CN110061978A - Binary Cooperative Security client framework - Google Patents

Binary Cooperative Security client framework Download PDF

Info

Publication number
CN110061978A
CN110061978A CN201910255296.4A CN201910255296A CN110061978A CN 110061978 A CN110061978 A CN 110061978A CN 201910255296 A CN201910255296 A CN 201910255296A CN 110061978 A CN110061978 A CN 110061978A
Authority
CN
China
Prior art keywords
end module
secret
message
open end
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910255296.4A
Other languages
Chinese (zh)
Inventor
杨筑平
周跃平
其他发明人请求不公开姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Kingluckcn Technology Co Ltd
Original Assignee
Shenzhen Kingluckcn Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Kingluckcn Technology Co Ltd filed Critical Shenzhen Kingluckcn Technology Co Ltd
Priority to CN201910255296.4A priority Critical patent/CN110061978A/en
Publication of CN110061978A publication Critical patent/CN110061978A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Binary Cooperative Security client framework, is related to computer, mobile terminal, network software and field of information security technology.Applications client is distributed as secret end and the concurrent collaborative scheduler module of open end two of the general installation of diadactic structure energy, the first and second general purpose terminals for being respectively deployed in the interconnection of relatively independent and short range are concurrently run, user's private space and open space are constituted, both ends establish short range and trust channel;Secret end seal closes off-network, and management key executes cryptographic algorithm limitation and issues in plain text, and encryption or signature information secrecy are mirrored to open end and issue ciphertext;Open end opens externally interaction of networking, and decrypts or verify presentation in plain text for the transparent secret end that is mirrored to of external message;Both ends collaboration is followed using logic correlated condition conversion synchronization agreement, is mutually passed state collaboration message-driven both ends linkage interoperability, is cooperateed with the mutual mirror image of both ends application scenarios.The present invention is applicable in online application service system, effectively avoids information leakage, is obviously improved information security level.

Description

Binary Cooperative Security client framework
Technical field
The present invention relates to computer, mobile terminal, network software and field of information security technology.
Background technique
Online application service is varied, such as Email, social instant messaging, cloud storage, online working, electronics quotient Business etc., usually provides application client for user, and installation and operation provides service function on the subscriber terminal, realizes and uses The online interaction of family and server or information or message between other users.Also there are many multiplicity for user terminal, such as count The electronic equipments such as calculation machine, mobile phone, information plate, wearable device.Since computer virus, spying program and hacker are caused harm, net Information security under network environment always exists serious information leakage hidden danger, and security incident also happens occasionally, and causes to user all More puzzlements and loss.To solve information security issue, there is many technical solutions and method.In existing equipment system condition Under, it is main to be biased to solve the problems, such as from application service system." a kind of social activity communication information guard method, device and computer can Read storage medium " (number of patent application CN201710795031), it proposes to establish private contact relationship by application program, if Set, identify and revene lookup unlock to show private message." a kind of intimacy protection system and method based on social networks " is (special Sharp application number CN201410317811), propose that sender is embedding by message encryption to be passed using the adaptive steganographic algorithm of jpeg image Enter head portrait picture push, recipient extracts decryption and obtains information, protects privacy of user not to be stolen through this private communication channel.It is " a kind of Mobile terminal, external equipment and document transmission method " (number of patent application CN201610274584), proposition mobile terminal will be to Transmitting file is encrypted to control secret safety, is passed in conjunction with NFC and wireless transmission by secondary communicate to connect to external device file It is defeated." a kind of method for secret protection and system of mobile terminal " (number of patent application CN201510491920) proposes to pass through first Mobile terminal starting privacy mode be associated with binding with the second mobile terminal, generation random cipher through WIFI hot spot, bluetooth or NFC and The exchange of second mobile terminal is verified and is interacted, to protect mobile terminal user's privacy." a kind of dual-system smartphone and band Have the Mobile phone housing of communication function " (number of patent application CN201410027997), propose that mobile phone includes the first and second two systems, The first system processing secret affairs do not fill third party application, and dress SIM card provides networked services, second system to second system Third party application can be filled by handling general affairs, thereby protect privacy of user data.A kind of " branch based on security authentication mechanism Pay method and payment system " (number of patent application CN201610783530), propose that first movement terminal obtains payment request and signs Name is sent to the second mobile terminal, receives and verifies the sign test feedback and signature of the second mobile terminal, then obtain payment information And it signs to be sent to the second mobile terminal and receive to pay and successfully feed back.
The known prior art is still obvious insufficient to the information security issue for solving application system.Such as to electronics postal Part and social interaction server, user are still handled in single client operation, a variety of applications and deposit with update may hide it is viral and The risk of spying program, information leakage still remains.For another example e-commerce and Internetbank, user are also in single client operation Processing, even if external special purpose system device (such as hardware USB-KEY), certification, encryption and signature may also can be counterfeited fraud.
Summary of the invention
The total design of the present invention is that private space and open space are divided for terminal user, and the two composition both mutually separated Organic associated binary distribution structure again.Specifically start with from the architecture Design of applications client, and focuses in secret sky Between to Source Encryption sign, to solve the information security issue of application system.
The present invention proposes such a binary Cooperative Security client framework, and applications client, which is distributed as diadactic structure, to lead to Secret end and the concurrent collaborative scheduler module of open end two with installation are respectively deployed in the of not only relatively independent but also short range interconnection One general purpose terminal and the second general purpose terminal are concurrently run, and constitute the private space and open space binary distribution structure of user, and Short range is established between the ends trusts channel, wherein
Secret end module issues message in plain text for closing off-network, management key storage and execution cryptographic algorithm and limiting, Transmitted private message, which is maintained secrecy, to be mirrored to open end module and issues ciphertext, and message is encrypted or signed by secret end module in plain text Name;
Open end module is externally interacted with server or with the opening end module of object user, is connect for open networking The external message received is mirrored to secret end module and is presented in plain text by transparent, and message ciphertext decrypted by secret end module, signature with Card is also verified by secret end module;
Secret end module and open end module cooperative are followed using the relevant state conversion synchronization agreement of logic, are mutually transmitted Collaboration message including state event and drive both ends module status conversion linkage interoperability, cooperate with both ends module application scene phase Mutual mirror image.
So-called applications client is Application Software Program of the network english teaching system in user terminal.So-called general end End, refer to usually can installation and operation applications client electric terminal equipment, including PC (PC), notebook electricity Brain, smart phone (mobile phone), information plate etc., itself has operating system.Exclude it is dedicated, solidification, application cannot be installed The terminal installation (such as encryption apparatus USB-key) of software is not belonging to the general purpose terminal of meaning of the invention.So-called first, second, only It is in order to distinguish two general purpose terminals, and without the meaning especially named.Two general purpose terminals can be same type, such as intelligence The combination of mobile phone and smart phone;Be also possible to it is different types of, such as smart phone and PC, smart phone and notebook The various combination of computer, operating system are also different because of terminal device difference.The first of described not only relatively independent but also short range interconnection is logical With terminal and the second general purpose terminal, independent two general-purpose terminal devices are also not limited to, further include that the same single general-purpose is whole The processing subsystem of internal two interconnection in end, if they all have processor independent, operating system, address space, Run memory space and again can installation and operation application software.So-called short range interconnection, refers to through wired (such as USB) or wireless The interconnection that the short-range communication of (such as WIFI, bluetooth, NFC) is realized.So-called short range trusts channel, refers to through wired special line (internal or external) connection, or established on short-range communication channel by wireless connection through authentication and encrypted transmission Reliable exit passageway.The secret end module and open end module, be respectively then when being run after installation secret end process and Open end process.The closing off-network refers to offline without direct and external networking.The message refers to through text, figure The information of the various forms such as shape, file, audio, video transmitting.The secrecy mirror image refers to by secret end process in advance to secret The plaintext of message is encrypted (as using symmetric encipherment algorithm AES, asymmetric cryptographic algorithm RSA) or signature, (it is non-right such as to use Claim cryptographic algorithm RSA), the message ciphertext of generation or signature voucher are then transmitted to the process of open end process.It is described transparent Mirror image refers to and external message (in plain text, ciphertext or signature voucher) is directly delivered to secret end process by open end process, and by Secret end process decrypts the process of message ciphertext and verifying signature voucher.So-called signature voucher is to execute digital signature to message And the secret data block generated.The presentation in plain text, including shows text, figure, image and file, and plays audio and view Frequently.It is described to apply logic, it is determined by the function treatment demand of application service itself, secret end process and the mating association of open end process Together, running state conversion process and closely related is respectively had its own, just must comply with the state conversion synchronization agreement, in addition to It exchanges except data-message, also needs mutually to transmit collaboration message, the variation of our status (is such as converted from a functional status To another functional status etc.) and event (such as user's operation receives message) occurs notify other side to drive other side's process Linkage conversion, to realize bilateral collaboration interoperability.Interoperate the concrete operations being related to, such as transmitting and receiving, encrypting and decrypting, signature Verifying, Object Selection, parameter setting etc..The mutual mirror image of application scenarios, including content is shown, windows exchange, interactive object The synchronization of direction etc..The linkage interoperability and mutual mirror image (including secrecy mirror image, transparent mirror image and application scenarios mirror image), it is real Border process flow is all automatic and transparent to user.
Above-mentioned binary Cooperative Security client framework, user interface can take symmetrical mirrored arrangement, characterized in that institute It states secret end module and has consistent or approximate operation interface with open end module and user is allowed to choose at random manipulation, the applied field The display that the mutual mirror image of scape shows as two end module operation interfaces synchronizes between the ends to be followed.In this way, secret end into The message sending that journey operation interface editor generates is exactly ciphertext, and the message generated in open end process operation interface editing issues It is exactly in plain text.On the process operation interface of open end, the message ciphertext of the secret end process forwarded and received external message Ciphertext is shown as the text or its breviary and/or ciphertext mark of the visualization coding (as using Base64 encryption algorithm) of ciphertext (text or figure).This symmetrical mirror image placement scheme, advantage is that friendly interface is intuitively interesting, the disadvantage is that realizing more complex.
Above-mentioned binary Cooperative Security client framework, user interface can take asymmetric mirrored arrangement to simplify.One Kind of scheme is supplemented by secret end module and to open based on end module, characterized in that the operation interface of the secret end module Interface is handled for concerning security matters, the operation interface of the open end module is applied transaction interface, the mutual mirror list of application scenarios The background service of secrecy is now supported as open end module for secret end module.So-called concerning security matters handle interface, refer to that processing is secret Editor, encryption, signature and the verifying of message plaintext and the decryption of message ciphertext and display broadcasting etc., required function part Operation interface, relatively simply.So-called applied transaction interface is the entirety or main functionality operation interface applied, relatively complete It is whole abundant.This asymmetric mirrored arrangement scheme, advantage are that interface compatibility is preferable, the disadvantage is that important information such as message archive, Address list etc. and its operation are exposed on open space and have the anxiety of leakage.
Above-mentioned binary Cooperative Security client framework, user interface take asymmetric mirrored arrangement to simplify another Kind of scheme is based on secret end module and to open supplemented by end module, characterized in that the operation interface of the secret end module For applied transaction interface and distinguishes secrecy transmission and openly send limitation sending message in plain text, the operation of the open end module Interface is using virtual interface, and the mutual mirror image of application scenarios shows as open end module as secret end module to extranet Interactive transmission agency.It is so-called to apply virtual interface, refer to nonfunctional operation or operates extremely simple, in form or suppressible Operation interface.This asymmetric mirrored arrangement scheme, advantage are that confidentiality is more preferable, important information such as message archive, address list etc. And its operation, it is placed in private space and is not easy to reveal.
Above-mentioned binary Cooperative Security client framework, using the state conversion synchronization agreement, to simplify secret end mould The linkage of block and open end module is exited, characterized in that the collaboration message includes exit message, and an end module is made to exit linkage Another end module exits.The linkage of two end modules is exited, so that user's operation is easier.
The positive effect of the present invention is that a kind of binary Cooperative Security architectural mechanisms are provided for applications client, appropriate benefit With double terminal device redundancies, advisably it is distributed secret end and open end and constitutes user's private space and open space and cooperate with linkage Mirror image can generally enhance the safety of various online application service systems under existing equipment system condition, and effective protection is used The important information at family is very significant to the meaning and effect of improving information safety technical level from leakage.
Detailed description of the invention
Fig. 1 is schematic diagram of the invention.Applications client (1) is distributed as the secret end (11) and open end of diadactic structure (12), it is respectively deployed on relatively independent the first general purpose terminal (110) and the second general purpose terminal (120) and concurrently runs;Secret The composition module for holding (11) is converted comprising operation interface (111), using logic (112), key and cryptographic algorithm (113), state Synchronous protocol (114) and short-haul connections (115);Correspondingly, the composition module of open end (12) comprising operation interface (121), is answered With logic (122), state conversion synchronization agreement (123), network communication networking (124) and short-haul connections (125);Short-haul connections (115) with short-haul connections (125), the short range interconnection between the first general purpose terminal (110) and the second general purpose terminal (120) is realized, And short range is established between secret end (11) and open end (12) and trusts channel;State conversion synchronization agreement (114) and state turn Change synchronous protocol (123), mutually transmitting collaboration message and the interoperability that links, together with application logic (112) with using logic (122) Synthetic operation, reach the mutual mirror image between secret end (11) and open end (12);Network communication networking (124) makes open end (12) with server (2), or networked interactive (is not drawn into) in figure with the open end of another object applications client.
Fig. 2 is the association status transition diagram of the embodiment of the present invention.Mail Clients is distributed as the mail client of diadactic structure Secret end (1) and mail client open end (2), mutually transmitting cooperates with message between them, and by the latter and mail server (3) Networked interactive.Respectively there are its running state conversion figure in mail client secret end (1) and mail client open end (2), illustrate respectively such as Under.
The running state conversion figure at mail client secret end (1): by stopping (10) state (100) state starts to, It specifically selects to enter registration (101), login (102) by user again, exit any one in (103) three kinds of states, and it is corresponding The collaboration message that registration/logging request/exits is issued, passes to mail client open end (2) into collaboration (108) state, And receive the registration that the latter passes back/login result/collaboration message exited;If registration logins successfully, enter master control (104) state;If exiting, stop;From master control (104) state, enters because of new part (i.e. the new mail) of user's selection and write part (105) state writes new mail;Close hair (i.e. ciphertext transmission) is selected then to enter encryption (106) state, by bright part (i.e. plaintext mail) It is encrypted to confidential paper (i.e. ciphertext mail);Bright hair (sending in plain text) is selected then to keep bright part;Bright part and confidential paper, which all enter, to be sent (107) state, into collaboration (108) state, passes to mail client open end as part (mail i.e. pending seen off) is removed (2) practical transmission is gone, and receives the transmission result passed back and is returned to master control (104) state;In collaboration (108) state, by The parcel received (receiving the mail come) that mail client open end (2) is transmitted to, is differentiated into reception (109) state, is bright Part is then kept, and is that confidential paper then enters decryption (110) state, is reduced into bright part;Bright part, which enters back into, reads part (111) state, in addressee Case list display, and openable reading, old part (i.e. original bright part) can also open reading;It is writing part (105) and is readding part (111) State can directly return to master control (104) state.
The running state conversion figure of mail client open end (2): collaboration (201) state is started to by stopping (200) state; In collaboration (201) state, the registration request come to mail client secret end (1) transmitting, logging request, response enters registration respectively (202), (203) state is logged in, registration/login result is transmitted back to collaboration (201) state again and passes to mail client secret end (1);Part is removed to what mail client secret end (1) transmitting came, is sent into transmission (204) state, and result will be sent and returned It is sent to collaboration (201) state and passes to mail client secret end (1);It is got from mail server (3) by network interaction Mail specifically enters (205) state of reception into transmission (20) state, as parcel received enter back into collaboration (201) state and by Pass to mail client secret end (1);What from mail client secret end (1), transmitting came exits, and linkage is withdrawn into stopping (200) state;What local terminal occurred exits, and will enter collaboration (201) state and be delivered to mail client secret end (1), also certainly Row is withdrawn into stopping (200) state;Transmit (20) state be a state set, specifically include registration (202), login (203), It sends (204) and receives (205) state, carry out network interaction with mail server (3).
Specific embodiment
The electronic mail service system client of one binary Cooperative Security of realization below, abbreviation Mail Clients, for It is bright to be appropriately carried out mode about one kind of the invention.It needs to declare, following embodiment is understood not to of the invention complete Portion's possible range should not also constitute the limitation to right of the present invention.
Referring to Fig.1 and its explanation.Applications client (1) i.e. Mail Clients, dualization be distributed as secret end (11) and The cell phone application program entity of open end (12) two, will be separately mounted to the first general purpose terminal (110) and the second general purpose terminal (120) it is concurrently run on.Two general purpose terminals are specifically two mobile phones, are all Android (Android) operating system, pass through bluetooth Short range interconnection between both ends is realized in communication.User in use, installation secret end (11) first mobile phone not plug sim card, or insert Be no mobile communication service SIM card, to forbid this mobile phone mobile networking;Second mobile phone for installing open end (12) is inserted Be the SIM card for having normal mobile communication service, allow this mobile phone can normal movement networking.In this way, user's use space is Binary distribution structure: first mobile phone and secret end APP constitute private space, and second mobile phone and open end APP composition are opened Between emptying.The e-mail client software that user is distributed by two mobile phones of operation and collaboration, to obtain safe Email clothes The service of business system.
Mail Clients is taken asymmetric based on the APP of secret end, supplemented by the APP of open end in software architecture The distributed frame of mirrored arrangement.Secret end APP is as mail function in the realization body of client, and open end is as mail function Can client transmission agency and network and interacted with mail server.
It realizes the inside at the secret end (11) of Mail Clients.Operation interface (111), with reference to mainstream electronic mail service system Unite client interface, mainly have: login/register interface, including user name, password, identifying code edit box, confirmation press Button, exit button;Function menu, option, which is listed, to be write new mail, inbox and exits, and is simplified and is ignored address list, rough draft, sends shelves Some other function choosing-item such as case, receiving archives;Write new mail interface, including address field, title bar, attachment column and Edition Contains Frame has addition, the delete button of attachment, especially send button specifically to distinguish ciphertext and sends and send in plain text;Inbox interface, Including mailing list, receive button.Using logic (112), i.e. mail function logic, running state conversion figure is shown as, it will be Illustrate below.Key and cryptographic algorithm (113), identity key are adopted using personal exclusive a pair of of private key and public key, session key With random key is automatically generated, asymmetric cryptographic algorithm uses the RSA Algorithm of standard, and symmetric cryptographic algorithm uses the AES of standard Algorithm.State conversion synchronization agreement (114), realization cooperate with linkage with open end (12), will also describe operating status below Illustrate when transition diagram.Short-haul connections (115) establishes short range trust on Bluetooth of mobile phone communication infrastructure between open end (12) Secrecy channel, including mutually carry out authentication and firmly believe that secure connection and key agreement carry out secrecy transmission.
It realizes the inside of the open end (12) of Mail Clients.Operation interface (121), interface extremely simplify, only arrangement one Exit button.Using logic (122), i.e. mail function transmission agency logic, running state conversion figure is shown as, will be said below It is bright.State conversion synchronization agreement (123), realization cooperate with linkage with secret end (11), will also describe operating status below and turn Explanation when changing figure.Short-haul connections (125) establishes short range between secret end (11) and trusts guarantor on Bluetooth of mobile phone communication infrastructure Close channel, including mutually carry out authentication and firmly believe that secure connection and key agreement carry out secrecy transmission.Network communication networking (124), the networked interactive between server (3) i.e. mail server is realized.
Referring to Fig. 2 and its explanation.The operating status of Mail Clients converts figure, comprising: the fortune at mail client secret end (1) Row condition conversion figure realizes the application logic (112) in above-mentioned Fig. 1, i.e. mail function logic;Mail client open end (2) Operating status conversion figure, realizes the application logic (122) in above-mentioned Fig. 1, i.e. mail function logic, that is, mail function transmits generation Manage logic.Operating status converts the state meaning and flow path switch processing of figure, describes in the above-mentioned explanation about Fig. 2.With Under operating status is simply converted into each state in figure, in addition to stopping (100) and stopping (200), as specific shape The definition of state functional module is realized.
Mail client secret end (1) correlated condition functional module is defined as follows:
Start (10): integrate registration (101), login (102) and exit (103) three states, as originating interface, It is distributed corresponding three buttons of the same name.Wherein, (101) are registered and log in (102) and respectively collect user name, password, identifying code, point It Fa Chu not registration request and logging request;It exits (103) and then issues exit message, with circular mail client open end (2) linkage It exits, then local terminal is withdrawn into stopping (100) state.Registration/logging request/the exit message issued, is to be submitted to collaboration (108) it passes;Registration/login result/exit message is obtained from collaboration (108) again.
Master control (104): driving menu option, which is listed, to be write new mail, inbox and exits three function choosing-items, is selected by user It selects driving and calls execution corresponding function.
It writes part (105): writing new mail function, input or looked into from address list and take addressee, make a copy for people, input mail mark Topic searches and chooses attachment, inputs body matter.It sends then specific area's ciphertext transmission and clearly demarcated text to send, by two buttons of the same name It is selected.
It encrypts (106): first using symmetric cryptographic algorithm AES, generate random session key encrypted body content and attachment;Again Confidential paper is generated using the public key encryption session key of addressee using asymmetric cryptographic algorithm RSA.
It sends (107): new mail (bright part or confidential paper) is passed as going part to submit to collaboration (108).
Collaboration (108): the state conversion synchronization agreement (114) in above-mentioned Fig. 1 is implemented, with mail client in this Fig. 2 The collaboration (201) of open end cooperates in pairs, by being exchanged with each other transmitting collaboration message, realizes and cooperates with connection between open end It is dynamic.The packet structure for cooperateing with message is made of packet header (length is fixed) and subsequent backpack body (length is variable).Wherein, packet header Format includes head mark, message number, data length, data check value, packet header check value.Message number is unique differentiation state function The code of energy, the message of outflow specifically have registration request, logging request, remove part, exit, and incoming message specifically has registration to tie Fruit, parcel received, exits login result.Data length is the length byte number that backpack body includes data, and data check value is that backpack body is wrapped CRC (Cyclic Redundancy Code) value containing data, packet header check value are crc value of the header data in addition to this value.To registration request, log in Request, backpack body data are the set of user name, password, identifying code;To registering result, login result, backpack body data only need one Byte code represents successfully, unsuccessfully, or subdivision indicates error type, is determined by the demand of mail server;To exiting, count It is zero according to length, no backpack body data;To part, parcel received is removed, backpack body data are exactly mail data.
Mail client open end (2) correlated condition functional module is defined as follows:
Collaboration (201): the state conversion synchronization agreement (123) in above-mentioned Fig. 1 is implemented, with mail client in this Fig. 2 The collaboration (108) at secret end cooperates in pairs, by being exchanged with each other transmitting collaboration message, realizes and cooperates with connection between secret end It is dynamic.The packet structure for cooperateing with message, it is described consistent to (108) are cooperateed with front.Incoming message is exactly that (108) is cooperateed with to spread out of Message, i.e., registration request, logging request, remove part, exit, respectively correspond be submitted to registration (202), log in (203), send (204), (206) state is exited.The message of outflow, the message for exactly cooperateing with (108) incoming, i.e. registering result, are come login result Part exits.
Transmission (20): integrate registration (202), log in (203), send (204), receive (205) four states, realize For built-in function calling module, interacted on the net with mail server.Wherein, (202) are registered, log in (203) submission user Registration information (user name, password, identifying code), executes registering and logging respectively, and returns to registering result and login result to association With (201);The mail protocol function of (204) the call operation system of transmission, will go part to be sent to network up, and return to transmission knot Fruit is to collaboration (201);The mail protocol function of (205) the call operation system of reception receives parcel received from network and returns to collaboration (201)。
It exits (206): on the one hand, being exited due to the exit message that collaboration (201) are passed to by linkage;Another aspect, by local terminal Exit button generates exit message and collaboration (201) is submitted to spread out of, and is exited with circular mail client's secret end (1) linkage, then Local terminal exits.It exits and all goes to stopping (200) state.
Above embodiments, additionally it is possible to do 3 points of improvement: first is that registering and logging function, take the body of challenge-response mechanism Part certification policy can be avoided password leakage and enhance safety;Second is that introducing number label to the body matter and attachment of mail Name and authentication function, reach anti-fake resisting denying effect;Third is that the other function of polishing regular e-mails, such as address list, returning Shelves, cleaning etc. are allowed to complete handy.
Referring to above-described embodiment, additionally it is possible to implement a kind of Web bank's client of binary Cooperative Security, with Internetbank client Secret end is main operation ebanking services, and does transmission agency supplemented by Internetbank open end.Similarly, additionally it is possible to implement a kind of binary The cloud storage service client of Cooperative Security.In turn, encryption/decryption or signature/verification message supplemented by secret end, and to open Putting end is that main operating routine is social, can also implement a kind of social client of binary Cooperative Security.Certainly, above-mentioned implementation is copied Example changes and takes symmetrical mirror image layout structure, is all practicable.

Claims (5)

1. a kind of binary Cooperative Security client framework, applications client be distributed as diadactic structure can general installation secret end and The concurrent collaborative scheduler module of open end two is respectively deployed in the first general purpose terminal and second of not only relatively independent but also short range interconnection General purpose terminal is concurrently run, and constitutes the private space and open space binary distribution structure of user, and is established between the ends close Journey trusts channel, wherein
Secret end module issues message in plain text for closing off-network, management key storage and execution cryptographic algorithm and limiting, and is sent out The private message sent, which is maintained secrecy, to be mirrored to open end module and issues ciphertext, and message is encrypted or signed by secret end module in plain text;
Open end module is externally interacted with server or with the opening end module of object user for open networking, and institute is received External message is mirrored to secret end module and is presented in plain text by transparent, and message ciphertext decrypted by secret end module, and signature voucher is also It is verified by secret end module;
Secret end module and open end module cooperative are followed using the relevant state conversion synchronization agreement of logic, and mutually transmitting includes The collaboration message of state event and drive both ends module status conversion linkage interoperability, cooperate with the mutual mirror of both ends module application scene Picture.
2. binary Cooperative Security client framework according to claim 1, characterized in that the secret end module and opening End module, which has consistent or approximate operation interface, allows user to choose at random manipulation, and the mutual mirror image of application scenarios shows as two The display of end module operation interface synchronizes follow between the ends.
3. binary Cooperative Security client framework according to claim 1, characterized in that the operation of the secret end module Interface is that concerning security matters handle interface, and the operation interface of the open end module is applied transaction interface, the mutual mirror of application scenarios The background service of secrecy is supported as showing as secret end module as open end module.
4. binary Cooperative Security client framework according to claim 1, characterized in that the operation of the secret end module Applied transaction interface is in interface and distinguishes secrecy transmission and openly sends limitation sending message plaintext, the open end module Operation interface is using virtual interface, and it is external as secret end module that the mutual mirror image of application scenarios shows as open end module The transmission agency of networked interactive.
5. binary Cooperative Security client framework according to claim 1, characterized in that the collaboration message includes exiting Message makes an end module exit another end module of linkage and exits.
CN201910255296.4A 2019-03-20 2019-03-20 Binary Cooperative Security client framework Pending CN110061978A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910255296.4A CN110061978A (en) 2019-03-20 2019-03-20 Binary Cooperative Security client framework

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910255296.4A CN110061978A (en) 2019-03-20 2019-03-20 Binary Cooperative Security client framework

Publications (1)

Publication Number Publication Date
CN110061978A true CN110061978A (en) 2019-07-26

Family

ID=67318010

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910255296.4A Pending CN110061978A (en) 2019-03-20 2019-03-20 Binary Cooperative Security client framework

Country Status (1)

Country Link
CN (1) CN110061978A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110781528A (en) * 2019-09-26 2020-02-11 深圳金澜汉源科技有限公司 Collaborative secure operating system architecture, operating system and electronic device
TWI787094B (en) * 2022-03-08 2022-12-11 穎利科研國際事業有限公司 Information security protection system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078371A1 (en) * 2000-08-17 2002-06-20 Sun Microsystems, Inc. User Access system using proxies for accessing a network
US20040206812A1 (en) * 2003-04-21 2004-10-21 Stmicroelectronics, Inc. Smart card device and method used for transmitting and receiving secure e-mails
US20080118070A1 (en) * 2006-11-20 2008-05-22 6580874 Canada Inc. Open and distributed systems to provide secure email service
CN101819618A (en) * 2010-03-19 2010-09-01 杨筑平 File encryption method
CN103078743A (en) * 2013-01-15 2013-05-01 武汉理工大学 E-mail IBE (Internet Booking Engine) encryption realizing method
CN104378381A (en) * 2014-11-27 2015-02-25 上海斐讯数据通信技术有限公司 Intelligent terminal enterprise Email security office method and system
US20150312233A1 (en) * 2010-04-30 2015-10-29 T-Central, Inc. System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means - Added
CN105243341A (en) * 2015-06-05 2016-01-13 深圳金澜汉源科技有限公司 Information security electronic equipment and application architecture

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078371A1 (en) * 2000-08-17 2002-06-20 Sun Microsystems, Inc. User Access system using proxies for accessing a network
US20040206812A1 (en) * 2003-04-21 2004-10-21 Stmicroelectronics, Inc. Smart card device and method used for transmitting and receiving secure e-mails
US20080118070A1 (en) * 2006-11-20 2008-05-22 6580874 Canada Inc. Open and distributed systems to provide secure email service
CN101819618A (en) * 2010-03-19 2010-09-01 杨筑平 File encryption method
US20150312233A1 (en) * 2010-04-30 2015-10-29 T-Central, Inc. System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means - Added
CN103078743A (en) * 2013-01-15 2013-05-01 武汉理工大学 E-mail IBE (Internet Booking Engine) encryption realizing method
CN104378381A (en) * 2014-11-27 2015-02-25 上海斐讯数据通信技术有限公司 Intelligent terminal enterprise Email security office method and system
CN105243341A (en) * 2015-06-05 2016-01-13 深圳金澜汉源科技有限公司 Information security electronic equipment and application architecture

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
万俊伟等: ".NET框架下基于邮件的数据交换方式的设计及实现", 《计算机应用》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110781528A (en) * 2019-09-26 2020-02-11 深圳金澜汉源科技有限公司 Collaborative secure operating system architecture, operating system and electronic device
TWI787094B (en) * 2022-03-08 2022-12-11 穎利科研國際事業有限公司 Information security protection system

Similar Documents

Publication Publication Date Title
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
US6904521B1 (en) Non-repudiation of e-mail messages
CN109818749B (en) Quantum computation resistant point-to-point message transmission method and system based on symmetric key pool
JP2022522788A (en) Blockchain-based secure email system
JPH07245605A (en) Ciphering information repeater, subscriber terminal equipment connecting thereto and ciphering communication method
US20030172278A1 (en) Data transmission links
US20030210789A1 (en) Data transmission links
JP2005515701A6 (en) Data transmission link
CN102271333B (en) Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission
CN104270516B (en) Decryption method and mobile terminal
CN102740239B (en) The method and system of secure transmission of media information
CN1977559B (en) Method and system for protecting information exchanged during communication between users
CN104424446A (en) Safety verification and transmission method and system
CN112911588A (en) Lightweight narrowband Internet of things secure transmission method and system
CN110061978A (en) Binary Cooperative Security client framework
JPH0974408A (en) Security communication method
CN111541603B (en) Independent intelligent safety mail terminal and encryption method
CN107104888B (en) Safe instant messaging method
CN102739719A (en) User information synchronization method and system thereof
WO2009054807A1 (en) Secure messaging using outband mode authentication
CN104243291A (en) Instant messaging method and system thereof capable of guaranteeing safety of user communication content
Oppliger Providing certified mail services on the internet
CN109492359A (en) A kind of secure network middleware and its implementation and device for authentication
JP2001237824A (en) Information communication repeater
Prabhu et al. Security in computer networks and distributed systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190726

WD01 Invention patent application deemed withdrawn after publication