| As key part and future trend of internet, mobile internet has faced more challenges of security with more applications and open connections among different systems. This paper will focus on secure authentication, doc protection, secure mobile signature, and security in extended mobile internet of industry, and provide feasible technical solutions based on security needs and requirements from end customers. The main research results of our paper are as follows:1. In view of the current domestic and foreign mobile internet architecture and typical application scenarios, we analyze and put forward the security requirements, threat, risk and protection architecture of mobile internet from different point of view.2. This article presents a new solution of mobile and portable electronically published content protection which using function area and algorithm to ensure the mobile storage media security and secure authentication protocols to protect communication between data in storage media and document server, on condition that no security system installed on the target computer, the theft of mobile storage media, and key stolen when user access to the documents etc. To facilitate the communication between inside and outside of enterprise, while at the same time guarantee the authorization of confidential message, an information protection proxy-based system and method to authorize the confidential message is provided. User sends its message for outside receiver to his/her approver, and approver check the message and send the message to proxy if he/she agrees. The information protection system is based on a hash chain-based authorization protocol. The information protection proxy can prevent enterprise users from sending confidential involved messages to outside without approval, and at the same time audit the whole information authorization process. The authorization procedure is based on peer to peer mode and the proxy overhead is very low, and can also be used in mobile internet applications.3. The solution in this article provide mobile signature service platform based on smart mobile phone which can replace computer, smart key and USB KEY with cryptographic features in total, and analyze mobile signature service system architecture from logical, functional, and network structure with different components of signature service, identification registration, message service, mobile signature gateway/SKD, terminal service and interconnection modules. At the same time, this solution has also provided some typical implementation scenarios, such as signature service, digital decryption and identification authentication service, and etc.4. The mechanism implements a virtual identity federation between a non-federated domain and a federated domain or even between two non-federated domains. The modification to the existing old authentication system is very little. The user client and the local application do not need any modification since the Token Adapter provides a complete token management. The Local Authentication Center also does not need any update since the Trust Agent can work in snuffer mode and get the sending token automatically. A trust chain establishing method is used for verifying the old token. The signature and the token are transmitted using a different communication channel. The old authentication protocol is not modified. The trust chain protocol is highly efficient since it adopts a hash chain-based signature method and can meet the requirements of high performance. A random seed update mechanism improves the security of the protocol. It is transparent for the user whether he/she accesses the local application or accesses the remote application across domain borders by this SSO method. Another proposed SSO method can prevent the replay attack. The SSO server would compare the timestamp in the request with the local system time, if the difference is not more than a predefined threshold value, the SSO request is regarded as valid; otherwise, the SSO request is regarded as time out. The clock synchronization between the related servers and machines is not necessary in the proposed method, and so the proposed SSO method is easy to be deployed.5. For the security problems of mobile internet in extended environments, such as industry network, internet of things and cloud computing, this paper presents a new solution for implementing access control for industry devices by separating complex identification, authentication and authorization decision function from simple authorization enforcement function. It utilizes dedicated access control server with sufficient computing and communication resources which can efficiently adopt strong cryptographic mechanism and flexible authorization technology, to provide strong security for access control in environments. At the same time, it consider the characteristics of industry devices, which have to fulfill real-time tasks with limited computing and communication resources, and only deploy the simple authorization enforcement function in industry devices for minimizing the overhead. At the same time, this paper also provides the new security requirements and research topics for future mobile industry internet and mobile secure applications in cloud computing environments. |
PDF Full Text Request