CN104918248A - Enterprise mobile safety gateway method of application flow management, application acceleration and safety - Google Patents

Enterprise mobile safety gateway method of application flow management, application acceleration and safety Download PDF

Info

Publication number
CN104918248A
CN104918248A CN201510179474.1A CN201510179474A CN104918248A CN 104918248 A CN104918248 A CN 104918248A CN 201510179474 A CN201510179474 A CN 201510179474A CN 104918248 A CN104918248 A CN 104918248A
Authority
CN
China
Prior art keywords
mobile terminal
gateway
safety
mobile
software module
Prior art date
Application number
CN201510179474.1A
Other languages
Chinese (zh)
Inventor
高振国
杨海雷
李孝金
王倬遥
Original Assignee
深圳市高星文网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市高星文网络科技有限公司 filed Critical 深圳市高星文网络科技有限公司
Priority to CN201510179474.1A priority Critical patent/CN104918248A/en
Publication of CN104918248A publication Critical patent/CN104918248A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition

Abstract

The invention discloses an enterprise mobile safety gateway method of application flow management, application acceleration and safety. By utilizing a software module running on a mobile terminal and a software module running on a switch, various mobile terminal equipment, protection equipment and control data are managed in a unified manner. The method successively comprises the following steps: establishing a VPN safety channel between the software module designed to run on the mobile terminal and a gateway, providing a user identity, an access content, using equipment, equipment state and other information to a mobile safety administrator through the gateway, executing a corresponding safety strategy by the software module running on the gateway according to the provided user identity, the access content, the using equipment, the equipment state and the other information, controlling the mobile terminal to be capable of accessing the data authority, and performing application delivery, application acceleration and application safety through the software module running on the gateway. The interactive method can manage various mobile terminal equipment, protection equipment and control data in a unified manner, and can greatly improve enterprise mobile safety.

Description

The Enterprise Mobile security gateway method of traffic management, application acceleration and safety

Technical field

The present invention relates to the fields such as traffic management, application delivery, application acceleration and safety, particularly utilize data security when different network environments and various hand-held mobile terminal access sensitive data with mutual.

Background technology

Along with the maturation of intelligent terminal is with universal, progress into enterprise's application with the individual intelligent terminal that mobile phone, panel computer are representative.According to the prediction of internal authority consulting firm Gartner, will support that employee runs enterprise's office application program on individual mobile device to the enterprises of 2014 90%, employee uses individual intelligent terminal to handle official business has become a kind of trend that cannot reverse.This kind of phenomenon being called as BYOD (Bring Your Own Device, from carrying device office) is that enterprise security and management bring new challenge:

1. the mobile device of enterprise staff can access mobile Internet or public/home Wi-Fi network at any time and any place, and the business data in mobile terminal also can be exposed under the attack from the Internet.

2. enterprise staff arbitrarily can access, access business data, thus there is business data and illegally uploaded by individual, share and the risk that leaks.As being stored in office mail, file, picture, communications records and the note etc. relevant with business tine in mobile phone, the leakage of these sensitive informations brings great Information Security Risk to enterprise.

3. lose or stolen mobile device, therefore the enterprise's sensitive data preserved in mobile device also faces risk of divulging a secret.

4. mobile phone viruses exponentially formula growth, mobile device becomes the springboard of infiltration corporate intranet.

Commercial mobile device is usually operated at cannot by the outside of enterprise or organizational controls and far-end, and the equipment of the application and sensitive data that can access enterprise may be stolen, reveal, or error configurations, thus enterprise assets are placed among danger.

Present mainly contains two kinds of solutions for Enterprise Mobile safety problem:

The first solution still gets down to terminal, by disposing in terminal, marks off an independently region on the mobile apparatus, and isolated company information and personal information, avoid business data to be obtained by third-party application.Its Technical Architecture is made up of mobile terminal APP and server end control desk, and control desk, in the mode of the privately owned cloud of enterprise or publicly-owned cloud, on the generic server being deployed to corporate intranet or computer, realizes mobile terminal administration, tactical management issues, Enterprise Application Management etc.APP then sets up the service area of a safety on mobile terminals, and the application in service area and data are protected, and guarantees business data safety on mobile terminals by means such as monitoring, encryptions.Its structural system as shown in Figure 1.

The second solution is started with by gateway; a gateway is set up in the connection centre of mobile terminal and enterprise servers; by carrying out security configuration on gateway; use mobile terminal when accessing business data through gateway; and the data of its access are allowed according to the security configuration access of gateway; thus reach management mobile device, the object of protection business data.

, all there is certain deficiency, mainly contain following problem in above two kinds of solutions:

(1) the current solution user scheme of determining is only applicable to mobile terminal, and it is larger effectively can not to be transplanted to use, the terminal that utilization rate is higher.

(2) because safeguard procedures all act on mobile terminal, and Standard User management system is not used, so there is greatly difficulty in management, cannot leading subscriber and mobile device in active set.

(3) add intermediate equipment when mobile terminal and publicly-owned cloud carry out data interaction, add the access time.

(4) because the operations such as all antivirus protections, safety monitoring are undertaken by mobile terminal, significantly increase the load of mobile terminal, cause mobile terminal performance to reduce, consuming energy increases.Simultaneously because the renewal of software is completed by mobile terminal personal, if do not upgrade in time, potential safety hazard can be caused simultaneously.

(5) if some documents of Office Area need the program calling individual region to open, so information is also jump to individual region from Office Area, and this still can cause a great hidden danger to enterprise information security.

Summary of the invention

The technical problem to be solved in the present invention is the weak point avoiding above-mentioned present technology, and proposes a kind of Enterprise Mobile security gateway method of traffic management, application acceleration and safety.When not changing the present network configuration of enterprise; quickly and safely all kinds of mobile terminals of accessing enterprise's sensitive data under various different network environments can be carried out unified standard management, reach the effect of proterctive equipment, management equipment, control data.

The present invention solve the technical problem can by realizing by the following technical solutions:

The Enterprise Mobile security gateway method of traffic management, application acceleration and safety, the software module of the software module that utilization runs on mobile terminals and the operation at switch, realizes the application delivery of mobile terminal and server end, mainly comprises the following steps:

(1) software module that the software module run on mobile terminals is run on gateway sends the authentication information of mobile terminal;

(2) software module that the authentication information of mobile terminal is run on gateway is transferred to mobile security keeper.

(3) mobile security keeper verifies the authentication information received, and the result is transmitted back gateway;

(4) gateway receives the result of mobile security keeper, and carries out corresponding operation according to the result;

(5) the different level of securitys that divide according to gateway of mobile terminal, the business data that its access strategy corresponding configuration allows; The software module that gateway runs is embedded with application delivery and traffic management module, application acceleration module and application safety module, for the protection of equipment, management equipment and control data.

Run software module on mobile terminals, use single sign-on technology once to log in and keep continuing to connect; Active Directory family verification mode or the mobile terminal of other Standard User way to manage to access enterprises server is used to carry out unified identity authentication management.

In transmission data procedures, use encryption technology to set up escape way, force all message references of mobile device all to flow through this passage and transmit, prevent data in transmitting procedure from illegally being stolen.

In described step (4), gateway carries out corresponding being operating as according to the result: operate in the authentication information that the software module on gateway transmits mobile terminal whether legal according to intrinsic safety Policy evaluation mobile terminal, if judged result is that this mobile terminal is illegal, then refuse this mobile terminal connecting system; If judged result is that this mobile terminal is legal, then allow mobile terminal connecting system; The user identity simultaneously provided according to mobile terminal, access content, use equipment and status information of equipment carry out delineation of power to the user logged in.

Compared with prior art, beneficial effect of the present invention is as follows:

(1) in complete architecture of the present invention, for Problems existing in current solution, use Active Directory microsoft components or other Standard User way to manage, solving mobile terminal and computer client cannot the problem of unified management, make mobile terminal and computer client carry out same standard, solve the unified management problem of enterprise in the face of each Terminal Type.

(2) in architecture of the present invention, mobile security gateway processes is all transferred in the operations such as all antivirus protections, safety monitoring, the power consumption completely solving mobile terminal is high, the problem that resource occupation is high, the resource of mobile terminal is freed completely, greatly improves performance and the flying power of mobile terminal.

(3) in architecture of the present invention, mobile security gateway has application delivery, application acceleration and safety function module simultaneously, for increase exchanges data speed, improve enterprise servers fail safes and serve great facilitation, solve because add the problems such as the access speed that miscellaneous equipment causes is slack-off, time delay between mobile terminal and enterprise servers.

Accompanying drawing explanation

Below in conjunction with accompanying drawing, the present invention is illustrated in further detail:

Fig. 1 is prior art structural system schematic diagram;

Fig. 2 is present system structure chart;

Fig. 3 is handling process schematic diagram of the present invention.

Embodiment

When Enterprise Mobile user needs access corporate sever sensitive data, design and set up VPN escape way in the software module of running of mobile terminal and gateway, and provide user identity by gateway to mobile security keeper, access content, the information such as use equipment and equipment state, the software module that gateway runs according to the user identity provided, access content, the corresponding security strategy of information and executing such as use equipment and equipment state controls mobile terminal can the authority of visit data, mobile terminal and enterprise servers carry out application alternately.Software module simultaneously by gateway runs practices the functions such as payment, application acceleration and application safety.

Be arranged in the software module of gateway above-mentioned, comprise following functions module:

A. application delivery and traffic management module

Utilize the technology such as content exchange, load balancing, dynamics route selection, Access Control List (ACL), integrate Hardware & software system, high-quality operation rank and high availability are provided, ultimate guarantee user security, the enterprise of access efficiently sensitive data.

B. application acceleration module

Integrate the technology such as SSL unloading, applied compression, application cache, TCP buffering and optimization, optimized by infrastructure, intelligent HTTP compression, frees server resource, guarantee that high-priority applications obtains priority treatment, greatly improve server performance and reduce bandwidth cost.

C. application safety module

The application safety functions such as the protection supporting to attack denial of service (DoS), secure content are hidden, application attaching filtering, HTTP rewriting, Priority Queues, surge protection; with the addition of the multinomial key safety feature that can not realize in network others place, the data security of general warranty server.

Fig. 3 is process chart: when Enterprise Mobile user needs access corporate sever sensitive data, design and set up VPN escape way in the software module of running of mobile terminal and gateway, and provide user identity by gateway to mobile security keeper, access content, the authorization information such as use equipment and equipment state, the result that the software module that gateway runs returns according to mobile security keeper performs corresponding operating.If the result does not pass through, gateway is then refused mobile terminal accessing and is returned the result to mobile terminal; If the result passes through, the user identity that mobile security keeper provides according to mobile terminal, access content, the information such as use equipment and equipment state carries out corresponding security configuration, gateway performs the security strategy of mobile security administrator configurations, simultaneously by functional modules such as traffic management, application delivery, application acceleration and safety, realize the data interaction of mobile terminal and server, ensure fail safe and the high speed of data exchange process simultaneously.

Claims (4)

1. the Enterprise Mobile security gateway method of traffic management, application acceleration and safety, is characterized in that, mainly comprise the following steps:
(1) software module that the software module run on mobile terminals is run on gateway sends the authentication information of mobile terminal;
(2) software module that the authentication information of mobile terminal is run on gateway is transferred to mobile security keeper.
(3) mobile security keeper verifies the authentication information received, and the result is transmitted back gateway;
(4) gateway receives the result of mobile security keeper, and carries out corresponding operation according to the result;
(5) the different level of securitys that divide according to gateway of mobile terminal, the business data that its access strategy corresponding configuration allows; The software module that gateway runs is embedded with application delivery and traffic management module, application acceleration module and application safety module, for the protection of equipment, management equipment and control data.
2. the Enterprise Mobile security gateway method of traffic management according to claim 1, application acceleration and safety, is characterized in that, runs software module on mobile terminals, uses single sign-on technology once to log in and keeps continuing to connect; Active Directory family verification mode or the mobile terminal of other Standard User way to manage to access enterprises server is used to carry out unified identity authentication management.
3. the Enterprise Mobile security gateway method of traffic management according to claim 1, application acceleration and safety, it is characterized in that, in transmission data procedures, use encryption technology to set up escape way, force all message references of mobile device all to flow through this passage to transmit, prevent data in transmitting procedure from illegally being stolen.
4. the Enterprise Mobile security gateway method of traffic management according to claim 1, application acceleration and safety, it is characterized in that, in described step (4), gateway carries out corresponding being operating as according to the result: operate in the authentication information that the software module on gateway transmits mobile terminal whether legal according to intrinsic safety Policy evaluation mobile terminal, if judged result is that this mobile terminal is illegal, then refuse this mobile terminal connecting system; If judged result is that this mobile terminal is legal, then allow mobile terminal connecting system; The user identity simultaneously provided according to mobile terminal, access content, use equipment and status information of equipment carry out delineation of power to the user logged in.
CN201510179474.1A 2015-04-16 2015-04-16 Enterprise mobile safety gateway method of application flow management, application acceleration and safety CN104918248A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510179474.1A CN104918248A (en) 2015-04-16 2015-04-16 Enterprise mobile safety gateway method of application flow management, application acceleration and safety

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510179474.1A CN104918248A (en) 2015-04-16 2015-04-16 Enterprise mobile safety gateway method of application flow management, application acceleration and safety

Publications (1)

Publication Number Publication Date
CN104918248A true CN104918248A (en) 2015-09-16

Family

ID=54086856

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510179474.1A CN104918248A (en) 2015-04-16 2015-04-16 Enterprise mobile safety gateway method of application flow management, application acceleration and safety

Country Status (1)

Country Link
CN (1) CN104918248A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105430009A (en) * 2015-12-25 2016-03-23 北京奇虎科技有限公司 Network access method, terminal and gateway server
CN105764095A (en) * 2016-02-22 2016-07-13 苏州蜗牛数字科技股份有限公司 Application identification and control system and application identification and control method based on virtual private network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060224742A1 (en) * 2005-02-28 2006-10-05 Trust Digital Mobile data security system and methods
CN101111053A (en) * 2006-07-18 2008-01-23 中兴通讯股份有限公司 System and method for defending network attack in mobile network
CN101789968A (en) * 2010-01-08 2010-07-28 深圳市沟通科技有限公司 Safe enterprise mobile working application delivery method
CN102724175A (en) * 2011-08-26 2012-10-10 北京天地互连信息技术有限公司 Remote communication security management architecture of ubiquitous green community control network and method for constructing the same
CN103297437A (en) * 2013-06-20 2013-09-11 中国软件与技术服务股份有限公司 Safety server access method for mobile intelligent terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060224742A1 (en) * 2005-02-28 2006-10-05 Trust Digital Mobile data security system and methods
CN101111053A (en) * 2006-07-18 2008-01-23 中兴通讯股份有限公司 System and method for defending network attack in mobile network
CN101789968A (en) * 2010-01-08 2010-07-28 深圳市沟通科技有限公司 Safe enterprise mobile working application delivery method
CN102724175A (en) * 2011-08-26 2012-10-10 北京天地互连信息技术有限公司 Remote communication security management architecture of ubiquitous green community control network and method for constructing the same
CN103297437A (en) * 2013-06-20 2013-09-11 中国软件与技术服务股份有限公司 Safety server access method for mobile intelligent terminal

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105430009A (en) * 2015-12-25 2016-03-23 北京奇虎科技有限公司 Network access method, terminal and gateway server
CN105430009B (en) * 2015-12-25 2019-03-08 北京奇虎科技有限公司 A kind of Network Access Method, terminal and gateway server
CN105764095A (en) * 2016-02-22 2016-07-13 苏州蜗牛数字科技股份有限公司 Application identification and control system and application identification and control method based on virtual private network

Similar Documents

Publication Publication Date Title
US10057295B2 (en) System and method for providing network and computer firewall protection with dynamic address isolation to a device
US9231973B1 (en) Automatic intervention
US10243999B2 (en) Methods and systems for providing secure network connections to mobile communications devices
US9747444B1 (en) System and method for providing network security to mobile devices
Rewagad et al. Use of digital signature with diffie hellman key exchange and AES encryption algorithm to enhance data security in cloud computing
US8904477B2 (en) Configuring and providing profiles that manage execution of mobile applications
US9973489B2 (en) Providing virtualized private network tunnels
US10375024B2 (en) Cloud-based virtual private access systems and methods
US10523710B2 (en) Mobile device security, device management, and policy enforcement in a cloud based system
EP2574090B1 (en) Managing mobile device applications
US10110638B2 (en) Enabling dynamic authentication with different protocols on the same port for a switch
KR101954440B1 (en) Providing mobile device management functionalities
US8914845B2 (en) Providing virtualized private network tunnels
EP2574091B1 (en) Managing mobile device applications on a mobile device
US9240977B2 (en) Techniques for protecting mobile applications
US9659165B2 (en) Method and apparatus for accessing corporate data from a mobile device
US10243997B2 (en) Secure and lightweight traffic forwarding systems and methods to cloud based network security systems
US8819768B1 (en) Split password vault
EP2574098B1 (en) Managing mobile device applications in a wireless network
US9305163B2 (en) User, device, and app authentication implemented between a client device and VPN gateway
US9785794B2 (en) Securing sensitive data on a mobile device
US9609460B2 (en) Cloud based mobile device security and policy enforcement
US9344426B2 (en) Accessing enterprise resources while providing denial-of-service attack protection
US8750108B2 (en) System and method for controlling mobile device access to a network
US8650620B2 (en) Methods and apparatus to control privileges of mobile device applications

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20150916

RJ01 Rejection of invention patent application after publication