CN202652534U - Mobile terminal safety access platform - Google Patents
Mobile terminal safety access platform Download PDFInfo
- Publication number
- CN202652534U CN202652534U CN201220282623.9U CN201220282623U CN202652534U CN 202652534 U CN202652534 U CN 202652534U CN 201220282623 U CN201220282623 U CN 201220282623U CN 202652534 U CN202652534 U CN 202652534U
- Authority
- CN
- China
- Prior art keywords
- safety
- module
- mobile terminal
- access
- access platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004891 communication Methods 0.000 claims abstract description 23
- 238000007689 inspection Methods 0.000 claims abstract description 7
- 230000006855 networking Effects 0.000 claims description 8
- 238000010295 mobile communication Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 9
- 230000005540 biological transmission Effects 0.000 abstract description 6
- 230000001419 dependent effect Effects 0.000 abstract 1
- 238000000034 method Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 241001269238 Data Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Abstract
The present utility model relates to the network communication technology, concretely to a mobile terminal safety access platform. The platform comprises a mobile terminal, a safety inspection module, an access authentication module, a safety communication module, a safety access gateway and an information intranet, wherein the mobile terminal is successively connected with the safety inspection module, the access authentication module and the safety communication module, and the safety access gateway is finally connected with the information intranet after being connected with the safety communication module through a safety channel. The platform is not dependent on a network access mode and can be deployed on any basic network, and end-to-end safety protection can be realized; the safety level is high, and all transmission data between terminal stations can be protected no matter what kind of network application is.
Description
Technical field
The utility model relates to the network communications technology, is specifically related to a kind of mobile terminal safety access platform.
Background technology
VPN technologies do not rely on network access mode; it can be in any basic network deploy; and can realize the end-by-end security protection, authentication, data encryption and message integrity authentication mechanism based on certificate can connect safely for the connection setup between the application layer.
But there are some limitation in VPN technologies, mostly are based on Web browser, use network layer protocol, and there is certain potential safety hazard in secure tunnel in case foundation can be accessed all internal resources; The kind that access device is supported is few, take Desktop PC and Notebook PC as main, the support of the equipment such as mobile phone, PDA, MAC, portable terminal is had limitation; There are the technical problems such as NAT penetrates, private address conflict.
Existing VPN technologies generally support B/S to use, but support imperfection for the application of C/S, because a lot of C/S of enterprise application is many, the use of VPN has been subject to significantly restriction.
The utility model content
For the above-mentioned weak point of prior art, the utility model provides a kind of mobile terminal safety access platform.
The technical scheme that the utility model adopts for achieving the above object is: the mobile terminal safety access platform, comprise portable terminal, safety check module, networking authentication module, secure communication module, safe access gateway and information Intranet, wherein portable terminal is connected with safety check module, networking authentication module and secure communication module successively, and safe access gateway is connected with the secure communication module by escape way and finally is connected to the information Intranet.
Described portable terminal is mobile communication equipment.
Described safety check module is the network module of security inspection of the portable terminal of reciprocity information Intranet to be accessed.
The module that the portable terminal that described networking authentication module is reciprocity information Intranet to be accessed carries out authentication.
Described secure communication module is to use secure communication protocols, is used for setting up with safe access gateway the module of escape way.
Described safe access gateway is be used to the module of setting up escape way and user access being controlled.
Described information Intranet is the Intranet system.
The utlity model has following advantage:
1. the utility model is based on Intel Virtualization Technology, uses secure communication protocols, can support the mobile terminal safety access platform that C/S uses.It does not rely on network access mode, can be in any basic network deploy, and can realize the end-by-end security protection; Level of security is high, all the transmission of datas between point of termination station protected, and no matter be which class network application; It in fact " is placing " intranet with Terminal Server Client, makes Terminal Server Client have the same authority of in-house network user and operating function.
2. compare with existing vpn products, the utility model is divided into application server safety, transmission channel safety and three main bodys of terminal security with protecting information safety and carries out theoretical research and technology realization, and is more clear and definite with the purpose that makes platform.
3. the utility model uses the virtualized access control model based on remote access protocol, this model adopted data compression, encryption and connection optimisation technique be connected each user's connection only takies a small amount of network bandwidth, and the client software of actual motion is positioned at the local area network (LAN) on backstage, so the terminal use is equivalent to just can enjoy the interior speed of service of local area network (LAN) with the link of dial line.
4. different from existing vpn products Application standard communications protocol, the utility model uses novel secure network protocol, this agreement is supporting user's certification mode, key agreement mode, pseudo random number computing and domestic cryptographic algorithm have remedied the potential safety hazard of multinomial SSL/TLS communications protocol.
5. according to the characteristics of electric power enterprise information network and the present situation of application system; and the requirement of security information for power system hierarchical protection; for the demand that electric power enterprise inside different business is used, the utility model has complete technical system and the solution for mobile office accesses safely, sales service system payment terminal accesses safely.
6. realization of the present utility model does not need to change network configuration, the configuration that does not need to revise firewall configuration and revise the terminal use.
Description of drawings
Fig. 1 is system architecture diagram of the present utility model.
Embodiment
Below in conjunction with drawings and Examples the utility model is described in further detail.
As shown in Figure 1, a kind of mobile terminal safety access platform, its system architecture comprises: portable terminal, safety check module, networking authentication module, secure communication module, safe access gateway and information Intranet.
Portable terminal provides the protection of three level securities based on forced service control (MRC) technology: regular grade safeguard protection, professional safeguard protection and the protection of pressure level security.The regular grade safeguard protection is suitable for individual freedom to be used, and does not relate to sensitive information, can the characteristic illegal infringement of limited prevention, can be used with other securing software; Professional safeguard protection is suitable for having professional's use on certain information security basis, and except the safeguard function with regular grade, the permission user lets pass voluntarily or stops non-trust process; Force the level protection only to allow application system and the specific web page resources of access of operating provisions, stop without exception for other process beyond the regulation.The keeper can take according to the safe class of concrete application system the protection of different stage, guarantees the safety access of portable terminal.For the significant data that is stored on the terminal, the Host behavior control system also provides encipherment protection, even the assurance data are removed also fails to understand, and effectively prevents divulging a secret of Intranet sensitive information.
Before the mobile terminal accessing Intranet resource, need carry out the terminal security inspection, not meet the terminal of inspection policy with disable access Intranet resource.Safety check module is to the operating system version of terminal, the patch release of system, the startup item of system, the disk file of specific position etc. endures strict scrutiny, according to inspection policy, when safe access gateway accesses at processing terminal, can check first and whether possess above-mentioned one or several characteristic parameters on the portable terminal, judge whether to allow this terminal and safe access gateway to set up secure tunnel according to check result, whether some feature of judging simultaneously this terminal existentially forgeable information, thoroughly stop unhealthy terminal access inner-mesh network, guarantee the safety of portable terminal access, stop from the source to threaten.
Being implemented on the portable terminal increases the networking authentication module, and the digital certificate that authoritative institution is signed and issued leaves in the hardware identification card with safety encipher function and identity authentication function, and is equipped with corresponding hardware identification card for each employee who goes out to handle official business.Portable terminal must carry out the authentication by hardware identification card and Intranet ca authentication server common guarantee before the access corporate intranet, realization only has the terminal by the authentication that networks just can be linked in the corporate intranet, prevents that the portable terminal that accesses from being the disabled user who was forged.
The function of mobile terminal safety communication module is to use secure communication protocols and mobile terminal safety IAD to set up escape way, guarantees the safety of the transmission of data.The secure communication module is by carrying out two-way authentication and the definite session key that Diffie-Hellman, DEA and data integrity check negotiation, client and the service end of algorithm with IAD, set up escape way, prevent that data are ravesdropping, distort, destroy, insert Replay Attack in transmission course, guarantee the safety of transfer of data.
The mobile terminal safety IAD is one of core of safe access platform, is responsible for setting up escape way and to user access control, can guarantee to access the safety of transmission and the safety of inner accessed application system.Portable terminal is set up escape way by secure communication protocols and safe access gateway, and the data that transmit are encrypted, and prevents that data from being intercepted and captured, distorting and destroy in the process that transmits.Simultaneously, safe access gateway can also carry out authentication to the identity of portable terminal, guarantees the credibility of terminal.
Safe access gateway can also guarantee that the user disconnects and being connected of public network when being connected into Intranet, prevent that the situation of " machine two nets " from appearring in portable terminal, guarantees that communicating by letter between portable terminal and the corporate intranet has the fail safe same with corporate intranet.
Safe access gateway can provide the identity of multiple authentication mode authentication of users, except supporting the authentication modes such as traditional Radius, AD, LDAP, also supports the authentication modes such as local user storehouse, dynamic password and digital certificate.User for different security domains, safe access gateway can be controlled user's access rights according to corresponding rule, give the privilege of user's minimum, guarantee that the user can only access the internal resource corresponding with the Role and privilege of himself, guarantee the internal applications security of system.
All kinds of safety access terminal unified by VPDN/APN special line passage etc. through access via telephone line router, fire compartment wall by safe access gateway system access Intranet, the Security application interface that provides by each operation system carries out safe access.Protect the border that the border is VPDN/APN special line and Intranet this moment.
During Platform deployment, for realizing the safety access of terminal, the access link topology must strictly be followed the mode of safe access gateway secure data filtration system operation system, distinguish if can not carry out clear and definite access link, the distributed component that must carry out corresponding network topology transformation or carry out access platform disposes or utilizes modes such as setting up front end processor to realize service distributing.
Claims (7)
1. mobile terminal safety access platform, it is characterized in that, comprise portable terminal, safety check module, networking authentication module, secure communication module, safe access gateway and information Intranet, wherein portable terminal is connected with safety check module, networking authentication module and secure communication module successively, and safe access gateway is connected with the secure communication module by escape way and finally is connected to the information Intranet.
2. mobile terminal safety access platform according to claim 1 is characterized in that, described portable terminal is mobile communication equipment.
3. mobile terminal safety access platform according to claim 1 is characterized in that, described safety check module is the network module of security inspection of the portable terminal of reciprocity information Intranet to be accessed.
4. mobile terminal safety access platform according to claim 1 is characterized in that, the module that the portable terminal that described networking authentication module is reciprocity information Intranet to be accessed carries out authentication.
5. mobile terminal safety access platform according to claim 1 is characterized in that, described secure communication module is to use secure communication protocols, is used for setting up with safe access gateway the module of escape way.
6. mobile terminal safety access platform according to claim 1 is characterized in that, described safe access gateway is be used to the module of setting up escape way and user access being controlled.
7. mobile terminal safety access platform according to claim 1 is characterized in that, described information Intranet is the Intranet system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201220282623.9U CN202652534U (en) | 2012-06-15 | 2012-06-15 | Mobile terminal safety access platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201220282623.9U CN202652534U (en) | 2012-06-15 | 2012-06-15 | Mobile terminal safety access platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202652534U true CN202652534U (en) | 2013-01-02 |
Family
ID=47421554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201220282623.9U Expired - Fee Related CN202652534U (en) | 2012-06-15 | 2012-06-15 | Mobile terminal safety access platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202652534U (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104184735A (en) * | 2014-08-26 | 2014-12-03 | 国家电网公司 | Electric marketing mobile application safe protection system |
| CN104898617A (en) * | 2015-05-07 | 2015-09-09 | 国家电网公司 | Mobile terminal monitoring device for overhauling operation |
| CN105871693A (en) * | 2016-05-17 | 2016-08-17 | 国网辽宁省电力有限公司鞍山供电公司 | Instant communication tool interface |
| CN106549938A (en) * | 2016-10-11 | 2017-03-29 | 北京知道未来信息技术有限公司 | A kind of distributed network Behavior Manager and access control method |
| CN106992984A (en) * | 2017-04-01 | 2017-07-28 | 国网福建省电力有限公司 | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net |
| CN108540456A (en) * | 2018-03-20 | 2018-09-14 | 徐州独角兽信息科技有限公司 | A kind of mobile office secure accessing platform |
-
2012
- 2012-06-15 CN CN201220282623.9U patent/CN202652534U/en not_active Expired - Fee Related
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104184735A (en) * | 2014-08-26 | 2014-12-03 | 国家电网公司 | Electric marketing mobile application safe protection system |
| CN104184735B (en) * | 2014-08-26 | 2018-03-09 | 国网浙江省电力有限公司 | Power marketing mobile application security guard system |
| CN104898617A (en) * | 2015-05-07 | 2015-09-09 | 国家电网公司 | Mobile terminal monitoring device for overhauling operation |
| CN105871693A (en) * | 2016-05-17 | 2016-08-17 | 国网辽宁省电力有限公司鞍山供电公司 | Instant communication tool interface |
| CN106549938A (en) * | 2016-10-11 | 2017-03-29 | 北京知道未来信息技术有限公司 | A kind of distributed network Behavior Manager and access control method |
| CN106992984A (en) * | 2017-04-01 | 2017-07-28 | 国网福建省电力有限公司 | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net |
| CN108540456A (en) * | 2018-03-20 | 2018-09-14 | 徐州独角兽信息科技有限公司 | A kind of mobile office secure accessing platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103441991A (en) | Mobile terminal security access platform | |
| US8407462B2 (en) | Method, system and server for implementing security access control by enforcing security policies | |
| CN202652534U (en) | Mobile terminal safety access platform | |
| CN104539598B (en) | A kind of improvement Tor secure anonymous network communicating system and method | |
| CN101488952A (en) | Mobile storage apparatus, data secured transmission method and system | |
| CN106992984A (en) | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net | |
| Kravets et al. | Mobile security solution for enterprise network | |
| US20150249639A1 (en) | Method and devices for registering a client to a server | |
| CN104219077A (en) | Information management system for middle and small-sized enterprises | |
| CN110830446A (en) | SPA security verification method and device | |
| CN102882857A (en) | Client side device, encryption storage device, and remote access method and system | |
| CN111970232A (en) | Safe access system of intelligent service robot of electric power business hall | |
| CN104519055A (en) | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server | |
| CN103269301A (en) | Desktop type IPSecVPN cryptographic machine and networking method | |
| Li et al. | Research on sensor-gateway-terminal security mechanism of smart home based on IOT | |
| Aich et al. | Study on cloud security risk and remedy | |
| Patel et al. | Model for security in wired and wireless network for education | |
| Ojha et al. | An Overview of Protocols-Based Security Threats and Countermeasures in WLAN | |
| Safdar et al. | Security and trust issues in BYOD networks | |
| Wells | Better Practices for IoT Smart Home Security | |
| Dai | Secure digital library technology research based on VPN | |
| WO2024066059A1 (en) | Industrial internet security system and method based on sdp and edge computing | |
| CN202918337U (en) | Intelligent terminal-based network security protection system | |
| Hussain et al. | Threats and Vulnerabilities of Wireless Networks in the Internet of Things (IoT) | |
| Zhuohan et al. | A Summary of 5G WiFi Security Issues |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: STATE GRID CORPORATION OF CHINA Effective date: 20121211 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20121211 Address after: 110000 Ningbo Road, Heping District, Liaoning, No. 18, No. Patentee after: Information Communication Branch, Liaoning Electric Power Co., Ltd. Patentee after: State Grid Corporation of China Address before: 110000 Ningbo Road, Heping District, Liaoning, No. 18, No. Patentee before: Information Communication Branch, Liaoning Electric Power Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130102 Termination date: 20200615 |