1.http transaction request package 2. Transaction result 1 (encryption) NetSafe client 2 (signature/verification) https transaction request package 1. Signature/verification request 2. When using the signature/verification results, when an enterprise application submits a transaction request to ICBC, it can send the request to the 1 port of NetSafe client according to the http protocol. After receiving the request, the NetSafe client uses the enterprise certificate to convert the http request packet into an https request packet and send it to the ICBC server. If some transaction data need to be signed, the enterprise application needs to establish a Socket connection with the signature port, send the data to port 2, then receive the signature result from port 2, and then send the transaction request containing signature information to port 1 to complete the whole transaction request process. The difference between signature or signature verification is that it enters the line through the http header. Content-type: infosec _ sign/1.0 and content-type: infosec _ verify _ sign/1.0 are used to identify the signature request and the signature verification name respectively. While content-type: infosec _ sign _ result/1.0 and content-type: infosec _ verify _ sign _ result/1.0 are used to identify the signature return result and verify the signature respectively. For convenience, the two service ports of NetSafe client can be logically called two servers, the encryption server and the signature server of NetSafe client.