Security issues of mobile government affairs

Since mobile government must access the government's intranet through an open wireless public network and information can be transmitted wirelessly in the air, the primary issue in the use and promotion of mobile government is the security of mobile government. Today, when network security threats are becoming increasingly serious, the security of mobile government systems is an important issue that cannot be ignored. How to ensure the security of government networks and information is also an issue that users are most concerned about. Since mobile government affairs must pass through the operator's wireless network and the mobile operator's operating network, there is a possibility of information leakage or hacker attacks. Therefore, only by providing an extremely secure solution for mobile government can the application of mobile government become possible. As a professional manufacturer of network security products and mobile application software, Digital Star designs mobile government systems that integrate security and mobile applications as a whole to provide a full range of mobile security office solutions for the security of mobile applications. (See reference materials for details) This solution is carefully designed in data integrity, information confidentiality, network security and every step of information processing, which not only ensures high security of mobile government applications, but also achieves The efficiency and convenience of mobile apps. Readers can learn more through extended reading [1].

Diversified access authentication methods

All smartphones or tablet terminals must be authenticated before they can access the cloud platform. The terminal authentication methods include local authentication (user name, Password), third-party authentication (LDAP/RADIUS/AD), dynamic token (one-time password authentication token), mobile phone SIM card binding, SD certificate authentication (cloud device CA/third-party CA), SMS authentication, etc.

1 AD Domain Authentication

Salan Mobile Cloud Platform can be combined with the user's AD domain (or RADIUS). Users can log in with their original AD domain account and access applications within their permissions without creating another set of account and password on the CELAN device.

2 Dynamic token authentication

Dynamic password RSA token can be added (similar to the U-shield of online banking, which adds a layer of security protection in addition to the static user name and password) to achieve Higher level of access security.

The Sailan SGA platform has a built-in dynamic token server, which synchronizes with the client's dynamic token based on a time period and generates a new password every 60 seconds. The password is unpredictable and random based on a specific algorithm. A combination of numbers, and each password can only be used once.

3 Mobile phone token authentication

The principle of mobile phone token authentication is similar to dynamic token authentication. Sailan SGA platform has a built-in mobile phone dynamic token server. Install Sailan mobile token client software on the mobile phone. Based on the event triggering method, it maintains password synchronization with the SGA server. Due to its high security and portability, mobile phone token authentication will become the mainstream authentication method in the 3G era.

4 Mobile phone SIM card binding

Supports Android system SIM card binding, reads SIM card specific information through Sailan ICAB software, generates a unique feature code, and sets it in the SGA background After the user's SIM is bound, when the user logs in to the front desk for the first time, the unique feature code will be automatically uploaded to complete the SIM card binding.

5 Mobile phone hardware feature code binding

Supports Android and IOS system hardware feature code binding. The mobile phone hardware information is read through Sailan ICAB software to generate a unique feature code. In SGA After the user's mobile phone hardware feature code is set to be bound in the background, when the user logs in to the front desk for the first time, the unique feature code will be automatically uploaded to complete the binding of mobile phone hardware information.

6 Certificate Authentication

Supports SD card certificate authentication. Ceran SGA equipment can be used for certificate issuance, or combined with a third-party certificate authentication platform. The digital certificate contains the identification information of the owner of the key pair (public key and private key). By verifying the authenticity of the identification information, the certificate holder can be authenticated. Authentication of identity.

The mobile phone user logs in for the first time with a static username and password, and downloads the certificate. After downloading the certificate and installing it, certificate authentication can be enabled.

If the user is bound to a certificate and a static username and password, after the user uninstalls the terminal or changes the device, the user must notify the administrator to clear the certificate download status before downloading the certificate again for authentication.

7 SMS authentication

Support authentication combined with SMS mode or SMS platform. The administrator sets the mobile phone SMS authentication function in the background and binds the mobile phone number to each user. When the user logs in for mobile office, he will first receive the SMS verification code sent by the system before he can perform the corresponding login operation on the mobile platform.

VPDN/APN access support

Sailan Mobile Cloud Platform client supports the operator's APN dedicated line domain access method, which can ensure the wireless security of users (without access to the Internet) ) special safety requirements.

Hardware terminal binding

You can perform hardware binding on mobile phones. After binding, users can only log in to the cloud platform through the bound mobile phone or tablet.

Server-side protection

With cloud platform equipment for access, the server can be protected to the maximum extent and can prevent the server from being directly opened to the Internet. In addition, the Sailan Cloud platform is based on agents. Access method, so the server is not required to access the Internet, the server and the Internet can be isolated, and the server can be prevented from being attacked and threatened by the Internet.

Front-end machine isolation security

Deploying the front-end machine as a bastion machine in the customer server area can not only protect the security of the server, but also improve the speed of mobile phone remote applications and realize virtualization. Many functions such as keyboard, single sign-on, and 3G network optimization have been improved.

Data link encryption

After the mobile terminal is connected to the cloud platform, the application data transmission is encrypted by the international standard algorithm SSL, which truly ensures the security of data transmission.