• WeChat|

    With WeChat "sweep sweep"

  • 中文

Mobile Internet Business Security Guarantee Service
Capability

I. Definition of Product

Aspire CA Center is a professional operation organization with exclusive third-party CA center technology and operation qualification license in China Mobile System. CA products and solutions, based on CA Center, provide China Mobile business system with security guarantee services, consisting of three parts: CA digital certificate, CA security platform products and CA application solutions.


 

II. Application Scenarios

1. Powerful ID certification;

2. Data encryption and decryption;

3. Digital signature (signature verification);

4. Digital certificate life cycle management and service.

III. Product Features

1. Highly professional, with a complete set of qualifications for security

With the electronic certification service license, electronic certification services password use license, commercial password production, designated sales units and other professional qualifications


 

 

 

2. Highly applicable: can provide customized services in product solutions according to the characteristics of mobile services;

3. Flexible service model: can provide clients with professional CA technology and operation supporting services;

4. Rich cases with clients: can provide services to government enterprises of China Mobile and industry clients.

IV. Product Functions

1. Identity management certification software and service;

2. Data encryption and decryption software and services;

3. Signature verification software and services;

4. Digital certificate application software and services.

V. Technical Parameters


Product compatibility

Compatible with the mainstream USBKEY medium

SupportRSA andSM2 algorithm

Support gateway security unified access

Performance indicator

Certificate-issuing capacity:500 million

Maximum certificate-issuing capacity per second: 50

VI. Product Strengths

1. The product is independently developed and has obtained the software copyright and technology patent.

2. Certificate products support SIM card and other mobile terminal devices andd mobile Internet services;

3. Product solutions match the business system demand of China Mobile well;

4. With rich experience in CA products and operation and reliable services, it is the CA center with the largest certificate-issuing volume in China;

5. Be able to provide China Mobile with CA technology and operation support service.

6. It is highly competitive in terms of product price and service.

VII. Application

Aspire CA products and solutions are widely applied in China Mobile's internal business systems and the mobile Internet business of each professional company, providing Internet companies, Migu, China Mobile E-commerce Co., Ltd. with products and solutions concerning digital certificates-based strong identity authentication, electronic signing, application certification, and billing security. So far, a total of more than 400 million certificates have been issued.

Mobile Internet Business Security Guarantee– APP Security Platform

I. Definition of Product

Combined with mobile business characteristics, Aspire mobile APP security platform is a security protection and guarantee platform based on APP security detection, security assessment, security monitoring, security reinforcement, security certification and other core technical capabilities, covering the whole APP life cycle. It aims to discover and repair APP application security issues, risks and loopholes to enhance the application security protection capabilities while committed to protecting the security interests of carriers, application developers, and end-users

 

II. Application Scenario

By deploying the mobile application security platform, it can run through the application business scenarios and life cycle, thus providing a full range of security services before, amidst and after the application is launched online to enhance the application security protection capabilities and ensure the healthy operation of business. By using the mobile application security platform to detect, evaluate, reinforce, and monitor the APP application, it can meet the application security standards and assessment requirements of the two ministries and relevant regulatory departments.

 

III. Product Features

1. Comprehensive Detection

ü Support Android mainstream system;

ü Realize one-key automatic detection;

ü Multi-dimensional detection of application loopholes and security risks;

2. In-depth Analysis

ü In-depth analysis of viruses, malicious codes, sensitive rights, component configuration, data transmission, etc.;

ü Automatically associate with the security knowledge base and intelligently study and judge problems;

ü Output illustrated visual detection results;

3. Dynamic Monitoring

ü Use security sandbox to monitor application operations in a real-time manner;

ü Overwrite file operations, database read and write, network communication, dynamic loading and other monitoring points;

ü Monitor operational violations and security risks during application operations;

4. Comprehensive Study and Judgment

ü With intelligent analysis + artificial judgment, the results are dually guaranteed;

ü Professional and accurate security detection report;

ü Visual risk information and measures for eliminating the risks;

5. Flexibly scalable

ü Dynamically configurable security evaluation items;

ü Cover data security, program security, communication security, business security and other evaluation dimensions;

6.Prompt Analysis

ü Built-in heuristic, intelligent analysis engine;

ü Conduct prompt correlation analysis of the automatically-evaluated data;

ü Output security risk data;

7. Multiple Standards

ü Support several sets of evaluation systems and indicators of national ministries and regulatory authorities, and industry standards;

ü Be able to flexibly customize the evaluation standard items to cope with the special evaluation activities.

IV. Product Functions

1)Security Detection

With an advanced application evaluation engine, and compatible with the mainstream OS version, it detects the security risks issues of the application software from static analysis, dynamic monitoring, network data packets and other dimensions, and provides professional analysis and penetration test and deeply dig out potential safety risks so as to output a comprehensive, professional test report.

2)Security Evaluation

Provide multi-dimensional, in-depth professional application security evaluation services, covering the evaluation indicators of multiple levels such as data security, business security, program security, and communication security, and comprehensively evaluating the loopholes and security risks of mobile application. Meanwhile, support the automatic evaluation + expert evaluation twin-engine model and provide the professional evaluation report and problem-solving proposals.

3)Security Reinforcement

Deeply reinforce DEX files, SO library files, and resource files of the mobile application software to protect software from being altered and second-time packed and prevent business and privacy information from being stolen. Meanwhile, use the advanced reinforcement technology to ensure that the application software business is not altered, business operations are not affected, and system resources are not consumed.

4)Channel Monitoring

Use the cloud engine to monitor the mainstream application distribution channels and forums at home and abroad in a real-time manner to find the download condition of the monitored applications at each channel and pirated applications and accurately identify pirated applications and suspected pirated applications. Meanwhile, monitor and keep track of the get-off-the-shelf condition of the pirated software on a 7X24 basis.


 

Functional Architecture of the platform

V. Technical Parameters

Realizing cross-platform deployment and operation based mainly on Java development environment, this product can be independently deployed in operating systems such as Linux, Unix and Windows.

n Performance parameters

Indicators

Performance value

Remarks

Static scanning

500 per day

 

Static code analysis

500 per day

 

Security monitoring– crawling quantity

20,000 per day 

Bandwidth>=20MB

Security monitoring–application download

5000 per day

Bandwidth >=20MB

Security monitoring–pirated version analysis

150 per day

Automatic judgment

Preliminary evaluation

200 per day

 

Advanced evaluation

10 per head per day

The person of judgment * performance value = advanced evaluation quantity per day

Security reinforcement

400 per day

 

 

n Hardware recommendations

Machine purpose

Machine No.

Hard disk space

Version

Application server

CPU(4-core2.6GHZ)*2,32G memory

 

150G

CentOS release 6.5     64-bit

Database server

CPU(4-core2.6GHZ)*2,32G memory

300G*2

CentOS release 6.5     64-bit

 

n Related components

Software

Version No.

Mysql

5.5

TOMCAT

Tomcat7    64位

JDK

1.7        64位

FTP

Vsftp


VI. Product Strengths

Build the overall four-in-one product technology + security service model to comprehensively protect the security interests of mobile applications and end-users.

 


VII. Application

The project has been implemented in the Group’s Xin’an Center and the security technology office of the mobile research institutes in Jiangxi, Liaoning, Gansu, and Qinghai. Meanwhile, cooperation intentions have been reached with Shanxi, Jiangsu, and Sichuan.

Mobile Internet Business Security Guarantee– APP Security Evaluation Service

I. Definition of Service

Aspire Mobile APP security evaluation service is provided by the professional operation service support, including application security evaluation, security assessment, security monitoring and reinforcement services. Relying on Aspire’s mobile APP security platform, it aims to find the security issues, security risks, security loopholes and other violated malicious behaviors such as virus Trojans, unauthorized applications, detection applications. Meanwhile, it provides the unit served with professional application security evaluation reports and recommendations for rectification to help application developers and carriers to enhance the security protection capabilities of the application and to ensure the healthy operation of the business.

 

Aspire APP security evaluation service system

II. Application Scenario

With APP application as the entrance and through the implementation of mobile APP security evaluation services, the security problems, risks, and loopholes of the application tested can be found in time so as to provide the security evaluation consulting services before the application is launched online and establish the application security management system standards; provide the security detection and reinforcement services amid the launch of the application to enhance the application security protection capabilities; and provide the security monitoring services to find piracy and unauthorized risks after the online launch of the application, thus keeping track of the off-the-shelf state of the pirated versions and fake applications.

 

Application scenario

III. Service Characteristics

1. Build a mobile application security closed-loop management and control mechanism running through the whole event to ensure the security of its own applications

a) Security evaluation before online launch: conduct comprehensive analysis detection from the code security, business security and system security of the application;

b) Security monitoring after online launch: ensure the continuous security of the application;

2. Ensure that the self-owned applications to be tested meet the national security regulations and the group company’s security requirements:

a) Meet national security requirements;

b) Meet the related security standards of the Ministry of Industry and Information Technology and the information security industry;

c) Meet the group company’s security requirements;

d) Provide the security service support, in collaboration with the special security inspection activities of the competent departments;

3. Improve the security protection capabilities of the self-owned applications:

a) Provide the overall anti-reverse, anti-alteration, anti-theft, anti-debugging, anti-secondary package security protection solutions;

b) Provide proposals for corrective actions about the security issues put forward in security detection;

c) Provide guidance on security development for frequent security issues to avoid the occurrence of security issues in the development phase.

IV. Service Contents

1. Security Risk Evaluation

Conduct comprehensive security detection and evaluation of China Mobile’s self-operated businesses from code security, data security, business logic security, and system environment security, such as the detection of data input, processing, output and the security of the system environment of the data. Security risk evaluation can detect the external risks that APK may face in the practical application, such as the secondary packing, de-compilation, data leakage, etc.

 

APP security risk evaluation strategy


2. Application loopholes mining

Through the static code, detect the loopholes of the conventional components such as: webview loophole, keystore loophole, man-in-the-middle attack loophole, arbitrary file read and write loophole, database storage loophole, SQL injection loophole, etc. Through dynamic monitoring, deeply dig the application running loopholes such as: sensitive data plaintext storage loophole, communication protocol hijack loophole, identity authentication flaw, business logic loophole, etc.

 

Digging of APP application loophole

3. Security reinforcement protection

Provide source-code security reinforcement, application security reinforcement, and data security reinforcement to enhance the security protection capabilities of the application and reduce the risks of the application being reversed, altered and secondary-packed.

 

APP security reinforcement service

4. Piracy risk monitoring

Mobile application security monitoring includes two aspects: 1. Take the initiative to crawl into application stores for security detection and discover mobile-phone malware in time; 2. For application developers who hope to protect copyright: provide applications according to different developers to compare with the loaded applications of each major application store and analyze if the application of the developer has been pirated or maliciously altered.

 

APP security monitoring service


V. Technical Parameters

1. Provide the complete evaluation service report two working days after one application is submitted for the first time;

2. Provide the complete re-evaluation report one working day after the application correction is submitted;

3. Static detection should not be less than 100 items;

4. Dynamic detection should not be less than 70 items;

5. Provide APP security monitoring report on a monthly and quarterly basis;

6. Provide the piracy application off-the-shelf tracking report on a weekly basis;

7. Single application reinforcement should not be longer than 1 hour;

VI. Service Advantages

1. Establish the terminal application security evaluation system, including normative development, process design, means construction, personnel training and other fields;

2. Establish the closed-loop management and control mechanism of terminal application security throughout the pre-event, amid-event and post-event;

3. Cultivate and train the professional team qualified for providing the technical support to mobile terminal application security .

 

VII. Application

The project has been implemented in the Group’s Xin’an Center, Jiangxi Mobile, Liaoning Mobile, Gansu Mobile, and Qinghai Mobile, Qinghai Mobile, Guangxi Mobile, Jiangsu Mobile, and Shenzhen Mobile. Meanwhile, cooperation intentions have been reached with Shanxi Mobile, Chongqing Mobile, Sichuan Mobile, and Beijing Mobile.


Mobile Internet Business Security Guarantee– Big Data Security Analysis Application

I. Definition of Product

Based on the big data platform, big data security analysis and application combines static code detection, dynamic behavior detection, user abnormal behavior modeling, text/image intelligent recognition algorithm, data mining and machine learning, realizing the recognition and early warning for multiple networks and information security threat, which includes:

1) Mobile-phone malware analysis and application: Based on the flexible networking model of DPI reduction + online log analysis, realize the monitoring of mobile-phone malware in the Internet traffic of mobile phone users;

2) Business risk identification and early warning application: Based on the Internet log, SMS call bill, billing call bill, mobile phone malware characteristics database, and through the modeling of the abnormal behaviors of virus subscription users, identify and pre-warn the malicious chargeback behavior of mobile phone virus; Based on the Internet log and through the modeling of the abnormal behaviors of traffic fraud users, identify and pre-warn WAP traffic frauds;

3) Anti-telecom fraud application: Based on the DNS log, spam SMS records, SMS call bill, Email call bill, and combined with crawler technology, text/image intelligent recognition algorithm, static code detection, dynamic behavior detection technology, realize the monitoring and early warning of phishing sites, telecom fraud mobile-phone Trojan, and work with DNS and spam SMS system through the interface to block the phishing site, including SMS containing malicious links;

4) Adverse information monitoring and application: Based on the bypass spectral technology, restore the text/image/video/audio of various protocol messages in the Internet traffic such as HTTP/WAP/Email/MMS, and then through the text/image intelligent identification algorithm, realize the monitoring of adverse information concerning porn, politics, terrorism, violence, etc.;

5) Network security situational awareness application: Based on network security event data, basic risk data (importance, loophole, etc.) of IT core assets, adopt the data mining algorithm to evaluate the current security status of the entire network and use machine learning technology to predict the future security situation.

II. Application Scenario

The application scenario of the analysis application of the malware of mobile phones:

1) Meet the requirements of the supervision bureau in developing the monitoring disposal means of the malware of the carrier’s mobile Internet;

 

Application scenario of business risk recognition and warning application:

1) Evidence collection and early warning of valued-added business partner virus malicious fee-deduction violations;

2) Analysis of value-added business unwitting customized complaints investigation;

3) WAP traffic fraud behavior recognition and disposal.

 

Anti-telecom fraud application:

1) Telecom fraud phishing site recognition and disposal;

2) Telecom fraud mobile-phone Trojan link communication SMS recognition and blockage;

3) Telecom fraud mobile-phone Trojan controlled event recognition and blockage;

 

Adverse information monitoring application:

1) IDC/ISP business export link adverse information monitoring and disposal;

 

Network security situational awareness application:

1) Evaluation of the current conditions of network security and the future security situation


III. Product Features

Common characteristics of each application:

5. Analysis technique based on big data;

 

Analysis application characteristics of mobile-phone malware:

1. Support the flexible combination of DPI reduction + Internet log crawling;

2. Support sensitive function scanning, sensitive permission scanning, billing code scanning, heuristic rule scanning, professional anti-virus engine scan and other static code detection technologies;

3. Support sandbox-based dynamic behavior detection technology;

 

Business risk recognition and early warning application:

1. Modeling analysis based on abnormal behaviors of users;

 

Anti-telecom fraud application:

1. Anti-Telecomm fraud solution based on the integrated analysis of phishing site, junk SMS, mobile-phone malware, etc.;

2. Creative automatic judgment technique of telecom fraud mobile-phone Trojan;

3. Creative SMS controlled event and email controlled event analysis;

 

Adverse information monitoring application:

1. Background modeling technique;

2. Visual semantic search technique based on random mapping;

3. Target detection technique based on variable part model;

 

Network security situational awareness application:

1. The evaluation of the current conditions of network security based on data digging;

2. The future trend prediction of network security based on machine science.

VI. Product Functions

The mobile-phone malware analysis application functions include:

1. Data acquisition and analysis: including DPI reduction sample collection and analysis, DPI reduction log collection and analysis, Internet log collection and analysis;

2. Mobile-phone malware monitoring: provide the mobile-phone malware monitoring report categorized by virus name and virus type, and the virus-infected users statistical reports;

3. Suspected sample monitoring: conduct monitoring and statistics of suspected samples, support the quick detection and security level rating of the threat level of suspected samples, and support the early warning of high-risk samples;

4. Static code detection;

5. Dynamic behavior detection;

6. Management of characteristics library;

7. Customer service inquiry interface.

Business risk recognition and early warning application functions include:

1. Data acquisition and analysis: the collection of Internet logs, SMS call bill, all kinds of self-operated business billing bills, malware characteristics library data;

2. Self-operated business monitoring: provide business traffic monitoring and early warning of MM, mobile games, mobile phone animation, wireless music, mobile video and other self-operated businesses;

3. Virus subscription behavior verification: According to the Internet log, SMS call bill, billing bills, malware characteristics library data, and based on the virus subscription abnormal user behavior analysis model, verify whether the user billing bill is caused by the virus subscription behavior;

4. Virus subscription audits: through data statistics, audit the self-operated business contents with virus subscription violations and provide business risk early-warning;

5. Customer service interface: provide users with the unwitting customized complaint verification interface as the data support to customer service personnel in dealing with complaints;

6. WAP traffic fraud analysis: use Internet log, and based on WAP traffic fraud analysis model, analyze fraudulent users

Anti-telecom fraud application:

1. Data acquisition and analysis: collecting DNS log, spam content records with links;

2. Phishing site analysis: as for the new domain names in DNS log, obtain the website contents through crawler technology, and through page DOM tree comparison, page link similarity comparison, and simulator screenshot comparison, compare with the counterfeit genuine website and find suspicious 10086 phishing sites and bank phishing sites;

3. Phishing website access statistics: based on the phishing sites’ characteristics library, analyze DNS log and conduct statistics of the access data of the users of phishing websites;

4. Telecom fraud mobile phone Trojan automatic judgment: through the Web crawler, obtain the samples of spam links, and through static scanning and dynamic scanning and other key technologies, realize automatic judgment;

5. Telecom fraud mobile phone Trojan controlled statistics: based on the automatically judged master mobile phone number and the main control email-box, analyze SMS call bill records, Email records, screen and conduct statistics of SMS controlled events and Email controlled events.

Adverse information monitoring applications:

1. Data acquisition: Through bypass beam split, restore the text, pictures, video and other information of IDC export link;

2. Adverse information recognition and screening: conduct intelligent recognition and screening of the adverse information of the texts, pictures, video and other information;

3. Display layer: including the functions such as content review, monitoring strategy management, log statistical reports, blacklist management, characteristics library management;

 

Network security situational awareness applications:

1. Data acquisition: acquisition of IT asset information and basic risk information, vulnerability information, security event information, etc.;

2. Security assessment: based on the collected data and through data mining algorithms, assess the current status of network security;

3. Security situational prediction: based on the collected data and evaluation indicators, use the machine learning algorithm to predict the future security situation.

V. Technical Parameters

Technical parameters of mobile-phone malware analysis applications:

The application adopts the big data technology (Flume + Kafka + Storm + HDFS + ES + redis) and uses MySQL as the database. WEB applications are developed based on JAVA.

n Performance parameters (Assume the collection model is the full-DPI reduction model)

Indicator

Performance

Remarks

DPI processing capability (standard configuration)

10G/unit

 

Static code quick scanning

25000 pieces per day

 

File reduction correction rate

〉90%

 

Malicious event monitoring rate

〉90%

 

Known samples capture rate

〉90%

 

Unknown samples capture rate

〉95%

 

Event monitoring promptness capability

<5 minutes

Time interval from the completion of the download of the sample by the user to the display of the monitoring time on the interface undercentralized management.

 

Technical parameters of business risk recognition and early-warning application:

The application adopts the big data technology (Flume + Kafaka + Storm + HDFS + ES + redis + Spark) and uses MySQL as the database. WEB applications are developed based on JAVA.

n Performance parameters

Indicator

Performance

Remark

Internet log processing capability

15 billion per day

 

Subscription call bill analysis capability

10 million per day

 

 

Technical parameters of anti-telecom fraud application:

The application adopts the big data technology (Flume + Kafaka + Storm + HDFS + ES + redis) and uses MySQL as the database. WEB applications are developed based on JAVA.

n Performance parameters

Indicator

Performance

Remark

DNS log record processing capability

5 billion pieces per day

 

Spam log processing capability

10 million pieces per day

SMS with URL link

SMS record processing capability

200 million pieces per day

Analyzecontrolled SMS

Email call bill processing capability

500 million pieces per day

Analyze controlled SMTP event

Sample automatic judgment capability

1000 pieces per day

Automatic judgment for crawling SMS linksamples

 

Technical parameters of adverse information monitoring application:

The application adopts the big data technology (Flume + Kafaka + Storm + HDFS + ES + redis) and uses MySQL as the database. WEB applications are developed based on JAVA.

n Performance parameters:

Indicator

Performance

Remark

DPI processing capability (standard configuration)

10G/unit

 

Adverse information detection rate

98%

 

 

Technical parameters of network security situational awareness application:

The application adopts the big data technology (Flume + Kafaka + Storm + HDFS + ES + redis + Spark + Mahout) and uses MySQL as the database. WEB applications are developed based on JAVA.

n Performance parameters

Indicator

Performance

Remark

Security event log processing capability

1 billion per day

 


VI. Product Strengths

The advantages of the mobile-phone malware analysis and application include:

1. The architecture supports DPI reduction + Internet log mixed networking

2. Have the customer service query interface, enabling customer service personnel to view the virus infection information of the users with complaints.

 

Business risk recognition and early-warning application:

1. The product has combined the experience of Aspire in handling violations of partners accumulated over the past ten-odd years;

2. Incorporated into the applications promoted globally in 2016 by the centralized performance platform of the Network Department of China Mobile

 

Anti-telecom fraud application:

1. Anti-telecommunications fraud solutions based on the integrated analysis of phishing sites, spam SMS, and mobile-phone Trojan;

2. The unique automatic judgment technique for the telecom fraud mobile-phone Trojan;

3. The unique telecom fraud mobile-phone Trojan SMS controlled events and Email controlled event analysis.

 

Adverse information monitoring application:

1. Have the self-developed adverse information image recognition algorithm

 

Network security situational awareness application:

1. Provide the accuracy of security trend prediction through the machine learning technique;

VII. Application

Applications have been found in Jiangxi and cooperation intentions have been reached in Guangdong, Sichuan and Jiangsu.

Mobile Internet Business Security Guarantee– Big Data Security Platform

I. Definition of Product

Aspire big data security management platform is a professional big data security protection product. While guaranteeing the security of Hadoop platform, it also protects the overall architecture of the whole big data center to ensure that the upper application can safely and flexibly use the various data and related services of the big data platform. In the information age where personal sensitive privacy information can be found everywhere, the platform also provides security protection for sensitive data and personal privacy data of the big data platform, thus avoiding losses caused by information leakage.

 

Through the unified identity authentication and centralized authorization, all the upper application gains access to the big data center. And through data view, data desensitization and abnormal behavior monitoring and other functions, it realizes the visualization, manageability and controllability of big data.

 


II. Application Scenarios

When the user has established the big data platform while serving the multiple-upper applications, it is necessary to conduct the unified identity authentication and centralized authorization for trusted upper applications to prevent illegal access and unauthorized operation. Meanwhile, if big data involves a large amount of sensitive data of personal privacy, it is necessary to desensitize them to protect the security of the sensitive information of users.

III. Product Features

1. With simple deployment, it does not affect the original big data architecture and production systems;

2. Data multi-level authorized (support table -> row -> column -> field with level-4 granular data authorization);

3. Display the relevance of sensitive data through data view, making it greatly convenient for the authorized configuration of data;

4. Support several desensitization mechanisms such as substitution, rearrangement, obfuscation, encryption, interception, mask, offset, etc., and support dynamic loading of custom desensitization mechanism;

5. Have the self-learning and monitoring capability based on the abnormal behaviors of traffic, frequency and access time.

V. Product Functions

1. Unified Certification

Big data security management platform provides unified authentication for all applications accessing the big data platform, including the services of HTTP (RestAPI interface) and non-HTTP (TCP-based JDBC and other means) gaining direct access to cluster. Authentication method not only supports Kerberos, but also is compatible with the existing identity authentication system of the system and can be extended to support PKI and other authentication methods. The main functions are as follows:

Ÿ Unified authentication of the RestAPI interface;

Ÿ Unified authentication of TCP-based JDBC interface;

Ÿ Automated centralized configuration for Kerberos authentication of the hadoop component;

Ÿ