CN101090400A - Safety transmitting method and system for information of mobile user - Google Patents
Safety transmitting method and system for information of mobile user Download PDFInfo
- Publication number
- CN101090400A CN101090400A CN 200710120041 CN200710120041A CN101090400A CN 101090400 A CN101090400 A CN 101090400A CN 200710120041 CN200710120041 CN 200710120041 CN 200710120041 A CN200710120041 A CN 200710120041A CN 101090400 A CN101090400 A CN 101090400A
- Authority
- CN
- China
- Prior art keywords
- connection
- information
- proxy
- mobile client
- enterprise servers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
This invention provides a safety transfer method for mobile user information including: setting up a connection between a connection server and a connection proxy to form a proxy channel, setting up a safety connection between mobile customer ends and enterprise servers by the proxy channel and finally cutting the safety connection between them.
Description
Technical field
The present invention relates to computer information processing and wireless communication field, relate in particular to a kind of safety transmitting method and system of information of mobile user.
Background technology
Along with development of Communication Technique, development of wireless communication devices particularly, people not only can handle traditional businesses such as speech, short message by mobile clients such as mobile phones, can also handle data services such as Email, Streaming Media, office service flow process.
No matter be enterprise, or government bodies, most data services have certain level of confidentiality requirement, if can not well solve the data security privacy problem in the wireless transmission process, will restrict greatly the popularization and application of wireless data service.
If the mode that directly on enterprise servers, data is encrypted, the cost compare height, the efficient that data are processed also can reduce greatly.Therefore, the method for general enterprises solution data security is to set up fire wall between intranet and internet.Yet fire wall only allows the terminal of fire wall inside by the server info of specific port access fire wall outside, and like this, the client who is positioned at the enterprise outside initiatively connects enterprise servers, will can't realize owing to the restriction of fire wall.
For the problems referred to above, present solution is to set up VPN (VPN, VirtualPrivate Network) for the user.Although this scheme can to a certain degree solve safety problem, also has following shortcoming:
1, enterprise need set up the VPN account number for each user, can increase administrative burden like this; In addition, because by behind the VPN access intranet, all resources that can visit this user can increase potential safety hazard undoubtedly;
2, for portable terminal, because resource-constrained connects enterprise servers in this way, not only want the user account number of management enterprise server, also to manage the VPN account number, implement relatively difficulty, efficient is not high yet.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of safety transmitting method and system of information of mobile user, and the needed information security of user is delivered on the mobile client.
The technical scheme that realizes the object of the invention is as follows:
A kind of safety transmitting method of information of mobile user may further comprise the steps:
Connect server and connect connection between the agency constitutes and acts on behalf of passage;
Connect by the described safety of acting on behalf of between Path Setup mobile client and the enterprise servers;
The information transmission is finished, and disconnects mobile client and is connected with safety between the enterprise servers.
Preferably, according to connect connection between server and the Connection Proxy of following steps:
The Connection Proxy of enterprises connects the proxy port of the connection server of enterprise outside by the fire wall request;
Connection server carries out authentication to Connection Proxy:
If the authentication success, connection server is accepted the connection request of Connection Proxy, sets up the passage of acting on behalf of with Connection Proxy;
If failed authentication, the refusal connection request.
Preferably, the safety of setting up between mobile client and the enterprise servers according to following steps connects:
Connection server is with act on behalf of the Connection Proxy that passage send enterprises of connection request by setting up of mobile client; This Connection Proxy is accepted connection request and the request connection enterprise servers that connection server transmits;
Enterprise servers carry out authentication to mobile client:
If the connection agency's of enterprises connection request is accepted in authentication success, enterprise servers; Connecting the agency is accepted by the passage notice Connection Service device connection request of setting up of acting on behalf of; The Connection Service device is accepted the connection request of mobile client; Mobile client connects the enterprise servers of going up enterprises, and enterprise servers send data encryption key to mobile client simultaneously;
If authentication is unsuccessful, the connection request of enterprise servers refusal Connection Proxy, Connection Proxy send refusal by connection server to mobile client and connect notice.
Preferably, described Connection Service device connects by the TCP/IP mode with being connected to act on behalf of.
Preferably, described Connection Service device connects by the Socket mode with being connected to act on behalf of.
Preferably, described Connection Service device connects by the HTTP mode with being connected to act on behalf of.
Simultaneously, the present invention also provides a kind of safety transfer system of information of mobile user, comprising: mobile client, Connection Service device, connection agency, enterprise servers, wherein:
Described mobile client is set up safety by connection server with Connection Proxy and enterprise servers and is connected, and is used for receiving the information from enterprise servers, or the information after processing is delivered on the enterprise servers;
Described connection server is connected with mobile client, is used for connecting with described Connection Proxy, receives and transmit the information from portable terminal and Connection Proxy;
Described Connection Proxy links to each other with enterprise servers, is used for connecting with the connection server of enterprise outside, receives and transmit the information of enterprise servers and acting server;
Described enterprise servers link to each other with Connection Proxy, are used for setting up safety with mobile client and are connected, and send information or reception and processing from the information of mobile client to mobile client.
Preferably, described Connection Service device connects by the TCP/IP mode with being connected to act on behalf of.
Preferably, described Connection Service device connects by the Socket mode with being connected to act on behalf of.
Preferably, described Connection Service device connects by the HTTP mode with being connected to act on behalf of.
Compared with prior art, the present invention has following beneficial effect:
The present invention connects by set up safety between mobile client and enterprise servers, is solving on the restricted problem basis of fire wall, make the needed information of user can safe transfer on mobile client.
The connection server of introducing among the present invention only is responsible for mobile client and enterprise servers and connects and provide support, receive and the transmission of information process in the data message of cache user not, with the safety of assurance user profile.
In addition, the software of mobile client does not need to make any modification, and address and corresponding serve port (Server Port) that a server address that need connect and port are set to the Connection Service device get final product.The software of enterprise servers does not need to make an amendment yet.The connection request of client can be by the connection request of acting on behalf of passage transmission and the Connection Proxy starting client by enterprises between connection server and the Connection Proxy.
Transfer of data between mobile client and the enterprise servers is to transmit by the interface channel between Connection Proxy and the connection server (Tunnel); Only set up one between Connection Proxy and the connection server and be connected, namely the transfer of data between different clients and the enterprise servers is all transmitted by this passage.
Below in conjunction with the drawings and specific embodiments the present invention is further described.
Description of drawings
Fig. 1 is the safety transfer system schematic diagram of information of mobile user of the present invention;
Fig. 2 is the inventive method flow chart;
Fig. 3 is that mobile client of the present invention reads information flow chart;
Fig. 4 is the TCP/IP connected mode schematic diagram that connects agency and Connection Service device;
Fig. 5 is the Socket connected mode schematic diagram that connects agency and Connection Service device;
Fig. 6 is the HTTP connected mode schematic diagram that connects agency and Connection Service device.
Embodiment
The safety transfer system of information of mobile user of the present invention, comprise: mobile client, connection server, Connection Proxy, enterprise servers, wherein said mobile client is set up safety by connection server with Connection Proxy and enterprise servers and is connected, be used for to receive and represent information from enterprise servers, or the information after processing is delivered on the enterprise servers; Described connection server is connected with mobile client, is used for connecting with described Connection Proxy, receives and transmit the information from portable terminal and Connection Proxy; Described Connection Proxy links to each other with enterprise servers, is used for connecting with the connection server of enterprise outside, receives and transmit the information of enterprise servers and acting server; Described enterprise servers link to each other with Connection Proxy, are used for setting up safety with mobile client and are connected, and send information or reception and processing from the information of mobile client to mobile client.
The connection server of introducing among the present invention only is responsible for mobile client and enterprise servers and connects and provide support, receive and the transmission of information process in the data message of cache user not, with the safety of assurance user profile.
As shown in Figure 1, system of the present invention comprises: mobile client, Connection Service device, connection agency, enterprise servers, wherein: the Connection Service device is deployed in the enterprise outside, while listening agent port (ProxyPort) and two ports of serve port (Server Port), proxy port is responsible for receiving the connection request that connects the agency from enterprises, and serve port is responsible for receiving the connection request from client; Connect agency department and be deployed in enterprises,, connect the proxy port that the agency can connect the Connection Service device of enterprise outside in the fire compartment wall back; Enterprise servers are deployed in enterprises, in the fire compartment wall back, for the mobile client of enterprise outside provides service; Mobile client is deployed in the enterprise outside, and mobile client does not need directly to connect the server of enterprises, only needs to connect the Connection Service device of enterprise outside.
As shown in Figure 2, be the safety transmitting method flow chart of information of mobile user of the present invention.Comprise:
Below, in conjunction with Fig. 3, specify as follows to the flow process of transmitting information between user's mobile client and the enterprise servers:
One, connect agency with the Connection Service device between be connected:
The Connection Proxy of enterprises connects the proxy port of the connection server of enterprise outside by the fire wall request; Connection server carries out authentication to Connection Proxy: if the authentication success, connection server is accepted the connection request of Connection Proxy, sets up the passage of acting on behalf of with Connection Proxy; If failed authentication shows that Connection Proxy is illegal, refuse its connection request.
Two, the safety of setting up between mobile client and the enterprise servers is connected:
Mobile client is sent connection request to the serve port of Connection Service device; The Connection Service device is with act on behalf of the connection agency that channel transfer give enterprises of connection request by setting up of mobile client; The connection agency of enterprises accepts connection request and the request connection enterprise servers that the Connection Service device transmits.
Enterprise servers carry out authentication to mobile client: if the authentication success, enterprise servers are accepted the connection agency's of enterprises connection request; Connecting the agency is accepted by the passage notice Connection Service device connection request of setting up of acting on behalf of; The Connection Service device is accepted the connection request of mobile client as common server; Mobile client connects the enterprise servers of going up enterprises, simultaneously data encryption key is sent to mobile client.If authentication is unsuccessful, the connection request of enterprise servers refusal Connection Proxy, Connection Proxy send refusal by connection server to mobile client and connect notice.
Three, transmission information between mobile client and the enterprise servers:
(1) mobile client reads information from enterprise servers: mobile client reads information to the enterprise servers request, and enterprise servers are encrypted required information key of exchange when connecting, and then information are sent to mobile client; Mobile client is received through after the ciphered data information, is decrypted with above-mentioned key, represents to the user then.
(2) mobile client is submitted information to enterprise servers: mobile client is encrypted the information of needs transmission key of exchange when connecting; Mobile client sends information to the enterprise servers request, then the information after encrypting is sent to enterprise servers; Enterprise servers are decrypted the information that receives with above-mentioned key, deposit enterprise servers then in.
Four, disconnecting mobile client is connected with safety between the enterprise servers.
About being connected between Connection Proxy and the connection server, following three kinds of modes are arranged, can select a kind of enforcement according to the firewall policy of enterprise.
Mode one
As shown in Figure 3, fire compartment wall allows the connection agency of enterprises directly to connect the Connection Service device of enterprise outside by transmission control protocol/Internet Protocol (TCP/IP, Transfer Control Protocol/Internet Protocol).
When connecting, Connection Proxy sends connection request to connection server, and connection server carries out authentication to Connection Proxy, if the authentication success sends to accept to connect and replys, and the passage that connects; If failed authentication, the connection request of refusal Connection Proxy.
Mode two
As shown in Figure 4, fire wall allows the Connection Proxy of enterprises to connect the connection server of enterprise outside by SOCKETS agency (SOCK4 or SOCK5).
When connecting, Connection Proxy sends connection request to the SOCKETS agency earlier, and the SOCKETS agency sends to connection server to the connection request of Connection Proxy; Connection server carries out authentication to Connection Proxy, if authentication success sends to accept to connect to the SOCKETS agency and replys, the SOCKETS agency passes to Connection Proxy replying again, and the interface channel between agency and the connection server of connecting; If failed authentication, the connection request of refusal Connection Proxy.
Mode three
As shown in Figure 5, fire compartment wall allows the connection agency of enterprises to connect the Connection Service device of enterprise outside by HTML (Hypertext Markup Language) (HTTP, Hypertext Transfer Protocol) acting server.
When connecting, Connection Proxy at first sends connection request to http proxy server, and http proxy server sends to connection server to the connection request of Connection Proxy; Connection server carries out authentication to Connection Proxy, if authentication success sends to accept to connect to http proxy server and replys, http proxy server passes to Connection Proxy replying again, and the interface channel between agency and the connection server of connecting; If failed authentication, the connection request of refusal Connection Proxy.
Above-described embodiment of the present invention does not consist of the restriction to protection domain of the present invention.Any any modification of being done within the spirit and principles in the present invention, be equal to and replace and improvement etc., all should be included within the claim protection range of the present invention.
Claims (10)
1, a kind of safety transmitting method of information of mobile user is characterized in that, may further comprise the steps:
Connect server and connect connection between the agency constitutes and acts on behalf of passage;
Connect by the described safety of acting on behalf of between Path Setup mobile client and the enterprise servers;
The information transmission is finished, and disconnects mobile client and is connected with safety between the enterprise servers.
2, the safety transmitting method of information of mobile user as claimed in claim 1 is characterized in that, according to connect server and connect connection between the agency of following steps:
The Connection Proxy of enterprises connects the proxy port of the connection server of enterprise outside by the fire wall request;
Connection server carries out authentication to Connection Proxy:
If the authentication success, connection server is accepted the connection request of Connection Proxy, sets up the passage of acting on behalf of with Connection Proxy;
If failed authentication, the refusal connection request.
3, the safety transmitting method of information of mobile user as claimed in claim 1 is characterized in that, the safety of setting up between mobile client and the enterprise servers according to following steps connects:
Connection server is with act on behalf of the Connection Proxy that passage send enterprises of connection request by setting up of mobile client; This Connection Proxy is accepted connection request and the request connection enterprise servers that connection server transmits;
Enterprise servers carry out authentication to mobile client:
If the connection agency's of enterprises connection request is accepted in authentication success, enterprise servers; Connecting the agency is accepted by the passage notice Connection Service device connection request of setting up of acting on behalf of; The Connection Service device is accepted the connection request of mobile client; Mobile client connects the enterprise servers of going up enterprises, and enterprise servers send data encryption key to mobile client simultaneously;
If authentication is unsuccessful, the connection request of enterprise servers refusal Connection Proxy, Connection Proxy send refusal by connection server to mobile client and connect notice.
4, the safety transmitting method of information of mobile user as claimed in claim 1 is characterized in that, described Connection Service device connects by the TCP/IP mode with being connected to act on behalf of.
5, the safety transmitting method of information of mobile user as claimed in claim 1 is characterized in that, described Connection Service device connects by the Socket mode with being connected to act on behalf of.
6, the safety transmitting method of information of mobile user as claimed in claim 1 is characterized in that, described Connection Service device connects by the HTTP mode with being connected to act on behalf of.
7, a kind of safety transfer system of information of mobile user is characterized in that, comprising: mobile client, Connection Service device, connection agency, enterprise servers, wherein:
Described mobile client is set up safety by connection server with Connection Proxy and enterprise servers and is connected, and is used for receiving the information from enterprise servers, or the information after processing is delivered on the enterprise servers;
Described connection server is connected with mobile client, is used for connecting with described Connection Proxy, receives and transmit the information from portable terminal and Connection Proxy;
Described Connection Proxy links to each other with enterprise servers, is used for connecting with the connection server of enterprise outside, receives and transmit the information of enterprise servers and acting server;
Described enterprise servers link to each other with Connection Proxy, are used for setting up safety with mobile client and are connected, and send information or reception and processing from the information of mobile client to mobile client.
8, the safety transfer system of information of mobile user as claimed in claim 7 is characterized in that, described Connection Service device connects by the TCP/IP mode with being connected to act on behalf of.
9, the safety transfer system of information of mobile user as claimed in claim 7 is characterized in that, described Connection Service device connects by the Socket mode with being connected to act on behalf of.
10, the safety transfer system of information of mobile user as claimed in claim 7 is characterized in that, described Connection Service device connects by the HTTP mode with being connected to act on behalf of.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710120041 CN101090400A (en) | 2007-08-07 | 2007-08-07 | Safety transmitting method and system for information of mobile user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710120041 CN101090400A (en) | 2007-08-07 | 2007-08-07 | Safety transmitting method and system for information of mobile user |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101090400A true CN101090400A (en) | 2007-12-19 |
Family
ID=38943563
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710120041 Pending CN101090400A (en) | 2007-08-07 | 2007-08-07 | Safety transmitting method and system for information of mobile user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101090400A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103297384A (en) * | 2012-02-22 | 2013-09-11 | 航天信息股份有限公司 | Method and system for communication of protocol conversion |
| WO2015055101A1 (en) * | 2013-10-17 | 2015-04-23 | Tencent Technology (Shenzhen) Company Limited | Method, client, server and system for information transmission |
| WO2016173169A1 (en) * | 2015-04-28 | 2016-11-03 | 中兴通讯股份有限公司 | Connection state control method, apparatus and system |
| US20190258781A1 (en) * | 2011-10-11 | 2019-08-22 | Citrix Systems, Inc. | Secure Execution of Enterprise Applications on Mobile Devices |
-
2007
- 2007-08-07 CN CN 200710120041 patent/CN101090400A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190258781A1 (en) * | 2011-10-11 | 2019-08-22 | Citrix Systems, Inc. | Secure Execution of Enterprise Applications on Mobile Devices |
| US11134104B2 (en) * | 2011-10-11 | 2021-09-28 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
| CN103297384A (en) * | 2012-02-22 | 2013-09-11 | 航天信息股份有限公司 | Method and system for communication of protocol conversion |
| WO2015055101A1 (en) * | 2013-10-17 | 2015-04-23 | Tencent Technology (Shenzhen) Company Limited | Method, client, server and system for information transmission |
| WO2016173169A1 (en) * | 2015-04-28 | 2016-11-03 | 中兴通讯股份有限公司 | Connection state control method, apparatus and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7042875B2 (en) | Secure dynamic communication networks and protocols | |
| KR101202671B1 (en) | Remote access system and method for enabling a user to remotely access a terminal equipment from a subscriber terminal | |
| US8537841B2 (en) | Connection support apparatus and gateway apparatus | |
| CN100574193C (en) | Method, system and third party website, service server that the switching third party lands | |
| DE60208067T2 (en) | MULTI-STAGE SYSTEM AND METHOD FOR PROCESSING THE CODED MESSAGES | |
| US20040158705A1 (en) | Method and apparatus for accelerating CPE-based VPN transmissions over a wireless network | |
| US20130232209A1 (en) | Method for establishing bi-directional messaging communications with wireless devices and with remote locations over a network | |
| US20050277434A1 (en) | Access controller | |
| US20080281900A1 (en) | Technique for Sending TCP Messages through HTTP Systems | |
| CN103503408A (en) | System and method for providing access credentials | |
| CN102088441B (en) | Data encryption transmission method and system for message-oriented middleware | |
| CA2527550A1 (en) | Method for securely associating data with https sessions | |
| CN1358386A (en) | Dynamic connection to multiple origin servers in transcoding proxy | |
| US20100031337A1 (en) | Methods and systems for distributed security processing | |
| CN102348210A (en) | Method and mobile security equipment for security mobile officing | |
| CN104283680A (en) | Data transmission method, client side, server and system | |
| JP2006217446A (en) | Remote conference system | |
| CN112437044B (en) | Instant messaging method and device | |
| CN103731410A (en) | Virtual network building system, virtual network building method, small terminal, and authentication server | |
| CN101090400A (en) | Safety transmitting method and system for information of mobile user | |
| CN111064738A (en) | TLS (transport layer Security) secure communication method and system | |
| CN114143788A (en) | Method and system for realizing authentication control of 5G private network based on MSISDN | |
| CN100428748C (en) | Dual-status-based multi-party communication method | |
| CN109451009A (en) | A kind of point-to-point instant communicating method | |
| EP3200420B1 (en) | Providing communications security to an end-to-end communication connection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20071219 |