Whether a website is secure or not, there are at least three basic elements, one is https encryption, the other is WAF protection, and the third is trusted identity validation, all three are indispensable. That's why the ZT Browser innovative displays three website security-related icons: , not only has the security padlock, but also have the cloud WAF protection icon and the website trusted identity validation level icon. We also innovative added a cryptography protection compliance icon: especially for the website that adopts the SM2 algorithm to realize https encryption, which conspicuously proves that this website is "Cryptography Protection Compliance". Please refer to the innovation UI Icon Summary of ZT Browser for details.
One of the main features of ZT Browser is to fully support the SM2 algorithm and the SM2 SSL certificate. This is one of the Cryptography Law compliant innovative technologies for website security. With the continuous implementation of the Cryptography Law, all government agencies and financial agencies have also increasingly needed to realize the SM2 compliance for their website security, and gradually began to deploy the SM2 SSL certificate to realize the SM2 HTTPS encryption.
HTTPS encryption, realizing information transmission from browser to server is encrypted, preventing confidential information from leaking in the transmission process, effectively eliminating various illegal stealing and illegal tampering. This is the baseline of the website security. It will prompt "Not secure" without https encryption for all browsers.
"Cryptography Protection" is the Cryptography Law compliant baseline requirement. According to the second article "Cryptography" refers to technologies, products and services that use specific transformation methods for encryption protection and secure authentication on information” and article 27 “Operators of critical information infrastructure shall adopt commercial cryptography to protect such infrastructure if required by relevant laws, administrative regulations, and State provisions”. SM2 algorithm HTTPS encryption can meet the cryptography protection requirement in secure communication to protect data integrity, confidentiality and authenticity of identity using cryptography technology, and meet the requirement in application security and data security to protect data confidentiality and integrity in transmission and storage procedure using cryptography technology.
How to simply let the website visitors understand whether a website has deployed a SM2 SSL certificate and “cryptography protection compliant”, the innovation of ZT Browser is to add a " " icon behind the security padlock to highlight that this website has deployed a ZT Browser trusted SM2 SSL certificate to realize the SM2 algorithm HTTPS encryption. Click the " " icon to show "Cryptography Protection Compliant", so that users will know whether this website is protected by the SM2 algorithm, and it also let the owner of the website no need to present any compliant certification document, just let the supervision and inspection organization directly use ZT Browser to visit the website, it is very easy to know if this website is the Law compliant. This is an innovation, which greatly reduces the cost of inspection and supervision of the compliance of the Cryptography Law.
Not only that, ZT Browser gives priority to the SM2 algorithm when communicating to the web server. If the website deploys the SM2 SSL certificate and supports the SM2 algorithm, the SM2 algorithm is used to implement key exchange, the SM4 algorithm implements data transmission encryption with SM3 for message authentication. If the SM2 SSL certificate is not deployed, then ZT Browser will use the ECC/RSA algorithm for server communication. If it has been deployed, the security padlock will be displayed, which does not show the SM2 compliant icon. If the website does not deploy any SSL certificate, the browser will show that this website is "Not secure".
For a website that has deployed a SM2 SSL certificate that been not trusted by ZT Browser, ZT Browser uses the same processing of the RSA algorithm certificate to show a red "Not secure". Welcome all SM2 root CA operator to contact us to apply for the issuing SM2 root CA trusted inclusion.
It is recommended to choose the ZoTrus SM2 HTTPS Automation Management Solution. There is no need to apply for an SSL certificate from the CA, and there is no need to install an SSL certificate on the Web server to automatically realize https encryption. Customers can choose a suitable solution according to their own business system management needs, it has two main application scenarios: HTTPS encryption automation and SM2 HTTPS encryption transformation. The former mainly solves the problem of automatic deployment of RSA/ECC algorithm SSL certificates, because many websites and various business management systems are still not deployed SSL certificates, these systems only need to deploy RSA/ECC algorithm SSL certificates, and do not need to be transformed to support SM2 SSL certificate, but they need to realize automated certificate management. The latter requires not only the deployment of RSA/ECC SSL certificates, but also the deployment of SM2 SSL certificates, and the automatic management of dual-algorithm certificates.