SECURE COMMUNICATION METHOD AND APPARATUS

摘要

The present invention provides a secure communication method and apparatus. A security proxy device is arranged between a client and a server. The method comprises: the security proxy device using a key exchange mechanism to perform connection key agreement with the client; and assigning a token for the client after identity authentication for the client succeeds; upon receiving a request sent by the client to the server, validating whether the token sent together with the request is a token assigned for the client; if the validation succeeds, forwarding to the server a request obtained by using the connection key or a token connection key to decrypt the request, wherein the token connection key is assigned for the client and then sent to the client by using the connection key; after receiving a response returned by the server, using the connection key or token connection key to encrypt the response, and forwarding the encrypted response to the client. The present invention improves security of communication between the client and the server, and can effectively protect the server and client from various replay, injection of malicious codes and automated attacks.

主权项

1. A secure communication method, wherein the method is executed by a security proxy device between a client and a server, the method comprising:
using a key exchange mechanism to perform connection key agreement with the client; and assigning a token for the client after identity authentication for the client succeeds; upon receiving a request sent by the client to the server, validating whether the token sent together with the request is a token assigned for the client; if the validation succeeds, forwarding to the server a request obtained by using the connection key or a token connection key to decrypt the request, wherein the token connection key is assigned for the client and then sent to the client by using the connection key; after receiving a response returned by the server, using the connection key or token connection key to encrypt the response, and forwarding the encrypted response to the client.