Secure communication method, apparatus, device, storage medium and computer program product
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- BEIJING HONGTENG INTELLIGENT TECH CO LTD
- Filing Date
- 2024-12-03
- Publication Date
- 2026-06-05
AI Technical Summary
Existing browsers require users to manually configure the national cryptographic algorithm when establishing a communication connection. This process is cumbersome, error-prone, and affects communication security and stability.
By determining whether the website being accessed supports Chinese cryptographic algorithms, communication protocol negotiation and configuration are performed, and the target Chinese cryptographic algorithm is automatically negotiated and used for data communication, including Chinese cryptographic whitelist management and algorithm priority determination.
It simplifies the configuration process of national cryptographic algorithms, improves the security and stability of communication, and avoids errors caused by manual configuration.
Smart Images

Figure CN122160055A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data communication technology, and in particular to secure communication methods, apparatus, devices, storage media, and computer program products. Background Technology
[0002] With the rapid development of the internet, data security has become an increasingly serious security issue in cyberspace, especially in scenarios involving sensitive data and privacy protection. Ensuring the security of communication processes and the confidentiality of data has become an urgent technical challenge. Therefore, the State Cryptography Administration has launched a series of domestically developed cryptographic algorithms (referred to as "national cryptographic algorithms") to replace internationally used cryptographic algorithms and ensure the security of domestic information transmission.
[0003] Currently, browsers serve as the primary gateway for users to access the internet, making their communication security paramount. However, traditional browsers have numerous shortcomings in supporting Chinese cryptographic algorithms. For instance, establishing a communication connection typically requires manual configuration by the user to use these algorithms, a process that is cumbersome and prone to errors, thus impacting communication security and stability. Summary of the Invention
[0004] The main purpose of this application is to provide a secure communication method, device, equipment, storage medium, and computer program product, which aims to solve the technical problem that in the prior art, browsers require users to manually configure the use of national cryptographic algorithms when establishing communication connections, which is cumbersome and prone to errors.
[0005] To achieve the above objectives, this application proposes a secure communication method, the method comprising:
[0006] Determine whether the currently accessed website supports Chinese cryptographic algorithms;
[0007] If supported, the communication protocol negotiation configuration is performed on the browser accessing the currently accessed website to obtain the communication protocol configuration result. The communication protocol configuration result contains the target national cryptographic algorithm jointly supported by the browser and the server of the currently accessed website.
[0008] The browser communicates with the server using the target national cryptographic algorithm.
[0009] In one embodiment, the step of determining whether the currently accessed website supports the national cryptographic algorithm includes:
[0010] Obtain the communication protocol information and encryption certificate information of the currently accessed website;
[0011] Based on the communication protocol information and the encryption certificate information, it is determined whether the currently accessed website supports the national cryptographic algorithm.
[0012] In one embodiment, the step of negotiating and configuring the communication protocol for the browser accessing the currently visited website to obtain the communication protocol configuration result includes:
[0013] Detect whether the national cryptographic algorithm exists in the national cryptographic whitelist of the browser accessing the currently visited website;
[0014] If it does not exist, the target national cryptographic algorithm supported by both the accessing browser and the server of the currently accessed website is added to the national cryptographic whitelist to obtain the communication protocol configuration result.
[0015] In one embodiment, the step of adding the target national cryptographic algorithm commonly supported by the accessing browser and the server of the currently accessed website to the national cryptographic whitelist to obtain the communication protocol configuration result includes:
[0016] The browser accessing the currently accessed website accesses the server corresponding to the currently accessed website based on the transport layer communication protocol in the national cryptographic whitelist;
[0017] When access fails, determine the national cryptographic algorithm to be configured that is supported by both the accessing browser and the server;
[0018] The browser accesses the server based on the national cryptographic algorithm to be configured.
[0019] The successfully accessed national cryptographic algorithm to be configured is identified as the target national cryptographic algorithm and added to the national cryptographic whitelist to obtain the communication protocol configuration result.
[0020] In one embodiment, the step of determining the national cryptographic algorithm to be configured that is jointly supported by the accessing browser and the server includes:
[0021] Determine the first encryption algorithm supported by the access browser and the second encryption algorithm supported by the server;
[0022] A list of national cryptographic algorithms is constructed based on the first encryption algorithm and the second encryption algorithm;
[0023] All national cryptographic algorithms in the national cryptographic algorithm list are identified as national cryptographic algorithms to be configured that are jointly supported by the accessing browser and the server.
[0024] In one embodiment, the step of constructing a list of national cryptographic algorithms based on the first encryption algorithm and the second encryption algorithm includes:
[0025] A first set of national cryptographic algorithms and a second set of national cryptographic algorithms are generated based on the national cryptographic algorithms in the first and second encryption algorithms, respectively.
[0026] Identify the common national cryptographic algorithms in the first set of national cryptographic algorithms and the second set of national cryptographic algorithms;
[0027] A list of national cryptographic algorithms is constructed based on the aforementioned public national cryptographic algorithms.
[0028] In one embodiment, before the step of communicating data with the server via the access browser based on the target national cryptographic algorithm, the method further includes:
[0029] A candidate set of national cryptographic algorithms is generated based on the current communication scenario and the target national cryptographic algorithm.
[0030] Determine the algorithm priority of each candidate national cryptographic algorithm in the candidate national cryptographic algorithm set;
[0031] The optimal national cryptographic algorithm is determined from the candidate national cryptographic algorithms based on the algorithm priority.
[0032] The step of communicating data with the server through the access browser based on the target national cryptographic algorithm includes:
[0033] The browser communicates with the server using the optimal national cryptographic algorithm.
[0034] In one embodiment, the step of communicating data with the server through the access browser based on the target national cryptographic algorithm includes:
[0035] Determine the national cryptographic gateway and national cryptographic certificate corresponding to the target national cryptographic algorithm;
[0036] The browser accesses the server to communicate with it based on the national cryptographic gateway and the national cryptographic certificate.
[0037] In one embodiment, after the step of communicating data with the server via the access browser based on the target national cryptographic algorithm, the method further includes:
[0038] During the communication process, the access data of the accessing browser is acquired in real time;
[0039] The intelligent caching mechanism determines the data to be cached and the key to be cached based on the access data.
[0040] The data to be cached and the key to be cached are cached.
[0041] Furthermore, to achieve the above objectives, this application also proposes a secure communication device, the device comprising:
[0042] The algorithm detection module is used to determine whether the currently accessed website supports the national cryptographic algorithm;
[0043] The communication negotiation module is used to perform communication protocol negotiation configuration on the browser accessing the currently accessed website if supported, and obtain the communication protocol configuration result. The communication protocol configuration result contains the target national cryptographic algorithm jointly supported by the browser accessing the website and the server of the currently accessed website.
[0044] A secure communication module is used to communicate data with the server through the access browser based on the target national cryptographic algorithm.
[0045] In one embodiment, the algorithm detection module is further configured to obtain the communication protocol information and encryption certificate information of the currently accessed website; and determine whether the currently accessed website supports the Chinese national cryptographic algorithm based on the communication protocol information and the encryption certificate information.
[0046] In one embodiment, the communication negotiation module is further configured to detect whether a Chinese cryptographic algorithm exists in the whitelist of the browser accessing the currently accessed website; if not, the target Chinese cryptographic algorithm jointly supported by the browser and the server of the currently accessed website is added to the whitelist to obtain the communication protocol configuration result.
[0047] In one embodiment, the communication negotiation module is further configured to: access the server corresponding to the currently accessed website through the browser of the currently accessed website based on the transport layer communication protocol in the national cryptographic whitelist; when the access fails, determine the national cryptographic algorithm to be configured that is supported by both the browser and the server; access the server through the browser based on the national cryptographic algorithm to be configured; and add the national cryptographic algorithm to be configured that was successfully accessed as the target national cryptographic algorithm to the national cryptographic whitelist to obtain the communication protocol configuration result.
[0048] In one embodiment, the communication negotiation module is further configured to determine a first encryption algorithm supported by the access browser and a second encryption algorithm supported by the server; construct a list of Chinese national cryptographic algorithms based on the first encryption algorithm and the second encryption algorithm; and determine all Chinese national cryptographic algorithms in the list as Chinese national cryptographic algorithms to be configured that are jointly supported by the access browser and the server.
[0049] In one embodiment, the communication negotiation module is further configured to generate a first set of national cryptographic algorithms and a second set of national cryptographic algorithms based on the national cryptographic algorithms in the first encryption algorithm and the second encryption algorithm, respectively; determine the common national cryptographic algorithms in the first set of national cryptographic algorithms and the second set of national cryptographic algorithms; and construct a list of national cryptographic algorithms based on the common national cryptographic algorithms.
[0050] In one embodiment, the secure communication module is further configured to generate a set of candidate national cryptographic algorithms based on the current communication scenario and the target national cryptographic algorithm; determine the algorithm priority corresponding to each candidate national cryptographic algorithm in the set of candidate national cryptographic algorithms; and determine the optimal national cryptographic algorithm from the candidate national cryptographic algorithms based on the algorithm priority.
[0051] The browser communicates with the server using the optimal national cryptographic algorithm.
[0052] In one embodiment, the secure communication module is further configured to determine the national cryptographic gateway and national cryptographic certificate corresponding to the target national cryptographic algorithm; and to conduct data communication with the server through the access browser based on the national cryptographic gateway and the national cryptographic certificate.
[0053] In addition, to achieve the above objectives, this application also proposes a secure communication device, the device comprising: a memory, a processor, and a computer program stored in the memory and executable on the processor, the computer program being configured to implement the steps of the secure communication method as described above.
[0054] In addition, to achieve the above objectives, this application also proposes a storage medium, which is a computer-readable storage medium, on which a computer program is stored, and which, when executed by a processor, implements the steps of the secure communication method described above.
[0055] In addition, to achieve the above objectives, this application also provides a computer program product, which includes a computer program that, when executed by a processor, implements the steps of the secure communication method described above.
[0056] This application provides a secure communication method. It discloses a method for determining whether a currently accessed website supports Chinese cryptographic algorithms. If supported, the method performs communication protocol negotiation and configuration on the browser accessing the website, obtaining a communication protocol configuration result. This result includes the browser and the server corresponding to the website jointly supporting the target Chinese cryptographic algorithm. The browser then communicates with the server based on the target Chinese cryptographic algorithm. Compared to existing browsers that have many shortcomings in supporting Chinese cryptographic algorithms, which typically require manual configuration by the user to establish a communication connection, this method is cumbersome and prone to errors. This invention allows for communication negotiation and configuration on the browser accessing the website to negotiate the use of Chinese cryptographic algorithms for encrypted communication. This enables the browser to communicate with the server based on the target Chinese cryptographic algorithm, thus solving the technical problem of existing browsers requiring manual configuration to establish a communication connection, which is cumbersome and prone to errors. This improves the security and stability of communication. Attached Figure Description
[0057] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.
[0058] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0059] Figure 1 This is a flowchart illustrating an embodiment of the secure communication method of this application.
[0060] Figure 2 This is a flowchart illustrating Embodiment 2 of the secure communication method of this application;
[0061] Figure 3 This is a flowchart illustrating the automatic negotiation process for Chinese cryptographic communication in the secure communication method described in this application.
[0062] Figure 4 This is a flowchart illustrating Embodiment 3 of the secure communication method of this application;
[0063] Figure 5 This is a schematic diagram of the module structure of the secure communication device according to an embodiment of this application;
[0064] Figure 6 This is a schematic diagram of the device structure of the hardware operating environment involved in the secure communication method in the embodiments of this application.
[0065] The purpose, features, and advantages of this application will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation
[0066] It should be understood that the specific embodiments described herein are merely illustrative of the technical solutions of this application and are not intended to limit this application.
[0067] To better understand the technical solution of this application, a detailed description will be provided below in conjunction with the accompanying drawings and specific implementation methods.
[0068] The main solution of this application embodiment is: to determine whether the currently accessed website supports the national cryptographic algorithm; if it does, to perform communication protocol negotiation configuration on the browser accessing the currently accessed website, and to obtain the communication protocol configuration result, wherein the communication protocol configuration result contains the target national cryptographic algorithm jointly supported by the browser accessing the website and the server of the currently accessed website; and to conduct data communication between the browser accessing the website and the server based on the target national cryptographic algorithm.
[0069] Because existing browsers have many shortcomings in supporting Chinese cryptographic algorithms, users usually need to manually configure them to use the Chinese cryptographic algorithms when establishing a communication connection. This process is cumbersome and prone to configuration errors, which affects the security and stability of communication.
[0070] This application provides a solution that configures the browser accessing a website to negotiate the use of Chinese cryptographic algorithms for communication encryption. This allows the browser to communicate with the server based on the target Chinese cryptographic algorithm, thereby solving the technical problem in the prior art where users need to manually configure the use of Chinese cryptographic algorithms when establishing a communication connection, which is cumbersome and prone to errors. This improves the security and stability of communication.
[0071] It should be noted that the executing entity in this embodiment can be a computing service device with data processing, network communication, and program execution functions, such as a tablet computer, personal computer, or mobile phone, or an electronic device or secure communication device capable of performing the above functions. The following description uses a secure communication device (hereinafter referred to as the device) as an example to illustrate this embodiment and the subsequent embodiments.
[0072] Based on this, embodiments of this application provide a secure communication method, referring to... Figure 1 , Figure 1 This is a flowchart illustrating the first embodiment of the secure communication method of this application.
[0073] In this embodiment, the secure communication method includes steps S10 to S30:
[0074] Step S10: Determine whether the currently accessed website supports the Chinese cryptographic algorithm.
[0075] It should be noted that the currently accessed website mentioned above can be the website that the user accesses at the current moment by entering the URL into their browser.
[0076] It should be understood that Chinese cryptographic algorithms can be domestically developed cryptographic algorithms recognized by the State Cryptography Administration, primarily used to protect encrypted communications and data security in critical national information infrastructure and commercial sectors. In this embodiment, Chinese cryptographic algorithms can include symmetric cryptographic algorithms, asymmetric cryptographic algorithms, and hash algorithms, such as SM1 (symmetric encryption algorithm), SM2 (public-key encryption algorithm), SM3 (hash algorithm), SM4 (symmetric block cipher algorithm), SM7 (symmetric encryption algorithm), and SM9 (identifier cryptography algorithm). In practical applications, Chinese cryptographic algorithms are widely used in various communication and data processing scenarios to ensure the security and confidentiality of data transmission. For example, in cloud management platforms, Chinese cryptographic algorithms can be used to implement high-strength SSL encrypted connections and server authentication, ensuring the secure management of cloud resources.
[0077] Specifically, step S10 includes: obtaining the communication protocol information and encryption certificate information of the currently accessed website; and determining whether the currently accessed website supports the Chinese national cryptographic algorithm based on the communication protocol information and the encryption certificate information.
[0078] It should be noted that the aforementioned communication protocol information can be related to the communication protocols supported by the currently accessed website, such as the name, function, and whether the national cryptographic algorithm is supported by the currently accessed website; the aforementioned encryption certificate information can be related to the digital certificate used to encrypt website data transmission and verify the website's identity. Among them, the encryption certificate usually refers to SSL certificate (Secure Socket Layer) or TLS certificate (Transport Layer Security). These certificates are issued by the Certificate Authority (CA) after verifying the website's identity. They can be installed on the website server to encrypt the data transmitted from the website client to the server, ensuring the security and integrity of the data.
[0079] In this embodiment, the device can determine whether the currently accessed webpage supports the Chinese cryptographic algorithm based on whether the communication protocol supported by the currently accessed website supports the Chinese cryptographic algorithm, and whether the encryption certificate used to encrypt website data supports the Chinese cryptographic algorithm. Specifically, if both the protocol supported by the currently accessed website and the encryption certificate support the Chinese cryptographic algorithm, then the currently accessed website is determined to support the Chinese cryptographic algorithm.
[0080] Step S20: If supported, perform communication protocol negotiation and configuration on the browser accessing the currently accessed website to obtain the communication protocol configuration result. The communication protocol configuration result contains the target national cryptographic algorithm jointly supported by the browser accessing the website and the server of the currently accessed website.
[0081] It should be noted that the communication protocol negotiation configuration in this embodiment can be a configuration process that automatically identifies and negotiates the use of Chinese national cryptographic algorithms for encrypted communication during the communication process. In practical applications, when two devices communicate, they can first negotiate a communication protocol. Specifically, one device can send a list of Chinese national cryptographic algorithms it supports to the other device. The receiving device can then select a suitable Chinese national cryptographic algorithm for communication based on its own supported algorithms, thereby ensuring that both parties can use Chinese national cryptographic algorithms for data transmission efficiently and securely.
[0082] It is understandable that the aforementioned target Chinese cryptographic algorithm can be a Chinese cryptographic algorithm that is supported by both the browser and the server of the currently accessed website, and that can successfully communicate with the server. In practical applications, after the device negotiates and configures the communication protocol with the browser accessing the currently accessed website, it can obtain the corresponding configuration result (i.e., the aforementioned communication protocol configuration result). The device can use this communication protocol configuration result to determine the target Chinese cryptographic algorithm that is supported by both the browser and the server of the currently accessed website, and that can successfully communicate with the server.
[0083] Step S30: The access browser communicates with the server based on the target national cryptographic algorithm.
[0084] In practical applications, once the target national cryptographic algorithm supported by both the browser and the server of the currently accessed website is determined, the browser and the server of the currently accessed website can communicate using that target national cryptographic algorithm. In this embodiment, by using a national cryptographic algorithm that strictly adheres to the national cryptographic algorithm standards formulated by the State Cryptography Administration for data encryption, the security of the communication process and the confidentiality of the data can be ensured, preventing data leakage and tampering.
[0085] Specifically, step S30 includes: determining the national cryptographic gateway and national cryptographic certificate corresponding to the target national cryptographic algorithm; and conducting data communication with the server through the access browser based on the national cryptographic gateway and the national cryptographic certificate.
[0086] In practical applications, when a browser communicates with a server using a national cryptographic algorithm-based gateway and national cryptographic certificate, the gateway can encrypt the data using the target algorithm to ensure confidentiality and integrity during data transmission. Simultaneously, it can verify the identities of both communicating parties through authentication mechanisms (such as pre-shared keys or national cryptographic certificates) to prevent unauthorized access. Specifically, national cryptographic certificates can ensure that only verified browsers and servers can communicate, preventing man-in-the-middle attacks.
[0087] In this embodiment, the browser can have a built-in national cryptographic communication module responsible for negotiating national cryptographic communication parameters and performing data encryption and decryption operations. This module can encrypt user-input data to ensure data security during transmission. Simultaneously, it can implement server-side authentication using national cryptographic algorithms, ensuring that only verified servers can process user requests. Furthermore, in this embodiment, the browser can also have a built-in intelligent configuration module. This module can automatically configure national cryptographic communication parameters using AI algorithms, thereby reducing manual intervention, lowering the risk of configuration errors, and further ensuring the security and stability of communication.
[0088] Furthermore, after step S30, the method further includes: acquiring the access data of the accessing browser in real time during the communication process; determining the data to be cached and the key to be cached based on the access data through an intelligent caching mechanism; and caching the data to be cached and the key to be cached.
[0089] It is understood that the aforementioned access data can be data generated when a browser accesses a server, such as the number of browser views, access counts, access duration, and key usage frequency. This embodiment does not impose any restrictions on this.
[0090] It should be noted that the aforementioned intelligent caching mechanism can be a mechanism for caching frequently used data and keys. The data to be cached can be data frequently used by the browser during access; the key to be cached can be a key frequently used by the browser. In this embodiment, the device can first determine the frequently used data and keys based on the access data in the browser, obtain the data to be cached and the key to be cached, and then load the data to be cached and the key to be cached into the cache through the intelligent caching mechanism. This reduces redundant calculations and improves the time for data and key lookup and loading.
[0091] In this embodiment, the device can utilize hardware acceleration technologies such as GPUs to improve the efficiency of key generation, encryption, and decryption operations, thereby enhancing the browser's performance in processing Chinese cryptographic communication.
[0092] This embodiment provides a secure communication method. The method discloses determining whether the currently accessed website supports Chinese cryptographic algorithms. If supported, the method performs communication protocol negotiation and configuration on the browser accessing the website, obtaining a communication protocol configuration result. This result includes the browser and the server corresponding to the website jointly supporting the target Chinese cryptographic algorithm. The browser then communicates with the server based on the target Chinese cryptographic algorithm. Compared to existing browsers that have many shortcomings in supporting Chinese cryptographic algorithms, which typically require manual configuration by the user to establish a communication connection, this method is cumbersome and prone to errors. This embodiment allows for communication negotiation and configuration on the browser accessing the website to negotiate the use of Chinese cryptographic algorithms for encrypted communication. This enables the browser to communicate with the server based on the target Chinese cryptographic algorithm, thus solving the technical problem of existing browsers requiring manual configuration to establish a communication connection, which is cumbersome and prone to errors. This improves the security and stability of communication.
[0093] Based on the first embodiment of this application, in the second embodiment of this application, the content that is the same as or similar to that in the first embodiment described above can be referred to the above description, and will not be repeated hereafter. Based on this, please refer to... Figure 2 , Figure 2 This is a flowchart illustrating Embodiment 2 of the secure communication method of this application.
[0094] In this embodiment, step S20 includes steps S21 to S22:
[0095] Step S21: Detect whether the national cryptographic algorithm exists in the national cryptographic whitelist of the browser accessing the currently visited website.
[0096] It should be understood that the aforementioned national cryptographic whitelist can be a list of national cryptographic algorithms that are allowed to be used when using national cryptographic algorithms for encrypted communication. In this embodiment, the whitelist mechanism is used to ensure that the browser and the server can only use national cryptographic algorithms in the whitelist for encrypted communication, thereby ensuring the security and reliability of the communication.
[0097] Step S22: If it does not exist, add the target national cryptographic algorithm that is supported by both the accessing browser and the server of the currently accessed website to the national cryptographic whitelist to obtain the communication protocol configuration result.
[0098] Specifically, step S22 includes:
[0099] Step S211: Access the server corresponding to the currently accessed website through the browser of the currently accessed website based on the transport layer communication protocol in the national cryptographic whitelist.
[0100] Understandably, the aforementioned transport layer communication protocols can be protocols used to provide confidentiality, data integrity, and authenticity of communication between browsers and servers, such as the TLS protocol, which can ensure communication security and prevent hacker attacks through public key and symmetric key encryption.
[0101] Step S212: When access fails, determine the national cryptographic algorithm to be configured that is supported by both the accessing browser and the server.
[0102] It should be understood that the national cryptographic algorithm to be configured is the national cryptographic algorithm jointly supported by the browser and the server.
[0103] Step S213: Access the server through the browser based on the national cryptographic algorithm to be configured.
[0104] It should be noted that due to certain differences between different browsers and servers, in order to ensure normal communication between the browser and the server, after determining the national cryptographic algorithm to be configured that is supported by both the browser and the server, communication behavior under different environments can be simulated to ensure that the browser can successfully establish a national cryptographic communication connection with the server. In this embodiment, the server can be accessed based on the national cryptographic algorithm to be configured. If the access is successful, the national cryptographic algorithm to be configured can be identified as the target national cryptographic algorithm and added to the national cryptographic whitelist. Subsequently, the browser can use the target national cryptographic algorithm in the whitelist to communicate with the server, further ensuring the reliability of national cryptographic communication.
[0105] Step S214: The successfully accessed national cryptographic algorithm to be configured is identified as the target national cryptographic algorithm and added to the national cryptographic whitelist to obtain the communication protocol configuration result.
[0106] In the specific implementation, refer to Figure 3 , Figure 3 This is a schematic diagram illustrating the process of automatic negotiation of Chinese cryptographic communication in the secure communication method described in this application. Figure 3 As shown, when the AI browser performs automatic negotiation of Chinese cryptographic communication, it first opens an HTTPS website and then checks whether the Chinese cryptographic SSL algorithm exists in the whitelist of the currently accessed website. If it does, it means that the Chinese cryptographic algorithm can be used for communication first, and the communication protocol configuration result can be obtained directly. If it does not exist, it can use the TLS protocol to access the server. If the access fails, it can access the server based on the Chinese cryptographic SSL algorithm supported by both the browser and the server. If the access is successful, the successfully accessed Chinese cryptographic algorithm can be identified as the target Chinese cryptographic algorithm and added to the Chinese cryptographic whitelist, and finally the communication protocol configuration result is obtained.
[0107] In this embodiment, it is disclosed that the presence of a Chinese cryptographic algorithm in the whitelist of the browser accessing the currently visited website is detected. If the algorithm is not found, the target Chinese cryptographic algorithm supported by both the browser and the server of the currently visited website is added to the whitelist. The communication protocol configuration result is obtained, thereby enabling automatic negotiation of Chinese cryptographic algorithms through the browser, simplifying the configuration process of Chinese cryptographic communication, and thus improving the efficiency of Chinese cryptographic communication.
[0108] Based on the first and / or second embodiments of this application, in the third embodiment of this application, the content that is the same as or similar to the above embodiments can be referred to the above description, and will not be repeated hereafter. Based on this, please refer to... Figure 4 , Figure 4 This is a flowchart illustrating Embodiment 3 of the secure communication method of this application.
[0109] In this embodiment, step S212 includes steps S212a to S212c:
[0110] Step S212a: Determine the first encryption algorithm supported by the access browser and the second encryption algorithm supported by the server.
[0111] It should be noted that the first encryption algorithm mentioned above can be any encryption algorithm supported by the access browser; the second encryption algorithm mentioned above can be any encryption algorithm supported by the server. The first and second encryption algorithms can include international algorithms, national cryptographic algorithms, dual algorithms, etc., and this embodiment does not impose any restrictions on them.
[0112] Step S212b: Construct a list of national cryptographic algorithms based on the first encryption algorithm and the second encryption algorithm.
[0113] It is understood that the aforementioned list of national cryptographic algorithms can be a list consisting of all national cryptographic algorithms in the first encryption algorithm and the second encryption algorithm. In this embodiment, all national cryptographic algorithms in the first encryption algorithm and the second encryption algorithm can be integrated to construct a list of national cryptographic algorithms.
[0114] Specifically, step S212b includes: generating a first set of national cryptographic algorithms and a second set of national cryptographic algorithms based on the national cryptographic algorithms in the first encryption algorithm and the second encryption algorithm, respectively; determining the common national cryptographic algorithms in the first set of national cryptographic algorithms and the second set of national cryptographic algorithms; and constructing a list of national cryptographic algorithms based on the common national cryptographic algorithms.
[0115] It should be understood that the aforementioned first set of national cryptographic algorithms can be a set consisting of all national cryptographic algorithms in the first encryption algorithm; the aforementioned second set of national cryptographic algorithms can be a set consisting of all national cryptographic algorithms in the second encryption algorithm; and the aforementioned common national cryptographic algorithm can be the same national cryptographic algorithm in the first set of national cryptographic algorithms and the second set of national cryptographic algorithms.
[0116] Step S212c: Determine all national cryptographic algorithms in the list as national cryptographic algorithms to be configured that are jointly supported by the accessing browser and the server.
[0117] In this embodiment, the device can determine the national cryptographic algorithm in the first encryption algorithm and construct a first set of national cryptographic algorithms. At the same time, it can determine the national cryptographic algorithm in the second encryption algorithm and construct a second set of national cryptographic algorithms. Then, the national cryptographic algorithms that are the same in the first set of national cryptographic algorithms and the second set of national cryptographic algorithms can be extracted to obtain common national cryptographic algorithms. Based on these common national cryptographic algorithms, a list of national cryptographic algorithms can be constructed. At this time, all algorithms in the list of national cryptographic algorithms are national cryptographic algorithms that are supported by both the browser and the server.
[0118] Furthermore, prior to step S30, the method further includes:
[0119] Step S301: Generate a set of candidate national cryptographic algorithms based on the current communication scenario and the target national cryptographic algorithm.
[0120] It is understood that the aforementioned current communication scenario refers to the communication scenario between the browser and the server, such as scenarios for protecting sensitive data or verifying data integrity. This embodiment does not limit this. In this embodiment, the device can select the best-performing national cryptographic algorithm from among the algorithms supported by both the browser and the server, based on the communication scenario and communication requirements between the browser and the server. After determining the optimal national cryptographic algorithm, the browser can communicate with the server using the optimal national cryptographic algorithm.
[0121] It should be understood that the aforementioned candidate national cryptographic algorithm set can be a collection of several national cryptographic algorithms that can be applied to the current communication. In practical applications, different types of national cryptographic algorithms are typically used in different scenarios. For example, the SM2 algorithm is suitable for secure communication scenarios such as digital signatures, key negotiation, and encryption; the SM3 algorithm is suitable for digital signatures, message authentication, random number generation, and other data integrity verification scenarios; the SM4 algorithm is suitable for data encryption, data integrity verification, and other security protection scenarios; and the SM9 algorithm is suitable for scenarios requiring easily identifiable identity information as a public key. Therefore, in this embodiment, the device can select appropriate national cryptographic algorithms to form a candidate national cryptographic algorithm set based on the current communication scenario. For example, if the current communication scenario is one of protecting sensitive data communication, algorithms such as SM1 or SM4 can be selected from the encryption algorithm list to form the candidate national cryptographic algorithm set; if the current communication scenario is one of data integrity verification, hash algorithms such as SM3 can be selected from the encryption algorithm list to form the candidate national cryptographic algorithm set.
[0122] Step S301: Determine the algorithm priority of each candidate national cryptographic algorithm in the candidate national cryptographic algorithm set.
[0123] It is understood that the aforementioned algorithm priority can be used to characterize the priority of using a candidate national cryptographic algorithm for national cryptographic communication. In this embodiment, the corresponding algorithm priority can be determined based on the security, efficiency, and other characteristics of each candidate national cryptographic algorithm in the candidate algorithm set. Generally speaking, the higher the security and efficiency of a candidate national cryptographic algorithm, the higher its corresponding algorithm priority.
[0124] Step S301: Determine the optimal national cryptographic algorithm from the candidate national cryptographic algorithms based on the algorithm priority.
[0125] Accordingly, step 30 includes: communicating data with the server through the access browser based on the optimal national cryptographic algorithm.
[0126] In this embodiment, the candidate national cryptographic algorithm with the highest algorithm priority can be determined as the optimal national cryptographic algorithm, and the optimal national cryptographic algorithm can be used for national cryptographic communication between the browser and the server.
[0127] In this embodiment, a first encryption algorithm supported by the access browser and a second encryption algorithm supported by the server are determined. A list of Chinese national cryptographic algorithms is constructed based on the first and second encryption algorithms. All Chinese national cryptographic algorithms in the list are identified as configurable Chinese national cryptographic algorithms supported by both the access browser and the server. Since this embodiment can construct a list of Chinese national cryptographic algorithms based on the Chinese national cryptographic algorithms supported by the access browser and the server, subsequent automatic negotiation of Chinese national cryptographic communication can be performed directly based on the Chinese national cryptographic algorithms in the list, which is beneficial to the efficiency of Chinese national cryptographic communication negotiation and thus improves the performance of the browser in processing Chinese national cryptographic communication.
[0128] It should be noted that the above examples are only for understanding this application and do not constitute a limitation on the secure communication method of this application. Any simple modifications based on this technical concept are within the protection scope of this application.
[0129] This application also provides a secure communication device; please refer to... Figure 5 The secure communication device includes:
[0130] Algorithm detection module 10 is used to determine whether the currently accessed website supports the national cryptographic algorithm;
[0131] The communication negotiation module 20 is used to perform communication protocol negotiation configuration on the browser accessing the currently accessed website if supported, and obtain the communication protocol configuration result. The communication protocol configuration result includes the target national cryptographic algorithm jointly supported by the browser accessing the website and the server of the currently accessed website.
[0132] The secure communication module 30 is used to communicate data with the server through the access browser based on the target national cryptographic algorithm.
[0133] The secure communication device provided in this application, employing the secure communication method described in the above embodiments, can solve the technical problem in the prior art where users need to manually configure the use of national cryptographic algorithms when establishing a communication connection in a browser, which is cumbersome and prone to errors. Compared with the prior art, the beneficial effects of the secure communication device provided in this application are the same as those of the secure communication method provided in the above embodiments, and other technical features in the secure communication device are the same as those disclosed in the methods of the above embodiments, and will not be repeated here.
[0134] This application provides a secure communication device, which includes: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, which are executed by the at least one processor to enable the at least one processor to perform the secure communication method in Embodiment 1 above.
[0135] The following is for reference. Figure 6 The diagram illustrates a structural schematic suitable for implementing the secure communication device in the embodiments of this application. The secure communication device in the embodiments of this application may include, but is not limited to, mobile terminals such as mobile phones, laptops, digital broadcast receivers, PDAs (Personal Digital Assistants), PADs (Portable Application Description), PMPs (Portable Media Players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and fixed terminals such as digital TVs and desktop computers. Figure 6 The secure communication device shown is merely an example and should not impose any limitations on the functionality and scope of use of the embodiments of this application.
[0136] like Figure 6 As shown, the secure communication device may include a processing unit 1001 (e.g., a central processing unit, a graphics processing unit, etc.) that can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 1002 or a program loaded from a storage device 1003 into a random access memory (RAM) 1004. The RAM 1004 also stores various programs and data required for the operation of the secure communication device. The processing unit 1001, ROM 1002, and RAM 1004 are interconnected via a bus 1005. An input / output (I / O) interface 1006 is also connected to the bus. Typically, the following systems can be connected to the I / O interface 1006: input devices 1007 including, for example, touchscreens, touchpads, keyboards, mice, image sensors, microphones, accelerometers, gyroscopes, etc.; output devices 1008 including, for example, liquid crystal displays (LCDs), speakers, vibrators, etc.; storage devices 1003 including, for example, magnetic tapes, hard disks, etc.; and communication devices 1009. Communication device 1009 allows secure communication devices to communicate wirelessly or wiredly with other devices to exchange data. While secure communication devices with various systems are shown in the figures, it should be understood that implementation or possession of all the systems shown is not required. More or fewer systems may be implemented alternatively.
[0137] Specifically, according to the embodiments disclosed in this application, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments disclosed in this application include a computer program product comprising a computer program carried on a computer-readable medium, the computer program containing program code for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via a communication device, or installed from storage device 1003, or installed from ROM 1002. When the computer program is executed by processing device 1001, it performs the functions defined in the methods of the embodiments disclosed in this application.
[0138] The secure communication device provided in this application, employing the secure communication method described in the above embodiments, can solve the technical problem of secure communication. Compared with the prior art, the beneficial effects of the secure communication device provided in this application are the same as those of the secure communication method described in the above embodiments, and other technical features of the secure communication device are the same as those disclosed in the method of the previous embodiment, and will not be repeated here.
[0139] It should be understood that the various parts disclosed in this application can be implemented using hardware, software, firmware, or a combination thereof. In the description of the above embodiments, specific features, structures, materials, or characteristics can be combined in any suitable manner in one or more embodiments or examples.
[0140] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
[0141] This application provides a computer-readable storage medium having computer-readable program instructions (i.e., a computer program) stored thereon, the computer-readable program instructions being used to execute the secure communication method described in the above embodiments.
[0142] The computer-readable storage medium provided in this application may be, for example, a USB flash drive, but is not limited to, electrical, magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices, or any combination thereof. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections having one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof. In this embodiment, the computer-readable storage medium may be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, system, or device. The program code contained on the computer-readable storage medium may be transmitted using any suitable medium, including but not limited to: wires, optical cables, RF (Radio Frequency), etc., or any suitable combination thereof.
[0143] The aforementioned computer-readable storage medium may be included in a secure communication device; or it may exist independently and not be assembled into a secure communication device.
[0144] The aforementioned computer-readable storage medium carries one or more programs. When these programs are executed by a secure communication device, the secure communication device: determines whether the currently accessed website supports Chinese cryptographic algorithms; if so, it performs communication protocol negotiation and configuration on the browser accessing the currently accessed website to obtain a communication protocol configuration result, wherein the communication protocol configuration result contains a target Chinese cryptographic algorithm jointly supported by the browser and the server of the currently accessed website; and the browser communicates with the server based on the target Chinese cryptographic algorithm.
[0145] Computer program code for performing the operations of this application can be written in one or more programming languages or a combination thereof, including object-oriented programming languages such as Java, Smalltalk, and C++, and conventional procedural programming languages such as the "C" language or similar programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a Local Area Network (LAN) or a Wide Area Network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).
[0146] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0147] The modules described in the embodiments of this application can be implemented in software or hardware. The names of the modules do not necessarily limit the functionality of the unit itself.
[0148] The readable storage medium provided in this application is a computer-readable storage medium that stores computer-readable program instructions (i.e., a computer program) for executing the above-described secure communication method. This solves the technical problem in the prior art where browsers require users to manually configure the use of national cryptographic algorithms when establishing communication connections, which is cumbersome and prone to errors. Compared with the prior art, the beneficial effects of the computer-readable storage medium provided in this application are the same as those of the secure communication method provided in the above embodiments, and will not be repeated here.
[0149] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the secure communication method described above.
[0150] The computer program product provided in this application solves the technical problem in the prior art where browsers require users to manually configure the use of national cryptographic algorithms when establishing communication connections, which is cumbersome and prone to errors. Compared with the prior art, the beneficial effects of the computer program product provided in this application are the same as those of the secure communication method provided in the above embodiments, and will not be repeated here.
[0151] The above description is only a part of the embodiments of this application and does not limit the patent scope of this application. All equivalent structural transformations made under the technical concept of this application and using the contents of the specification and drawings of this application, or direct / indirect applications in other related technical fields, are included in the patent protection scope of this application.
[0152] This invention discloses A1, a secure communication method, the method comprising:
[0153] Determine whether the currently accessed website supports Chinese cryptographic algorithms;
[0154] If supported, the communication protocol negotiation configuration is performed on the browser accessing the currently accessed website to obtain the communication protocol configuration result. The communication protocol configuration result contains the target national cryptographic algorithm jointly supported by the browser and the server of the currently accessed website.
[0155] The browser communicates with the server using the target national cryptographic algorithm.
[0156] A2. As described in A1, the step of determining whether the currently accessed website supports the national cryptographic algorithm includes:
[0157] Obtain the communication protocol information and encryption certificate information of the currently accessed website;
[0158] Based on the communication protocol information and the encryption certificate information, it is determined whether the currently accessed website supports the national cryptographic algorithm.
[0159] A3. As described in A1, the step of negotiating and configuring the communication protocol for the browser accessing the currently visited website to obtain the communication protocol configuration result includes:
[0160] Detect whether the national cryptographic algorithm exists in the national cryptographic whitelist of the browser accessing the currently visited website;
[0161] If it does not exist, the target national cryptographic algorithm supported by both the accessing browser and the server of the currently accessed website is added to the national cryptographic whitelist to obtain the communication protocol configuration result.
[0162] A4. As described in A3, the step of adding the target national cryptographic algorithm commonly supported by the accessing browser and the server of the currently accessed website to the national cryptographic whitelist to obtain the communication protocol configuration result includes:
[0163] The browser accessing the currently accessed website accesses the server corresponding to the currently accessed website based on the transport layer communication protocol in the national cryptographic whitelist;
[0164] When access fails, determine the national cryptographic algorithm to be configured that is supported by both the accessing browser and the server;
[0165] The browser accesses the server based on the national cryptographic algorithm to be configured.
[0166] The successfully accessed national cryptographic algorithm to be configured is identified as the target national cryptographic algorithm and added to the national cryptographic whitelist to obtain the communication protocol configuration result.
[0167] A5. As described in A4, the step of determining the national cryptographic algorithm to be configured that is jointly supported by the accessing browser and the server includes:
[0168] Determine the first encryption algorithm supported by the access browser and the second encryption algorithm supported by the server;
[0169] A list of national cryptographic algorithms is constructed based on the first encryption algorithm and the second encryption algorithm;
[0170] All national cryptographic algorithms in the national cryptographic algorithm list are identified as national cryptographic algorithms to be configured that are jointly supported by the accessing browser and the server.
[0171] A6. As described in A5, the step of constructing the national cryptographic algorithm list based on the first encryption algorithm and the second encryption algorithm includes:
[0172] A first set of national cryptographic algorithms and a second set of national cryptographic algorithms are generated based on the national cryptographic algorithms in the first and second encryption algorithms, respectively.
[0173] Identify the common national cryptographic algorithms in the first set of national cryptographic algorithms and the second set of national cryptographic algorithms;
[0174] A list of national cryptographic algorithms is constructed based on the aforementioned public national cryptographic algorithms.
[0175] A7. The method as described in any one of A1 to A6, prior to the step of communicating data with the server via the access browser based on the target national cryptographic algorithm, further includes:
[0176] A candidate set of national cryptographic algorithms is generated based on the current communication scenario and the target national cryptographic algorithm.
[0177] Determine the algorithm priority of each candidate national cryptographic algorithm in the candidate national cryptographic algorithm set;
[0178] The optimal national cryptographic algorithm is determined from the candidate national cryptographic algorithms based on the algorithm priority.
[0179] The step of communicating data with the server through the access browser based on the target national cryptographic algorithm includes:
[0180] The browser communicates with the server using the optimal national cryptographic algorithm.
[0181] A8. The method as described in any one of A1 to A6, wherein the step of communicating data with the server through the access browser based on the target national cryptographic algorithm includes:
[0182] Determine the national cryptographic gateway and national cryptographic certificate corresponding to the target national cryptographic algorithm;
[0183] The browser accesses the server to communicate with it based on the national cryptographic gateway and the national cryptographic certificate.
[0184] A9. The method as described in any one of A1 to A6, after the step of communicating data with the server through the access browser based on the target national cryptographic algorithm, further includes:
[0185] During the communication process, the access data of the accessing browser is acquired in real time;
[0186] The intelligent caching mechanism determines the data to be cached and the key to be cached based on the access data.
[0187] The data to be cached and the key to be cached are cached.
[0188] The present invention also discloses B10, a secure communication device, the device comprising: an algorithm detection module, used to determine whether the currently accessed website supports the national cryptographic algorithm;
[0189] The communication negotiation module is used to perform communication protocol negotiation configuration on the browser accessing the currently accessed website if supported, and obtain the communication protocol configuration result. The communication protocol configuration result contains the target national cryptographic algorithm jointly supported by the browser accessing the website and the server of the currently accessed website.
[0190] A secure communication module is used to communicate data with the server through the access browser based on the target national cryptographic algorithm.
[0191] B11. In the apparatus described in B10, the algorithm detection module is further configured to obtain the communication protocol information and encryption certificate information of the currently accessed website; and to determine whether the currently accessed website supports the Chinese national cryptographic algorithm based on the communication protocol information and the encryption certificate information.
[0192] B12. In the apparatus described in B10, the communication negotiation module is further configured to detect whether a national cryptographic algorithm exists in the national cryptographic whitelist of the browser accessing the currently accessed website; if not, the target national cryptographic algorithm jointly supported by the browser accessing the website and the server of the currently accessed website is added to the national cryptographic whitelist to obtain the communication protocol configuration result.
[0193] B13. The apparatus as described in B12, wherein the communication negotiation module is further configured to access the server corresponding to the currently accessed website through the access browser of the currently accessed website based on the transport layer communication protocol in the national cryptographic whitelist; when the access fails, determine the national cryptographic algorithm to be configured that is jointly supported by the access browser and the server; access the server through the access browser based on the national cryptographic algorithm to be configured; and add the national cryptographic algorithm to be configured that was successfully accessed as the target national cryptographic algorithm to the national cryptographic whitelist to obtain the communication protocol configuration result.
[0194] B14. The apparatus as described in B13, wherein the communication negotiation module is further configured to determine a first encryption algorithm supported by the access browser and a second encryption algorithm supported by the server; construct a list of national cryptographic algorithms based on the first encryption algorithm and the second encryption algorithm; and determine all national cryptographic algorithms in the list of national cryptographic algorithms as national cryptographic algorithms to be configured that are jointly supported by the access browser and the server.
[0195] B15. In the apparatus described in B14, the communication negotiation module is further configured to generate a first set of national cryptographic algorithms and a second set of national cryptographic algorithms based on the national cryptographic algorithms in the first encryption algorithm and the second encryption algorithm, respectively; determine the common national cryptographic algorithms in the first set of national cryptographic algorithms and the second set of national cryptographic algorithms; and construct a list of national cryptographic algorithms based on the common national cryptographic algorithms.
[0196] B16. The apparatus as described in any one of B10 to B15, wherein the secure communication module is further configured to generate a set of candidate national cryptographic algorithms based on the current communication scenario and the target national cryptographic algorithm; determine the algorithm priority corresponding to each candidate national cryptographic algorithm in the set of candidate national cryptographic algorithms; determine the optimal national cryptographic algorithm from the candidate national cryptographic algorithms based on the algorithm priority; and conduct data communication with the server through the access browser based on the optimal national cryptographic algorithm.
[0197] B17. The apparatus as described in any one of B10 to B15, wherein the secure communication module is further configured to determine the national cryptographic gateway and national cryptographic certificate corresponding to the target national cryptographic algorithm; and to conduct data communication with the server through the access browser based on the national cryptographic gateway and the national cryptographic certificate.
[0198] The present invention also discloses C18, a secure communication device, the device comprising: a memory, a processor, and a secure communication program stored in the memory and executable on the processor, the secure communication program being configured to implement the steps of the secure communication method as described above.
[0199] The present invention also discloses D19, a storage medium storing a secure communication program, wherein the secure communication program, when executed by a processor, implements the steps of the secure communication method described above.
[0200] The present invention also discloses E20, a computer program product comprising a computer program that, when executed by a processor, implements the steps of the secure communication method described above.
Claims
1. A secure communication method, characterized in that, The method includes: Determine whether the currently accessed website supports Chinese cryptographic algorithms; If supported, the communication protocol negotiation configuration is performed on the browser accessing the currently accessed website to obtain the communication protocol configuration result. The communication protocol configuration result contains the target national cryptographic algorithm jointly supported by the browser and the server of the currently accessed website. The browser communicates with the server using the target national cryptographic algorithm.
2. The method as described in claim 1, characterized in that, The step of determining whether the currently accessed website supports the national cryptographic algorithm includes: Obtain the communication protocol information and encryption certificate information of the currently accessed website; Based on the communication protocol information and the encryption certificate information, it is determined whether the currently accessed website supports the national cryptographic algorithm.
3. The method as described in claim 1, characterized in that, The step of negotiating and configuring the communication protocol for the browser accessing the currently visited website and obtaining the communication protocol configuration result includes: Detect whether the national cryptographic algorithm exists in the national cryptographic whitelist of the browser accessing the currently visited website; If it does not exist, the target national cryptographic algorithm supported by both the accessing browser and the server of the currently accessed website is added to the national cryptographic whitelist to obtain the communication protocol configuration result.
4. The method as described in claim 3, characterized in that, The step of adding the target national cryptographic algorithm, which is supported by both the accessing browser and the server of the currently accessed website, to the national cryptographic whitelist to obtain the communication protocol configuration result includes: The browser accessing the currently accessed website accesses the server corresponding to the currently accessed website based on the transport layer communication protocol in the national cryptographic whitelist; When access fails, determine the national cryptographic algorithm to be configured that is supported by both the accessing browser and the server; The browser accesses the server based on the national cryptographic algorithm to be configured. The successfully accessed national cryptographic algorithm to be configured is identified as the target national cryptographic algorithm and added to the national cryptographic whitelist to obtain the communication protocol configuration result.
5. The method as described in claim 4, characterized in that, The step of determining the national cryptographic algorithm to be configured that is jointly supported by the accessing browser and the server includes: Determine the first encryption algorithm supported by the access browser and the second encryption algorithm supported by the server; A list of national cryptographic algorithms is constructed based on the first encryption algorithm and the second encryption algorithm; All national cryptographic algorithms in the national cryptographic algorithm list are identified as national cryptographic algorithms to be configured that are jointly supported by the accessing browser and the server.
6. The method as described in claim 5, characterized in that, The step of constructing the national cryptographic algorithm list based on the first encryption algorithm and the second encryption algorithm includes: A first set of national cryptographic algorithms and a second set of national cryptographic algorithms are generated based on the national cryptographic algorithms in the first and second encryption algorithms, respectively. Identify the common national cryptographic algorithms in the first set of national cryptographic algorithms and the second set of national cryptographic algorithms; A list of national cryptographic algorithms is constructed based on the aforementioned public national cryptographic algorithms.
7. A secure communication device, characterized in that, The device includes: The algorithm detection module is used to determine whether the currently accessed website supports the national cryptographic algorithm; The communication negotiation module is used to perform communication protocol negotiation configuration on the browser accessing the currently accessed website if supported, and obtain the communication protocol configuration result. The communication protocol configuration result contains the target national cryptographic algorithm jointly supported by the browser accessing the website and the server of the currently accessed website. A secure communication module is used to communicate data with the server through the access browser based on the target national cryptographic algorithm.
8. A secure communication device, characterized in that, The device includes: a memory, a processor, and a computer program stored in the memory and executable on the processor, the computer program being configured to implement the steps of the secure communication method as described in any one of claims 1 to 6.
9. A storage medium, characterized in that, The storage medium is a computer-readable storage medium, and a computer program is stored on the storage medium. When the computer program is executed by a processor, it implements the steps of the secure communication method as described in any one of claims 1 to 6.
10. A computer program product, characterized in that, The computer program product includes a computer program that, when executed by a processor, implements the steps of the secure communication method as described in any one of claims 1 to 6.