CN106375309A - DPI data security management method of mobile device - Google Patents
DPI data security management method of mobile device Download PDFInfo
- Publication number
- CN106375309A CN106375309A CN201610791172.4A CN201610791172A CN106375309A CN 106375309 A CN106375309 A CN 106375309A CN 201610791172 A CN201610791172 A CN 201610791172A CN 106375309 A CN106375309 A CN 106375309A
- Authority
- CN
- China
- Prior art keywords
- data
- mobile device
- module
- dpi
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a DPI data security management method of a mobile device. The method comprises the following steps: inputting the information of the mobile device in a DPI module, judging whether the information of the mobile device belongs to rule update, and if so, synchronizing data to a rule management module; if not, transmitting the data to a data filtering module; reading rules from the rule management module by the data filtering module, carrying out security analysis on the data, verifying security data and non-security data, and carrying out security filtering; and then allocating and outputting the data according to the target of the data. By adoption of the DPI data security management method provided by the invention, the resource occupation of security software to CPU in the mobile device is reduced, and the system speed is accelerated.
Description
Technical field
Present invention relates particularly to a kind of mobile device dpi (deep-packet detection) data safety control method.
Background technology
The module of data safety management is lacked in current mobile phone and mobile device, under current implementation, all
Safety the software of similar mobile phone bodyguard etc will be relied on to carry out, and software itself is that comparison is high to the occupancy of system resource
, some also can take a large amount of internal memories and computing resource so that the speed of service of mobile phone reduces and cannot normally use.
Content of the invention
The present invention, in order to solve the problems referred to above of the prior art, proposes a kind of mobile device data method for managing security,
Specifically provide a kind of mobile device dpi data safety control method, wherein, in the presence of mobile device is as transmitting terminal, other shiftings
Dynamic equipment can be used as base station by current mobile device and be accessed;Mobile device is embedded with dpi module, and all turnover are moved
The data message of equipment carries out safety filtering process, to reduce the resource occupation to cpu for the fail-safe software in mobile device, lifting system
System speed;Specifically include:
After mobile device starts, the data circulation between all external communication module and mobile device internal module is all led to
Cross dpi module;
After the information of input mobile device enters dpi module, can be judged and whether belong to Policy Updates, if just by number
According to being synchronized to rules administration module;If it is not, data then enters data filtering module;
Data filtering module reads rule from rules administration module, and incoming data is carried out with safety analysis, differentiates safety
Data and non-secure data simultaneously carry out safety filtering;
Then the purpose according to data is distributed, if being transmitted to the data of other mobile devices, is forwarded to mobile communication
Sending module, if other data are put into other modules within mobile device;
Wherein, the synchronization of described rule passes through mobile device real-time implementation, to improve the actual time safety protection level of system;
Described safety analysis is to carry out characteristic matching identification to all data entering mobile device, checks whether data pacifies
Entirely, if be embedded with virus or defect;Checked also for the chained address comprising in data, determined that chained address belongs to
Secure address, is then marked for dangerous address, it is to avoid to address identification ability, not strong user is deceived.
Preferably, described mobile device is mobile phone, the dpi module being embedded in by mobile phone, to realize to voice flow direction
Process.By the present invention, reduce the resource occupation to mobile device cpu for the fail-safe software, improve system speed.
Brief description
Fig. 1 is mobile device structure chart of the present invention.
Fig. 2 is dpi function structure chart of the present invention.
Fig. 3 is dpi processing module structure chart of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings the present invention is described in further details.
Referring to Fig. 1, near-end mobile device a and far-end mobile b all includes: mobile communication receiver module, mobile communication
Sending module, dpi module and other modules;Wherein, dpi module, for solving the problems, such as the access to external equipment, and is outer
Portion equipment provides signal of communication, and the data entering dpi module could will forward after filtering or described in entering other
Module.The mobile communication receiver module of near-end mobile device and base station chaining, far-end mobile is connected with mobile device.Described
In the presence of mobile communication sending module is as transmitting terminal, other far-end mobile in signal range of transmission pass through currently to move
The transmitting terminal of equipment is accessed as base station and then is realized communicating.
Referring to Fig. 2, described dpi module includes: dpi processing module and judge switch module.
Referring to Fig. 3, described dpi processing module includes: logic judgment module, rules administration module and data filtering mould
Block;Wherein, logic judgment module, judges whether the information inputting mobile device belongs to Policy Updates, if just that data is same
Walk rules administration module, if it is not, then entering data filtering module;Rules administration module, for completing the setting of rule;
Data filtering module, for the rule settings according to rules administration module, the information after data is parsed carries out filtration treatment, sentences
Disconnected interception or clearance;Dpi processing module serial in a link, is carried out at filtration to the data message of all turnover mobile devices
Reason and cleaning, are analyzed to data, differentiate secure data and non-secure data and carry out safety filtering.
Concrete methods of realizing can also be:
After mobile device starts, the data between all communication modules and system module circulates all by dpi module;Defeated
The information entering mobile device can be judged whether belong to Policy Updates, if just by data syn-chronization to rules administration module.As
Fruit is not then to enter data filtering module;Data filtering module reads rule from rules administration module, and incoming data is carried out
Filtration treatment, the then purpose distribution according to data, if being transmitted to the data of other mobile devices, it is forwarded to mobile logical
Letter sending module, others are put into other modules within mobile device.
Dpi equipment can also be embedded in mobile phone or mobile device, realize the process to voice flow direction.Work as sending module
In the presence of transmitting terminal, other mobile phones or mobile device are used as base station by the transmitting terminal of current phone or mobile device
Accessed;Reduce the resource occupation to mobile device cpu for the fail-safe software, lift system speed;The regular and synchronized of security system
Realized at any time by mobile module, improve the actual time safety protection level of system;Feature is carried out to the data of all entrance systems
Match cognization, checks data whether safety, if be embedded with virus or defect;The chained address comprising in data is carried out
Check, determine that chained address belongs to secure address, be otherwise then marked, it is to avoid not strong user is deceived to address identification ability
It is taken in.
Embodiment described above is only that the preferred embodiment of the present invention is described, the not model to the present invention
Enclose and be defined, on the premise of without departing from design spirit of the present invention, the skill to the present invention for this area ordinary skill technical staff
Various modifications and improvement that art scheme is made, all should fall in the protection domain of claims of the present invention determination.
Claims (2)
1. a kind of mobile device dpi data safety control method, wherein, in the presence of mobile device is as transmitting terminal, other movements
Equipment can be used as base station by current mobile device and be accessed;Mobile device is embedded with dpi module, and all turnover movements are set
Standby data message carries out safety filtering process, to reduce the resource occupation to cpu for the fail-safe software, lift system in mobile device
Speed;It is characterized in that, comprising:
After mobile device starts, the data circulation between all external communication module and mobile device internal module is all passed through
Dpi module;
After the information of input mobile device enters dpi module, can be judged and whether belong to Policy Updates, if just that data is same
Walk rules administration module;If it is not, data then enters data filtering module;
Data filtering module reads rule from rules administration module, and incoming data is carried out with safety analysis, differentiates secure data
With non-secure data and carry out safety filtering;
Then the purpose according to data is distributed, if being transmitted to the data of other mobile devices, being forwarded to mobile communication and sending
Module, if other data are put into other modules within mobile device;
Wherein, the synchronization of described rule passes through mobile device real-time implementation, to improve the actual time safety protection level of system;Described
Safety analysis is to carry out characteristic matching identification to all data entering mobile devices, checks data whether safety, if embedded
There are virus or defect;Checked also for the chained address comprising in data, determined that chained address belongs to secure address, right
Then it is marked in dangerous address, it is to avoid to address identification ability, not strong user is deceived.
2. method according to claim 1, it is characterised in that described mobile device is mobile phone, is embedded in by mobile phone
Dpi module, to realize the process to voice flow direction.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610791172.4A CN106375309B (en) | 2016-08-31 | 2016-08-31 | DPI data security management method for mobile equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610791172.4A CN106375309B (en) | 2016-08-31 | 2016-08-31 | DPI data security management method for mobile equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106375309A true CN106375309A (en) | 2017-02-01 |
CN106375309B CN106375309B (en) | 2020-02-11 |
Family
ID=57899730
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610791172.4A Active CN106375309B (en) | 2016-08-31 | 2016-08-31 | DPI data security management method for mobile equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106375309B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108667741A (en) * | 2018-04-26 | 2018-10-16 | 宝牧科技(天津)有限公司 | A kind of control method and system for industrial network data forwarding |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101064878A (en) * | 2006-04-24 | 2007-10-31 | 华为技术有限公司 | Mobile terminal for realizing content filtering, system, network entity and method |
CN101674584A (en) * | 2009-09-03 | 2010-03-17 | 中兴通讯股份有限公司 | Method for detecting virus and system |
WO2012124207A1 (en) * | 2011-03-17 | 2012-09-20 | 日本電気株式会社 | Communication system, base station, and method for coping with cyber attacks |
CN102752792A (en) * | 2011-12-26 | 2012-10-24 | 华为技术有限公司 | Method, device and system for monitoring internet service quality of mobile terminal |
CN104349395A (en) * | 2013-08-06 | 2015-02-11 | 中国电信股份有限公司 | Method, user terminal and system for processing data messages |
CN104380686A (en) * | 2013-11-07 | 2015-02-25 | 华为技术有限公司 | Method and system used for applying NG firewall, NG firewall client-side and NG firewall servicer |
CN105516200A (en) * | 2016-01-19 | 2016-04-20 | 中国联合网络通信集团有限公司 | Cloud system security processing method and device |
-
2016
- 2016-08-31 CN CN201610791172.4A patent/CN106375309B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101064878A (en) * | 2006-04-24 | 2007-10-31 | 华为技术有限公司 | Mobile terminal for realizing content filtering, system, network entity and method |
CN101674584A (en) * | 2009-09-03 | 2010-03-17 | 中兴通讯股份有限公司 | Method for detecting virus and system |
WO2012124207A1 (en) * | 2011-03-17 | 2012-09-20 | 日本電気株式会社 | Communication system, base station, and method for coping with cyber attacks |
CN102752792A (en) * | 2011-12-26 | 2012-10-24 | 华为技术有限公司 | Method, device and system for monitoring internet service quality of mobile terminal |
CN104349395A (en) * | 2013-08-06 | 2015-02-11 | 中国电信股份有限公司 | Method, user terminal and system for processing data messages |
CN104380686A (en) * | 2013-11-07 | 2015-02-25 | 华为技术有限公司 | Method and system used for applying NG firewall, NG firewall client-side and NG firewall servicer |
CN105516200A (en) * | 2016-01-19 | 2016-04-20 | 中国联合网络通信集团有限公司 | Cloud system security processing method and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108667741A (en) * | 2018-04-26 | 2018-10-16 | 宝牧科技(天津)有限公司 | A kind of control method and system for industrial network data forwarding |
CN108667741B (en) * | 2018-04-26 | 2021-11-12 | 宝牧科技(天津)有限公司 | Control method and system for industrial network data forwarding |
Also Published As
Publication number | Publication date |
---|---|
CN106375309B (en) | 2020-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104639624B (en) | A kind of method and apparatus for realizing mobile terminal remote access control | |
CN103167180A (en) | System and method for controlling surfing internet through mobile phone | |
CN106911529A (en) | Power network industry control safety detecting system based on protocol analysis | |
CN102760262A (en) | System and method based on biometrics identification payment risks | |
CN203849784U (en) | NFC-based access control system | |
CN205899636U (en) | Intelligent gate inhibition system | |
CN103209411B (en) | The method and apparatus that wireless network anti-counterfeiting accesses | |
CN106375309A (en) | DPI data security management method of mobile device | |
CN106375311B (en) | A kind of mobile device DPI application method for managing security | |
CN108154026A (en) | Safety communicating method and system of the Root without intrusion are exempted from based on android system | |
CN104601578A (en) | Recognition method and device for attack message and core device | |
CN109104429B (en) | Detection method for phishing information | |
CN115150209B (en) | Data processing method, industrial control system, electronic device, and storage medium | |
CN104469989B (en) | A kind of wireless client terminal equipment and its cut-in method | |
CN103685134A (en) | WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device | |
CN209373652U (en) | Jingwutong's control system in prison | |
CN107613474A (en) | A kind of method of SMS network supervision | |
CN110312240A (en) | A kind of method and device identifying mobile phone of not putting on record | |
CN203104506U (en) | Internet of things safe access network gateway | |
CN106358224B (en) | A kind of mobile device DPI data and the method and system of application and base station secure synchronization | |
CN107644462A (en) | A kind of attendance checking system and Work attendance method | |
CN103916391B (en) | A kind of method and system preventing illegal external connection | |
CN206179038U (en) | Access control device | |
CN102739674B (en) | Method, device and system for monitoring moving condition of point of sale (POS) terminal | |
CN105848143A (en) | Dual-system integrated smart mobile phone and private information processing method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |