CN104184735B - Power marketing mobile application security guard system - Google Patents
Power marketing mobile application security guard system Download PDFInfo
- Publication number
- CN104184735B CN104184735B CN201410423475.1A CN201410423475A CN104184735B CN 104184735 B CN104184735 B CN 104184735B CN 201410423475 A CN201410423475 A CN 201410423475A CN 104184735 B CN104184735 B CN 104184735B
- Authority
- CN
- China
- Prior art keywords
- access
- network
- security
- data
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
Power marketing mobile application security guard system, it is related to a kind of power marketing mobile application system.At present, using safety problem will be produced after mobile terminal, using third-party secondary encryption, easily crack, produce the leakage of information.The present invention includes:Security terminal layer;Escape way layer;Secure accessing podium level;Mobile solution layer:For supporting the service application of mobile terminal, systematic difference safety is realized.The technical program realizes the secure accessing of mobile terminal, and the strong isolation of information Intranet, information outer net is realized by isolating means, the attack of outer net is cut off, effectively improves information security.
Description
Technical field
The present invention relates to a kind of power marketing mobile application security guard system.
Background technology
During electric power trade informationization constantly promotes, it is daily that information system has become electric power enterprise company personnel
The basic means of work, in power generation control with having played the effect to become more and more important in company management management.But increasingly
More inconvenience is that conventional systems are insoluble, traditional management that must could be used in Utilities Electric Co.'s LAN
Software causes very big restriction to scene exchange and Service Promotion.In the process that power marketing information work deepens constantly
In, the information system user of sales service management proposes specific requirement in terms of Mobile solution, how in curstomer's site and
Job site handles work at any time, and how field force completes various information management work, various original scenes outside office
Manual record data can not in time typing management system the problem of solved such as how more flexible, convenient mode, the above
Variety of problems, can be solved using mobile terminal, improve the convenience and treatment effeciency of information system, while meet to pacify
Full property requirement.
But using safety problem will be produced after mobile terminal, using third-party secondary encryption, easily crack, produce information
Leakage.Intranet access conditions is strict, while restricts the development of power marketing Mobile solution.How intelligent mobile terminal is utilized,
By the access power marketing business of outer net safety, turn into an important topic in the urgent need to address.
The content of the invention
The technical problem to be solved in the present invention and the technical assignment proposed are prior art to be improved with being improved,
Power marketing mobile application security guard system is provided, to reach the purpose of outer net secure access Electric Power Marketing System.Therefore, this
Following technical scheme is taken in invention.
Power marketing mobile application security guard system, it is characterised in that including:
Security terminal layer:Mobile terminal uses AES, and preserves private key or digital certificate on mobile terminals;Move
Escape way is established by mobile public network and safe access gateway group during dynamic terminal called, carrying out identity using digital certificate recognizes
Card, and transmission is encrypted to communication critical data;
Escape way layer:Realize that each external linkage is connected with system access net, by routeing access control, and pass through
The encrypted virtual designated lane of VPN structures, realizes network level authentication, and ensure data confidentiality and integrality;By anti-
Wall with flues carries out the access control of frontier district, prevents the access application of illegality equipment;Corresponding safety monitoring system is configured, to access
It is monitored, protects and manages using potential safety hazard, it is ensured that secure accessing and the safety of system access mesh portions;To access network with
Isolated between corporate intranet from physical layer to the communication protocol of application layer all levels, established for the application of each permission
With safeguard an exclusive data exchanging mechanism, limit the source of data exchange, purpose, data format, data content, and data are handed over
Change and be monitored;
Secure accessing podium level:To be issued to external information, information gathering, the intermediate region of data exchange, be access terminal
The terminal of network connection, all applications access and terminate at Security Certificate gateway;Secure accessing podium level is to exchanging service log-on, fortune
Market condition carries out safety detection and audit, the network equipment, the configuration management of safety means and day-to-day operation is safeguarded, to safe plan
Slightly management, flow monitoring, statistical analysis, security audit, and be shown with friendly and user-centered interface;
Mobile solution layer:For supporting the service application of mobile terminal, systematic difference safety is realized.
As further improving and supplementing to above-mentioned technical proposal, present invention additionally comprises following additional technical feature.
Described secure accessing podium level is provided with access gateway, data filtering exchange system, authentication server and connect
Enter platform Centralized Monitoring management system, described access gateway includes being used for the safe access gateway of notebook access, is used for
The mobile security access gateway of PDA/ smart mobile phones access, the meter safe access gateway for meter access.
When intelligent terminal is tablet personal computer, PDA or during smart mobile phone, security algorithm private key that security terminal layer uses or
Digital certificate is stored using MicroSD cards;SIM card is set on intelligent terminal, is realized by the SIM card for binding special APN
Network channel safety;And software is specially controlled in intelligent terminal deployment secure, realize escape way foundation, user authentication management.
Mobile solution layer sets mobile application server, application server deployment anti-virus module, ensures that application service area is each
Application server is not infected by virus, wooden horse, prevents the propagation of virus and illegal control.
Described escape way layer, secure accessing podium level, the mobile job platform of Mobile solution development platform composition, it is described
Mobile job platform be provided with information security and protective unit, cross-platform business support unit, using support unit, movement
GIS support unit, mobile working stream support unit, platform management unit;Described information security is used to pacify with protective unit
Full access platform VPN wireless access support, the message encryption communication of application service, the database security of mobile terminal are encrypted with reality
Now efficient and secure accessing;Described cross-platform business support unit is used to support a variety of mobile terminal operating systems, passes through
Several operation systems are supported, while establish the API of a set of unified standard to adapt to each operating system to realize cross-platform support,
And support multiple terminal hardware;Described application support unit supports for hardware bottom layer;Described mobile GIS support unit
For geographical graphic displaying, power network resources displaying, GIS spatial analysis, path navigation, reporting position;Described mobile working stream
Support unit is used for the management for including electric power mobile application distribution platform service end and client;Described platform management unit is used
In equipment control, rights management, service menu management, the condition monitoring of mobile terminal, service monitoring and standardization field operation
Analysis.
It is used for using the hardware bottom layer support unit of support function:Printing, location-based service, bar code scan, firing frequency card are read
Write, the encapsulation of user's electron underwriting authentication, mobile terminal network state notifying, other ardware features;Be equipped with equipment audit log in,
User logs in the audit debarkation authentication of audit and serviced component;It is written to be equipped with video file, image file, pattern management system collection
Part service;Task data issue, download, import examination & verification;User authentication and security policy manager.
Secure accessing podium level security partition third party network and Enterprise information system, realize that the safety of mobile terminal connects
Enter;The certification of secure accessing podium level progress user identity, data encryption, audit/mandate of user data, the online of file add
The closely knit security now transmitted;Secure accessing podium level is provided with vpn gateway access service layer, and vpn gateway access service layer includes
Safe access gateway systemic-function component, identity authorization system functional unit, data encrypting and deciphering functional unit, Centralized Monitoring management
User logic functional unit, communicated by high-speed message bus to realize various security services between above-mentioned functional unit.
Secure accessing podium level carries out segmented combination deployment, and carries out the slitless connection of Internet;Identity authorization system
Two-way authentication is carried out using terminal and vpn gateway, and passes through CA service authentication mandates.
Secure accessing podium level audit/when authorizing work, it is dynamic in real time by the collection, analysis, identification of network data
State monitoring Content of Communication, network behavior and network traffics, find and capture various sensitive informations, unlawful practice, and Realtime Alerts ring
Should, various sessions and the event in network system are recorded comprehensively, realize intelligent association analysis, assessment and safety to the network information
The accurate all-the-way tracking positioning of event, authoritative reliable support is provided for the formulation of overall network security strategy.
Safety/audit work includes:
A) content auditing
For providing deep content auditing function, to website visiting, mail transmission/reception, remote terminal is accessed, database is visited
Ask, data transfer, the complete content detection of offer, the information reverting function such as file-sharing;And key word library is can customize, carry out
Fine-grained audit trail;
B) behavior auditing
For providing comprehensive network behavior audit function, according to setting behavior auditing strategy, website visiting, mail are received
Hair, database access, remote terminal access, data transfer, file-sharing, the network application behavior of Internet resources abuse are supervised
Survey, to meeting the event Real-time Alarm of behavioral strategy and recording;
C) network auditing system
For providing the flow analysis function based on protocol identification, the various message flows that real-time statistics go out in current network
Amount, integrated flow rate analysis is carried out, reliable support is provided for the formulation of flow management strategy.
Beneficial effect:Unified information interaction, centralized configuration management, unified monitoring etc. are realized, realizes and each Terminal Type is accessed
It is credible, controllable.Based on the present invention, realize that power marketing moves operation(Such as live industry expansion, live meter reading, live customer service etc.
Sales service application), the service ability and good service level of sales service curstomer's site are improved, customer service is subjected to space
With the extension of time, marketing service is extended to curstomer's site, good service, the shape of efficiency service are established in client perception
As.The technical program realizes the secure accessing of mobile terminal.By isolating means realize information Intranet, information outer net it is strong every
From cutting off the attack of outer net, effectively improve information security.
Brief description of the drawings
Fig. 1 is the safety protection structure figure of the present invention.
Fig. 2 is the security protection level figure of the present invention.
Embodiment
Technical scheme is described in further detail below in conjunction with Figure of description.
As shown in figure 1, power marketing mobile application security guard system includes security terminal layer, escape way layer, safety
Access platform layer, Mobile solution development platform, application system etc..
Wherein,
Security terminal layer:Mobile terminal uses AES, and preserves private key or digital certificate on mobile terminals;Move
Escape way is established by mobile public network and safe access gateway group during dynamic terminal called, carrying out identity using digital certificate recognizes
Card, and transmission is encrypted to communication critical data;
Escape way layer:Realize that each external linkage is connected with system access net, by routeing access control, and pass through
The encrypted virtual designated lane of VPN structures, realizes network level authentication, and ensure data confidentiality and integrality;By anti-
Wall with flues carries out the access control of frontier district, prevents the access application of illegality equipment;Corresponding safety monitoring system is configured, to access
It is monitored, protects and manages using potential safety hazard, it is ensured that secure accessing and the safety of system access mesh portions;To access network with
Isolated between corporate intranet from physical layer to the communication protocol of application layer all levels, established for the application of each permission
With safeguard an exclusive data exchanging mechanism, limit the source of data exchange, purpose, data format, data content, and data are handed over
Change and be monitored;
Secure accessing podium level:To be issued to external information, information gathering, the intermediate region of data exchange, be access terminal
The terminal of network connection, all applications access and terminate at Security Certificate gateway;Secure accessing podium level is to exchanging service log-on, fortune
Market condition carries out safety detection and audit, the network equipment, the configuration management of safety means and day-to-day operation is safeguarded, to safe plan
Slightly management, flow monitoring, statistical analysis, security audit, and be shown with friendly and user-centered interface.
Mobile solution layer:For supporting the service application of mobile terminal, systematic difference safety is realized.
Described secure accessing podium level is provided with access gateway, data filtering exchange system, authentication server and connect
Enter platform Centralized Monitoring management system.
To treat the equipment of each access with a certain discrimination, described access gateway includes being used for the secure accessing net of notebook access
Close, the mobile security access gateway for the access of PDA/ smart mobile phones, the meter safe access gateway for meter access.
When intelligent terminal is tablet personal computer, PDA or during smart mobile phone, security algorithm private key that security terminal layer uses or
Digital certificate is stored using MicroSD cards;SIM card is set on intelligent terminal, is realized by the SIM card for binding special APN
Network channel safety;And software is specially controlled in intelligent terminal deployment secure, realize escape way foundation, user authentication management.
Mobile solution layer sets mobile application server, application server deployment anti-virus module, ensures that application service area is each
Application server is not infected by virus, wooden horse, prevents the propagation of virus and illegal control.
Shown in Fig. 2, marketing mobile application security protection hierarchy chart main contents include:
1)Secure accessing is the core of whole platform, and secure accessing is built between third party's network and Enterprise information system
Area, carry out the security partition of network.By the secure accessing of platform, certification, visit the progress secure accessing such as control service.
2)By establishing the secondary encryption tunnel independent of third-party operator, strengthen data transmission security, but
By secure accessing area, the certification of user identity is carried out(Digital certificate system), data encryption(AES is special using close office of state
With security algorithm, crypto-operation intensity is high, and data safety can be effectively ensured), audit/mandate of user data, file
Online encryption.
3)Vpn gateway access service layer is core, mainly include safe access gateway system, identity authorization system,
Data encrypting and deciphering, Centralized Monitoring manage the logic blocks such as user, are led between functional unit by high-speed message bus
Letter, realizes various security services.
4)According to user's request difference, using difference, network rebuilding demand etc., secure accessing plateform system function group, number
According to functional units such as safe protecting systems, segmented combination deployment can be carried out according to access platform thought, and carry out the nothing of Internet
Seam docking.
5)Identity authorization system, terminal carries out two-way authentication with VPN, and passes through CA service authentication mandates.Digital certificate
The user for logging in security platform system is ensured, is all the user by administrative authentication.It is the granting of digital certificate, revocation, expired heavy
Application, can both lead to OCSP protocol online mode;Again can be by offline mode, by special messenger's manual administration.
6)Fire wall, the access border of security platform, this is the first safe mistake to data that user enters security platform
Filter.Fire wall is a kind of comprehensive technology, be related to computer networking technology, cryptographic technique, safe practice, software engineering,
The many-sides such as security protocol;It is a kind of Means of Ensuring of network security;A kind of access control yardstick performed when being network service,
Its main target be exactly by control into, go out the authority of a network, and force all links all to pass through such inspection.
All outsides(User)Data to inside(Corporate intranet)Business Stream be intended to, by fire wall, utilize fire wall
The function of Network address translators and the safety filtering of data, to needing network to be protected to protect.
7)Safe access gateway
IPSEC VPN access gatewaies, safeguard protection is provided for user's remote access network service, major function includes:
Authentication:Coordinate digital certificate system, it is ensured that remote access person is not malicious user;
Access control:Ensure that visitor can only access the service being authorized to and information;
Data encryption:The close algorithm of business that there is provided in SDKey is provided, it is ensured that all data be all in network transmission process by
Encryption, prevent from being cracked;
SSL VPN access gatewaies, safeguard protection is provided for user's remote access network service, major function includes:
Authentication:Coordinate digital certificate system, it is ensured that remote access person is not malicious user;
Access control:Ensure that visitor can only access the service being authorized to and information;
Data encryption:The close algorithm of business that there is provided in SDKey is provided, it is ensured that all data be all in network transmission process by
Encryption, prevent from being cracked.
8)Security isolation system
Security isolation and Information Exchange System, it is commonly called as " gateway ", the target of technology of network isolation, which is to ensure that, attacks harmful
Isolation is hit, on the premise of not leaked with guarantee trustable network internal information outside trustable network, completes the safety of data between net
Exchange.Technology of network isolation grows up on the basis of original safe practice, and it compensate for original safe practice not
Foot, highlights the advantage of oneself, and it is the security isolation system of secured sub-network and corporate intranet, ensures the peace of access service Intranet
Entirely.
9)Audit, authoring system
Safety auditing system passes through the collection, analysis, identification of network data, real-time dynamic monitoring Content of Communication, network row
For and network traffics, find and capture various sensitive informations, unlawful practice, Realtime Alerts response, record comprehensively in network system
Various sessions and event, realize to the analysis of the intelligent association of the network information, assess and the accurate all-the-way tracking of security incident is determined
Position, authoritative reliable support is provided for the formulation of overall network security strategy.Safety auditing system has three zones:
A, content auditing
SAS system provides deep content auditing function, can be to website visiting, mail transmission/reception, remote terminal access, data
The complete content detection of the offer such as storehouse access, data transfer, file-sharing, information reverting function;And key word library is can customize,
Carry out fine-grained audit trail.
B, behavior auditing
SAS system provides comprehensive network behavior audit function, according to setting behavior auditing strategy, to website visiting, postal
Part transmitting-receiving, database access, remote terminal access, data transfer, file-sharing, Internet resources abuse(Instant messaging, forum,
Online Video, P2P downloads, online game etc.)It is monitored Deng network application behavior, the event for meeting behavioral strategy is accused in real time
Warn and record.
C, network auditing system
SAS system provides the flow analysis function based on protocol identification, the various messages that real-time statistics go out in current network
Flow, integrated flow rate analysis is carried out, reliable support is provided for the formulation of flow management strategy.
Escape way layer, secure accessing podium level, the mobile job platform of Mobile solution development platform composition, mobile operation horizontal
Platform builds deployment, mainly includes as follows:
The information security of platform and protection, including State Grid Corporation of China's secure accessing platform, the message of application service
The database security encryption of encryption communication, mobile terminal.
Cross-platform business support, support a variety of mobile terminal operating systems.Such as:ios,windowmobile,
Windowce, android, windowsxp, by supporting several operation systems, while the API of a set of unified standard is established, come
Each operating system is adapted to realize cross-platform support;Support various terminals hardware, such as iphone, ipad, various models
Android mobile phones, the android flat boards of various models, windowsmobile/wince, pad of various models.
Supported using support function, including hardware bottom layer:Printing, location-based service, bar code scan, the read-write of firing frequency card, use
Family electron underwriting authentication, mobile terminal network state notifying, the encapsulation of other ardware features etc.;The audit for being equipped with equipment is logged in, used
Family logs in the audit debarkation authentication of audit and serviced component;It is equipped with the texts such as video file, image file, pattern management system be integrated
Part service function;Task data issue, download, import audit function;User authentication and security policy manager function.
Mobile GIS support function, support and geographical graphic displaying, electricity based on State Grid Corporation of China's GIS service platform
The functions such as the displaying of net resource, GIS spatial analysis, path navigation, reporting position.
Mobile working stream support function, include the management of electric power mobile application distribution platform service end, client.
Platform management functions, including equipment control, rights management, service menu management, the condition monitoring of mobile terminal, clothes
Business monitoring and standardization field operation analytic function.
Application performance is ensured using nine kinds of technological means efficiently, stably, reliably, independent design traffic table, storage user, power
The information such as limit;Asynchronous task scheduling, realize that job note efficient information rate is downloaded in real time;Job note procedure information is real-time by short message
Push, mitigate the impact manually refreshed to system;Independent design traffic table, store mobile job-oriented terminal job note information;It is mobile
Cargo handling operation parameterisable configures, control business coverage;Job note business datum is downloaded can be asynchronous, maximizes reduction pair
BOSS professional systems are impacted;Work data uploads can be asynchronous, improves data transmission success;The detachable upload of batch working list,
The data volume that single uploads is reduced, structural data is separately handled with unstructured data, improves transfer efficiency in data.
Data preserve and interacted with the real time data of the professional BOSS systems of electric power host computer the data using two-way intercommunication
Passage, the form of data transfer use JSON data transfers, and multimedia file is then realized by way of FTP service transmission.
Information security is ensured that safety access system deployment is main to divide by the secure accessing platform of Guo Wang companies certification
For:The built-in customization encryption chip of enterprises end deployment secure gateway device, security terminal, enterprise has two-stage CA systems by oneself, data add
The close cryptographic protocol for doing data channel using SM2 algorithms, using IPSEC/SSL VPN technologies using SM1 algorithms, digital certificate.
Figure 1 above, the power marketing mobile application security guard system shown in 2 are the specific embodiments of the present invention,
Substantive distinguishing features of the present invention and progress are embodied, under the enlightenment of the present invention, shape can be carried out to it according to the use needs of reality
The equivalent modifications of shape, structure etc., this programme protection domain row.
Claims (10)
1. power marketing mobile application security guard system, it is characterised in that including:
Security terminal layer:Mobile terminal uses AES, and preserves private key or digital certificate on mobile terminals;It is mobile whole
Escape way is established by mobile public network and safe access gateway group during end communication, authentication is carried out using digital certificate, and
Transmission is encrypted to communication critical data;
Escape way layer:Realize that each external linkage is connected with system access net, by routeing access control, and pass through VPN structures
The encrypted virtual designated lane built, realizes network level authentication, and ensure data confidentiality and integrality;Entered by fire wall
The access control in row bound area, prevent the access application of illegality equipment;Corresponding safety monitoring system is configured, to access application peace
Full hidden danger is monitored, protects and managed, it is ensured that secure accessing and the safety of system access mesh portions;To in access network and enterprise
Isolated between net from physical layer to the communication protocol of application layer all levels, the application for each permission is established and safeguarded
One exclusive data exchanging mechanism, the source of data exchange, purpose, data format, data content are limited, and data exchange is carried out
Monitoring;
Secure accessing podium level:To be issued to external information, information gathering, the intermediate region of data exchange, be access terminal network
The terminal of connection, all applications access and terminate at Security Certificate gateway;Secure accessing podium level is to exchanging service log-on, operation feelings
Condition carries out safety detection and audit, the network equipment, the configuration management of safety means and day-to-day operation is safeguarded, to safe plan
Slightly management, flow monitoring, statistical analysis, security audit are shown with friendly and user-centered interface;
Mobile solution layer:For supporting the service application of mobile terminal, systematic difference safety is realized;
Marketing mobile application security protection level be:
Corporate intranet realizes application data safety by data encryption, and application system is realized by audit/mandate and security isolation
Safety;
Client secure access system realizes operating system security by KEY certifications/guiding and desktop control system;Pass through VPN
Secure accessing and digital certificate authentication realize access safety;Realize that physical network is pacified by the close algorithm for encryption of business and re-authentication
Entirely;
Marketing mobile application security protection level content includes:
1)Secure accessing is the core of whole platform, and secure accessing area is built between third party's network and Enterprise information system, is entered
The security partition of row network;By the secure accessing of platform, certification, visit control service progress secure accessing;
2)By establishing the secondary encryption tunnel independent of third-party operator, strengthen data transmission security, by safety
Access area, carry out certification, data encryption, audit/mandate of user data, the online encryption of file of user identity;
3)Vpn gateway access service layer is core, including safe access gateway system, identity authorization system, data add solution
Close, Centralized Monitoring manages user logic functional unit, is communicated, realized various by high-speed message bus between functional unit
Security service;
4)According to user's request difference, using difference, network rebuilding demand, secure accessing plateform system functional unit, data peace
Full guard systemic-function component, segmented combination deployment is carried out according to access platform thought, and carry out the slitless connection of Internet;
5)Identity authorization system, terminal carries out two-way authentication with VPN, and passes through CA service authentication mandates;Digital certificate guarantee
The user of security platform system is logged in, is all the user by administrative authentication;The granting of digital certificate, revocation, it is expired reaffirm please,
Can be with by OCSP protocol online mode, and can is by by a manner of offline, by special messenger's manual administration;
6)Fire wall, the access border of security platform, this is the first safety filtering to data that user enters security platform;It is anti-
Wall with flues is a kind of comprehensive technology, is related to computer networking technology, cryptographic technique, safe practice, software engineering, safety association
View is many-sided;It is a kind of Means of Ensuring of network security;A kind of access control yardstick performed when being network service, its target bag
Include by control into, go out the authority of a network, and force all links all to pass through such inspection;
The Business Stream of all external user datas to the corporate intranet of inside is intended to by fire wall, utilizes the network of fire wall
The function of address translation and the safety filtering of data, to needing network to be protected to protect;
7)Safe access gateway
IPSEC VPN access gatewaies, safeguard protection is provided for user's remote access network service, function includes:
Authentication:Coordinate digital certificate system, it is ensured that remote access person is not malicious user;
Access control:Ensure that visitor can only access the service being authorized to and information;
Data encryption:Coordinate the close algorithm of business provided in SDKey, it is ensured that all data are all encrypted in network transmission process
, prevent from being cracked;
SSL VPN access gatewaies, safeguard protection is provided for user's remote access network service, function includes:
Authentication:Coordinate digital certificate system, it is ensured that remote access person is not malicious user;
Access control:Ensure that visitor can only access the service being authorized to and information;
Data encryption:Coordinate the close algorithm of business provided in SDKey, it is ensured that all data are all encrypted in network transmission process
, prevent from being cracked;
8)Security isolation system
Security isolation and Information Exchange System, be commonly called as " gateway ", the target of technology of network isolation be to ensure that harmful attack every
From, on the premise of not leaked with guarantee trustable network internal information outside trustable network, the secure exchange of data between completion net;
Technology of network isolation grows up on the basis of original safe practice, compensate for the deficiency of original safe practice, prominent
The advantage of oneself, it is the security isolation system of secured sub-network and corporate intranet, ensures the safety of access service Intranet;
9)Audit, authoring system
Safety auditing system by the collection, analysis, identification of network data, real-time dynamic monitoring Content of Communication, network behavior and
Network traffics, various sensitive informations, unlawful practice are found and captured, Realtime Alerts response, is recorded comprehensively each in network system
Kind session and event, realize that the accurate all-the-way tracking of intelligent association analysis, assessment and security incident to the network information positions, be
The formulation of overall network security strategy provides the reliable support of authority.
2. power marketing mobile application security guard system according to claim 1, it is characterised in that:Described safety connects
Enter podium level and be provided with access gateway, data filtering exchange system, authentication server and access platform Centralized Monitoring management system
System, described access gateway include being used for the safe access gateway of notebook access, the movement for the access of PDA/ smart mobile phones
Safe access gateway, the meter safe access gateway for meter access.
3. power marketing mobile application security guard system according to claim 2, it is characterised in that:When intelligent terminal is
When tablet personal computer, PDA or smart mobile phone, security algorithm private key or digital certificate that security terminal layer uses use MicroSD
Card is stored;SIM card is set on intelligent terminal, the SIM card by binding special APN realizes network channel safety;And in intelligence
Energy terminal disposition safety specially controls software, realizes escape way foundation, user authentication management.
4. power marketing mobile application security guard system according to claim 3, it is characterised in that:Mobile solution layer is set
Mobile application server, application server deployment anti-virus module, ensure each application server in application service area not by virus, wood
Horse infects, and prevents the propagation of virus and illegal control.
5. power marketing mobile application security guard system according to claim 1, it is characterised in that:Described safety is led to
Channel layer, secure accessing podium level, the mobile job platform of Mobile solution development platform composition, described mobile job platform are provided with letter
Cease safety and protection unit, cross-platform business support unit, using support unit, mobile GIS support unit, mobile working
Flow support unit, platform management unit;Described information security is used for secure accessing platform VPN wireless access branch with protective unit
Support, the message encryption communication of application service, the database security of mobile terminal are encrypted to realize efficient and secure accessing;Described
Cross-platform business support unit is used to support a variety of mobile terminal operating systems, by supporting several operation systems, builds simultaneously
The API for founding a set of unified standard adapts to each operating system to realize cross-platform support, and supports multiple terminal hardware;It is described
Application support unit be used for hardware bottom layer support;Described mobile GIS support unit is used for geographical graphic displaying, power network money
Source displaying, GIS spatial analysis, path navigation, reporting position;Described mobile working stream support unit is used to include electric power mobile
Using the management of distribution platform service end and client;Described platform management unit is used for equipment control, rights management, business
Menu management, the condition monitoring of mobile terminal, service monitoring and standardization field operation analysis.
6. power marketing mobile application security guard system according to claim 5, it is characterised in that:Using support function
Hardware bottom layer support unit be used for:Printing, location-based service, bar code scan, the read-write of firing frequency card, user's electron underwriting authentication,
Mobile terminal network state notifying, the encapsulation of other ardware features;The audit of outfit equipment logs in, user logs in audit and service group
The audit debarkation authentication of part;It is equipped with video file, image file, pattern management system and integrates file service;Task data issue,
Download, import examination & verification;User authentication and security policy manager.
7. power marketing mobile application security guard system according to claim 1, it is characterised in that:
Secure accessing podium level security partition third party network and Enterprise information system, realize the secure accessing of mobile terminal;Peace
Certification, data encryption, audit/mandate of user data, the online encryption of file that full access platform layer carries out user identity are real
The security now transmitted;Secure accessing podium level is provided with vpn gateway access service layer, and vpn gateway access service layer includes safety
Gateway access system functional unit, identity authorization system functional unit, data encrypting and deciphering functional unit, Centralized Monitoring management user
Logic block, communicated by high-speed message bus to realize various security services between above-mentioned functional unit.
8. power marketing mobile application security guard system according to claim 7, it is characterised in that:Secure accessing platform
Layer carries out segmented combination deployment, and carries out the slitless connection of Internet;Identity authorization system is carried out using terminal and vpn gateway
Two-way authentication, and pass through CA service authentication mandates.
9. power marketing mobile application security guard system according to claim 8, it is characterised in that:Secure accessing platform
Layer audit/when authorizing work, pass through the collection, analysis, identification of network data, real-time dynamic monitoring Content of Communication, network
Behavior and network traffics, various sensitive informations, unlawful practice are found and captured, Realtime Alerts response, records network system comprehensively
In various sessions and event, realize to the analysis of the intelligent association of the network information, assess and the accurate all-the-way tracking of security incident
Positioning, authoritative reliable support is provided for the formulation of overall network security strategy.
10. power marketing mobile application security guard system according to claim 9, it is characterised in that:Safety/audit work
Work includes:
Content auditing
For providing deep content auditing function, to website visiting, mail transmission/reception, remote terminal access, database access, number
Complete content detection, information reverting function are provided according to transmission, file-sharing;And key word library is can customize, carry out fine granularity
Audit trail;
Behavior auditing
For providing comprehensive network behavior audit function, according to setting behavior auditing strategy, to website visiting, mail transmission/reception,
Database access, remote terminal access, data transfer, file-sharing, the network application behavior of Internet resources abuse are monitored,
To meeting the event Real-time Alarm of behavioral strategy and recording;
Network auditing system
For providing the flow analysis function based on protocol identification, the various message flows that real-time statistics go out in current network, enter
Row integrated flow rate is analyzed, and reliable support is provided for the formulation of flow management strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410423475.1A CN104184735B (en) | 2014-08-26 | 2014-08-26 | Power marketing mobile application security guard system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410423475.1A CN104184735B (en) | 2014-08-26 | 2014-08-26 | Power marketing mobile application security guard system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104184735A CN104184735A (en) | 2014-12-03 |
| CN104184735B true CN104184735B (en) | 2018-03-09 |
Family
ID=51965477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410423475.1A Active CN104184735B (en) | 2014-08-26 | 2014-08-26 | Power marketing mobile application security guard system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104184735B (en) |
Families Citing this family (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180262502A1 (en) * | 2015-09-08 | 2018-09-13 | Siemens Aktiengesellschaft | Method for operating an industrial network and industrial network |
| CN105243603A (en) * | 2015-09-29 | 2016-01-13 | 国网浙江省电力公司温州供电公司 | Power supply scheme assistant establishment system and working method therefor |
| CN105243440A (en) * | 2015-09-29 | 2016-01-13 | 国网浙江省电力公司温州供电公司 | Marketing mobile working platform based paperless office on-site working method |
| CN105704149A (en) * | 2016-03-24 | 2016-06-22 | 国网江苏省电力公司电力科学研究院 | Safety protection method for power mobile application |
| CN106454824A (en) * | 2016-08-12 | 2017-02-22 | 中国南方电网有限责任公司 | System and method for enabling wireless terminal to securely access information Intranet |
| CN106713337B (en) * | 2017-01-03 | 2020-04-21 | 北京并行科技股份有限公司 | Method and system for accessing super computing center and scheduling server |
| CN106850408A (en) * | 2017-01-22 | 2017-06-13 | 山东鲁能软件技术有限公司 | Power informatization system is based on the multi-protocols message mechanism of mobile mixed architecture |
| CN106982204A (en) * | 2017-02-15 | 2017-07-25 | 深圳市中科智库互联网信息安全技术有限公司 | Credible and secure platform |
| CN106992984A (en) * | 2017-04-01 | 2017-07-28 | 国网福建省电力有限公司 | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net |
| CN107231378A (en) * | 2017-07-21 | 2017-10-03 | 云南电网有限责任公司信息中心 | A kind of security control method based on electric power mobile office equipment, apparatus and system |
| CN107295312A (en) * | 2017-08-10 | 2017-10-24 | 上海辰锐信息科技公司 | A kind of wireless video safety access system based on SSL VPN |
| CN109150702B (en) * | 2018-08-16 | 2021-02-05 | 南京南瑞信息通信科技有限公司 | High-performance mobile access gateway for communicating information internal and external networks and method thereof |
| CN110691064B (en) * | 2018-09-27 | 2022-01-04 | 国家电网有限公司 | Safety access protection and detection system for field operation terminal |
| CN109413604A (en) * | 2018-11-02 | 2019-03-01 | 国网浙江省电力有限公司 | A kind of SC collaboration method based on mobile Internet |
| CN110035085A (en) * | 2019-04-19 | 2019-07-19 | 无锡京和信息技术有限公司 | A kind of security system based on mixed architecture |
| CN112437031A (en) * | 2019-08-23 | 2021-03-02 | 金田产业发展(山东)集团有限公司 | Multi-terminal converged homeland resource mobile government system based on heterogeneous network |
| CN110519275A (en) * | 2019-08-28 | 2019-11-29 | 江苏秉信科技有限公司 | A kind of mobile terminal safety operation desktop application implementation method based on electric power Intranet |
| CN110719284A (en) * | 2019-10-08 | 2020-01-21 | 腾讯科技(深圳)有限公司 | Data sharing method and related equipment |
| CN111132136B (en) * | 2019-11-11 | 2023-04-14 | 广东电网有限责任公司广州供电局 | Mobile application information security system application system |
| CN111277607A (en) * | 2020-02-14 | 2020-06-12 | 南京南瑞信息通信科技有限公司 | Communication tunnel module, application monitoring module and mobile terminal security access system |
| CN111510431B (en) * | 2020-03-16 | 2022-04-15 | 国网辽宁省电力有限公司信息通信分公司 | Universal terminal access control platform, client and control method |
| CN111538992A (en) * | 2020-03-20 | 2020-08-14 | 贵州电网有限责任公司 | Network security unified management platform in electric power information |
| CN112104604B (en) * | 2020-08-07 | 2024-03-29 | 国电南瑞科技股份有限公司 | System and method for realizing secure access service based on electric power Internet of things management platform |
| CN111984999B (en) * | 2020-08-20 | 2021-11-30 | 海南电网有限责任公司信息通信分公司 | Safety management and control method and system for power failure first-aid repair system |
| CN112492602B (en) * | 2020-11-19 | 2023-08-01 | 武汉武钢绿色城市技术发展有限公司 | 5G terminal safety access device, system and equipment |
| CN113420084B (en) * | 2021-06-07 | 2023-09-26 | 广东辰宜信息科技有限公司 | Block chain system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN202652534U (en) * | 2012-06-15 | 2013-01-02 | 辽宁省电力有限公司信息通信分公司 | Mobile terminal safety access platform |
| CN103441991A (en) * | 2013-08-12 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Mobile terminal security access platform |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20130005524A (en) * | 2011-07-06 | 2013-01-16 | 한국전자통신연구원 | Method for guaranteeing web based mobility, system, apparatus and computer-readable recording medium with program therefor |
-
2014
- 2014-08-26 CN CN201410423475.1A patent/CN104184735B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN202652534U (en) * | 2012-06-15 | 2013-01-02 | 辽宁省电力有限公司信息通信分公司 | Mobile terminal safety access platform |
| CN103441991A (en) * | 2013-08-12 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Mobile terminal security access platform |
Non-Patent Citations (5)
| Title |
|---|
| 基于数字证书认证的电力移动作业安全接入系统;秦超等;《中国电机工程学会电力通信专委会第八届学术会议论文集》;20111231;全文 * |
| 电力企业移动办公系统的研究与设计;赵永彬等;《辽宁电力信息化建设成果专栏》;20110430;全文 * |
| 电力生产现场作业和终端安全防护研究;郭宝等;《深信服科技》;20101231;正文第1-5节,图7 * |
| 电力移动作业PDA安全接入系统设计与实现;秦超等;《电力系统自动化》;20120630;全文 * |
| 电力营销移动作业安全分析及防护研究;凌行龙等;《ELECTRIC POWER ICT》;20131130;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104184735A (en) | 2014-12-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104184735B (en) | Power marketing mobile application security guard system | |
| Tsai et al. | Information security issue of enterprises adopting the application of cloud computing | |
| KR100696316B1 (en) | Method and apparatus for managing individual information | |
| CN106992984A (en) | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net | |
| CN103441991A (en) | Mobile terminal security access platform | |
| CN101778099A (en) | Architecture accessing trusted network for tolerating untrusted components and access method thereof | |
| CN103716785A (en) | Mobile Internet security service system | |
| Crossman et al. | Study of authentication with IoT testbed | |
| CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
| CN104219077A (en) | Information management system for middle and small-sized enterprises | |
| CN103780584A (en) | Cloud computing-based identity authentication fusion method | |
| Samaras et al. | An enterprise security architecture for accessing SaaS cloud services with BYOD | |
| CN104506480A (en) | Cross-domain access control method and system based on marking and auditing combination | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
| Vorakulpipat et al. | Managing mobile device security in critical infrastructure sectors | |
| Toapanta et al. | Definition of a security prototype for IoT applied to higher education | |
| CN203164961U (en) | Safe portable storage device | |
| KHVOSTOV et al. | Security threats to personal data in the implementation of distance educational services using mobile technologies | |
| Kaushik et al. | a novel approach for an automated advanced MITM attack on IoT networks | |
| US20170237564A1 (en) | Two-parts-are-one password | |
| Cangea | A Comparative Analysis of Internet of Things Security Strategies. | |
| Tymchenko et al. | Risks of Loss of Personal Data in the Process of Sending and Printing Documents. | |
| Al Ladan | A review and a classifications of mobile cloud computing security issues | |
| CN206181100U (en) | Safe fortune dimension access device based on smart power grids scheduling control system | |
| Joshi et al. | A Comprehensive Study of Vulnerability Assessment Techniques of Existing Banking Apps |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310007 Huanglong Road, Hangzhou, Zhejiang, No. 8, No. Applicant after: STATE GRID ZHEJIANG ELECTRIC POWER Co.,Ltd. Applicant after: JIAXING POWER SUPPLY COMPANY OF STATE GRID ZHEJIANG ELECTRIC POWER Co. Applicant after: State Grid Corporation of China Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: STATE GRID ZHEJIANG ELECTRIC POWER Co.,Ltd. Applicant before: JIAXING POWER SUPPLY COMPANY OF STATE GRID ZHEJIANG ELECTRIC POWER Co. Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: STATE GRID ZHEJIANG ELECTRIC POWER Co.,Ltd. Applicant after: JIAXING POWER SUPPLY COMPANY OF STATE GRID ZHEJIANG ELECTRIC POWER Co. Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: STATE GRID ZHEJIANG ELECTRIC POWER Co. Applicant before: JIAXING POWER SUPPLY COMPANY OF STATE GRID ZHEJIANG ELECTRIC POWER Co. |
|
| CB02 | Change of applicant information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Tu Ying Inventor after: Jin Liangfeng Inventor after: Yan Yong Inventor after: Huang Ruizhang Inventor after: Liu Huan Inventor after: Li Nan Inventor after: Ma Chuang Inventor after: Shen Chao Inventor after: Sun Yishen Inventor after: He Wei Inventor after: Mi Xiaobo Inventor after: Xiao Shijie Inventor after: Changwei Inventor after: Lv Shining Inventor after: Gu Hongjie Inventor after: Lin Kaifeng Inventor after: Wu Hui Inventor after: Zhang Yan Inventor after: Qiu Huadong Inventor after: Ye Sheng Inventor after: Zheng Bin Inventor after: Hu Ruoyun Inventor after: Ding Qi Inventor after: Shen Ran Inventor before: Tu Ying Inventor before: Ma Chuang Inventor before: Shen Chao Inventor before: Sun Yishen Inventor before: He Wei Inventor before: Mi Xiaobo Inventor before: Changwei |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |