METHOD FOR IMPROVING NETWORK APPLICATION SECURITY AND THE SYSTEM THEREOF
First Claim
1. A method for improving network application security, wherein the method comprisingthe proxy server in a customer terminal host receiving a protocol message generated and sent by customer terminal software according to the information input by a user, parsing the protocol message according to a predetermined protocol, and obtaining protocol content;
- andthe proxy server determining whether critical information, which is predetermined by the proxy server, the smart key device and the application server, is included in the protocol content;
if the critical information is included in the protocol content, the proxy server sending the protocol content to the smart key device and the smart key device parsing the protocol content to obtain the critical information, and outputting the critical information for user'"'"'s confirmation; and
if a signal indicating that the critical information is confirmed correct by the user is received, the smart key device signing the protocol content and returning a signature result to the proxy server, and then the proxy server generating a new protocol message according to the signature result and the protocol content, and sending it to the application server;
or if a signal that the critical information is confirmed incorrect by the user is received by the smart key device or no confirmation signal from the user is received by the smart key device within a predetermined time period, the smart key device performing an exception handling;
if the critical information is not included in the protocol content, the proxy server sending the protocol message to the application server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for improving network application security and the system thereof are disclosed in the invention, relating to the field of information security. The method includes: a proxy server in a customer terminal host receives a protocol message, generated and sent by the customer terminal software according to the information input by a user, and obtains the protocol content after parsing the protocol message, and determines whether critical information is included in the protocol content, if it is, the server sends the protocol content to the smart key device; and the smart key device obtains the critical information by parsing it and sends it to the user, and after a confirmation information is gotten from the user, the smart key device signs the protocol content and sends the signature result to the server; and then the server generates a new protocol message to an application server according to the signature result and the protocol content; after an error confirmation or no confirmation is received within a predetermined time period by the user, the smart key device performs the exception handling. The system includes a smart key device and a proxy server in the customer terminal host. The invention improves network application security on the premise of no change to the customer terminal, and it is usable and compatible.
22 Citations
18 Claims
-
1. A method for improving network application security, wherein the method comprising
the proxy server in a customer terminal host receiving a protocol message generated and sent by customer terminal software according to the information input by a user, parsing the protocol message according to a predetermined protocol, and obtaining protocol content; - and
the proxy server determining whether critical information, which is predetermined by the proxy server, the smart key device and the application server, is included in the protocol content; if the critical information is included in the protocol content, the proxy server sending the protocol content to the smart key device and the smart key device parsing the protocol content to obtain the critical information, and outputting the critical information for user'"'"'s confirmation; and
if a signal indicating that the critical information is confirmed correct by the user is received, the smart key device signing the protocol content and returning a signature result to the proxy server, and then the proxy server generating a new protocol message according to the signature result and the protocol content, and sending it to the application server;
or if a signal that the critical information is confirmed incorrect by the user is received by the smart key device or no confirmation signal from the user is received by the smart key device within a predetermined time period, the smart key device performing an exception handling;if the critical information is not included in the protocol content, the proxy server sending the protocol message to the application server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- and
-
11. A system for improving network application security, wherein the system comprising a smart key device and a proxy server installed in the customer terminal host;
-
wherein, the proxy server comprises a first interface module for receiving a protocol message generated and sent by the customer terminal software according to information input by a user; and
for communicating with the smart key device, and for sending a protocol content to the smart key device, and for receiving a signature result from the smart key device and sending a new protocol message to the application server;a parsing module for parsing the protocol message received by the first interface module and obtaining the protocol content; a determining module for determining whether critical information, predetermined by the proxy server, the smart key device and the application server, is included in the protocol content gotten by the parsing module, if it is, sending the protocol content to the smart key device with the first interface module;
otherwise sending the protocol to the application server with the first interface module;and a message generating module for generating a new protocol message with the signature result received by the first interface module and the protocol content gotten by the parsing module, and for sending the new protocol message to the application server with the first interface module; the smart key device comprises a second interface module for communicating with the proxy server and receiving the protocol content sent by the proxy server, and for sending the signature result to the proxy server; a filtering module for parsing the protocol content received by the second interface module and obtaining the critical information; an outputting module for outputting the critical information gotten by the filtering module for user'"'"'s confirmation; a confirmation module for receiving the confirmation signal, of whether the critical information is correct or not, input by the user; a signature module for signing the protocol content received by the second interface module while the signal received by the confirmation module is confirmed correct by the user, and for returning the signature result to the proxy server with the second interface module of the smart key device; and an exception handling module for making exception handling if the signal received by the confirmation module is a signal confirmed incorrect by the user, or if the signal sent by the user is not received by the confirmation module within a predetermined time period. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification