and corresponding session connections need to be established at the moment; in order to ensure the normativity of the session, an operator may block the connection between some illegal clients and servers, so as to avoid the distribution of illegal contents, while operators in some current countries or regions may maliciously perform technical block on the connection between normal clients and servers for some reasons, and at this time, how to prevent the connection between normal clients and servers from being maliciously blocked becomes a main problem to be solved at present.
The existing technical block generally includes the following network address (Internet Protocol, IP)/domain name block, data feature block, and the like:
1) IP/Domain name sealing: the method comprises the steps that a forbidding party forbids a client to access an IP/domain name which accords with a certain rule by tracking and identifying the IP/domain name used when connection is established between the client and a server; at this time, the method of dynamically updating the IP/domain name used by the client is generally adopted to break through the block, but the updating operation is more complicated.
2) Data feature blocking: because the long connection established between the client and the server generally has a certain characteristic on a data packet, after recognizing that the long connection data of the client has a certain characteristic, the forbidding party forcibly resets the connection between the client and the server; at this time, the long connection data is disguised into data of a third-party website by adopting a disguising means, so that a forbidden party is deceived to break through the forbidden, for example, for the disguising of a hypertext Transfer Protocol (HTTP), when data is transmitted and received on the long connection between the client and the server, information conforming to the format of the HTTP Protocol, such as host, path, content _ type, user _ agent and the like, is added to the header of the data packet, so that the forbidden party considers the long connection as the HTTP connection on any website, and the disguising effect is achieved; however, data receiving and sending each time need to process data packet head information for disguising, the size and the calculated amount of the data packet are increased to a certain extent, meanwhile, connection is established between the client and the server, and the security of subsequent data receiving and sending mainly depends on the encryption and decryption logic of the client, if a forbidding party removes disguised data from the head of the data packet in a certain mode, the real data characteristics can be still identified for forbidding, and the anti-forbidding capability is low.
Disclosure of Invention
The embodiment of the invention provides a connection establishing method based on a secure transport layer protocol, a client and a server, which can prevent the normal connection between the client and the server from being sealed maliciously and ensure the data security between the client and the server.
In a first aspect, an embodiment of the present invention provides a method for establishing a connection based on a secure transport layer protocol, where the method includes:
reporting a corresponding handshake request to a server based on a secure transport layer protocol;
and replacing the disguised certificate issued by the server in response to the handshake request with a private certificate pre-stored locally by the server, and establishing connection with the server by adopting the private certificate.
In a second aspect, an embodiment of the present invention provides a method for establishing a connection based on a secure transport layer protocol, where the method includes:
responding a handshake request reported by a client based on a secure transport layer protocol, and issuing a preset disguised certificate to the client;
and after the client replaces the disguised certificate with a private certificate which is pre-stored locally at the client, establishing connection with the client by adopting the private certificate.
In a third aspect, an embodiment of the present invention provides a connection establishment apparatus based on a secure transport layer protocol, where the apparatus includes:
a handshake reporting module, configured to report a corresponding handshake request to a server based on a secure transport layer protocol;
and the first connection establishing module is used for replacing a disguised certificate issued by the server in response to the handshake request with a private certificate which is prestored locally by the server and establishing connection with the server by adopting the private certificate.
In a fourth aspect, an embodiment of the present invention provides a connection establishment apparatus based on a secure transport layer protocol, where the apparatus includes:
the disguised certificate issuing module is used for responding a handshake request reported by a client based on a secure transport layer protocol and issuing a preset disguised certificate to the client;
and the second connection establishing module is used for establishing connection with the client by adopting the private certificate after the client replaces the disguised certificate with the private certificate which is pre-stored locally at the client.
In a fifth aspect, an embodiment of the present invention provides a client, where the client includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the secure transport layer protocol based connection establishment method of the first aspect of the present invention.
In a sixth aspect, an embodiment of the present invention provides a server, where the server includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the secure transport layer protocol based connection establishment method of the second aspect of the present invention.
In a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a connection establishment method based on a secure transport layer protocol according to any embodiment of the present invention.
The connection establishment method based on the safe transmission layer protocol, the client and the server provided by the embodiment of the invention adopt the safe transmission layer protocol to establish the connection between the client and the server, do not need to add additional disguised data at the head of a data packet, reduce the calculated amount of data processing, improve the safety of data transmission, simultaneously, when the server receives a handshake request reported by the client based on the safe transmission layer protocol, the server issues a preset disguised certificate to the client, the client replaces the disguised certificate with a private certificate prestored on the client by the server, and then the connection is established by adopting the private certificate, so that the private certificate of the server does not need to be transmitted in the connection establishment process, a banning party can only intercept the disguised certificate in a handshake stage and cannot identify the real private certificate of the server, thereby realizing the normal connection between the client and the server, the normal connection between the client and the server is prevented from being maliciously blocked, and the high availability of the blocking-prevention connection is ensured.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:
fig. 1A is a flowchart of a connection establishment method based on a secure transport layer protocol according to an embodiment of the present invention;
fig. 1B is a schematic diagram of a connection establishment process based on a secure transport layer protocol according to an embodiment of the present invention;
fig. 2 is a flowchart of a connection establishment method based on a secure transport layer protocol according to a second embodiment of the present invention;
fig. 3A is a flowchart of a connection establishment method based on a secure transport layer protocol according to a third embodiment of the present invention;
fig. 3B is a schematic diagram of a connection establishment process based on a secure transport layer protocol according to a third embodiment of the present invention;
fig. 4 is a flowchart of a connection establishment method based on a secure transport layer protocol according to a fourth embodiment of the present invention;
fig. 5 is a flowchart of a connection establishment method based on a secure transport layer protocol according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a connection establishment apparatus based on a secure transport layer protocol according to a sixth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a connection establishment apparatus based on a secure transport layer protocol according to a seventh embodiment of the present invention;
fig. 8 is a schematic structural diagram of a client according to an eighth embodiment of the present invention;
fig. 9 is a schematic structural diagram of a server according to a ninth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures. In addition, the embodiments and features of the embodiments in the present invention may be combined with each other without conflict.
Example one
Fig. 1A is a flowchart of a connection establishment method based on a secure transport layer protocol according to an embodiment of the present invention, which may be applied to any client that needs to establish a session connection. The connection establishing method based on the secure transport layer protocol provided in this embodiment may be executed by the connection establishing apparatus based on the secure transport layer protocol, which is applied to the client, and is implemented in a software and/or hardware manner, and is integrated into the client executing the method, where the client may be an application configured on any terminal.
Specifically, referring to fig. 1A, the method may include the steps of:
and S110, reporting the corresponding handshake request to the server based on the secure transport layer protocol.
Specifically, the client in this embodiment is an application program configured on the user terminal and having a corresponding service capability, and since the application program needs to perform service data interaction with the server corresponding to the application program when executing a corresponding service, a corresponding session connection needs to be established between the client and the server before data transmission; the existing session connection generally includes a Transmission Control Protocol (TCP) long connection and a TCP short connection, and a corresponding connection is established by performing a corresponding handshake operation between the client and the server, at this time, because the existing TCP connection generally adopts a plaintext manner to transmit a corresponding handshake message in a handshake phase, so that the Security of the connection established between the client and the server and the subsequent data Transmission and reception depends on the encryption and decryption logic of the client itself, and is easy to be cracked, in order to improve the data Security between the client and the server, the present embodiment establishes a connection between the client and the server based on a Transport Layer Security (TLS) Protocol, and creates a corresponding secure connection channel by adopting a corresponding key negotiation and identity authentication between the client and the server, so as to ensure the confidentiality and data integrity during communication between the clients, meanwhile, data characteristics exposed by the self-defined protocol in the handshake process are avoided, and a forbidding party is prevented from forbidding the connection by stealing the data characteristics.
Optionally, when a connection is established between the client and the server, the connection is usually performed through a handshake operation, and when a service requirement for data transmission exists at the client, a corresponding handshake request is first generated according to the service requirement, and the handshake request is reported to the corresponding server, where the handshake request is used to notify the server: the client requests to establish a connection with it at the current time.
And S120, replacing the disguised certificate issued by the server in response to the handshake request with a private certificate pre-stored locally by the server, and establishing connection with the server by adopting the private certificate.
Specifically, in the existing TLS protocol, after a client reports a handshake request to a server, the server directly issues a private Certificate representing the identity authentication of the server to the client, the client confirms the validity of the private Certificate, and encrypts a session key generated by the private Certificate, so as to transmit a corresponding session key in a ciphertext manner, thereby ensuring the security of the connection established after the handshake phase, at this time, since the transmission of the private Certificate in the handshake phase in the existing TLS protocol is still a plaintext transmission, if an banger tries to intercept a corresponding handshake message, the server's private Certificate can still be obtained, if the private Certificate in the TLS protocol is issued by a Certificate Authority (CA) Authority, the banger can inspect the intercepted private Certificate of the server at the CA Authority, and further identify the connection for banning, if the private certificate of the server is directly used in the handshake process, although the banger can avoid directly identifying the connection, the banger only needs to perform clustering and filtering operations on the private certificate and can also identify and block the connection, so that the common TLS protocol cannot be used to suddenly block the malicious banning of the banger on the normal connection.
In this embodiment, by analyzing the handshake process in the existing TLS protocol, it can be found that the steps before the client receives and confirms the validity of the private certificate of the server are plaintext transmission, and the steps after the client receives and confirms the validity of the private certificate of the server are ciphertext transmission, at this time, under the security assurance of the TLS protocol, it can be considered that the banister can only identify the private certificate of the server and other information when trying to intercept the handshake message, but cannot decrypt the message after session encryption, so in order to prevent the banister from maliciously banning the normal connection this time, this embodiment may replace the private certificate of plaintext transmission in the existing TLS protocol with a security certificate that admittedly allows normal connection, that is, after the server receives the handshake request reported by the client, the server may issue a preset masquerading certificate to the client in a plaintext manner, where the masquerading certificate may be a private certificate of a third party website that admittedly allows normal connection with the local client, at the moment, the disguised certificate belongs to a safety certificate for an forbidden party, meanwhile, the server stores the private certificate of the server on a client in advance before the connection, and when the connection is established between the client and the server, the disguised certificate issued by the server is firstly replaced by the private certificate prestored locally by the server, the specific content of the disguised certificate is not required to be concerned, the corresponding safety connection is directly established between the content in the private certificate of the server and the server, at the moment, the forbidden party can only obtain the disguised certificate when intercepting a handshake message in a handshake phase, so that the forbidden party considers that the current connection is a normal connection which is accepted and allowed to be established, the effect of deceiving the forbidden party is achieved, and the forbidden party cannot know the private certificate really adopted by the connection even if knowing that the current intercepted certificate is the disguised certificate, and cannot carry out malicious forbidding on the normal connection, the method has stronger anti-blocking breakthrough capability and ensures high availability of the anti-blocking connection.
For example, as shown in fig. 1B, in this embodiment, establishing a connection with a server by using a private certificate specifically may include: and generating a corresponding pre-master key according to the public key in the private certificate, and reporting to the server.
Specifically, in this embodiment, a private certificate of the server may set a corresponding public key and a corresponding private key, so as to perform corresponding ciphertext transmission by using a secure encryption/decryption logic, the client may first randomly generate a random number key for subsequent data secure transmission, and encrypt the random number key by using a public key recorded in a private certificate pre-stored locally by the server, so as to generate a corresponding pre-master key (pre _ master key), where the pre-master key carries the random number key and reports the pre-master key to the server, and the server decrypts the pre-master key by using the private key recorded in the private certificate, so as to obtain the random number key, so as to facilitate data secure transmission after subsequent connection is successfully established.
In the technical scheme provided by this embodiment, a secure transport layer protocol is used to establish a connection between a client and a server, no additional disguised data is required to be added to the header of a data packet, the calculation amount of data processing is reduced, the security of data transmission is improved, and meanwhile, when a server receives a handshake request reported by the client based on the secure transport layer protocol, a preset disguised certificate is issued to the client, the disguised certificate is replaced by a private certificate prestored by the server at the client by the client, and then the connection is established by using the private certificate, so that the private certificate of the server does not need to be transmitted in the connection establishment process, a banier can only intercept the disguised certificate in a handshake phase, and cannot identify the real private certificate of the server, thereby realizing normal connection between the client and the server, and preventing the normal connection between the client and the server from being maliciously, high availability of the anti-block connection is guaranteed.
Example two
Fig. 2 is a flowchart of a connection establishment method based on a secure transport layer protocol according to a second embodiment of the present invention. The embodiment is optimized on the basis of the embodiment. Specifically, as shown in fig. 2, in this embodiment, a detailed explanation is made on other handshaking procedures on the client in the connection establishment procedure between the client and the server.
Optionally, as shown in fig. 2, the present embodiment may include the following steps:
and S210, reporting the corresponding handshake request to the server based on the secure transport layer protocol.
S220, receiving a handshake response of the server to the handshake request.
Specifically, when the server receives a handshake request reported by the client, if the client is allowed to establish connection with the server, a handshake response to the handshake request is generated according to information such as encryption logic of the server itself, and the generated handshake response is issued to the client to indicate that the client can establish secure connection with the server currently.
And S230, receiving the disguised certificate issued by the server in response to the handshake request.
Optionally, in order to prevent the forbidden party from maliciously banning the normal connection, in this embodiment, the private certificate transmitted in the plaintext in the existing TLS protocol may be replaced with the security certificate that admittedly allows the normal connection, that is, after the server receives the handshake request reported by the client, the server may issue the preset masquerading certificate to the client in the plaintext manner, where the masquerading certificate may be the private certificate of the third-party website that admittedly allows the normal connection with the client to be established, and at this time, the masquerading certificate belongs to the security certificate for the forbidden party.
S240, searching the private certificate which is issued to the local in advance by the server before the connection is established.
Optionally, after receiving the masquerading certificate issued by the server, the client does not need to pay attention to the specific content of the masquerading certificate subsequently, but needs to establish connection with the server by using a private certificate pre-stored locally by the server, so in this embodiment, the server first issues the private certificate of the server to the client in advance before the connection is established, the client pre-stores locally, and then directly searches for the private certificate pre-issued locally by the server before the connection is established, so that the received masquerading certificate is replaced by the private certificate to accurately establish the secure connection between the client and the server.
And S250, replacing the disguised certificate issued by the server in response to the handshake request with a private certificate prestored locally by the server, and generating a corresponding premaster secret key according to a public secret key in the private certificate and reporting the premaster secret key to the server.
And S260, reporting the corresponding key negotiation notification to the server.
And the key negotiation notification indicates that the corresponding transmission key is determined locally by adopting a preset key negotiation algorithm.
Specifically, in this embodiment, in order to ensure the security of data transmission, the client generates the handshake request according to a first random number generated randomly, the server generates the handshake response according to a second random number generated randomly, and the client generates the premaster secret key according to a third random number generated randomly, so that the handshake request carries a request spare secret key, that is, the first random number in this embodiment, and the handshake response carries a response spare secret key, that is, the second random number in this embodiment, and the premaster secret key carries a hidden spare secret key, that is, the third random number in this embodiment; at this time, after the key exchange is performed between the client and the server, the client may report a corresponding key agreement notification to the server to instruct the server to: in the subsequent data transmission process, the client and the server adopt a preset key negotiation algorithm simultaneously to perform corresponding negotiation processing on the request spare key, the response spare key and the hidden spare key, so that the corresponding transmission key is determined, and the security of subsequent data transmission is ensured.
In the technical scheme provided by this embodiment, when a server receives a handshake request reported by a client based on a secure transport layer protocol, the handshake request carries a request spare key, a corresponding handshake response and a preset masquerading certificate are issued to the client, the client determines a response spare key in the handshake response, and replaces the masquerading certificate with a private certificate prestored by the server on the client, and then establishes a connection by using the private certificate, the hidden spare key is carried in a pre-master key when establishing the connection, so as to realize key exchange between the client and the server, and meanwhile, the private certificate of the server does not need to be transmitted in the connection establishment process, so that a banger can only intercept the masquerading certificate in a handshake stage, and cannot identify the real private certificate of the server, thereby realizing normal connection between the client and the server, and preventing normal connection between the client and the server from being maliciously banned, the high availability of the connection is guaranteed, and the corresponding transmission key is determined by adopting a key negotiation algorithm subsequently, so that the safety of data transmission is guaranteed.
EXAMPLE III
Fig. 3A is a flowchart of a connection establishment method based on a secure transport layer protocol according to a third embodiment of the present invention, which may be applied to any server that needs to establish a session connection. The connection establishing method based on the secure transport layer protocol provided in this embodiment may be executed by the connection establishing apparatus based on the secure transport layer protocol, which is applied to the server provided in the embodiment of the present invention, where the apparatus may be implemented in a software and/or hardware manner, and is integrated into a server that executes the method, where the server may be a background server corresponding to an application program configured on any terminal.
Specifically, referring to fig. 3A, the method may include the steps of:
and S310, responding to a handshake request reported by the client based on the secure transport layer protocol, and issuing a preset disguised certificate to the client.
Specifically, the client in this embodiment is an application program configured on the user terminal and having a corresponding service capability, and since the application program needs to perform service data interaction with the server corresponding to the application program when executing a corresponding service, a corresponding session connection needs to be established between the client and the server before data transmission; the existing session connection establishes a corresponding connection by performing a corresponding handshake operation between the client and the server, and since the existing TCP connection generally transmits a corresponding handshake message in a clear text manner in a handshake stage, the connection established between the client and the server and the security of the subsequent data receiving and sending depend on the encryption and decryption logic of the client, and are easy to crack, therefore, in order to improve the data security between the client and the server, the present embodiment establishes a connection between the client and the server based on the TLS protocol, corresponding secure connection channels are established between the client and the server by adopting corresponding key agreement and identity authentication, so that the confidentiality and data integrity during communication between the clients are ensured, meanwhile, data characteristics exposed by the self-defined protocol in the handshake process are avoided, and a forbidding party is prevented from forbidding the connection by stealing the data characteristics.
Optionally, when a connection is established between the client and the server, the server first receives a handshake request reported by the client to indicate that the client requests to establish a connection with the server at the current time, and at this time, because the server in the existing TLS protocol directly issues a private certificate indicating the identity authentication of the server itself to the client in a plaintext manner, and the banger can recognize the private certificate and perform malicious banning on the current normal connection, in order to prevent the banger from maliciously banning on the current normal connection, the server replaces the private certificate transmitted in the plaintext in the existing TLS protocol with a security certificate that admittedly allows normal connection, that is, the server responds to the handshake request reported by the client and directly issues a preset masquerading certificate to the client in a plaintext manner, where the masquerading certificate may be a certificate of a third-party website that admittedly allows normal connection with the client, the disguised certificate belongs to a security certificate for the banier, and at this time, before issuing the preset disguised certificate to the client, the method may further include: and acquiring a private certificate of a third-party website which allows the client to normally establish connection as a disguised certificate. In this embodiment, there is no need to pay attention to the specific information of the third-party website of the masquerading certificate, when a connection is established between the subsequent client and the server, the masquerading certificate issued by the server is first replaced with the private certificate pre-stored by the server at the client, there is no need to pay attention to the specific content of the masquerading certificate, and then the corresponding secure connection is established between the content in the private certificate of the server and the server,
and S320, after the client replaces the disguised certificate with a private certificate pre-stored locally at the client, establishing connection with the client by adopting the private certificate.
Specifically, after determining that the client replaces the disguised certificate with a private certificate pre-stored locally at the client, the server receives a connection establishment step reported by the client, and at this time, the server responds to a connection establishment operation of the client and directly establishes a connection with the client by using the private certificate.
For example, as shown in fig. 3B, the establishing a connection with a client by using a private certificate in this embodiment may specifically include: receiving a pre-master key generated by a client according to a public key in a private certificate; and decrypting the premaster secret key by using the private secret key in the private certificate to obtain a corresponding hidden spare secret key.
Specifically, after the client replaces the disguised certificate with the private certificate which is shipped by the server at the client, the client randomly generates a random number key for subsequent secure transmission of data first, meanwhile, the public key recorded in the private certificate is adopted to encrypt the random number key, so as to generate a corresponding pre-master key (pre _ master key) and report the key to the server, the pre-master key carries the hidden spare key, i.e. the random number key in this embodiment, and at this time, the server receives the pre-master key reported by the client, and the private key recorded in the private certificate is adopted to decrypt the premaster secret key to obtain the hidden spare secret key carried in the premaster secret key, after the successful establishment of the subsequent connection is ensured, the consistency of the encryption key adopted when data is transmitted between the client and the server improves the security of data transmission.
In the technical scheme provided by this embodiment, a secure transport layer protocol is used to establish a connection between a client and a server, no additional disguised data is required to be added to the header of a data packet, the calculation amount of data processing is reduced, the security of data transmission is improved, and meanwhile, when a server receives a handshake request reported by the client based on the secure transport layer protocol, a preset disguised certificate is issued to the client, the disguised certificate is replaced by a private certificate prestored by the server at the client by the client, and then the connection is established by using the private certificate, so that the private certificate of the server does not need to be transmitted in the connection establishment process, a banier can only intercept the disguised certificate in a handshake phase, and cannot identify the real private certificate of the server, thereby realizing normal connection between the client and the server, and preventing the normal connection between the client and the server from being maliciously, high availability of the anti-block connection is guaranteed.
Example four
Fig. 4 is a flowchart of a connection establishment method based on a secure transport layer protocol according to a fourth embodiment of the present invention. The embodiment is optimized on the basis of the embodiment. Specifically, as shown in fig. 4, the present embodiment explains in detail other handshake processes on the server in the connection establishment process between the client and the server.
Optionally, as shown in fig. 4, the present embodiment may include the following steps:
and S410, issuing a local private certificate to the client in advance before the connection is established.
Optionally, in the process of establishing a subsequent connection between the client and the server, the client needs to replace the disguised certificate issued by the server with a private certificate pre-stored on the client by the server, so that before the connection is established, the server needs to issue the private certificate of the server to the client in advance through other ways, so that the client locally pre-embeds the private certificate of the server, and the subsequent secure connection between the client and the server is conveniently and accurately established.
And S420, responding to the handshake request reported by the client based on the secure transport layer protocol, and issuing a handshake response to the handshake request to the client.
Optionally, when the server receives the handshake request reported by the client, if the client is allowed to establish a connection with the server, a handshake response to the handshake request is generated according to information such as encryption logic of the server itself, and the generated handshake response is issued to the client, so as to indicate that the client can currently establish a secure connection with the server.
And S430, responding to a handshake request reported by the client based on the secure transport layer protocol, and issuing a preset disguised certificate to the client.
S440, after the client replaces the disguised certificate with a private certificate pre-stored locally at the client, receiving a pre-master key generated by the client according to a public key in the private certificate.
S450, the pre-master key is decrypted by the private key in the private certificate, and the corresponding hidden spare key is obtained.
S460, sending the corresponding key negotiation notice to the client.
And the key negotiation notification indicates that the corresponding transmission key is determined locally by adopting a preset key negotiation algorithm.
Specifically, in this embodiment, in order to ensure the security of data transmission, the client generates the handshake request according to a first random number generated randomly, the server generates the handshake response according to a second random number generated randomly, and the client generates the premaster secret key according to a third random number generated randomly, so that the handshake request carries a request spare secret key, that is, the first random number in this embodiment, and the handshake response carries a response spare secret key, that is, the second random number in this embodiment, and the premaster secret key carries a hidden spare secret key, that is, the third random number in this embodiment; at this time, after the key exchange is performed between the client and the server, the server reports a corresponding key agreement notification to the client to indicate the client: the server and the client side adopt a preset key negotiation algorithm simultaneously in the subsequent data transmission process to perform corresponding negotiation processing on the request spare key, the response spare key and the hidden spare key, so that the corresponding transmission key is determined, and the security of subsequent data transmission is ensured.
In the technical scheme provided by this embodiment, when a server receives a handshake request reported by a client based on a secure transport layer protocol, the handshake request carries a request spare key, a corresponding handshake response and a preset masquerading certificate are issued to the client, the client determines a response spare key in the handshake response, and replaces the masquerading certificate with a private certificate prestored by the server on the client, and then establishes a connection by using the private certificate, the hidden spare key is carried in a pre-master key when establishing the connection, so as to realize key exchange between the client and the server, and meanwhile, the private certificate of the server does not need to be transmitted in the connection establishment process, so that a banger can only intercept the masquerading certificate in a handshake stage, and cannot identify the real private certificate of the server, thereby realizing normal connection between the client and the server, and preventing normal connection between the client and the server from being maliciously banned, the high availability of the connection is guaranteed, and the corresponding transmission key is determined by adopting a key negotiation algorithm subsequently, so that the safety of data transmission is guaranteed.
EXAMPLE five
Fig. 5 is a flowchart of a connection establishment method based on a secure transport layer protocol according to a fifth embodiment of the present invention. The embodiment is optimized on the basis of the embodiment. Specifically, as shown in fig. 5, a detailed explanation is made on a specific connection establishment procedure between the client and the server in this embodiment.
Optionally, as shown in fig. 5, the present embodiment may include the following steps:
s501, the client reports a corresponding handshake request to the server based on the secure transport layer protocol, wherein the handshake request carries a request spare key.
S502, the server responds to the handshake request reported by the client based on the secure transport layer protocol, and sends a handshake response to the handshake request to the client, wherein the handshake response carries a response spare key.
S503, the server issues the preset disguised certificate to the client.
S504, the client searches for the private certificate which is issued to the local in advance by the server before the connection is established.
And S505, the client replaces the disguised certificate issued by the server with a private certificate pre-stored locally by the server.
S506, the client generates a corresponding pre-master key according to the public key in the private certificate, wherein the pre-master key carries the hidden spare key.
S507, the client reports the pre-master key to the server.
S508, the server adopts the private cipher key in the private certificate to decipher the premaster cipher key, and the corresponding hidden spare cipher key is obtained.
S509, the client reports a corresponding key agreement notification to the server.
S510, the server sends a corresponding key agreement notice to the client.
In the technical scheme provided by this embodiment, a secure transport layer protocol is used to establish a connection between a client and a server, no additional disguised data is required to be added to the header of a data packet, the calculation amount of data processing is reduced, the security of data transmission is improved, and meanwhile, when a server receives a handshake request reported by the client based on the secure transport layer protocol, a preset disguised certificate is issued to the client, the disguised certificate is replaced by a private certificate prestored by the server at the client by the client, and then the connection is established by using the private certificate, so that the private certificate of the server does not need to be transmitted in the connection establishment process, a banier can only intercept the disguised certificate in a handshake phase, and cannot identify the real private certificate of the server, thereby realizing normal connection between the client and the server, and preventing the normal connection between the client and the server from being maliciously, high availability of the anti-block connection is guaranteed.
EXAMPLE six
Fig. 6 is a schematic structural diagram of a connection establishment apparatus based on a secure transport layer protocol according to a sixth embodiment of the present invention, and specifically, as shown in fig. 6, the apparatus may include:
a handshake reporting module 610, configured to report a corresponding handshake request to a server based on a secure transport layer protocol;
the first connection establishing module 620 is configured to replace the disguised certificate issued by the server in response to the handshake request with a private certificate that is pre-stored locally by the server, and establish a connection with the server by using the private certificate.
In the technical scheme provided by this embodiment, a secure transport layer protocol is used to establish a connection between a client and a server, no additional disguised data is required to be added to the header of a data packet, the calculation amount of data processing is reduced, the security of data transmission is improved, and meanwhile, when a server receives a handshake request reported by the client based on the secure transport layer protocol, a preset disguised certificate is issued to the client, the disguised certificate is replaced by a private certificate prestored by the server at the client by the client, and then the connection is established by using the private certificate, so that the private certificate of the server does not need to be transmitted in the connection establishment process, a banier can only intercept the disguised certificate in a handshake phase, and cannot identify the real private certificate of the server, thereby realizing normal connection between the client and the server, and preventing the normal connection between the client and the server from being maliciously, high availability of the anti-block connection is guaranteed.
Further, the first connection establishing module 620 may be specifically configured to:
and generating a corresponding pre-master key according to the public key in the private certificate, and reporting to the server.
Further, the connection establishing apparatus based on the secure transport layer protocol may further include:
and the private certificate searching module is used for searching the private certificate which is issued to the local in advance by the server before the connection is established.
Further, the connection establishing apparatus based on the secure transport layer protocol may further include:
and the disguised certificate receiving module is used for receiving the disguised certificate issued by the server in response to the handshake request.
Further, the connection establishing apparatus based on the secure transport layer protocol may further include:
and the handshake response receiving module is used for receiving the handshake response of the server to the handshake request.
Further, the handshake request may carry a request spare key, the handshake response may carry a response spare key, and the premaster key may carry a hidden spare key;
correspondingly, the connection establishing apparatus based on the secure transport layer protocol may further include:
and the first negotiation notification module is used for reporting a corresponding key negotiation notification to the server, wherein the key negotiation notification indicates that the corresponding transmission key is determined locally by adopting a preset key negotiation algorithm.
The connection establishing apparatus based on the secure transport layer protocol provided in this embodiment is applicable to the connection establishing method based on the secure transport layer protocol applied to the client terminal provided in any of the above embodiments, and has corresponding functions and beneficial effects.
EXAMPLE seven
Fig. 7 is a schematic structural diagram of a connection establishment apparatus based on a secure transport layer protocol according to a seventh embodiment of the present invention, and specifically, as shown in fig. 7, the apparatus may include:
the disguised certificate issuing module 710 is configured to respond to a handshake request reported by the client based on a secure transport layer protocol, and issue a preset disguised certificate to the client;
and a second connection establishing module 720, configured to, after the client replaces the masquerading certificate with a private certificate pre-stored locally at the client, establish a connection with the client by using the private certificate.
In the technical scheme provided by this embodiment, a secure transport layer protocol is used to establish a connection between a client and a server, no additional disguised data is required to be added to the header of a data packet, the calculation amount of data processing is reduced, the security of data transmission is improved, and meanwhile, when a server receives a handshake request reported by the client based on the secure transport layer protocol, a preset disguised certificate is issued to the client, the disguised certificate is replaced by a private certificate prestored by the server at the client by the client, and then the connection is established by using the private certificate, so that the private certificate of the server does not need to be transmitted in the connection establishment process, a banier can only intercept the disguised certificate in a handshake phase, and cannot identify the real private certificate of the server, thereby realizing normal connection between the client and the server, and preventing the normal connection between the client and the server from being maliciously, high availability of the anti-block connection is guaranteed.
Further, the second connection establishing module 720 may specifically be configured to:
receiving a pre-master key generated by a client according to a public key in a private certificate;
and decrypting the premaster secret key by using the private secret key in the private certificate to obtain a corresponding hidden spare secret key.
Further, the connection establishing apparatus based on the secure transport layer protocol may further include:
and the private certificate pre-storing module is used for issuing a local private certificate to the client in advance before the connection is established.
Further, the connection establishing apparatus based on the secure transport layer protocol may further include:
and the handshake response issuing module is used for issuing a handshake response to the handshake request to the client.
Further, the handshake request may carry a request spare key, the handshake response may carry a response spare key, and the premaster key may carry a hidden spare key;
correspondingly, the connection establishing apparatus based on the secure transport layer protocol may further include:
and the first negotiation notification module is used for issuing a corresponding key negotiation notification to the client, wherein the key negotiation notification indicates that a preset key negotiation algorithm is locally adopted to determine a corresponding transmission key.
The connection establishing apparatus based on the secure transport layer protocol provided in this embodiment is applicable to the connection establishing method based on the secure transport layer protocol applied to the server provided in any of the above embodiments, and has corresponding functions and beneficial effects.
Example eight
Fig. 8 is a schematic structural diagram of a client according to an eighth embodiment of the present invention, as shown in fig. 8, the client includes a processor 80, a storage device 81, and a communication device 82; the number of the processors 80 in the client can be one or more, and one processor 80 is taken as an example in fig. 8; the processor 80, the storage device 81 and the communication device 82 in the client may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 8.
The storage device 81 is a computer readable storage medium, and can be used for storing software programs, computer executable programs, and modules, such as program instructions/modules corresponding to the secure transport layer protocol-based connection establishment method applied to the client according to any embodiment of the present invention. The processor 80 executes various functional applications and data processing of the client by running software programs, instructions and modules stored in the storage device 81, that is, implements the above-described connection establishment method based on the secure transport layer protocol.
The storage device 81 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the storage device 81 may include a high speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, storage device 81 may further include memory located remotely from processor 80, which may be connected to the client over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The communication device 82 may be used to enable a network connection or a mobile data connection between the client and the server.
The client provided by this embodiment can be used to execute the connection establishment method based on the secure transport layer protocol applied to the client provided by any of the above embodiments, and has corresponding functions and beneficial effects.
Example nine
Fig. 9 is a schematic structural diagram of a server according to a ninth embodiment of the present invention, and as shown in fig. 9, the server includes a processor 90, a storage device 91, and a communication device 92; the number of the processors 90 in the server may be one or more, and one processor 90 is taken as an example in fig. 9; the processor 90, the storage device 91 and the communication device 92 in the server may be connected by a bus or other means, and the bus connection is taken as an example in fig. 9.
The storage device 91 is a computer-readable storage medium, and can be used to store software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the secure transport layer protocol-based connection establishment method applied to the server according to any embodiment of the present invention. The processor 90 executes various functional applications and data processing of the client by running software programs, instructions and modules stored in the storage device 91, that is, implements the above-described connection establishment method based on the secure transport layer protocol.
The storage device 91 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the storage 91 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, storage device 91 may further include memory located remotely from processor 90, which may be connected to a server over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The communication device 92 may be used to enable a network connection or a mobile data connection between the client and the server.
The server provided by this embodiment may be configured to execute the connection establishment method based on the secure transport layer protocol, which is applied to the server and provided by any of the above embodiments, and has corresponding functions and beneficial effects.
Example ten
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, can implement the connection establishment method based on the secure transport layer protocol in any of the embodiments described above. The method specifically comprises the following steps:
reporting a corresponding handshake request to a server based on a secure transport layer protocol;
and replacing the disguised certificate issued by the server in response to the handshake request with a private certificate prestored locally by the server, and establishing connection with the server by adopting the private certificate.
Or,
responding a handshake request reported by a client based on a secure transport layer protocol, and issuing a preset disguised certificate to the client;
and after the client replaces the disguised certificate with a private certificate pre-stored locally at the client, establishing connection with the client by adopting the private certificate.
Of course, the storage medium containing the computer-executable instructions provided by the embodiments of the present invention is not limited to the method operations described above, and may also perform related operations in the connection establishment method based on the secure transport layer protocol provided by any embodiments of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the connection establishment apparatus based on the secure transport layer protocol, the included units and modules are only divided according to functional logic, but are not limited to the above division, as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (18)
1. A connection establishing method based on a secure transport layer protocol is characterized by comprising the following steps:
reporting a corresponding handshake request to a server based on a secure transport layer protocol;
and replacing the disguised certificate issued by the server in response to the handshake request with a private certificate pre-stored locally by the server, and establishing connection with the server by adopting the private certificate.
2. The method of claim 1, wherein establishing the connection with the server using the private certificate comprises:
and generating a corresponding pre-master key according to the public key in the private certificate, and reporting the pre-master key to the server.
3. The method according to claim 1, before replacing the disguised certificate issued by the server in response to the handshake request with a private certificate pre-stored locally by the server, further comprising:
and searching a private certificate which is issued to the local in advance by the server before the connection is established.
4. The method of claim 1, wherein after reporting the corresponding handshake request to the server based on the secure transport layer protocol, further comprising:
and receiving a disguised certificate issued by the server in response to the handshake request.
5. The method of claim 2, wherein after reporting the corresponding handshake request to the server based on the secure transport layer protocol, further comprising:
receiving a handshake response of the server to the handshake request.
6. The method of claim 5, wherein the handshake request carries a request spare key, the handshake response carries a response spare key, and the premaster key carries a hidden spare key;
correspondingly, after the connection is established with the server by using the private certificate, the method further includes:
and reporting a corresponding key negotiation notification to the server, wherein the key negotiation notification indicates that a preset key negotiation algorithm is locally adopted to determine a corresponding transmission key.
7. The method according to any one of claims 1-5, wherein the masquerading certificate is a private certificate of a third-party website that is recognized as allowing normal establishment of a connection with a local site.
8. A connection establishing method based on a secure transport layer protocol is characterized by comprising the following steps:
responding a handshake request reported by a client based on a secure transport layer protocol, and issuing a preset disguised certificate to the client;
and after the client replaces the disguised certificate with a private certificate which is pre-stored locally at the client, establishing connection with the client by adopting the private certificate.
9. The method of claim 8, wherein establishing the connection with the client using the private certificate comprises:
receiving a pre-master key generated by the client according to a public key in the private certificate;
and decrypting the premaster secret key by adopting the private secret key in the private certificate to obtain a corresponding hidden spare secret key.
10. The method according to claim 8, before issuing a preset masquerading certificate to the client, further comprising:
and issuing a local private certificate to the client in advance before the connection is established.
11. The method according to claim 9, before issuing a preset masquerading certificate to the client, further comprising:
and issuing a handshake response to the handshake request to the client.
12. The method of claim 11 wherein the handshake request carries a request spare key and the handshake response carries a response spare key;
correspondingly, after the connection is established with the client by using the private certificate, the method further includes:
and issuing a corresponding key negotiation notification to the client, wherein the key negotiation notification indicates that a preset key negotiation algorithm is locally adopted to determine a corresponding transmission key.
13. The method according to any one of claims 8-12, further comprising, before issuing a preset masquerading certificate to the client:
and acquiring a private certificate of a third-party website allowing normal connection with the client as the disguised certificate.
14. A connection establishment apparatus based on a secure transport layer protocol, comprising:
a handshake reporting module, configured to report a corresponding handshake request to a server based on a secure transport layer protocol;
and the first connection establishing module is used for replacing a disguised certificate issued by the server in response to the handshake request with a private certificate which is prestored locally by the server and establishing connection with the server by adopting the private certificate.
15. A connection establishment apparatus based on a secure transport layer protocol, comprising:
the disguised certificate issuing module is used for responding a handshake request reported by a client based on a secure transport layer protocol and issuing a preset disguised certificate to the client;
and the second connection establishing module is used for establishing connection with the client by adopting the private certificate after the client replaces the disguised certificate with the private certificate which is pre-stored locally at the client.
16. A client, the client comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a secure transport layer protocol based connection establishment method as claimed in any one of claims 1-7.
17. A server, characterized in that the server comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the secure transport layer protocol based connection establishment method of any of claims 8-13.
18. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out a secure transport layer protocol based connection set-up method according to any one of claims 1 to 13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911351004.3A CN110971616B (en) | 2019-12-24 | 2019-12-24 | Connection establishing method based on secure transport layer protocol, client and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911351004.3A CN110971616B (en) | 2019-12-24 | 2019-12-24 | Connection establishing method based on secure transport layer protocol, client and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110971616A true CN110971616A (en) | 2020-04-07 |
| CN110971616B CN110971616B (en) | 2022-04-01 |
Family
ID=70036526
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911351004.3A Active CN110971616B (en) | 2019-12-24 | 2019-12-24 | Connection establishing method based on secure transport layer protocol, client and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110971616B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112689014A (en) * | 2020-12-24 | 2021-04-20 | 百果园技术(新加坡)有限公司 | Double-full-duplex communication method and device, computer equipment and storage medium |
| CN113472792A (en) * | 2021-07-01 | 2021-10-01 | 北京玩蟹科技有限公司 | Long-connection network communication encryption method and system |
| CN117118763A (en) * | 2023-10-25 | 2023-11-24 | 紫光同芯微电子有限公司 | Method, device and system for data transmission |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161366A (en) * | 2015-04-03 | 2016-11-23 | 上海庆科信息技术有限公司 | The method and system that a kind of SSL of minimizing takes up room |
| CN106533689A (en) * | 2015-09-15 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Method and device for loading digital certificate in SSL/TLS communication |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| CN107592315A (en) * | 2017-09-19 | 2018-01-16 | 北京知道创宇信息技术有限公司 | For the client of encrypted transmission data, server, network system and method |
| US10298404B1 (en) * | 2014-12-12 | 2019-05-21 | Amazon Technologies, Inc. | Certificate echoing for session security |
| CN109831311A (en) * | 2019-03-21 | 2019-05-31 | 深圳市网心科技有限公司 | A kind of server validation method, system, user terminal and readable storage medium storing program for executing |
-
2019
- 2019-12-24 CN CN201911351004.3A patent/CN110971616B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10298404B1 (en) * | 2014-12-12 | 2019-05-21 | Amazon Technologies, Inc. | Certificate echoing for session security |
| CN106161366A (en) * | 2015-04-03 | 2016-11-23 | 上海庆科信息技术有限公司 | The method and system that a kind of SSL of minimizing takes up room |
| CN106533689A (en) * | 2015-09-15 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Method and device for loading digital certificate in SSL/TLS communication |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| CN107592315A (en) * | 2017-09-19 | 2018-01-16 | 北京知道创宇信息技术有限公司 | For the client of encrypted transmission data, server, network system and method |
| CN109831311A (en) * | 2019-03-21 | 2019-05-31 | 深圳市网心科技有限公司 | A kind of server validation method, system, user terminal and readable storage medium storing program for executing |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112689014A (en) * | 2020-12-24 | 2021-04-20 | 百果园技术(新加坡)有限公司 | Double-full-duplex communication method and device, computer equipment and storage medium |
| CN113472792A (en) * | 2021-07-01 | 2021-10-01 | 北京玩蟹科技有限公司 | Long-connection network communication encryption method and system |
| CN113472792B (en) * | 2021-07-01 | 2023-05-05 | 北京玩蟹科技有限公司 | Communication encryption method and system for long-connection network |
| CN117118763A (en) * | 2023-10-25 | 2023-11-24 | 紫光同芯微电子有限公司 | Method, device and system for data transmission |
| CN117118763B (en) * | 2023-10-25 | 2024-03-01 | 紫光同芯微电子有限公司 | Method, device and system for data transmission |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110971616B (en) | 2022-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110190955B (en) | Information processing method and device based on secure socket layer protocol authentication | |
| CN107666383B (en) | Message processing method and device based on HTTPS (hypertext transfer protocol secure protocol) | |
| US8307208B2 (en) | Confidential communication method | |
| CN113225352B (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN108111497B (en) | Mutual authentication method and device for camera and server | |
| US11470060B2 (en) | Private exchange of encrypted data over a computer network | |
| US20190140823A1 (en) | Method for Detecting Encrypted Content, and Device | |
| CN110971616B (en) | Connection establishing method based on secure transport layer protocol, client and server | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN110493367B (en) | Address-free IPv6 non-public server, client and communication method | |
| CN112637136A (en) | Encrypted communication method and system | |
| CN110839240B (en) | Method and device for establishing connection | |
| CN115766119A (en) | Communication method, communication apparatus, communication system, and storage medium | |
| CN117118763A (en) | Method, device and system for data transmission | |
| CN104243452A (en) | Method and system for cloud computing access control | |
| KR101448866B1 (en) | Security apparatus for decrypting data encrypted according to the web security protocol and operating method thereof | |
| CN110086806B (en) | Scanning system for plant station equipment system bugs | |
| KR101847636B1 (en) | Method and apprapatus for watching encrypted traffic | |
| CN113612790B (en) | Data security transmission method and device based on equipment identity pre-authentication | |
| CN111756698B (en) | Message transmission method, device, equipment and computer readable storage medium | |
| CN111385258B (en) | Data communication method, device, client, server and storage medium | |
| CN105790932A (en) | Encryption method through using machine codes as bases | |
| CN112995140B (en) | Safety management system and method | |
| CN111865956A (en) | System, method, device and storage medium for preventing service hijacking | |
| CN111181722A (en) | Authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231009 Address after: 31a, 15th floor, building 30, maple commercial city, bangrang Road, Brazil Patentee after: Baiguoyuan Technology (Singapore) Co.,Ltd. Address before: 511400 floor 5-13, West Tower, building C, 274 Xingtai Road, Shiqiao street, Panyu District, Guangzhou City, Guangdong Province Patentee before: GUANGZHOU BAIGUOYUAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |