[go: up one dir, main page]

CN118200917B - A method, system and medium for securely accessing protected applications in a mobile network environment - Google Patents

A method, system and medium for securely accessing protected applications in a mobile network environment Download PDF

Info

Publication number
CN118200917B
CN118200917B CN202410352426.7A CN202410352426A CN118200917B CN 118200917 B CN118200917 B CN 118200917B CN 202410352426 A CN202410352426 A CN 202410352426A CN 118200917 B CN118200917 B CN 118200917B
Authority
CN
China
Prior art keywords
ipv6
application
user
message
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410352426.7A
Other languages
Chinese (zh)
Other versions
CN118200917A (en
Inventor
韩国梁
侯振芳
卢坤
轩亚亮
包丛笑
李星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Indirect Network Technology Co ltd
Original Assignee
Beijing Indirect Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Indirect Network Technology Co ltd filed Critical Beijing Indirect Network Technology Co ltd
Priority to CN202410352426.7A priority Critical patent/CN118200917B/en
Publication of CN118200917A publication Critical patent/CN118200917A/en
Application granted granted Critical
Publication of CN118200917B publication Critical patent/CN118200917B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请涉及一种移动网络环境安全访问受保护应用方法、系统及介质,属于通信技术领域。当检测到应用访问请求后,对用户信息进行初始化/验证操作,得到初始化/验证操作后的用户信息,根据DNS查询受保护应用的域名所对应的IPv6地址,确定与IPv6隐身防护应用网关相对应的IPv6前缀,对IPv6前缀、数据证书、受保护应用对应的应用ID以及当前时间戳进行综合计算,得到动态加密标准,根据动态加密标准对IPv6地址进行加密,得到加密后的IPv6地址,根据加密后的IPv6地址以及数据证书对传输报文中的数据载荷进行加密,得到加密后的IPv6报文,将加密后的IPv6报文通过IPv6网络发送至IPv6隐身防护应用网关。本申请提高了移动网络环境访问受保护应用的安全性。

The present application relates to a method, system and medium for securely accessing protected applications in a mobile network environment, and belongs to the field of communication technology. When an application access request is detected, the user information is initialized/verified to obtain the user information after the initialization/verification operation, and the IPv6 address corresponding to the domain name of the protected application is queried according to the DNS, and the IPv6 prefix corresponding to the IPv6 stealth protection application gateway is determined. The IPv6 prefix, data certificate, application ID corresponding to the protected application, and current timestamp are comprehensively calculated to obtain a dynamic encryption standard, and the IPv6 address is encrypted according to the dynamic encryption standard to obtain an encrypted IPv6 address, and the data payload in the transmission message is encrypted according to the encrypted IPv6 address and the data certificate to obtain an encrypted IPv6 message, and the encrypted IPv6 message is sent to the IPv6 stealth protection application gateway through the IPv6 network. The present application improves the security of accessing protected applications in a mobile network environment.

Description

Method, system and medium for safely accessing protected application in mobile network environment
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, a system, and a medium for secure access to a protected application in a mobile network environment.
Background
Along with popularization of internet technology, the network permeates to aspects of people's daily life due to convenient and efficient communication characteristics, so that great convenience is brought to learning and working of people, but various security risks (information leakage, virus transmission and the like) are threatened by the whole server communication system. Therefore, in the digital communication era, the security problem of network connection and server communication is receiving more attention.
The server is used as a core component of the information system and bears key business services of the information system, various business services are more and more along with the continuous perfection of informatization, and meanwhile, the business services are normally operated and face serious safety problems, such as illegal access, identity impersonation, sniffing, attack such as eavesdropping and the like, and invasion of worm viruses and malicious programs, so that the information system is destroyed or sensitive data information is stolen, tampered and abused, the information system is severely threatened, and the sources of the safety hazards are all caused by the fact that the server can outwards expose fixed IP addresses, thereby ensuring the safety of the mobile network environment access protected application.
Disclosure of Invention
In order to ensure the safety of a user accessing a protected application through a mobile network environment, the application provides a method, a system and a medium for safely accessing the protected application through the mobile network environment.
In a first aspect, the present application provides a method for securely accessing a protected application in a mobile network environment, which adopts the following technical scheme:
A secure access protected application method for mobile network environment is applied to an IPv6 stealth access soft terminal, and comprises the following steps:
Receiving a first user identity certificate and a data certificate distributed by an IPv6 stealth communication management platform, wherein the first user identity certificate comprises an organization name, a user name and an identity certificate private key, and the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message when in IPv6 stealth secure communication;
After an application access request is detected, initializing/verifying operation is carried out on the user information based on the application access request and a first user identity certificate, so that the user information after the initializing/verifying operation is obtained;
determining an IPv6 prefix corresponding to the IPv6 stealth protection application gateway;
Performing dynamic encryption calculation on the IPv6 prefix, the data certificate, the application ID corresponding to the protected application and the current timestamp according to a dynamic DNS module to obtain an encrypted IPv6 address, and packaging the encrypted IPv6 address in an AAAA record of DNS to return to the user application;
When a user accesses the encrypted IPv6 address, encrypting the data load in the transmission message according to the encrypted IPv6 address and the data certificate to obtain an encrypted IPv6 message;
and sending the encrypted IPv6 message to an IPv6 stealth protection application gateway through an IPv6 network.
By adopting the technical scheme, when a user accesses a protected application through a mobile network environment, a first user identity certificate and a data certificate distributed by an IPv6 stealth communication management platform are received, wherein the first user identity certificate comprises an organization name, a user name and an identity certificate private key, the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message when in IPv6 stealth safety communication, after an application access request is detected, the user information is initialized/verified based on the application access request and the first user identity certificate, the initialized/verified user information is obtained, then an IPv6 prefix corresponding to the IPv6 stealth protection application gateway is determined, dynamic encryption calculation is carried out on the IPv6 prefix, the data certificate, an application ID corresponding to the protected application and a current time stamp according to a dynamic DNS module, the encrypted IPv6 address is obtained, the encrypted IPv6 address is packaged in an AAAA record of a DNS, after the user accesses the encrypted IPv6 address, the user information is initialized/verified based on the application access request and the first user identity certificate, the user information can be encrypted by the IPv6 address and the IPv6 data is transmitted to the protected by the protection gateway through the encrypted network gateway, and the encrypted message can be encrypted by the protection network 6. And the middle communication access process can not be scanned, can not be sniffed and can not restore the content, thereby improving the security of the mobile network environment for accessing the protected application.
In one possible implementation manner, the initializing/verifying operation on the user information based on the application access request and the first user identity certificate, to obtain the user information after the initializing/verifying operation, includes:
Detecting whether an access application corresponding to the application access request is a protected application, if so, carrying out non-empty monitoring on the first user identity certificate, determining whether the first user identity certificate is empty, and when the first user identity certificate is not empty, determining whether a user corresponding to the IPv6 stealth access soft terminal is an initial user, and when the user is the initial user, carrying out initialization/verification operation on user information according to the first user identity certificate to obtain user information after the initialization/verification operation;
If the user is not the initial user, generating user authentication information, and sending the user authentication information to the user for authentication operation.
In one possible implementation manner, the initializing/verifying operation is performed on the user information according to the first user identity certificate, so as to obtain the user information after the initializing/verifying operation, including:
Determining an associated organization, verifying a user name and a user password according to the user information;
Checking whether an organization name corresponding to the association organization corresponds to an organization name in the first user identity certificate, if so, determining a mapping relation between the organization name and the user name based on the first user identity name, and performing secondary checking on the verification user name according to the mapping relation to determine whether the verification user name belongs to the organization name;
If the verification user name belongs to the organization name, performing enhanced verification processing on the user, and extracting preset appointed information of an identity certificate private key in the first user identity certificate to perform digital signature after the user passes the enhanced verification processing;
And checking the digital signature for three times, determining whether the digital signature has timeliness, if so, acquiring a control access rule, determining whether a user corresponding to the application access request has permission parameters for accessing the protected application or not based on the control access rule, and if so, performing initialization/verification operation through the user information to obtain the user information after the initialization/verification operation, wherein the control access rule is a rule for designating the protected application for controlling the user access of different identity information.
In one possible implementation manner, the detecting whether the access application corresponding to the application access request is a protected application includes:
and if the access application corresponding to the application access request is not the protected application, directly forwarding the message in the application access request to the corresponding access application.
In one possible implementation manner, the performing a secondary verification on the verification user name according to the mapping relationship, and determining whether the verification user name belongs to the organization name includes:
and if the verification user name does not belong to the organization name, generating identity abnormal information, and controlling and displaying the identity abnormal information.
In a second aspect, the present application provides a method for safely accessing a protected application in a mobile network environment, which adopts the following technical scheme:
a secure access protected application method for mobile network environment is applied to an IPv6 stealth protection application gateway, and comprises the following steps:
Receiving an encrypted IPv6 message sent by the IPv6 stealth access soft terminal, wherein the encrypted IPv6 message is obtained by receiving a first user identity certificate and a data certificate distributed by the IPv6 stealth communication management platform, the first user identity certificate comprises an organization name, a user name and an identity certificate private key, the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message when in IPv6 stealth secure communication, after an application access request is detected, initializing/verifying operation is carried out on user information based on the application access request and the first user identity certificate to obtain user information after the initialization/verifying operation, an IPv6 prefix corresponding to the IPv6 stealth protection application gateway is determined, dynamic encryption calculation is carried out on the IPv6 prefix, the data certificate, an application ID corresponding to the protected application and a current timestamp according to a dynamic DNS module to obtain the encrypted IPv6 address, the encrypted IPv6 address is packaged in an AAAA record to the user IPv6 address, and the obtained data message is encrypted according to the obtained IPv6 address when the data address is transmitted to the DNS access certificate;
determining a target IPv6 address according to the IPv6 message, and carrying out information restoration on parameters in the target IPv6 address based on the cryptography algorithm to obtain message recording parameters;
checking the different types of parameters in the message recording parameters one by one, judging whether the parameters do not meet the preset standard, and discarding the IPv6 message if the parameters do not meet the preset standard;
If the IPv6 message does not exist, decrypting the data load in the IPv6 message based on a preset data certificate to obtain a decrypted IPv6 message;
and sending the decrypted IPv6 message to the protected application.
By adopting the technical scheme, after the IPv6 stealth protection application gateway receives the IPv6 message sent by the IPv6 stealth access soft terminal, determining a target IPv6 address according to the IPv6 message, restoring the parameters in the target IPv6 address based on the cryptography algorithm to obtain the message recording parameters, checking the different types of parameters in the message recording parameters one by one, judging whether the parameters do not meet the preset standard, discarding the IPv6 message if the parameters do not meet the preset standard, decrypting the data load in the IPv6 message based on the preset data certificate if the parameters do not meet the preset standard, obtaining the decrypted IPv6 message, and then sending the decrypted IPv6 message to the protected application, thereby improving the safety of the access protected application through double decryption and checking of the IPv6 stealth protection application gateway.
In one possible implementation manner, the sending the decrypted IPv6 packet to the protected application further includes:
Judging whether the protected application has an IPv6 address, if so, modifying the source address of the decrypted IPv6 message into the IPv6 address of the IPv6 stealth protection application gateway and modifying the target address of the decrypted IPv6 message into the IPv6 address of the protected application;
If the protected application does not have the IPv6 address, translating the decrypted IPv6 message into an IPv4 message, modifying the source address of the IPv4 message into the IPv4 address of the IPv6 stealth protection application gateway, and modifying the target address of the IPv4 message into the IPv4 address of the protected application.
In a third aspect, the present application provides a mobile network environment security access protected application system, which adopts the following technical scheme:
A mobile network environment secure access protected application system for IPv6 stealth access soft terminals, comprising:
the system comprises a certificate receiving module, a data transmitting module and a data receiving module, wherein the certificate receiving module is used for receiving a first user identity certificate and a data certificate which are distributed by an IPv6 stealth communication management platform, the first user identity certificate comprises an organization name, a user name and an identity certificate private key, and the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message during IPv6 stealth safety communication;
The information initialization module is used for initializing/verifying the user information based on the application access request and the first user identity certificate after the application access request is detected, so as to obtain the user information after the initialization/verifying operation;
the prefix determining module is used for determining an IPv6 prefix corresponding to the IPv6 stealth protection application gateway;
The dynamic DNS module is used for carrying out dynamic encryption calculation on the IPv6 prefix, the data certificate, the application ID corresponding to the protected application and the current timestamp according to the dynamic DNS module to obtain an encrypted IPv6 address, and packaging the encrypted IPv6 address in an AAAA record of the DNS to return to the user application;
The message encryption module is used for encrypting the data load in the transmission message according to the encrypted IPv6 address and the data certificate when the user accesses the encrypted IPv6 address, so as to obtain an encrypted IPv6 message;
and the message sending module is used for sending the encrypted IPv6 message to an IPv6 stealth protection application gateway through an IPv6 network.
In a fourth aspect, the present application provides a mobile network environment security access protected application system, which adopts the following technical scheme:
A mobile network environment secure access protected application system for an IPv6 stealth protection application gateway, comprising:
The message receiving module is used for receiving an encrypted IPv6 message sent by the IPv6 stealth access soft terminal, wherein the encrypted IPv6 message is obtained by receiving a first user identity certificate and a data certificate distributed by the IPv6 stealth communication management platform, the first user identity certificate comprises an organization name, a user name and an identity certificate private key, the data certificate is used for generating an encrypted IPv6 address and encrypting the transmission message when the IPv6 stealth secure communication is carried out, after an application access request is detected, the user information is initialized or verified based on the application access request and the first user identity certificate, the user information after the initialization or verification operation is obtained, an IPv6 prefix corresponding to the IPv6 stealth protection application gateway is determined, dynamic encryption calculation is carried out on the IPv6 prefix, the data certificate, an application ID corresponding to the protected application and a current timestamp according to the dynamic DNS module, the encrypted IPv6 address is obtained, the encrypted 6 address is packaged in the IPv6 address, after the user access request is recorded in the IPv6 address, and the encrypted data is transmitted according to the encrypted data address after the encrypted data is recorded in the IPv6 address, and the encrypted data is obtained after the encrypted data is transmitted;
The information restoration module determines a target IPv6 address according to the IPv6 message, and performs information restoration on parameters in the target IPv6 address based on the cryptography algorithm to obtain message recording parameters;
The message discarding module is used for checking the parameters of different types in the message recording parameters one by one, judging whether the parameters do not meet the preset standard, and discarding the IPv6 message if the parameters do not meet the preset standard;
The message decryption module is used for decrypting the data load in the IPv6 message based on a preset data certificate to obtain a decrypted IPv6 message when the condition that the preset standard condition is not met does not exist;
and the application access module is used for sending the decrypted IPv6 message to the protected application.
In a fifth aspect, the present application provides a computer readable storage medium, which adopts the following technical scheme:
a computer readable storage medium storing a computer program capable of being loaded by a processor and executing the method according to any one of the first or second aspects.
In summary, the present application includes at least one of the following beneficial technical effects:
1. By adopting the technical scheme, when a user accesses a protected application through a mobile network environment, a first user identity certificate and a data certificate distributed by an IPv6 stealth communication management platform are received, wherein the first user identity certificate comprises an organization name, a user name and an identity certificate private key, the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message when in IPv6 stealth safety communication, after an application access request is detected, the user information is initialized/verified based on the application access request and the first user identity certificate, the user information after the initialization/verification operation is obtained, then a user prefix corresponding to an IPv6 stealth protection application gateway is determined, dynamic encryption calculation is carried out on the IPv6 prefix, the data certificate, an application ID corresponding to the protected application and a current timestamp according to a dynamic DNS module, the encrypted IPv6 address is obtained, the encrypted IPv6 address is packaged in an IPv6 AA record of a DNS, when the user accesses the encrypted IPv6 address, the user information is initialized/verified based on the application access request and the first user identity certificate, the user information is encrypted, the user information is obtained, the user information is then the IPv6 is encrypted through the protection gateway, and the IPv6 is encrypted by the protection gateway, and the user can be protected by the network, and the protection gateway. The middle communication access process cannot be scanned, cannot be sniffed and cannot restore the content, so that the safety of the mobile network environment for accessing the protected application is improved;
2. By adopting the technical scheme, after the IPv6 stealth protection application gateway receives the IPv6 message sent by the IPv6 stealth access soft terminal, determining a target IPv6 address according to the IPv6 message, restoring the parameters in the target IPv6 address based on a cryptography algorithm to obtain the message recording parameters, checking the different types of parameters in the message recording parameters one by one, judging whether the parameters do not meet the preset standard, discarding the IPv6 message if the parameters do not meet the preset standard, decrypting the data load in the IPv6 message based on the preset data certificate if the parameters do not meet the preset standard, obtaining the decrypted IPv6 message, and then sending the decrypted IPv6 message to the protected application, thereby improving the safety of accessing the protected application through double decryption and checking of the IPv6 stealth protection application gateway.
Drawings
Fig. 1 is a first flow diagram of a method for secure access protected applications in a mobile network environment according to one embodiment of the present application.
Fig. 2 is a second flow diagram of a mobile network environment secure access protected application system in accordance with one embodiment of the present application.
Fig. 3 is a third flow diagram of a method for secure access protected application in a mobile network environment according to one embodiment of the present application.
Fig. 4 is a fourth flow diagram of a mobile network environment secure access protected application system in accordance with one embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings 1 to 4 and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
First, terms of the embodiments of the present application will be explained:
The IPv6 stealth access soft terminal is a network device, performs user identity verification on a user to access the protected application, performs dynamic processing of an IPv6 address and encryption processing of a message load on traffic accessing the protected application after the user identity verification is passed, and sends the traffic to an IPv6 stealth protection application gateway of a target.
The IPv6 stealth protection application gateway is a network device, which issues dynamic IPv6 addresses for protected applications, receives access traffic from an IPv6 stealth access soft terminal, and discards traffic failing verification. For legal access requests from the IPv6 stealth access soft terminal, the IPv6 stealth protection application gateway forwards the legal access requests to the corresponding application server.
The embodiment of the application discloses a mobile network environment security access protected application method based on an IPv6 stealth access soft terminal side.
Referring to fig. 1, a method for a mobile network environment to safely access a protected application is applied to an IPv6 stealth access soft terminal, and includes:
Step S101, a first user identity certificate and a data certificate distributed by an IPv6 stealth communication management platform are received.
The first user identity certificate comprises an organization name, a user name and an identity certificate private key, and the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message during IPv6 stealth safety communication;
For the embodiment of the application, when the mobile network environment is used for safely accessing the protected application, the IPv6 stealth communication management platform is used for acquiring user identity information in advance and generating identity certificates of different users based on the user identity information, wherein the identity certificates comprise an organization name, a user name, an identity certificate public key and an identity certificate private key, then a first user identity certificate and a second identity certificate are determined according to the identity certificates, wherein the first user identity certificate comprises the organization name, the user name and the identity certificate private key, the second identity certificate comprises the organization name, the user name and the identity certificate public key, then an encrypted IPv6 address and a data certificate for encrypting a transmission message are generated when each user in the identity certificates is associated for IPv6 stealth safety communication, and finally the first user identity certificate and the data certificate are sent to the IPv6 stealth access soft terminal.
After the IPv6 stealth communication management platform generates a first user identity certificate and a second user identity certificate, the second user identity certificate is sent to the IPv6 stealth protection application gateway, and the first user identity certificate is sent to the IPv6 stealth access soft terminal in a hardware or software mode, wherein the hardware sending mode comprises a U shield, and the software sending mode comprises an encrypted password package.
For the embodiment of the application, the data certificate is a data certificate which is created by the IPv6 stealth communication management platform for the soft terminal user and used for safety communication, and the created data certificate is sent to the IPv6 stealth access soft terminal in a line form for certificate synchronization.
Step S102, after detecting the application access request, initializing/verifying the user information based on the application access request and the first user identity certificate to obtain the user information after the initializing/verifying operation.
Specifically, in the process of initializing/verifying user information, detecting whether an access application corresponding to an application access request is a protected application, if so, performing non-empty monitoring on a first user identity certificate, determining whether the first user identity certificate is empty, when the first user identity certificate is not empty, determining whether a user corresponding to the user IPv6 stealth application is an initial user, and when the user is the initial user, performing initializing/verifying operation on the user information according to the first user identity certificate, if not, generating user verifying information, and sending the user verifying information to the user for verifying operation, thereby obtaining the user information after the initializing/verifying operation.
The specific initialization/verification operation comprises the steps of determining an associated organization, verifying a user name and a user password according to user information, checking whether an organization name corresponding to the associated organization corresponds to an organization name in a first user identity certificate, determining a mapping relation between the organization name and the user name based on the first user identity name if the organization name corresponds to the organization name, performing secondary verification on the verified user name according to the mapping relation, determining whether the verified user name belongs to the organization name, performing enhanced verification processing on the user if the verified user name belongs to the organization name, extracting preset appointed information of an identity certificate private key in the first user identity certificate to perform digital signature after the user passes the enhanced verification processing, performing tertiary verification on the digital signature, determining whether the digital signature has timeliness or not, acquiring a control access rule if the digital signature has the timeliness, determining whether a user corresponding to an application access request has authority parameter of accessing a protected application or not based on the control access rule, synchronizing the user password according to the user password after the synchronization of the hash value, associating organization and the verified user name, obtaining user information after initialization/verification operation, and controlling the access rule to be the appointed access rule of the user with different identity certificates.
Step S103, determining the IPv6 prefix corresponding to the IPv6 stealth protection application gateway.
Step S104, carrying out dynamic encryption calculation on the IPv6 prefix, the data certificate, the application ID corresponding to the protected application and the current timestamp according to the dynamic DNS module to obtain an encrypted IPv6 address, and packaging the encrypted IPv6 address in an AAAA record of the DNS to return to the user application.
Specifically, for IPv4 applications, it is necessary to configure both an a record and an AAAA record for access by IPv4 terminals and IPv6 terminals in a mobile network. The A record is a real application IPv4 address, and the AAAA record is comprehensively calculated by (IPv 6 prefix of an application associated IPv6 stealth application gateway, safety communication data certificate of a user, application ID and timestamp), dynamically changes, is different for each user, and is updated every short time. For the IPv6 application, only the AAAA record is configured, and the generation manner is the same as that of the above-mentioned IPv4 terminal AAAA record, which is not described herein.
The specific calculation mode is that the hash function is used for carrying out hash processing on different parameters to generate a unique hash value, namely an AAAA record. And determining a corresponding target IPv6 address according to the A record of the IPv4 application configuration, the AAAA record and the AAAA record of the IPv6 application configuration.
Step S105, when the user accesses the encrypted IPv6 address, the data load in the transmission message is encrypted according to the encrypted IPv6 address and the data certificate, and the encrypted IPv6 message is obtained.
And step S106, the encrypted IPv6 message is sent to the IPv6 stealth protection application gateway through the IPv6 network.
In the above embodiment, when a user accesses a protected application through a mobile network environment, a first user identity certificate and a data certificate distributed by an IPv6 stealth communication management platform are received, wherein the first user identity certificate includes an organization name, a user name and an identity certificate private key, the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message when in IPv6 stealth secure communication, after an application access request is detected, initializing/verifying operation is performed on user information based on the application access request and the first user identity certificate to obtain user information after the initializing/verifying operation, then an IPv6 prefix corresponding to an IPv6 stealth protection application gateway is determined, dynamic encryption calculation is performed on the IPv6 prefix, the data certificate, an application ID corresponding to the protected application and a current timestamp according to a dynamic DNS module to obtain an encrypted IPv6 address, the encrypted IPv6 address is encapsulated in a DNS IPv6 address record, when the user accesses the encrypted IPv6 address, the user information is initialized/verified based on the application access request and the first user identity certificate, the encrypted IPv6 address is transmitted to the user IPv6 address through the encrypted network protection gateway, and the encrypted network 6 IPv6 message is encrypted after the user access request is performed, and the network protection gateway is enabled to obtain the encrypted 6 IPv6 message. And the middle communication access process can not be scanned, can not be sniffed and can not restore the content, thereby improving the security of the mobile network environment for accessing the protected application.
In one possible implementation manner of the embodiment of the application, detecting whether the access application corresponding to the application access request is a protected application includes directly forwarding the message in the application access request to the corresponding access application if the access application corresponding to the application access request is not the protected application.
In one possible implementation manner of the embodiment of the application, the verification user name is checked for the second time according to the mapping relation to determine whether the verification user name belongs to the organization name, and the method comprises the steps of generating identity abnormality information and controlling to display the identity abnormality information if the verification user name does not belong to the organization name.
In an embodiment of the application, it is predetermined which users have access to which applications in the protected. The rules can be manually written into the IPv6 stealth access soft terminal and the IPv6 stealth protection application gateway, and can also be issued by an IPv6 communication authorization component of the IPv6 stealth communication management platform.
Referring to fig. 2, the embodiment of the present application also discloses a mobile network environment security access protected application system 20 based on the initiator IPv6 stealth access soft terminal side.
A mobile network environment secure access protected application system 20 for IPv6 stealth access soft terminals, comprising:
The certificate receiving module 21 is configured to receive a first user identity certificate and a data certificate, which are distributed by the IPv6 stealth communication management platform, where the first user identity certificate includes an organization name, a user name, and an identity certificate private key, and the data certificate is configured to generate an encrypted IPv6 address and encrypt a transmission message during IPv6 stealth secure communication;
The information initialization module 22 is configured to perform an initialization/verification operation on the user information based on the application access request and the first user identity certificate after detecting the application access request, so as to obtain user information after the initialization/verification operation;
a prefix determining module 23, configured to determine an IPv6 prefix corresponding to the IPv6 stealth protection application gateway;
the dynamic DNS module 24 is configured to perform dynamic encryption calculation on the IPv6 prefix, the data certificate, the application ID corresponding to the protected application, and the current timestamp according to the dynamic DNS module, obtain an encrypted IPv6 address, and encapsulate the encrypted IPv6 address in an AAAA record of DNS to return to the user application;
the message encrypting module 25 is configured to encrypt a data load in the transmission message according to the encrypted IPv6 address and the data certificate when the user accesses the encrypted IPv6 address, so as to obtain an encrypted IPv6 message;
the message sending module 26 is configured to send the encrypted IPv6 message to the IPv6 stealth protection application gateway through the IPv6 network.
The mobile network environment security access protected application system based on the IPv6 stealth access soft terminal side can realize any one of the mobile network environment security access protected application methods based on the IPv6 stealth access soft terminal side, and the specific working process of each module in the mobile network environment security access protected application system can refer to the corresponding process in the method embodiment.
The embodiment of the application also discloses a mobile network environment security access protected application method based on the IPv6 stealth protection application gateway side.
Referring to fig. 3, a method for safely accessing a protected application in a mobile network environment is applied to an IPv6 stealth protection application gateway, and includes:
Step S301, an encrypted IPv6 message sent by the IPv6 stealth access soft terminal is received.
The encrypted IPv6 message is obtained by receiving a first user identity certificate and a data certificate distributed by an IPv6 stealth communication management platform, wherein the first user identity certificate comprises an organization name, a user name and an identity certificate private key, the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message when in IPv6 stealth safety communication, after an application access request is detected, initializing/verifying operation is carried out on user information based on the application access request and the first user identity certificate, the user information after the initializing/verifying operation is obtained, an IPv6 prefix corresponding to an IPv6 stealth protection application gateway is determined, dynamic encryption calculation is carried out on the IPv6 prefix, the data certificate, an application ID corresponding to a protected application and a current time stamp according to a dynamic DNS module, the encrypted IPv6 address is obtained, the encrypted IPv6 address is packaged in an AAAA record of the DNS, when the user accesses the encrypted IPv6 address, the obtained IPv6 address and the data load in the transmission message is encrypted according to the encrypted IPv6 address and the data certificate, and the obtained IPv6 address is encrypted to the encrypted message.
Step S302, determining a target IPv6 address according to the IPv6 message, and carrying out information restoration on parameters in the target IPv6 address based on a cryptography algorithm to obtain message recording parameters.
For the embodiment of the application, the cryptography algorithm is a digital signature algorithm, and in the application, the target IPv6 address is calculated by the digital signature algorithm, so that the original parameters in the target IPv6 address can be restored by carrying out reverse deduction through the digital signature algorithm, thereby obtaining the message recording parameters, and further carrying out the authenticity verification on the target IPv6 address.
Step S303, checking the different types of parameters in the message recording parameters one by one, judging whether the parameters do not meet the preset standard, and discarding the IPv6 message if the parameters do not meet the preset standard.
Specifically, the preset standard is a reference value standard for different types of parameters in the message recording parameters, that is, the different types of parameters in the message recording parameters need to be matched with the parameters in the preset standard, so that the parameters in the preset standard are not only met, but also the type parameter value in the message recording parameters needs to be ensured to be met with the reference value corresponding to the parameter type.
Step S304, if not, decrypting the data load in the IPv6 message based on the preset data certificate to obtain the decrypted IPv6 message.
Specifically, the preset data certificate is a certificate created by the IPv6 stealth communication management platform for each user needing to access the protected application, and is pre-configured in the IPv6 stealth access soft terminal and the IPv6 stealth protection application gateway after being created, and encrypts an IPv6 address and a data load in a message generated during IPv6 secure communication.
Step S305, the decrypted IPv6 message is sent to the protected application.
In the embodiment of the application, the IPv6 gateway of the initiator decrypts the IPv6 message through the encryption algorithm and the secret key in the secure communication information, so that the encrypted IPv6 message is changed into an unreadable form, and only a receiver with the correct secret key can decrypt and read the message content.
In the above embodiment, after the IPv6 stealth protection application gateway receives the IPv6 message sent from the IPv6 stealth access soft terminal, determining a target IPv6 address according to the IPv6 message, restoring the parameters in the target IPv6 address based on a cryptographic algorithm to obtain a message recording parameter, then checking the different types of parameters in the message recording parameter one by one, judging whether the parameters do not meet the preset standard, if yes, discarding the IPv6 message, if not, decrypting the data load in the IPv6 message based on the preset data certificate, to obtain a decrypted IPv6 message, and then sending the decrypted IPv6 message to the protected application, thereby improving the security of accessing the protected application through double decryption and checking of the IPv6 stealth protection application gateway.
In one possible implementation manner of the embodiment of the application, the method includes the steps of sending the decrypted IPv6 message to the protected application, judging whether the protected application has an IPv6 address, if so, modifying the source address of the decrypted IPv6 message into the IPv6 address of the IPv6 stealth protection application gateway and modifying the destination address of the decrypted IPv6 message into the IPv6 address of the protected application, and if not, translating the decrypted IPv6 message into an IPv4 message, and modifying the source address of the IPv4 message into the IPv4 address of the IPv6 stealth protection application gateway and modifying the destination address of the IPv4 message into the IPv4 address of the protected application.
Referring to fig. 4, the embodiment of the present application also discloses a mobile network environment security access protected application system 40 based on the receiver IPv6 gateway side.
A mobile network environment secure access protected application system 40 for use in an IPv6 stealth protection application gateway, comprising:
The message receiving module 41 is configured to receive an encrypted IPv6 message sent from an IPv6 stealth access soft terminal, where the encrypted IPv6 message is obtained by receiving a first user identity certificate and a data certificate distributed by the IPv6 stealth communication management platform, where the first user identity certificate includes an organization name, a user name, and an identity certificate private key, the data certificate is used to generate an encrypted IPv6 address and encrypt the transmission message when the IPv6 stealth secure communication is performed, after an application access request is detected, initialize or verify the user information based on the application access request and the first user identity certificate, obtain user information after the initialization or verify operation, determine an IPv6 prefix corresponding to the IPv6 stealth protection application gateway, dynamically encrypt and calculate the IPv6 prefix, the data certificate, an application ID corresponding to the protected application, and a current timestamp according to the dynamic DNS module, obtain an encrypted IPv6 address, and encapsulate the encrypted IPv6 address in an AAAA record, and, when the user accesses the encrypted IPv6 address and the data certificate are transmitted, and the encrypted data message is obtained;
The information restoration module 42 determines a target IPv6 address according to the IPv6 message, and performs information restoration on parameters in the target IPv6 address based on a cryptography algorithm to obtain message recording parameters;
The message discarding module 43 is configured to check the different types of parameters in the message recording parameters one by one, determine whether there is a condition that the parameters do not meet the preset standard, and discard the IPv6 message if there is the condition;
the message decryption module 44 is configured to decrypt, based on a preset data certificate, the data payload in the IPv6 message to obtain a decrypted IPv6 message when there is no condition that does not meet the preset standard;
and the application access module 45 is used for sending the decrypted IPv6 message to the protected application.
In the embodiment, the security verification flow is optimized, encryption and decryption operations are simplified, meanwhile, the terminal is allowed to rapidly process and forward legal messages, the communication security is improved, meanwhile, the consumption of system resources is reduced, and the forwarding performance of the whole system is improved.
The mobile network environment security access protected application system based on the IPv6 stealth protection application gateway side can realize any one of the above-mentioned mobile network environment security access protected application methods based on the IPv6 stealth protection application gateway side, and the specific working process of each module in the mobile network environment security access protected application system can refer to the corresponding process in the above-mentioned method embodiment.
In several embodiments provided by the present application, it should be understood that the methods and systems provided may be implemented in other ways. For example, the system embodiments described above are merely illustrative, e.g., the partitioning of a module is merely a logical function partitioning, and there may be additional partitioning in actual implementation, e.g., multiple modules may be combined or integrated into another system, or some features may be omitted, or not performed.
The embodiment of the application also discloses a computer readable storage medium.
A computer readable storage medium storing a computer program capable of being loaded by a processor and executing any one of the methods of secure access protected application in a mobile network environment as described above.
Wherein the computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device, the program code contained on the computer readable medium can be transmitted over any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and for those portions of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
The foregoing description of the preferred embodiments of the application is not intended to limit the scope of the application in any way, including the abstract and drawings, in which case any feature disclosed in this specification (including abstract and drawings) may be replaced by alternative features serving the same, equivalent purpose, unless expressly stated otherwise. That is, each feature is one example only of a generic series of equivalent or similar features, unless expressly stated otherwise.

Claims (10)

1. A method for securely accessing a protected application in a mobile network environment, applied to an IPv6 stealth access soft terminal, comprising:
Receiving a first user identity certificate and a data certificate distributed by an IPv6 stealth communication management platform, wherein the first user identity certificate comprises an organization name, a user name and an identity certificate private key, and the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message when in IPv6 stealth secure communication;
After an application access request is detected, initializing/verifying operation is carried out on the user information based on the application access request and a first user identity certificate, so that the user information after the initializing/verifying operation is obtained;
determining an IPv6 prefix corresponding to the IPv6 stealth protection application gateway;
Performing dynamic encryption calculation on the IPv6 prefix, the data certificate, the application ID corresponding to the protected application and the current timestamp according to a dynamic DNS module to obtain an encrypted IPv6 address, and packaging the encrypted IPv6 address in an AAAA record of DNS to return to the user application;
When a user accesses the encrypted IPv6 address, encrypting the data load in the transmission message according to the encrypted IPv6 address and the data certificate to obtain an encrypted IPv6 message;
and sending the encrypted IPv6 message to an IPv6 stealth protection application gateway through an IPv6 network.
2. The method for securely accessing a protected application in a mobile network environment according to claim 1, wherein initializing/verifying user information based on the application access request and the first user identity certificate, to obtain the user information after the initializing/verifying operation, comprises:
Detecting whether an access application corresponding to the application access request is a protected application, if so, carrying out non-empty monitoring on the first user identity certificate, determining whether the first user identity certificate is empty, and when the first user identity certificate is not empty, determining whether a user corresponding to the IPv6 stealth access soft terminal is an initial user, and when the user is the initial user, carrying out initialization/verification operation on user information according to the first user identity certificate to obtain user information after the initialization/verification operation;
If the user is not the initial user, generating user authentication information, and sending the user authentication information to the user for authentication operation.
3. The method for securely accessing a protected application in a mobile network environment according to claim 2, wherein initializing/verifying user information according to the first user identity certificate, to obtain the user information after the initializing/verifying operation, comprises:
Determining an associated organization, verifying a user name and a user password according to the user information;
Checking whether an organization name corresponding to the association organization corresponds to an organization name in the first user identity certificate, if so, determining a mapping relation between the organization name and the user name based on the first user identity name, and performing secondary checking on the verification user name according to the mapping relation to determine whether the verification user name belongs to the organization name;
If the verification user name belongs to the organization name, performing enhanced verification processing on the user, and extracting preset appointed information of an identity certificate private key in the first user identity certificate to perform digital signature after the user passes the enhanced verification processing;
And checking the digital signature for three times, determining whether the digital signature has timeliness, if so, acquiring a control access rule, determining whether a user corresponding to the application access request has permission parameters for accessing the protected application or not based on the control access rule, and if so, performing initialization/verification operation through the user information to obtain the user information after the initialization/verification operation, wherein the control access rule is a rule for designating the protected application for controlling the user access of different identity information.
4. The method for securely accessing a protected application in a mobile network environment according to claim 2, wherein said detecting whether the access application corresponding to the application access request is a protected application comprises:
and if the access application corresponding to the application access request is not the protected application, directly forwarding the message in the application access request to the corresponding access application.
5. A method for secure access protected application in a mobile network environment according to claim 3, wherein said performing a secondary check on said authentication username according to said mapping relationship, determining whether said authentication username belongs to said organization name, comprises:
and if the verification user name does not belong to the organization name, generating identity abnormal information, and controlling and displaying the identity abnormal information.
6. The method is characterized by being applied to an IPv6 stealth protection application gateway and comprising the following steps of:
receiving an encrypted IPv6 message sent by an IPv6 stealth access soft terminal, wherein the encrypted IPv6 message is a first user identity certificate and a data certificate distributed by an IPv6 stealth communication management platform, the first user identity certificate comprises an organization name, a user name and an identity certificate private key, the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message when in IPv6 stealth safety communication, after an application access request is detected, initializing/verifying operation is carried out on user information based on the application access request and the first user identity certificate, user information after the initializing/verifying operation is obtained, an IPv6 prefix corresponding to an IPv6 stealth protection application gateway is determined, dynamic encryption calculation is carried out on the IPv6 prefix, the data certificate, an application ID corresponding to a protected application and a current time stamp according to a dynamic DNS module, the encrypted IPv6 address is obtained, the encrypted IPv6 address is packaged in an AArecord of the DNS, when the application access request is detected, the encrypted data is transmitted to the encrypted message according to the obtained IPv6 address, and the obtained encrypted data is encrypted according to the encrypted data record;
Determining a target IPv6 address according to the IPv6 message, and carrying out information restoration on parameters in the target IPv6 address based on a cryptography algorithm to obtain message recording parameters;
checking the different types of parameters in the message recording parameters one by one, judging whether the parameters do not meet the preset standard, and discarding the IPv6 message if the parameters do not meet the preset standard;
If the IPv6 message does not exist, decrypting the data load in the IPv6 message based on a preset data certificate to obtain a decrypted IPv6 message;
and sending the decrypted IPv6 message to the protected application.
7. The method for securely accessing a protected application in a mobile network environment according to claim 6, wherein said sending said decrypted IPv6 message to said protected application further comprises:
Judging whether the protected application has an IPv6 address, if so, modifying the source address of the decrypted IPv6 message into the IPv6 address of the IPv6 stealth protection application gateway and modifying the target address of the decrypted IPv6 message into the IPv6 address of the protected application;
If the protected application does not have the IPv6 address, translating the decrypted IPv6 message into an IPv4 message, modifying the source address of the IPv4 message into the IPv4 address of the IPv6 stealth protection application gateway, and modifying the target address of the IPv4 message into the IPv4 address of the protected application.
8. A mobile network environment secure access protected application system, applied to an IPv6 stealth secure access soft terminal, comprising:
the system comprises a certificate receiving module, a data transmitting module and a data receiving module, wherein the certificate receiving module is used for receiving a first user identity certificate and a data certificate which are distributed by an IPv6 stealth communication management platform, the first user identity certificate comprises an organization name, a user name and an identity certificate private key, and the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message during IPv6 stealth safety communication;
The information initialization module is used for initializing/verifying the user information based on the application access request and the first user identity certificate after the application access request is detected, so as to obtain the user information after the initialization/verifying operation;
The prefix determining module is used for determining an IPv6 prefix corresponding to the IPv6 stealth protection application gateway;
The dynamic DNS module is used for carrying out dynamic encryption calculation on the IPv6 prefix, the data certificate, the application ID corresponding to the protected application and the current timestamp according to the dynamic DNS module to obtain an encrypted IPv6 address, and packaging the encrypted IPv6 address in an AAAA record of the DNS to return to the user application;
The message encryption module is used for encrypting the data load in the transmission message according to the encrypted IPv6 address and the data certificate when the user accesses the encrypted IPv6 address, so as to obtain an encrypted IPv6 message;
and the message sending module is used for sending the encrypted IPv6 message to an IPv6 stealth protection application gateway through an IPv6 network.
9. A mobile network environment secure access protected application system, for use in an IPv6 stealth protection application gateway, comprising:
The message receiving module is used for receiving an encrypted IPv6 message sent by an IPv6 stealth access soft terminal, wherein the encrypted IPv6 message is obtained by receiving a first user identity certificate and a data certificate distributed by the IPv6 stealth communication management platform, the first user identity certificate comprises an organization name, a user name and an identity certificate private key, the data certificate is used for generating an encrypted IPv6 address and encrypting a transmission message when IPv6 stealth safety communication is carried out, after an application access request is detected, user information is initialized or verified based on the application access request and the first user identity certificate, user information after the initialization or verification operation is obtained, an IPv6 prefix corresponding to the IPv6 stealth protection application gateway is determined, dynamic encryption calculation is carried out on the IPv6 prefix, the data certificate, an application ID corresponding to the protected application and a current time stamp according to a dynamic DNS module, the encrypted IPv6 address is obtained, the encrypted 6 address is packaged in the IPv6 address, when the encrypted address is recorded in the IPv6 address of the user, and the encrypted data is transmitted to the encrypted data address according to the AA after the encryption load is carried out, and the encrypted data is obtained after the encrypted data is transmitted;
The information restoration module determines a target IPv6 address according to the IPv6 message, and performs information restoration on parameters in the target IPv6 address based on a cryptography algorithm to obtain message recording parameters;
The message discarding module is used for checking the parameters of different types in the message recording parameters one by one, judging whether the parameters do not meet the preset standard, and discarding the IPv6 message if the parameters do not meet the preset standard;
The message decryption module is used for decrypting the data load in the IPv6 message based on a preset data certificate to obtain a decrypted IPv6 message when the condition that the preset standard condition is not met does not exist;
and the application access module is used for sending the decrypted IPv6 message to the protected application.
10. A computer readable storage medium, characterized in that a computer program is stored which is loadable by a processor and which performs the method for secure access to a protected application in a mobile network environment as claimed in any one of claims 1 to 5 or in any one of claims 6 to 7.
CN202410352426.7A 2024-03-26 2024-03-26 A method, system and medium for securely accessing protected applications in a mobile network environment Active CN118200917B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410352426.7A CN118200917B (en) 2024-03-26 2024-03-26 A method, system and medium for securely accessing protected applications in a mobile network environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410352426.7A CN118200917B (en) 2024-03-26 2024-03-26 A method, system and medium for securely accessing protected applications in a mobile network environment

Publications (2)

Publication Number Publication Date
CN118200917A CN118200917A (en) 2024-06-14
CN118200917B true CN118200917B (en) 2025-03-25

Family

ID=91413399

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410352426.7A Active CN118200917B (en) 2024-03-26 2024-03-26 A method, system and medium for securely accessing protected applications in a mobile network environment

Country Status (1)

Country Link
CN (1) CN118200917B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111435945A (en) * 2019-01-15 2020-07-21 厦门雅迅网络股份有限公司 Automobile Ethernet communication method, terminal equipment and storage medium
CN111770071A (en) * 2020-06-23 2020-10-13 江苏易安联网络技术有限公司 Method and device for gateway authentication of trusted device in network stealth scene

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2469492C2 (en) * 2008-03-04 2012-12-10 Телефонактиеболагет Лм Эрикссон (Пабл) Delegation of ip address
CN112583952B (en) * 2020-12-09 2023-01-24 北京金山云网络技术有限公司 Redirection scheduling processing method, device and system, related equipment and storage medium
CN116489125A (en) * 2023-05-10 2023-07-25 湖州市西塞数字安全研究院 Method and system for realizing network stealth fusion domain name resolution service
CN117478428B (en) * 2023-12-26 2024-03-19 北京英迪瑞讯网络科技有限公司 Stealth communication system and configuration method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111435945A (en) * 2019-01-15 2020-07-21 厦门雅迅网络股份有限公司 Automobile Ethernet communication method, terminal equipment and storage medium
CN111770071A (en) * 2020-06-23 2020-10-13 江苏易安联网络技术有限公司 Method and device for gateway authentication of trusted device in network stealth scene

Also Published As

Publication number Publication date
CN118200917A (en) 2024-06-14

Similar Documents

Publication Publication Date Title
CN109361668B (en) Trusted data transmission method
JP5860815B2 (en) System and method for enforcing computer policy
US7039713B1 (en) System and method of user authentication for network communication through a policy agent
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
CN114244508B (en) Data encryption method, device, equipment and storage medium
CN112565205B (en) Credible authentication and measurement method, server, terminal and readable storage medium
US11470060B2 (en) Private exchange of encrypted data over a computer network
JP2008250931A (en) System for restoring distributed information, information utilizing device, and verification device
US20250202688A1 (en) Quantum key transmission method, apparatus, and system
WO2024198933A1 (en) Private key protection method, server access method, system, device, and storage medium
US11640480B2 (en) Data message sharing
CN101197828A (en) A method for implementing secure ARP and network equipment
US20060053288A1 (en) Interface method and device for the on-line exchange of content data in a secure manner
CN114244569B (en) SSL VPN remote access method, system and computer equipment
CN113672973B (en) Database system for embedded devices based on RISC-V architecture based on trusted execution environment
CN116132185B (en) Data calling method, system, device, equipment and medium
CN118200917B (en) A method, system and medium for securely accessing protected applications in a mobile network environment
CN113709100B (en) Shared file access control method, device, equipment and readable storage medium
CN118199991B (en) A method, system and medium for securely accessing protected applications in a fixed network environment
CN111431846B (en) Data transmission method, device and system
CN115348078A (en) Method, electronic device and storage medium for preventing APP eavesdropping based on verification signature certificate
CN117955735B (en) Data security access control method, system and storage medium
CN116471081B (en) An anonymous authentication method for indoor security based on Internet of Things technology
CN118174929B (en) Stealth communication method, sending terminal, receiving terminal and system based on IPv6
CN116744298A (en) Identity recognition method, identification system and related equipment of card equipment of Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant