Whether a website is secure or not, there are at least three basic elements, one is https encryption, the other is WAF protection, and the third is trusted identity validation, all three are indispensable. That's why the ZT Browser innovative displays three website security-related icons: , not only has the security padlock, but also have the cloud WAF protection icon and the website trusted identity validation level icon. We also innovative added a cryptography protection compliance icon: especially for the website that adopts the SM2 algorithm to realize https encryption, which conspicuously proves that this website is "Cryptography Protection Compliance". Please refer to the innovation UI Icon Summary of ZT Browser for details.
One of the main features of ZT Browser is to fully support the SM2 algorithm and the SM2 SSL certificate. This is one of the Cryptography Law compliant innovative technologies for website security. With the continuous implementation of the Cryptography Law, all government agencies and financial agencies have also increasingly needed to realize the SM2 compliance for their website security, and gradually began to deploy the SM2 SSL certificate to realize the SM2 HTTPS encryption.
HTTPS encryption, realizing information transmission from browser to server is encrypted, preventing confidential information from leaking in the transmission process, effectively eliminating various illegal stealing and illegal tampering. This is the baseline of the website security. It will prompt "Not secure" without https encryption for all browsers.
"Cryptography Protection" is the Cryptography Law compliant baseline requirement. According to the second article "Cryptography" refers to technologies, products and services that use specific transformation methods for encryption protection and secure authentication on information” and article 27 “Operators of critical information infrastructure shall adopt commercial cryptography to protect such infrastructure if required by relevant laws, administrative regulations, and State provisions”. SM2 algorithm HTTPS encryption can meet the cryptography protection requirement in secure communication to protect data integrity, confidentiality and authenticity of identity using cryptography technology, and meet the requirement in application security and data security to protect data confidentiality and integrity in transmission and storage procedure using cryptography technology.
How to simply let the website visitors understand whether a website has deployed a SM2 SSL certificate and “cryptography protection compliant”, the innovation of ZT Browser is to add a " " icon behind the security padlock to highlight that this website has deployed a ZT Browser trusted SM2 SSL certificate to realize the SM2 algorithm HTTPS encryption. Click the " " icon to show "Cryptography Protection Compliant", so that users will know whether this website is protected by the SM2 algorithm, and it also let the owner of the website no need to present any compliant certification document, just let the supervision and inspection organization directly use ZT Browser to visit the website, it is very easy to know if this website is the Law compliant. This is an innovation, which greatly reduces the cost of inspection and supervision of the compliance of the Cryptography Law.
Not only that, ZT Browser gives priority to the SM2 algorithm when communicating to the web server. If the website deploys the SM2 SSL certificate and supports the SM2 algorithm, the SM2 algorithm is used to implement key exchange, the SM4 algorithm implements data transmission encryption with SM3 for message authentication. If the SM2 SSL certificate is not deployed, then ZT Browser will use the ECC/RSA algorithm for server communication. If it has been deployed, the security padlock will be displayed, which does not show the SM2 compliant icon. If the website does not deploy any SSL certificate, the browser will show that this website is "Not secure".
For a website that has deployed a SM2 SSL certificate that been not trusted by ZT Browser, ZT Browser uses the same processing of the RSA algorithm certificate to show a red "Not secure". Welcome all SM2 root CA operator to contact us to apply for the issuing SM2 root CA trusted inclusion.
ZoTrus Website Security Cloud Service is a comprehensive website security solution that integrates HTTPS encryption, cloud WAF protection and website trusted identity validation, achieving one-click for 3 website security protections. It is a comprehensive innovative service including HTTPS encryption service that meets the cryptography protection compliant requirements and Alibaba Cloud WAF service that meets the cybersecurity protection complaint requirement. And it is also greatly reducing the cost for compliance, the most important, it protect the important data security of the website and ensuring the smooth operation of the business of the website owner. Compliance is one aspect, and it is more important to protect the important business data! ZoTrus Website Security Cloud Service let all websites to enjoy everyday security and worry-free!
ZoTrus Website Security Cloud Service automatic configure dual SSL Certificates, one SM2 SSL certificate and one ECC SSL Certificate, one-click implementation of dual certificate adaptive algorithm encryption and cloud WAF protection, meet the compliance needs for “Cryptography Law” and “Cybersecurity Law”, 10 minutes for dual-compliant security protection. If you want to know more about the details of the Website Security Cloud Service, please visit the CEO Blog related articles, and welcome to purchase ZoTrus Website Security Cloud Service.