CN106375309A - DPI data security management method of mobile device - Google Patents

DPI data security management method of mobile device Download PDF

Info

Publication number
CN106375309A
CN106375309A CN201610791172.4A CN201610791172A CN106375309A CN 106375309 A CN106375309 A CN 106375309A CN 201610791172 A CN201610791172 A CN 201610791172A CN 106375309 A CN106375309 A CN 106375309A
Authority
CN
China
Prior art keywords
data
mobile device
module
dpi
mobile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610791172.4A
Other languages
Chinese (zh)
Other versions
CN106375309B (en
Inventor
白慧冬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qingshi Network Technology Co Ltd
Original Assignee
Beijing Qingshi Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qingshi Network Technology Co Ltd filed Critical Beijing Qingshi Network Technology Co Ltd
Priority to CN201610791172.4A priority Critical patent/CN106375309B/en
Publication of CN106375309A publication Critical patent/CN106375309A/en
Application granted granted Critical
Publication of CN106375309B publication Critical patent/CN106375309B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a DPI data security management method of a mobile device. The method comprises the following steps: inputting the information of the mobile device in a DPI module, judging whether the information of the mobile device belongs to rule update, and if so, synchronizing data to a rule management module; if not, transmitting the data to a data filtering module; reading rules from the rule management module by the data filtering module, carrying out security analysis on the data, verifying security data and non-security data, and carrying out security filtering; and then allocating and outputting the data according to the target of the data. By adoption of the DPI data security management method provided by the invention, the resource occupation of security software to CPU in the mobile device is reduced, and the system speed is accelerated.

Description

A kind of mobile device dpi data safety control method
Technical field
Present invention relates particularly to a kind of mobile device dpi (deep-packet detection) data safety control method.
Background technology
The module of data safety management is lacked in current mobile phone and mobile device, under current implementation, all Safety the software of similar mobile phone bodyguard etc will be relied on to carry out, and software itself is that comparison is high to the occupancy of system resource , some also can take a large amount of internal memories and computing resource so that the speed of service of mobile phone reduces and cannot normally use.
Content of the invention
The present invention, in order to solve the problems referred to above of the prior art, proposes a kind of mobile device data method for managing security, Specifically provide a kind of mobile device dpi data safety control method, wherein, in the presence of mobile device is as transmitting terminal, other shiftings Dynamic equipment can be used as base station by current mobile device and be accessed;Mobile device is embedded with dpi module, and all turnover are moved The data message of equipment carries out safety filtering process, to reduce the resource occupation to cpu for the fail-safe software in mobile device, lifting system System speed;Specifically include:
After mobile device starts, the data circulation between all external communication module and mobile device internal module is all led to Cross dpi module;
After the information of input mobile device enters dpi module, can be judged and whether belong to Policy Updates, if just by number According to being synchronized to rules administration module;If it is not, data then enters data filtering module;
Data filtering module reads rule from rules administration module, and incoming data is carried out with safety analysis, differentiates safety Data and non-secure data simultaneously carry out safety filtering;
Then the purpose according to data is distributed, if being transmitted to the data of other mobile devices, is forwarded to mobile communication Sending module, if other data are put into other modules within mobile device;
Wherein, the synchronization of described rule passes through mobile device real-time implementation, to improve the actual time safety protection level of system;
Described safety analysis is to carry out characteristic matching identification to all data entering mobile device, checks whether data pacifies Entirely, if be embedded with virus or defect;Checked also for the chained address comprising in data, determined that chained address belongs to Secure address, is then marked for dangerous address, it is to avoid to address identification ability, not strong user is deceived.
Preferably, described mobile device is mobile phone, the dpi module being embedded in by mobile phone, to realize to voice flow direction Process.By the present invention, reduce the resource occupation to mobile device cpu for the fail-safe software, improve system speed.
Brief description
Fig. 1 is mobile device structure chart of the present invention.
Fig. 2 is dpi function structure chart of the present invention.
Fig. 3 is dpi processing module structure chart of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings the present invention is described in further details.
Referring to Fig. 1, near-end mobile device a and far-end mobile b all includes: mobile communication receiver module, mobile communication Sending module, dpi module and other modules;Wherein, dpi module, for solving the problems, such as the access to external equipment, and is outer Portion equipment provides signal of communication, and the data entering dpi module could will forward after filtering or described in entering other Module.The mobile communication receiver module of near-end mobile device and base station chaining, far-end mobile is connected with mobile device.Described In the presence of mobile communication sending module is as transmitting terminal, other far-end mobile in signal range of transmission pass through currently to move The transmitting terminal of equipment is accessed as base station and then is realized communicating.
Referring to Fig. 2, described dpi module includes: dpi processing module and judge switch module.
Referring to Fig. 3, described dpi processing module includes: logic judgment module, rules administration module and data filtering mould Block;Wherein, logic judgment module, judges whether the information inputting mobile device belongs to Policy Updates, if just that data is same Walk rules administration module, if it is not, then entering data filtering module;Rules administration module, for completing the setting of rule; Data filtering module, for the rule settings according to rules administration module, the information after data is parsed carries out filtration treatment, sentences Disconnected interception or clearance;Dpi processing module serial in a link, is carried out at filtration to the data message of all turnover mobile devices Reason and cleaning, are analyzed to data, differentiate secure data and non-secure data and carry out safety filtering.
Concrete methods of realizing can also be:
After mobile device starts, the data between all communication modules and system module circulates all by dpi module;Defeated The information entering mobile device can be judged whether belong to Policy Updates, if just by data syn-chronization to rules administration module.As Fruit is not then to enter data filtering module;Data filtering module reads rule from rules administration module, and incoming data is carried out Filtration treatment, the then purpose distribution according to data, if being transmitted to the data of other mobile devices, it is forwarded to mobile logical Letter sending module, others are put into other modules within mobile device.
Dpi equipment can also be embedded in mobile phone or mobile device, realize the process to voice flow direction.Work as sending module In the presence of transmitting terminal, other mobile phones or mobile device are used as base station by the transmitting terminal of current phone or mobile device Accessed;Reduce the resource occupation to mobile device cpu for the fail-safe software, lift system speed;The regular and synchronized of security system Realized at any time by mobile module, improve the actual time safety protection level of system;Feature is carried out to the data of all entrance systems Match cognization, checks data whether safety, if be embedded with virus or defect;The chained address comprising in data is carried out Check, determine that chained address belongs to secure address, be otherwise then marked, it is to avoid not strong user is deceived to address identification ability It is taken in.
Embodiment described above is only that the preferred embodiment of the present invention is described, the not model to the present invention Enclose and be defined, on the premise of without departing from design spirit of the present invention, the skill to the present invention for this area ordinary skill technical staff Various modifications and improvement that art scheme is made, all should fall in the protection domain of claims of the present invention determination.

Claims (2)

1. a kind of mobile device dpi data safety control method, wherein, in the presence of mobile device is as transmitting terminal, other movements Equipment can be used as base station by current mobile device and be accessed;Mobile device is embedded with dpi module, and all turnover movements are set Standby data message carries out safety filtering process, to reduce the resource occupation to cpu for the fail-safe software, lift system in mobile device Speed;It is characterized in that, comprising:
After mobile device starts, the data circulation between all external communication module and mobile device internal module is all passed through Dpi module;
After the information of input mobile device enters dpi module, can be judged and whether belong to Policy Updates, if just that data is same Walk rules administration module;If it is not, data then enters data filtering module;
Data filtering module reads rule from rules administration module, and incoming data is carried out with safety analysis, differentiates secure data With non-secure data and carry out safety filtering;
Then the purpose according to data is distributed, if being transmitted to the data of other mobile devices, being forwarded to mobile communication and sending Module, if other data are put into other modules within mobile device;
Wherein, the synchronization of described rule passes through mobile device real-time implementation, to improve the actual time safety protection level of system;Described Safety analysis is to carry out characteristic matching identification to all data entering mobile devices, checks data whether safety, if embedded There are virus or defect;Checked also for the chained address comprising in data, determined that chained address belongs to secure address, right Then it is marked in dangerous address, it is to avoid to address identification ability, not strong user is deceived.
2. method according to claim 1, it is characterised in that described mobile device is mobile phone, is embedded in by mobile phone Dpi module, to realize the process to voice flow direction.
CN201610791172.4A 2016-08-31 2016-08-31 DPI data security management method for mobile equipment Active CN106375309B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610791172.4A CN106375309B (en) 2016-08-31 2016-08-31 DPI data security management method for mobile equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610791172.4A CN106375309B (en) 2016-08-31 2016-08-31 DPI data security management method for mobile equipment

Publications (2)

Publication Number Publication Date
CN106375309A true CN106375309A (en) 2017-02-01
CN106375309B CN106375309B (en) 2020-02-11

Family

ID=57899730

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610791172.4A Active CN106375309B (en) 2016-08-31 2016-08-31 DPI data security management method for mobile equipment

Country Status (1)

Country Link
CN (1) CN106375309B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667741A (en) * 2018-04-26 2018-10-16 宝牧科技(天津)有限公司 A kind of control method and system for industrial network data forwarding

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064878A (en) * 2006-04-24 2007-10-31 华为技术有限公司 Mobile terminal for realizing content filtering, system, network entity and method
CN101674584A (en) * 2009-09-03 2010-03-17 中兴通讯股份有限公司 Method for detecting virus and system
WO2012124207A1 (en) * 2011-03-17 2012-09-20 日本電気株式会社 Communication system, base station, and method for coping with cyber attacks
CN102752792A (en) * 2011-12-26 2012-10-24 华为技术有限公司 Method, device and system for monitoring internet service quality of mobile terminal
CN104349395A (en) * 2013-08-06 2015-02-11 中国电信股份有限公司 Method, user terminal and system for processing data messages
CN104380686A (en) * 2013-11-07 2015-02-25 华为技术有限公司 Method and system used for applying NG firewall, NG firewall client-side and NG firewall servicer
CN105516200A (en) * 2016-01-19 2016-04-20 中国联合网络通信集团有限公司 Cloud system security processing method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064878A (en) * 2006-04-24 2007-10-31 华为技术有限公司 Mobile terminal for realizing content filtering, system, network entity and method
CN101674584A (en) * 2009-09-03 2010-03-17 中兴通讯股份有限公司 Method for detecting virus and system
WO2012124207A1 (en) * 2011-03-17 2012-09-20 日本電気株式会社 Communication system, base station, and method for coping with cyber attacks
CN102752792A (en) * 2011-12-26 2012-10-24 华为技术有限公司 Method, device and system for monitoring internet service quality of mobile terminal
CN104349395A (en) * 2013-08-06 2015-02-11 中国电信股份有限公司 Method, user terminal and system for processing data messages
CN104380686A (en) * 2013-11-07 2015-02-25 华为技术有限公司 Method and system used for applying NG firewall, NG firewall client-side and NG firewall servicer
CN105516200A (en) * 2016-01-19 2016-04-20 中国联合网络通信集团有限公司 Cloud system security processing method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667741A (en) * 2018-04-26 2018-10-16 宝牧科技(天津)有限公司 A kind of control method and system for industrial network data forwarding
CN108667741B (en) * 2018-04-26 2021-11-12 宝牧科技(天津)有限公司 Control method and system for industrial network data forwarding

Also Published As

Publication number Publication date
CN106375309B (en) 2020-02-11

Similar Documents

Publication Publication Date Title
CN104639624B (en) A kind of method and apparatus for realizing mobile terminal remote access control
CN103167180A (en) System and method for controlling surfing internet through mobile phone
CN106911529A (en) Power network industry control safety detecting system based on protocol analysis
CN102760262A (en) System and method based on biometrics identification payment risks
CN203849784U (en) NFC-based access control system
CN205899636U (en) Intelligent gate inhibition system
CN103209411B (en) The method and apparatus that wireless network anti-counterfeiting accesses
CN106375309A (en) DPI data security management method of mobile device
CN106375311B (en) A kind of mobile device DPI application method for managing security
CN108154026A (en) Safety communicating method and system of the Root without intrusion are exempted from based on android system
CN104601578A (en) Recognition method and device for attack message and core device
CN109104429B (en) Detection method for phishing information
CN115150209B (en) Data processing method, industrial control system, electronic device, and storage medium
CN104469989B (en) A kind of wireless client terminal equipment and its cut-in method
CN103685134A (en) WLAN (Wireless Local Area Network) resource access control method and WLAN resource access control device
CN209373652U (en) Jingwutong's control system in prison
CN107613474A (en) A kind of method of SMS network supervision
CN110312240A (en) A kind of method and device identifying mobile phone of not putting on record
CN203104506U (en) Internet of things safe access network gateway
CN106358224B (en) A kind of mobile device DPI data and the method and system of application and base station secure synchronization
CN107644462A (en) A kind of attendance checking system and Work attendance method
CN103916391B (en) A kind of method and system preventing illegal external connection
CN206179038U (en) Access control device
CN102739674B (en) Method, device and system for monitoring moving condition of point of sale (POS) terminal
CN105848143A (en) Dual-system integrated smart mobile phone and private information processing method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant