CN105959272A - Unauthorized encrypted and compressed file outward transmission monitoring system and unauthorized encrypted and compressed file outward transmission monitoring method - Google Patents
Unauthorized encrypted and compressed file outward transmission monitoring system and unauthorized encrypted and compressed file outward transmission monitoring method Download PDFInfo
- Publication number
- CN105959272A CN105959272A CN201610262750.5A CN201610262750A CN105959272A CN 105959272 A CN105959272 A CN 105959272A CN 201610262750 A CN201610262750 A CN 201610262750A CN 105959272 A CN105959272 A CN 105959272A
- Authority
- CN
- China
- Prior art keywords
- file
- configuration
- dcc
- apc
- data channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an unauthorized encrypted and compressed file outward transmission monitoring system and an unauthorized encrypted and compressed file outward transmission monitoring method, and belongs to the mobile terminal safety field. The unauthorized encrypted and compressed file outward transmission monitoring system comprises an authorization strategy configuration module and a data channel control module. The unauthorized encrypted and compressed file outward transmission monitoring method is characterized in that a DCC attempts to read configuration file information of an APC from a designated position; when an SPCF exists, the DCC starts a configuration analysis function, and when the SPCF does not exist, the DCC is used to transmit a message to the APC by a designated SOCKET; a user can carry out DC and SP configuration by an APC configuration interface, and the DC and SP configuration is stored in the SPCF; the DCC starts the configuration analysis function; the DCC starts a data channel monitor function; the DCC starts a file check function; the FC is firstly used to analyze TF basic information, and is used to acquire two basic information, namely file types and encryption states; when the file is not encrypted, the FC is used to continue the subsequent transmitting behavior of the file, and the detection process is ended.
Description
Technical field
The present invention relates to mobile terminal safety field, particularly relate to a kind of unauthorized encryption and compressed file is external
Send monitoring system and method.
Background technology
It is currently based on illegally application, program or the service such as the virus of terminal, malicious code, can use on backstage
The significant datas such as acquisition terminal secret, privacy, the information then these collected, by encrypting and relevant
The mode of transform format, is formed to add and compresses the file adding transform format, escape the detection of fail-safe software,
Reach to be carried out these information by external communication channel the purpose of unauthorized theft.Current safety detection
Mechanism, externally sends behavior to this file by encryption mode, in order to avoid too much computing cost
And task, the controlling behavior often taked allows its transmission behavior exactly, is not added with too much control action.This
The direct result that situation is brought is namely based on the illegally application such as the wooden horse of terminal, malicious code, service, module,
Will utilize the shortcoming in this mechanism, some are crucial, secret and sensitive data, by cipher mode pair
Need the file sent to process, directly avoid due safety detection, file is sent.
Summary of the invention
It is an object of the invention to provide a kind of unauthorized encryption and compressed file externally sends monitoring system
And method, thus solve foregoing problems present in prior art.
To achieve these goals, the technical solution used in the present invention is as follows:
A kind of unauthorized encryption and compressed file externally send monitoring system, it is characterised in that include authorizing plan
Slightly configuration module and data channel control module;Described delegated strategy configuration module i.e. Authority Policy
Configuration, takes initial and is referred to as APC, described data channel control module i.e. Data Channel
Control, takes initial and is referred to as DCC;
Described APC uses Java and Android SDK to develop realization, and described DCC uses C++ and Android
NDK realizes.
Preferably, described APC realizes data channel configuration and controls security strategy configuration;The described data that realize are led to
Road configuration i.e. Data Channel Setting, takes initial and is referred to as DCS, and described control security strategy configures
I.e. Control Security Policy Configuration, takes initial and is referred to as CSPC;
Preferably, the data channel needing monitoring is selected and configures by described DCS, and definition needs monitoring
Data channel;
Preferably, described data channel includes: bluetooth, infrared, Wifi, GPRS, USB etc..
Preferably, described CSPC generates one or more strategy, it is provided that use to DCC;Described strategy is i.e.
Security Policy, takes initial and is referred to as SP;
Whether preferably, every described SP includes three elements: file type, the most directly forbid and inquire,
Wherein, each described file type can only set a described SP.
Preferably, described DCC realizes configuring, to arranged by described DCS with the security strategy of described CSPC
The file of data channel transmission is monitored and manages, by the definition of described SP, after determining transmission file
Continue for.
A kind of unauthorized encryption and compressed file externally send monitoring method, comprise the following steps:
S1, after system normally starts, enables described DCC and described APC;
S2, described DCC attempt from the profile information specifying position to read described APC;
Described profile information i.e. SP Configuration File, takes initial and is referred to as SPCF;
If described SPCF exists, then jump to S4 and start to perform configuration loading procedure;If described SPCF is not
Existing, the most described DCC sends message by specifying SOCKET to described APC;
After S3, described APC receive described DCC message, it is desirable to user passes through described APC configuration interface, carries out
DC and described SP configuration, and be saved in described SPCF;
S4, described DCC enable Command Line Parsing function;
Described Command Line Parsing function i.e. Configuration Analysis, takes initial and is referred to as CA;
Described CA reads described SPCF, resolves the described DC information needing monitoring, forms DC list in internal memory,
With the described SP information of parsing, internal memory forms SP list;
Described DC list i.e. DC Link, takes initial and is referred to as DCL, described SP list i.e. SP Link, take head
Letter referred to as SPL;
S5, described DCC enable data channel control function, run in Service mode, according to described DCL pair
Respective channel is monitored;
Described data channel control function i.e. Data Channel Monitor, takes initial and is referred to as DCM;
S6, described DCM monitor the passage defined in described DCL have transmission file behavior when, by institute
State SOCKET and send message to described DCC;
Described transmission file i.e. Transferred File, takes initial and is referred to as TF;
S7, after described DCC receives message, enables file detection function, during taking over described TF transmission
Follow-up behavior;
Described file detection function i.e. File Check, takes initial and is referred to as FC;
First S8, described FC analyze described TF essential information, obtain file type, encrypted state two substantially
Information, if file will continue the follow-up transmission behavior of file without encryption, described FC, this time inspection
Survey process terminates;If file is through encryption, continue subsequent detection action;
S9, described FC order reads described SPL, obtains the described SP matched with described TF file type;
S10, described FC read " the most directly forbidding " configuration in described SP, if setting value is "Yes",
Described FC will directly terminate the transport behavior of described TF, and by operation process recording in daily record;If set
Value is "No", continues subsequent detection;
S11, described FC read " whether inquiring " configuration in described SP, if setting value is "No", described
FC will allow described TF to continue to send;If setting value is "Yes", described FC passes through described SOCKET by described
TF relevant information and require that inquiry message passes to described APC, after described APC receives message, is inquired by ejection
The mode of dialog box, prompts the user whether to allow described TF to send behavior, and wherein, described AD includes described
TF filename, transmission source and user's select button;
Described dialog box i.e. Answer Dialog, takes initial and is referred to as AD;
The selection result of user is returned to described FC by described SOCKET by S12, described AD;
Described selection result i.e. Action Choice, takes initial and is referred to as AC;
S13, if described AC is "Yes", described FC will allow the follow-up transmission behavior of described TF, and by phase
Pass information record is in daily record;If described AC is "No", described FC will forbid the follow-up transmission row of described TF
For, and will forbid that the result record sent is in daily record;
S14, in described APC running, when described DC and described SP configures and changes, described APC
To notify that the described DCL in internal memory and described SPL is updated by described DCC, it is ensured that latest configuration can obtain
Application;
S15, the journal file of record leaves specific bit in described SD in by clear-text way to be put.
The invention has the beneficial effects as follows: the present invention is directed to the file security problem that above-mentioned mobile terminal easily occurs,
Propose to need the mechanism of user intervention, when meeting encryption, compression, any one form of transform format
File is copied any one mode carried out outwards by wireless network, mobile network, bluetooth, infrared or USB
During propagation, user will be pointed out to participate in alternately by system message mode, confirm that this file whether can be to
Outer propagation, by increasing manual confirmation mechanism, reduces secret, privacy and sensitive content by unofficial biography of illegally moving under water
The risk brought, or, by the unified security mechanism set, the file of this mode of total ban transmits,
From stopping the risk that confidential content leaks at all.
Accompanying drawing explanation
Fig. 1 is that encryption file sends monitoring logic.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing, right
The present invention is further elaborated.Should be appreciated that detailed description of the invention described herein only in order to
Explain the present invention, be not intended to limit the present invention.
The present invention realizes and work process is as follows:
The most whole realization is made up of two parts, delegated strategy configuration module (APC, Authority Policy
And two masters of data channel control module (DCC, Data Channel Control) Configuration)
Function is wanted to form;APC uses Java and Android SDK to develop realization, and DCC uses C++ and Android
NDK realizes;
2.APC realizes data channel configuration (DCS, Data Channel Setting) and control security strategy is joined
Put (CSPC, Control Security Policy Configuration);The DCS data to needing monitoring
Passage selects and configures, and definition needs the data channel of monitoring, including: bluetooth, infrared, Wifi,
GPRS、USB;CSPC generates one or more strategy (SP, Security Policy), it is provided that enter to DCC
Exercise and use;Every SP is elementary composition by three, and SP=<file type the most directly forbids whether inquiring>, its
In, each file type can only set a SP;
3.DCC realizes configuring with the security strategy of CSPC, the file to the data channel transmission arranged by DCS
It is monitored and manages, by the definition of SP, determining the follow-up behavior of transmission file;
4., after system normally starts, enable DCC and APC;
5.DCC attempts from profile information (SPCF, the SP Configuration specifying position to read APC
File), if SPCF exists, start to perform configuration loading procedure from step 7;If SPCF does not exists, DCC
By specifying SOCKET to send message to APC;
After 6.APC receives DCC message, it is desirable to user passes through APC configuration interface, carry out DC and SP configuration, and
It is saved in SPCF;
7.DCC enables Command Line Parsing function (CA, Configuration Analysis), and CA reads SPCF,
Resolve the DC information needing monitoring, internal memory is formed DC list (DCL, DC Link), and, resolve SP letter
Breath, forms SP list (SPL, SP Link) in internal memory;
8.DCC enables data channel control function (DCM, Data Channel Monitor), with Service
Mode is run, and is monitored respective channel according to DCL;
9.DCM monitors the passage defined in DCL transmission file (TF, Transferred File) behavior
When, send message by SOCKET to DCC;
After 10.DCC receives message, enabling file detection function (FC, File Check), adapter TF sends
During follow-up behavior;
First 11.FC analyzes TF essential information, obtains file type, two essential informations of encrypted state, if
File will continue the follow-up transmission behavior of file without encryption, FC, and this time detection process terminates;As
Really file is through encryption, continues subsequent detection action;
12.FC order reads SPL, obtains the SP matched with TF file type;
13.FC reads " the most directly forbidding " configuration in SP, if setting value is "Yes", FC will directly eventually
The only transport behavior of TF, and by operation process recording in daily record;If setting value is "No", continue follow-up
Detection;
14.FC reads " whether inquiring " configuration in SP, if setting value is "No", FC will allow TF to continue
Send;If setting value is "Yes", FC by TF relevant information and requires that inquiry message passes to APC by SOCKET,
After APC receives message, by ejecting the mode of inquiry session frame (AD, Answer Dialog), prompting is used
Whether family allows TF to send behavior, and wherein, AD includes TF filename, transmission source and user's select button;
The selection result (AC, Action Choice) of user is returned to FC by SOCKET by 15.AD;
If 16. AC are "Yes", FC will allow the follow-up transmission behavior of TF, and by relevant information record in day
In will;If AC is "No", FC will forbid the follow-up transmission behavior of TF, and will forbid the result record sent
In daily record;
17. in APC running, and when DC and SP configuration changes, APC will notify that DCC is in internal memory
DCL and SPL be updated, it is ensured that latest configuration can be applied;
The journal file of 18. records leaves specific bit in SD in by clear-text way to be put, e.g.,
/sdcard/pm/monitor.log;
By using technique scheme disclosed by the invention, obtain following beneficial effect:
The present invention is directed to the file security problem that above-mentioned mobile terminal easily occurs, propose to need user intervention
Mechanism, when meet encryption, compression, any one form of transform format file by wireless network,
Mobile network, bluetooth, infrared or USB copy any one mode when outwards propagating, and will pass through system
Message mode, prompting user participates in alternately, confirms whether this file can outwards be propagated, by increasing people
Work affirmation mechanism, reduces the risk that secret, privacy and sensitive content are brought by unofficial biography of illegally moving under water, or,
By the unified security mechanism set, the file transmission of this mode of total ban, from stopping in secret at all
Hold the risk leaked.
The above is only the preferred embodiment of the present invention, it is noted that common for the art
For technical staff, under the premise without departing from the principles of the invention, it is also possible to make some improvements and modifications,
These improvements and modifications also should regard protection scope of the present invention.
Claims (8)
1. a unauthorized encryption and compressed file externally send monitoring system, it is characterised in that include authorizing
Strategy configuration module and data channel control module;
Described delegated strategy configuration module i.e. Authority Policy Configuration, takes initial letter
It is referred to as APC, described data channel control module i.e. Data Channel Control, takes initial and be referred to as DCC;
Described APC uses Java and Android SDK to develop realization, and described DCC uses C++ and Android
NDK realizes.
The unauthorized encryption of one the most according to claim 1 and compressed file externally send monitoring system,
It is characterized in that, described APC realizes data channel configuration and controls security strategy configuration;
Described realize data channel configuration i.e. Data Channel Setting, take initial and be referred to as DCS, institute
State control security strategy configuration i.e. Control Security Policy Configuration, take initial letter
It is referred to as CSPC.
The unauthorized encryption of one the most according to claim 2 and compressed file externally send monitoring system,
It is characterized in that, the data channel needing monitoring is selected and configures by described DCS, and definition needs monitoring
Data channel.
The unauthorized encryption of one the most according to claim 2 and compressed file externally send monitoring system,
It is characterized in that, described CSPC generates one or more strategy, it is provided that use to DCC;
Described strategy i.e. Security Policy, takes initial and is referred to as SP.
The unauthorized encryption of one the most according to claim 3 and compressed file externally send monitoring system,
It is characterized in that, described data channel includes: bluetooth, infrared, Wifi, GPRS, USB.
The unauthorized encryption of one the most according to claim 4 and compressed file externally send monitoring system,
Whether it is characterized in that, every described SP includes three elements: file type, the most directly forbid and inquire,
Wherein, each described file type can only set a described SP.
The unauthorized encryption of one the most according to claim 4 and compressed file externally send monitoring system,
It is characterized in that, described DCC realizes configuring, to arranged by described DCS with the security strategy of described CSPC
The file of described data channel transmission is monitored and manages, and determines transmission file by the definition of described SP
Follow-up behavior.
8. a unauthorized encryption and compressed file externally send monitoring method, it is characterised in that include following
Step:
S1, after system normally starts, enables described DCC and described APC;
S2, described DCC attempt from the profile information specifying position to read described APC;
Described profile information i.e. SP Configuration File, takes initial and is referred to as SPCF;
If described SPCF exists, then jump to S4 and start to perform configuration loading procedure;If described SPCF is not
Existing, the most described DCC sends message by specifying SOCKET to described APC;
After S3, described APC receive described DCC message, it is desirable to user passes through described APC configuration interface, carries out
DC and described SP configuration, and be saved in described SPCF;
S4, described DCC enable Command Line Parsing function;
Described Command Line Parsing function i.e. Configuration Analysis, takes initial and is referred to as CA;
Described CA reads described SPCF, resolves the described DC information needing monitoring, forms DC list in internal memory,
With the described SP information of parsing, internal memory forms SP list;
Described DC list i.e. DC Link, takes initial and is referred to as DCL, described SP list i.e. SP Link, take head
Letter referred to as SPL;
S5, described DCC enable data channel control function, run in Service mode, according to described DCL pair
Respective channel is monitored;
Described data channel control function i.e. Data Channel Monitor, takes initial and is referred to as DCM;
S6, described DCM monitor the passage defined in described DCL have transmission file behavior when, by institute
State SOCKET and send message to described DCC;
Described transmission file i.e. Transferred File, takes initial and is referred to as TF;
S7, after described DCC receives message, enables file detection function, during taking over described TF transmission
Follow-up behavior;
Described file detection function i.e. File Check, takes initial and is referred to as FC;
First S8, described FC analyze described TF essential information, obtain file type, encrypted state two substantially
Information, if file will continue the follow-up transmission behavior of file without encryption, described FC, this time inspection
Survey process terminates;If file is through encryption, continue subsequent detection action;
S9, described FC order reads described SPL, obtains the described SP matched with described TF file type;
S10, described FC read " the most directly forbidding " configuration in described SP, if setting value is "Yes",
Described FC will directly terminate the transport behavior of described TF, and by operation process recording in daily record;If set
Value is "No", continues subsequent detection;
S11, described FC read " whether inquiring " configuration in described SP, if setting value is "No", described
FC will allow described TF to continue to send;If setting value is "Yes", described FC passes through described SOCKET by described
TF relevant information and require that inquiry message passes to described APC, after described APC receives message, is inquired by ejection
The mode of dialog box, prompts the user whether to allow described TF to send behavior, and wherein, described AD includes described
TF filename, transmission source and user's select button;
Described dialog box i.e. Answer Dialog, takes initial and is referred to as AD;
The selection result of user is returned to described FC by described SOCKET by S12, described AD;
Described selection result i.e. Action Choice, takes initial and is referred to as AC;
S13, if described AC is "Yes", described FC will allow the follow-up transmission behavior of described TF, and by phase
Pass information record is in daily record;If described AC is "No", described FC will forbid the follow-up transmission row of described TF
For, and will forbid that the result record sent is in daily record;
S14, in described APC running, when described DC and described SP configures and changes, described APC
To notify that the described DCL in internal memory and described SPL is updated by described DCC, it is ensured that latest configuration can obtain
Application;
S15, the journal file of record leaves specific bit in described SD in by clear-text way to be put.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610262750.5A CN105959272A (en) | 2016-04-25 | 2016-04-25 | Unauthorized encrypted and compressed file outward transmission monitoring system and unauthorized encrypted and compressed file outward transmission monitoring method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610262750.5A CN105959272A (en) | 2016-04-25 | 2016-04-25 | Unauthorized encrypted and compressed file outward transmission monitoring system and unauthorized encrypted and compressed file outward transmission monitoring method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105959272A true CN105959272A (en) | 2016-09-21 |
Family
ID=56915526
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610262750.5A Pending CN105959272A (en) | 2016-04-25 | 2016-04-25 | Unauthorized encrypted and compressed file outward transmission monitoring system and unauthorized encrypted and compressed file outward transmission monitoring method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105959272A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090271839A1 (en) * | 2006-05-02 | 2009-10-29 | Yoichi Kanai | Document Security System |
CN103561045A (en) * | 2013-11-21 | 2014-02-05 | 北京网秦天下科技有限公司 | Safety monitoring system and method for Android system |
CN104318169A (en) * | 2014-09-26 | 2015-01-28 | 北京网秦天下科技有限公司 | Mobile terminal and method for preventing local file from leakage based on security policy |
CN104579831A (en) * | 2014-12-26 | 2015-04-29 | 北京网秦天下科技有限公司 | Data transmission processing method and device |
-
2016
- 2016-04-25 CN CN201610262750.5A patent/CN105959272A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090271839A1 (en) * | 2006-05-02 | 2009-10-29 | Yoichi Kanai | Document Security System |
CN103561045A (en) * | 2013-11-21 | 2014-02-05 | 北京网秦天下科技有限公司 | Safety monitoring system and method for Android system |
CN104318169A (en) * | 2014-09-26 | 2015-01-28 | 北京网秦天下科技有限公司 | Mobile terminal and method for preventing local file from leakage based on security policy |
CN104579831A (en) * | 2014-12-26 | 2015-04-29 | 北京网秦天下科技有限公司 | Data transmission processing method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10411898B2 (en) | Method and device for providing a key for internet of things (IoT) communication | |
KR101211477B1 (en) | Method for mobile-key service | |
CN103428221B (en) | Safe login method, system and device to Mobile solution | |
WO2016184195A1 (en) | Door lock control method, apparatus and terminal | |
US20080148350A1 (en) | System and method for implementing security features and policies between paired computing devices | |
US8719956B2 (en) | Method and apparatus for sharing licenses between secure removable media | |
Portugal et al. | The role of security in human-robot shared environments: A case study in ROS-based surveillance robots | |
EP2482488A1 (en) | Method and system for authorizing management of terminals of internet of things | |
WO2016179924A1 (en) | Wireless local area network access control method, device and terminal | |
CN104113839A (en) | Mobile data safety protection system and method based on SDN | |
CN109618344A (en) | A kind of secure connection method and device of wireless monitoring equipment | |
CN104364793A (en) | Security mode for mobile communications devices | |
CN106488453A (en) | A kind of method and system of portal certification | |
CN104380775A (en) | Method and network node device for controlling the run of technology specific push-button configuration sessions within a heterogeneous or homogeneous wireless network and heterogeneous or homogeneous wireless network | |
CN104270347B (en) | The methods, devices and systems of security control | |
CN104318169A (en) | Mobile terminal and method for preventing local file from leakage based on security policy | |
CN103685499A (en) | Terminal, server, application program management system and application program management method | |
CN111277607A (en) | Communication tunnel module, application monitoring module and mobile terminal security access system | |
TWI499931B (en) | File management system and method | |
US20170366529A1 (en) | Method and apparatus of implementing a vpn tunnel | |
CN107888608A (en) | A kind of encryption system for protecting computer software | |
CN105262653A (en) | Safety access platform | |
CN105959272A (en) | Unauthorized encrypted and compressed file outward transmission monitoring system and unauthorized encrypted and compressed file outward transmission monitoring method | |
KR20080038563A (en) | Method and system for protection of lawful interception | |
KR101017588B1 (en) | Entrance and exit control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160921 |