CN104378381A - Intelligent terminal enterprise Email security office method and system - Google Patents

Intelligent terminal enterprise Email security office method and system Download PDF

Info

Publication number
CN104378381A
CN104378381A CN201410707158.2A CN201410707158A CN104378381A CN 104378381 A CN104378381 A CN 104378381A CN 201410707158 A CN201410707158 A CN 201410707158A CN 104378381 A CN104378381 A CN 104378381A
Authority
CN
China
Prior art keywords
corporate mail
mail
intelligent terminal
corporate
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410707158.2A
Other languages
Chinese (zh)
Inventor
朱为朋
王赞
王晓斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Feixun Data Communication Technology Co Ltd
Original Assignee
Shanghai Feixun Data Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Feixun Data Communication Technology Co Ltd filed Critical Shanghai Feixun Data Communication Technology Co Ltd
Priority to CN201410707158.2A priority Critical patent/CN104378381A/en
Publication of CN104378381A publication Critical patent/CN104378381A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/107Computer-aided management of electronic mailing [e-mailing]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Abstract

The invention provides an intelligent terminal enterprise Email security office method and system. The method includes: an intelligent operating system is divided into a personal application domain and an enterprise application domain which are independent through the ARMTrustZone technology; the personal application domain operates third-party software downloaded by a user; the enterprise application domain operates safe application software authenticated by an enterprise; enterprise Emails are operated in the enterprise application domain. The method has the advantages that the intelligent operating system is divided into the personal application domain and the enterprise application domain which are independent through the ARMTrustZone technology, data accessing and interaction between the two domains are avoided, and the enterprise Emails of the enterprise application domain are protected from being interfered or invaded by the applications of the personal application domain.

Description

The safe office procedure of intelligent terminal corporate mail and system
Technical field
The invention belongs to intelligent terminal technical field, relate to a kind of mail security office procedure and system, particularly relate to the safe office procedure of a kind of intelligent terminal corporate mail and system.
Background technology
Existing intelligent terminal, as Android system, is most widely used open source system on Vehicles Collected from Market, and be also the target of various Malware and virus attack, its safety problem is that the most concentrated problem is discussed always simultaneously.Corporate mail uses on these systems, also faces serious safety problem simultaneously.
This area has a lot about the solution of mail security, as a kind of method of the enhancing mobile terminal system Email Security based on safe TF card, it comprises: when sending Email, Email, via after weaving in the email disposal assembly of mobile terminal, uses session key to call encrypted component by mail treatment assembly before transmitting and sends to e-mail server to after email encryption; E-mail server does different process by according to the object addresses of items of mail in mail after receiving the Email that mobile terminal sends.The method of Email Security is improved as a kind of, comprise: judge whether to allow to check described Email Body content according to all information of the mail received, if described in check that the condition of checking of carrying in request is consistent with the access consideration that described Email Body content is set up, then allow to check Email Body content, otherwise, forbid checking Email Body content.As a kind of method for managing security of mail data, it comprises: detect the handover operation whether having subscriber identification card; When there being the handover operation of subscriber identification card, the attribute of the e-mail messages corresponding to the delivery email account corresponding with the subscriber identification card before switching and described delivery email is revised as hiding by showing setting.Although existing mail security method is a lot, respectively have pluses and minuses, safety function is single, cannot solve all safety problems.
The problem that existing corporate mail brings mainly concentrate on following some:
1) current working way can not be met.Present corporate mail office system mainly concentrates on PC computer.Along with the high speed development of intelligent terminal, individual mobile device is widely used, and the corporate mail system integration to these equipment has become inevitable development trend.
2) corporate mail is divulged a secret hidden danger.Enterprise uses e-mail system as the important tool of the daily interchange of enterprise staff and business contact, and one of them important reason is exactly that Email has confidentiality.But the leakage of a state or party secret of current enterprise mail gets more and more, the reason of this phenomenon is caused to have a lot, such as enterprise staff sends mail and causes and be not intended to ask and leaked by sensitive information when not knowing that sending content is enterprise's sensitive information, or employee knows sensitive information perfectly well but because certain interests drive the enterprise's sensitive information etc. that deliberately leaks.
3) mail virus is walked crosswise wantonly.The computer virus of mail virus in fact with common is the same, only because their route of transmission is mainly by Email, so be just called as mail virus.Mail virus, except possessing the propagability of street virus, enforceability, destructiveness, ignitionability feature, also has certain particularity, that is: infection speed is fast, spreads wide, removes difficulty, destructive large.
4) spam serious waste productivity.According to the statistics of Chinese anti-rubbish mail alliance, spam quantity comparatively adds 100% in 2007.Wherein, the spam more than 80% is derived from infected corpse computer, and is currently growed in intensity by the incident mail fraud problem of spam.This spam is not only definitely the impurity that a pile is out of favour and makes a lot of variety, it can hinder communicating of email account (and networking and server), because they always are ceaselessly attempting selling product, propagating low-jinks, or carry out network fraud.
Therefore, how corporate mail is handled official business safely and apply on Android system, prevent corporate mail from divulging a secret, prevent suffering virus attack, prevent spam etc. from being current problem anxious to be resolved.
Summary of the invention
The shortcoming of prior art in view of the above, the object of the present invention is to provide the safe office procedure of a kind of intelligent terminal corporate mail and system, applies for solving existing enterprise's mail the problem that there is various security threat on intelligent terminal.
For achieving the above object and other relevant objects, the invention provides the safe office procedure of a kind of intelligent terminal corporate mail, the safe office procedure of described intelligent terminal corporate mail comprises: by ARM TrustZone technology, intelligent operating system is divided into two independently process field: individual application territory and enterprise's application domain; The third party software that described individual application territory run user is downloaded; Described enterprise application domain runs through the safety applications software of corporate authentication; Corporate mail is run in described enterprise application domain.
Alternatively, the safe office procedure of described intelligent terminal corporate mail also comprises: the secure storage module building the special visit of described corporate mail at inner nuclear layer, for storing corporate mail data; In described secure storage module, structure one and the decipherment algorithm of the cryptographic algorithm symmetry of enterprises service end, decipher for user and read described corporate mail data; Or in described secure storage module, build a local cipher algorithm, for leaving this locality in by downloading to from described corporate mail after local mail data is encrypted to ciphertext.
Alternatively, the safe office procedure of described intelligent terminal corporate mail also comprises: build network at inner nuclear layer and connect safety detection mechanism, for after described corporate mail is opened, when needs carry out related network resources access by corporate mail, to the connection website in described corporate mail or/and connection data carries out integrity detection or/and Viral diagnosis.
Alternatively, the safe office procedure of described intelligent terminal corporate mail also comprises: the Security mechanism building described corporate mail at enterprises service end, for carrying out Spam filtering protection or/and checking and killing virus at enterprises service end to described corporate mail.
The present invention also provides a kind of intelligent terminal corporate mail safe office system, the safe office system of described intelligent terminal corporate mail comprises: program execution domains, comprises intelligent operating system be divided into by ARM TrustZone technology two independently process field: individual application territory and enterprise's application domain; The third party software that described individual application territory run user is downloaded; Described enterprise application domain runs through the safety applications software of corporate authentication; Corporate mail module, runs in described enterprise application domain.
Alternatively, the safe office system of described intelligent terminal corporate mail also comprises: secure storage module, is implemented in inner nuclear layer, is connected with described corporate mail module communication, is specially interviewed, for storing corporate mail data by described corporate mail module; Deciphering module, is arranged in described secure storage module, is connected with described corporate mail module communication, is built-in with the decipherment algorithm with the cryptographic algorithm symmetry of enterprises service end, deciphers read described corporate mail data for user; Or local encryption module, be arranged in described secure storage module, be connected with described corporate mail module communication, be built-in with local cipher algorithm, for leaving this locality in by downloading to from described corporate mail after local mail data is encrypted to ciphertext.
Alternatively, the safe office system of described intelligent terminal corporate mail also comprises: network connects safety detection module, be implemented in inner nuclear layer, be connected with described corporate mail module communication, for after corporate mail is opened, when needs carry out related network resources access by corporate mail, to the connection website in corporate mail or/and connection data carries out integrity detection or/and Viral diagnosis.
Alternatively, the safe office system of described intelligent terminal corporate mail also comprises: long-range safety protection module, be arranged at enterprises service end, be connected with described corporate mail module communication, for carrying out Spam filtering protection or/and checking and killing virus at enterprises service end to described corporate mail module.
As mentioned above, the safe office procedure of intelligent terminal corporate mail of the present invention and system, have following beneficial effect:
The present invention is by ARM TrustZone technology, intelligent operating system is divided into individual application and enterprise applies two independently territories, with this, inaccessible and interaction data between mutual territory, ensure that the corporate mail of enterprise's application domain is not by application of interference or the invasion in individual application territory; Open up the special region storing corporate mail at inner nuclear layer and define secure storage module, by encrypting module to data encryption and decryption, prevent and download to local mail by Mail Clients and leak; Additionally use secure network connection mechanism, before carrying out network connection, carry out integrity verification, prevent the application of corporate mail to the access of malicious websites with malice resource, eliminate the intrusion feature of malicious code.
Accompanying drawing explanation
Fig. 1 is a kind of realization flow schematic diagram of the safe office procedure of intelligent terminal corporate mail described in the embodiment of the present invention.
Fig. 2 is the second realization flow schematic diagram of the safe office procedure of intelligent terminal corporate mail described in the embodiment of the present invention.
Fig. 3 is the third realization flow schematic diagram of the safe office procedure of intelligent terminal corporate mail described in the embodiment of the present invention.
The 4th kind of realization flow schematic diagram that Fig. 4 is the safe office procedure of intelligent terminal corporate mail described in the embodiment of the present invention.
Fig. 5 is a kind of implementation structure schematic diagram of the safe office system of intelligent terminal corporate mail described in the embodiment of the present invention.
Fig. 6 is the second implementation structure schematic diagram of the safe office system of intelligent terminal corporate mail described in the embodiment of the present invention.
Fig. 7 is the third implementation structure schematic diagram of the safe office system of intelligent terminal corporate mail described in the embodiment of the present invention.
The 4th kind of implementation structure schematic diagram that Fig. 8 is the safe office system of intelligent terminal corporate mail described in the embodiment of the present invention.
Element numbers explanation
The safe office system of 500 intelligent terminal corporate mail
510 program execution domains
511 individual application territories
512 enterprise's application domains
520 corporate mail modules
530 secure storage modules
540 deciphering modules
550 local encryption module
560 networks connect safety detection module
570 safety protection modules
S101 ~ S107 step
Embodiment
Below by way of specific instantiation, embodiments of the present invention are described, those skilled in the art the content disclosed by this specification can understand other advantages of the present invention and effect easily.The present invention can also be implemented or be applied by embodiments different in addition, and the every details in this specification also can based on different viewpoints and application, carries out various modification or change not deviating under spirit of the present invention.
Refer to accompanying drawing.It should be noted that, the diagram provided in the present embodiment only illustrates basic conception of the present invention in a schematic way, then only the assembly relevant with the present invention is shown in graphic but not component count, shape and size when implementing according to reality is drawn, it is actual when implementing, and the kenel of each assembly, quantity and ratio can be a kind of change arbitrarily, and its assembly layout kenel also may be more complicated.
In order to solve the problem that corporate mail can be handled official business safely on intelligent terminal, the present invention is based on ARM TrustZone technology, intelligent operating system is divided into enterprise's application domain and individual application territory, enterprise's application and individual application forced quarantine are opened, corporate mail system is applied to be operated in enterprise's application domain, distinguish with individual application territory, reaching corporate mail system with this can not by the virus attack in individual application territory; Build safe storage and secure network access mechanism at inner nuclear layer, access hostile network, malice resource can not be divulged a secret and prevent to protection corporate mail data; Simultaneously in corporate mail service end, call mail transit mechanism and checking and killing virus function, filtering spam mail, deletion virus email.By above method and mechanism, the safe working environment of a set of intelligent terminal corporate mail effectively can be built.
Below in conjunction with embodiment and accompanying drawing, the present invention is described in detail.
Embodiment
The present embodiment provides a kind of intelligent terminal corporate mail safe office procedure, and as shown in Figure 1, the safe office procedure of described intelligent terminal corporate mail comprises:
S101, is divided into two independently process field by ARM TrustZone technology by intelligent operating system: individual application territory and enterprise's application domain.The third party software that described individual application territory run user is downloaded is insecure application domain relatively, this insecure application domain to be meant to relative enterprise application domain said, divided by ARM TrustZone technology and determine; Described enterprise application domain runs through the safety applications software of corporate authentication, is reliable application domain relatively.Individual application territory and enterprise's application domain can not carry out communication mutually, completely isolated therebetween, are independent of each other mutually, under jointly operating in an operating system.The program execution domains of the present embodiment provides a secure e-mail mobile office environment for user, the mail applications relevant by enterprise and individual application are isolated, data in two methods territory can not be accessed mutually, the Malware in unreliable territory etc. is attacked less than the corporate mail in reliable territory, the effect of the invasion serve well and prevent misoperation, kept out virus and malicious code.
ARM TrustZone technology is strengthening the measure of system safety from CPU core design, be integrated in the global design of system, in the software and hardware and physical characteristic design of embedded product, add fail safe control, ensure that enterprise's application domain not by malicious external attack.TrustZone provides a kind of for adding exclusive security kernel in system single chip, the scheme of two virtual processors is supported by the access control mode of hardware construction, namely a virtual processor runs enterprise's application domain, and another virtual processor runs individual application territory.This mode can make application core can switch between two methods territory, and information can be avoided under this framework to leak to more unsafe field from more believable core realm.Switching between this kernel field normally with the complete onrelevant of other functions of processor, therefore every field can independent work but still can use same kernel separately.
S102, runs corporate mail in described enterprise application domain.Because corporate mail operates in reliable office application territory, so can effectively prevent mailing system by other malware attacks, and the infringement of mail virus effectively can be prevented.
Further, as shown in Figure 2, the safe office procedure of described intelligent terminal corporate mail also comprises:
S103, builds the secure storage module of described corporate mail special visit, for storing corporate mail data at inner nuclear layer.Other application except described corporate mail can not conduct interviews to described secure storage module.Secure storage module is used for the mail data depositing user specially, prevents user mail from being divulged a secret.The mail data that described secure storage module is downloaded from Mail Clients for depositing user, prevents user mail by other Malware data intercepts with this.
S104, in described secure storage module, structure one and the decipherment algorithm of the cryptographic algorithm symmetry of enterprises service end, decipher for user and read described corporate mail data.Secure storage module and enterprises service end build a cryptographic symmetrical algorithm, and user just can see after will deciphering when reading data.The mail data that enterprises service end sends is the ciphertext after encryption, and will decipher it through secure storage module in client, Mail Clients just can demonstrate mail.
S105, builds a local cipher algorithm in described secure storage module, for leaving this locality in by downloading to from described corporate mail after local mail data is encrypted to ciphertext.What all Mail Clients was downloaded is all save with the form of ciphertext to local mail data, does not have the algorithm of correspondence to see mail data content less than user.All mails that user downloads first are encrypted operation to data to the data of this locality in secure storage module, are kept at territory, kernel memory area with the form of ciphertext.The present embodiment is that depositing of enterprise application data provides reliable memory mechanism, effectively can prevent downloading to local mail by mail user agent (Mail Clients) and leak.
Further, as shown in Figure 3, the safe office procedure of described intelligent terminal corporate mail also comprises:
S106, build network at inner nuclear layer and connect safety detection mechanism, for after described corporate mail is opened, when needs carry out related network resources access by corporate mail, to the connection website in described corporate mail or/and connection data carries out integrity detection or/and Viral diagnosis.Only have and just can go accesses network resource after detecting accordingly, with this prevent corporate mail to malicious websites or malice resource access, effectively eliminate the intrusion feature of malicious code.
Further again, as shown in Figure 4, the safe office procedure of described intelligent terminal corporate mail also comprises:
S107, builds the Security mechanism of described corporate mail at enterprises service end, for carrying out Spam filtering protection or/and checking and killing virus at enterprises service end to described corporate mail.The present embodiment can also combine with enterprises service end simultaneously, filter or/and Viral diagnosis in service end to corporate mail, structure enterprises service end and client, to the double protection of corporate mail, are used for reducing intelligent terminal mailing system and receive spam and the antivirus protection to corporate mail.
The present embodiment also provides a kind of intelligent terminal corporate mail safe office system, this system can realize the safe office procedure of intelligent terminal corporate mail described in the present embodiment, but the implement device of the safe office procedure of intelligent terminal corporate mail described in the present embodiment includes but not limited to the structure of the safe office system of intelligent terminal corporate mail that the present embodiment is enumerated.
As shown in Figure 5, the safe office system 500 of described intelligent terminal corporate mail comprises: program execution domains 510, individual application territory 511, enterprise's application domain 512, corporate mail module 520.
Described program execution domains 510 comprises intelligent operating system be divided into by ARM TrustZone technology two independently process field: individual application territory 511 and enterprise's application domain 512.The third party software that described individual application territory 511 run user is downloaded is insecure application domain relatively.Described enterprise application domain 512 runs through the safety applications software of corporate authentication, is reliable application domain relatively.Described corporate mail module 520 runs in described enterprise application domain 512.
Individual application territory and enterprise's application domain can not carry out communication mutually, completely isolated therebetween, are independent of each other mutually, under jointly operating in an operating system.The program execution domains of the present embodiment provides a secure e-mail mobile office environment for user, the mail applications relevant by enterprise and individual application are isolated, data in two methods territory can not be accessed mutually, the Malware in unreliable territory etc. is attacked less than the corporate mail in reliable territory, the effect of the invasion serve well and prevent misoperation, kept out virus and malicious code.
ARM TrustZone technology, strengthening the measure of system safety from CPU core design, is integrated in the global design of system, adds fail safe and controls, ensure that product not by malicious external attack in the software and hardware and physical characteristic design of embedded product.TrustZone provides a kind of for adding exclusive security kernel in system single chip, is supported the scheme of two virtual processors by the access control mode of hardware construction.This mode can make application core can switch between two states, and information can be avoided under this framework to leak to more unsafe field from more believable core realm.Switching between this kernel field normally with the complete onrelevant of other functions of processor, therefore every field can independent work but still can use same kernel separately.
Further, as shown in Figure 6, the safe office system 500 of described intelligent terminal corporate mail also comprises: secure storage module 530, deciphering module 540, local encryption module (abbreviation encrypting module) 550.
Described secure storage module 530 is implemented in inner nuclear layer, and communicating with described corporate mail module 520 is connected, and is specially interviewed, for storing corporate mail data by described corporate mail module.Other application except described corporate mail can not conduct interviews to described secure storage module.Secure storage module is used for the mail data depositing user specially, prevents user mail from being divulged a secret.The mail data that described secure storage module is downloaded from Mail Clients for depositing user, prevents user mail by other Malware data intercepts with this.
Described deciphering module 540 is arranged in described secure storage module 530, and communicating with described corporate mail module 520 is connected, and is built-in with the decipherment algorithm with the cryptographic algorithm symmetry of enterprises service end, deciphers read described corporate mail data for user.Secure storage module and enterprises service end build a cryptographic symmetrical algorithm, and user just can see after will deciphering when reading data.The mail data that enterprises service end sends is the ciphertext after encryption, and will decipher it through secure storage module in client, Mail Clients just can demonstrate mail.
Described local encryption module 550 is arranged in described secure storage module 530, communicate with described corporate mail module 520 and be connected, be built-in with local cipher algorithm, for leaving this locality in by downloading to from described corporate mail after local mail data is encrypted to ciphertext.What all Mail Clients was downloaded is all save with the form of ciphertext to local mail data, does not have the algorithm of correspondence to see mail data content less than user.All mails that user downloads first are encrypted operation to data to the data of this locality in secure storage module, are kept at territory, kernel memory area with the form of ciphertext.The present embodiment is that depositing of enterprise application data provides reliable memory mechanism, effectively can prevent downloading to local mail by mail user agent (Mail Clients) and leak.
Further, as shown in Figure 7, the safe office system of described intelligent terminal corporate mail also comprises: network connects safety detection module 560.Described network connects safety detection module 560, be implemented in inner nuclear layer, communicate with described corporate mail module 520 and be connected, for after corporate mail is opened, when needs carry out related network resources access by corporate mail, to the connection website in corporate mail or/and connection data carries out integrity detection or/and Viral diagnosis.Only have and just can go accesses network resource after detecting accordingly, with this prevent corporate mail to malicious websites or malice resource access, effectively eliminate the intrusion feature of malicious code.
Further again, as shown in Figure 8, the safe office system of described intelligent terminal corporate mail also comprises: long-range safety protection module 570.Described long-range safety protection module 570 is arranged at enterprises service end, and communicating with described corporate mail module 520 is connected, for carrying out Spam filtering protection or/and checking and killing virus at enterprises service end to described corporate mail module.The present embodiment can also combine with enterprises service end simultaneously, filter or/and Viral diagnosis in service end to corporate mail, structure enterprises service end and client, to the double protection of corporate mail, are used for reducing intelligent terminal mailing system and receive spam and the antivirus protection to corporate mail.
The present invention is by ARM TrustZone technology, intelligent operating system is divided into individual application and enterprise applies two independently territories, with this, inaccessible and interaction data between mutual territory, ensure that the corporate mail of enterprise's application domain is not by application of interference or the invasion in individual application territory.The present invention opens up the special region storing corporate mail at inner nuclear layer and defines secure storage module, by encrypting module to data encryption and decryption, prevents and downloads to local mail by Mail Clients and leak.The present invention additionally uses secure network connection mechanism, before carrying out network connection, carry out integrity verification, prevents the application of corporate mail to the access of malicious websites with malice resource, eliminates the intrusion feature of malicious code.
The present invention relates to the corporate mail office safe practice be applied on intelligent terminal system, divulge a secret and show in anti-mobile E-mail virus be even more important at Anti-Spam, anti-mobile E-mail.The present invention is used for carrying out security protection to intelligent terminal corporate mail, uses the present invention effectively to prevent corporate mail from being divulged a secret by intelligent terminal, effectively prevents mobile E-mail virus, effectively stops spam.Under its main implementation method reliable hardware pattern (TrustZone) that to be intelligent operating system provide at intelligent terminal platform, whole system is divided into two stand-alone program territories: individual application territory and enterprise's application domain.Wherein, individual application territory run user oneself download third party software, enterprise's application domain runs through the fail-safe software of corporate authentication, and individual application territory and enterprise's application domain completely isolated, be independent of each other mutually.Corporate mail is operated in office application territory, mailing system effectively can be prevented by other software attacks, and effectively can prevent the infringement of mail virus.The secure memory space of corporate mail system special visit is built at inner nuclear layer, deposit Mail Clients and download to local corporate mail data, and the data that Mail Clients received and downloaded to memory space are all read with the form of ciphertext and store, all transfer of data are all transmitted with the form of ciphertext, can not be divulged a secret with the mail data that this preserves user.Build secure network access mechanism at inner nuclear layer, the network of accessing and data are detected, prevent access hostile network, malice resource; Combine with corporate mail system simultaneously, by the strobe utility of the service end of corporate mail, reduce the spam that intelligent terminal mailing system receives.By above security mechanism, reach with this problem solving intelligent terminal corporate mail and handle official business safely.
Present invention achieves the integrality from software and hardware level protection system, startup stage and the operation phase can run credible measurement to the integrality of system.The present invention can start the program of integrality by detecting in start-up course, to be crossed and program is implemented not start and reporting operations to system program by malicious modification.Present invention achieves when system is entered to mobile terminal and made safety protection technique, improve the attack tolerant of system.The invention also achieves the fail safe in system cloud gray model stage detection system, integrity measurement is done to key parameter and code.
In sum, the present invention effectively overcomes various shortcoming of the prior art and tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any person skilled in the art scholar all without prejudice under spirit of the present invention and category, can modify above-described embodiment or changes.Therefore, such as have in art usually know the knowledgeable do not depart from complete under disclosed spirit and technological thought all equivalence modify or change, must be contained by claim of the present invention.

Claims (8)

1. the safe office procedure of intelligent terminal corporate mail, is characterized in that, the safe office procedure of described intelligent terminal corporate mail comprises:
By ARM TrustZone technology, intelligent operating system is divided into two independently process field: individual application territory and enterprise's application domain; The third party software that described individual application territory run user is downloaded; Described enterprise application domain runs through the safety applications software of corporate authentication;
Corporate mail is run in described enterprise application domain.
2. the safe office procedure of intelligent terminal corporate mail according to claim 1, is characterized in that, the safe office procedure of described intelligent terminal corporate mail also comprises:
The secure storage module of described corporate mail special visit is built, for storing corporate mail data at inner nuclear layer;
In described secure storage module, structure one and the decipherment algorithm of the cryptographic algorithm symmetry of enterprises service end, decipher for user and read described corporate mail data; Or
A local cipher algorithm is built, for leaving this locality in by downloading to from described corporate mail after local mail data is encrypted to ciphertext in described secure storage module.
3. the safe office procedure of intelligent terminal corporate mail according to claim 1, is characterized in that, the safe office procedure of described intelligent terminal corporate mail also comprises:
Build network at inner nuclear layer and connect safety detection mechanism, for after described corporate mail is opened, when needs carry out related network resources access by corporate mail, to the connection website in described corporate mail or/and connection data carries out integrity detection or/and Viral diagnosis.
4. the safe office procedure of intelligent terminal corporate mail according to claim 1, is characterized in that, the safe office procedure of described intelligent terminal corporate mail also comprises:
The Security mechanism of described corporate mail is built, for carrying out Spam filtering protection or/and checking and killing virus at enterprises service end to described corporate mail at enterprises service end.
5. the safe office system of intelligent terminal corporate mail, is characterized in that, the safe office system of described intelligent terminal corporate mail comprises:
Program execution domains, comprises intelligent operating system be divided into by ARM TrustZone technology two independently process field: individual application territory and enterprise's application domain; The third party software that described individual application territory run user is downloaded; Described enterprise application domain runs through the safety applications software of corporate authentication;
Corporate mail module, runs in described enterprise application domain.
6. the safe office system of intelligent terminal corporate mail according to claim 5, is characterized in that, the safe office system of described intelligent terminal corporate mail also comprises:
Secure storage module, is implemented in inner nuclear layer, is connected with described corporate mail module communication, is specially interviewed, for storing corporate mail data by described corporate mail module;
Deciphering module, is arranged in described secure storage module, is connected with described corporate mail module communication, is built-in with the decipherment algorithm with the cryptographic algorithm symmetry of enterprises service end, deciphers read described corporate mail data for user; Or
Local encryption module, is arranged in described secure storage module, is connected, is built-in with local cipher algorithm with described corporate mail module communication, for leaving this locality in by downloading to from described corporate mail after local mail data is encrypted to ciphertext.
7. the safe office system of intelligent terminal corporate mail according to claim 5, is characterized in that, the safe office system of described intelligent terminal corporate mail also comprises:
Network connects safety detection module, be implemented in inner nuclear layer, be connected with described corporate mail module communication, for after corporate mail is opened, when needs carry out related network resources access by corporate mail, to the connection website in corporate mail or/and connection data carries out integrity detection or/and Viral diagnosis.
8. the safe office system of intelligent terminal corporate mail according to claim 5, is characterized in that, the safe office system of described intelligent terminal corporate mail also comprises:
Long-range safety protection module, is arranged at enterprises service end, is connected with described corporate mail module communication, for carrying out Spam filtering protection or/and checking and killing virus at enterprises service end to described corporate mail module.
CN201410707158.2A 2014-11-27 2014-11-27 Intelligent terminal enterprise Email security office method and system Pending CN104378381A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410707158.2A CN104378381A (en) 2014-11-27 2014-11-27 Intelligent terminal enterprise Email security office method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410707158.2A CN104378381A (en) 2014-11-27 2014-11-27 Intelligent terminal enterprise Email security office method and system

Publications (1)

Publication Number Publication Date
CN104378381A true CN104378381A (en) 2015-02-25

Family

ID=52557037

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410707158.2A Pending CN104378381A (en) 2014-11-27 2014-11-27 Intelligent terminal enterprise Email security office method and system

Country Status (1)

Country Link
CN (1) CN104378381A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980338A (en) * 2015-05-12 2015-10-14 上海斐讯数据通信技术有限公司 Enterprise instant messaging security application system based on mobile intelligent terminal
WO2017054294A1 (en) * 2015-09-28 2017-04-06 宇龙计算机通信科技(深圳)有限公司 Trustzone-based domain space switching system and method
CN110061978A (en) * 2019-03-20 2019-07-26 深圳金澜汉源科技有限公司 Binary Cooperative Security client framework

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477601A (en) * 2008-01-02 2009-07-08 Arm有限公司 Providing secure services to a non-secure application
CN101477612A (en) * 2008-01-02 2009-07-08 Arm有限公司 Protecting the security of secure data sent from a central processor for processing by a further processing device
CN102170436A (en) * 2011-04-18 2011-08-31 深圳市联软科技有限公司 Mail safety getaway as well as method and system for filtering mails
CN102289621A (en) * 2011-08-12 2011-12-21 鲲鹏通讯(昆山)有限公司 Safety intelligent mobile phone based on fission core virtual machine and control method
CN103188246A (en) * 2011-12-31 2013-07-03 上海格尔软件股份有限公司 Safe E-mail system
US20140007251A1 (en) * 2011-02-24 2014-01-02 Stephan Spitz Method for interchanging data in a secure runtime environment
CN103514414A (en) * 2012-06-26 2014-01-15 上海盛轩网络科技有限公司 Encryption method and encryption system based on ARM TrustZone
CN103748594A (en) * 2011-07-29 2014-04-23 微软公司 Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
CN103853977A (en) * 2012-11-30 2014-06-11 大连宏宇科技有限公司 Anti-virus E-mail processing system and method
US20140245013A1 (en) * 2011-11-04 2014-08-28 Sk Planet Co., Ltd. Method for interworking with trustzone between normal domain and secure domain, and management method of trusted application download, management server, device and system using it
CN104091135A (en) * 2014-02-24 2014-10-08 电子科技大学 Safety system and safety storage method of intelligent terminal

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477601A (en) * 2008-01-02 2009-07-08 Arm有限公司 Providing secure services to a non-secure application
CN101477612A (en) * 2008-01-02 2009-07-08 Arm有限公司 Protecting the security of secure data sent from a central processor for processing by a further processing device
US20140007251A1 (en) * 2011-02-24 2014-01-02 Stephan Spitz Method for interchanging data in a secure runtime environment
CN102170436A (en) * 2011-04-18 2011-08-31 深圳市联软科技有限公司 Mail safety getaway as well as method and system for filtering mails
CN103748594A (en) * 2011-07-29 2014-04-23 微软公司 Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
CN102289621A (en) * 2011-08-12 2011-12-21 鲲鹏通讯(昆山)有限公司 Safety intelligent mobile phone based on fission core virtual machine and control method
US20140245013A1 (en) * 2011-11-04 2014-08-28 Sk Planet Co., Ltd. Method for interworking with trustzone between normal domain and secure domain, and management method of trusted application download, management server, device and system using it
CN103188246A (en) * 2011-12-31 2013-07-03 上海格尔软件股份有限公司 Safe E-mail system
CN103514414A (en) * 2012-06-26 2014-01-15 上海盛轩网络科技有限公司 Encryption method and encryption system based on ARM TrustZone
CN103853977A (en) * 2012-11-30 2014-06-11 大连宏宇科技有限公司 Anti-virus E-mail processing system and method
CN104091135A (en) * 2014-02-24 2014-10-08 电子科技大学 Safety system and safety storage method of intelligent terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘天昭等: "《基于 TrustZone 的嵌入式系统安全性研究》", 《贵州师范大学学报( 自然科学版)》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980338A (en) * 2015-05-12 2015-10-14 上海斐讯数据通信技术有限公司 Enterprise instant messaging security application system based on mobile intelligent terminal
WO2017054294A1 (en) * 2015-09-28 2017-04-06 宇龙计算机通信科技(深圳)有限公司 Trustzone-based domain space switching system and method
CN110061978A (en) * 2019-03-20 2019-07-26 深圳金澜汉源科技有限公司 Binary Cooperative Security client framework

Similar Documents

Publication Publication Date Title
US10541975B2 (en) Data computation in a multi-domain cloud environment
US8578486B2 (en) Encrypted network traffic interception and inspection
Zhou et al. An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem
Tahboub et al. Data leakage/loss prevention systems (DLP)
US20170195293A1 (en) System and method to detect and prevent phishing attacks
Dye et al. A standard for developing secure mobile applications
WO2014140969A1 (en) Session attribute propagation through secure database server tiers
WO2019199665A1 (en) Network security dynamic access control and policy enforcement
CN104463013A (en) Mobile terminal and data encryption method thereof
Singh et al. Security attacks taxonomy on bring your own devices (BYOD) model
CN102222292B (en) Mobile phone payment protection method
CN104378381A (en) Intelligent terminal enterprise Email security office method and system
Li et al. Information resources sharing security in cloud computing
Schneider et al. Mobile devices vulnerabilities
Mu et al. Android mobile security–threats and protection
Sharma et al. Smartphone security and forensic analysis
Kaushik et al. a novel approach for an automated advanced MITM attack on IoT networks
Saha et al. Review of considerations for mobile device based secure access to financial services and risk handling strategy for CIOs, CISOs and CTOs
Manaa Data encryption scheme for large data scale in cloud computing
WU et al. A survey on cloud security
Zeybek et al. A study on security awareness in mobile devices
Armin Mobile threats and the underground marketplace
Yoon et al. Mobile security technology for smart devices
KR101465691B1 (en) An aggressive interception system by financial fraud Phising and Pharming
Saleem et al. Enhancing security of android operating system based phones using quantum key distribution

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150225