CN110011799A - Communication security method in mobile office - Google Patents
Communication security method in mobile office Download PDFInfo
- Publication number
- CN110011799A CN110011799A CN201910261742.2A CN201910261742A CN110011799A CN 110011799 A CN110011799 A CN 110011799A CN 201910261742 A CN201910261742 A CN 201910261742A CN 110011799 A CN110011799 A CN 110011799A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- information
- permission
- office
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
The invention discloses the communication security methods in mobile office, belong to field of communication security, including office network, mobile office is realized using client and server, in office network, it is encrypted using information flow of the RSA Algorithm to duplex communication between client and server, effectively improves security performance, avoid the leakage for causing file and information data in transmission process;The permission of the acquisition resource of different positions is limited simultaneously, avoids the overall sharing of resource from leading to the possibility of information leakage, and tracking information is facilitated to flow to.
Description
Technical field
The invention belongs to field of communication security, the communication security method that is related in mobile office.
Background technique
Mobile office, that is, office worker can handle anything relevant to business at any time and any place.It can
To allow office worker to get rid of the constraint in time and space.Unit and company information can be unobstructed whenever and wherever possible interact stream
Dynamic, work will be more easily effective, and overall operation is more coordinated.Using the mobile information software of mobile phone, mobile phone and electricity are established
The enterprise software application system that brain interconnects gets rid of time and place limitation, the company management changed with oneself at any time and ditch
It is logical, the efficiency of management is effectively improved, benefit is pushed to increase.
Mostly use application software completion mobile office of the client with server ining conjunction with now, client and server and
Information unencryption in client and client communication process, and the permission for obtaining information is not standardized, there are safeties
Can be low, the risk that information is easily revealed, and the flow direction of information leakage is difficult to track.
Summary of the invention
It is an object of the invention to: the communication security method in mobile office is provided, it is low to solve security performance, letter
The problem of breath is easily revealed.
The technical solution adopted by the invention is as follows:
Communication security method in mobile office, including office network, including the following steps successively carried out,
S1: user information typing is stored in service in server registration client, typing user information, server by user
In device in the permission catalogue of permission unit;
S2: user logs in client, initiates office request to server by internet on the client;
S3: client encrypts office request and the corresponding user information of client by RSA Algorithm, is sent to
Server;
S4: office request and user information is decrypted in the decryption unit of server, and the office after decryption is requested
Permission unit is sent to user information;
S5: permission unit compares the user information after decryption with permission catalogue, and whether the user has with identification
There is the permission for obtaining office request corresponding resource;If having permission, step S61 is executed;
S61: permission unit send enabling signal to functional unit send it is corresponding office resource to server encryption list
Member;
S71: the encryption unit of server encrypts office resource by RSA Algorithm, is sent to client;
S81: office resource information is decrypted in client, feeds back to user.
Mostly use application software completion mobile office of the client with server ining conjunction with now, client and server and
Information unencryption in client and client communication process, and the permission for obtaining information is not standardized, there are safeties
Can be low, the risk that information is easily revealed, and the flow direction of information leakage is difficult to track.
Communication security method in mobile office of the present invention, each user correspond to a client, permission list in server
Permission catalogue storage user information in member provides its corresponding access authorization for resource.When user terminal is to server transport data, utilize
For RSA to information data encryption is carried out, RSA cryptographic algorithms are a kind of rivest, shamir, adelmans.In public key encryption and electronics quotient
RSA is widely used in industry, and there is presently no the modes of reliable attack RSA Algorithm.In office network, RSA Algorithm is utilized
The information flow of duplex communication between client and server is encrypted, security performance is effectively increased, avoids transmitting
The leakage of file and information data is caused in the process;The permission of the acquisition resource of different positions is limited simultaneously, avoids providing
The overall sharing in source leads to the possibility of information leakage, and tracking information is facilitated to flow to.
Further, when user does not have the permission for obtaining corresponding resource in the step S5, then into following steps:
S62: permission unit records unauthorized operation number, when unauthorized operation number is more than twice, then to lock client daily;
Permission unit transmission forbids accessing prompt information and unauthorized operation number to client;
S72: calling-on signal is forbidden in client reception.
By the way that unauthorized operation number is arranged, violation operation is limited, criminal is avoided to carry out unauthorized operation.
It further, further include communication network, including the following steps successively carried out;
A: user logs in client, initiates communication request to server by internet on the client, client will lead to
Letter request and the corresponding user information of client are sent to server;
B: permission unit compares user information and permission catalogue, and communicates with identifying whether the user has to possess
The permission of concatenation ability;If having permission, step C is executed;Otherwise, lack of competence prompt information is sent to client;
C: permission unit sends License Info to communication controler, communication controler analysis processing communication request, and establishes
It is communicatively connected to the specified reception client of user;
D: after establishing communication connection, client passes through internet on the client and send information to server, and client is to letter
Breath is encrypted, and server is sent to;
F: server records encryption information in the memory unit, and encryption information is transmitted to reception client.
G: receiving client and encryption information be decrypted, and completes information and sends.
Further, RSA Algorithm process includes the following steps successively carried out in the step S2 and S3:
S31: request public key encryption is become ciphertext by client;
S32: ciphertext is sent to server;
S33: the decryption unit of server is decrypted with private key.
RSA Algorithm:
1, two different Big prime p, q are selected, n=p*q is enabled.
2, f (n)=(p-1) (q-1) is calculated, while p, q is holded in close confidence, do not allow anyone to know.
3, an integer e is selected, condition: less than f (n) and relatively prime therewith is met.
4, d is calculated, so that de ≡ 1mod f (n).This formula also can be expressed as d ≡ e-1mod f (n)
It is clear that the result of 1mod f (n) is equal to 1 on the right of symbol regardless of what value f (n) takes;The left side d of symbol
The result done after modular arithmetic with the product of e is also necessarily equal to 1.This just needs to calculate the value of d, allows this congruence equation can be at
It is vertical.
5, public key KU=(e, n), private key KR=(d, n).
6, when encrypting, it will first be transformed into 0 to a n-1 integer M in plain text.If longer in plain text, can first be divided into appropriate
Then group swaps again.If ciphertext is C, then ciphering process are as follows: C ≡ Me(mod n)。
7, decrypting process are as follows: M ≡ Ce(mod n)。
Further, the user information in the step S1 includes address name, gender, position, work number information.Permission mesh
Address book stored user information, permission unit are provided and are limited to the permission of each user
Further, the server is connected with data backup server.Data backup server is for server timing
The data being stored therein are backed up into data backup server, are avoided because server failure and damage lead to losing for data
It loses.
In conclusion by adopting the above-described technical solution, the beneficial effects of the present invention are:
Communication security method in mobile office of the present invention, in office network, using RSA Algorithm to client and service
The information flow of duplex communication is encrypted between device, effectively increases security performance, avoids causing file in transmission process
With the leakage of information data;The permission of the acquisition resource of different positions is limited simultaneously, the overall sharing of resource is avoided to lead
The possibility of information leakage is caused, and tracking information is facilitated to flow to.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings, in which:
Fig. 1 is the flow diagram of the communication security method in mobile office.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention, i.e., described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is logical
The component for the embodiment of the present invention being often described and illustrated herein in the accompanying drawings can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed
The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art
Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
It should be noted that the relational terms of term " first " and " second " or the like be used merely to an entity or
Operation is distinguished with another entity or operation, and without necessarily requiring or implying between these entities or operation, there are any
This actual relationship or sequence.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-exclusive
Property include so that include a series of elements process, method, article or equipment not only include those elements, but also
Further include other elements that are not explicitly listed, or further include for this process, method, article or equipment it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described
There is also other identical elements in the process, method, article or equipment of element.
Feature and performance of the invention are described in further detail below with reference to embodiment.
Embodiment one
The communication security method in mobile office that present pre-ferred embodiments provide, including office network, including successively
The following steps of progress:
S1: user information typing is stored in service in server registration client, typing user information, server by user
In device in the permission catalogue of permission unit;
S2: user logs in client, initiates office request to server by internet on the client;
S3: client encrypts office request and the corresponding user information of client by RSA Algorithm, is sent to
Server;
S4: office request and user information is decrypted in the decryption unit of server, and the office after decryption is requested
Permission unit is sent to user information;
S5: permission unit compares the user information after decryption with permission catalogue, and whether the user has with identification
There is the permission for obtaining office request corresponding resource;If having permission, step S61 is executed;
S61: permission unit send enabling signal to functional unit send it is corresponding office resource to server encryption list
Member;
S71: the encryption unit of server encrypts office resource by RSA Algorithm, is sent to client;
S81: office resource information is decrypted in client, feeds back to user.
Assuming that client is as follows by passing to server process after rsa encryption by " key " in plain text:
(1) public and private key (e, n) and (d, n) is designed
P=3, q=11 are enabled, obtains n=p × q=3 × 11=33;F (n)=(p-1) (q-1)=2 × 10=20;Take e=
3, (3 and 20 is relatively prime) then e × d ≡ 1mod f (n), i.e. 3 × d ≡ 1mod 20.
The trial result of d see the table below:
The trial result table of 1 d of table:
It can be found by tentative calculation, as d=7, e × d ≡ 1mod f (n) congruence equation is set up.Therefore, d=7 can be enabled.From
And a pair of of public and private key is designed, encryption key (public key) are as follows: KU=(e, n)=(3,33), decruption key (private key) are as follows: KR=
(d, n)=(7,33).
(2) English digital
Cleartext information is digitized, and by every piece of two digital packets.It is assumed that plaintext alphabet code table is by letter
Sequence arrangement numerical value, is as follows:
2 coding schedule of table
Letter | a | b | c | d | e | f | g | h | i | j | k | l | m |
Code value | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 |
Letter | n | o | p | q | r | s | t | u | v | w | x | y | z |
Code value | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 |
The cleartext information of key after being then grouped are as follows: 11,05,25.
(3) it encrypts in plain text
User encryption key (3,33) is encrypted to ciphertext for clear packets information is digitized.It is obtained by C ≡ Me (mod n):
M1≡(C1)d(mod n)=117(mod 33)=11
M2≡(C2)d(mod n)=317(mod 33)=05
M1≡(C3)d(mod n)=167(mod 33)=25
Therefore, corresponding cipher-text information is obtained are as follows: 11,31,16.
(4) ciphertext is decrypted.
Server receives ciphertext, if being decrypted, it is only necessary to calculate M ≡ Ce(mod n), it may be assumed that
M1≡(C1)d(mod n)=117(mod 33)=11
M2≡(C2)d(mod n)=317(mod 33)=05
M1≡(C3)d(mod n)=167(mod 33)=25
Server obtains cleartext information are as follows: 11,05,25.It is converted into English according to coding schedule above, we are again
The original text " key " after restoring is arrived.
Embodiment two
The present embodiment on the basis of example 1, in the step S5 when user do not have obtain corresponding resource power
Limit then enters following steps:
S62: permission unit records unauthorized operation number, when unauthorized operation number is more than then lock server twice daily;
Permission unit transmission forbids accessing prompt information and unauthorized operation number to server;
S72: calling-on signal is forbidden in server reception.
By the way that unauthorized operation number is arranged, violation operation is limited, criminal is avoided to carry out unauthorized operation.
The foregoing is merely illustrative of the preferred embodiments of the present invention, the protection scope being not intended to limit the invention, any
Those skilled in the art within the spirit and principles in the present invention made by any modifications, equivalent replacements, and improvements etc.,
It should all be included in the protection scope of the present invention.
Claims (6)
1. the communication security method in mobile office, including office network, it is characterised in that: including the following step successively carried out
It is rapid:
S1: user stores user information typing in the server in server registration client, typing user information, server
In the permission catalogue of permission unit;
S2: user logs in client, initiates office request to server by internet on the client;
S3: client encrypts office request and the corresponding user information of client by RSA Algorithm, is sent to service
Device;
S4: the decryption unit of server is decrypted office request and user information with RSA Algorithm, and by the office after decryption
Request and user information are sent to permission unit;
S5: permission unit compares the user information after decryption with permission catalogue, and obtains with identifying whether the user has
Take the permission of office request corresponding resource;If having permission, step S61 is executed;
S61: permission unit send enabling signal to functional unit send it is corresponding office resource to server encryption unit;
S71: the encryption unit of server encrypts office resource by RSA Algorithm, is sent to client;
S81: office resource information is decrypted in client, feeds back to user.
2. the communication security method in mobile office according to claim 1, it is characterised in that: in the step S5 when with
Family does not have the permission for obtaining corresponding resource, then enters following steps:
S62: permission unit records unauthorized operation number, when unauthorized operation number is more than twice, then to lock client daily;Permission
Unit transmission forbids accessing prompt information and unauthorized operation number to client;
S72: calling-on signal is forbidden in client reception.
3. the communication security method in mobile office according to claim 1, it is characterised in that: it further include communication network,
Including the following steps successively carried out;
A: user logs in client, initiates communication request to server by internet on the client, client asks communication
It asks and the corresponding user information of client is sent to server;
B: permission unit compares user information and permission catalogue, and possesses communication connection with identifying whether the user has
The permission of ability;If having permission, step C is executed;Otherwise, lack of competence prompt information is sent to client;
C: permission unit sends License Info to communication controler, communication controler analysis processing communication request, and establishes communication
It is connected to the specified reception client of user;
D: after establishing communication connection, client passes through internet on the client and send information to server, client to information into
Row encryption, is sent to server;
F: server records encryption information in the memory unit, and encryption information is transmitted to reception client;
G: receiving client and encryption information be decrypted, and completes information and sends.
4. the communication security method in mobile office according to claim 1, it is characterised in that: RSA in the step S3
Algorithmic procedure includes the following steps successively carried out:
S31: request public key encryption is become ciphertext by client;
S32: ciphertext is sent to server;
S33: the decryption unit of server is decrypted with private key.
5. the communication security method in mobile office according to claim 1, it is characterised in that: the use in the step S1
Family information includes address name, gender, position, work number information.
6. the communication security method in mobile office according to claim 1, it is characterised in that: the server is connected with
Data backup server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910261742.2A CN110011799A (en) | 2019-04-02 | 2019-04-02 | Communication security method in mobile office |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910261742.2A CN110011799A (en) | 2019-04-02 | 2019-04-02 | Communication security method in mobile office |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110011799A true CN110011799A (en) | 2019-07-12 |
Family
ID=67169536
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910261742.2A Pending CN110011799A (en) | 2019-04-02 | 2019-04-02 | Communication security method in mobile office |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110011799A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020108042A1 (en) * | 2001-01-10 | 2002-08-08 | Makoto Oka | Public key certificate issuing system, Public key certificate issuing method, digital certification apparatus, and program storage medium |
CN103595721A (en) * | 2013-11-14 | 2014-02-19 | 福建伊时代信息科技股份有限公司 | Safe sharing method, sharing device and sharing system for files of network disk |
CN104219041A (en) * | 2014-09-23 | 2014-12-17 | 中国南方电网有限责任公司 | Data transmission encryption method applicable for mobile internet |
CN107368747A (en) * | 2016-05-11 | 2017-11-21 | 中兴通讯股份有限公司 | A kind of mobile office method, service end, client and system |
-
2019
- 2019-04-02 CN CN201910261742.2A patent/CN110011799A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020108042A1 (en) * | 2001-01-10 | 2002-08-08 | Makoto Oka | Public key certificate issuing system, Public key certificate issuing method, digital certification apparatus, and program storage medium |
CN103595721A (en) * | 2013-11-14 | 2014-02-19 | 福建伊时代信息科技股份有限公司 | Safe sharing method, sharing device and sharing system for files of network disk |
CN104219041A (en) * | 2014-09-23 | 2014-12-17 | 中国南方电网有限责任公司 | Data transmission encryption method applicable for mobile internet |
CN107368747A (en) * | 2016-05-11 | 2017-11-21 | 中兴通讯股份有限公司 | A kind of mobile office method, service end, client and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Luo et al. | Privacyprotector: Privacy-protected patient data collection in IoT-based healthcare systems | |
Gupta et al. | Layer-based privacy and security architecture for cloud data sharing | |
Tang | Public key encryption supporting plaintext equality test and user‐specified authorization | |
US9256763B2 (en) | Method and system for providing a public key/secret key pair for encrypting and decrypting data | |
US8806200B2 (en) | Method and system for securing electronic data | |
CN110089071B (en) | Secure distributed data processing | |
CN106961336A (en) | A kind of key components trustship method and system based on SM2 algorithms | |
EP2582086A1 (en) | Cryptosystem, cryptographic communication method, encryption device, key-generating device, decryption device, content server device, program, and recording medium | |
Peng | Danger of using fully homomorphic encryption: A look at Microsoft SEAL | |
US20190097787A1 (en) | Secure remote aggregation | |
Khan et al. | An improved image encryption scheme based on a non-linear chaotic algorithm and substitution boxes | |
US10567511B2 (en) | Method and system for managing encrypted data of devices | |
Challa | Homomorphic encryption: Review and applications | |
CN110011799A (en) | Communication security method in mobile office | |
Mahato et al. | Securing edge computing using cryptographic schemes: a review | |
JP2011118387A (en) | Method and system for determining result of applying function to signal | |
Ziegler et al. | White-box traceable attribute-based encryption with hidden policies and outsourced decryption | |
Zhou et al. | Chaotic map‐based time‐aware multi‐keyword search scheme with designated server | |
Raj et al. | Traitor Tracing in Broadcast Encryption using Vector Keys | |
Lou et al. | An efficient t‐out‐of‐n oblivious transfer for information security and privacy protection | |
Carls et al. | Overview of multiple user encryption for exchange of private data via blockchains | |
CN110321722A (en) | The safe calculation method of DNA sequence dna likelihood and system | |
Abur et al. | Privacy protection and collusion avoidance solution for cloud computing users | |
Chetan et al. | Security framework for VANET for privacy preservation | |
Raj et al. | A Survey on Healthcare Standards and Security Requirements for Electronic Health Records |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190712 |