Communication system and communication method based on hardware security module

Abstract

The invention provides a communication system and method based on a hardware safety module. The system comprises the hardware safety module and an SSL forwarding server. The hardware safety module is disposed on a client side, and is used to match a corresponding client certificate to the client side when the hardware safety module is called by the client side; the SSL forwarding server is used to perform verification of the client certificate and to negotiate with the client side to obtain a communication private key after the verification is passes, the SSL forwarding server and the client side adopt the communication private key later, communication data of the client side is forwarded to an intranet server to be processes, and data after being processed by the intranet server is fed back to the client side; and the SSL forwarding server and the intranet server are located in the same communication network. The data can be prevented from being stolen by an illegal user, and safe transmission of information on the Internet is guaranteed; and an equipment certificate can be prevented from being illegally modified, and safety the private key of equipment is guaranteed.

Description

technical field [0001] The invention relates to the technical field of communication, in particular to a communication method for secure communication based on a hardware security module. Background technique [0002] The current communication methods between the client and the server mainly include: [0003] a) Socket communication method: Socket is the cornerstone of communication and the basic operation unit of network communication supporting TCP / IP protocol. It is an abstract representation of the endpoint in the network communication process, including five kinds of information necessary for network communication: the protocol used for connection, the IP address of the local host, the protocol port of the local process, the IP address of the remote host, and the protocol of the remote process port. When the application layer communicates data through the transport layer, TCP will encounter the problem of providing concurrent services for multiple application processe...

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is, when the socket communication method in the prior art adopts Socket communication without any encryption, its data is transmitted in plain text, and it is easy to be intercepted and attacked during the transmission process, and the encryption and decryption verification code is adopted when encrypted communication More cumbersome technical issues that increase the difficulty of development and maintenance. Provide a communication system and method based on hardware security modules to prevent data from being stolen by illegal users and ensure safe transmission of information on the Internet; it can prevent device certificates from being illegally modified. , to ensure the security of the private key of the device

Images