CN201821502U - Information device with security structure capable of being configured dynamically - Google Patents
Information device with security structure capable of being configured dynamically Download PDFInfo
- Publication number
- CN201821502U CN201821502U CN2009201498038U CN200920149803U CN201821502U CN 201821502 U CN201821502 U CN 201821502U CN 2009201498038 U CN2009201498038 U CN 2009201498038U CN 200920149803 U CN200920149803 U CN 200920149803U CN 201821502 U CN201821502 U CN 201821502U
- Authority
- CN
- China
- Prior art keywords
- security
- module
- configuration
- portable information
- information apparatus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
The utility model provides an information device, comprising a security module capable of being configured dynamically, wherein operation setting values are automatically and dynamically configured according to risk summary or computational capability information or both risk summary and computational capability information.
Description
Technical field
The utility model relates to information technology by and large, more specifically, relates to a kind of safety system and correlation technique that is used to protect massaging device.
Background technology
In the current personal information and the communication system world, portable information apparatus is popularized rapidly, especially build and place the system on notebook or the MIME encoding platform and be called as smart phone or personal digital assistant (personal digital assistant, PDA), super mobile personal computer (ultra-mobilepersonal computer, UMPC) or mobile Internet device (mobile internet device, MID) multi-function communication device, these devices for example utilize processor such as the Atom that made by Intel Company or Moorestown CPU or move for example Symbian OS, operating systems such as Windows Mobile.Provide the network (for example EDGE and 3G) of open access and various WiFi the network network of IEEE 801 type standards (for example based on) to become very general to the public, and its popularity is also continuing to increase.
Along with the complexity of communication system and device and increase and the approaching tens of megabytes of data transmission rate/second of communication bandwidth, the risk that the user obtains rogue program and other unwelcome content is accidentally also increasing.In addition, the user that for example hacker, identity thief (identitythieves), spammer malicious act persons such as (spammer) encroach on these technology of use that increases to of the popularization degree of portable information apparatus and open network has created increasing chance.Computer system compromised (for example virus, worm, Malware, spyware, assault) and the quantity and the seriousness of unwelcome content continue to increase.
Fire compartment wall, anti-viral software, anti-spam software and other this type of security application that is used for personal computer are well-known.Yet, portable information apparatus is used known method but has special challenge.The designer's of portable information apparatus system and software primary goal be make a kind of can be from arbitrary place in any city, the world in fact the device of visit information immediately.In the market of current dog-eat-dog, low profit margin, portable information apparatus must make people afford.In addition, portable information apparatus must provide great portability and availability, this mean the general arrangement size must be less and the operating time must long enough (being at least about 24 hours).Performance and availability usually are and purchasing power and portable conflicting target, because battery accounts for most in overall dimension, weight and the cost of device.Performance and availability even also conflicting are equivalent to the energization demand because increase processor clock speed and increase memory.
All these require to make provides higher portable information apparatus fail safe and keeps performance, availability, portability and cost attribute simultaneously and unrealistic by continuing to enlarge markedly processor power and data storage capacity simply.These constraintss have proposed restriction to the application program moved the especially design of security application again on portable information apparatus, because these application programs may need a large amount of processor resources and memory capacity.
Therefore, the effective safety measures of the unique need that is particularly suitable for satisfying portable information apparatus need be provided.
The utility model content
But various aspects of the present utility model relate generally to a kind of safety of the dynamic-configuration that is used for massaging device and arrange, wherein according to risk summary, computing capability information or simultaneously according to the two, and the set point of dynamic-configuration operation automatically.
In one aspect, a kind of massaging device has: computer circuits comprise the processor that operationally is coupled to data storage; User interface comprises display and user input apparatus; Radio communication circuit; And power supply, be used for described computer circuits, user interface and radio communication circuit power supply.Described power supply can comprise the veneer energy with limited capacity, for example battery.Described computer circuits comprise safe arrangement, and described safe arrangement can comprise configurable security module, risk evaluation module and computing capability determination module.Described configurable security module provides in described massaging device and security-related function according to the configuration of operation set point.The described risk evaluation module one group of current safety risk that described massaging device bore of reappraising.Then the reappraise current state of computing capability availability of described massaging device of described computing capability determination module.
In addition, the security configuration module is according to from described one group of current safety risk of risk evaluation module and according to the current state from the computing capability availability of described computing capability determination module, automatically the operation set point of dynamic-configuration security module.Described security configuration module comprises configuration determination module and configuration settings module.Described configuration determination module is determined the subclass of major function from one group of security-related function, will come the configuration of configuration operation set point at the subclass of described major function in response to from one group of current safety risk of risk evaluation module the time.Described configuration settings module responds is in the configuration of setting the operation set point from the current state of the computing capability availability of computing capability determination module; with in the subclass that described security-related function mainly is provided; reduce the calculated load that the operation because of described configurable security module causes on computer circuits; thereby help in the safeguard protection that provides for described massaging device corresponding to determined one group of current safety risk, realizing the availability of described massaging device by risk evaluation module.
Of the present utility model on the other hand in, described computer circuits comprise safe arrangement, the arrangement of described safety comprises configurable security module, position determination module, summary data storehouse, position and security configuration module.Described configurable security module helps providing security service in portable information apparatus, described position determination module is then in order to determine and indication to the current location of described portable information apparatus is provided.Summary data storehouse, described position comprises the security risk summary info of a plurality of localized networks that are positioned at a plurality of geographical position.Described security configuration module uses described indication to current location to assess the current safety risk that described portable information apparatus bears according to the risk summary info corresponding to current location that is comprised in the summary data storehouse, described position.Described security configuration module dynamically disposes described security module, is beneficial to by optionally providing some security service in the described security service away from the security server of described portable information apparatus location or by security module.
According to another related fields of the present utility model, the method that provides a kind of safety that is used on the configuration information device automatically to arrange, the arrangement of wherein said safety is to make up by computing hardware or by the combination of computing hardware and software, and described method comprises: the current safety risk level of automatically being assessed portable information apparatus and being born by calculation element.In response to the described assessment to described current safety risk level, the subclass of the calculation element main safety function that automatically assessment will be configured the arrangement of described safety from one group of safety function is to protect described massaging device.Automatically the reappraise available computing capability of described portable information apparatus of calculation element.This method further comprises: by calculation element according to the assessment of described current safety risk level and according to the result that described computing capability is determined; automatically the arrangement of dynamic-configuration safety is to move on portable information apparatus; thereby when being provided, described main safety function subclass reduces the calculated load that the operation because of described configurable security module causes on massaging device; thereby help in the safeguard protection that provides for massaging device corresponding to the current safety risk level, realize the availability of massaging device.
Of the present utility modelly relate to a kind of method that is used for automatically disposing the security module on the portable information apparatus on the other hand, wherein said safety arrangement is to make up by computing hardware or by the combination of computing hardware and software.Described portable information apparatus is automatically determined its current location, and maintenance position summary data storehouse automatically, and summary data storehouse, described position comprises the security risk summary info of a plurality of localized networks that are positioned at a plurality of geographical position.Described device is according to the risk summary info corresponding to described current location that is comprised in the summary data storehouse, described position, the current safety risk that it bore of automatically reappraising, and according to described current safety risk, automatically reconfigure described security module, so that described security module is convenient to by optionally providing security service away from the security server of described portable information apparatus location or by described security module.
Some aspect of the present utility model is applicable to other challenge that the designer faced that solves the peculiar challenge of portable information apparatus (challenge for example mentioned above) and particularly small hand-held formula portable unit.Others of the present utility model are applicable to general massaging device, and regardless of the portable degree that is described device, also no matter described device is main battery-powered or powered by power line.Therefore, each side of the present utility model is applicable to notebook and desktop PC, and other product or equipment that utilizes safety to arrange.For simplicity's sake, hereinafter described the utility model embodiment describes in the portable information apparatus context.However, it should be understood that by selecting to be suitable for the combination of features of dissimilar products various aspects of the present utility model also can be accomplished and be fit to be applied to device, system and the equipment of other type.
To the detailed description of preferred embodiment, it is very clear that plurality of advantages of the present utility model will become by hereinafter.
Description of drawings
Reading hereinafter to the detailed description of the different embodiment of the utility model, can be understood the utility model more thoroughly in conjunction with the accompanying drawings, in the accompanying drawing:
Figure 1A is for showing portable information apparatus (portable information device; The calcspar of main outer member PID) can be applicable to described portable information apparatus according to the arrangement of the safety of the utility model each side;
Figure 1B is for showing the calcspar of the main inner member of portable information apparatus shown in Figure 1A;
Fig. 1 C shows the system architecture that comprises safety measure, and described safety measure is used to protect client apparatus not to be subjected to full spectrum of threats;
The schematic diagram that Fig. 1 D arranges for the operation of the client apparatus that used in not shielded network by the user;
Fig. 1 E is for showing the graphic of common risk sight, and wherein the user of client apparatus its data that are uncertain about are subjected to protecting fully;
Fig. 2 A is according to an aspect of the present utility model, this machine that moves on portable information apparatus security module graphic;
Fig. 2 B illustrates graphic according to the security module of an aspect of the utility model, and described security module comprises the application layer protection, wherein can adjust configuration according to the application program of portable information apparatus;
Fig. 2 C and 2D show a kind of configurability type of arranging according to the safety of the utility model embodiment, wherein can according to the configuration or the relevant various factors of running status of portable information apparatus, dynamically dispose thin client configuration and fat client configuration;
Fig. 2 E shows the communication channel according to the utility model one embodiment, and described communication channel helps moving thin client or mixed security arrangement, in mixed security is arranged, carries out most of security-related functions by the telesecurity server;
Fig. 3 A wherein can be according to the current location of portable information apparatus for showing the calcspar of arranging according to the safety of the utility model one embodiment, and configuration automatically is present in the configurable security module on the described portable information apparatus;
Fig. 3 B shows the example with the summary data storehouse, position of arranging safely shown in Fig. 3 A to use according to the utility model one embodiment, described database comprises the record in different location or geographical position, and described place or geographical position are to identify according to its comparatively safe or dangerous degree with safety or threat level;
Fig. 4 A for show according to a kind of safety of embodiment type arrange graphic, wherein can automatically dispose security module according to the current computing capability of the current safety summary of portable information apparatus, portable information apparatus or simultaneously according to the two;
Fig. 4 B shows according to an embodiment, the exemplary arrangement of the risk evaluation module that safety is arranged shown in Fig. 4 A;
Fig. 4 C shows according to an embodiment, the exemplary arrangement of the computing capability determination module that safety is arranged shown in Fig. 4 A;
Fig. 4 D and 4E are for showing according to different embodiment of the present utility model the form of the data acquisition system example that is comprised in the device information database as a computing capability determination module part;
Fig. 4 F is a form, its representative according to one group of an aspect of the utility model the example of definite portable information apparatus Configuration Type;
Fig. 5 is the flow chart according to the utility model one embodiment, and its demonstration is used for the decision process of the type of the definite security threat database update that will carry out; And
Fig. 6 is the flow chart according to the utility model one embodiment, and it shows the simplified example of how selecting different security configurations according to the remaining power life-span.
Although the utility model has various modifications and alternative form easily, be to show with way of example also to describe its detail hereinafter in detail in the accompanying drawings.However, it should be understood that not being is that the utility model is defined as described specific embodiment.On the contrary, the utility model intention contains and belongs to claims defined by enclosing the utility model spirit and all modifications form, equivalents and the alternative form in the scope.
Embodiment
Figure 1A shows exemplary portable information apparatus (portable information device; PID) 10 calcspar.Portable information apparatus 10 can be that smart phone, PDA, UMPC, MID or any other little lightweight are calculated and communicator.Portable information apparatus 10 comprises compact shell 12 and user interface, and wherein shell 12 is small enough to make this device to carry easily, and described user interface then comprises display 14 and user input apparatus, and for example keyboard 16.Portable information apparatus 10 can have touch-screen (touchscreen) display that display and user input apparatus are combined.
Figure 1B is the calcspar that further shows other function element of portable information apparatus 10.Portable information apparatus 10 further comprises the computer circuits (for example processor 20) that carry out interface with data storage, and wherein said data storage has RAM 22a and nonvolatile memory 22b.Processor 20 also carries out interface with the radio communication circuit 24 that is coupled to antenna 26, and radio communication circuit 24 can be the form of mobile phone radio (CDMA, GSM, Iridium etc.), Wi-Fi, bluetooth (Bluetooth) or any other this kind telecommunication circuit.Should be understood that processor 20 and user interface device carry out interface, and carry out interface with any other ancillary equipment of the part that can constitute portable information apparatus 10.Portable information apparatus 10 also comprises the power supply 28 of (the on-board energy source) 30 that have the veneer energy, is used to realize real portability and move operation, and wherein the veneer energy 30 is illustrated as the form of battery in Figure 1B.Power supply 28 provides suitable power supply from the energy 30 for all elements of portable information apparatus 10, and comprises and be used to provide external power source with operation portable information apparatus 10 and to the circuit of the energy 30 chargings.
Although current actual device is often mainly utilized some technology, for example based on the microcontroller of CMOS, DRAM, flash non-volatile memory, frequency communication devices, energy storage batteries or the like, yet should be understood that the utility model never only limits to any one group of specific technology.Some aspect of the present utility model relates to the challenge that the solution small sized personal calculates and communicator usually faced, regardless of its concrete framework or technology, in these small sized personals calculating and communicator, between performance and user experience and energy requirement, portability and size, can there be intrinsic trading off.
When as data communication equipment, mancarried device (for example portable information apparatus 10) links to mainframe network usually, and mainframe network provides connectivity by wide area networks such as for example internets again.Mainframe network can be by the operation of cellular telephone services provider, as in the situation of smart phone type 3G device.The common mainframe network of other type can comprise (the Internet Service Provider by the ISP; ISP) be connected to local area network (LAN) (the local area network of internet; LAN) the IEEE 802.11Wi-Fi focus (hotspot) on.Mancarried device also can be connected to form mesh network (mesh network) with other device.Type of arrangement regardless of mainframe network, wherein making portable information apparatus utilize any layout of any any service from another calculation element (for example internet connectivity) all is that client-server is arranged, wherein portable information apparatus is a client computer, provides the calculation element of service then to be server.
Fig. 1 C shows the system architecture that comprises safety measure, and described safety measure is used to protect client apparatus 150 not to be subjected to full spectrum of threats.Server 100 controls flow to the flow of network 140 from external network 110 (for example internet).In the various portable information apparatus of client apparatus 150 representatives any.The various application programs 160 of client apparatus 150 operations.The various application programs 130 of server 100 operations are to support or to help the operation of client applications 160.An example of application program 130 is web server application program.Except that being used to support or helping realizing that described server also has security application the server application of major function of client applications.Supervisor console 120 provides the keeper access, with Control Server application program 160 and change different application setting values.Supervisor console 120 has graphic user interface (the graphicaluser interface of himself; GUI), so that server administrators can adjust server application 160 in real time.By control desk 120 is provided, the keeper can be controlled at security application and other the various application programs of moving on the server simultaneously.
Fig. 1 D is the schematic diagram that the operation of the client apparatus 200 that used in not shielded network 210 by the user is arranged.The various client applications 240 of client apparatus 200 operations.When the user of client apparatus 200 attempts in coffee-house, hotel, airport or other public place access the Internet or attempts that load software upgrades in this kind place, can there be this kind arrangement.
The security application 230 of himself need be provided for client apparatus 200 traditionally.Utilize supervisor console 220, the user of client apparatus 200 can adjust the set point of security application 230 according to the needs that the user understood, to set protection class.For example, when the user was connected to the internet by public network, the user can think that the positive property that strengthens as the anti-virus scan program of security application 230 parts will compare appropriately.This kind arrangement is that operation thinks that client applications 240 provides the example of the fat client computer security application of protection on 230 machines of client apparatus.
The challenge that this kind arrangement is faced is that operation client applications 240 required insufficient system resources can limit fat client computer security application 230.Similarly, the consumption of the required computational resource of security of operation application program 230 can limit client applications 240.Even when computational resource is sufficient, because of focusing on security application 230 and client applications 240 the two battery consumption that cause also can significantly reduce the mobility and the availability of portable information apparatus between twice charging.For these and other reason, traditional fat client computer safety arrangement can not substitute the global safety arrangement fully, for example arranges above with reference to the described safety of Fig. 1 C.
Fig. 1 E is show the sight that is uncertain about the user of client apparatus wherein its data are subjected to protecting fully graphic.The user may be sure of that home network and job network can benefit from security server (for example fire compartment wall in the mainframe network); but in other place; user's device then can be subjected to the destruction of assault or unknown program; thereby may break through any unsubstantial fire compartment wall or other safety measure on the user's set, so the user can't be sure of similarly that its data are subjected to protecting fully.
Fig. 2 A is according to an aspect of the present utility model, this machine that moves on portable information apparatus security module 300 graphic.Term used herein " module " means real world device or element, and it is to use constructed in hardware, for example uses field programmable gate array (field-programmable gate array; FPGA) application specific integrated circuit (application specific integrated circuit; ASIC) make up and to form, perhaps be built as the combination of hardware and software, the instruction structure that for example uses microprocessor system and a group to be used to make up the security module function forms.Module also can be built as the two combination, and wherein some function is realized by hardware, and other function is then by the hardware realization that combines with software.In certain embodiments, at least a portion of module (can be whole module in some cases) can be used for the upward execution of portable information apparatus processor (for example processor 20 of portable information apparatus 10) of executive utility.Correspondingly, security module 300 can be embodied as various configurations, and should not be limited to the illustrated any specific embodiments of this paper.
Stop unwelcome content 302 to be included in before unwelcome content (for example virus, worm, and other Malware, ad ware, spyware, spam or the like) and undesirable data traffic (for example assault) can be placed on this machine, stop that any of these threatens or program.Usually, this function relate in fire compartment wall, stop or shift in data traffic perhaps.The unwelcome content 304 of detection/scouring will be applicable to and may penetrate described prevention function and reside at content on this machine with certain form now.The representative instance of this function will comprise: according to virus definition scan database virus, and to the isolation that removes or quarantine of those program command or related data.Offset to threaten 306 to be applicable to ongoing attacks or the threat that is perhaps detected in detected unwelcome, and comprise and take measures to stop any program of being accused of or process, stop network traffics and restore the system to last known safe condition.
In one embodiment, security module 300 helps realizing the configurability of its function.For example, a kind of configurability type is optionally to be switched on or switched off individual elements or function.Another configurability type is dynamically to adjust the operation of discrete function or element.For example, in one embodiment, can adjust the operation set point of fire compartment wall 308, will protect level set to become to have more or more not have positive property according to Systems Operator's needs.
In another example, anti-malware/ad ware element 312 is adjustable.Anti-malware/ad ware element 312 has known threat definition database, is used for scan data memory and whether has any known threat.In one embodiment, can limit or expand this threatening definition database according to system or user's needs with extra threat definition.
In related embodiment, can not adjust various other operation set points of security module 300 with automatically (promptly not needing user intervention).Each side of the present utility model is recognized, can adjust the difference operation set point of various different safety functions or element, but not only limit to example as herein described.
Fig. 2 B illustrates the security module that comprises the application layer protection according to the utility model one embodiment, wherein can adjust configuration according to the application program of portable information apparatus.Application layer filter 320 and fire compartment wall 322 are from the information of different osi model layers acquisition about the operation of this machine system.Engine 3 24 is in the auxiliary operation down of invasion descriptive data base 326, isolating known threat or attack, and analyzes the flow of being imported.In an embodiment of invasion descriptive data base 326, represent description to threatening with the XML form.Each threatens description 328 can comprise various data entries, for example type of application, its version, the registry key that is associated with this application program, pregnable port or the like.Threaten description for each, utilize described various data entries to set up special rule, to be used to monitor and filter the network traffics of being imported.Because at concrete threat, thereby these rules can be adjusted, with the attack of tackling some type or be used for special application.
Engine 3 24 and two information channels communicate coupling: application state information 328 and connection state information 330, these two information channels are coupled with application layer filter 320 and fire compartment wall 322 respectively again.When setting up network connection, or when application program 335 was brought into use particular port, engine 3 24 just judged whether to have any big possibility that has any known threat according to the content of database 326.Any threat that identifies in this way all will constitute the less relatively but subclass of height correlation more of available known threat.Therefore, can analyze and follow the tracks of this little subclass practically.
Be in operation, fire compartment wall 322 is only tackled the sub-fraction of total data flow, because connection state information 330 has mainly comprised communication protocol and relevant information, and Internet Control Message Protocol (Internet ControlMessage Protocol for example; ICMP) order.Most potential threat still needs more thorough analysis and about these threats and to the more details of the influence of its target computer system.Therefore, only be not enough to provide the protection class of stalwartness by the analysis information that ICP/IP protocol obtained.
On application layer, special filter 320 makes and threat analysis can be concentrated on the known one group of concrete leak of each application program 335.Flow between 320 interception TCP/IP services 332 of application layer filter and the communications protocol layers 334.The flow of being tackled is analyzed respectively at each application program by engine 3 24.In one embodiment, safety system is discerned used application program (for example MS Outlook Mobile).In related embodiment, the type of port that system's basis is just being used and the data communication protocol that is just using is determined the type (for example web browser, recreation etc.) of active application program.Thus, concrete active application program or used type of application are known in system.Utilize this kind information, system is chosen as current application program or the movable appropriate protection scheme that is customized.Thus, system only concentrates on secure resources the one group of relative less rule that is associated with the exposure of the concrete application program of current operation and threatens and describes 326.
Fig. 2 C and 2D show a kind of configurability type of arranging according to the safety of the utility model embodiment.Can according to the configuration or the relevant various factors of running status of portable information apparatus 10, dynamically configuration is shown in thin client configuration and the fat client configuration among Fig. 2 C and the 2D respectively, this will be described in more detail hereinafter.The dynamic-configuration that these embodiment provided makes it possible to the safe class that keeps enough, makes user's set have better calculated performance or better mobility simultaneously or has the two simultaneously.Therefore, no matter the user can be connected to network wherein, uses can keep per family be sure oing having suitable security configuration.If user's set is arranged in the specific local network of known safe, then selects wherein to rely on shown in Fig. 2 C that is present in the security application on the LAN server and dispose.In this kind situation, user's set will adopt the thin client security configuration, to alleviate the security-related calculated load that acts on fully on the server.In the configuration of this kind thin client, user's set has the computational resources that can be used for moving common applications (non-security application) more, thereby obtains better performance and energy economy.
On the contrary, be not connected to the internet by still knowing local area network (LAN), then select the configuration of Fig. 2 D with safe enough if determined user's set.Arrangement shown in Fig. 2 D has the security application that moves with fat client configuration on this machine of user's set.To reduce although user's set is used for the calculated performance of non-security application, yet the fat client computer safety arrangement shown in Fig. 2 D will provide enough fail safes under the situation that does not have protected network.
In related embodiment, the thin client that can be configured to mix/fat client computer safety arrangement wherein is offloaded to server with some safety function, carries out other safety function simultaneously on this machine of portable information apparatus of user.For example, in this kind mixed configuration, the fire compartment wall that portable information apparatus 10 operations one function lowers, the network traffics of this fire compartment wall control dateout also stop all unwarranted input flow rates, but do not bear the task of having or not potential harmful data payload (payload) in the authorized input flow rate of scanning.In this mixed configuration example, security server is born all the other firewall functionalitys that have or not potential threat in the scan-data communication and the needs that these threats are reacted are carried out intensive calculations.
Fig. 2 E shows the communication channel according to the utility model one embodiment, and described communication channel helps moving thin client or mixed security arrangement, in mixed security is arranged, carries out most of security-related functions by the telesecurity server.The user that this kind arrangement can be used for client apparatus 350 wherein is away from security server 352 location but wish to utilize in the situation of its resource.Similarly, this kind arrangement can be used for wherein the user's request or the requirement of client apparatus 350 to be used in the situation of remote security system, and in this kind situation, protected network 352 will be carried out the various safety functions that help client apparatus 350.Of the present utility model in this respect in, be connected with the safety of security server 352 and comprise VPN (virtual private network) (virtual private network; VPN) connection 354 and extra encryption connect 356, and wherein VPN connection 354 is embedded in this extra encryption connection 356.In one type embodiment, realize encrypting according to known client identifier (for example user's personal data or exclusive hardware parameter).The user can be pre-created the various parameters of encrypting according to this, promptly wishes to create before the connection safe in utilization the user.Safety between client apparatus 350 and security server 352 is connected set up after, the user of client apparatus 350 is resource or its outside connection 358 of access security server 352 safely.Outside connect 358 can be the internet connect or with certain being connected between other common unsafe network, the protection software of operation can make the described connection safety that becomes on security server 352.In related embodiment, encrypt to connect 356 monitoring VPN and connect 354 integrality, and when this monitoring results detects described connection for any former thereby unexpected termination, take measures to recover described connection.
The structure that relates on the other hand of the present utility model automatically disposes the decision criteria that safety is arranged about how when reaching for portable information apparatus.Can on this machine, set configuration for example by the layoutprocedure of operation on portable information apparatus 10.Perhaps, can for example remotely set configuration by the telesecurity server.Wherein set on this machine among the embodiment that disposes at one, the task of the security configuration module of moving on this machine of portable information apparatus 10 is to determine when to dispose or reconfigure security module and set up which kind of operation set point.The security configuration module can receive, monitor or otherwise obtain about following information: the running status of system configuration, portable information apparatus 10, the relevant historical of portable information apparatus 10, global safety situation information, user preference or their combination.This information will be used for disposing automatically security module then again.System configuration data can comprise the tabulation of type of device, processor speed, memory size, processor bus speed, battery capacity, institute's set up applications and the tabulation of the frequent application program of using.
Remotely carry out therein among the embodiment of security module configuration, portable information apparatus 10 foundation are connected with the telesecurity server, and system configuration, running status, relevant historical, global safety situation information, user preference data etc. are transferred to server.Server receives also analyzes the data of being transmitted, and beams back the order of the configuration settings value that is used to adjust security module to portable information apparatus 10.
Running state data can comprise following: for example tabulation of the application program of the provider location of portable information apparatus 10, network traffics speed, network traffics total amount, remaining battery capacity, institute's memory allocated amount, current operation or processor free time.The relevant historical of portable information apparatus 10 comprises following: for example detect the nearest history of attacking, from the Internet packets survey meter (Ping) that is higher than normal frequency in the unknown source or connect attempt or the like.These can be relevant with positional information.Global safety situation information can comprise the current overall status of for example existing threat.For example, pattern of the server failure popular, that caused by Denial of Service attack (denial-of-service attack) of specific worm or the like will be tending towards improving overall threat level.For example, the information of this type is continued to monitor by security firm, and can offer portable information apparatus 10 in the security update process.User preference can comprise following: for example customer-furnished risk tolerance input or performance requirement.
Fig. 3 A wherein can be according to the current location of portable information apparatus 10 for showing the calcspar of arranging according to the safety of the utility model one embodiment, and configuration automatically is present in the configurable security module 400 on the portable information apparatus 10.Security module 400 comprises fat client computer security 402 and thin client security 404.Fat client computer security 402 is that with the similarity of security module 300 mentioned above it can comprise various safety functions and element, and wherein each safety function and element all can dispose separately or adjust.Thin client security 404 includes the measure that is connected 406 that realizes with the telesecurity server that is beneficial to, this comprises the module of the network address that disposes different security servers, and described module construction is used for being connected to or utilizing any one logic of telesecurity server.One type embodiment utilizes the tunnel of encryption to connect, for example above with reference to the described connection of Fig. 2 E.Thin client security 404 also comprises task coordinate measure 408, and it helps realizing the information exchange between fat client computer security 402 and the telesecurity server.The role of task coordinate part 408 also is included in employing mixed security arrangement and guarantees correct overall operation when moving so that some part of fat client computer security 402 is arranged in pairs or groups by thin client security 404 and telesecurity server.
The arrangement of the safety of Fig. 3 A further comprises security configuration module 410, and security configuration module 410 is carried out interface with security module 400 and set up or adjust the configuration of security module and move set point according to various inputs and according to decision criteria 412.One type input is the current location of portable information apparatus 10, and it is provided by position determination module 414.Position determination module 414 is determined in real time or is estimated simply where portable information apparatus 10 is positioned at or which localized network portable information apparatus 10 may use be connected to the internet.In this kind embodiment, position determination module 414 comprises global positioning system (global positioning system; GPS) receiver is to determine provider location.In related embodiment, position determination module 414 utilizes the network topology analyzer to analyze packet, to infer portable information apparatus 10 can the rely position or the network identity of the localized network that communicates.The character of these two kinds of positional informations that method provided is different, so the use that can mutually combine of these two kinds of methods, to produce the better estimation to used position or network.In another related embodiment, position determination module 414 comprises user interface elements, imports its position with the user who allows device.The user interface input can be determined to be used in combination with GPS location or network topology, to finely tune described position or network identity.For example, can provide two or three possible options to the user, to select used network according to this, these options are automatically to produce according to the information of inferring by other location determining method.
Can in the spirit of the utility model each side and scope, determine the position of client apparatus by different way.All multiple technology that other is used for the geographical position of definite interconnection device are widely known by the people, and can utilize any suitable technology.
The example in Fig. 3 B display position summary data storehouse 416, described database comprises the record in different location or geographical position, and described place or geographical position are to identify according to its comparatively safe or dangerous degree with safety or threat level.For example, under the situation that the user is concerned about, known (for example in the arrangement at Figure 1A) can be represented as and have " safety " state in some place that has the good network fail safe on the server.In one embodiment, database comprises the record of point from all parts of the world.User's copy of this database can be maintained on the portable information apparatus 410, is wherein upgraded automatically whenever client apparatus communicates Shi Junke with the security system server of safeguarding master's (up-to-date) version of this database.Perhaps, security configuration module 410 addressable telesecurity servers are with inquiry summary data storehouse, position 416.Can classify shown in the embodiment of Fig. 3 B in the place that is stored in the database: it is safe being identified; It is safe being specified by the user; May be safe; And may be unsafe.In another embodiment, can utilize the combination of the different technologies of the position that is used for definite portable information apparatus 10 to confirm " safety " state and break through position deception attempts such as (spoofing).Can utilize various other safe class classification or marks.
In related embodiment, system's support defines the dependable condition of safe condition.Therefore, the user can carry out security evaluation from row according to its observation and according to the information that is comprised in the database.In another related embodiment, client apparatus refreshes its location database in order to after operation is connected according to the nearest security server of the security application of the utility model embodiment.
Fig. 4 A for show according to a kind of safety of embodiment type arrange graphic, wherein can automatically dispose security module according to the current computing capability of the current safety summary of portable information apparatus 10, portable information apparatus 10 or simultaneously according to the two.Described arrangement comprises the described configurable security module 400 above with reference to Fig. 3 A, configurable security module 400 can be configured to thin client mode, fat client mode or mixed mode, and optionally enables or forbid various safety functions or element or dynamically adjust various operation set points.The configuration of security module 400 or adjustment are to be carried out by security configuration module 450, security configuration module 450 can be present on 10 machines of portable information apparatus with security module 400, perhaps can be away from portable information apparatus 10 and by the access to netwoks security module.
In one embodiment; the operation set point of the configuration settings module 465 configuration security modules 400 of configuration determination module 460 and security configuration module 450, purpose be alleviate calculated load that the operation because of configurable security module 400 causes on computer circuits, simultaneously keep safe class with at by the security configuration module according to protecting from the determined security risk of the input of risk evaluation module 470.
In this kind method, configuration determination module 460 is maintained in the system of available security-related function in the security module 400.This security-related ergasia is according to being sorted by risk evaluation module 470 determined one group of current safety risk.Therefore, in this embodiment, this system arrangement is dynamic; Although in more basic embodiment, also can utilize the system arrangement of the static state of security-related function.This system is according to protecting required importance to sort at one group of current safety risk.For example, in the runs web browser program but do not move in the portable information apparatus 10 of Email client, for keeping preventing to be subjected to possible security threat, for example message screening function is even more important for fire compartment wall and anti-malware/ad ware function ratio.
In related embodiment, the importance of function is by thinner granularity division grade, wherein can change the operation set point of other security-related function of each grade.For example, can adjust, protecting, rather than provide the protection of wider scope at all known threats at the specific threat that is associated with the current application program of just in portable information apparatus 10, carrying out to anti-malware/ad ware function.
In one embodiment, configuration determination module 460 is according to the system order of deriving or select security-related function from one group of current safety risk of risk evaluation module 470, and, from this system, further select the subclass of major function according to by computing capability module 480 determined current computing capabilitys.Thus, available computing capability is big more, generally can provide many more safety functions; Yet under the condition that computing capability reduces, safety is restricted to only some key character.Correspondingly; according to environment and dynamic constraints fail safe intelligently; make configuration settings module 465 set the operation set point for security module 400; thereby when the subclass of main security-related function is provided; reduce the calculated load that the operation because of security module 400 causes on computer circuits; thereby help in the safeguard protection that provides for portable information apparatus 10 corresponding to one group of current safety risk, realize the availability of portable information apparatus 10.
In related example, when computing capability reduces gradually-when the battery of portable information apparatus 10 exhausts because of use this kind situation, configuration settings module 465 is by the order from less important function to main function, little by little forbid security-related function, with the computing capability of the non-safety function that is kept for portable information apparatus 10.
In different embodiment, risk evaluation module 470 obtains in order to determine the information of current risk summary.Fig. 4 B shows an example, and interface is carried out in the risk relevant information source that wherein risk evaluation module 470 is different with several.In the example shown, risk evaluation module 470 communicates with position determination module 414 and location database 416 (the two all above is being illustrated), to obtain information and the definite corresponding safe class that is associated with current location about current location.In this example, risk evaluation module 470 is also carried out interface with security server link block 500, so that risk evaluation module 470 obtains security-related information by network.The example of this kind information comprises about the information of general threat level and when being used in combination with position determination module 414, about the information of the peculiar threat level of current location.
One group of current safety risk that risk evaluation module 470 assessments and the portable information apparatus 10 of reappraising are born.In a kind of arrangement, risk evaluation module 470 is periodically carried out and is reappraised, and for example carries out at interval with certain preset time and reappraises.In another kind was arranged, then in response to the appearance of some incident relevant with risk assessment, for example when opening new Application Instance, execution was reappraised.In related embodiment, both periodically carried out, also carry out and reappraise in response to incident.In the embodiment of this type, reappraise periodically that some can not be tending towards the risk sign of frequent variations, for example current threat level sign; And other security risk sign, for example the network traffics total amount then is tending towards because of operational mode or the rapid variation of the variation of the application program of operation on portable information apparatus 10.
In one embodiment, application program analysis module 510 is checked the registration of the operating system of portable information apparatus 10, to determine which application program is installed on this device.According to this kind information, risk evaluation module 470 combines with application program analysis module 510 and just can determine the concrete leak of portable information apparatus 10.For example application program such as web browser will have the leak summary that is different from email application for example or electrical form.In related embodiment, application program analysis module 510 is checked current used application program, and this subclass is less than institute's application program of installation to some extent.Therefore, in one embodiment, decide according to currently used application program, risk summary sign can change in time.
Refer again to Fig. 4 A, computing capability determination module 480 provides the information about the systematic function of portable information apparatus 10, uses for security configuration module 450.This kind information makes security configuration module 450 can select to be suitable for the configuration of configurable security module 400, thereby can exceedingly not increase the weight of the burden of systematic function because of the operation of safety system.In one type embodiment, security configuration module 450 considers the computing capability information that computing capability determination module 480 is provided with the risk summary info, to realize appropriate balance between the performance requirement of portable information apparatus 10 and demand for security.
The current state of the computing capability availability of 480 assessments of computing capability determination module and the portable information apparatus 10 of reappraising.In a kind of arrangement, computing capability determination module 480 is periodically carried out and is reappraised, and for example carries out at interval with certain preset time and reappraises.In another kind was arranged, then in response to the appearance of some incident relevant with computing capability, for example when opening new Application Instance, execution was reappraised.In related embodiment, both periodically carried out, also carry out and reappraise in response to incident.In the embodiment of this type, periodically reappraising, some can not be tending towards the computing capability sign of abrupt change, for example battery capacity; And other computing capability sign, for example available memory then is tending towards because of operational mode and the rapid variation of the variation of the application program of operation on portable information apparatus 10.
Fig. 4 C is presented in the exemplary embodiment, several examples of the input type that computing capability determination module 480 is received.Input 540 is type of device designators, and it is a portable information apparatus 10.Computing capability determination module 480 is accessible devices information database 545 also, and device information database 545 can reside on 10 machines of portable information apparatus or away from portable information apparatus 10, and comprises the performance metric of the classification of various type of device.Because type of device can be static data entries, thereby can in the process that will be installed on safely on the portable information apparatus 10, determine this information in many situations.Fig. 4 D is the form of one group of data of the exemplary that comprised in the display device information database 545.Size of display, processor type, data storage type and size, battery capacity and measure of communication help estimating the performance characteristics of each device, comprise the consumption speed of battery.Another example of data in the device information database is the information that the Systeminfo utility program that is used for Windows XP by Microsoft company is produced.
Fig. 4 E is another embodiment of one group of data being comprised in the device information database 545, wherein gives a predetermined performance score or a rank for the device of each type.According to this performance class, can determine specific Configuration Type, as shown in Fig. 4 F.According to different embodiment, the Configuration Type shown in Fig. 4 F can be set up in the installation process that safety is arranged, set up or dynamically set up in the renewal process in this installation.But the embodiment of dynamic-configuration can be suitable for wherein can having the situation of upgradability or extendibility, and for example in the device with expansion storage card slot (for example MicroSD), perhaps being used for can be by the user installation device of high-capacity battery more.
Refer again to Fig. 4 C, processor monitor 550 provides the indication about the load on the processor of portable information apparatus 10, and provides corresponding input to security configuration module 450.In one embodiment, processor monitor 550 measurement processor are in the time ratio of idle condition.For example, some processor utilizes the pattern that reduces clock speed in its idle condition, for example is derived from Intel Company
Feature or be derived from Cool ' the n Quiet of AMD
TMFeature.In embodiment of the present utility model, can monitor the operation of these patterns and utilize its measuring as processor load.Processor load is a kind of indication type of the working strength that just standing of portable information apparatus 10.This information helps to determine portable information apparatus 10 also handles the ability of the operation of security module 400 except that handling other application program that can cause processor load.In a similar fashion, memory monitor 560 monitoring memory distribution also provide corresponding input to security configuration module 450, and wherein memory distribution is that another of system loading and the capacity that is used for security of operation module 400 measured.In the higher relatively situation of the load of the storage resources of processor and portable information apparatus 10, configuration module can temporarily dispose the function (if under the situation of considering current risk summary and user's defined tolerance, do not do so and can conflict with demand for security) that reduces to security module 400.
Network traffics total amount monitor 570 provides input to security configuration module 450, with the current state of the network traffics of indication turnover portable information apparatus 10.The network traffics of importing and exporting can provide the information about the character of the current application of portable information apparatus 10.As directly measuring the available communication bandwidth that the configuration of some type of network traffics total amount indication security module 400 may need.As indirect measurement, the main direction of network traffics total amount and data flow and input data total amount can be indicated user's working strength and corresponding device performance requirements with the ratio of dateout total amount.In one embodiment, as judgement is that security module 400 is configured to a thin client mode or a part of moving with fat client mode, security configuration module 450 is considered the input from network traffics total amount monitor 570, and wherein the required communication bandwidth of thin client mode is greater than fat client mode.
Refer again to Fig. 4 A, security configuration module 450 can further receive input from user's input module 490, so that the user of portable information apparatus 10 can provide its preference for considering when disposing security module 400.In one embodiment, provide by user interface can be by the sliding shoe (slider) of user operation or other control device intuitively, so that the user can be used to select to bias toward fail safe or bias toward performance for user's input module 490.For example, need be the user at browse network or when needing that operation has the application program of numerous pictures reposefully, the user can be set at the control sliding shoe and bias toward performance very peremptorily of the set moment.In related embodiment, user's input module 490 provides the user to control, and is beneficial to remove can be closed also optionally to close other background program after the safety element that improves performance.Want to visit in another situation of personal information or Financial Information the user, the user can set the control sliding shoe for indication and bias toward fail safe.
Each side imagination of the present utility model, the security configuration module can be programmed any suitable decision logic, to determine the configuration settings value of security module 400 according to its received various inputs.And, can select or by formula derive decision logic according to type of device.For example, with have more the powerful processor and more the notebook type device of large memories compare, the decision-making summary that intelligent telephone equipment had with less computational resource and less communication bandwidth can support to bias toward the more positive responding ability that keeps performance.
Also dissimilar devices can be configured in a different manner similar situation is reacted.For example, the input of security configuration module 450 therein shows in the situation that will reduce the calculated load that causes because of security module 400 that device A can preferentially fade to the thin client configuration from fat client configuration, with as the initial response to this situation; And device B can preferentially reduce the function of security module 400 when security module 400 remains in fat client mode.
In one type embodiment, security configuration module 450 is programmed, come calculated performance-risk vector to import set point according to the multivariable input of representing security risk summary and computing capability and user, thereby in the security risk protection that suitable grade is provided, balance keeps the needs of the performance of portable information apparatus 10.Each variable in the described multivariable input can be endowed different weights, so that corresponding input has bigger importance in formula.In an exemplary embodiment, some variable is weighted by following order (from the weight limit to the minimal weight):
Running down of battery;
User preference;
The position;
Existing application;
Network traffics; And
Current overall safety threatens.
How to be used to about security configuration module 450 in another example of risk evaluation module 470 and the input of computing capability determination module 480, Fig. 5 shows the decision process that is used for determining the type of the security threat database update that will carry out according to the utility model one embodiment.In 600, application program analysis module 510 detects the institute's set up applications that is present on the portable information apparatus 10.In 610, according to this tabulation, application program analysis module 510 is more selected the new option from three: option 620 will only be described with the more new threat of institute's set up applications and dispose the threat data storehouse.Option 630 becomes to comprise that with database configuration the threat that is associated with the institute set up applications adds the description of other threat that is associated with the application program with similar characteristics.For example, be in the situation of institute's set up applications at MozillaFirefox, option 630 will come more new threat to describe with the threat that is associated with the general networking browser program.Option 640 will obtain to have the complete configuration of all known threats definition, as arranging in the conventional security that does not comprise the measure that is used for reducing its general function.In one embodiment, according to by computing capability determination module 480 determined computing capabilitys, according to processor and memory capabilities and optionally according to current load condition, from these three options, select.In related embodiment, current battery life can be the factor that the renewal of which kind of type is carried out in decision.
Fig. 6 is a flow chart, and it shows the simplified example of how selecting different security configurations according to the remaining power life-span.Drop to when low process shown in following in regular turn from height along with the use of portable information apparatus 10 when the remaining power life-span.Generally speaking, at first forbid unessential safety function, and forbid main safety function at last.In the example of Fig. 6, in 700, at first forbid the supervisor console of the safety system of operation on portable information apparatus 10.Because of supervisor console is a user interface, himself does not carry out safety function, so it is to system resource formation load, and this kind load is pure expense.
In 710, described system judges whether to exist with any of telesecurity server and shows with communicating by letter.If existence, then shows security module now with communication and moves with the configuration that depends on security server to a certain extent.In this kind situation, then skip in 720 forbidding to the coded communication channel that helps being connected to server.On the contrary, if security module is not communicating with security server, then can in 720, forbid encrypting module.In 730, the systems inspection position determines whether function can be moved.If can move (promptly not disabled), then make the related management function of location database keep and to move, to support location-based configurability function.If the position determines function and is not used, then disabled position database and any other correlation function in 740.
In 750, when battery further exhausted, fire compartment wall and anti-virus function were reduced to minimum gradually.Described with reference to Fig. 5 hereinbefore and reduced to a minimum example gradually, wherein reduced to threaten descriptive data base, reduced so that expend in the system resource that solves on the lower security risk of possibility.By only focusing on those risks the most relevant or only focusing on those application-specific that are installed on the portable information apparatus 10, can more effectively utilize the system resource that expends in fail safe with the current application program type.
When battery continued further to exhaust, disabled position was determined and response function and communication function in 760, only was used for most important fire compartment wall and anti-malware function to keep system resource.Some the time, need to judge be with each safety function all forbidding with the application program that keeps system resource only to be used for moving, still can not accept to make application program to have no operation on portable information apparatus 10 safely.Correspondingly, in one embodiment, when battery reaches critical low electric weight (such as 10%), device will remind subscriber authorisation to carry out unsafe operation.In related embodiment, in the different safety system forbidding stages, provide user notification, thereby make the user can adjust the behavior of the resource management of portable information apparatus 10.
There is the in fact proper method of unlimited amount in various aspects imagination of the present utility model, and these methods can be built into according to different inputs in the decision criteria of configuration determination module 460 and dispose security module 400.And, can realize many modification of the Configuration Type of security module 400.Therefore, should outside the restriction that above reaches described in claims, the utility model be limited to any concrete example expressivity example as herein described.
More than each embodiment be intended to as exemplary and non-limiting explanation.Other embodiment also is in the scope of claims.In addition, although set forth various aspects of the present utility model with reference to specific embodiment, those skilled in the art will realize that the variation that under the condition that does not deviate from the utility model spirit that defines by claims and scope, to make on form and the details.
One of ordinary skill in the art will recognize that the feature that the utility model comprised can be less than the feature shown in above-mentioned arbitrary indivedual embodiment.Embodiment described herein does not really want the limit displaying of conduct to the combining form of the utility model different characteristic.Therefore, embodiment of the present utility model is not the alternative combination of each feature; But, to understand as one of ordinary skill in the art, the utility model can comprise the combination of the different individual characteristics that are selected from different indivedual embodiment.
Above all be not incorporated herein all being restricted to incorporating into of any document with the contrary subject matter of this paper clear and definite disclosed content of institute with way of reference.Above with way of reference incorporating into of any document further being restricted to is not incorporated herein the claim that is comprised in these documents.Above incorporating into of any document also is restricted to any definition that is provided in these documents is not incorporated herein with way of reference, unless clearly comprise this definition in this article with way of reference.
Claims (4)
1. but the massaging device with safeguard construction of dynamic-configuration is characterized in that, described device comprises:
Computer circuits comprise the processor that operationally is coupled to data storage;
User interface comprises display and user input apparatus;
Telecommunication circuit; And
Power supply is used for described computer circuits, user interface, reaches the telecommunication circuit power supply;
Wherein said computer circuits comprise safeguard construction, described safeguard construction comprises configurable security module, risk evaluation module, computing capability determination module and security configuration module, and described security configuration module further comprises configuration determination module and configuration settings module.
2. massaging device as claimed in claim 1 is characterized in that, described position determination module comprises at least one in following:
GPS receiver; And
The network topology analyzer.
3. but the portable information apparatus with safeguard construction of dynamic-configuration is characterized in that, described device comprises:
Computer circuits comprise the processor that operationally is coupled to data storage;
User interface comprises display and user input apparatus;
Radio communication circuit; And
Power supply is used for described computer circuits, user interface, reaches the radio communication circuit power supply; Described power supply comprises the veneer energy;
Wherein said computer circuits comprise safeguard construction, and described safeguard construction comprises configurable security module, position determination module and security configuration module.
4. portable information apparatus as claimed in claim 3 is characterized in that, described position determination module comprises at least one in following:
GPS receiver; And network topology analyzer.
Applications Claiming Priority (6)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11923708P | 2008-12-02 | 2008-12-02 | |
| US61/119,237 | 2008-12-02 | ||
| US14209208P | 2008-12-31 | 2008-12-31 | |
| US14208808P | 2008-12-31 | 2008-12-31 | |
| US61/142,088 | 2008-12-31 | ||
| US61/142,092 | 2008-12-31 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201821502U true CN201821502U (en) | 2011-05-04 |
Family
ID=42479963
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009201498038U Expired - Lifetime CN201821502U (en) | 2008-12-02 | 2009-04-14 | Information device with security structure capable of being configured dynamically |
| CN200910135011.XA Active CN101753554B (en) | 2008-12-02 | 2009-04-14 | Information device with security protection capable of dynamically configuring and method for automatically configuring information device |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910135011.XA Active CN101753554B (en) | 2008-12-02 | 2009-04-14 | Information device with security protection capable of dynamically configuring and method for automatically configuring information device |
Country Status (2)
| Country | Link |
|---|---|
| CN (2) | CN201821502U (en) |
| HK (1) | HK1143474A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105590056B (en) | 2014-10-22 | 2019-01-18 | 中国银联股份有限公司 | Dynamic application function control method based on environment measuring |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7835721B2 (en) * | 2002-03-27 | 2010-11-16 | Nokia Corporation | Multiple security level mobile telecommunications device system and method |
| US7526800B2 (en) * | 2003-02-28 | 2009-04-28 | Novell, Inc. | Administration of protection of data accessible by a mobile device |
| US7908660B2 (en) * | 2007-02-06 | 2011-03-15 | Microsoft Corporation | Dynamic risk management |
| CN101018119A (en) * | 2007-02-09 | 2007-08-15 | 浪潮电子信息产业股份有限公司 | Hardware-based server network security centralized management system without relevance to the operation system |
-
2009
- 2009-04-14 CN CN2009201498038U patent/CN201821502U/en not_active Expired - Lifetime
- 2009-04-14 CN CN200910135011.XA patent/CN101753554B/en active Active
-
2010
- 2010-10-20 HK HK10109947A patent/HK1143474A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| HK1143474A1 (en) | 2010-12-31 |
| CN101753554A (en) | 2010-06-23 |
| CN101753554B (en) | 2014-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9552478B2 (en) | Team security for portable information devices | |
| US7607174B1 (en) | Adaptive security for portable information devices | |
| US7584508B1 (en) | Adaptive security for information devices | |
| Hongsong et al. | Security and trust research in M2M system | |
| EP2068525B1 (en) | Method and system for providing wireless vulnerability management for local area computer networks | |
| US7788720B2 (en) | Techniques for providing security protection in wireless networks by switching modes | |
| CN101933057A (en) | Mobile system and method for remote control and viewing | |
| US20160315774A1 (en) | Smart grid secure communications method and apparatus | |
| Branch et al. | Autonomic 802.11 wireless LAN security auditing | |
| Du et al. | A study of information security for M2M of IOT | |
| Alzubaidi et al. | Hybrid monitoring technique for detecting abnormal behaviour in rpl-based network. | |
| RU101231U1 (en) | MOBILE COMPUTER DEVICE SECURITY MANAGEMENT SYSTEM | |
| Nakkeeran et al. | Agent based efficient anomaly intrusion detection system in adhoc networks | |
| Alhammadi et al. | A review of IoT applications, attacks and its recent defense methods | |
| EP2207322B1 (en) | Adaptive security for information devices | |
| Esfandi | Efficient anomaly intrusion detection system in adhoc networks by mobile agents | |
| Uplap et al. | Review of heterogeneous/homogeneous wireless sensor networks and intrusion detection system techniques | |
| CN201821502U (en) | Information device with security structure capable of being configured dynamically | |
| Grottke et al. | WAP: Models and metrics for the assessment of critical-infrastructure-targeted malware campaigns | |
| EP2207323B1 (en) | Adaptive security for portable information devices | |
| Gheorghe et al. | Adaptive security framework for wireless sensor networks | |
| Das et al. | Smart City Vulnerabilities: An Overview | |
| An et al. | Context-aware dynamic security configuration for mobile communication device | |
| Chen et al. | Addressing data and user mobility challenges in the cloud | |
| KR101500448B1 (en) | Nonnormal access detection method using normal behavior profile |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20110504 |