CN108076069A - Mobile office security system and its method based on Android platform - Google Patents

Mobile office security system and its method based on Android platform Download PDF

Info

Publication number
CN108076069A
CN108076069A CN201711453092.9A CN201711453092A CN108076069A CN 108076069 A CN108076069 A CN 108076069A CN 201711453092 A CN201711453092 A CN 201711453092A CN 108076069 A CN108076069 A CN 108076069A
Authority
CN
China
Prior art keywords
mobile terminal
svn
gateways
message
business data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201711453092.9A
Other languages
Chinese (zh)
Inventor
卿圣武
李伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HONGXU INFORMATION TECHNOLOGY Co Ltd WUHAN
Original Assignee
HONGXU INFORMATION TECHNOLOGY Co Ltd WUHAN
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HONGXU INFORMATION TECHNOLOGY Co Ltd WUHAN filed Critical HONGXU INFORMATION TECHNOLOGY Co Ltd WUHAN
Priority to CN201711453092.9A priority Critical patent/CN108076069A/en
Publication of CN108076069A publication Critical patent/CN108076069A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of mobile office security systems and its method based on Android platform, are related to internet security technical field.The system is mobile terminal(10)With SVN gateways(20)Connection;SVN gateways(20)With business data platform(30)Connection.1. user list that the present invention is inquired using the user name password and business data platform that transmit information institute band is matched to judge whether user is enterprise customer;2. it is matched to judge whether user binds equipment id with user's bound device list that business data platform inquires using the user name and equipment id for transmitting information institute band;3. it is matched with the access privilege that business data platform inquires to judge whether user has permission to access corresponding resource using the user name and type of message for transmitting information institute band.The present invention has highly effective and safe, the integrated feature of enterprise's individual office.

Description

Mobile office security system and its method based on Android platform
Technical field
The present invention relates to network safety filed more particularly to a kind of mobile office security systems based on Android platform And its method.
Background technology
As the rapid development of intelligent terminal and progressively maturation, the personalized mobile office of 4G technologies enter 5A grades of intelligence It can handle official business the epoch, i.e., any people by authorizing(Anyone), utilize any smart machine(Any device), at any time (Anytime), any place(Anywhere), can be transferred through any office resource of network access(Anything)).Thus expedite the emergence of A kind of mobile office new model --- it handles official business from carrying device(BringYour Own Device, BYOD).This brand-new does Male model formula has the characteristics that efficient mobility is strong compared to traditional office pattern, and office worker is made to have broken away from time and space Constraint, employee can use a variety of mobile internet devices such as smart mobile phone, tablet computer, by being based on the networks such as WLAN/4G Internal enterprise resources and application are accessed, realizes efficient office workflow and resource-sharing.
Since mobile office will pass through the in-house network of open wireless network access government and enterprise, open wireless network It a series of the problem of of influencing mobile device security such as the diffusion of caused Malware, the invasion of malice website links, will can As influence mobile office stumbling-block preventing the development.The premise of safety moving office is the safety of mobile office environment, that is, is ensured Enterprise applies to be run under a secure and trusted environment, and to realize this target can from secure accessing, secure storage, Security isolation etc. is set about.
The present invention is for the network security problem of mobile office under Android platform, it is proposed that based on Android platform Mobile office security system and its method.
The content of the invention
The purpose of the present invention is that the network security problem for existing mobile office, provides a kind of based on Android The mobile office security system and its method of platform, ensure enterprise staff safely, conveniently, efficiently access and access in enterprise Net can meet the general requirment of mobile office.
The object of the present invention is achieved like this:
First, the mobile office security system based on Android platform(Abbreviation system)
Including mobile terminal, SVN gateways, business data platform;
Its connection relation is:Mobile terminal is connected with SVN gateways;SVN gateways are connected with business data platform.
2nd, the mobile office safety method based on Android platform(Abbreviation method)
This method includes the following steps:
1. send access request
Mobile terminal sends access request by SVN gateways to business data platform, the parameter of request include user name, password, Equipment id, type of message and message content;
Whether 2. it is correct to verify user password
SVN gateways receive request, and the message with user name password is sent to business data platform, the verification of business data platform Whether user password is correct, is, enters step 3., is otherwise jumped to by the wrong message of mobile terminal processing required parameter Step is 1.;
The wrong message of mobile terminal processing required parameter:Business data platform returns to the wrong message of required parameter and gives SVN nets It closes, message is returned to mobile terminal, the wrong message of mobile terminal processing required parameter by SVN gateways again;
3. judge that equipment id whether there is in list
Message with user name, equipment id is sent to business data platform by SVN gateways, and business data platform is according to user name The list of devices of user name binding is found out, judges that equipment id whether there is in list, is to enter step 4., otherwise passes through 1. the processing that mobile terminal sends certification request jumps to step;
Mobile terminal sends certification request:Business data platform returns to the unverified message of mobile terminal and gives SVN gateways, SVN nets It closes and message is returned into mobile terminal again, mobile terminal sends the request of mobile terminal authentication.
4. judge whether access request is reasonable
Message with user name, type of message is sent to business data platform by SVN gateways, and business data platform is according to user Name finds out the access rights of user, judges whether the access request of mobile terminal is reasonable according to type of message and access rights, is It then enters step 5., otherwise jumps to step 1. by the insufficient message of mobile terminal processing authority;
The insufficient message of mobile terminal processing authority:Business data platform returns to the insufficient message of permission and gives SVN gateways, SVN nets It closes and message is returned into mobile terminal, the insufficient message of mobile terminal processing authority.
5. the resource that mobile terminal is asked
The resource that business data platform returns to request gives SVN gateways, and resource is returned to mobile terminal, flow knot by SVN gateways again Beam.
The present invention has following advantages and good effect:
1. the various requests such as data access, user's login and apparatus bound are communicated by encrypted transmission, safe;
2. the various operations of mobile terminal and business data platform have log recording, User Status, specification user are monitored in real time Behavior;
3. suitable for enterprise's personal management integration, contact each other is even closer.
Description of the drawings
Fig. 1 is the block diagram of the system;
Fig. 2 is the block diagram of 10 embedded module of mobile terminal;
The step of Fig. 3 is this method is schemed;
Fig. 4 is the sub-process figure of this method step 3..
In figure:
10-mobile terminal,
11-the 1 mobile terminal, the 12-the 2 mobile terminal ... ... 1N-N mobile terminals,
N is natural number, 1≤N≤1000;
1A-Cipher Strength detection module,
1B-apply compliance detection module,
1C-equipment is escaped from prison detection module,
1D-user equipment binding detection module;
20-SVN gateways;
30-business data platform.
Specific embodiment:
It is described in detail with reference to the accompanying drawings and examples:
First, system
1st, it is overall
Such as Fig. 1, the system includes mobile terminal 10, SVN gateways 20 and business data platform 30;
Its connection relation is:
Mobile terminal 10 and SVN gateways 20 connect;SVN gateways 20 and business data platform 30 connect.
2nd, functional block
1)Mobile terminal 10
Mobile terminal 10 includes the 1st, 2 ... N mobile terminals 11,12 ... 1N, for accessing application resource.
Such as Fig. 2, each mobile terminal 10 be embedded with Cipher Strength detection module 1A, using compliance detection module 1B, set The standby detection module 1C and user equipment binding detection module 1D that escapes from prison;
Cipher Strength detection module 1A, escape from prison using compliance detection module 1B, equipment detection module 1C and user equipment binding Detection module 1D is interacted successively.
(1)User password intensity detection module 1A
Whether it is name lattice containing number, English character and spcial character, user name for verifying whether the form of password meets Formula.
(2)Using compliance detection module 1B
For detecting the application logged in whether in the white list of enterprise's application, if unknown applications, then user is prompted to unload.
(3)Equipment is escaped from prison detection module 1C
For detection device whether ROOT, since ROOT device data securities are low, corporate authentication, user binding equipment it is necessary It is non-ROOT.
(4)User equipment binding detection module 1D
For detecting whether user is whether enterprise customer and user bind the equipment, carried out by inquiring about enterprise's background data base Verification.
2)SVN gateways 20
Using the reliable hardware platform of carrier class, safe real-time embedded operating system supports user authentication, terminal recognition, More virtual gateway functions.
3)Business data platform 30
(1)Hardware configuration:
Title:Tide 2U rack-mount servers-English letter NP5570M4;
CPU:Support 2 Intel Xeon E5-2620V3 series processors, every cpu there are 6 cores;
Memory:16GB*4 DDR4 DIMM memories are configured, support multiple dimm sockets;
Hard disk:With 4 pieces of 3.5 cun of 4T 7200rpm SATA hot plug hard disks;
Network interface card:2 port gigabit ethernet cards;
RAID card function:Independent RAID card is configured, supports RAID5 and RAID1, RAID CACHE 1GB, supports power-off protection;
Support Red Hat Enterprise Linux 5/6/7, SUSE Linux Enterprise Server 10/ 11.
(2)Software configuration:CenOs6.8 systems, fire wall;
(3)Function declaration:Apparatus bound management and control, user authentication management and control.
2nd, method
Such as Fig. 3, this method includes the following steps:
1. send access request -301
Mobile terminal 10 sends access request by SVN gateways 20 to business data platform 30, the parameter of request include user name, Password, equipment id, type of message and message content;
2. verify user password whether correct -302
SVN gateways 20 receive request, and the message with user name password is sent to business data platform 30, business data platform Whether 30 verification user passwords are correct, are to enter step 3., otherwise handle that required parameter is wrong disappears by mobile terminal 10 1. breath -306 jumps to step;
Mobile terminal 10 handles the wrong message -306 of required parameter:Business data platform 30 returns to the wrong message of required parameter To SVN gateways 20, message is returned to mobile terminal 10 by SVN gateways 20 again, and required parameter is wrong disappears for the processing of mobile terminal 10 Breath.
3. judge that equipment id whether there is -303 in list
Message with user name, equipment id is sent to business data platform 30,30 basis of business data platform by SVN gateways 20 User name finds out the list of devices of user name binding, judges that equipment id whether there is in list, is to enter step 4., no 1. the processing that certification request -307 is then sent by mobile terminal 10 jumps to step;
Mobile terminal 10 sends certification request -307:Business data platform 30 returns to the unverified message of mobile terminal 10 to SVN Message is returned to mobile terminal 10 by gateway 20, SVN gateways 20 again, and mobile terminal 10 sends the request of 10 certification of mobile terminal;
4. judge access request whether rationally -304
Message with user name, type of message is sent to business data platform 30,30, business data platform by SVN gateways 20 The access rights of user are found out according to user name, according to type of message and access rights judge mobile terminal 10 access request whether Rationally, it is to enter step 5., otherwise jumps to step 1. by the insufficient message -308 of 10 processing authority of mobile terminal;
The insufficient message -308 of 10 processing authority of mobile terminal:Business data platform 30 returns to the insufficient message of permission and gives SVN nets It closes 20, SVN gateways 20 and message is returned into mobile terminal 10, the insufficient message of 10 processing authority of mobile terminal;
5. the resource -305 that mobile terminal 10 is asked
Business data platform 30 returns to the resource of request to SVN gateways 20, and resource is returned to mobile terminal by SVN gateways 20 again 10;Flow terminates.
Such as Fig. 4,3. step includes following sub-process:
A, mobile terminal 10 sends certification request -401
Mobile terminal 10 sends the request of 10 certification of mobile terminal to SVN gateways 20;
B, 20 CIPHERING REQUEST -402 of SVN gateways
SVN gateways 20 receive request, and request encryption is sent to business data platform 30;
C, business data platform 30 updates the list of devices -403 of user's binding
Business data platform 30 decrypts the CIPHERING REQUEST that SVN gateways 20 send over, and obtains user name and equipment id, updates user The list of devices of binding;
D, 10 certification of mobile terminal success -404.
3rd, operation principle:
The present invention includes three main services:1st, mobile terminal 10 logs in;2nd, 10 certification of mobile terminal;3rd, mobile terminal 10 accesses The resource of business data platform 30.
Mobile terminal 10 logs in and 10 certification of mobile terminal completes mobile terminal 10 and accesses business data platform 30 jointly The preliminary preparation of resource, the resource that mobile terminal 10 accesses business data platform 30 complete mobile terminal 10, SVN gateways 20th, the data communication between 30 three of business data platform;The function that mobile terminal 10 logs in is the required parameter according to login Pass through Cipher Strength detection module 1A successively, escape from prison using compliance detection module 1B, equipment detection module 1C, user equipment are tied up Determine the inspection of detection module 1D, check by then logining successfully;The function of 10 certification of mobile terminal is that mobile terminal 10 passes through SVN Gateway 20 sends the certification request of mobile terminal 10 to business data platform 30, the permission that mobile terminal 10 is allowed to use;It is mobile The resource that terminal 10 accesses business data platform 30 includes:1st, user name password match is verified;2nd, user name and mobile terminal 10 Binding validatation;3rd, the access authority verification of user's request.
Briefly explained by taking the resource that mobile terminal 10 accesses business data platform 30 as an example mobile terminal 10, SVN gateways 20, Data communication between 30 three of business data platform.Mobile terminal 10 sends the request for accessing 30 resource of business data platform, Required parameter includes user name, password, equipment id, type of message, message content;Request message is passed by the encryption of SVN gateways 20 Defeated, user name, password are sent business data platform 30 and carry out database effect by SVN gateways 20 first, if user password is not Matching then returns to the wrong message of required parameter to mobile terminal 10, and mobile terminal 10 handles message, re-issues and accesses enterprise The request of the resource of data platform 30;If user name password match, SVN gateways 20 send user name and equipment id to enterprise's number According to platform 30, database is inquired about, user's bound device list is obtained, checks whether user binds equipment id, if user is not The equipment is bound, business data platform 30 returns to the unverified message of mobile terminal 10 to mobile terminal 10, and mobile terminal 10 is sent out Certification request is sent, the resource request for accessing business data platform 30 is issued again after certification success, if user is bundled with the movement Terminal 10, SVN gateways 20 send user name and type of message to backstage, and inquiry database obtains access privilege, if with Family meets permission, and business data platform 30 returns to the resource of request.

Claims (2)

1. a kind of mobile office safety method based on Android platform, it is characterised in that:
System includes mobile terminal(10), SVN gateways(20)With business data platform(30);
Its connection relation is:
Mobile terminal(10)With SVN gateways(20)Connection;SVN gateways(20)With business data platform(30)Connection;
Method comprises the following steps:
1. send access request(301)
Mobile terminal sends access request by SVN gateways to business data platform, the parameter of request include user name, password, Equipment id, type of message and message content;
Whether 2. it is correct to verify user password(302)
SVN gateways receive request, and the message with user name password is sent to business data platform, the verification of business data platform Whether user password is correct, is, enters step 3., otherwise by the wrong message of mobile terminal processing required parameter(306)It jumps Go to step 1.;
The wrong message of mobile terminal processing required parameter(306):Business data platform returns to the wrong message of required parameter and gives Message is returned to mobile terminal, the wrong message of mobile terminal processing required parameter by SVN gateways, SVN gateways again;
3. judge that equipment id whether there is in list(303)
Message with user name, equipment id is sent to business data platform by SVN gateways, and business data platform is according to user name The list of devices of user name binding is found out, judges that equipment id whether there is in list, is to enter step 4., otherwise passes through Mobile terminal sends certification request(307)Processing jump to step 1.;
Mobile terminal sends certification request(307):Business data platform returns to the unverified message of mobile terminal and gives SVN gateways, Message is returned to mobile terminal by SVN gateways again, and mobile terminal sends the request of mobile terminal authentication;
4. judge whether access request is reasonable(304)
Message with user name, type of message is sent to business data platform by SVN gateways, and business data platform is according to user Name finds out the access rights of user, judges whether the access request of mobile terminal is reasonable according to type of message and access rights, is It then enters step 5., otherwise by the insufficient message of mobile terminal processing authority(308)Jump to step 1.;
The insufficient message of mobile terminal processing authority(308):Business data platform returns to the insufficient message of permission and gives SVN gateways, Message is returned to mobile terminal, the insufficient message of mobile terminal processing authority by SVN gateways;
5. the resource that mobile terminal is asked(305)
The resource that business data platform returns to request gives SVN gateways, and resource is returned to mobile terminal, flow knot by SVN gateways again Beam.
2. by a kind of mobile office safety method based on Android platform described in claim 1, it is characterised in that:
3. the step includes following sub-process:
A, mobile terminal sends certification request(401)
Mobile terminal sends mobile terminal to SVN gateways(The request of certification;
B, SVN gateways CIPHERING REQUEST(402)
SVN gateways receive request, and request encryption is sent to business data platform;
C, the list of devices of business data platform update user binding(403)
The CIPHERING REQUEST that business data platform decryption SVN gateways send over obtains user name and equipment id, update user's binding List of devices;
D, mobile terminal authentication success(404).
CN201711453092.9A 2017-12-28 2017-12-28 Mobile office security system and its method based on Android platform Withdrawn CN108076069A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711453092.9A CN108076069A (en) 2017-12-28 2017-12-28 Mobile office security system and its method based on Android platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711453092.9A CN108076069A (en) 2017-12-28 2017-12-28 Mobile office security system and its method based on Android platform

Publications (1)

Publication Number Publication Date
CN108076069A true CN108076069A (en) 2018-05-25

Family

ID=62155703

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711453092.9A Withdrawn CN108076069A (en) 2017-12-28 2017-12-28 Mobile office security system and its method based on Android platform

Country Status (1)

Country Link
CN (1) CN108076069A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102329A (en) * 2007-07-25 2008-01-09 中国移动通信集团福建有限公司 Device for WAP mobile phone terminal office application system
CN104202338A (en) * 2014-09-23 2014-12-10 中国南方电网有限责任公司 Secure access method applicable to enterprise-level mobile applications
CN104754582A (en) * 2013-12-31 2015-07-01 中兴通讯股份有限公司 Client and method for maintaining BYOD (Bring Your Own Device) safety
US20160085533A1 (en) * 2014-09-24 2016-03-24 Oracle International Corporation Compartmentalizing application distribution for disparate electronic devices
CN107231346A (en) * 2017-05-03 2017-10-03 北京海顿中科技术有限公司 A kind of method of cloud platform identification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102329A (en) * 2007-07-25 2008-01-09 中国移动通信集团福建有限公司 Device for WAP mobile phone terminal office application system
CN104754582A (en) * 2013-12-31 2015-07-01 中兴通讯股份有限公司 Client and method for maintaining BYOD (Bring Your Own Device) safety
CN104202338A (en) * 2014-09-23 2014-12-10 中国南方电网有限责任公司 Secure access method applicable to enterprise-level mobile applications
US20160085533A1 (en) * 2014-09-24 2016-03-24 Oracle International Corporation Compartmentalizing application distribution for disparate electronic devices
CN107231346A (en) * 2017-05-03 2017-10-03 北京海顿中科技术有限公司 A kind of method of cloud platform identification

Similar Documents

Publication Publication Date Title
CN102077208B (en) The method and system of the licence of protected content is provided to application program collection
CA2935688C (en) System and method for biometric protocol standards
Martin et al. 2011 CWE/SANS top 25 most dangerous software errors
US20080120698A1 (en) Systems and methods for authenticating a device
US20080120707A1 (en) Systems and methods for authenticating a device by a centralized data server
CN104320389B (en) A kind of fusion identity protection system and method based on cloud computing
CN110287739B (en) Data security management method and system based on hardware private key storage technology
Jeong et al. An efficient authentication system of smart device using multi factors in mobile cloud service architecture
CN108965222A (en) Identity identifying method, system and computer readable storage medium
KR102008668B1 (en) Security system and method for protecting personal information of file stored in external storage device
CN106488452A (en) A kind of mobile terminal safety access authentication method of combination fingerprint
US9443067B1 (en) System for the distribution and deployment of applications, with provisions for security and policy conformance
CN106778138A (en) The control method and device of software license limit
KR101441581B1 (en) Multi-layer security apparatus and multi-layer security method for cloud computing environment
CN104270250A (en) WiFi Internet surfing connecting authentication method and system based on asymmetric full-process encryption
CN109743306B (en) Account security evaluation method, system, device and medium
CN118300814A (en) Cross-platform login method and system
CN111092734B (en) Product activation authentication method based on ad hoc network communication
KR101583698B1 (en) Authentication system and method for device attempting connection
CN106156640B (en) Information O&M service knowledge sharing method based on big data trust computing
CN102647415A (en) Audio-interface-based method and system for providing identity authentication
CN108076069A (en) Mobile office security system and its method based on Android platform
Wu et al. Research of eid mobile identity authentication method
Lee et al. A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services
CN111464543B (en) Teaching information safety protection system based on cloud platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180525

WW01 Invention patent application withdrawn after publication