CN101883122A - Safety connection establishing method and client equipment for establishing safety connection - Google Patents
Safety connection establishing method and client equipment for establishing safety connection Download PDFInfo
- Publication number
- CN101883122A CN101883122A CN 201010241272 CN201010241272A CN101883122A CN 101883122 A CN101883122 A CN 101883122A CN 201010241272 CN201010241272 CN 201010241272 CN 201010241272 A CN201010241272 A CN 201010241272A CN 101883122 A CN101883122 A CN 101883122A
- Authority
- CN
- China
- Prior art keywords
- signature
- client
- framework
- jsse
- eap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method supporting the use of a hardware encryption card to establish SSL (Security Socket Layer) connection, and client equipment for realizing the method. In a detailed process for a JSSE (Java Secure Socket Extensions) framework of a client to obtain a certificate of a server terminal and a signed information summary, a key management service provider in the client reads the certificate information of the client from the hardware encryption card by utilizing a key service interface, temporarily constructs a virtual private key and returns the certificate information of the client and the virtual private key to the JSSE framework of the client; the JSSE framework of the client obtains the certificate information to generate the information summary, and transmits the information summary to be signed to a signature service provider; and the signature service provider in the client signs to the information summary of the private key of the client in the hardware encryption card by utilizing the signature service interface, and returns the signed information summary to the JSSE frame of the client.
Description
Technical field
The present invention relates to JSSE (expansion of Java safe socket character) technical field, especially design uses the control of JSSE interface to create the technology that safety connects.
Background technology
SSL (SSL, Secure Sockets Layer) be that Netscape company was exploitation in 1994, be used for WEB (the Internet) browser at first, for the data passes between browser and server provides safety guarantee, the function of encryption, source authentication and data integrity is provided, can have been regarded simply as safe TCP (transmission control protocol) connects.SSL3.0 has obtained general use now, and its modified version TLS (Transport Layer Security) has become internet standard.JSSE is that Java connects a framework (Framework) that provides for control SSL, and promptly JSSE is used for Java realization SSL programming, and by using JSSE, the developer can be transmitted data by ICP/IP protocol safely between client and server.
JSSE has become the standard package in J2SE (Java2 standard edition) 1.4 versions at present, supports SSL 3.0.When JAVAC/S (client end/server end) program that makes up based on socket, can ensure data security and complete by the support of adding SSL.
SSL connection procedure between server end and client is as follows:
Separately JSSE framework initialization SSL context of a, server end, client (the SSL context comprises the data that need in the SSL connection procedure and the method etc. created);
B, server end, client JSSE framework separately will be from cryptoguard file (the JKS file: JavaKeyStore of this locality, be used for preserving private key and certificate information) get access to private key and certificate after, generate eap-message digest (cryptographic Hash), and with this eap-message digest of private key signature;
C, server end, client JSSE framework separately sends to the other side with certificate, the eap-message digest of having signed;
The eap-message digest of having signed that the certification authentication that the JSSE framework utilization separately of d, server end, client receives receives, after being proved to be successful, the JSSE framework of server end generates a symmetric cryptographic key and issues client;
The JSSE framework of e, server end, client uses this symmetric cryptographic key encryption and decryption communication data, and both sides set up data communication.
When using JSSE framework establishment SSL to connect and requiring to carry out bi-directional verification; server end and client need provide a cryptoguard file (JKS file) when initialization SSL context; the SSL context object gets access to private key and certificate from the cryptoguard file after; in the SSL negotiations process; both sides send to the other side with certificate separately; the JSSE framework is in the SSL negotiations process; client is used MD5 WithSHA algorithm (a kind of hash algorithm; be used to carry out the SSL3.0 client certificate) a generation eap-message digest (eap-message digest is a cryptographic Hash); with client private key this eap-message digest cryptographic Hash is signed (this cryptographic Hash being encrypted with client private key) then, client sends to server end with this eap-message digest of having signed.
Server end uses this digital signature of certification authentication of receiving from client: server end obtains the PKI of client and the hash algorithm of eap-message digest from the certificate of client, the same MD5 WithSHA that uses carries out Hash operation to receiving the eap-message digest of having signed, obtain an eap-message digest, and the deciphering cryptographic Hash of having signed that uses public-key, and judge whether the cryptographic Hash after eap-message digest that server end self computing obtains and the deciphering is consistent, in this way, then checking is passed through, as denying, authentication failed then, checking is issued client by the communication key of a symmetric cryptography of server end generation afterwards, both sides just use this key encryption and decryption data afterwards, realize the encrypted transmission of intercommunication data.
The principle of JSSE framework is to use software to realize the encryption and decryption and the integrality of data, though this settling mode uses simple, upgrading easily, but at some to the client private key security requirement than under the condition with higher, just can not satisfy the demand with the mode of file preservation private key in the JSSE framework, because file is to duplicate and get access to than being easier to, as to ecommerce, E-Government and so on concerning the very high application of security requirement, software cryptography obviously exists security intensity to reach problems such as poor performance inadequately.
Hardware encryption card not only has safety functions such as certificate storage, digital signature, data encryption, can support multiple general asymmetrical encryption algorithm, symmetry algorithm and hash algorithm, can be for fields such as management information system in enterprise, electronic equipment, ecommerce, network security, identification, key management provide a cover complete, safe solution, at present a lot of USB key (utilizing the USB stored encrypted data), electron key etc. just belong to this series products.
Therefore, the inventor is through discovering, is necessary to provide a kind of JSSE framework technology of supporting to use hardware encryption card to create that SSL connects, to solve problems of the prior art.
Summary of the invention
Technical problem to be solved by this invention is, provides a kind of and supports to use hardware encryption card to create the method that SSL connects, and the client device of realizing this method.
The present invention solves the problems of the technologies described above the technical scheme that is adopted to be, a kind of method of creating the safety connection comprises:
Server end, client JSSE framework separately gets access to private key, certificate separately and the eap-message digest of having signed; And certificate that will be separately, the eap-message digest of having signed send to the other side;
The eap-message digest of having signed that the certification authentication that the JSSE framework utilization separately of server end, client receives receives, after being proved to be successful, the JSSE framework of server end generates a symmetric cryptographic key and issues client; Server end, client both sides set up data communication, all use this symmetric cryptographic key encryption and decryption communication data;
Described client is used the security service interface function of the local calling technology encapsulation of JAVA Windows CSP, and the security service interface comprises cipher key service interface, signature service interface; The self-defined cipher key management services supplier of JAVA encryption system framework of client with the signature ISP, and with described cipher key management services supplier with the signature service provider registers in JAVA encryption system framework;
Wherein, the JSSE framework of client obtains the certificate of server end and the detailed process of the eap-message digest of having signed is:
Cipher key management services supplier in the client utilizes the cipher key service interface, reads client certificate information from hardware encryption card, and constructs a virtual private key temporarily, client certificate information and virtual private key is together returned to the JSSE framework of client;
The JSSE framework of client obtains certificate information, generates eap-message digest, and imports the eap-message digest that needs signature into to the signature ISP;
Signature ISP in the client utilizes the signature service interface, finishes the signature of client private key to eap-message digest at hardware encryption card, and the eap-message digest that will sign is to the JSSE framework that returns client.
The applicant finds the JSSE framework, and the reason of support hardware encrypted card is not as follows:
(1) certificate information in the hardware encryption card can't be returned to the JSSE framework by the interface according to the JSSE definition;
(2) because the JSSE framework is to obtain private key and certificate and be kept in the SSL context by being written into cryptoguard file (JKS file) before creating SSL and connecting; and the private key in the hardware encryption card is to take out, and more can't be packaged into the private key object that the JSSE framework needs.
At present, most of hardware encryption card all is the Windows CryptoAPI standard realization encryption and decryption service according to Microsoft, and Windows CryptoAPI is the group encryption interface function that Microsoft defines.Windows CSP (Windows cryptographic services supplier) is Microsoft is used for providing third party's encrypting module on windows platform a bottom encipher interface standard, the encryption device that is used for hardware management or form of software, realize data encryption, deciphering, digital signature, checking and eap-message digest (Hash operation) etc., the specific implementation person of these encipher interface functions can be software or hardware.
For the client of operation Windows operating system, the present invention uses the associated safety service interface function of JNI (JAVA calls this locality) technology encapsulation Windows CSP to use for the JAVA program.The security service interface here comprises the cipher key service interface that reads all certificate informations in the local certificate repository of Windows and uses specified containers data to be carried out the signature service interface of RSA (asymmetrical public key encryption algorithm) signature.Though JSSE and windows CSP combined to use lost platform independence, but can effectively use Windows CryptoAPI Standard Encryption interface function, thereby handling hardware encryption card cryptographic services is provided, is a good mode of resolving safely for the JAVA program that only operates in the Windows system.On the other hand, the present invention is in order to make the JSSE framework carry out according to normal SSL flow process, satisfy the step that the JSSE framework obtains client private key, virtual private key that meets the JSSE frame requirements of interim structure returns to the JSSE framework, with " deception " JSSE framework, make the JSSE framework normally be carried out SSL and consult.In fact this virtual private key is disabled, and the real private key corresponding with PKI is kept in the hardware encryption card and can't takes out.When needs use real private key to sign, call packaged signature service interface and handle.
Further, when the JSSE framework uses virtual private key, can know current JSSE framework is to want to use which private key signature according to the PKI of preserving and the corresponding relation of structure private key, so just can find correct hardware encryption card to carry out hardware signature: after the cipher key service interface returns to the JSSE framework of client with virtual private key, the local corresponding relation that also writes down PKI in this virtual private key and the client certificate; The JSSE framework of client is after the eap-message digest of the needs signature that the signature ISP is imported into, the signature ISP writes down the eap-message digest of the needs signature that the JSSE framework imports into and the corresponding relation of this virtual private key, and according to the eap-message digest of described needs signature and the corresponding relation of this virtual private key, the eap-message digest that needs are signed is sent in the corresponding hardware encrypted card signs.
Further, in order to finish the seamless replacement software signature of hardware signature, the hard-wired signature class of use that the signature ISP of client need be called name " Signature.NONEwithRSA " is registered in the JCA framework, and the signature service interface of client uses the RSA signature function of the signature service interface module of Windows CSP realization to sign.
Another object of the present invention is, a kind of client device of realizing the safe method of attachment of above-mentioned establishment is provided, comprise JSSE frame module, JAVA encryption system frame module, by the self-defining cipher key management services supplier's module of JAVA encryption system framework, by the self-defining signature of JAVA encryption system framework ISP module, utilize the security service interface module of the local calling technology encapsulation of JAVA Windows CSP; Described security service interface module comprises cipher key service interface module, signature service interface module;
The JSSE frame module is used for, and obtains the certificate of server end and the eap-message digest of having signed, realizes being connected with the SSL of server end with JAVA;
Cipher key management services supplier's module is used for, the cipher key service interface is registered to the JCA framework, obtain client certificate information by the cipher key service interface module, construct a virtual private key temporarily, client certificate information and virtual private key are together returned to the JSSE framework;
Signature ISP module is used for, the service interface of will signing is registered in the JCA framework, after receiving the eap-message digest of the needs signature that the JSSE framework imports into, import the eap-message digest of needs signature into signature service interface module, obtain the eap-message digest of having signed by signature service interface module, and the eap-message digest that will sign is returned the JSSE framework of client;
The cipher key service interface module is used for, and reads the certificate information of hardware encryption card in the local certificate repository of Windows;
Signature service interface module is used for, and finishes the signature of client private key to eap-message digest at hardware encryption card.
Further, after the cipher key service interface module returns to the JSSE framework with virtual private key, the local corresponding relation that also writes down PKI in this virtual private key and the client certificate; Signature ISP module also is used for, after the JSSE framework imports the eap-message digest that needs to sign into to the ISP's module of signing, and, the eap-message digest of needs signature is sent in the service interface module of signing signs in the corresponding hardware encrypted card according to the eap-message digest and this virtual private key corresponding relation of described needs signature.
Further, signature ISP module is registered to the signature service interface of client in the JCA framework with title " Signature.NONEwithRSA ", and the signature service interface module of client uses RSA signature function identical in the hardware encryption card to realize signature.
The invention has the beneficial effects as follows, allow the JSSE frame application can use the hardware encryption card signature, make the fail safe of application system critical data obtain better guarantee, have better fail safe and autgmentability.
Description of drawings
Fig. 1 is for creating the system schematic that safety connects;
Fig. 2 is the client schematic diagram.
Embodiment
As shown in Figure 1, SSL builds and connects that the JAVA server end need not to change in the process, still uses JKS file initialization SSL context object in a conventional manner, and being provided with simultaneously needs the checking client option, return SSL server end socket object and monitor connection request, wait client and connect;
It is as follows that the JAVA client of operation Windows operating system combines the concrete grammar of finishing establishment that SSL is connected and transfer of data encryption with JSSE framework and hardware encryption card:
Use the security service interface function of JNI technology (the local calling technology of JAVA) encapsulation Windows CSP, comprise the cipher key service interface function that is used to read the local certificate repository of Windows, be used to use specified containers data to be carried out the interface functions such as signature service interface function, encryption and decryption of RSA signature, forms a local dynamic link library and corresponding encapsulation class for the JAVA use;
The JAVA client realizes self-defining cipher key management services supplier, read all certificate informations in the local certificate repository of Windows with the cipher key service interface, certificate in the hardware encryption card and PKI are returned to the JSSE framework, construct a legal RSA private key simultaneously and return to the JSSE framework, make the JSSE framework can obtain complete key of client and certificate information continuation and server and carry out the SSL negotiations process;
The JAVA client realizes self-defining signature ISP, and the eap-message digest of the needs signature that record JSSE framework imports into is carried out the RSA signature with the signature service interface to it, and returned digital signature value;
The cipher key management services supplier who realizes to JCA framework (JAVA encryption system framework) registration during the JAVA client terminal start-up, signature ISP.
The JAVA client can be used cipher key management services supplier initialization SSL context object after finishing top realization, and establishment SSL socket is set up SSL with the JAVA server and has been connected.
As shown in Figure 2, the JAVA client is except comprising the JSSE frame module that is used to realize being connected with the SSL of JAVA server end, in order in the JSSE framework, to use the interface of Windows CSP, the encapsulation that also needs to realize several JAVA classes and Windows CSP interface in the JAVA client realizes, needs the module of increase as follows:
1, cipher key service interface module: inherit from class KeyManagerFactorySpi, be used to return to the realization class of X509KeyManager of JSSE framework (which decision uses verify the class of local security socket based on the key of X509 certificate), this realization class will be called and use the packaged Windows CSP interface of JNI technology to return the information such as certificate that the company of building needs as the JSSE framework, realize returning the private key method simultaneously, return a virtual RSA private key in order to " deception " JSSE framework, because for hardware encryption card products such as USBKEY, it has stored certificate and key, but private key can not be exported, all need the calculating of private key all must finish in hardware product, so generate a RSA private key herein temporarily, return to framework, guarantee that framework can continue the negotiations process of back.When needs use private key to calculate, call packaged Windows CSP interface and handle;
2, signature service interface module: inherit from class java.security.SignatureSpi (such is used to application program that the class definition Service Provider Interface of Digital Signature Algorithm function is provided), because the present invention solves is that the JAVA client is used hardware product to set up SSL with the JAVA server of use standard JKS file to be connected, so this class only need be carried out special processing to following several committed steps:
Be signature initialization RSA signature engine: the JSSE framework can pass into the RSA private key of constructing before in this step, and this private key is exactly the client private key that above-mentioned key supplier returns to the JSSE framework, does not have actual use;
More new data is to signature or confirm operation: the JSSE framework can import the eap-message digest (cryptographic Hash) of needs signature into, this cryptographic Hash need note and function below in to its signature;
Carry out signature: call the cryptographic Hash that Windows CSP package interface comes in to top renewal and carry out the RSA signature operation and return digital signature.
3, cipher key management services supplier module: promptly realize cipher key management services supplier class, it is registered in the JCA framework with title " MSKMF " (" MSKMF ", KeyManagerFactory.getInstance is the object of the key management algorithm generation of appointment based on the factory of the key management unit in cipher key content source according to the program that provides of appointment).When client initialization SSL context object, will obtain self-defining Key management service and realize, finish the integrated of the local certificate repository of JSSE framework and Windows by KeyManagerFactory.getInstance.USBKEY is exactly a CSP, and it just can be identified by windows after having installed and having driven, and the certificate information that is stored among the key is loaded in the local certificate repository of window.Third party software can be by the certificate among the local certificate repository visit Key.
4. signature ISP module: promptly realize signature supplier class, the realization class of Signature.NONEwithRSA (RSA sign implementor) is appointed as the signature service implementing type that we realize above, because the JSSE framework will use this realization class to carry out signature operation, so want to use the software signature of the signature service replacement JSSE framework in the hardware product, this step is necessary.Next integrated in the JCA framework this signature service provider registers.
Windows CSP encapsulation is mainly used in obtains certificate and SSL is built the cryptographic Hash that connects in the process sign from the local certificate repository of Windows.The key point here is SSL is built the signature that the cryptographic Hash in company's process is carried out, because private key is stored in the hardware encryption card and can not be derived, so this signature process need be carried out in hardware encryption card, need adopt CryptAcquireCertificatePrivateKey function creation cryptographic services supplier handle during signature, when using CryptCreateHash function creation Hash object, need to specify (the algorithm types definition of ALG_ID parameter, it is in the nature unsigned int) (a kind of hash algorithm defines for CALG_SSL3_SHAMD5, effect is to carry out the SSL3 client certificate), otherwise can't cooperate with the described NONEwithRSA signature algorithm of preceding step, signature will be the result can't verify at server end.
Claims (7)
1. create the method that safety connects for one kind, comprise step:
Server end, client JSSE framework separately gets access to private key, certificate separately and the eap-message digest of having signed; And certificate that will be separately, the eap-message digest of having signed send to the other side;
The eap-message digest of having signed that the certification authentication that the JSSE framework utilization separately of server end, client receives receives, after being proved to be successful, the JSSE framework of server end generates a symmetric cryptographic key and issues client; Server end, client both sides set up data communication, all use this symmetric cryptographic key encryption and decryption communication data;
It is characterized in that described client is used the security service interface function of JNI encapsulation Windows CSP, the security service interface comprises cipher key service interface, signature service interface; Client according to the self-defining cipher key management services supplier of JCA framework with the signature ISP, and with described cipher key management services supplier with the signature service provider registers in the JCA framework;
The JSSE framework of described client obtains its private key, certificate and the detailed process of the eap-message digest of having signed is:
Cipher key management services supplier in the client utilizes the cipher key service interface, reads client certificate information from hardware encryption card, and constructs a virtual private key temporarily, client certificate information and virtual private key is together returned to the JSSE framework of client;
The JSSE framework of client obtains certificate information, also will generate eap-message digest, and imports the eap-message digest that needs signature into to the signature ISP;
Signature ISP in the client utilizes the signature service interface, finishes the signature of client private key to eap-message digest at hardware encryption card, and the eap-message digest that will sign is to the JSSE framework that returns client.
2. a kind of according to claim 1 method of creating the safety connection, it is characterized in that, described server end obtains private key, certificate and the detailed process of the eap-message digest of having signed is from its JSSE framework: the JSSE framework of server end gets access to its private key and certificate from the JKS file of this locality, also to generate eap-message digest, and with this eap-message digest of private key signature, thereby the eap-message digest of having been signed.
3. the creation method that a kind of safety as claimed in claim 1 or 2 connects is characterized in that, after the cipher key service interface returns to the JSSE framework of client with virtual private key, and the local corresponding relation that also writes down PKI in this virtual private key and the client certificate;
The JSSE framework of client is after the eap-message digest of the needs signature that the signature ISP is imported into, the signature ISP writes down the eap-message digest of the needs signature that the JSSE framework imports into and the corresponding relation of this virtual private key, and according to the eap-message digest of described needs signature and the corresponding relation of this virtual private key, the eap-message digest that needs are signed is sent in the corresponding hardware encrypted card signs.
4. the creation method that a kind of safety as claimed in claim 1 connects, it is characterized in that, the hard-wired signature class of use that the signature ISP of client need be called name " Signature.NONEwithRSA " is registered in the JCA framework, and the signature service interface of client uses the RSA signature function of the signature service interface module of Windows CSP realization to sign.
5. be used to create the client device that safety connects, it is characterized in that, comprise the JSSE frame module, by the self-defining cipher key management services supplier's module of JCA framework, by the self-defining signature of JCA framework ISP module, by the security service interface module of JNI encapsulation Windows CSP; Described security service interface module comprises cipher key service interface module, signature service interface module;
Described JSSE frame module is used for, and obtains the certificate of server end and the eap-message digest of having signed, realizes being connected with the SSL of server end with JAVA;
Described cipher key management services supplier's module is used for, the cipher key service interface is registered to the JCA framework, obtain client certificate information by the cipher key service interface module, construct a virtual private key temporarily, client certificate information and virtual private key are together returned to the JSSE framework;
Described signature ISP module is used for, the service interface of will signing is registered in the JCA framework, after receiving the eap-message digest of the needs signature that the JSSE framework imports into, import the eap-message digest of needs signature into signature service interface module, obtain the eap-message digest of having signed by signature service interface module, and the eap-message digest that will sign is returned the JSSE framework of client;
Described cipher key service interface module is used for, and reads the certificate information of hardware encryption card in the local certificate repository of Windows;
Described signature service interface module is used for, and finishes the RSA signature of client private key to eap-message digest in hardware encryption card.
6. as described in claim 5, be used to create the client device that safety connects, it is characterized in that, after the cipher key service interface module returns to the JSSE framework with virtual private key, the local corresponding relation that also writes down PKI in this virtual private key and the client certificate;
Described signature ISP module also is used for, when the JSSE framework after the eap-message digest of the needs signature that signature ISP module is imported into, the eap-message digest of the needs signature that signature ISP module records JSSE framework imports into and the corresponding relation of this virtual private key, and, the eap-message digest of needs signature is sent in the service interface module of signing signs in the corresponding hardware encrypted card according to the eap-message digest of described needs signature and the corresponding relation of this virtual private key.
7. as described in claim 5, be used to create the client device that safety connects, it is characterized in that, signature ISP module is registered to the signature service interface of client in the JCA framework with title " Signature.NONEwithRSA ", and the signature service interface module of client uses RSA signature function identical in the hardware encryption card to realize signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010241272 CN101883122B (en) | 2010-07-30 | 2010-07-30 | Safety connection establishing method and client equipment for establishing safety connection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010241272 CN101883122B (en) | 2010-07-30 | 2010-07-30 | Safety connection establishing method and client equipment for establishing safety connection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101883122A true CN101883122A (en) | 2010-11-10 |
| CN101883122B CN101883122B (en) | 2012-12-05 |
Family
ID=43055007
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010241272 Active CN101883122B (en) | 2010-07-30 | 2010-07-30 | Safety connection establishing method and client equipment for establishing safety connection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101883122B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102780731A (en) * | 2011-05-13 | 2012-11-14 | 易程(苏州)软件股份有限公司 | Client-side communication method and device |
| CN103457939A (en) * | 2013-08-19 | 2013-12-18 | 飞天诚信科技股份有限公司 | Method for achieving bidirectional authentication of smart secret key equipment |
| CN103888432A (en) * | 2012-12-21 | 2014-06-25 | 上海格尔软件股份有限公司 | Method for sharing safety device in virtualization environment |
| WO2014101610A1 (en) * | 2012-12-27 | 2014-07-03 | 飞天诚信科技股份有限公司 | Method for java application to access intelligent key apparatus |
| CN106685977A (en) * | 2017-01-03 | 2017-05-17 | 武汉虹信技术服务有限责任公司 | Account system construction method based on intelligent community cloud platform |
| CN108737092A (en) * | 2018-06-15 | 2018-11-02 | 董绍锋 | Mobile terminal administration server, mobile terminal, business cloud platform and application system |
| CN109981287A (en) * | 2019-03-14 | 2019-07-05 | 亚数信息科技(上海)有限公司 | A kind of code signature method and its storage medium |
| CN110061996A (en) * | 2019-04-25 | 2019-07-26 | 深圳市元征科技股份有限公司 | A kind of data transmission method, device, equipment and readable storage medium storing program for executing |
| CN110691060A (en) * | 2018-07-06 | 2020-01-14 | 武汉信安珞珈科技有限公司 | Method and system for realizing remote equipment password service based on CSP interface |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1655523A (en) * | 2005-02-04 | 2005-08-17 | 南京邮电学院 | Method for realizing safety on-chip intelligent members |
| WO2006082858A1 (en) * | 2005-02-01 | 2006-08-10 | Matsushita Electric Industrial Co., Ltd. | Java limited receiver |
| CN1955971A (en) * | 2005-10-27 | 2007-05-02 | 北京振戎融通通信技术有限公司 | Safety installation method suitable for Java application program |
-
2010
- 2010-07-30 CN CN 201010241272 patent/CN101883122B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006082858A1 (en) * | 2005-02-01 | 2006-08-10 | Matsushita Electric Industrial Co., Ltd. | Java limited receiver |
| CN1655523A (en) * | 2005-02-04 | 2005-08-17 | 南京邮电学院 | Method for realizing safety on-chip intelligent members |
| CN1955971A (en) * | 2005-10-27 | 2007-05-02 | 北京振戎融通通信技术有限公司 | Safety installation method suitable for Java application program |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102780731A (en) * | 2011-05-13 | 2012-11-14 | 易程(苏州)软件股份有限公司 | Client-side communication method and device |
| CN103888432A (en) * | 2012-12-21 | 2014-06-25 | 上海格尔软件股份有限公司 | Method for sharing safety device in virtualization environment |
| WO2014101610A1 (en) * | 2012-12-27 | 2014-07-03 | 飞天诚信科技股份有限公司 | Method for java application to access intelligent key apparatus |
| CN103457939A (en) * | 2013-08-19 | 2013-12-18 | 飞天诚信科技股份有限公司 | Method for achieving bidirectional authentication of smart secret key equipment |
| CN103457939B (en) * | 2013-08-19 | 2016-04-06 | 飞天诚信科技股份有限公司 | A kind of method realizing bidirectional authentication of smart secret key equipment |
| CN106685977A (en) * | 2017-01-03 | 2017-05-17 | 武汉虹信技术服务有限责任公司 | Account system construction method based on intelligent community cloud platform |
| CN106685977B (en) * | 2017-01-03 | 2019-11-08 | 武汉虹信技术服务有限责任公司 | A kind of system of account building method based on intelligence community cloud platform |
| CN108737092A (en) * | 2018-06-15 | 2018-11-02 | 董绍锋 | Mobile terminal administration server, mobile terminal, business cloud platform and application system |
| CN110691060A (en) * | 2018-07-06 | 2020-01-14 | 武汉信安珞珈科技有限公司 | Method and system for realizing remote equipment password service based on CSP interface |
| CN110691060B (en) * | 2018-07-06 | 2022-08-09 | 武汉信安珞珈科技有限公司 | Method and system for realizing remote equipment password service based on CSP interface |
| CN109981287A (en) * | 2019-03-14 | 2019-07-05 | 亚数信息科技(上海)有限公司 | A kind of code signature method and its storage medium |
| CN110061996A (en) * | 2019-04-25 | 2019-07-26 | 深圳市元征科技股份有限公司 | A kind of data transmission method, device, equipment and readable storage medium storing program for executing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101883122B (en) | 2012-12-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101883122B (en) | Safety connection establishing method and client equipment for establishing safety connection | |
| EP3688930B1 (en) | System and method for issuing verifiable claims | |
| US11165576B2 (en) | System and method for creating decentralized identifiers | |
| US11277268B2 (en) | System and method for verifying verifiable claims | |
| CN111541785B (en) | Block chain data processing method and device based on cloud computing | |
| CN110933108B (en) | Data processing method and device based on block chain network, electronic equipment and storage medium | |
| US20200242221A1 (en) | System and method for mapping decentralized identifiers to real-world entities | |
| CN112583802B (en) | Data sharing platform system and equipment based on block chain and data sharing method | |
| CN112737779B (en) | Cryptographic machine service method, device, cryptographic machine and storage medium | |
| EP2999158A1 (en) | Secure communication authentication method and system in distributed environment | |
| CN101771699A (en) | Method and system for improving SaaS application security | |
| CN105872848B (en) | A kind of credible mutual authentication method suitable for asymmetric resource environment | |
| CN115580413B (en) | Zero-trust multi-party data fusion calculation method and device | |
| JP2022549070A (en) | Computer-implemented methods and systems for storing authenticated data on a blockchain | |
| KR100848966B1 (en) | Method for authenticating and decrypting of short message based on public key | |
| US8572383B2 (en) | Key exchange device, key exchange processing system, key exchange method, and program | |
| CN114372245A (en) | Block chain-based Internet of things terminal authentication method, system, device and medium | |
| CN111953495B (en) | Private-key-free signing method under electronic signature mixed cloud scene | |
| CN112862483B (en) | Identity verification method and device based on intelligent contract | |
| Heeb et al. | Crypto Agility: Transition to post-quantum safe algorithms for secure key exchange and certificate generation | |
| CN117874830A (en) | License processing method and device based on application service and electronic equipment | |
| CN116226932A (en) | Service data verification method and device, computer medium and electronic equipment | |
| CN116796353A (en) | Method and device for modifying national cipher of data hub system based on block chain | |
| CN117971241A (en) | Offline deployment method and device of application service and electronic equipment | |
| CN118245990A (en) | Multi-level offline authorization method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |