CN103812871A - Development method and system based on mobile terminal application program security application - Google Patents

Development method and system based on mobile terminal application program security application Download PDF

Info

Publication number
CN103812871A
CN103812871A CN201410062383.5A CN201410062383A CN103812871A CN 103812871 A CN103812871 A CN 103812871A CN 201410062383 A CN201410062383 A CN 201410062383A CN 103812871 A CN103812871 A CN 103812871A
Authority
CN
China
Prior art keywords
mail
terminal
server
sdk
pki
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410062383.5A
Other languages
Chinese (zh)
Other versions
CN103812871B (en
Inventor
张帅
咸赫男
喻波
王志华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wondersoft Technology Co Ltd
Original Assignee
Beijing Wondersoft Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wondersoft Technology Co Ltd filed Critical Beijing Wondersoft Technology Co Ltd
Priority to CN201410062383.5A priority Critical patent/CN103812871B/en
Publication of CN103812871A publication Critical patent/CN103812871A/en
Application granted granted Critical
Publication of CN103812871B publication Critical patent/CN103812871B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a development method and system based on mobile terminal application program security application. The system comprises a sending terminal, a safe software development kit (SDK), a server and a receiving terminal. The method includes that the sending terminal requests a random number from the server, after the requested random number is received, a private key of the sending terminal is called to perform signing on the random number, and a signing result and a signing public key certificate are sent to the server; after the success of identity authentication, the safe SDK is called, received data information is encrypted through symmetric keys, the symmetric keys are encrypted by a public key of the receiving terminal, and encrypted symmetric keys and data information are sent to the receiving terminal; the receiving terminal calls the safe SDK to decrypt encrypted data. By means of the development method and system based on mobile terminal application program security application, related problems such as identity authentication, data breach and equipment controlling of data information safety are avoided.

Description

A kind of development approach and system based on application program for mobile terminal Secure Application
Technical field
The present invention relates to a kind of mobile terminal data security fields, relate in particular to a kind of development approach and system based on application program for mobile terminal Secure Application.
Background technology
PKI:Public Key Infrastructure, it is PKIX, it is a kind of key management platform of following set standard, it can provide the cryptographic service such as encryption and decryption and digital signature and necessary key and certificate management system for all information security application, in simple terms, PKI is exactly the infrastructure that security service is provided of utilizing PKI theory and technology to set up.PKI technology is the core of information security technology, is also key and the basic technology of ecommerce.
Certificate SDK:Software Development Kit, based on PKI system, one can provide the development platform of safety supports, inner to dissimilar, different medium, unified interface encapsulation is carried out in the certificate operation of different specification, and user need not be concerned about complicated security details, only need call result data that the corresponding interface obtains oneself wanting mutually (as P1, P7 signs and tests, data envelope, symmetrical encryption and decryption, HASH etc.).This SDK will support cross-platform, supports the CSP of main flow, P11, and the close standard of state, supports soft or hard certificate.
HMAC:Hash-based Message Authentication Code, is the Hash operation message authentication code that key is relevant, and HMAC computing utilizes hash algorithm, take a key and a message as input, generates an eap-message digest as output.
Along with progress and the development of information age, intelligent movable mobile phone has obtained universal rapidly, mobile terminal application is as the core of smart mobile phone, and countless, miscellaneous application program for mobile terminal has captured mobile application market, and these application have met the demand of user's different aspect.Can be divided into from user interactions: user login, user's registration, user authenticate etc., from text data information transmission, can be divided into: cloud phone, mail, check document, file storage in form.From showing, information display can be divided into: the application such as address list, mail, browser; Mobile terminal application provides the function of information display, transmission and storage, and does not consider and utilize encryption technology to encapsulate, and guarantees the safety management of data Life cycle.
Existing use more widely some systems is all using password, domain authentication and coded lock as authentication, and all adopts clear-text way for the transmission of data; Data are all to local with stored in clear;
? Basis mode
Authentication User name, password, graphical passwords lock
Transfer of data Plaintext transmission
Data storage Stored in clear
The current main problem existing of mobile terminal application:
1. use password or coded lock to carry out authentication, Cipher Strength a little less than, cannot guarantee identity security;
2. in data transmission procedure, plaintext transmission, data are likely monitored;
3. use mobile terminal to download viewing files for expressly, cannot guarantee data security.
Existence foundation SDK in prior art, function as mobile terminal application supports, some developers are encapsulated into some basic functions in SDK, offer mobile application developer, upper-layer service logic is called basic SDK can realize corresponding function fast, function for a certain application of mobile terminal is carried out unified management, maintenance, and this has improved durability, the operating efficiency of code and has reduced company cost.
Existing SDK is directed to the functions such as user authenticates, transfer of data, equipment control, third party's application and encapsulates, thereby provide username-password authentication mode to user's authentication, for data, storage provides the encapsulation of the technology such as SQLite, XML, provides the mode such as Http, TCP to receive and dispatch senior encapsulation to network.
Fig. 1 is the functional structure chart that in prior art, mail SDK possesses, and Fig. 2 is mobile terminal mail transmission flow figure in prior art.
As shown in Figure 1, existing mail SDK comprises following functions assembly: password login component, send mail assembly, and create mail assembly, receive mail assembly, database component, configuration component.
Mailing system of the prior art comprises: Mail Clients, and mail SDK, mail server, mail transmission flow is as follows:
1) the mail APP of Mail Clients starts to send mail;
2) mail APP calls SDK and sends mail interface;
3) mail SDK receives after mail data, and mail data is passed to mail server;
4) mail server receives mail data;
5), according to recipient address, data are sent to mail reception person place by mail server;
6) mail server returns results information;
7) mail SDK returns to transmission object information;
8) Mail Clients receives and sends object information;
9) finish.
Encapsulation base application SDK is the conventional a kind of mode of each manufacturer, as provides mail mobile terminal SDK, address list SDK, network data transmission SDK, data storing X ML, SQLite etc. all to encapsulate basic SDK, for upper layer application provides fast Development interface.But most basic SDK does not consider how to ensure the fail safe of authentication own, as prevent replay attack, prevent identity impersonation, what on Internet Transmission, too much consider is efficiency of transmission, or model is light, do not consider whether to exist the potential safety hazard such as divulge a secret, file data may be monitored in transmitting procedure; May be stolen storing this locality into clear-text way aspect data storage, not do control of authority and document life management; Lack unified management, unified protection
Summary of the invention
In order to solve the development problem of application program for mobile terminal Secure Application, the present invention proposes a kind of development approach based on application program for mobile terminal Secure Application, the method comprises the steps:
1) transmitting terminal is to server request random number, receiving after the random number of request, calling transmitting terminal private key signs to this random number, and signature result and public signature key certificate are sent to described server, this server carries out certificate validity checking sign test, return authentication result, if the verification passes, skips to step 2);
2) transmitting terminal is called safe SDK, and send user profile and data message to described SDK, described safe SDK obtains receiving terminal PKI according to described user profile, then produce symmetric key in this locality, and use this symmetric key to be encrypted the described data message receiving, adopt described receiving terminal PKI to be encrypted this symmetric key, encrypted symmetric key and data message are assembled into digital envelope, finally this digital envelope is turned back to transmitting terminal;
3) transmitting terminal sends above-mentioned digital envelope to receiving terminal;
4) described receiving terminal receives after described digital envelope, call described safe SDK, this safe SDK resolves described digital envelope, parse ciphertext symmetric key and encrypt data, use receiving terminal private key decrypting ciphertext symmetric key, use expressly symmetric key decrypting ciphertext data, the clear data information of deciphering is delivered to the application layer of receiving terminal.
Further, in described step 1), transmitting terminal is receiving after the random number of request, enumerate equipment, open equipment, enumerate certificate, then verify PIN code, if authentication failed, finish to verify flow process, if be proved to be successful, just continue follow-up verification step.
Further, described step 2) described in safe SDK obtain described receiving terminal PKI according to described user profile and comprise: described safe SDK searches described receiving terminal PKI in this locality according to described user profile, if this locality does not exist, described user profile is sent to server, receive described receiving terminal PKI from described server.
Further, described transmitting terminal and receiving terminal are respectively and send mail terminal and receive mail terminal, described server comprises mail security management platform and mail server, and described transmission mail terminal sends mail by this mail server to described reception mail terminal.
Further, described step 2) in send mail terminal call described safe SDK, and send E-mail, mail reception person's list expressly to described safe SDK, described safe SDK obtains and receives mail terminal PKI according to this mail reception person's list, and verify the validity of this PKI, after being verified, to mail signature.
Further, in described step 4), use after plaintext symmetric key decrypting ciphertext data, need checking to receive the validity of mail terminal PKI.
In order to solve the development problem of application program for mobile terminal Secure Application, the invention allows for a kind of development system based on application program for mobile terminal Secure Application, this system comprises: transmitting terminal, safe SDK, server, receiving terminal;
Transmitting terminal is to server request random number, receiving after the random number of request, calling transmitting terminal private key this random number is signed, and signature result and public signature key certificate are being sent to described server, this server carries out certificate validity checking sign test, return authentication result; Transmitting terminal is after authentication success, call safe SDK, and send user profile and data message to described SDK, described safe SDK obtains receiving terminal PKI according to described user profile, then produce symmetric key in this locality, and use this symmetric key to be encrypted the described data message receiving, adopt described receiving terminal PKI to be encrypted this symmetric key, encrypted symmetric key and data message are assembled into digital envelope, finally this digital envelope is turned back to transmitting terminal, transmitting terminal sends above-mentioned digital envelope to receiving terminal; Described receiving terminal receives after described digital envelope, call described safe SDK, this safe SDK resolves described digital envelope, parse ciphertext symmetric key and encrypt data, use receiving terminal private key decrypting ciphertext symmetric key, use expressly symmetric key decrypting ciphertext data, the clear data information of deciphering is delivered to the application layer of receiving terminal.
Further, transmitting terminal is receiving after the random number of request, enumerates equipment, opens equipment, enumerates certificate, then verifies PIN code, if authentication failed finishes to verify flow process, if be proved to be successful, just continues follow-up verification step.
Further, described safe SDK obtains described receiving terminal PKI according to described user profile and comprises: described safe SDK searches described receiving terminal PKI in this locality according to described user profile, if this locality does not exist, described user profile is sent to server, receive described receiving terminal PKI from described server.
Further, described transmitting terminal and receiving terminal are respectively and send mail terminal and receive mail terminal, described server comprises mail security management platform and mail server, and described transmission mail terminal sends mail by this mail server to described reception mail terminal.
Further, send mail terminal and call described safe SDK, and send E-mail, mail reception person's list expressly to described safe SDK, described safe SDK obtains and receives mail terminal PKI according to this mail reception person's list, with sending the private key of mail terminal, mail is signed, use certificate device fabrication symmetric key, and privacy enhanced mail, be packaged into digital envelope with receiving terminal public key encryption symmetric key and with ciphertext mail, be assembled into secure e-mail E-mail, this secure e-mail E-mail is sent to mail server.
Further, described transmission mail terminal calls described safe SDK, and send E-mail, mail reception person's list expressly to described safe SDK, described safe SDK obtains and receives mail terminal PKI according to this mail reception person's list, and verify the validity of this PKI, after being verified, to mail signature.
Further, described safe SDK uses after plaintext symmetric key decrypting ciphertext data, needs checking to receive the validity of mail terminal PKI.
Further, this system also comprises a database, for being encrypted and deciphering for the pagefile of sqlite3.
Further, this system also comprises a mobile management control desk, and a UI operation interface is provided, and mobile terminal behavior and user are carried out to management and control, comprises user management, strategy configuration, log audit.
The scheme proposing by the present invention, has obtained following technique effect:
After this SDK of third party's application call, can substantially avoid the relevant issues of data information security, comprise that authentication, data leak, apparatus management/control etc.Because the certificate in user's identity and hardware device is binding mutually.If there is no this hardware device, relevant people just can not check ciphered data information.Even if data message is monitored intercepting in transmission, but listener also has no idea data message to be decrypted, and makes its data that obtain without any meaning.
Accompanying drawing explanation
Fig. 1 is the functional unit figure that in prior art, mail SDK possesses.
Fig. 2 is mobile terminal mail transmission flow figure in prior art.
Fig. 3 is overall framework figure of the present invention.
Fig. 4 is mobile terminal authentication flow chart of the present invention.
Fig. 5 is mobile terminal data encryption flow figure of the present invention.
Fig. 6 is mobile terminal data deciphering flow chart of the present invention.
Fig. 7 is the overall framework figure that the present invention realizes mobile terminal safety transmission mail.
Fig. 8 is mobile terminal email encryption flow chart of the present invention.
Fig. 9 is mobile terminal mail deciphering flow chart of the present invention.
Embodiment
The object of the present invention is to provide multiple safe identification authentication mode, as certificate mode authenticates, dynamic password mode authenticates, improve mechanism of permitting the entrance, in the face of data storage security, safe SQLite, XML, configuration file is provided, land the modes such as file encryption storage, rights management, and life cycle management, guarantee mobile terminal local datastore safety; Provide safe socket layer to Internet Transmission; and the multiple TSM Security Agent mode based on certificate; as the Socket(TCP/UDP of the HTTP encrypted transmission agency of safety, safety), thus protecting network transmission data security, request msg put distort, anti-repudiation.And apparatus management/control interface is provided, the wifi/ bluetooth of equipment is unified to control.Open a series of bottom safe interfaces, as certificate cipher key operation, as encryption and decryption, signature, sign test, P7 encapsulation, PKCS#11 standard interface, based on these basic security components, be incorporated into mail mobile terminal, network application mobile terminal, in mobile office software, guarantee the data security in identity security and verification process, and provide safety guarantee from being transferred to storage for network data and file data, and provide file security to browse, rights management, the ability of life cycle management, data encrypting and deciphering technology based on PKI system is the data security protecting solution of current comparative maturity, and be widely used in data security field, cryptological technique is incorporated in data message, that will be a qualitative leap for data information security industry.
Fig. 3 has shown overall framework figure of the present invention, and the equipment that whole system framework specifically comprises has:
Safe SDK: under PKI system, one can be carried out the development platform of certificate operation, support hardware authentication certificate, provides a series of assemblies about safety such as terminal encryption, channel management, certificate key, authentication, guarantees the safety of data message and authentication; A series of terminal management and control assemblies such as equipment control, traffic monitoring, screen locking control are provided, realize terminal equipment is unified to management and control; MOB system support assembly comprises encrypts SQLite3, system configuration (XML/Plist), Key card driving adapter, for upper layer application provides fast Development interface; SDK in this patent provides emphatically the interfaces such as authentication interface and data information security, for upper strata application call.
Master server: support Ldap server to synchronize with the account of AD domain server, server and safe SDK comprise alternately: user authenticates, policy distribution, log audit;
Database: for the pagefile of sqlite3, pagefile is encrypted and is deciphered, solved when data query and more new data whole table to be decrypted or by the inquiry mode of part field deciphering, improve operational efficiency, shielded again the security details to upper strata realization;
Mobile management control desk: a UI operation interface is provided, mobile terminal behavior and user are carried out to management and control, comprise user management, strategy configuration, log audit.
Fig. 4 has shown the flow for authenticating ID figure of mobile terminal.
The authentication process of this mobile terminal comprises:
1) mobile terminal is to server request random number;
2) server receives request, and returns to random number to mobile terminal;
3) mobile terminal is enumerated equipment;
4) mobile terminal is opened equipment;
5) mobile terminal is enumerated certificate;
6) checking PIN code, if authentication failed finishes checking, calls private key random number is signed if be proved to be successful;
7) signature result and public signature key certificate are sent to server;
8) server authentication public key certificate validity, if authentication failed finishes checking;
9) if be proved to be successful, certifying signature validity, authentication failed, finishes checking;
10) signature verification success, to mobile terminal return authentication result;
11) mobile terminal Receipt Validation result.
Above-mentioned authentication can, without public key certificate, can authenticate by the mode of preset key and algorithm, i.e. challenge-response mode.
Embodiment 1
Safety communicating method between a kind of mobile terminal is provided in embodiment 1.
As shown in Figure 5, it has shown the process of mobile terminal ciphered data information of the present invention.Data encryption process specifically comprises the following steps: mobile terminal upper level applications is called safe SDK enciphered data, import into after user's information and data message, safe SDK by according to user's information searching to user's PKI (if this locality does not exist, to server request user's PKI), then produce symmetric key in this locality, use symmetric key to be encrypted data, symmetric key is encrypted with user's PKI, the data of the symmetric key of encryption and encryption are assembled into digital envelope, finally digital envelope is turned back to mobile terminal upper level applications.
As shown in Figure 6, it has shown that mobile terminal receives and the process of data decryption information.Data receiver decrypting process comprises: mobile terminal upper level applications is called safe SDK data decryption, import encrypt data into safe SDK, safe SDK resolution digital envelope, parse active user's ciphertext symmetric key and encrypt data, use active user's certificate device private deciphering symmetric key, use expressly symmetric key decrypting ciphertext data, the clear data of deciphering is delivered to the security application of mobile terminal.
Embodiment 2
Secure e-mail communication means between a kind of mobile terminal is provided in embodiment 2.
Shown in the Fig. 7 of institute, it has shown that mobile terminal sends safely the overall framework figure of mail by SDK.
It comprises mail server, Mail Clients, safety management platform and database, wherein mail server is realized the transmitting-receiving of mail, client can be both fixing pc client, also can be mobile andriod/IOS client, integrated basic SDK in client, realize the authentication of mail and the function of data encryption/decryption, obtain the KEY of data encryption by network communication, client is by communicating by letter and realize authentication with safety management platform, obtaining of strategy and encrypted public key, safety management platform comprises safety service processing serviced component and WEB serviced component, it comprises respectively again authentication assembly, certificate management assembly, tactical management assembly, log audit assembly and front-end control platform, subscriber information management assembly, safety management platform is obtained data to relevant database communication, database function in database and accompanying drawing 3 is similar.
As shown in Figure 8, it has shown the process that mobile terminal is encrypted transmission mail, and this email encryption process comprises the following steps:
1) secure e-mail application program for mobile terminal starts to send mail;
2) secure e-mail application program for mobile terminal calls SDK ciphering signature interface, imports E-MAIL, mail reception person's list expressly into;
3) safe SDK obtains addressee's PKI according to mail reception person's list, if this locality does not have addressee's PKI, to mail security management platform request addressee PKI;
4) validity of checking addressee PKI;
5), after being verified, mail is signed with sender's private key;
6) use sender's certificate equipment to generate symmetric key privacy enhanced mail;
7) with addressee's PKI and urgent secret key encryption symmetric key and and ciphertext mail be packaged into digital envelope, be assembled into secure e-mail E-MAIL;
8) secure e-mail E-MAIL is returned to secure e-mail application program for mobile terminal;
9) secure e-mail application program for mobile terminal receives secure e-mail E-MAIL, and the E-MAIL of ciphertext is sent to mail server;
10) mail server receives secure e-mail E-MAIL.
As shown in Figure 9, it has shown the process of secure e-mail mobile terminal receiving and deciphering mail, and this process comprises the following steps:
1) secure e-mail application program for mobile terminal request receiving mail;
2) mail security management platform sends mail to secure e-mail application program for mobile terminal;
3) secure e-mail application program for mobile terminal receives safe ciphertext mail;
4) secure e-mail mobile terminal calls SDK and is decrypted, and SDK resolves mail E-MAIL, resolution digital envelope;
5) SDK calls addressee's private key deciphering symmetric key, uses symmetric key decrypting ciphertext mail;
6) in local cache, search sender's public key certificate;
7) if do not found in local cache, to mail server request sender public key certificate;
8) checking sender public key certificate validity;
9) after being verified, checking mail signature;
10) return to mail expressly and sign test result to secure e-mail application program for mobile terminal;
11) check mail.
Above-mentioned mobile terminal (secure e-mail mobile terminal) can be mobile phone, PDA, the various intelligent mobile terminal equipment such as removable computer.
By embodiments of the invention, after this SDK of third party's application call, can substantially avoid the relevant issues of data information security, comprise that authentication, data leak, apparatus management/control etc.Because the certificate in user's identity and hardware device is binding mutually.If there is no this hardware device, relevant people just can not check ciphered data information.Even if data message is monitored intercepting in transmission, but listener also has no idea data message to be decrypted, and makes its data that obtain without any meaning.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to and replace and improvement etc., all should protect within protection scope of the present invention.

Claims (13)

1. the development approach based on application program for mobile terminal Secure Application, the method comprises the steps:
1) transmitting terminal is to server request random number, receiving after the random number of request, calling transmitting terminal private key signs to this random number, and signature result and public signature key certificate are sent to described server, this server carries out certificate validity checking sign test, return authentication result, if the verification passes, skips to step 2);
2) transmitting terminal is called safe SDK, and send user profile and data message to described SDK, described safe SDK obtains receiving terminal PKI according to described user profile, then produce symmetric key in this locality, and use this symmetric key to be encrypted the described data message receiving, adopt described receiving terminal PKI to be encrypted this symmetric key, encrypted symmetric key and data message are assembled into digital envelope, finally this digital envelope is turned back to transmitting terminal;
3) transmitting terminal sends above-mentioned digital envelope to receiving terminal;
4) described receiving terminal receives after described digital envelope, call described safe SDK, this safe SDK resolves described digital envelope, parses ciphertext symmetric key and encrypt data, use receiving terminal private key decrypting ciphertext symmetric key, use expressly symmetric key decrypting ciphertext data.
2. method according to claim 1, in described step 1), transmitting terminal is receiving after the random number of request, enumerate equipment, open equipment, enumerate certificate, then verify PIN code, if authentication failed finishes to verify flow process, if be proved to be successful, just continue follow-up verification step.
3. method according to claim 1, described step 2) described in safe SDK obtain described receiving terminal PKI according to described user profile and comprise: described safe SDK searches described receiving terminal PKI in this locality according to described user profile, if this locality does not exist, described user profile is sent to server, receive described receiving terminal PKI from described server.
4. method according to claim 1, described transmitting terminal and receiving terminal are respectively and send mail terminal and receive mail terminal, described server comprises mail security management platform and mail server, and described transmission mail terminal sends mail by this mail server to described reception mail terminal.
5. method according to claim 4, described step 2) in send mail terminal call described safe SDK, and send E-mail, mail reception person's list expressly to described safe SDK, described safe SDK obtains and receives mail terminal PKI according to this mail reception person's list, and verify the validity of this PKI, after being verified, to mail signature.
6. method according to claim 5, is used in described step 4) after plaintext symmetric key decrypting ciphertext data, needs checking to receive the validity of mail terminal PKI.
7. the development system based on application program for mobile terminal Secure Application, this system comprises: transmitting terminal, safe SDK, server, receiving terminal;
Transmitting terminal is to server request random number, receiving after the random number of request, calling transmitting terminal private key this random number is signed, and signature result and public signature key certificate are being sent to described server, this server carries out certificate validity checking sign test, return authentication result; Transmitting terminal is after authentication success, call safe SDK, and send user profile and data message to described SDK, described safe SDK obtains receiving terminal PKI according to described user profile, then produce symmetric key in this locality, and use this symmetric key to be encrypted the described data message receiving, adopt described receiving terminal PKI to be encrypted this symmetric key, encrypted symmetric key and data message are assembled into digital envelope, finally this digital envelope is turned back to transmitting terminal, transmitting terminal sends above-mentioned digital envelope to receiving terminal; Described receiving terminal receives after described digital envelope, call described safe SDK, this safe SDK resolves described digital envelope, parses ciphertext symmetric key and encrypt data, use receiving terminal private key decrypting ciphertext symmetric key, use expressly symmetric key decrypting ciphertext data.
8. system according to claim 7, transmitting terminal is receiving after the random number of request, enumerates equipment, opens equipment, enumerates certificate, then verify PIN code, if authentication failed finishes to verify flow process, if be proved to be successful, just continue follow-up verification step.
9. system according to claim 7, described safe SDK obtains described receiving terminal PKI according to described user profile and comprises: described safe SDK searches described receiving terminal PKI in this locality according to described user profile, if this locality does not exist, described user profile is sent to server, receive described receiving terminal PKI from described server.
10. system according to claim 7, described transmitting terminal and receiving terminal are respectively and send mail terminal and receive mail terminal, described server comprises mail security management platform and mail server, and described transmission mail terminal sends mail by this mail server to described reception mail terminal.
11. systems according to claim 10, described transmission mail terminal calls described safe SDK, and send E-mail, mail reception person's list expressly to described safe SDK, described safe SDK obtains and receives mail terminal PKI according to this mail reception person's list, and verify the validity of this PKI, after being verified, to mail signature.
12. systems according to claim 10, described safe SDK uses after plaintext symmetric key decrypting ciphertext data, needs checking to receive the validity of mail terminal PKI.
13. systems according to claim 7, this system also comprises a database, for being encrypted and deciphering for the pagefile of sqlite3.14. systems according to claim 13, this system also comprises a mobile management control desk, and a UI operation interface is provided, and mobile terminal behavior and user are carried out to management and control, comprises user management, strategy configuration, log audit.
CN201410062383.5A 2014-02-24 2014-02-24 Development method and system based on mobile terminal application program security application Active CN103812871B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410062383.5A CN103812871B (en) 2014-02-24 2014-02-24 Development method and system based on mobile terminal application program security application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410062383.5A CN103812871B (en) 2014-02-24 2014-02-24 Development method and system based on mobile terminal application program security application

Publications (2)

Publication Number Publication Date
CN103812871A true CN103812871A (en) 2014-05-21
CN103812871B CN103812871B (en) 2017-03-22

Family

ID=50709072

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410062383.5A Active CN103812871B (en) 2014-02-24 2014-02-24 Development method and system based on mobile terminal application program security application

Country Status (1)

Country Link
CN (1) CN103812871B (en)

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104679816A (en) * 2014-12-17 2015-06-03 北京可思云海科技有限公司 Application method of SQLITE database in embedded system
CN105337965A (en) * 2015-10-10 2016-02-17 浪潮(北京)电子信息产业有限公司 Data acquisition method and device
CN105915342A (en) * 2016-07-01 2016-08-31 广州爱九游信息技术有限公司 Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method
CN106055931A (en) * 2016-05-18 2016-10-26 北京芯盾时代科技有限公司 Software security component system of mobile terminal and secret key system used for system
CN106453431A (en) * 2016-12-19 2017-02-22 四川长虹电器股份有限公司 Method for realizing Internet intersystem authentication based on PKI
CN106789092A (en) * 2017-02-28 2017-05-31 河源弘稼农业科技有限公司 Cipher key transmission methods, cipher key delivery device, server and communication equipment
CN106888183A (en) * 2015-12-15 2017-06-23 阿里巴巴集团控股有限公司 Data encryption, decryption, the method and apparatus and system of key request treatment
CN107038590A (en) * 2017-03-21 2017-08-11 阿里巴巴集团控股有限公司 Show the implementation method and device of user profile
CN107508796A (en) * 2017-07-28 2017-12-22 北京明朝万达科技股份有限公司 A kind of data communications method and device
CN107633402A (en) * 2017-09-14 2018-01-26 深圳市华付信息技术有限公司 A kind of method and its system for being used to polymerize certification
CN107689934A (en) * 2016-08-03 2018-02-13 腾讯科技(深圳)有限公司 A kind of method to ensure information safety, server and client
CN107733646A (en) * 2017-11-30 2018-02-23 中国联合网络通信集团有限公司 Encryption method, decryption method and encrypting and decrypting system
CN107994995A (en) * 2017-11-29 2018-05-04 深圳市文鼎创数据科技有限公司 A kind of method of commerce, system and the terminal device of lower security medium
CN109450881A (en) * 2018-10-26 2019-03-08 天津海泰方圆科技有限公司 A kind of data transmission system, method and device
CN109639407A (en) * 2018-12-28 2019-04-16 浙江神州量子通信技术有限公司 A method of information is encrypted and decrypted based on quantum network
CN105208024B (en) * 2015-09-22 2019-08-20 深圳市金溢科技股份有限公司 Without using the data safe transmission method and system of HTTPS, client and server-side
CN110493212A (en) * 2019-08-13 2019-11-22 上海威尔立杰网络科技发展有限公司 A kind of general purpose mail End to End Encryption method
CN111242768A (en) * 2019-12-31 2020-06-05 航天信息股份有限公司 Credit card information security obtaining method, device and system
CN111431719A (en) * 2020-04-20 2020-07-17 山东确信信息产业股份有限公司 Mobile terminal password protection module, mobile terminal and password protection method
CN111464554A (en) * 2020-04-13 2020-07-28 浙江吉利新能源商用车集团有限公司 Vehicle information safety control method and system
CN111506910A (en) * 2020-04-15 2020-08-07 上海数禾信息科技有限公司 Database encryption method and device
CN111639350A (en) * 2020-05-16 2020-09-08 中信银行股份有限公司 Cipher service system and encryption method
CN111797378A (en) * 2020-07-06 2020-10-20 遵义科晟云达科技有限公司 Multiple identity management authentication platform of people's society information
CN111930763A (en) * 2020-07-29 2020-11-13 浙江德迅网络安全技术有限公司 Network security protection method for encrypted https protocol
CN112134843A (en) * 2020-08-19 2020-12-25 南京信息职业技术学院 Authentication method of Internet of things equipment
CN112751672A (en) * 2020-12-30 2021-05-04 上海微波技术研究所(中国电子科技集团公司第五十研究所) Multi-parameter-based adaptive data encryption protection method and system
CN113434884A (en) * 2021-06-30 2021-09-24 青岛海尔科技有限公司 Encryption method and decryption method for configuration file and related devices
CN113709696A (en) * 2021-08-13 2021-11-26 支付宝(杭州)信息技术有限公司 Vehicle remote control method and device and key initialization method and device
CN113904848A (en) * 2021-10-09 2022-01-07 天翼物联科技有限公司 Method and system for downloading certificate and secret key of terminal of Internet of things
CN114338091A (en) * 2021-12-08 2022-04-12 杭州逗酷软件科技有限公司 Data transmission method and device, electronic equipment and storage medium
CN114500003A (en) * 2021-12-31 2022-05-13 广东省电信规划设计院有限公司 Cloud admission authentication method, device and system for light-weight ubiquitous power Internet of things terminal
CN114567425A (en) * 2020-11-27 2022-05-31 中国电信股份有限公司 Internet of things communication method and system, SoC Sim and Internet of things terminal
CN114785514A (en) * 2022-03-23 2022-07-22 国网上海能源互联网研究院有限公司 Method and system for authorizing application permission of industrial Internet of things terminal
WO2023279698A1 (en) * 2021-07-05 2023-01-12 平安科技(深圳)有限公司 Data transmission method and system, computer device and storage medium
CN118171326A (en) * 2024-05-15 2024-06-11 杭州芯控智能科技有限公司 IoC-based distributed data security management method, system and readable storage medium
CN118250079A (en) * 2024-04-17 2024-06-25 数盾信息科技股份有限公司 Multi-terminal application data secure transmission method, device and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101257381A (en) * 2008-03-25 2008-09-03 中兴通讯股份有限公司 Software protecting method of terminal equipment as well as terminal equipment with software protecting function
CN101309139A (en) * 2007-05-15 2008-11-19 盛大计算机(上海)有限公司 License authentication system
US20090293118A1 (en) * 2008-05-21 2009-11-26 Mei Yan Systems for authentication for access to software development kit for a peripheral device
CN102089765A (en) * 2008-05-21 2011-06-08 桑迪士克公司 Authentication for access to software development kit for a peripheral device
CN102571693A (en) * 2010-12-07 2012-07-11 中国移动通信集团公司 Capability safety calling method, device and system
CN103559040A (en) * 2013-11-12 2014-02-05 厦门卓讯信息技术有限公司 System and method based on SDK for rapidly building mobile internet application module

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101309139A (en) * 2007-05-15 2008-11-19 盛大计算机(上海)有限公司 License authentication system
CN101257381A (en) * 2008-03-25 2008-09-03 中兴通讯股份有限公司 Software protecting method of terminal equipment as well as terminal equipment with software protecting function
US20090293118A1 (en) * 2008-05-21 2009-11-26 Mei Yan Systems for authentication for access to software development kit for a peripheral device
CN102089765A (en) * 2008-05-21 2011-06-08 桑迪士克公司 Authentication for access to software development kit for a peripheral device
CN102571693A (en) * 2010-12-07 2012-07-11 中国移动通信集团公司 Capability safety calling method, device and system
CN103559040A (en) * 2013-11-12 2014-02-05 厦门卓讯信息技术有限公司 System and method based on SDK for rapidly building mobile internet application module

Cited By (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104679816B (en) * 2014-12-17 2018-02-06 上海彩亿信息技术有限公司 A kind of SQLITE database application methods under embedded system
CN104679816A (en) * 2014-12-17 2015-06-03 北京可思云海科技有限公司 Application method of SQLITE database in embedded system
CN105208024B (en) * 2015-09-22 2019-08-20 深圳市金溢科技股份有限公司 Without using the data safe transmission method and system of HTTPS, client and server-side
CN105337965A (en) * 2015-10-10 2016-02-17 浪潮(北京)电子信息产业有限公司 Data acquisition method and device
CN106888183A (en) * 2015-12-15 2017-06-23 阿里巴巴集团控股有限公司 Data encryption, decryption, the method and apparatus and system of key request treatment
CN106055931A (en) * 2016-05-18 2016-10-26 北京芯盾时代科技有限公司 Software security component system of mobile terminal and secret key system used for system
CN105915342A (en) * 2016-07-01 2016-08-31 广州爱九游信息技术有限公司 Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method
CN107689934A (en) * 2016-08-03 2018-02-13 腾讯科技(深圳)有限公司 A kind of method to ensure information safety, server and client
CN106453431B (en) * 2016-12-19 2019-08-06 四川长虹电器股份有限公司 The method authenticated between internet system is realized based on PKI
CN106453431A (en) * 2016-12-19 2017-02-22 四川长虹电器股份有限公司 Method for realizing Internet intersystem authentication based on PKI
CN106789092A (en) * 2017-02-28 2017-05-31 河源弘稼农业科技有限公司 Cipher key transmission methods, cipher key delivery device, server and communication equipment
CN107038590A (en) * 2017-03-21 2017-08-11 阿里巴巴集团控股有限公司 Show the implementation method and device of user profile
CN107508796A (en) * 2017-07-28 2017-12-22 北京明朝万达科技股份有限公司 A kind of data communications method and device
CN107508796B (en) * 2017-07-28 2019-01-04 北京明朝万达科技股份有限公司 A kind of data communications method and device
CN107633402A (en) * 2017-09-14 2018-01-26 深圳市华付信息技术有限公司 A kind of method and its system for being used to polymerize certification
WO2019052195A1 (en) * 2017-09-14 2019-03-21 深圳市华付信息技术有限公司 Aggregation authentication method and system
CN107994995A (en) * 2017-11-29 2018-05-04 深圳市文鼎创数据科技有限公司 A kind of method of commerce, system and the terminal device of lower security medium
CN107733646A (en) * 2017-11-30 2018-02-23 中国联合网络通信集团有限公司 Encryption method, decryption method and encrypting and decrypting system
CN109450881A (en) * 2018-10-26 2019-03-08 天津海泰方圆科技有限公司 A kind of data transmission system, method and device
CN109639407A (en) * 2018-12-28 2019-04-16 浙江神州量子通信技术有限公司 A method of information is encrypted and decrypted based on quantum network
CN110493212A (en) * 2019-08-13 2019-11-22 上海威尔立杰网络科技发展有限公司 A kind of general purpose mail End to End Encryption method
CN111242768A (en) * 2019-12-31 2020-06-05 航天信息股份有限公司 Credit card information security obtaining method, device and system
CN111464554B (en) * 2020-04-13 2022-03-15 浙江吉利新能源商用车集团有限公司 Vehicle information safety control method and system
CN111464554A (en) * 2020-04-13 2020-07-28 浙江吉利新能源商用车集团有限公司 Vehicle information safety control method and system
CN111506910A (en) * 2020-04-15 2020-08-07 上海数禾信息科技有限公司 Database encryption method and device
CN111506910B (en) * 2020-04-15 2023-06-06 上海数禾信息科技有限公司 Database encryption method and device
CN111431719A (en) * 2020-04-20 2020-07-17 山东确信信息产业股份有限公司 Mobile terminal password protection module, mobile terminal and password protection method
CN111639350A (en) * 2020-05-16 2020-09-08 中信银行股份有限公司 Cipher service system and encryption method
CN111639350B (en) * 2020-05-16 2023-01-31 中信银行股份有限公司 Cipher service system and encryption method
CN111797378A (en) * 2020-07-06 2020-10-20 遵义科晟云达科技有限公司 Multiple identity management authentication platform of people's society information
CN111930763A (en) * 2020-07-29 2020-11-13 浙江德迅网络安全技术有限公司 Network security protection method for encrypted https protocol
CN112134843A (en) * 2020-08-19 2020-12-25 南京信息职业技术学院 Authentication method of Internet of things equipment
CN112134843B (en) * 2020-08-19 2023-10-13 南京信息职业技术学院 Authentication method of Internet of things equipment
CN114567425B (en) * 2020-11-27 2024-02-02 中国电信股份有限公司 Internet of things communication method and system, soC Sim and Internet of things terminal
CN114567425A (en) * 2020-11-27 2022-05-31 中国电信股份有限公司 Internet of things communication method and system, SoC Sim and Internet of things terminal
CN112751672A (en) * 2020-12-30 2021-05-04 上海微波技术研究所(中国电子科技集团公司第五十研究所) Multi-parameter-based adaptive data encryption protection method and system
CN112751672B (en) * 2020-12-30 2022-11-11 上海微波技术研究所(中国电子科技集团公司第五十研究所) Multi-parameter-based adaptive data encryption protection method and system
CN113434884A (en) * 2021-06-30 2021-09-24 青岛海尔科技有限公司 Encryption method and decryption method for configuration file and related devices
WO2023279698A1 (en) * 2021-07-05 2023-01-12 平安科技(深圳)有限公司 Data transmission method and system, computer device and storage medium
CN113709696A (en) * 2021-08-13 2021-11-26 支付宝(杭州)信息技术有限公司 Vehicle remote control method and device and key initialization method and device
CN113709696B (en) * 2021-08-13 2023-12-29 支付宝(杭州)信息技术有限公司 Vehicle remote control method and device, and key initialization method and device
CN113904848B (en) * 2021-10-09 2023-08-04 天翼物联科技有限公司 Certificate and key downloading method and system of terminal of Internet of things
CN113904848A (en) * 2021-10-09 2022-01-07 天翼物联科技有限公司 Method and system for downloading certificate and secret key of terminal of Internet of things
CN114338091A (en) * 2021-12-08 2022-04-12 杭州逗酷软件科技有限公司 Data transmission method and device, electronic equipment and storage medium
CN114338091B (en) * 2021-12-08 2024-05-07 杭州逗酷软件科技有限公司 Data transmission method, device, electronic equipment and storage medium
CN114500003A (en) * 2021-12-31 2022-05-13 广东省电信规划设计院有限公司 Cloud admission authentication method, device and system for light-weight ubiquitous power Internet of things terminal
CN114500003B (en) * 2021-12-31 2023-12-26 广东省电信规划设计院有限公司 Cloud access authentication method, device and system for lightweight ubiquitous power internet of things terminal
CN114785514A (en) * 2022-03-23 2022-07-22 国网上海能源互联网研究院有限公司 Method and system for authorizing application permission of industrial Internet of things terminal
CN114785514B (en) * 2022-03-23 2023-11-14 国网上海能源互联网研究院有限公司 Method and system for application license authorization of industrial Internet of things terminal
CN118250079A (en) * 2024-04-17 2024-06-25 数盾信息科技股份有限公司 Multi-terminal application data secure transmission method, device and system
CN118171326A (en) * 2024-05-15 2024-06-11 杭州芯控智能科技有限公司 IoC-based distributed data security management method, system and readable storage medium

Also Published As

Publication number Publication date
CN103812871B (en) 2017-03-22

Similar Documents

Publication Publication Date Title
CN103812871B (en) Development method and system based on mobile terminal application program security application
US10595201B2 (en) Secure short message service (SMS) communications
US11741461B2 (en) Method for performing non-repudiation, and payment managing server and user device therefor
CN101720071B (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
CA2879910C (en) Terminal identity verification and service authentication method, system and terminal
CN103297403A (en) Method and system for achieving dynamic password authentication
CN101466079A (en) Method, system and WAPI terminal for transmitting e-mail
CN101247605A (en) Short information enciphering and endorsement method, mobile terminal and short information ciphering system
CN104412273A (en) Method and system for activation
CN105025019A (en) Data safety sharing method
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN104253801A (en) Method, device and system for realizing login authentication
CN102404337A (en) Data encryption method and device
CN103078743B (en) E-mail IBE (Internet Booking Engine) encryption realizing method
CN103428077A (en) Method and system for safely receiving and sending mails
KR101358375B1 (en) Prevention security system and method for smishing
KR101680536B1 (en) Method for Service Security of Mobile Business Data for Enterprise and System thereof
CN103916834A (en) Short message encryption method and system allowing user to have exclusive secret key
CN117082501A (en) Mobile terminal data encryption method
CN102404363B (en) A kind of access method and device
CN111698203A (en) Cloud data encryption method
CN116528230A (en) Verification code processing method, mobile terminal and trusted service system
KR102053993B1 (en) Method for Authenticating by using Certificate
Yazdanpanah et al. Secure SMS Method Based on Social Networks
RU2008104627A (en) METHOD AND DEVICE FOR AUTHENTICATION AND PRIVACY

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100097 Beijing city Haidian District landianchang Road No. 25 North International Building Jiayou two layer

Applicant after: Beijing Mingchaowanda Technology Co., Ltd.

Address before: 100088 Beijing city Haidian District Zhichun Road Tai Yue Park 3 Building 6 layer

Applicant before: Beijing Wonder-soft Co., Ltd.

COR Change of bibliographic data
C14 Grant of patent or utility model
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Wang Zhihua

Inventor after: Peng Hongtao

Inventor after: Zhang Shuai

Inventor after: Xian Henan

Inventor after: Yu Bo

Inventor before: Zhang Shuai

Inventor before: Xian Henan

Inventor before: Yu Bo

Inventor before: Wang Zhihua