KR102563756B1 - Method and apparatus for mobile device management - Google Patents

Abstract

A method and apparatus for managing a mobile device are disclosed. A method of operating an IM (instant messaging) app installed on a device according to an embodiment includes obtaining an MDM policy corresponding to a group identifier input from an IM server providing an IM app, based on the MDM policy, the MDM installed on the device. Acquiring an identification key corresponding to the device from the app, and transmitting an execution state of the IM app to an MDM server providing the MDM app based on the identification key.

Description

Mobile device management method and apparatus {METHOD AND APPARATUS FOR MOBILE DEVICE MANAGEMENT}

The following embodiments relate to a mobile device management method and apparatus, and specifically, to a mobile device management method performed in an IM (instant messaging) server and an IM application.

MDM (Mobile Device Management) solution refers to a series of processes that protect, manage, monitor, and support mobile devices such as smartphones, tablets, and portable computers. The MDM solution may be used to control devices according to a preset security policy, and may be used to control devices of employees of a corresponding company according to a company's BYOD (Bring Your Own Device) policy, for example. The MDM solution enables users to use devices owned by individuals for business purposes while maintaining the level of corporate security. The utilization of MDM solutions is increasing in various fields, and various technologies are being developed to improve the efficiency and convenience of MDM solutions. this is being requested

The embodiment may provide a technique for monitoring the running state of another app while the MDM app maintains the background running state regardless of the operating system of the mobile device.

The embodiment can provide a technology for controlling an app or a device on which the app is installed using an MDM solution without the need of a separate build for application of MDM to the app or a SDK related to MDM.

However, the technical challenges are not limited to the above-described technical challenges, and other technical challenges may exist.

An operation method of an IM (instant messaging) app installed on a device according to one side includes acquiring an MDM policy corresponding to a group identifier input from an IM server providing the IM app; Obtaining an identification key corresponding to the device from an MDM app installed in the device based on the MDM policy; and transmitting an execution state of the IM App to an MDM server providing the MDM App, based on the identification key.

The execution state of the IM App may be transmitted from the MDM server to the MDM App.

The IM App may be controlled by the MDM App based on an execution state of the IM App transmitted to the MDM server and a security policy registered in the MDM server.

Transmitting the running state of the IM App may include transmitting the identification key and the running state to the MDM server based on the IP address of the MDM server included in the MDM policy.

The transmitting of the running state of the IM App includes transmitting the identification key and the running state to the MDM server via the IM server based on the IP address of the MDM server stored in the instant messaging server. can do.

The obtaining of the identification key may include displaying an interface for log-in in response to obtaining the identification key; and storing the identification key in response to the user's login based on the login interface.

The stored identification key may be deleted in response to logout of the user.

The group identifier may include an identifier indicating a group to which an account of a user using the IM app belongs.

The user's account may include an account registered in the IM server.

Transmitting the running state of the IM App may include transmitting the foreground running state of the IM App to the MDM server when the IM App is running in the foreground.

The MDM app may run in the background.

An operating method of an IM server providing an IM service through an instant messaging (IM) app according to one side includes storing an MDM policy in response to a registered group identifier; providing the MDM policy to the device in response to an input regarding the group identifier received from a device driving the IM app; Receiving, from the device, an identification key corresponding to the device generated in an MDM server related to the MDM policy; storing the received identification key in correspondence with the device; and transmitting an execution state of the IM App received from the device to the MDM server based on the identification key stored in correspondence with the device.

The execution state of the IM App may be transmitted from the MDM server to the MDM App installed in the device, including the MDM App provided by the MDM server.

The IM App may be controlled by the MDM App based on an execution state of the IM App transmitted to the MDM server and a security policy registered in the MDM server.

The step of storing the received identification key corresponding to the device may include providing an interface for logging in to the device in response to reception of the identification key; and storing the identification key corresponding to the device in response to the user's log-in based on the log-in interface.

The storing of the received identification key corresponding to the device may further include deleting the stored identification key in response to logout of the user.

An IM server providing an IM service through an IM (instant messaging) app according to one side includes a memory for storing an MDM policy corresponding to a registered group identifier; and providing the MDM policy to the device in response to an input related to the group identifier received from a device running the IM app, and corresponding to the device generated in the MDM server related to the MDM policy from the device. and at least one processor that receives an identification key and transmits an execution state of the IM App received from the device to the MDM server based on the received identification key.

The execution state of the IM App may be transmitted from the MDM server to the MDM App installed in the device, including the MDM App provided by the MDM server.

The IM App may be controlled by the MDM App based on an execution state of the IM App transmitted to the MDM server and a security policy registered in the MDM server.

The memory may store the received identification key corresponding to the device.

The processor may provide an interface for logging in to the device in response to reception of the identification key, and may store the identification key corresponding to the device in response to a user's login based on the interface for logging in. .

The processor may delete the identification key stored in the memory corresponding to the device in response to logout of the user.

Through the embodiment, regardless of the operating system of the device, it is possible to transmit the execution state of other apps to the MDM app while maintaining the background execution state of the MDM app, and to apply a security policy without installing a separate build or SDK for applying MDM to the app. According to this, it is possible to provide an MDM solution that controls the app or the device on which the app runs.

1 is a diagram showing the configuration of a mobile device management system according to an embodiment.
2 is a diagram for explaining a mobile device management method performed in a system according to an exemplary embodiment.
3 is a diagram for explaining an example in which an MDM app controls an IM app in a system according to an embodiment.
4 is a diagram for explaining an operation of a user logging in to an IM app according to an embodiment.
5 is an operation flow diagram of an IM App according to an embodiment.
6 is a flowchart illustrating an operation of an IM server according to an exemplary embodiment.
7 is an exemplary diagram of a hardware configuration of a system for managing mobile devices according to an embodiment.

Specific structural or functional descriptions of the embodiments are disclosed for illustrative purposes only, and may be changed and implemented in various forms. Therefore, the form actually implemented is not limited only to the specific embodiments disclosed, and the scope of the present specification includes changes, equivalents, or substitutes included in the technical idea described in the embodiments.

Although terms such as first or second may be used to describe various components, such terms should only be construed for the purpose of distinguishing one component from another. For example, a first element may be termed a second element, and similarly, a second element may be termed a first element.

It should be understood that when an element is referred to as being “connected” to another element, it may be directly connected or connected to the other element, but other elements may exist in the middle.

Singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, terms such as "comprise" or "have" are intended to designate that the described feature, number, step, operation, component, part, or combination thereof exists, but one or more other features or numbers, It should be understood that the presence or addition of steps, operations, components, parts, or combinations thereof is not precluded.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the related art, and unless explicitly defined in this specification, it should not be interpreted in an ideal or excessively formal meaning. don't

Hereinafter, embodiments will be described in detail with reference to the accompanying drawings. In the description with reference to the accompanying drawings, the same reference numerals are given to the same components regardless of reference numerals, and overlapping descriptions thereof will be omitted.

Hereinafter, for convenience of description, an application will be abbreviated as an app.

1 is a diagram showing the configuration of a mobile device management system according to an embodiment.

Referring to Figure 1, a system 100 according to an embodiment is a system for mobile device management (MDM), instant messaging (instant messaging) server (hereinafter referred to as IM server) 110, MDM server (120) and device (130). The IM server 110, the MDM server 120, and the device 130 may be connected to each other through a communication network. The specific hardware configuration of the IM server 110, the MDM server 120, and the device 130 according to an embodiment will be described in detail with reference to FIG. 7 below.

The device 130 according to an embodiment is an electronic device in which an instant messaging application (hereinafter referred to as IM app) 131 provided by the IM server 110 and an MDM app 132 provided by the MDM server 120 are driven. can include For example, the device may include a mobile device such as a smart phone, a mobile phone, a computer, a laptop computer, a digital broadcasting terminal, a personal digital assistant (PDA), a portable multimedia player (PMP), and a tablet. Device 130 may communicate with IM server 110 via IM app 131 and with MDM server 120 via MDM app 132 .

The IM server 110 according to an embodiment may correspond to a server providing an instant messaging service. An instant messaging service is a messenger service in which a user transmits and receives text, picture, voice, etc. through a network in real time. The instant messaging service may be installed in the user's device in the form of an IM app to provide the instant messaging service to the user. The instant messaging service may create an account for each user according to a subscription procedure, and may manage chat rooms and messages corresponding to the user's account. The user may use the service by logging in to the service through an account created by subscribing to the instant messaging service. For example, a user logs in with an account of a user subscribed to an instant messaging service in an IM app installed on a device, and sends text messages, photos, and messages through the account(s) of other user(s) subscribed to the instant message service and a chat room. You can send and receive content such as files. Accounts of users subscribed to the instant messaging service may be registered in the IM server.

According to an embodiment, the instant messaging service may create a group including at least one chat room and/or at least one user account, and provide a function of sharing content among users included in the group. . For example, a group may be created corresponding to a specific company, in which case the group may include accounts of members of the company, and the members of the company may include a chat room including accounts of other members of the company included in the group. to create and share information. A group can be opened by any user's account, and at least one administrator can be designated. A manager of a group may manage members included in the group, manage a chat room created in the group, or manage content shared through a chat room created in the group.

According to one embodiment, an administrator of a group may set a security policy for controlling the IM app 131 logged in with the accounts of members included in the group and/or the device 130 running the IM app 131. there is. A security policy may include an MDM solution. The IM server 110 may store the MDM policy for each group, including whether the created group uses the security policy and/or the IP address of the MDM server 120 that executes the security policy. For example, when the first group uses the security policy, information indicating that the first group uses the security policy and the IP address of the MDM server 120 that executes the security policy are assigned to the MDM policy corresponding to the first group. can be saved as When the second group does not use the security policy, information indicating that the second group does not use the security policy may be stored as an MDM policy corresponding to the second group.

The MDM server 120 according to an embodiment may store a set security policy and may provide an MDM app 132 for controlling the device 130 based on the security policy. The MDM app 132 is installed on the device 130 and can control the device 130 or other apps (eg, the IM app 131) installed on the device 130 according to the security policy stored in the MDM server 120. there is. In order to perform a control operation according to the security policy, the MDM app 132 may monitor the state of another app running in the foreground on the device, and based on the monitoring result, the corresponding app or the corresponding app according to the security policy. It is possible to control the device 130 that drives the app. Monitoring the state of an app may mean receiving an execution state of the app from the corresponding app. The running state of the app may include a state in which the app is running in the foreground. For example, when an API is called by the app or when a specific function is operated in the app, events occurring during the running of the app in the foreground A corresponding signal may be included.

The MDM app 132 according to an embodiment may receive an execution state of the IM app 131 running in the foreground on the device 130, and may be related to the camera to prevent capture while the IM app 131 is running. Actions can be performed according to security policies, such as restricting API privileges. The process of transmitting the execution state of the IM app 131 to the MDM app 132 is described in detail with reference to FIG. 2 .

2 is a diagram for explaining a mobile device management method performed in a system according to an exemplary embodiment.

The system 100 shown in FIG. 2 may correspond to the system 100 shown in FIG. 1 . A method for managing a mobile device performed by the system 100 according to an embodiment may include operations 210 to 270 .

Referring to FIG. 2 , a user may input a group identifier through an IM app installed on the device, and the IM app may transmit (210) the input group identifier to the IM server. The group identifier may correspond to an identifier indicating a group to which an account of a user subscribed to the IM service belongs. An operation of inputting a group identifier will be described in detail with reference to FIG. 4 below.

According to one embodiment, the IM server may transmit (220) an MDM policy corresponding to the received group identifier to the IM app. As described above, the IM server may store the MDM policy for each group, including whether the created group uses the security policy and/or the IP address of the MDM server executing the security policy. The IM server may obtain an MDM policy corresponding to the group indicated by the input group identifier based on the MDM policy stored for each group, and may transmit the obtained MDM policy to the IM app (220).

According to one embodiment, the IM app may request an identification key corresponding to the device from the MDM app corresponding to the received MDM policy (230), and in response to the request, the MDM app may transmit the identification key corresponding to the device to the IM app. It can be transmitted (240) to. The identification key corresponding to the device is a unique identification key of the device generated in the MDM server to recognize each device. For example, the identification key corresponding to the first device may be distinguished from the identification key corresponding to the second device. . Even when the same user account is logged into the IM app installed on the first device and the second device, the identification key corresponding to the first device may be distinguished from the identification key corresponding to the second device. The MDM server may share an identification key corresponding to the MDM app and the device with each other.

According to one embodiment, when the MDM app corresponding to the received MDM policy is normally installed in the device and the corresponding MDM app is normally running, an operation of transmitting an identification key from the MDM app to the IM app may be performed. . In other words, if the MDM app is not installed, the IM app cannot receive the identification key corresponding to the device, and if the MDM app is installed but is not normally running, the IM app cannot receive the identification key corresponding to the device. may not be able

According to an embodiment, the IM app may transmit (250 or 260) an execution state of the IM app to an MDM server that provides the MDM app, based on the received identification key. The execution state of the IM App may be directly transmitted from the IM App to the MDM server (250), or may be transmitted to the MDM server via the IM server (260).

More specifically, the MDM policy received by the IM app may include the IP address of the MDM server. The IM App may directly transmit ( 250 ) the running state of the IM App to the MDM server based on the IP address of the MDM server received from the IM server. In case of transmitting the running state of the IM app, the MDM server may transmit the received identification key so that the device to which the running state of the IM app is transmitted can be specified.

According to one embodiment, the IP address of the MDM server may not be included in the MDM policy received from the IM app. The IM app may transmit the running state of the IM app to the IM server, and the IM server may transmit 260 the running state of the IM app to the MDM server. The IM server may transmit the running state of the IM App to the MDM server together with the identification key corresponding to the device received from the MDM App stored in correspondence with the device. According to an embodiment, the IM server may store and manage the device identification key generated by the MDM server by matching the device identification key generated by the IM server.

According to an embodiment, the MDM server that has received the running state of the IM app together with the identification key corresponding to the device transmits the running state of the IM app to the MDM app installed on the device based on the received identification key (270). can The MDM server can transmit the running state of the IM app to the MDM app in a way that does not change the MDM app running in the background to the foreground running state on the device, such as a silent push to the MDM app. .

3 is a diagram for explaining an example in which an MDM app controls an IM app in a system according to an embodiment.

The system 100 shown in FIG. 3 may correspond to the system 100 shown in FIG. 1 or the system 100 shown in FIG. 2 .

Referring to FIG. 3 , upon receiving the running state of the IM App of the device and the identification key of the device, the MDM server may identify the device that has transmitted the running state of the IM App based on the received identification key. The MDM server may transmit the running state of the IM app to the MDM app installed in the device corresponding to the identification key (270). For example, when the received identification key corresponds to the identification key generated in correspondence with the first device, the MDM server may transmit the running state of the IM App to the MDM App installed in the first device.

According to an embodiment, the MDM App that has received the running state of the IM App from the MDM server may control (280) the IM App based on the security policy stored in the MDM server and the running state of the IM App. For example, the MDM app may restrict a function of capturing and/or copying content transmitted and received through the IM app when the IM app is in a foreground running state.

As described above, the MDM app can receive the running state of the IM app from the MDM server in a manner that does not change the MDM app running in the background on the device to the foreground running state, such as a silent push. . In other words, the MDM App may monitor the running state of the IM App while maintaining the background running state by receiving the running state of the IM App from the MDM server without being called by the IM App.

4 is a diagram for explaining an operation of a user logging in to an IM app according to an embodiment.

Referring to FIG. 4, a user inputs an account of a user subscribed to an instant messaging service through an interface provided through an IM app installed on a device (410), and an operation of inputting information about a group to which the user's account belongs. Operation 420 and operation 430 of logging in to the user's account may be performed.

Operation 410 according to an embodiment may include an operation of inputting an account of a user subscribed to an instant messaging service through an interface for inputting account information provided through an IM app.

Operation 420 according to an embodiment may include an operation for the user to input information about a group corresponding to the user's account through an interface for inputting account information provided through an IM app.

For example, the operation 420 of inputting information about a group may include an operation for the user to select any one of the groups to which the user's account provided through the IM app belongs. The IM server may search for a group to which the user's account belongs based on the input user's account, and may provide information about the searched group through an interface. For example, when the IM server searches for a group to which the input first user account belongs and the first user account is included in the first group and the second group, the IM server transmits information about the first group and the second group. It can be provided through an interface. For example, the information about the group to which the user's account belongs may include a group identifier that is identification information of the group to which the user's account belongs.

According to one embodiment, information about a group to which the user's account belongs may be provided through an interface for group selection. The user may select one of the groups to which the user's account belongs through the interface, and a group identifier corresponding to the group selected by the user may be transmitted to the IM server.

According to an embodiment, the operation according to step 410 and the operation according to step 420 may be performed as one operation of inputting account information. For example, when a user inputs a user account subscribed to an instant messaging service, a group identifier of a group to which the input user account belongs may be obtained from the IM server. The IM server may store and manage a group identifier of a group to which the user's account belongs by matching with the user's account. The IM server may obtain a group identifier matched to the input user's account.

As described above in FIG. 2, the IM server receiving the group identifier from the MDM app may transmit an MDM policy corresponding to the group identifier to the MDM app, and the IM app may respond to the MDM app corresponding to the received MDM policy to the device. You can request an identification key that

The login operation 430 according to an embodiment may be performed when an identification key corresponding to a device is normally received from the MDM app according to a request of the IM app, and the user authenticates the user account through the IM app. This may include logging into the IM app by entering information (eg, a password). For example, when the identification key corresponding to the device is normally received from the MDM app, an interface for logging in may be provided through the IM app, and the user inputs authentication information about the user's account input through the interface, You can log in to your IM app.

According to one embodiment, when the identification key corresponding to the device is not normally received from the MDM app, an interface for login may not be provided or the interface for login may not be activated. In other words, if the identification key corresponding to the device is not normally received from the MDM app, the user cannot input information for login, such as authentication information about the user's account, and login may not proceed.

According to one embodiment, the operation according to step 410 may be included in the operation according to step 430. For example, a user may first enter a group identifier through an IM app, and after receiving an identification key corresponding to a device from an MDM app, enter the user's account and authentication information (eg, password) through an IM app. By doing so, you can log in to the IM app. When the identification key corresponding to the device is received from the MDM app, the device may be provided with an interface for login through the IM app, and the user logs in by entering the user's account and authentication information based on the interface for login. can proceed.

According to an embodiment, when the login operation 430 is completed, the user may use the instant messaging service provided by the IM server through the IM app and may use the instant messaging service related to the selected group. As described above, when an IM app is executed in the foreground on a device logged in with a user's account, the execution state of the IM app may be transmitted to the MDM server according to the MDM policy of the group corresponding to the logged-in account.

5 is a flowchart illustrating an operation of an IM App according to an exemplary embodiment.

Referring to FIG. 5 , an operating method of an IM app (eg, the IM app 131 of FIG. 1 ) installed in a device (eg, the device 130 of FIG. 1 ) is an IM server (eg, FIG. 1 ) that provides the IM app. Obtaining an MDM policy corresponding to the group identifier input from the IM server 120 of the step 510, from an MDM app installed in the device based on the MDM policy (eg, the MDM app 132 of FIG. 1) to the device Acquiring a corresponding identification key (520), and based on the identification key, transmitting the running state of the IM app to an MDM server providing the MDM app (530).

The group identifier input in step 510 according to an embodiment may include an identifier indicating a group to which the account of the user using the IM app belongs, and the account of the user using the IM app includes an account registered to the IM server. can include As described above, the user may input the user's account or group identifier through the IM app. When the user's account is input, the IM server may obtain a group identifier corresponding to a group to which the user's account belongs, based on the input user's account. In other words, the input group identifier may include a group identifier input from the user through the IM app and/or a group identifier obtained from the IM server based on the user's account input from the user.

Step 520 according to an embodiment may correspond to operations 230 and 240 described above with reference to FIG. 2 . In other words, step 520 requests an identification key corresponding to the device from the MDM app corresponding to the MDM policy obtained in step 510, and the identification key corresponding to the device transmitted from the MDM app in response to the request. It may include a receiving operation.

Step 520 according to an embodiment may further include displaying an interface for login in response to acquisition of the identification key and storing the identification key in response to a user's login based on the interface for login. can As described above, when the identification key corresponding to the device is normally received from the MDM app, an interface for login may be provided through the IM app. When logged in with the user's account, the IM app may store an identification key corresponding to the device.

According to one embodiment, the stored identification key may be deleted in response to logout. In other words, in response to the user's logout, the identification key corresponding to the device stored in the IM app is deleted, and then, when the group identifier is re-entered through the IM app, MDM according to steps 510 to 520. An identification key corresponding to the device may be received from the app again.

Step 530 according to an embodiment may correspond to operation 250 or operation 260 described above with reference to FIG. 2 . For example, the step of transmitting the running state of the IM app (530) may include transmitting the obtained identification key and the running state of the IM app to the MDM server based on the IP address of the MDM server included in the MDM policy. can As another example, in step 530 of transmitting the running state of the IM app, based on the IP address of the MDM server stored in the instant messaging server, the identification key obtained from the MDM server via the instant messaging server and the running state of the IM app. It may include the step of transmitting.

As described above, the execution state of the IM app may include a state in which the app is executed in the foreground. Step 530 according to an embodiment may include transmitting a foreground execution state of the IM App to the MDM server when the IM App is executed in the foreground.

According to step 530 according to an embodiment, the execution state of the IM App transmitted to the MDM server may be transmitted from the MDM server to the MDM App. As described above, the MDM server can transmit the running state of the IM app to the MDM app in a way that does not change the MDM app running in the background to the foreground running state on the device, such as silent push to the MDM app. An MDM app that receives the running state of the app can run in the background.

According to an embodiment, the IM App may be controlled by the MDM App based on an execution state of the IM App transmitted to the MDM server and a security policy registered in the MDM server. The MDM app can control the IM app according to the security policy, or it can control the device running the IM app.

6 is an operation flowchart of an IM server according to an embodiment.

Referring to FIG. 6 , an operating method of an IM server (eg, IM server 120 in FIG. 1 ) providing an IM service through an IM app (eg, IM app 131 in FIG. 1 ) relates to a registered group identifier. Correspondingly, storing the MDM policy (610), providing the MDM policy to the device in response to an input regarding the group identifier received from the device running the IM app (e.g., device 130 of FIG. 1). (620), receiving, from the device, an identification key corresponding to the device generated in the MDM server regarding the MDM policy (630), storing the received identification key corresponding to the device (640), and corresponding to the device and transmitting an execution state of the IM App received from the device to the MDM server based on the stored identification key (step 650).

Step 610 according to an embodiment, as described above, determines whether or not the group created in the instant messaging service uses the security policy and/or sets the MDM policy including the IP address of the MDM server executing the security policy for each group. A storage step may be included.

Step 620 according to an embodiment may correspond to step 220 of FIG. 2 . In other words, step 620 may include acquiring an MDM policy corresponding to the group indicated by the input group identifier based on the MDM policy stored for each group and transmitting the acquired MDM policy to the IM app. there is. According to one embodiment, the MDM policy transmitted to the IM app at step 620 is whether the group uses a security policy and the MDM app that executes the security policy of the group in the IM app (e.g., the MDM app 132 of FIG. 1). ) may include information identifying an MDM app required to request an identification key corresponding to the device. According to an embodiment, the MDM policy transmitted to the IM app in step 620 may not include the IP address of the MDM server executing the security policy.

Step 630 according to an embodiment may include receiving an identification key corresponding to the device received from the MDM server in the IM app from the MDM app. As described above, the identification key corresponding to the device received from the MDM app may be shared by the MDM server and the MDM app as an identification key unique to the device generated to identify the device in the MDM server.

Step 640 according to an embodiment may include storing an identification key corresponding to the received device in an IM server corresponding to the device. According to one embodiment, the identification key corresponding to the device may be stored and managed in the IM app, but may also be stored and managed in the IM server in correspondence with the device. When the IM server stores and manages an identification key (hereinafter referred to as a first identification key) corresponding to a device generated in the MDM server, the IM server generates an identification key (hereinafter referred to as a first identification key) corresponding to a device generated to identify a device in the IM server. , the second identification key) may be matched and stored. The second identification key may correspond to an identification key generated for each device in order to identify the device in the IM server. For example, the IM server may store the first identification key and the second identification key corresponding to the device as a mapping table.

Step 640 according to an embodiment includes providing a device with an interface for logging in in response to receiving the identification key, and storing the identification key corresponding to the device in response to a user's login based on the interface for logging in. steps may be included. When the user's login through the IM app is completed, the IM server may store the received first identification key in correspondence with the device logged into the user's account.

Step 640 according to an embodiment may further include deleting the stored identification key in response to a user's logout. In other words, in response to the user's logout, the identification key corresponding to the device stored in the IM server is deleted, and then, when input on the group identifier is input again from the device, according to steps 610 to 640 The identification key corresponding to the device received from the MDM app may be stored again.

Step 650 according to an embodiment may correspond to operation 260 of FIG. 2 described above. For example, the IM server may identify a device that has transmitted the execution state of the IM app to the IM server based on the second identification key corresponding to the device that drives the IM app. Based on the second identification key, the IM server may obtain a first identification key matched with a corresponding second identification key from a mapping table storing the first identification key and the second identification key corresponding to the device. The IM server may transmit the execution state of the IM App received from the IM App to the MDM server based on the obtained first identification key.

7 is an exemplary diagram of a hardware configuration of a system for managing mobile devices according to an embodiment.

Referring to FIG. 7, a system (eg, the system 100 of FIG. 1) according to an embodiment includes a device 130 (eg, the device 130 of FIG. 1) connected through a network 730, an IM server ( 110) (eg, IM server 110 of FIG. 1) and MDM server 120 (eg, MDM server 120 of FIG. 1).

The device 130 according to an embodiment may be a mobile terminal implemented as a computer device. For example, the device 130 may communicate with the IM server 110, the MDM server 120, and/or other electronic devices through the network 730 using a wireless or wired communication method.

The IM server 110 and the MDM server 120 according to an embodiment communicate with the device 130 and/or other servers through the network 730 to provide commands, codes, files, contents, services, and the like. Alternatively, it may be implemented in a plurality of computer devices. The communication method is not limited, and may include a communication method utilizing a communication network (eg, mobile communication network, wired Internet, wireless Internet, broadcasting network) that the network 730 may include, and a short-distance wireless communication method between devices. For example, the network 730 may include a personal area network (PAN), a local area network (LAN), a campus area network (CAN), a metropolitan area network (MAN), a wide area network (WAN), and a broadband network (BBN). , one or more arbitrary networks such as the Internet.

According to one embodiment, the IM server 110 and/or the MDM server 120 may provide a file for installing an application to the device 130 connected through the network 730 . In this case, the device 130 may install an application (eg, an IM app or an MDM app) using a file provided from the IM server 110 and/or the MDM server 120 . In addition, the device 130 connects to the IM server 110 and/or the MDM server 120 under the control of an operating system (OS) and at least one program (eg, a browser or an installed application), and IM A service or content provided by the server 110 and/or the MDM server 120 may be provided. For example, when the device 130 transmits a service request message to the IM server 110 through the network 730 under the control of an application, the IM server 110 transmits a code corresponding to the service request message to the device 130. ), and the device 130 can provide content to the user by constructing and displaying a screen according to the code under the control of the application.

According to one embodiment, the device 130 and the IM server 110 may include memories 711 and 721, processors 713 and 723, communication modules 715 and 725, and input/output interfaces 717 and 727. there is.

The processors 713 and 723 according to an embodiment may perform at least one operation described above through FIGS. 1 to 6 . For example, the processor 713 may perform at least one operation performed in the IM app installed in the device 130 described above through FIGS. 1 to 6, and the processor 723 may perform Through this, at least one operation performed by the aforementioned IM server 110 can be performed. The processors 713 and 723 may be configured to process commands of a computer program by performing basic arithmetic, logic, and input/output operations. Instructions may be provided to the processors 713 and 723 by the memories 711 and 721 or the communication modules 715 and 725.

The memories 711 and 721 are computer-readable recording media and may be volatile memories or non-volatile memories. The memories 711 and 721 according to an embodiment may store information for managing the mobile device described above through FIGS. 1 to 6 . For example, the memory 721 may store an MDM policy corresponding to the aforementioned registered group identifier and may store an identification key generated by the MDM server in correspondence with a device.

The memory 711 according to an embodiment may include code for an IM app installed and driven in the device 130 by files provided from the IM server 110 through the network 730, and the MDM server Code for an MDM App that is installed and driven in the device 130 by files provided through the network 730 in 120 may be included.

The memory 721 according to an embodiment may store a program in which operations for mobile device management performed in the IM server described above with reference to FIGS. 1 to 6 are implemented.

The communication modules 715 and 725 according to an embodiment may provide functions for the device 130, the IM server 110, and the MDM server 120 to communicate with each other through the network 730, and other electronic devices. Alternatively, it may provide functions for communicating with other servers.

For example, a request generated by the processor 713 of the device 130 according to a program code for an IM app stored in a recording device such as the memory 711 is transmitted through the network 730 under the control of the communication module 715. may be transmitted to the IM server 110. As another example, a request generated by the processor 713 of the device 130 according to a program code related to an MDM app stored in a recording device such as the memory 711 sends the network 730 under the control of the communication module 715. It can be transmitted to the MDM server 120 through.

For example, control signals, commands, contents, files, etc. provided under the control of the processor 723 of the IM server 110 pass through the communication module 725 and the network 730 to the communication module 715 of the device 130. It may be received by the device 130 through ), or may be received by the MDM server 120.

The input/output interfaces 717 and 727 may be means for interface with the input/output device 719 . For example, the input device may include a device such as a keyboard or mouse, and the output device may include a device such as a display for displaying a communication session of an application. As another example, the input/output interface 717 may be a means for interface with a device in which functions for input and output are integrated into one, such as a touch screen. As a more specific example, the processor 713 of the device 130 processes a command of a computer program loaded into the memory 711, and a service screen or content configured using data provided by the IM server 110 is an input/output interface. It can be displayed on the display through 717. An input received from the user through the input/output device 719 may be provided in a form processable by the processor 713 of the device 130 through the input/output interface 717 .

According to one embodiment, the device 130 and the IM server 110 may include other components not shown in FIG. 7 . For example, the device 130 is implemented to include at least some of the above-described input/output devices 719 or other components such as a transceiver, a Global Positioning System (GPS) module, a camera, various sensors, and a database. may include more.

The embodiments described above may be implemented as hardware components, software components, and/or a combination of hardware components and software components. For example, the devices, methods and components described in the embodiments may include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate (FPGA). array), programmable logic units (PLUs), microprocessors, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and software applications running on the operating system. A processing device may also access, store, manipulate, process, and generate data in response to execution of software. For convenience of understanding, there are cases in which one processing device is used, but those skilled in the art will understand that the processing device includes a plurality of processing elements and/or a plurality of types of processing elements. It can be seen that it can include. For example, a processing device may include a plurality of processors or a processor and a controller. Other processing configurations are also possible, such as parallel processors.

Software may include a computer program, code, instructions, or a combination of one or more of the foregoing, which configures a processing device to operate as desired or processes independently or collectively. The device can be commanded. Software and/or data may be any tangible machine, component, physical device, virtual equipment, computer storage medium or device, intended to be interpreted by or provide instructions or data to a processing device. , or may be permanently or temporarily embodied in a transmitted signal wave. The software may be distributed on networked computer systems and stored or executed in a distributed manner. Software and data may be stored on computer readable media.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded on a computer readable medium. A computer readable medium may store program instructions, data files, data structures, etc. alone or in combination, and program instructions recorded on the medium may be specially designed and configured for the embodiment or may be known and usable to those skilled in the art of computer software. there is. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tapes, optical media such as CD-ROMs and DVDs, and magnetic media such as floptical disks. - includes hardware devices specially configured to store and execute program instructions, such as magneto-optical media, and ROM, RAM, flash memory, and the like. Examples of program instructions include high-level language codes that can be executed by a computer using an interpreter, as well as machine language codes such as those produced by a compiler.

The hardware device described above may be configured to operate as one or a plurality of software modules to perform the operations of the embodiments, and vice versa.

As described above, although the embodiments have been described with limited drawings, those skilled in the art can apply various technical modifications and variations based on this. For example, the described techniques may be performed in an order different from the method described, and/or components of the described system, structure, device, circuit, etc. may be combined or combined in a different form than the method described, or other components may be used. Or even if it is replaced or substituted by equivalents, appropriate results can be achieved.

Therefore, other implementations, other embodiments, and equivalents of the claims are within the scope of the following claims.

Claims (20)

In the operation method of the IM (instant messaging) app installed on the device,
obtaining an MDM policy corresponding to a group identifier input from an IM server interlocked with the IM app;
Obtaining an identification key corresponding to the device from an MDM app installed in the device based on the MDM policy; and
Based on the identification key, transmitting an execution state of the IM App to an MDM server interlocked with the MDM App.
including,
The identification key includes an identification key unique to the device generated to recognize the device in the MDM server.
How IM apps work.
According to claim 1,
The running state of the IM app is
Transmitted from the MDM server to the MDM app,
How IM apps work.
According to claim 1,
The IM app
Based on the execution state of the IM App transmitted to the MDM server and the security policy registered in the MDM server, controlled by the MDM app
How IM apps work.
According to claim 1,
The step of transmitting the running state of the IM app is
Transmitting the identification key and the execution state to the MDM server based on the IP address of the MDM server included in the MDM policy.
including,
How IM apps work.
According to claim 1,
The step of transmitting the running state of the IM app is
Transmitting the identification key and the running state to the MDM server via the IM server based on the IP address of the MDM server stored in the IM server.
including,
How IM apps work.
According to claim 1,
Obtaining the identification key
In response to the acquisition of the identification key, displaying an interface for login; and
Storing the identification key in response to a user's login based on the login interface.
Including more,
The stored identification key is deleted in response to the user's logout.
How IM apps work.
According to claim 1,
The group identifier is
An identifier indicating a group to which an account of a user using the IM app belongs,
The user's account includes an account registered to the IM server,
How IM apps work.
According to claim 1,
The step of transmitting the running state of the IM app is
Transmitting a foreground execution state of the IM App to the MDM server when the IM App is executed in the foreground.
including,
How IM apps work.
According to claim 1,
The MDM app runs in the background,
How IM apps work.
In the method of operating an IM server that provides IM service through an IM (instant messaging) app,
Corresponding to the registered group identifier, storing the MDM policy;
providing the MDM policy to the device in response to an input regarding the group identifier received from a device driving the IM app;
Receiving, from the device, an identification key corresponding to the device generated in an MDM server related to the MDM policy;
storing the received identification key in correspondence with the device; and
Transmitting an execution state of the IM App received from the device to the MDM server based on the identification key stored in correspondence with the device.
including,
How the server works.
According to claim 10,
The running state of the IM app is
transmitted from the MDM server to the MDM app installed in the device, wherein the MDM app includes an MDM app linked with the MDM server;
How the server works.
According to claim 11,
The IM app
Based on the execution state of the IM App transmitted to the MDM server and the security policy registered in the MDM server, controlled by the MDM app
How the server works.
According to claim 10,
Storing the received identification key corresponding to the device
In response to receiving the identification key, providing an interface for logging in to the device; and
In response to the user's login based on the login interface, storing the identification key corresponding to the device
including,
How the server works.
According to claim 13,
Storing the received identification key corresponding to the device
In response to the logout of the user, deleting the stored identification key.
Including more,
How the server works.
A computer program stored in a medium to execute the method of any one of claims 1 to 14 in combination with hardware.
In an IM server that provides an IM service through an IM (instant messaging) app,
a memory for storing an MDM policy corresponding to a registered group identifier; and
In response to an input related to the group identifier received from a device driving the IM app, providing the MDM policy to the device;
Receiving, from the device, an identification key corresponding to the device generated in an MDM server related to the MDM policy;
Transmitting an execution state of the IM App received from the device to the MDM server based on the received identification key;
at least one processor
Including, IM server.
According to claim 16,
The running state of the IM app is
transmitted from the MDM server to the MDM app installed in the device, wherein the MDM app includes an MDM app linked with the MDM server;
IM Server.
According to claim 17,
The IM app
Based on the execution state of the IM App transmitted to the MDM server and the security policy registered in the MDM server, controlled by the MDM app
IM Server.
According to claim 16,
the memory,
Store the received identification key in correspondence with the device;
the processor,
In response to receiving the identification key, providing an interface for logging in to the device, and in response to a user's login based on the interface for logging in, storing the identification key corresponding to the device,
IM Server.
According to claim 19,
the processor,
In response to the logout of the user, deleting the identification key stored in the memory corresponding to the device,
IM Server.

Images