CN108076069A - Mobile office security system and its method based on Android platform - Google Patents
Mobile office security system and its method based on Android platform Download PDFInfo
- Publication number
- CN108076069A CN108076069A CN201711453092.9A CN201711453092A CN108076069A CN 108076069 A CN108076069 A CN 108076069A CN 201711453092 A CN201711453092 A CN 201711453092A CN 108076069 A CN108076069 A CN 108076069A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- svn
- gateways
- message
- business data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of mobile office security systems and its method based on Android platform, are related to internet security technical field.The system is mobile terminal(10)With SVN gateways(20)Connection;SVN gateways(20)With business data platform(30)Connection.1. user list that the present invention is inquired using the user name password and business data platform that transmit information institute band is matched to judge whether user is enterprise customer;2. it is matched to judge whether user binds equipment id with user's bound device list that business data platform inquires using the user name and equipment id for transmitting information institute band;3. it is matched with the access privilege that business data platform inquires to judge whether user has permission to access corresponding resource using the user name and type of message for transmitting information institute band.The present invention has highly effective and safe, the integrated feature of enterprise's individual office.
Description
Technical field
The present invention relates to network safety filed more particularly to a kind of mobile office security systems based on Android platform
And its method.
Background technology
As the rapid development of intelligent terminal and progressively maturation, the personalized mobile office of 4G technologies enter 5A grades of intelligence
It can handle official business the epoch, i.e., any people by authorizing(Anyone), utilize any smart machine(Any device), at any time
(Anytime), any place(Anywhere), can be transferred through any office resource of network access(Anything)).Thus expedite the emergence of
A kind of mobile office new model --- it handles official business from carrying device(BringYour Own Device, BYOD).This brand-new does
Male model formula has the characteristics that efficient mobility is strong compared to traditional office pattern, and office worker is made to have broken away from time and space
Constraint, employee can use a variety of mobile internet devices such as smart mobile phone, tablet computer, by being based on the networks such as WLAN/4G
Internal enterprise resources and application are accessed, realizes efficient office workflow and resource-sharing.
Since mobile office will pass through the in-house network of open wireless network access government and enterprise, open wireless network
It a series of the problem of of influencing mobile device security such as the diffusion of caused Malware, the invasion of malice website links, will can
As influence mobile office stumbling-block preventing the development.The premise of safety moving office is the safety of mobile office environment, that is, is ensured
Enterprise applies to be run under a secure and trusted environment, and to realize this target can from secure accessing, secure storage,
Security isolation etc. is set about.
The present invention is for the network security problem of mobile office under Android platform, it is proposed that based on Android platform
Mobile office security system and its method.
The content of the invention
The purpose of the present invention is that the network security problem for existing mobile office, provides a kind of based on Android
The mobile office security system and its method of platform, ensure enterprise staff safely, conveniently, efficiently access and access in enterprise
Net can meet the general requirment of mobile office.
The object of the present invention is achieved like this:
First, the mobile office security system based on Android platform(Abbreviation system)
Including mobile terminal, SVN gateways, business data platform;
Its connection relation is:Mobile terminal is connected with SVN gateways;SVN gateways are connected with business data platform.
2nd, the mobile office safety method based on Android platform(Abbreviation method)
This method includes the following steps:
1. send access request
Mobile terminal sends access request by SVN gateways to business data platform, the parameter of request include user name, password,
Equipment id, type of message and message content;
Whether 2. it is correct to verify user password
SVN gateways receive request, and the message with user name password is sent to business data platform, the verification of business data platform
Whether user password is correct, is, enters step 3., is otherwise jumped to by the wrong message of mobile terminal processing required parameter
Step is 1.;
The wrong message of mobile terminal processing required parameter:Business data platform returns to the wrong message of required parameter and gives SVN nets
It closes, message is returned to mobile terminal, the wrong message of mobile terminal processing required parameter by SVN gateways again;
3. judge that equipment id whether there is in list
Message with user name, equipment id is sent to business data platform by SVN gateways, and business data platform is according to user name
The list of devices of user name binding is found out, judges that equipment id whether there is in list, is to enter step 4., otherwise passes through
1. the processing that mobile terminal sends certification request jumps to step;
Mobile terminal sends certification request:Business data platform returns to the unverified message of mobile terminal and gives SVN gateways, SVN nets
It closes and message is returned into mobile terminal again, mobile terminal sends the request of mobile terminal authentication.
4. judge whether access request is reasonable
Message with user name, type of message is sent to business data platform by SVN gateways, and business data platform is according to user
Name finds out the access rights of user, judges whether the access request of mobile terminal is reasonable according to type of message and access rights, is
It then enters step 5., otherwise jumps to step 1. by the insufficient message of mobile terminal processing authority;
The insufficient message of mobile terminal processing authority:Business data platform returns to the insufficient message of permission and gives SVN gateways, SVN nets
It closes and message is returned into mobile terminal, the insufficient message of mobile terminal processing authority.
5. the resource that mobile terminal is asked
The resource that business data platform returns to request gives SVN gateways, and resource is returned to mobile terminal, flow knot by SVN gateways again
Beam.
The present invention has following advantages and good effect:
1. the various requests such as data access, user's login and apparatus bound are communicated by encrypted transmission, safe;
2. the various operations of mobile terminal and business data platform have log recording, User Status, specification user are monitored in real time
Behavior;
3. suitable for enterprise's personal management integration, contact each other is even closer.
Description of the drawings
Fig. 1 is the block diagram of the system;
Fig. 2 is the block diagram of 10 embedded module of mobile terminal;
The step of Fig. 3 is this method is schemed;
Fig. 4 is the sub-process figure of this method step 3..
In figure:
10-mobile terminal,
11-the 1 mobile terminal, the 12-the 2 mobile terminal ... ... 1N-N mobile terminals,
N is natural number, 1≤N≤1000;
1A-Cipher Strength detection module,
1B-apply compliance detection module,
1C-equipment is escaped from prison detection module,
1D-user equipment binding detection module;
20-SVN gateways;
30-business data platform.
Specific embodiment:
It is described in detail with reference to the accompanying drawings and examples:
First, system
1st, it is overall
Such as Fig. 1, the system includes mobile terminal 10, SVN gateways 20 and business data platform 30;
Its connection relation is:
Mobile terminal 10 and SVN gateways 20 connect;SVN gateways 20 and business data platform 30 connect.
2nd, functional block
1)Mobile terminal 10
Mobile terminal 10 includes the 1st, 2 ... N mobile terminals 11,12 ... 1N, for accessing application resource.
Such as Fig. 2, each mobile terminal 10 be embedded with Cipher Strength detection module 1A, using compliance detection module 1B, set
The standby detection module 1C and user equipment binding detection module 1D that escapes from prison;
Cipher Strength detection module 1A, escape from prison using compliance detection module 1B, equipment detection module 1C and user equipment binding
Detection module 1D is interacted successively.
(1)User password intensity detection module 1A
Whether it is name lattice containing number, English character and spcial character, user name for verifying whether the form of password meets
Formula.
(2)Using compliance detection module 1B
For detecting the application logged in whether in the white list of enterprise's application, if unknown applications, then user is prompted to unload.
(3)Equipment is escaped from prison detection module 1C
For detection device whether ROOT, since ROOT device data securities are low, corporate authentication, user binding equipment it is necessary
It is non-ROOT.
(4)User equipment binding detection module 1D
For detecting whether user is whether enterprise customer and user bind the equipment, carried out by inquiring about enterprise's background data base
Verification.
2)SVN gateways 20
Using the reliable hardware platform of carrier class, safe real-time embedded operating system supports user authentication, terminal recognition,
More virtual gateway functions.
3)Business data platform 30
(1)Hardware configuration:
Title:Tide 2U rack-mount servers-English letter NP5570M4;
CPU:Support 2 Intel Xeon E5-2620V3 series processors, every cpu there are 6 cores;
Memory:16GB*4 DDR4 DIMM memories are configured, support multiple dimm sockets;
Hard disk:With 4 pieces of 3.5 cun of 4T 7200rpm SATA hot plug hard disks;
Network interface card:2 port gigabit ethernet cards;
RAID card function:Independent RAID card is configured, supports RAID5 and RAID1, RAID CACHE 1GB, supports power-off protection;
Support Red Hat Enterprise Linux 5/6/7, SUSE Linux Enterprise Server 10/ 11.
(2)Software configuration:CenOs6.8 systems, fire wall;
(3)Function declaration:Apparatus bound management and control, user authentication management and control.
2nd, method
Such as Fig. 3, this method includes the following steps:
1. send access request -301
Mobile terminal 10 sends access request by SVN gateways 20 to business data platform 30, the parameter of request include user name,
Password, equipment id, type of message and message content;
2. verify user password whether correct -302
SVN gateways 20 receive request, and the message with user name password is sent to business data platform 30, business data platform
Whether 30 verification user passwords are correct, are to enter step 3., otherwise handle that required parameter is wrong disappears by mobile terminal 10
1. breath -306 jumps to step;
Mobile terminal 10 handles the wrong message -306 of required parameter:Business data platform 30 returns to the wrong message of required parameter
To SVN gateways 20, message is returned to mobile terminal 10 by SVN gateways 20 again, and required parameter is wrong disappears for the processing of mobile terminal 10
Breath.
3. judge that equipment id whether there is -303 in list
Message with user name, equipment id is sent to business data platform 30,30 basis of business data platform by SVN gateways 20
User name finds out the list of devices of user name binding, judges that equipment id whether there is in list, is to enter step 4., no
1. the processing that certification request -307 is then sent by mobile terminal 10 jumps to step;
Mobile terminal 10 sends certification request -307:Business data platform 30 returns to the unverified message of mobile terminal 10 to SVN
Message is returned to mobile terminal 10 by gateway 20, SVN gateways 20 again, and mobile terminal 10 sends the request of 10 certification of mobile terminal;
4. judge access request whether rationally -304
Message with user name, type of message is sent to business data platform 30,30, business data platform by SVN gateways 20
The access rights of user are found out according to user name, according to type of message and access rights judge mobile terminal 10 access request whether
Rationally, it is to enter step 5., otherwise jumps to step 1. by the insufficient message -308 of 10 processing authority of mobile terminal;
The insufficient message -308 of 10 processing authority of mobile terminal:Business data platform 30 returns to the insufficient message of permission and gives SVN nets
It closes 20, SVN gateways 20 and message is returned into mobile terminal 10, the insufficient message of 10 processing authority of mobile terminal;
5. the resource -305 that mobile terminal 10 is asked
Business data platform 30 returns to the resource of request to SVN gateways 20, and resource is returned to mobile terminal by SVN gateways 20 again
10;Flow terminates.
Such as Fig. 4,3. step includes following sub-process:
A, mobile terminal 10 sends certification request -401
Mobile terminal 10 sends the request of 10 certification of mobile terminal to SVN gateways 20;
B, 20 CIPHERING REQUEST -402 of SVN gateways
SVN gateways 20 receive request, and request encryption is sent to business data platform 30;
C, business data platform 30 updates the list of devices -403 of user's binding
Business data platform 30 decrypts the CIPHERING REQUEST that SVN gateways 20 send over, and obtains user name and equipment id, updates user
The list of devices of binding;
D, 10 certification of mobile terminal success -404.
3rd, operation principle:
The present invention includes three main services:1st, mobile terminal 10 logs in;2nd, 10 certification of mobile terminal;3rd, mobile terminal 10 accesses
The resource of business data platform 30.
Mobile terminal 10 logs in and 10 certification of mobile terminal completes mobile terminal 10 and accesses business data platform 30 jointly
The preliminary preparation of resource, the resource that mobile terminal 10 accesses business data platform 30 complete mobile terminal 10, SVN gateways
20th, the data communication between 30 three of business data platform;The function that mobile terminal 10 logs in is the required parameter according to login
Pass through Cipher Strength detection module 1A successively, escape from prison using compliance detection module 1B, equipment detection module 1C, user equipment are tied up
Determine the inspection of detection module 1D, check by then logining successfully;The function of 10 certification of mobile terminal is that mobile terminal 10 passes through SVN
Gateway 20 sends the certification request of mobile terminal 10 to business data platform 30, the permission that mobile terminal 10 is allowed to use;It is mobile
The resource that terminal 10 accesses business data platform 30 includes:1st, user name password match is verified;2nd, user name and mobile terminal 10
Binding validatation;3rd, the access authority verification of user's request.
Briefly explained by taking the resource that mobile terminal 10 accesses business data platform 30 as an example mobile terminal 10, SVN gateways 20,
Data communication between 30 three of business data platform.Mobile terminal 10 sends the request for accessing 30 resource of business data platform,
Required parameter includes user name, password, equipment id, type of message, message content;Request message is passed by the encryption of SVN gateways 20
Defeated, user name, password are sent business data platform 30 and carry out database effect by SVN gateways 20 first, if user password is not
Matching then returns to the wrong message of required parameter to mobile terminal 10, and mobile terminal 10 handles message, re-issues and accesses enterprise
The request of the resource of data platform 30;If user name password match, SVN gateways 20 send user name and equipment id to enterprise's number
According to platform 30, database is inquired about, user's bound device list is obtained, checks whether user binds equipment id, if user is not
The equipment is bound, business data platform 30 returns to the unverified message of mobile terminal 10 to mobile terminal 10, and mobile terminal 10 is sent out
Certification request is sent, the resource request for accessing business data platform 30 is issued again after certification success, if user is bundled with the movement
Terminal 10, SVN gateways 20 send user name and type of message to backstage, and inquiry database obtains access privilege, if with
Family meets permission, and business data platform 30 returns to the resource of request.
Claims (2)
1. a kind of mobile office safety method based on Android platform, it is characterised in that:
System includes mobile terminal(10), SVN gateways(20)With business data platform(30);
Its connection relation is:
Mobile terminal(10)With SVN gateways(20)Connection;SVN gateways(20)With business data platform(30)Connection;
Method comprises the following steps:
1. send access request(301)
Mobile terminal sends access request by SVN gateways to business data platform, the parameter of request include user name, password,
Equipment id, type of message and message content;
Whether 2. it is correct to verify user password(302)
SVN gateways receive request, and the message with user name password is sent to business data platform, the verification of business data platform
Whether user password is correct, is, enters step 3., otherwise by the wrong message of mobile terminal processing required parameter(306)It jumps
Go to step 1.;
The wrong message of mobile terminal processing required parameter(306):Business data platform returns to the wrong message of required parameter and gives
Message is returned to mobile terminal, the wrong message of mobile terminal processing required parameter by SVN gateways, SVN gateways again;
3. judge that equipment id whether there is in list(303)
Message with user name, equipment id is sent to business data platform by SVN gateways, and business data platform is according to user name
The list of devices of user name binding is found out, judges that equipment id whether there is in list, is to enter step 4., otherwise passes through
Mobile terminal sends certification request(307)Processing jump to step 1.;
Mobile terminal sends certification request(307):Business data platform returns to the unverified message of mobile terminal and gives SVN gateways,
Message is returned to mobile terminal by SVN gateways again, and mobile terminal sends the request of mobile terminal authentication;
4. judge whether access request is reasonable(304)
Message with user name, type of message is sent to business data platform by SVN gateways, and business data platform is according to user
Name finds out the access rights of user, judges whether the access request of mobile terminal is reasonable according to type of message and access rights, is
It then enters step 5., otherwise by the insufficient message of mobile terminal processing authority(308)Jump to step 1.;
The insufficient message of mobile terminal processing authority(308):Business data platform returns to the insufficient message of permission and gives SVN gateways,
Message is returned to mobile terminal, the insufficient message of mobile terminal processing authority by SVN gateways;
5. the resource that mobile terminal is asked(305)
The resource that business data platform returns to request gives SVN gateways, and resource is returned to mobile terminal, flow knot by SVN gateways again
Beam.
2. by a kind of mobile office safety method based on Android platform described in claim 1, it is characterised in that:
3. the step includes following sub-process:
A, mobile terminal sends certification request(401)
Mobile terminal sends mobile terminal to SVN gateways(The request of certification;
B, SVN gateways CIPHERING REQUEST(402)
SVN gateways receive request, and request encryption is sent to business data platform;
C, the list of devices of business data platform update user binding(403)
The CIPHERING REQUEST that business data platform decryption SVN gateways send over obtains user name and equipment id, update user's binding
List of devices;
D, mobile terminal authentication success(404).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711453092.9A CN108076069A (en) | 2017-12-28 | 2017-12-28 | Mobile office security system and its method based on Android platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711453092.9A CN108076069A (en) | 2017-12-28 | 2017-12-28 | Mobile office security system and its method based on Android platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108076069A true CN108076069A (en) | 2018-05-25 |
Family
ID=62155703
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711453092.9A Withdrawn CN108076069A (en) | 2017-12-28 | 2017-12-28 | Mobile office security system and its method based on Android platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108076069A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101102329A (en) * | 2007-07-25 | 2008-01-09 | 中国移动通信集团福建有限公司 | Device for WAP mobile phone terminal office application system |
CN104202338A (en) * | 2014-09-23 | 2014-12-10 | 中国南方电网有限责任公司 | Secure access method applicable to enterprise-level mobile applications |
CN104754582A (en) * | 2013-12-31 | 2015-07-01 | 中兴通讯股份有限公司 | Client and method for maintaining BYOD (Bring Your Own Device) safety |
US20160085533A1 (en) * | 2014-09-24 | 2016-03-24 | Oracle International Corporation | Compartmentalizing application distribution for disparate electronic devices |
CN107231346A (en) * | 2017-05-03 | 2017-10-03 | 北京海顿中科技术有限公司 | A kind of method of cloud platform identification |
-
2017
- 2017-12-28 CN CN201711453092.9A patent/CN108076069A/en not_active Withdrawn
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101102329A (en) * | 2007-07-25 | 2008-01-09 | 中国移动通信集团福建有限公司 | Device for WAP mobile phone terminal office application system |
CN104754582A (en) * | 2013-12-31 | 2015-07-01 | 中兴通讯股份有限公司 | Client and method for maintaining BYOD (Bring Your Own Device) safety |
CN104202338A (en) * | 2014-09-23 | 2014-12-10 | 中国南方电网有限责任公司 | Secure access method applicable to enterprise-level mobile applications |
US20160085533A1 (en) * | 2014-09-24 | 2016-03-24 | Oracle International Corporation | Compartmentalizing application distribution for disparate electronic devices |
CN107231346A (en) * | 2017-05-03 | 2017-10-03 | 北京海顿中科技术有限公司 | A kind of method of cloud platform identification |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102077208B (en) | The method and system of the licence of protected content is provided to application program collection | |
CA2935688C (en) | System and method for biometric protocol standards | |
Martin et al. | 2011 CWE/SANS top 25 most dangerous software errors | |
US20080120698A1 (en) | Systems and methods for authenticating a device | |
US20080120707A1 (en) | Systems and methods for authenticating a device by a centralized data server | |
CN104320389B (en) | A kind of fusion identity protection system and method based on cloud computing | |
CN110287739B (en) | Data security management method and system based on hardware private key storage technology | |
Jeong et al. | An efficient authentication system of smart device using multi factors in mobile cloud service architecture | |
CN108965222A (en) | Identity identifying method, system and computer readable storage medium | |
KR102008668B1 (en) | Security system and method for protecting personal information of file stored in external storage device | |
CN106488452A (en) | A kind of mobile terminal safety access authentication method of combination fingerprint | |
US9443067B1 (en) | System for the distribution and deployment of applications, with provisions for security and policy conformance | |
CN106778138A (en) | The control method and device of software license limit | |
KR101441581B1 (en) | Multi-layer security apparatus and multi-layer security method for cloud computing environment | |
CN104270250A (en) | WiFi Internet surfing connecting authentication method and system based on asymmetric full-process encryption | |
CN109743306B (en) | Account security evaluation method, system, device and medium | |
CN118300814A (en) | Cross-platform login method and system | |
CN111092734B (en) | Product activation authentication method based on ad hoc network communication | |
KR101583698B1 (en) | Authentication system and method for device attempting connection | |
CN106156640B (en) | Information O&M service knowledge sharing method based on big data trust computing | |
CN102647415A (en) | Audio-interface-based method and system for providing identity authentication | |
CN108076069A (en) | Mobile office security system and its method based on Android platform | |
Wu et al. | Research of eid mobile identity authentication method | |
Lee et al. | A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services | |
CN111464543B (en) | Teaching information safety protection system based on cloud platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180525 |
|
WW01 | Invention patent application withdrawn after publication |