CN103812871B - Development method and system based on mobile terminal application program security application - Google Patents

Development method and system based on mobile terminal application program security application Download PDF

Info

Publication number
CN103812871B
CN103812871B CN201410062383.5A CN201410062383A CN103812871B CN 103812871 B CN103812871 B CN 103812871B CN 201410062383 A CN201410062383 A CN 201410062383A CN 103812871 B CN103812871 B CN 103812871B
Authority
CN
China
Prior art keywords
mail
terminal
server
sdk
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410062383.5A
Other languages
Chinese (zh)
Other versions
CN103812871A (en
Inventor
张帅
咸赫男
喻波
王志华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wondersoft Technology Co Ltd
Original Assignee
Beijing Wondersoft Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wondersoft Technology Co Ltd filed Critical Beijing Wondersoft Technology Co Ltd
Priority to CN201410062383.5A priority Critical patent/CN103812871B/en
Publication of CN103812871A publication Critical patent/CN103812871A/en
Application granted granted Critical
Publication of CN103812871B publication Critical patent/CN103812871B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a development method and system based on mobile terminal application program security application. The system comprises a sending terminal, a safe software development kit (SDK), a server and a receiving terminal. The method includes that the sending terminal requests a random number from the server, after the requested random number is received, a private key of the sending terminal is called to perform signing on the random number, and a signing result and a signing public key certificate are sent to the server; after the success of identity authentication, the safe SDK is called, received data information is encrypted through symmetric keys, the symmetric keys are encrypted by a public key of the receiving terminal, and encrypted symmetric keys and data information are sent to the receiving terminal; the receiving terminal calls the safe SDK to decrypt encrypted data. By means of the development method and system based on mobile terminal application program security application, related problems such as identity authentication, data breach and equipment controlling of data information safety are avoided.

Description

A kind of development approach and system based on application program for mobile terminal safety applications
Technical field
It is the present invention relates to a kind of mobile terminal data security fields, more particularly to a kind of based on application program for mobile terminal peace The development approach and system of full application.
Background technology
PKI:Public Key Infrastructure, i.e. PKIX, are a kind of keys for following written standards Management platform, it can provide the cryptographic services such as encryption and decryption and digital signature and necessary key for all information security applications With certificate management system, in simple terms, PKI is exactly that the basis of the offer security service set up using public key theory and technology is set Apply.PKI technologies are the cores of information security technology, and the crucial and basic technology of ecommerce.
Certificate SDK:Software Development Kit, based on PKI systems, one can provide opening for safety supports Platform is sent out, internal to different type, different medium, the certificate operation of different specification carry out unified interface encapsulation, and user is without needs It is concerned about complicated security details, (such as P1, P7 is signed and tested, data letter need to only to call result data that the corresponding interface obtains oneself mutually wanting Envelope, symmetrical encryption and decryption, HASH etc.).This SDK will support cross-platform, support that the CSP of main flow, P11, the close specification of state support soft or hard Certificate.
HMAC:Hash-based Message Authentication Code, are the related Hash operation message of key Authentication code, HMAC computings utilize hash algorithm, with a key and a message as input, generate an eap-message digest as defeated Go out.
With the progress and development of information age, intelligent movable mobile phone has obtained rapid popularization, and mobile terminal application is made For the core of smart mobile phone, countless, miscellaneous application program for mobile terminal has captured Mobile solution market, and these should With the demand for meeting user's different aspect.Can be divided into from user mutual in form:User logs in, user's registration, user recognize Card etc., can be divided into from text data information transmission:Cloud phone, mail, check document, file storage.Show exhibition from information Show and can be divided into:Address list, mail, browser etc. are applied;Mobile terminal application provides what information showed, and transmitted and stores Function, without in view of being packaged using encryption technology, it is ensured that the safety management of data Life cycle.
It is existing use relatively extensive some systems be all using password, domain certification and coded lock as authentication, and And for the transmission of data all adopts clear-text way;Data are all to locally with stored in clear;
Basal profile
Authentication User name, password, graphical passwords lock
Data transfer Plaintext transmission
Data storage Stored in clear
The problem that current mobile terminal application is primarily present:
1. authentication is carried out using password or coded lock, Cipher Strength is weaker, it is impossible to guarantee identity security;
2., in data transmission procedure, plaintext transmission, data are possible to monitored;
3. downloaded using mobile terminal and file is checked in plain text, it is impossible to guarantee data safety.
Existence foundation SDK in prior art, supports as the function of mobile terminal application, and some developers are basic by some Function package is in SDK, there is provided quickly realize phase by calling basic SDK to Mobile solution developer, upper-layer service logic The function of answering, for the function of a certain application of mobile terminal carries out unified management, maintenance, this improve code durability, Work efficiency and reduction company cost.
Existing SDK is directed to the functions such as user authentication, data transfer, equipment control, third-party application and is packaged, from And the certification to user provides username-password authentication mode, the encapsulation of the technologies such as SQLite, XML is provided for data storage, The modes such as Http, TCP are provided to network and receives and dispatches senior encapsulation.
Fig. 1 is the functional structure chart that mail SDK possesses in prior art, and Fig. 2 is mobile terminal mail in prior art Transmission flow figure.
As shown in figure 1, existing mail SDK includes following functions component:Password logon component, sends mail components, wound Mail components are built, mail components, database component, configuration component is received.
Mailing system of the prior art includes:Mail Clients, mail SDK, mail server, mail transmission flow is such as Under:
1)The mail APP of Mail Clients starts to send mail;
2)Mail APP calls SDK to send mail interface;
3)After mail SDK receives mail data, mail data is transferred to into mail server;
4)Mail server receives mail data;
5)According to recipient address, mail server is transmitted data at e-mail recipient;
6)Mail server returning result information;
7)Mail SDK will send object information return;
8)Mail Clients is received and sends object information;
9)Terminate.
Encapsulation base application SDK is a kind of conventional mode of each manufacturer, such as provides mail mobile terminal SDK, address list SDK, network data transmission SDK, data storage XML, SQLite etc. all encapsulate basic SDK, provide for upper layer application and quickly open Send out interface.But most basic SDK does not consider how to ensure authentication safety itself, such as prevents replay attack, prevents Only identity impersonation, excessive in network transmission consider is efficiency of transmission, or model is light, does not consider whether exist The potential safety hazard such as divulge a secret, file data may be monitored in transmitting procedure;Arrived with clear-text way storage in terms of data storage May locally be stolen, not do control of authority and manage with document life;Lack unified management, unified protection
The content of the invention
In order to solve the development problem of application program for mobile terminal safety applications, the present invention proposes a kind of based on mobile whole The development approach of end application security application, the method comprise the steps:
1)Server request random number is sent terminal to, after the random number for receiving request, transmission terminal secret key is called The random number is signed, and signature result and public signature key certificate are sent to the server, the server is demonstrate,proved Book validation verification sign test, return authentication result if the verification passes, skip to step 2);
2)Send terminal and call safe SDK, and user profile and data message, the safe SDK roots is sent to the SDK Receiving terminal public key is obtained according to the user profile, then in locally generated symmetric key, and using the symmetric key to receiving The data message be encrypted, the symmetric key is encrypted using the receiving terminal public key, will be encrypted right Claim key and data message to be assembled into digital envelope, the digital envelope is returned to into transmission terminal finally;
3)Send terminal to receiving terminal and send above-mentioned digital envelope;
4)After the receiving terminal receives the digital envelope, the safe SDK is called, the safe SDK parsings are described Digital envelope, parses ciphertext symmetric key and ciphertext data, using receiving terminal private key decrypting ciphertext symmetric key, using bright Literary symmetric key decryption ciphertext data, by the application layer of the clear data information transmission of decryption to receiving terminal.
Further, the step 1)In, terminal is sent after the random number for receiving request, carry out enumerating equipment, beat Open up it is standby, enumerate certificate, then verify PIN code, if authentication failed, terminate verify flow process, if be proved to be successful, just continuation Follow-up verification step.
Further, the step 2)Described in safe SDK the receiving terminal public key is obtained according to the user profile Including:The safe SDK is locally searching the receiving terminal public key according to the user profile, if locally do not existed, The user profile is sent to into server, the receiving terminal public key is received from the server.
Further, the transmission terminal and receiving terminal respectively send mail terminal and receive mail terminal, described Server includes mail security management platform and mail server, and the transmission mail terminal is by the mail server to described Receive mail terminal and send mail.
Further, the step 2)Middle transmission mail terminal calls the safe SDK, and sends to the safe SDK The E-mail of plaintext, e-mail recipient's list, the safe SDK are obtained according to e-mail recipient's list and receive mail terminal public affairs Key, and the effectiveness of the public key is verified, after being verified, to mail signature.
Further, the step 4)Used in after plaintext symmetric key decryption ciphertext data, need checking to receive mail The effectiveness of terminal public key.
In order to solve the development problem of application program for mobile terminal safety applications, the invention allows for a kind of based on movement The development system of end application safety applications, the system include:Send terminal, safe SDK, server, receiving terminal;
Server request random number is sent terminal to, after the random number for receiving request, transmission terminal secret key pair is called The random number is signed, and signature result and public signature key certificate are sent to the server, and the server carries out certificate Validation verification sign test, return authentication result;Terminal is sent after authentication success, safe SDK is called, and to described SDK sends user profile and data message, and the safe SDK obtains receiving terminal public key, Ran Hou according to the user profile Locally generated symmetric key, and the data message for receiving is encrypted using the symmetric key, received eventually using described End public key is encrypted to the symmetric key, and encrypted symmetric key and data message are assembled into digital envelope, finally will The digital envelope returns to transmission terminal, sends terminal to receiving terminal and sends above-mentioned digital envelope;The receiving terminal is received To after the digital envelope, the safe SDK is called, the safe SDK parses the digital envelope, parses ciphertext symmetric key With ciphertext data, using receiving terminal private key decrypting ciphertext symmetric key, using plaintext symmetric key decryption ciphertext data, will solve Application layer of the close clear data information transmission to receiving terminal.
Further, terminal is sent after the random number for receiving request, carry out enumerating equipment, opening equipment, enumerate card Book, then verifies PIN code, if authentication failed, terminates to verify flow process, if be proved to be successful, just continues follow-up checking step Suddenly.
Further, the safe SDK obtains the receiving terminal public key according to the user profile and includes:The safety SDK is locally searching the receiving terminal public key according to the user profile, if locally do not existed, by the user profile Server is sent to, and the receiving terminal public key is received from the server.
Further, the transmission terminal and receiving terminal respectively send mail terminal and receive mail terminal, described Server includes mail security management platform and mail server, and the transmission mail terminal is by the mail server to described Receive mail terminal and send mail.
Further, send mail terminal and call the safe SDK, and to the safe SDK send plaintext E-mail, E-mail recipient's list, the safe SDK are obtained according to e-mail recipient's list and receive mail terminal public key, with transmission mail The private key of terminal is signed to mail, produces symmetric key, and privacy enhanced mail using certifying device, uses receiving terminal public key encryption Symmetric key is simultaneously packaged into digital envelope with ciphertext mail, is assembled into secure e-mail E-mail, and secure e-mail E-mail is sent out Deliver to mail server.
Further, the transmission mail terminal calls the safe SDK, and sends the E- of plaintext to the safe SDK Mail, e-mail recipient's list, the safe SDK are obtained according to e-mail recipient's list and receive mail terminal public key, and are tested The effectiveness of the public key is demonstrate,proved, after being verified, to mail signature.
Further, using after plaintext symmetric key decryption ciphertext data, needs checking receives mail end to the safe SDK The effectiveness of end public key.
Further, the system also includes a data base, is encrypted reconciliation for the pagefile for sqlite3 It is close.
Further, the system also includes a mobile management control station, there is provided a UI operation interface, to mobile terminal row For and user carry out management and control, including user management, strategy configuration, log audit.
By scheme proposed by the present invention, following technique effect is achieved:
The relevant issues of data information security after third-party application calls this SDK, can be avoided substantially, is recognized including identity Card, data leak, apparatus management/control etc..Because the certificate in the identity and hardware device of user is mutually binding.If no This hardware device, related people cannot check ciphered data information.Even if data message monitored intercepting in the transmission, but supervise Hearer also has no idea to be decrypted data message so as to which the data for obtaining are without in all senses.
Description of the drawings
Fig. 1 is the functional unit figure that mail SDK possesses in prior art.
Fig. 2 is mobile terminal mail transmission flow figure in prior art.
Fig. 3 is the overall framework figure of the present invention.
Fig. 4 is the mobile terminal authentication flow chart of the present invention.
Fig. 5 is the mobile terminal data encryption flow figure of the present invention.
Fig. 6 is the mobile terminal data decryption flow chart of the present invention.
Fig. 7 is that the present invention realizes that mobile terminal safety sends the overall framework figure of mail.
Fig. 8 is the mobile terminal email encryption flow chart of the present invention.
Fig. 9 is the mobile terminal mail decryption flow chart of the present invention.
Specific embodiment
It is an object of the invention to provide various safe identification authentication modes, the such as certification of certificate mode, dynamic password side Formula certification, improves mechanism of permitting the entrance, in the face of data storage security, there is provided the SQLite of safety, XML, configuration file, and landing document adds The modes such as close storage, rights management, and life cycle management, it is ensured that mobile terminal local datastore safety;Network is passed The HTTP encrypted transmissions agency of the defeated socket layer that safety is provided, and various TSM Security Agent modes based on certificate, such as safety, The Socket of safety(TCP/UDP), so as to protect transmitted data on network safety, request data put distort, anti-repudiation.And offer sets Standby management and control interface, is uniformly controlled to the wifi/ bluetooths of equipment.A series of underlying security interfaces of opening, such as credential key behaviour Make, such as encryption and decryption, signature, sign test, P7 encapsulation, PKCS#11 standard interfaces, based on these basic security components, are incorporated into postal In part mobile terminal, network application mobile terminal, mobile office software, it is ensured that identity security is pacified with the data in verification process Entirely, and for network data and file data from being transferred to storage provide safety guarantee, and provide file security browse, authority pipe Reason, the ability of life cycle management, are the data security protectings of current comparative maturity based on the data encrypting and deciphering technology of PKI systems Solution, and it is widely used in data security arts, cryptological technique is incorporated in data message, that is for data message Safety Industry will be a qualitative leap.
Fig. 3 illustrates the overall framework figure of the present invention, and the equipment that whole system framework is specifically included has:
Safe SDK:Under PKI systems, a development platform that can carry out certificate operation supports hardware accreditation card A series of book, there is provided components with regard to safety such as terminal encryption, channel management, credential key, authentication, it is ensured that data message And the safety of authentication;A series of terminal mastering components such as equipment control, traffic monitoring, screen locking control are provided, it is right to realize Terminal unit carries out unifying management and control;MOB system support components include encrypting SQLite3, system configuration(XML/Plist), Key cards Adapter is driven, and quick development interface is provided for upper layer application;SDK in this patent provides emphatically authentication interface and data The interfaces such as information security, call for upper layer application.
Master server:Support that Ldap servers are synchronous with the account of AD domain servers, server interacts bag with safe SDK's Include:User authentication, policy distribution, log audit;
Data base:For the pagefile of sqlite3, pagefile is encrypted and decrypted, solved when inquiry number According to whole table being decrypted or by the inquiry mode of part field decryption with updating the data, operational efficiency is improved, is shielded again The security details realized to upper strata are covered;
Mobile management control station:One UI operation interface is provided, management and control is carried out to mobile terminal behavior and user, including User management, strategy configuration, log audit.
Fig. 4 illustrates the flow for authenticating ID figure of mobile terminal.
The authentication procedures of the mobile terminal include:
1)Mobile terminal is to server request random number;
2)Server receives request, and returns random number to mobile terminal;
3)Mobile terminal enumerates equipment;
4)Mobile terminal opens equipment;
5)Mobile terminal enumerates certificate;
6)Checking PIN code, if authentication failed terminates checking, if be proved to be successful call private key to sign random number Name;
7)Signature result and public signature key certificate are sent to server;
8)Server authentication public key certificate effectiveness, if authentication failed, terminates checking;
9)If be proved to be successful, checking signature effectiveness, authentication failed terminate checking;
10)Signature verification success, to mobile terminal return authentication result;
11)Mobile terminal receives the result.
Above-mentioned authentication can be authenticated by way of preset key and algorithm, i.e., without public key certificate Challenge-response mode.
Embodiment 1
The safety communicating method between a kind of mobile terminal is provided in embodiment 1.
As shown in figure 5, which show the process of mobile terminal ciphered data information of the present invention.Data encryption process is specifically wrapped Include following steps:Mobile terminal upper level applications call safe SDK encryption datas, incoming user information and data message Afterwards, safe SDK is by the public key according to user information searching to user(If locally do not existed, make to server request The public key of user), then in locally generated symmetric key, data are encrypted using symmetric key, with the public key of user Symmetric key is encrypted, the data of the symmetric key of encryption and encryption digital envelope is assembled into into, finally by digital envelope Return to mobile terminal upper level applications.
As shown in fig. 6, which show the process that mobile terminal receives simultaneously ciphertext data information.Data receiver decrypting process bag Include:Mobile terminal upper level applications call safe SDK ciphertext datas, by ciphertext data incoming safe SDK, safe SDK parsings Digital envelope, parses active user's ciphertext symmetric key and ciphertext data, and it is right to be decrypted using current user credentials device private Claim key, using plaintext symmetric key decryption ciphertext data, the clear data of decryption is delivered to into the safety applications of mobile terminal Program.
Embodiment 2
The secure e-mail communication means between a kind of mobile terminal is provided in embodiment 2.
Shown in institute Fig. 7, the overall framework figure that mobile terminal sends safely mail by SDK is which show.
Which includes mail server, Mail Clients, safety management platform and data base, and wherein mail server realizes postal The transmitting-receiving of part, client can both be fixed pc client, or mobile andriod/IOS clients, in client Basic SDK is integrated with, the authentication of mail and the function of data encryption/decryption is realized, data is obtained by network communication The KEY of encryption, client realize authentication by communicating with safety management platform, the acquisition of strategy and encrypted public key, safety Management platform includes that safety service processes serviced component and WEB service component, and which includes authentication component, certificate pipe again respectively Reason component, policy management component, log audit component and front-end control platform, subscriber information management component, safety management platform Data are obtained to related database communication, data base is similar with the database function in accompanying drawing 3.
As shown in figure 8, which show the process that mobile terminal encryption sends mail, the email encryption process includes following step Suddenly:
1)Secure e-mail application program for mobile terminal starts to send mail;
2)Secure e-mail application program for mobile terminal calls SDK ciphering signature interfaces, the E-MAIL of incoming plaintext, mail to connect Receipts person's list;
3)Safe SDK obtains addressee's public key according to e-mail recipient's list, if local no addressee's public key, to Mail security management platform asks addressee's public key;
4)The effectiveness of checking addressee's public key;
5)After being verified, mail is signed with the private key of sender;
6)Symmetric key privacy enhanced mail are generated using sender's certifying device;
7)With addressee's public key and urgent key encrypted symmetric key and and ciphertext mail be packaged into digital envelope, be assembled into Secure e-mail E-MAIL;
8)Secure e-mail E-MAIL is returned to into secure e-mail application program for mobile terminal;
9)Secure e-mail application program for mobile terminal receives secure e-mail E-MAIL, and the E-MAIL of ciphertext is sent to mail Server;
10)Mail server receives secure e-mail E-MAIL.
As shown in figure 9, which show the process of secure e-mail mobile terminal receiving and deciphering mail, the process includes following step Suddenly:
1)The request of secure e-mail application program for mobile terminal receives mail;
2)Mail security management platform sends mail to secure e-mail application program for mobile terminal;
3)Secure e-mail application program for mobile terminal receives safe ciphertext mail;
4)Secure e-mail mobile terminal calls SDK to be decrypted, SDK parsing mail E-MAIL, parses digital envelope;
5)SDK calls addressee's private key decrypted symmetric key, using symmetric key decryption ciphertext mail;
6)Sender's public key certificate is searched in local cache;
7)If do not found in local cache, to email server requests sender's public key certificate;
8)Checking sender's public key certificate effectiveness;
9)After being verified, mail signature is verified;
10)Mail is returned in plain text and sign test result to secure e-mail application program for mobile terminal;
11)Check mail.
Above-mentioned mobile terminal(Secure e-mail mobile terminal)Can be mobile phone, PDA, the various intelligent mobile ends such as removable computer End equipment.
By embodiments of the invention, after third-party application calls this SDK, the phase of data information security can be avoided substantially Pass problem, leaks including authentication, data, apparatus management/control etc..Because the certificate in the identity and hardware device of user is phase Mutually bind.If not having this hardware device, related people cannot check ciphered data information.Even if data message is in transmission In monitored intercepting, but listener also has no idea to be decrypted data message so as to which the data for obtaining are not without in all senses.
Presently preferred embodiments of the present invention is the foregoing is only, protection scope of the present invention is not intended to limit.It is all Within the spirit and principles in the present invention, any modification, equivalent and improvement for being made etc. all should protect the guarantor in the present invention Within the scope of shield.

Claims (10)

1. a kind of development approach based on application program for mobile terminal safety applications, the method comprise the steps:
1) server request random number is sent terminal to, and after the random number for receiving request, transmission terminal secret key is called to this Random number is signed, and signature result and public signature key certificate are sent to the server, and the server carries out certificate to be had The checking of effect property sign test, return authentication result if the verification passes, skip to step 2);
2) sending terminal and calling safe SDK, and user profile and data message is sent to the SDK, the safe SDK is according to institute State user profile and obtain receiving terminal public key, then in locally generated symmetric key, and the institute using the symmetric key to reception State data message to be encrypted, the symmetric key is encrypted using the receiving terminal public key, will be encrypted symmetrical close Key and data message are assembled into digital envelope, and the digital envelope is returned to transmission terminal finally;
3) send terminal to receiving terminal and send above-mentioned digital envelope;
4) after the receiving terminal receives the digital envelope, the safe SDK is called, the safe SDK parses the numeral Envelope, parses ciphertext symmetric key and ciphertext data, using receiving terminal private key decrypting ciphertext symmetric key, using right in plain text Claim secret key decryption ciphertext data;
Wherein, the transmission terminal and receiving terminal respectively send mail terminal and receive mail terminal, the server bag Include mail security management platform and mail server, the step 2) described in send mail terminal call the safe SDK, and The E-mail of plaintext, e-mail recipient's list are sent to the safe SDK, the safe SDK is according to e-mail recipient's list Obtain and receive mail terminal public key, and verify the effectiveness of the public key, it is after being verified, to mail signature, described so as to realize Send mail terminal and mail is sent to the reception mail terminal by the mail server.
2. method according to claim 1, the step 1) in, the transmission terminal is receiving the random number of request Afterwards, carry out enumerating equipment, opening equipment, enumerate certificate, then verify PIN code, if authentication failed, terminate to verify flow process, If be proved to be successful, just continue follow-up verification step.
3. method according to claim 1, the step 2) described in safe SDK according to the user profile is obtained Receiving terminal public key includes:The safe SDK is locally searching the receiving terminal public key according to the user profile, if originally Ground is not present, then the user profile is sent to server, receives the receiving terminal public key from the server.
4. method according to claim 1, the step 4) used in after plaintext symmetric key decryption ciphertext data, need The checking effectiveness for receiving mail terminal public key.
5. a kind of development system based on application program for mobile terminal safety applications, the system include:Transmission terminal, safe SDK, Server, receiving terminal;
Send terminal to server request random number, after the random number for receiving request, call transmission terminal secret key to this with Machine number is signed, and signature result and public signature key certificate are sent to the server, and it is effective that the server carries out certificate Property checking and sign test, return authentication result;Terminal is sent after authentication success, safe SDK is called, and is sent out to the SDK User profile and data message is sent, the safe SDK obtains receiving terminal public key according to the user profile, then in this real estate Raw symmetric key, and the data message for receiving is encrypted using the symmetric key, using the receiving terminal public key The symmetric key is encrypted, encrypted symmetric key and data message are assembled into into digital envelope, finally by the numeral Envelope returns to transmission terminal, sends terminal to receiving terminal and sends above-mentioned digital envelope;The receiving terminal receives described After digital envelope, the safe SDK is called, the safe SDK parses the digital envelope, parses ciphertext symmetric key and ciphertext Data, using receiving terminal private key decrypting ciphertext symmetric key, using plaintext symmetric key decryption ciphertext data;
Wherein, the transmission terminal and receiving terminal respectively send mail terminal and receive mail terminal, the server bag Mail security management platform and mail server is included, the transmission mail terminal calls the safe SDK, and to the safety SDK sends the E-mail of plaintext, e-mail recipient's list, and the safe SDK is obtained according to e-mail recipient's list and received postal Part terminal public key, and the effectiveness of the public key is verified, after being verified, to mail signature, so as to realize the transmission mail end End sends mail by the mail server to the reception mail terminal.
6. system according to claim 5, the transmission terminal after the random number for receiving request carry out enumerating setting Standby, opening equipment, certificate is enumerated, then verify PIN code, if authentication failed, terminate to verify flow process, if be proved to be successful, Just continue follow-up verification step.
7. system according to claim 5, the safe SDK obtain the receiving terminal public key according to the user profile Including:The safe SDK is locally searching the receiving terminal public key according to the user profile, if locally do not existed, The user profile is sent to into server, the receiving terminal public key is received from the server.
8. system according to claim 5, after the safe SDK uses plaintext symmetric key decryption ciphertext data, needs The checking effectiveness for receiving mail terminal public key.
9. system according to claim 5, the system also include a data base, for the pagefile for sqlite3 Encrypt and decrypt.
10. system according to claim 9, the system also include a mobile management control station, there is provided a UI operates boundary Face, carries out management and control to mobile terminal behavior and user, including user management, strategy configuration, log audit.
CN201410062383.5A 2014-02-24 2014-02-24 Development method and system based on mobile terminal application program security application Active CN103812871B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410062383.5A CN103812871B (en) 2014-02-24 2014-02-24 Development method and system based on mobile terminal application program security application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410062383.5A CN103812871B (en) 2014-02-24 2014-02-24 Development method and system based on mobile terminal application program security application

Publications (2)

Publication Number Publication Date
CN103812871A CN103812871A (en) 2014-05-21
CN103812871B true CN103812871B (en) 2017-03-22

Family

ID=50709072

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410062383.5A Active CN103812871B (en) 2014-02-24 2014-02-24 Development method and system based on mobile terminal application program security application

Country Status (1)

Country Link
CN (1) CN103812871B (en)

Families Citing this family (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104679816B (en) * 2014-12-17 2018-02-06 上海彩亿信息技术有限公司 A kind of SQLITE database application methods under embedded system
CN105208024B (en) * 2015-09-22 2019-08-20 深圳市金溢科技股份有限公司 Without using the data safe transmission method and system of HTTPS, client and server-side
CN105337965A (en) * 2015-10-10 2016-02-17 浪潮(北京)电子信息产业有限公司 Data acquisition method and device
CN106888183A (en) * 2015-12-15 2017-06-23 阿里巴巴集团控股有限公司 Data encryption, decryption, the method and apparatus and system of key request treatment
CN106055931B (en) * 2016-05-18 2017-06-16 北京芯盾时代科技有限公司 Mobile terminal software safe component system and the cipher key system for the system
CN105915342A (en) * 2016-07-01 2016-08-31 广州爱九游信息技术有限公司 Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method
CN107689934B (en) * 2016-08-03 2020-12-04 腾讯科技(深圳)有限公司 Method, server and client for guaranteeing information security
CN106453431B (en) * 2016-12-19 2019-08-06 四川长虹电器股份有限公司 The method authenticated between internet system is realized based on PKI
CN106789092A (en) * 2017-02-28 2017-05-31 河源弘稼农业科技有限公司 Cipher key transmission methods, cipher key delivery device, server and communication equipment
CN107038590A (en) * 2017-03-21 2017-08-11 阿里巴巴集团控股有限公司 Show the implementation method and device of user profile
CN107508796B (en) * 2017-07-28 2019-01-04 北京明朝万达科技股份有限公司 A kind of data communications method and device
CN107633402B (en) * 2017-09-14 2020-06-23 深圳市华付信息技术有限公司 Method and system for aggregation authentication
CN107994995A (en) * 2017-11-29 2018-05-04 深圳市文鼎创数据科技有限公司 A kind of method of commerce, system and the terminal device of lower security medium
CN107733646A (en) * 2017-11-30 2018-02-23 中国联合网络通信集团有限公司 Encryption method, decryption method and encrypting and decrypting system
CN109450881B (en) * 2018-10-26 2019-10-15 天津海泰方圆科技有限公司 A kind of data transmission system, method and device
CN109639407A (en) * 2018-12-28 2019-04-16 浙江神州量子通信技术有限公司 A method of information is encrypted and decrypted based on quantum network
CN110493212A (en) * 2019-08-13 2019-11-22 上海威尔立杰网络科技发展有限公司 A kind of general purpose mail End to End Encryption method
CN111242768B (en) * 2019-12-31 2024-06-25 航天信息股份有限公司 Credit card information security acquisition method, device and system
CN111464554B (en) * 2020-04-13 2022-03-15 浙江吉利新能源商用车集团有限公司 Vehicle information safety control method and system
CN111506910B (en) * 2020-04-15 2023-06-06 上海数禾信息科技有限公司 Database encryption method and device
CN111431719A (en) * 2020-04-20 2020-07-17 山东确信信息产业股份有限公司 Mobile terminal password protection module, mobile terminal and password protection method
CN111639350B (en) * 2020-05-16 2023-01-31 中信银行股份有限公司 Cipher service system and encryption method
CN111797378A (en) * 2020-07-06 2020-10-20 遵义科晟云达科技有限公司 Multiple identity management authentication platform of people's society information
CN111930763A (en) * 2020-07-29 2020-11-13 浙江德迅网络安全技术有限公司 Network security protection method for encrypted https protocol
CN112134843B (en) * 2020-08-19 2023-10-13 南京信息职业技术学院 Authentication method of Internet of things equipment
CN114567425B (en) * 2020-11-27 2024-02-02 中国电信股份有限公司 Internet of things communication method and system, soC Sim and Internet of things terminal
CN112751672B (en) * 2020-12-30 2022-11-11 上海微波技术研究所(中国电子科技集团公司第五十研究所) Multi-parameter-based adaptive data encryption protection method and system
CN113434884B (en) * 2021-06-30 2023-07-21 青岛海尔科技有限公司 Encryption method, decryption method and related device for configuration file
CN113489723B (en) * 2021-07-05 2022-11-22 平安科技(深圳)有限公司 Data transmission method, system, computer device and storage medium
CN113709696B (en) * 2021-08-13 2023-12-29 支付宝(杭州)信息技术有限公司 Vehicle remote control method and device, and key initialization method and device
CN113904848B (en) * 2021-10-09 2023-08-04 天翼物联科技有限公司 Certificate and key downloading method and system of terminal of Internet of things
CN114338091B (en) * 2021-12-08 2024-05-07 杭州逗酷软件科技有限公司 Data transmission method, device, electronic equipment and storage medium
CN114500003B (en) * 2021-12-31 2023-12-26 广东省电信规划设计院有限公司 Cloud access authentication method, device and system for lightweight ubiquitous power internet of things terminal
CN114785514B (en) * 2022-03-23 2023-11-14 国网上海能源互联网研究院有限公司 Method and system for application license authorization of industrial Internet of things terminal
CN118250079A (en) * 2024-04-17 2024-06-25 数盾信息科技股份有限公司 Multi-terminal application data secure transmission method, device and system
CN118171326B (en) * 2024-05-15 2024-09-27 杭州芯控智能科技有限公司 IoC-based distributed data security management method, system and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101257381A (en) * 2008-03-25 2008-09-03 中兴通讯股份有限公司 Software protecting method of terminal equipment as well as terminal equipment with software protecting function
CN101309139A (en) * 2007-05-15 2008-11-19 盛大计算机(上海)有限公司 License authentication system
CN102089765A (en) * 2008-05-21 2011-06-08 桑迪士克公司 Authentication for access to software development kit for a peripheral device
CN102571693A (en) * 2010-12-07 2012-07-11 中国移动通信集团公司 Capability safety calling method, device and system
CN103559040A (en) * 2013-11-12 2014-02-05 厦门卓讯信息技术有限公司 System and method based on SDK for rapidly building mobile internet application module

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8621601B2 (en) * 2008-05-21 2013-12-31 Sandisk Technologies Inc. Systems for authentication for access to software development kit for a peripheral device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101309139A (en) * 2007-05-15 2008-11-19 盛大计算机(上海)有限公司 License authentication system
CN101257381A (en) * 2008-03-25 2008-09-03 中兴通讯股份有限公司 Software protecting method of terminal equipment as well as terminal equipment with software protecting function
CN102089765A (en) * 2008-05-21 2011-06-08 桑迪士克公司 Authentication for access to software development kit for a peripheral device
CN102571693A (en) * 2010-12-07 2012-07-11 中国移动通信集团公司 Capability safety calling method, device and system
CN103559040A (en) * 2013-11-12 2014-02-05 厦门卓讯信息技术有限公司 System and method based on SDK for rapidly building mobile internet application module

Also Published As

Publication number Publication date
CN103812871A (en) 2014-05-21

Similar Documents

Publication Publication Date Title
CN103812871B (en) Development method and system based on mobile terminal application program security application
US10595201B2 (en) Secure short message service (SMS) communications
CN108684041B (en) System and method for login authentication
CN109347635A (en) A kind of Internet of Things security certification system and authentication method based on national secret algorithm
CN105306211B (en) A kind of identity identifying method of client software
CN106453361B (en) A kind of security protection method and system of the network information
CN103297403A (en) Method and system for achieving dynamic password authentication
CN104301115B (en) Mobile phone and Bluetooth key signature verification ciphertext communication method
CN105284072A (en) Support for decryption of encrypted data
CN101635924B (en) CDMA port-to-port encryption communication system and key distribution method thereof
CN1977559B (en) Method and system for protecting information exchanged during communication between users
CN106304074A (en) Auth method and system towards mobile subscriber
CN105828332A (en) Method of improving wireless local area authentication mechanism
CN105072125A (en) HTTP communication system and method
CN109412812A (en) Data safe processing system, method, apparatus and storage medium
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN103974248A (en) Terminal security protection method, device and system in ability open system
CN107026823A (en) Applied to the access authentication method and terminal in WLAN WLAN
CN103428077A (en) Method and system for safely receiving and sending mails
KR101281099B1 (en) An Authentication method for preventing damages from lost and stolen smart phones
CN104683107A (en) Digital certificate storage method and device, and digital signature method and device
CN105704711A (en) Method for ensuring call communication security, device and user terminal
KR101358375B1 (en) Prevention security system and method for smishing
CN104796262A (en) Data encryption method and terminal system
CN103916834A (en) Short message encryption method and system allowing user to have exclusive secret key

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100097 Beijing city Haidian District landianchang Road No. 25 North International Building Jiayou two layer

Applicant after: Beijing Mingchaowanda Technology Co., Ltd.

Address before: 100088 Beijing city Haidian District Zhichun Road Tai Yue Park 3 Building 6 layer

Applicant before: Beijing Wonder-soft Co., Ltd.

COR Change of bibliographic data
C14 Grant of patent or utility model
GR01 Patent grant
CB03 Change of inventor or designer information

Inventor after: Wang Zhihua

Inventor after: Peng Hongtao

Inventor after: Zhang Shuai

Inventor after: Xian Henan

Inventor after: Yu Bo

Inventor before: Zhang Shuai

Inventor before: Xian Henan

Inventor before: Yu Bo

Inventor before: Wang Zhihua

CB03 Change of inventor or designer information