CN110061978A - Binary Cooperative Security client framework - Google Patents
Binary Cooperative Security client framework Download PDFInfo
- Publication number
- CN110061978A CN110061978A CN201910255296.4A CN201910255296A CN110061978A CN 110061978 A CN110061978 A CN 110061978A CN 201910255296 A CN201910255296 A CN 201910255296A CN 110061978 A CN110061978 A CN 110061978A
- Authority
- CN
- China
- Prior art keywords
- end module
- secret
- message
- open end
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Binary Cooperative Security client framework, is related to computer, mobile terminal, network software and field of information security technology.Applications client is distributed as secret end and the concurrent collaborative scheduler module of open end two of the general installation of diadactic structure energy, the first and second general purpose terminals for being respectively deployed in the interconnection of relatively independent and short range are concurrently run, user's private space and open space are constituted, both ends establish short range and trust channel;Secret end seal closes off-network, and management key executes cryptographic algorithm limitation and issues in plain text, and encryption or signature information secrecy are mirrored to open end and issue ciphertext;Open end opens externally interaction of networking, and decrypts or verify presentation in plain text for the transparent secret end that is mirrored to of external message;Both ends collaboration is followed using logic correlated condition conversion synchronization agreement, is mutually passed state collaboration message-driven both ends linkage interoperability, is cooperateed with the mutual mirror image of both ends application scenarios.The present invention is applicable in online application service system, effectively avoids information leakage, is obviously improved information security level.
Description
Technical field
The present invention relates to computer, mobile terminal, network software and field of information security technology.
Background technique
Online application service is varied, such as Email, social instant messaging, cloud storage, online working, electronics quotient
Business etc., usually provides application client for user, and installation and operation provides service function on the subscriber terminal, realizes and uses
The online interaction of family and server or information or message between other users.Also there are many multiplicity for user terminal, such as count
The electronic equipments such as calculation machine, mobile phone, information plate, wearable device.Since computer virus, spying program and hacker are caused harm, net
Information security under network environment always exists serious information leakage hidden danger, and security incident also happens occasionally, and causes to user all
More puzzlements and loss.To solve information security issue, there is many technical solutions and method.In existing equipment system condition
Under, it is main to be biased to solve the problems, such as from application service system." a kind of social activity communication information guard method, device and computer can
Read storage medium " (number of patent application CN201710795031), it proposes to establish private contact relationship by application program, if
Set, identify and revene lookup unlock to show private message." a kind of intimacy protection system and method based on social networks " is (special
Sharp application number CN201410317811), propose that sender is embedding by message encryption to be passed using the adaptive steganographic algorithm of jpeg image
Enter head portrait picture push, recipient extracts decryption and obtains information, protects privacy of user not to be stolen through this private communication channel.It is " a kind of
Mobile terminal, external equipment and document transmission method " (number of patent application CN201610274584), proposition mobile terminal will be to
Transmitting file is encrypted to control secret safety, is passed in conjunction with NFC and wireless transmission by secondary communicate to connect to external device file
It is defeated." a kind of method for secret protection and system of mobile terminal " (number of patent application CN201510491920) proposes to pass through first
Mobile terminal starting privacy mode be associated with binding with the second mobile terminal, generation random cipher through WIFI hot spot, bluetooth or NFC and
The exchange of second mobile terminal is verified and is interacted, to protect mobile terminal user's privacy." a kind of dual-system smartphone and band
Have the Mobile phone housing of communication function " (number of patent application CN201410027997), propose that mobile phone includes the first and second two systems,
The first system processing secret affairs do not fill third party application, and dress SIM card provides networked services, second system to second system
Third party application can be filled by handling general affairs, thereby protect privacy of user data.A kind of " branch based on security authentication mechanism
Pay method and payment system " (number of patent application CN201610783530), propose that first movement terminal obtains payment request and signs
Name is sent to the second mobile terminal, receives and verifies the sign test feedback and signature of the second mobile terminal, then obtain payment information
And it signs to be sent to the second mobile terminal and receive to pay and successfully feed back.
The known prior art is still obvious insufficient to the information security issue for solving application system.Such as to electronics postal
Part and social interaction server, user are still handled in single client operation, a variety of applications and deposit with update may hide it is viral and
The risk of spying program, information leakage still remains.For another example e-commerce and Internetbank, user are also in single client operation
Processing, even if external special purpose system device (such as hardware USB-KEY), certification, encryption and signature may also can be counterfeited fraud.
Summary of the invention
The total design of the present invention is that private space and open space are divided for terminal user, and the two composition both mutually separated
Organic associated binary distribution structure again.Specifically start with from the architecture Design of applications client, and focuses in secret sky
Between to Source Encryption sign, to solve the information security issue of application system.
The present invention proposes such a binary Cooperative Security client framework, and applications client, which is distributed as diadactic structure, to lead to
Secret end and the concurrent collaborative scheduler module of open end two with installation are respectively deployed in the of not only relatively independent but also short range interconnection
One general purpose terminal and the second general purpose terminal are concurrently run, and constitute the private space and open space binary distribution structure of user, and
Short range is established between the ends trusts channel, wherein
Secret end module issues message in plain text for closing off-network, management key storage and execution cryptographic algorithm and limiting,
Transmitted private message, which is maintained secrecy, to be mirrored to open end module and issues ciphertext, and message is encrypted or signed by secret end module in plain text
Name;
Open end module is externally interacted with server or with the opening end module of object user, is connect for open networking
The external message received is mirrored to secret end module and is presented in plain text by transparent, and message ciphertext decrypted by secret end module, signature with
Card is also verified by secret end module;
Secret end module and open end module cooperative are followed using the relevant state conversion synchronization agreement of logic, are mutually transmitted
Collaboration message including state event and drive both ends module status conversion linkage interoperability, cooperate with both ends module application scene phase
Mutual mirror image.
So-called applications client is Application Software Program of the network english teaching system in user terminal.So-called general end
End, refer to usually can installation and operation applications client electric terminal equipment, including PC (PC), notebook electricity
Brain, smart phone (mobile phone), information plate etc., itself has operating system.Exclude it is dedicated, solidification, application cannot be installed
The terminal installation (such as encryption apparatus USB-key) of software is not belonging to the general purpose terminal of meaning of the invention.So-called first, second, only
It is in order to distinguish two general purpose terminals, and without the meaning especially named.Two general purpose terminals can be same type, such as intelligence
The combination of mobile phone and smart phone;Be also possible to it is different types of, such as smart phone and PC, smart phone and notebook
The various combination of computer, operating system are also different because of terminal device difference.The first of described not only relatively independent but also short range interconnection is logical
With terminal and the second general purpose terminal, independent two general-purpose terminal devices are also not limited to, further include that the same single general-purpose is whole
The processing subsystem of internal two interconnection in end, if they all have processor independent, operating system, address space,
Run memory space and again can installation and operation application software.So-called short range interconnection, refers to through wired (such as USB) or wireless
The interconnection that the short-range communication of (such as WIFI, bluetooth, NFC) is realized.So-called short range trusts channel, refers to through wired special line
(internal or external) connection, or established on short-range communication channel by wireless connection through authentication and encrypted transmission
Reliable exit passageway.The secret end module and open end module, be respectively then when being run after installation secret end process and
Open end process.The closing off-network refers to offline without direct and external networking.The message refers to through text, figure
The information of the various forms such as shape, file, audio, video transmitting.The secrecy mirror image refers to by secret end process in advance to secret
The plaintext of message is encrypted (as using symmetric encipherment algorithm AES, asymmetric cryptographic algorithm RSA) or signature, (it is non-right such as to use
Claim cryptographic algorithm RSA), the message ciphertext of generation or signature voucher are then transmitted to the process of open end process.It is described transparent
Mirror image refers to and external message (in plain text, ciphertext or signature voucher) is directly delivered to secret end process by open end process, and by
Secret end process decrypts the process of message ciphertext and verifying signature voucher.So-called signature voucher is to execute digital signature to message
And the secret data block generated.The presentation in plain text, including shows text, figure, image and file, and plays audio and view
Frequently.It is described to apply logic, it is determined by the function treatment demand of application service itself, secret end process and the mating association of open end process
Together, running state conversion process and closely related is respectively had its own, just must comply with the state conversion synchronization agreement, in addition to
It exchanges except data-message, also needs mutually to transmit collaboration message, the variation of our status (is such as converted from a functional status
To another functional status etc.) and event (such as user's operation receives message) occurs notify other side to drive other side's process
Linkage conversion, to realize bilateral collaboration interoperability.Interoperate the concrete operations being related to, such as transmitting and receiving, encrypting and decrypting, signature
Verifying, Object Selection, parameter setting etc..The mutual mirror image of application scenarios, including content is shown, windows exchange, interactive object
The synchronization of direction etc..The linkage interoperability and mutual mirror image (including secrecy mirror image, transparent mirror image and application scenarios mirror image), it is real
Border process flow is all automatic and transparent to user.
Above-mentioned binary Cooperative Security client framework, user interface can take symmetrical mirrored arrangement, characterized in that institute
It states secret end module and has consistent or approximate operation interface with open end module and user is allowed to choose at random manipulation, the applied field
The display that the mutual mirror image of scape shows as two end module operation interfaces synchronizes between the ends to be followed.In this way, secret end into
The message sending that journey operation interface editor generates is exactly ciphertext, and the message generated in open end process operation interface editing issues
It is exactly in plain text.On the process operation interface of open end, the message ciphertext of the secret end process forwarded and received external message
Ciphertext is shown as the text or its breviary and/or ciphertext mark of the visualization coding (as using Base64 encryption algorithm) of ciphertext
(text or figure).This symmetrical mirror image placement scheme, advantage is that friendly interface is intuitively interesting, the disadvantage is that realizing more complex.
Above-mentioned binary Cooperative Security client framework, user interface can take asymmetric mirrored arrangement to simplify.One
Kind of scheme is supplemented by secret end module and to open based on end module, characterized in that the operation interface of the secret end module
Interface is handled for concerning security matters, the operation interface of the open end module is applied transaction interface, the mutual mirror list of application scenarios
The background service of secrecy is now supported as open end module for secret end module.So-called concerning security matters handle interface, refer to that processing is secret
Editor, encryption, signature and the verifying of message plaintext and the decryption of message ciphertext and display broadcasting etc., required function part
Operation interface, relatively simply.So-called applied transaction interface is the entirety or main functionality operation interface applied, relatively complete
It is whole abundant.This asymmetric mirrored arrangement scheme, advantage are that interface compatibility is preferable, the disadvantage is that important information such as message archive,
Address list etc. and its operation are exposed on open space and have the anxiety of leakage.
Above-mentioned binary Cooperative Security client framework, user interface take asymmetric mirrored arrangement to simplify another
Kind of scheme is based on secret end module and to open supplemented by end module, characterized in that the operation interface of the secret end module
For applied transaction interface and distinguishes secrecy transmission and openly send limitation sending message in plain text, the operation of the open end module
Interface is using virtual interface, and the mutual mirror image of application scenarios shows as open end module as secret end module to extranet
Interactive transmission agency.It is so-called to apply virtual interface, refer to nonfunctional operation or operates extremely simple, in form or suppressible
Operation interface.This asymmetric mirrored arrangement scheme, advantage are that confidentiality is more preferable, important information such as message archive, address list etc.
And its operation, it is placed in private space and is not easy to reveal.
Above-mentioned binary Cooperative Security client framework, using the state conversion synchronization agreement, to simplify secret end mould
The linkage of block and open end module is exited, characterized in that the collaboration message includes exit message, and an end module is made to exit linkage
Another end module exits.The linkage of two end modules is exited, so that user's operation is easier.
The positive effect of the present invention is that a kind of binary Cooperative Security architectural mechanisms are provided for applications client, appropriate benefit
With double terminal device redundancies, advisably it is distributed secret end and open end and constitutes user's private space and open space and cooperate with linkage
Mirror image can generally enhance the safety of various online application service systems under existing equipment system condition, and effective protection is used
The important information at family is very significant to the meaning and effect of improving information safety technical level from leakage.
Detailed description of the invention
Fig. 1 is schematic diagram of the invention.Applications client (1) is distributed as the secret end (11) and open end of diadactic structure
(12), it is respectively deployed on relatively independent the first general purpose terminal (110) and the second general purpose terminal (120) and concurrently runs;Secret
The composition module for holding (11) is converted comprising operation interface (111), using logic (112), key and cryptographic algorithm (113), state
Synchronous protocol (114) and short-haul connections (115);Correspondingly, the composition module of open end (12) comprising operation interface (121), is answered
With logic (122), state conversion synchronization agreement (123), network communication networking (124) and short-haul connections (125);Short-haul connections
(115) with short-haul connections (125), the short range interconnection between the first general purpose terminal (110) and the second general purpose terminal (120) is realized,
And short range is established between secret end (11) and open end (12) and trusts channel;State conversion synchronization agreement (114) and state turn
Change synchronous protocol (123), mutually transmitting collaboration message and the interoperability that links, together with application logic (112) with using logic (122)
Synthetic operation, reach the mutual mirror image between secret end (11) and open end (12);Network communication networking (124) makes open end
(12) with server (2), or networked interactive (is not drawn into) in figure with the open end of another object applications client.
Fig. 2 is the association status transition diagram of the embodiment of the present invention.Mail Clients is distributed as the mail client of diadactic structure
Secret end (1) and mail client open end (2), mutually transmitting cooperates with message between them, and by the latter and mail server (3)
Networked interactive.Respectively there are its running state conversion figure in mail client secret end (1) and mail client open end (2), illustrate respectively such as
Under.
The running state conversion figure at mail client secret end (1): by stopping (10) state (100) state starts to,
It specifically selects to enter registration (101), login (102) by user again, exit any one in (103) three kinds of states, and it is corresponding
The collaboration message that registration/logging request/exits is issued, passes to mail client open end (2) into collaboration (108) state,
And receive the registration that the latter passes back/login result/collaboration message exited;If registration logins successfully, enter master control
(104) state;If exiting, stop;From master control (104) state, enters because of new part (i.e. the new mail) of user's selection and write part
(105) state writes new mail;Close hair (i.e. ciphertext transmission) is selected then to enter encryption (106) state, by bright part (i.e. plaintext mail)
It is encrypted to confidential paper (i.e. ciphertext mail);Bright hair (sending in plain text) is selected then to keep bright part;Bright part and confidential paper, which all enter, to be sent
(107) state, into collaboration (108) state, passes to mail client open end as part (mail i.e. pending seen off) is removed
(2) practical transmission is gone, and receives the transmission result passed back and is returned to master control (104) state;In collaboration (108) state, by
The parcel received (receiving the mail come) that mail client open end (2) is transmitted to, is differentiated into reception (109) state, is bright
Part is then kept, and is that confidential paper then enters decryption (110) state, is reduced into bright part;Bright part, which enters back into, reads part (111) state, in addressee
Case list display, and openable reading, old part (i.e. original bright part) can also open reading;It is writing part (105) and is readding part (111)
State can directly return to master control (104) state.
The running state conversion figure of mail client open end (2): collaboration (201) state is started to by stopping (200) state;
In collaboration (201) state, the registration request come to mail client secret end (1) transmitting, logging request, response enters registration respectively
(202), (203) state is logged in, registration/login result is transmitted back to collaboration (201) state again and passes to mail client secret end
(1);Part is removed to what mail client secret end (1) transmitting came, is sent into transmission (204) state, and result will be sent and returned
It is sent to collaboration (201) state and passes to mail client secret end (1);It is got from mail server (3) by network interaction
Mail specifically enters (205) state of reception into transmission (20) state, as parcel received enter back into collaboration (201) state and by
Pass to mail client secret end (1);What from mail client secret end (1), transmitting came exits, and linkage is withdrawn into stopping
(200) state;What local terminal occurred exits, and will enter collaboration (201) state and be delivered to mail client secret end (1), also certainly
Row is withdrawn into stopping (200) state;Transmit (20) state be a state set, specifically include registration (202), login (203),
It sends (204) and receives (205) state, carry out network interaction with mail server (3).
Specific embodiment
The electronic mail service system client of one binary Cooperative Security of realization below, abbreviation Mail Clients, for
It is bright to be appropriately carried out mode about one kind of the invention.It needs to declare, following embodiment is understood not to of the invention complete
Portion's possible range should not also constitute the limitation to right of the present invention.
Referring to Fig.1 and its explanation.Applications client (1) i.e. Mail Clients, dualization be distributed as secret end (11) and
The cell phone application program entity of open end (12) two, will be separately mounted to the first general purpose terminal (110) and the second general purpose terminal
(120) it is concurrently run on.Two general purpose terminals are specifically two mobile phones, are all Android (Android) operating system, pass through bluetooth
Short range interconnection between both ends is realized in communication.User in use, installation secret end (11) first mobile phone not plug sim card, or insert
Be no mobile communication service SIM card, to forbid this mobile phone mobile networking;Second mobile phone for installing open end (12) is inserted
Be the SIM card for having normal mobile communication service, allow this mobile phone can normal movement networking.In this way, user's use space is
Binary distribution structure: first mobile phone and secret end APP constitute private space, and second mobile phone and open end APP composition are opened
Between emptying.The e-mail client software that user is distributed by two mobile phones of operation and collaboration, to obtain safe Email clothes
The service of business system.
Mail Clients is taken asymmetric based on the APP of secret end, supplemented by the APP of open end in software architecture
The distributed frame of mirrored arrangement.Secret end APP is as mail function in the realization body of client, and open end is as mail function
Can client transmission agency and network and interacted with mail server.
It realizes the inside at the secret end (11) of Mail Clients.Operation interface (111), with reference to mainstream electronic mail service system
Unite client interface, mainly have: login/register interface, including user name, password, identifying code edit box, confirmation press
Button, exit button;Function menu, option, which is listed, to be write new mail, inbox and exits, and is simplified and is ignored address list, rough draft, sends shelves
Some other function choosing-item such as case, receiving archives;Write new mail interface, including address field, title bar, attachment column and Edition Contains
Frame has addition, the delete button of attachment, especially send button specifically to distinguish ciphertext and sends and send in plain text;Inbox interface,
Including mailing list, receive button.Using logic (112), i.e. mail function logic, running state conversion figure is shown as, it will be
Illustrate below.Key and cryptographic algorithm (113), identity key are adopted using personal exclusive a pair of of private key and public key, session key
With random key is automatically generated, asymmetric cryptographic algorithm uses the RSA Algorithm of standard, and symmetric cryptographic algorithm uses the AES of standard
Algorithm.State conversion synchronization agreement (114), realization cooperate with linkage with open end (12), will also describe operating status below
Illustrate when transition diagram.Short-haul connections (115) establishes short range trust on Bluetooth of mobile phone communication infrastructure between open end (12)
Secrecy channel, including mutually carry out authentication and firmly believe that secure connection and key agreement carry out secrecy transmission.
It realizes the inside of the open end (12) of Mail Clients.Operation interface (121), interface extremely simplify, only arrangement one
Exit button.Using logic (122), i.e. mail function transmission agency logic, running state conversion figure is shown as, will be said below
It is bright.State conversion synchronization agreement (123), realization cooperate with linkage with secret end (11), will also describe operating status below and turn
Explanation when changing figure.Short-haul connections (125) establishes short range between secret end (11) and trusts guarantor on Bluetooth of mobile phone communication infrastructure
Close channel, including mutually carry out authentication and firmly believe that secure connection and key agreement carry out secrecy transmission.Network communication networking
(124), the networked interactive between server (3) i.e. mail server is realized.
Referring to Fig. 2 and its explanation.The operating status of Mail Clients converts figure, comprising: the fortune at mail client secret end (1)
Row condition conversion figure realizes the application logic (112) in above-mentioned Fig. 1, i.e. mail function logic;Mail client open end (2)
Operating status conversion figure, realizes the application logic (122) in above-mentioned Fig. 1, i.e. mail function logic, that is, mail function transmits generation
Manage logic.Operating status converts the state meaning and flow path switch processing of figure, describes in the above-mentioned explanation about Fig. 2.With
Under operating status is simply converted into each state in figure, in addition to stopping (100) and stopping (200), as specific shape
The definition of state functional module is realized.
Mail client secret end (1) correlated condition functional module is defined as follows:
Start (10): integrate registration (101), login (102) and exit (103) three states, as originating interface,
It is distributed corresponding three buttons of the same name.Wherein, (101) are registered and log in (102) and respectively collect user name, password, identifying code, point
It Fa Chu not registration request and logging request;It exits (103) and then issues exit message, with circular mail client open end (2) linkage
It exits, then local terminal is withdrawn into stopping (100) state.Registration/logging request/the exit message issued, is to be submitted to collaboration
(108) it passes;Registration/login result/exit message is obtained from collaboration (108) again.
Master control (104): driving menu option, which is listed, to be write new mail, inbox and exits three function choosing-items, is selected by user
It selects driving and calls execution corresponding function.
It writes part (105): writing new mail function, input or looked into from address list and take addressee, make a copy for people, input mail mark
Topic searches and chooses attachment, inputs body matter.It sends then specific area's ciphertext transmission and clearly demarcated text to send, by two buttons of the same name
It is selected.
It encrypts (106): first using symmetric cryptographic algorithm AES, generate random session key encrypted body content and attachment;Again
Confidential paper is generated using the public key encryption session key of addressee using asymmetric cryptographic algorithm RSA.
It sends (107): new mail (bright part or confidential paper) is passed as going part to submit to collaboration (108).
Collaboration (108): the state conversion synchronization agreement (114) in above-mentioned Fig. 1 is implemented, with mail client in this Fig. 2
The collaboration (201) of open end cooperates in pairs, by being exchanged with each other transmitting collaboration message, realizes and cooperates with connection between open end
It is dynamic.The packet structure for cooperateing with message is made of packet header (length is fixed) and subsequent backpack body (length is variable).Wherein, packet header
Format includes head mark, message number, data length, data check value, packet header check value.Message number is unique differentiation state function
The code of energy, the message of outflow specifically have registration request, logging request, remove part, exit, and incoming message specifically has registration to tie
Fruit, parcel received, exits login result.Data length is the length byte number that backpack body includes data, and data check value is that backpack body is wrapped
CRC (Cyclic Redundancy Code) value containing data, packet header check value are crc value of the header data in addition to this value.To registration request, log in
Request, backpack body data are the set of user name, password, identifying code;To registering result, login result, backpack body data only need one
Byte code represents successfully, unsuccessfully, or subdivision indicates error type, is determined by the demand of mail server;To exiting, count
It is zero according to length, no backpack body data;To part, parcel received is removed, backpack body data are exactly mail data.
Mail client open end (2) correlated condition functional module is defined as follows:
Collaboration (201): the state conversion synchronization agreement (123) in above-mentioned Fig. 1 is implemented, with mail client in this Fig. 2
The collaboration (108) at secret end cooperates in pairs, by being exchanged with each other transmitting collaboration message, realizes and cooperates with connection between secret end
It is dynamic.The packet structure for cooperateing with message, it is described consistent to (108) are cooperateed with front.Incoming message is exactly that (108) is cooperateed with to spread out of
Message, i.e., registration request, logging request, remove part, exit, respectively correspond be submitted to registration (202), log in (203), send
(204), (206) state is exited.The message of outflow, the message for exactly cooperateing with (108) incoming, i.e. registering result, are come login result
Part exits.
Transmission (20): integrate registration (202), log in (203), send (204), receive (205) four states, realize
For built-in function calling module, interacted on the net with mail server.Wherein, (202) are registered, log in (203) submission user
Registration information (user name, password, identifying code), executes registering and logging respectively, and returns to registering result and login result to association
With (201);The mail protocol function of (204) the call operation system of transmission, will go part to be sent to network up, and return to transmission knot
Fruit is to collaboration (201);The mail protocol function of (205) the call operation system of reception receives parcel received from network and returns to collaboration
(201)。
It exits (206): on the one hand, being exited due to the exit message that collaboration (201) are passed to by linkage;Another aspect, by local terminal
Exit button generates exit message and collaboration (201) is submitted to spread out of, and is exited with circular mail client's secret end (1) linkage, then
Local terminal exits.It exits and all goes to stopping (200) state.
Above embodiments, additionally it is possible to do 3 points of improvement: first is that registering and logging function, take the body of challenge-response mechanism
Part certification policy can be avoided password leakage and enhance safety;Second is that introducing number label to the body matter and attachment of mail
Name and authentication function, reach anti-fake resisting denying effect;Third is that the other function of polishing regular e-mails, such as address list, returning
Shelves, cleaning etc. are allowed to complete handy.
Referring to above-described embodiment, additionally it is possible to implement a kind of Web bank's client of binary Cooperative Security, with Internetbank client
Secret end is main operation ebanking services, and does transmission agency supplemented by Internetbank open end.Similarly, additionally it is possible to implement a kind of binary
The cloud storage service client of Cooperative Security.In turn, encryption/decryption or signature/verification message supplemented by secret end, and to open
Putting end is that main operating routine is social, can also implement a kind of social client of binary Cooperative Security.Certainly, above-mentioned implementation is copied
Example changes and takes symmetrical mirror image layout structure, is all practicable.
Claims (5)
1. a kind of binary Cooperative Security client framework, applications client be distributed as diadactic structure can general installation secret end and
The concurrent collaborative scheduler module of open end two is respectively deployed in the first general purpose terminal and second of not only relatively independent but also short range interconnection
General purpose terminal is concurrently run, and constitutes the private space and open space binary distribution structure of user, and is established between the ends close
Journey trusts channel, wherein
Secret end module issues message in plain text for closing off-network, management key storage and execution cryptographic algorithm and limiting, and is sent out
The private message sent, which is maintained secrecy, to be mirrored to open end module and issues ciphertext, and message is encrypted or signed by secret end module in plain text;
Open end module is externally interacted with server or with the opening end module of object user for open networking, and institute is received
External message is mirrored to secret end module and is presented in plain text by transparent, and message ciphertext decrypted by secret end module, and signature voucher is also
It is verified by secret end module;
Secret end module and open end module cooperative are followed using the relevant state conversion synchronization agreement of logic, and mutually transmitting includes
The collaboration message of state event and drive both ends module status conversion linkage interoperability, cooperate with the mutual mirror of both ends module application scene
Picture.
2. binary Cooperative Security client framework according to claim 1, characterized in that the secret end module and opening
End module, which has consistent or approximate operation interface, allows user to choose at random manipulation, and the mutual mirror image of application scenarios shows as two
The display of end module operation interface synchronizes follow between the ends.
3. binary Cooperative Security client framework according to claim 1, characterized in that the operation of the secret end module
Interface is that concerning security matters handle interface, and the operation interface of the open end module is applied transaction interface, the mutual mirror of application scenarios
The background service of secrecy is supported as showing as secret end module as open end module.
4. binary Cooperative Security client framework according to claim 1, characterized in that the operation of the secret end module
Applied transaction interface is in interface and distinguishes secrecy transmission and openly sends limitation sending message plaintext, the open end module
Operation interface is using virtual interface, and it is external as secret end module that the mutual mirror image of application scenarios shows as open end module
The transmission agency of networked interactive.
5. binary Cooperative Security client framework according to claim 1, characterized in that the collaboration message includes exiting
Message makes an end module exit another end module of linkage and exits.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910255296.4A CN110061978A (en) | 2019-03-20 | 2019-03-20 | Binary Cooperative Security client framework |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910255296.4A CN110061978A (en) | 2019-03-20 | 2019-03-20 | Binary Cooperative Security client framework |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110061978A true CN110061978A (en) | 2019-07-26 |
Family
ID=67318010
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910255296.4A Pending CN110061978A (en) | 2019-03-20 | 2019-03-20 | Binary Cooperative Security client framework |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110061978A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110781528A (en) * | 2019-09-26 | 2020-02-11 | 深圳金澜汉源科技有限公司 | Collaborative secure operating system architecture, operating system and electronic device |
TWI787094B (en) * | 2022-03-08 | 2022-12-11 | 穎利科研國際事業有限公司 | Information security protection system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020078371A1 (en) * | 2000-08-17 | 2002-06-20 | Sun Microsystems, Inc. | User Access system using proxies for accessing a network |
US20040206812A1 (en) * | 2003-04-21 | 2004-10-21 | Stmicroelectronics, Inc. | Smart card device and method used for transmitting and receiving secure e-mails |
US20080118070A1 (en) * | 2006-11-20 | 2008-05-22 | 6580874 Canada Inc. | Open and distributed systems to provide secure email service |
CN101819618A (en) * | 2010-03-19 | 2010-09-01 | 杨筑平 | File encryption method |
CN103078743A (en) * | 2013-01-15 | 2013-05-01 | 武汉理工大学 | E-mail IBE (Internet Booking Engine) encryption realizing method |
CN104378381A (en) * | 2014-11-27 | 2015-02-25 | 上海斐讯数据通信技术有限公司 | Intelligent terminal enterprise Email security office method and system |
US20150312233A1 (en) * | 2010-04-30 | 2015-10-29 | T-Central, Inc. | System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means - Added |
CN105243341A (en) * | 2015-06-05 | 2016-01-13 | 深圳金澜汉源科技有限公司 | Information security electronic equipment and application architecture |
-
2019
- 2019-03-20 CN CN201910255296.4A patent/CN110061978A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020078371A1 (en) * | 2000-08-17 | 2002-06-20 | Sun Microsystems, Inc. | User Access system using proxies for accessing a network |
US20040206812A1 (en) * | 2003-04-21 | 2004-10-21 | Stmicroelectronics, Inc. | Smart card device and method used for transmitting and receiving secure e-mails |
US20080118070A1 (en) * | 2006-11-20 | 2008-05-22 | 6580874 Canada Inc. | Open and distributed systems to provide secure email service |
CN101819618A (en) * | 2010-03-19 | 2010-09-01 | 杨筑平 | File encryption method |
US20150312233A1 (en) * | 2010-04-30 | 2015-10-29 | T-Central, Inc. | System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means - Added |
CN103078743A (en) * | 2013-01-15 | 2013-05-01 | 武汉理工大学 | E-mail IBE (Internet Booking Engine) encryption realizing method |
CN104378381A (en) * | 2014-11-27 | 2015-02-25 | 上海斐讯数据通信技术有限公司 | Intelligent terminal enterprise Email security office method and system |
CN105243341A (en) * | 2015-06-05 | 2016-01-13 | 深圳金澜汉源科技有限公司 | Information security electronic equipment and application architecture |
Non-Patent Citations (1)
Title |
---|
万俊伟等: ".NET框架下基于邮件的数据交换方式的设计及实现", 《计算机应用》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110781528A (en) * | 2019-09-26 | 2020-02-11 | 深圳金澜汉源科技有限公司 | Collaborative secure operating system architecture, operating system and electronic device |
TWI787094B (en) * | 2022-03-08 | 2022-12-11 | 穎利科研國際事業有限公司 | Information security protection system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8499156B2 (en) | Method for implementing encryption and transmission of information and system thereof | |
US6904521B1 (en) | Non-repudiation of e-mail messages | |
CN109818749B (en) | Quantum computation resistant point-to-point message transmission method and system based on symmetric key pool | |
JP2022522788A (en) | Blockchain-based secure email system | |
JPH07245605A (en) | Ciphering information repeater, subscriber terminal equipment connecting thereto and ciphering communication method | |
US20030172278A1 (en) | Data transmission links | |
US20030210789A1 (en) | Data transmission links | |
JP2005515701A6 (en) | Data transmission link | |
CN102271333B (en) | Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission | |
CN104270516B (en) | Decryption method and mobile terminal | |
CN102740239B (en) | The method and system of secure transmission of media information | |
CN1977559B (en) | Method and system for protecting information exchanged during communication between users | |
CN104424446A (en) | Safety verification and transmission method and system | |
CN112911588A (en) | Lightweight narrowband Internet of things secure transmission method and system | |
CN110061978A (en) | Binary Cooperative Security client framework | |
JPH0974408A (en) | Security communication method | |
CN111541603B (en) | Independent intelligent safety mail terminal and encryption method | |
CN107104888B (en) | Safe instant messaging method | |
CN102739719A (en) | User information synchronization method and system thereof | |
WO2009054807A1 (en) | Secure messaging using outband mode authentication | |
CN104243291A (en) | Instant messaging method and system thereof capable of guaranteeing safety of user communication content | |
Oppliger | Providing certified mail services on the internet | |
CN109492359A (en) | A kind of secure network middleware and its implementation and device for authentication | |
JP2001237824A (en) | Information communication repeater | |
Prabhu et al. | Security in computer networks and distributed systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190726 |
|
WD01 | Invention patent application deemed withdrawn after publication |