CN101567880A - Method, device and system for encryption suite selection - Google Patents
Method, device and system for encryption suite selection Download PDFInfo
- Publication number
- CN101567880A CN101567880A CNA2008101045080A CN200810104508A CN101567880A CN 101567880 A CN101567880 A CN 101567880A CN A2008101045080 A CNA2008101045080 A CN A2008101045080A CN 200810104508 A CN200810104508 A CN 200810104508A CN 101567880 A CN101567880 A CN 101567880A
- Authority
- CN
- China
- Prior art keywords
- encryption suite
- encryption
- handshake information
- special
- suite
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a method, a device and a system for encryption suite selection. The method comprises the following steps: receiving first handshake information sent by a client, which comprises a first country code and a corresponding special-purpose encryption suite list; and sending second handshake information to which an encryption suite is added to the client according to the first country code, the special-purpose encryption suite list and the preset policy selection encryption suite. The device and the system correspond to the method. The embodiment of the invention can avoid the problem of encryption suite conflict existing in the prior art and can be well compatible with the prior art.
Description
Technical field
The present invention relates to networking technology area, especially a kind of encryption suite system of selection, device and system.
Background technology
Along with development of internet technology, long-range access is more and more, has also brought highlighting of safety problem simultaneously.In order to guarantee the safety of network service, SSL (Secure Socket Layer, SSL) agreement, Transport Layer Security (Transport Layer Security, TLS) agreement etc. have successively appearred.In the process of SSL or TLS session foundation, the various cryptographic algorithm of using when communicating pair need just be communicated by letter are reached an agreement.The client of communication and service end are by the realization above-mentioned purpose of shaking hands, be specially: client sends one first handshake information (ClientHello message), this ClientHello message is mainly used in the preference of the various parameters of the desired use of transmission client, comprise the cryptographic algorithm that client is supported, these cryptographic algorithm are formed different encryption suites, comprise the tabulation cipher_suits that is made up of encryption suite in ClientHello message, the various encryption suites in this tabulation are to arrange from high to low according to the selection tendentiousness (priority) of client; Service end is chosen an encryption suite after receiving ClientHello message from the cipher_suits tabulation, and the numerical value of this encryption suite of choosing is notified to client by second handshake information (ServerHello message), client is known the encryption suite that service end is selected according to the feedback of service end, and carries out encryption according to this encryption suite of choosing.Internet engineering task group (Internet Engineering Task Force, IETF) regulation is distributed to the Standard Encryption external member with the numerical value of 0x00 to 0xBF beginning, the Standard Encryption external member is general, and the encryption suite that refers to for the same numerical value of client and service end is identical.Numerical value with 0xC0 to 0xFF beginning is distributed to special-purpose encryption suite.In realizing process of the present invention, the inventor finds that there are the following problems at least in the prior art: though IETF has distributed numerical space to give special-purpose encryption suite, but, because the non-versatility of special-purpose external member, communicating pair can be provided with respectively, the numerical value that exists communicating pair to adopt probably is identical, but the different situation of the encryption suite that both sides refer to will cause session to set up failure like this.
Summary of the invention
The embodiment of the invention provides a kind of encryption suite system of selection, device and system, in order to solve the problem of the encryption suite conflict that may exist in the prior art.
For this reason, the embodiment of the invention provides a kind of encryption suite system of selection, comprising:
Receive first handshake information that client sends, described first handshake information comprises first country code and corresponding special-purpose encryption suite list;
Select encryption suite according to described first country code, special-purpose encryption suite list and preset strategy, described encryption suite is added in second handshake information, described second handshake information is sent to described client.
The embodiment of the invention also provides a kind of encryption suite choice device, comprising:
Receiver module is used to receive first handshake information that client sends, and described first handshake information comprises first country code and corresponding special-purpose encryption suite list;
Sending module is used for selecting encryption suite according to described first country code, special-purpose encryption suite list and preset strategy, and described encryption suite is added in second handshake information, and described second handshake information is sent to described client.
The embodiment of the invention also provides a kind of encryption suite selective system, comprising:
Client is used to send first handshake information, and described first handshake information comprises first country code and corresponding special-purpose encryption suite list;
Service end is used for selecting encryption suite according to described first country code, special-purpose encryption suite list and preset strategy, and the encryption suite of selecting is added in second handshake information, sends described second handshake information to described client.
As shown from the above technical solution, the embodiment of the invention increases country code by extended handshake message, makes special-purpose encryption suite corresponding with country, can solve special-purpose encryption suite and specify the collision problem that causes by numerical value merely, realizes the accurate negotiation of communicating pair.
Description of drawings
Fig. 1 is the schematic flow sheet of encryption suite system of selection one embodiment of the present invention;
Fig. 2 is the structural representation of encryption suite choice device one embodiment of the present invention;
Fig. 3 is the structural representation of encryption suite selective system one embodiment of the present invention.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Fig. 1 is the schematic flow sheet of encryption suite system of selection one embodiment of the present invention, and this embodiment comprises:
Step 11: client sends first handshake information (ClientHello message) to service end, and this first handshake information comprises the special-purpose encryption suite list that records special-purpose encryption suite list numerical value of first country code and corresponding first country code.
In order only to solve in the prior art problem of specifying the special-purpose encryption suite conflict that special-purpose encryption suite may cause with numerical value, can expand handshake information mutual between client and the receiving terminal, the special purpose system external member is specified by the numerical value that country code and this country formulate.Concrete, mutual handshake information can comprise expansion (extension_data territory), the structure in this extension_data territory is as follows:
Struct{
MessageType message_type;
CountryType country_type;
Select(MessageType){
case 0:NSCipherSuite ns_cipher_suites<2...2^16-1>;
case 1:NSCipherSuite ns_cipher_suite;
}
}CipherSuite;
enum{
client(0),server(1),(1)
MessageType; // be used to determine the handshake information that client sends is expanded, still the handshake information that service end is sent is expanded
enum{
PRC(0),US(1),JP(2),EURO(3),(255)
CountryType; // be used for determining country code
uint8 NSCipherSuite[2];
Wherein, MessageType is used to show that it still is ServerHello message that this expansion belongs to ClientHello message, and promptly this field has determined in the expansion it is transmission special-purpose encryption suite list or special-purpose encryption suite.If the MessageType field is 0, comprise the ns_cipher_suites field in the expansion, the ns_cipher_suites field is the tabulation of the special-purpose encryption suite of its support of selecting of client.Cryptographic algorithm and numerical value thereof shown in this tabulation are by country indicated in the country_code expansion or ground area definition.If the MessageType field is 1, comprise the ns_cipher_suite field in the expansion, the ns_cipher_suite field is a special-purpose encryption suite.The corresponding numerical value of cryptographic algorithm in this special-purpose encryption suite is by country indicated in the country_code expansion or ground area definition.
The CountryType field is the code of countries and regions, also can be the numerical value in respective country or area, is CN as the code of China, and numerical value is 86.
In handshake procedure, client sends a ClientHello message that comprises expansion, wherein writes down the special-purpose encryption suite that client can be supported.Promptly in the expansion of ClientHello message, the message_type field is changed to 0, country_code is certain country of the special-purpose encryption suite of client definition, the ns_cipher_suites field be client that support with the national corresponding special-purpose encryption suite list country_code record.
Service end if agree to use special-purpose encryption suite, then comprises ServerHello that ns_ciphersuite expands in response with one after receiving the ClientHello that comprises ns_ciphersuites expansion.In the ns_ciphersuite of ServerHello expansion, the message_type field is changed to 1, the country code that country_code provides for client, show the affirmation of service end, the encryption suite that the ns_cipher_suite field is selected from the special-purpose encryption suite list that client provides for service end to country code.
In addition, service end need be changed to the cipher_suite field of ServerHello message a particular value, as 0xFFFF, shows that service end do not use the Standard Encryption external member.
Client is carried according to form of the prior art for the Standard Encryption external member when service end sends ClientHello message, promptly is carried in the cipher_suites tabulation of ClientHello message; For special-purpose encryption suite, existing C lientHello message is expanded, increase country code and special-purpose encryption suite list, it is example that present embodiment is formulated by country with special-purpose encryption suite, if special-purpose encryption suite is by area or tissue or the formulation of other mechanism, then country code is corresponding area or tissue or Institution Code herein, writing down the numerical value that distributes for each special-purpose encryption suite by country in this special-purpose encryption suite list, therefore, can uniquely determine a special-purpose encryption suite by country code and corresponding numerical value.Be the example of an encryption suite below:
TLS_RSA_WITH_AES_256_CBC_SHA={0x00,0x35}
Wherein, TLS presentation protocol type, RSA represents Diffie-Hellman, and AES_256_CBC represents DEA, and SHA represents Hash (Hash) algorithm; The numerical value of this encryption suite is 0x0035, and the encryption suite of indicating when promptly communicating pair uses numerical value 0x0035 is TLS_RSA_WITH_AES_256_CBC_SHA.This example is example (because the numerical value beginning is 0x00) with the Standard Encryption external member, and the form of special-purpose encryption suite is also like this, and different is that the numerical value beginning is between 0xC0-0xFF.
The communicating pair session set up initial, client and service end all are provided with some preset strategy in advance, the priority of which special-purpose encryption suite, special-purpose encryption suite and the Standard Encryption external member of formulating as client and which country of each self-supporting of service end etc.The special-purpose encryption suite that present embodiment hypothesis client sends is formulated by China, and the country code of China is CN, and value corresponding is 86, and the special-purpose encryption suite content of formulation and the relation of numerical value can be as shown in table 1.
Table 1
| The encryption suite content | Encryption suite numerical value |
| TLS_SM2_WITH_SM1_SM3 | {0xFE,0x01} |
| TLS_RSA_WITH_SM1_SM3 | {0xFE,0x02} |
| TLS_SM2_WITH_AES_256_CBC_SM3 | {0xFE,0x03} |
| TLS_SM2_WITH_SM1_SHA | {0xFE,0x04} |
| ...... | ...... |
Expansion comprises country code and special-purpose encryption suite list in this ClientHello message.Country code is 86 partly, shows the encryption suite that uses this session to use China's definition.And special-purpose encryption suite list partly is one or more combination of the special-purpose encryption suite of the China definition shown in the table 1, concrete composition can be determined according to the encryption suite of the support of client configuration, and the arrangement mode of each special-purpose encryption suite in should tabulating is identical with the arrangement mode of each Standard Encryption external member in the tabulation of Standard Encryption external member, promptly all be according to priority sequence arrangement from high to low, service end also is according to priority selecting from high to low when carrying out the selection of encryption suite in purpose encryption suite list.
After service end receives ClientHello message,, return second handshake information (ServerHello message) to client according to the preset strategy of this ClientHello message and service end.If service end selects to use special-purpose encryption suite, then use the ServerHello extension of message, make it to comprise second country code and the value corresponding of the special-purpose encryption suite that service end is selected, under the normal situation of shaking hands, second country code should be consistent with first country code, and the special-purpose encryption suite that service end is selected is to select in the special-purpose encryption suite list that client sends.The special-purpose encryption suite of selecting as service end is TLS_SM2_WITH_SM1_SM3, then service end comprises that in the expansion item of the ServerHello message of returning numerical value is 86 country code and numerical value 0xFE01, and for what indicate use is special-purpose encryption suite, the cipher_suite field of ServerHello message is set to specific identity, its value is a special numerical value, as is set to 0xFFFF; If service end does not select to use special-purpose encryption suite, then return the Standard Encryption external member, promptly carry the numerical value of the Standard Encryption external member of selection, as 0x0035 in the cipher_suite of ServerHello message field.Concrete, comprising:
Step 121: after service end receives ClientHello message, judge first country code (as 86) that carries in the ClientHello message whether in the country code group of its support, if then execution in step 122, otherwise, execution in step 124.
Step 122: judge special-purpose encryption suite that service end selects whether in the special-purpose encryption suite group that service end is supported, if, execution in step 123, otherwise, execution in step 124.
Step 123: judge whether the priority of the special-purpose encryption suite of selecting is lower than the priority of Standard Encryption external member, because special-purpose encryption suite is to carry in different tabulations with the Standard Encryption external member, need to judge priority separately, is the highest according to priority as the special-purpose encryption suite selected in special-purpose encryption suite list, but the priority of the special-purpose encryption suite of this selection may be lower than the priority that is arranged in the Standard Encryption external member that the Standard Encryption external member tabulates.If, execution in step 124, otherwise, execution in step 125.
Step 124: service end sends second handshaking information to client, and described second handshaking information is the ServerHello message that comprises the Standard Encryption external member.Numerical value as the Standard Encryption external member selected is 0x0035, then adds 0x0035 in the cipher_suite of ServerHello message field, and returns to client.
Step 125: service end sends second handshake information (ServerHello message) to client, this ServerHello message comprises numerical value, second country code and the specific identity of the special-purpose encryption suite that this service end is selected, wherein specific identity can be added on the cipher_suite field, specific identity, as 0xFFFF, be used for characterizing the use special-purpose encryption suite.
This ServerHello message comprises the special-purpose encryption suite that second country code and service end are chosen with respect to the expansion of existing ServerHello message.Under the situation of normally shaking hands, second country code is first country code in the ClientHello extension of message, and for example Chinese value corresponding 86 shows service end determining the client designated country.The special purpose system external member partly is the numerical value of special-purpose encryption suite shown in the table 1 and that selected by service end in the ciphersuites of ClientHello message item, as 0xFE01.
Above-mentioned flow process has realized encryption suite mutual of client and service end, and follow-up flow process can also comprise:
Step 13: after client receives ServerHello message, judge whether to stop shaking hands according to this ServerHello message.If the encryption suite that returns can obtain the support of client then continue to shake hands, the Standard Encryption external member of returning as service end is that client can be supported, so, client and service end will be carried out cryptographic calculation with this Standard Encryption external member, the special-purpose encryption suite of returning as service end is that client can be supported, so, client and service end will be carried out cryptographic calculation with this special-purpose encryption suite.If the encryption suite that returns can not obtain the support of client then stop shaking hands.
At the problem of consulting may occur in the negotiations process of Custom Encryption external member, client can stop shaking hands under following situation after receiving the ServerHello response message of service end, and sends the bad_nsciphersuite_negotiation false alarm:
(1) second country code that carries in the expansion of ServerHello message and first country code are inconsistent;
(2) special-purpose encryption suite of carrying in the expansion of ServerHello message is not in the special-purpose encryption suite list that client is supported;
(3) the cipher_suite field of ServerHello message has been added specific identity, but ServerHello message does not comprise the expansion that special-purpose encryption suite is relevant, as not comprising the special-purpose encryption suite of second country code and selection;
(4) ServerHello message has been carried out the expansion of special-purpose encryption suite, and as comprising the special-purpose encryption suite of second country code and selection in expansion, but the cipher_suite field is not added specific identity.
As long as satisfy one of above condition, shaking hands of client and service end will be terminated, flow process finishes, the continuation if shake hands, then special-purpose encryption suite or the Standard Encryption external member that consults according to client and service end carried out encryption, return special-purpose encryption suite as service end, client is supported this special-purpose encryption suite again, then both sides carry out encryption with this special-purpose encryption suite, return the Standard Encryption external member as service end, client is supported this Standard Encryption external member again, and then both sides carry out encryption with this Standard Encryption external member.After the encryption, carry out follow-up shaking hands and communication process according to prior art.
Present embodiment is by expanding handshake information, special-purpose encryption suite is specified jointly by country code and numerical value, avoided only specifying the collision problem that causes by numerical value, simultaneously, carry country code and special-purpose encryption suite by expansion, do not influence the negotiation and the use of Standard Encryption external member, realize good compatibility prior art.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
Fig. 2 is the structural representation of encryption suite choice device one embodiment of the present invention, and this device can be arranged at service end, and this embodiment comprises: receiver module 21, sending module 22.Receiver module 21 is used to receive client first handshake information, and described first handshake information comprises first country code and corresponding special-purpose encryption suite list; Sending module 22 is used for selecting encryption suite according to described first country code, special-purpose encryption suite list and preset strategy, and described encryption suite is added in second handshake information, sends second handshake information to client.
Concrete, also comprise the tabulation of Standard Encryption external member in first handshake information, sending module 22 judges whether the choice criteria encryption suite according to this first handshake information and preset strategy, if, then send second handshake information that comprises the Standard Encryption external member, otherwise transmission comprises second handshake information of the special-purpose encryption suite of specific identity, second country code and selection.
More specifically, described preset strategy comprises the priority of each encryption suite in country code group, the encryption suite group corresponding with various countries' code in the described country code group and the described encryption suite group; Described first handshake information also comprises the Standard Encryption external member.Sending module 22 judges that described first country code whether in described country code group, if not, then sends second handshake information that comprises the Standard Encryption external member; If described first country code is in described country code group, judge that the special-purpose encryption suite selected whether in the encryption suite group corresponding with described first country code, if not, then sends second handshake information that comprises the Standard Encryption external member; If the special-purpose encryption suite of selecting is in the encryption suite group corresponding with described first country code, judge whether the priority of the special-purpose encryption suite of selecting is lower than the priority of Standard Encryption external member, if, then send second handshake information that comprises the Standard Encryption external member, otherwise the special-purpose encryption suite that sends selection is to client.
Fig. 3 is the structural representation of encryption suite selective system one embodiment of the present invention, and this embodiment comprises: client 31 and service end 32.Client 31 is used to send first handshake information, and described first handshake information comprises first country code and corresponding special-purpose encryption suite list; Service end 32 is used for selecting encryption suite according to described first country code, special-purpose encryption suite list and preset strategy, and the encryption suite of selecting is added in second handshake information, sends described second handshake information to described client.
Concrete, also comprise first handshake information in first handshake information that client 31 sends, service end 32 judges whether the choice criteria encryption suite, if, then send second handshake information that comprises the Standard Encryption external member, otherwise transmission comprises second handshake information of the special-purpose encryption suite of specific identity, second country code and selection.
Concrete, client 31 receives described second handshake information, if second country code and described first country code that carry in this second handshake information are inconsistent, or, if the special-purpose encryption suite of described selection is not in described special-purpose encryption suite list, or, if described second handshake information comprises specific identity, and the special-purpose encryption suite that does not comprise second country code and selection, or, if described second handshake information comprises the special-purpose encryption suite of second country code and selection, and do not comprise specific identity, then stop shaking hands; Otherwise, continue to shake hands, promptly special-purpose encryption suite or the Standard Encryption external member of all supporting according to the client that receives and service end carried out encryption, and then carries out follow-up shaking hands and communication process according to prior art.
Present embodiment is expanded handshake information, carries special-purpose encryption suite and formulate the code of the country of this special-purpose encryption suite in expansion, and special-purpose encryption suite is specified jointly by country code and numerical value, has avoided only specifying the collision problem that causes by numerical value; Simultaneously, mode by expansion is carried country code and special-purpose encryption suite, and service end can be returned Standard Encryption external member or special-purpose encryption suite according to the encryption suite situation of self supporting, does not influence the negotiation and the use of Standard Encryption external member, realizes the good compatibility to prior art.
It should be noted that at last: above embodiment is only in order to technical scheme of the present invention to be described but not limit it, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, and these modifications or be equal to replacement and also can not make amended technical scheme break away from the spirit and scope of technical solution of the present invention.
Claims (11)
1, a kind of encryption suite system of selection is characterized in that, comprising:
Receive first handshake information that client sends, described first handshake information comprises first country code and corresponding special-purpose encryption suite list;
Select encryption suite according to described first country code, special-purpose encryption suite list and preset strategy, the encryption suite of selecting is added in second handshake information, described second handshake information is sent to described client.
2, encryption suite system of selection according to claim 1, it is characterized in that, also comprise Standard Encryption external member tabulation in described first handshake information, describedly select encryption suite to comprise according to described first country code, special-purpose encryption suite list and preset strategy:
Judge whether the choice criteria encryption suite, if then send second handshake information that comprises the Standard Encryption external member, otherwise transmission comprises second handshake information of the special-purpose encryption suite of specific identity, second country code and selection.
3, encryption suite system of selection according to claim 2, it is characterized in that, described preset strategy comprises the priority of each encryption suite in country code group, the encryption suite group corresponding with various countries' code in the described country code group and the described encryption suite group, and described transmission comprises that second handshake information of Standard Encryption external member comprises:
Judge described first country code whether in described country code group, if not, then choice criteria encryption suite in described Standard Encryption external member tabulation sends second handshake information that comprises described Standard Encryption external member;
If described first country code is in described country code group, in described special-purpose encryption suite list, select special-purpose encryption suite, judge that described special-purpose encryption suite is whether in the encryption suite group corresponding with described first country code, if not, then choice criteria encryption suite in described Standard Encryption external member tabulation sends second handshake information that comprises described Standard Encryption external member;
If the special-purpose encryption suite of selecting is in the encryption suite group corresponding with described first country code, judge whether the priority of the special-purpose encryption suite of selecting is lower than the priority of Standard Encryption external member, if, then choice criteria encryption suite in described Standard Encryption external member tabulation sends second handshake information that comprises described Standard Encryption external member.
4, encryption suite system of selection according to claim 3, it is characterized in that: the encryption suite in the purpose encryption suite list of described first handshake information is arranged from high to low according to priority, and service end receives after described first handshake information selective sequential encryption suite according to from high to low.
5, encryption suite system of selection according to claim 2 is characterized in that, also comprises:
Client judges whether to stop shaking hands according to described second handshake information, if not, then communicates according to the encryption suite that carries in described second handshake information.
6, encryption suite system of selection according to claim 5 is characterized in that, described client judges whether to stop shaking hands to comprise according to described second handshake information:
If described second country code and described first country code are inconsistent, or
If the special-purpose encryption suite of described selection is in described special-purpose encryption suite list, or
If described second handshake information comprises specific identity, and do not comprise the special-purpose encryption suite of second country code and selection, or
If described second handshake information comprises the special-purpose encryption suite of second country code and selection, and do not comprise specific identity, then stop shaking hands.
7, a kind of encryption suite choice device is characterized in that, comprising:
Receiver module is used to receive first handshake information that client sends, and described first handshake information comprises first country code and corresponding special-purpose encryption suite list;
Sending module is used for selecting encryption suite according to described first country code, special-purpose encryption suite list and preset strategy, and the encryption suite of selecting is added in second handshake information, and described second handshake information is sent to described client.
8, encryption suite choice device according to claim 7, it is characterized in that: also comprise the tabulation of Standard Encryption external member in first handshake information that described receiver module sends, described sending module judges whether the choice criteria encryption suite, if, then send second handshake information that comprises the Standard Encryption external member, otherwise transmission comprises second handshake information of the special-purpose encryption suite of specific identity, second country code and selection.
9, a kind of encryption suite selective system is characterized in that, comprising:
Client is used to send first handshake information, and described first handshake information comprises first country code and corresponding special-purpose encryption suite list;
Service end is used for selecting encryption suite according to described first country code, special-purpose encryption suite list and preset strategy, and the encryption suite of selecting is added in second handshake information, sends described second handshake information to described client.
10, encryption suite selective system according to claim 9, it is characterized in that: also comprise the tabulation of Standard Encryption external member in first handshake information that described client sends, described service end judges whether the choice criteria encryption suite, if, then send second handshake information that comprises the Standard Encryption external member, otherwise transmission comprises second handshake information of the special-purpose encryption suite of specific identity, second country code and selection.
11, encryption suite selective system according to claim 10 is characterized in that: described client also is used for judging whether to stop shaking hands according to described second handshake information, if not, then communicates according to the encryption suite that carries in described second handshake information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101045080A CN101567880A (en) | 2008-04-21 | 2008-04-21 | Method, device and system for encryption suite selection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101045080A CN101567880A (en) | 2008-04-21 | 2008-04-21 | Method, device and system for encryption suite selection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101567880A true CN101567880A (en) | 2009-10-28 |
Family
ID=41283829
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008101045080A Pending CN101567880A (en) | 2008-04-21 | 2008-04-21 | Method, device and system for encryption suite selection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101567880A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546572A (en) * | 2010-12-31 | 2012-07-04 | 上海格尔软件股份有限公司 | Realizing method for dynamic selection of certificates of SSL (Security Socket Layer) server |
| CN105634720A (en) * | 2014-11-25 | 2016-06-01 | Ncr公司 | Cryptographic security profiles |
| CN105681341A (en) * | 2016-03-08 | 2016-06-15 | 浪潮电子信息产业股份有限公司 | Security configuration method for Tomact encryption suite of SSR |
| CN106599723A (en) * | 2016-12-19 | 2017-04-26 | 武汉斗鱼网络科技有限公司 | File encryption method and device, and file decryption method and device |
| CN108429724A (en) * | 2017-02-15 | 2018-08-21 | 贵州白山云科技有限公司 | The selection method and device of encryption suite during a kind of handshake process |
| CN108470129A (en) * | 2018-03-13 | 2018-08-31 | 杭州电子科技大学 | A kind of data protection special chip |
| CN108566361A (en) * | 2018-01-05 | 2018-09-21 | 武汉信安珞珈科技有限公司 | A kind of safety parameter negotiation method and system based on SSL/TLS agreements |
| CN110768988A (en) * | 2019-10-28 | 2020-02-07 | 杭州迪普科技股份有限公司 | Method and device for establishing SSL VPN tunnel |
| CN113746807A (en) * | 2021-08-11 | 2021-12-03 | 北银金融科技有限责任公司 | Block chain node point support cryptographic algorithm communication detection method |
-
2008
- 2008-04-21 CN CNA2008101045080A patent/CN101567880A/en active Pending
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546572B (en) * | 2010-12-31 | 2015-08-12 | 上海格尔软件股份有限公司 | A kind of implementation method of SSL service end Dynamic Selection certificate |
| CN102546572A (en) * | 2010-12-31 | 2012-07-04 | 上海格尔软件股份有限公司 | Realizing method for dynamic selection of certificates of SSL (Security Socket Layer) server |
| CN105634720A (en) * | 2014-11-25 | 2016-06-01 | Ncr公司 | Cryptographic security profiles |
| CN105634720B (en) * | 2014-11-25 | 2019-07-12 | Ncr公司 | A kind of method, terminal device and the system of encryption safe configuration file |
| CN105681341A (en) * | 2016-03-08 | 2016-06-15 | 浪潮电子信息产业股份有限公司 | Security configuration method for Tomact encryption suite of SSR |
| CN106599723A (en) * | 2016-12-19 | 2017-04-26 | 武汉斗鱼网络科技有限公司 | File encryption method and device, and file decryption method and device |
| CN106599723B (en) * | 2016-12-19 | 2020-03-17 | 武汉斗鱼网络科技有限公司 | File encryption method and device and file decryption method and device |
| CN110875929A (en) * | 2017-02-15 | 2020-03-10 | 贵州白山云科技股份有限公司 | Method, device and medium for selecting encryption suite in handshake processing process |
| CN108429724A (en) * | 2017-02-15 | 2018-08-21 | 贵州白山云科技有限公司 | The selection method and device of encryption suite during a kind of handshake process |
| CN108566361A (en) * | 2018-01-05 | 2018-09-21 | 武汉信安珞珈科技有限公司 | A kind of safety parameter negotiation method and system based on SSL/TLS agreements |
| CN108470129A (en) * | 2018-03-13 | 2018-08-31 | 杭州电子科技大学 | A kind of data protection special chip |
| CN110768988A (en) * | 2019-10-28 | 2020-02-07 | 杭州迪普科技股份有限公司 | Method and device for establishing SSL VPN tunnel |
| CN113746807A (en) * | 2021-08-11 | 2021-12-03 | 北银金融科技有限责任公司 | Block chain node point support cryptographic algorithm communication detection method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101567880A (en) | Method, device and system for encryption suite selection | |
| US8051461B2 (en) | System and method for establishing secured connection between home network devices | |
| US20060039304A1 (en) | Method and apparatus for wireless distribution of a file using ad-hoc wireless networks | |
| CA2573171A1 (en) | Host credentials authorization protocol | |
| AU2005317777B2 (en) | Method for producing authentication information | |
| US8081616B2 (en) | Communication apparatus and communication method | |
| US9668287B2 (en) | Method of connecting wireless communication devices and wireless communication device using the same | |
| WO2006135872A2 (en) | Establishing wireless universal serial bus (wusb) connection via a trusted medium | |
| JP2003085086A (en) | Service provision system and method | |
| JP2003510902A (en) | Wide area network synchronization | |
| CN110381043B (en) | SSL-based server health detection method and device and electronic equipment | |
| CN105791082A (en) | Message transmission method and device thereof based on message oriented middleware between computer clusters | |
| WO2022052648A1 (en) | Session management method and apparatus, related device, and storage medium | |
| JPWO2020224524A5 (en) | ||
| US9026092B2 (en) | Identifying and accessing a network device via wireless communication | |
| EP2356838B1 (en) | Apparatus and method for establishing a data connection between a remote station and a wireless network | |
| CN104852974B (en) | A kind of message processing method and relevant device in PPPoE verification process | |
| US20060013122A1 (en) | Method and apparatus for recovering a communications connection | |
| EP2547038B1 (en) | Electronic device for managing a network and operating method of the same | |
| CN116719868A (en) | Network asset identification method, device and equipment | |
| JP2003178022A (en) | Identification information issuing apparatus and method therefor, storage medium with identification information issuing program stored therein, identification information issuing program, information processing device and method therefor, storage medium with information processing program stored therein, and information processing program | |
| US20030101340A1 (en) | Interconnecting device, computer readable medium having communication setting program, and communication setting method | |
| WO2023040678A1 (en) | Information transmission method and apparatus, and electronic device, chip, storage medium, program and program product | |
| US20150020159A1 (en) | Thin terminal mode-based security information exchange system, terminal, server and method | |
| JP2008226046A (en) | Digital certificate retrieval device, method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20091028 |