CN103269335A - Method and system for compliance audit of movable terminal - Google Patents
Method and system for compliance audit of movable terminal Download PDFInfo
- Publication number
- CN103269335A CN103269335A CN2013101457734A CN201310145773A CN103269335A CN 103269335 A CN103269335 A CN 103269335A CN 2013101457734 A CN2013101457734 A CN 2013101457734A CN 201310145773 A CN201310145773 A CN 201310145773A CN 103269335 A CN103269335 A CN 103269335A
- Authority
- CN
- China
- Prior art keywords
- application program
- unloading
- flow
- portable terminal
- management server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and system for compliance audit of a movable terminal. The method comprises the steps that application programs arranged on a terminal operation system are scanned by an equipment housekeeper client side, scanned application information of all the application programs are fed back to an equipment management server, and the equipment housekeeper client side is arranged on the movable terminal; the equipment management server confirms health levels of the application programs corresponding to the application information according to obtained application information, and sends the health levels to the equipment housekeeper client side; the equipment housekeeper client side displays or does not display unloading notices according to the received health levels to enable a user to unload the corresponding application programs according to the displayed unloading notices. The invention further discloses a system for compliance audit of the movable terminal.
Description
Technical field
The present invention relates to the safety protection technique field, relate in particular to a kind of portable terminal and close rule auditing method and system.
Background technology
Continuous development along with mobile Internet, a lot of enterprises, public institution have adopted the mode of mobile office, mobile office will make information carry out radio transmission aloft through the in-house network of open wireless public network access enterprise, adopt this mode to make the clerical workforce can handle anything relevant with corporate business at any time and any place, the clerical workforce can obtain the office operation of unit information to be correlated with whenever and wherever possible, break away from the constraint in time and space, improved operating efficiency.
But, because each internet worm is widespread in the intelligent operating system of main flow, though modern intelligent operating system has taken into full account the fail safe of system when design, its security intensity increases substantially, but because of reasons such as user's operation, device losses, data problem such as reveal, escape from prison still happens occasionally, when carrying out mobile office, unified management must be considered and need to these safety problems, to avoid the unnecessary leakage of business data or information.And existing data leak monitoring method is with the form of internal network FTP client FTP and management end system to be installed respectively on user terminal and server, utilize FTP client FTP to monitor each user terminal program and file operating position at any time, generate operation log and the screenshotss record of file destination or program, and be summarised in the operation history run database of record and screenshotss historical record data storehouse of server, thereby final literal and the video tracking record that forms the object run process in the management end system reproduced all processes that data are revealed flexibly.
And when portable terminals such as utilizing smart mobile phone is realized mobile office, because mobile office will be through the wireless network of operator and the Operation Network of mobile operator, the probability that information-leakage or introducing assault take place is bigger, because just monitoring in order to awareness information each user terminal program in the Intranet and file operating position, prior art how to leak, but, do not provide how to solve the security protection problem of utilizing wireless public network to insert the portable terminal of corporate intranet, thereby can not prevent the security threat that outer net causes enterprises information.
Summary of the invention
In view of this, the main purpose of the embodiment of the invention is to provide a kind of portable terminal to close rule auditing method and system, when utilizing portable terminal and corporate intranet to communicate the user, realizes the purpose of reduction network security hidden danger.
For achieving the above object, the embodiment of the invention provides a kind of portable terminal to close the rule auditing method, comprising:
The application program of installing on the equipment house keeper client scan terminal operating system, and the application message of each application program that will scan feeds back to device management server, described equipment house keeper client is installed on the portable terminal;
The application message that described device management server basis is obtained is determined the Health Category with described application message corresponding application program, and described Health Category is sent to described equipment house keeper client;
Described equipment house keeper client shows or does not show the unloading notice according to the Health Category that receives, so that the user is according to the unloading notice unloading corresponding application program of described demonstration.
Preferential, in said method, critical, malice, normal, unknown that described Health Category comprises.
Describedly show or do not show that according to described Health Category the unloading notice comprises:
When described Health Category when being critical, show and carry the unloading notice that unloads application program at once;
When described Health Category is malice, shows and carry the unloading notice that unloads application program as early as possible;
When described Health Category when being normal or unknown, do not show the unloading notice.
Preferential, in said method, obtain described normal health grade or unknown Health Category by the grade record of inquiring about in the described equipment house keeper client.
Preferential, said method also comprises:
Whether equipment house keeper client monitors has application program unloaded, if it is unloaded to have monitored application program, then sends the unloading message of unloaded application to device management server;
Described device management server according in the described unloading information updating terminal applies database about the relevant information of the application program of described unloading.
Preferential, said method also comprises:
Whether equipment house keeper client monitors portable terminal escapes from prison, and escapes from prison if monitor portable terminal, and the feedback information of then will escaping from prison is given device management server;
The portable terminal that device management server will be escaped from prison according to the described information of escaping from prison pipes off, and forbids that the described portable terminal that pipes off normally visits internal network.
Preferential, said method also comprises:
Device management server transmitted traffic amount restricted information is to equipment house keeper client;
Equipment house keeper client is added up the same day and of that month flow behaviour in service every day, and shows the flow reminder message according to described flow behaviour in service and described flow amount restricted information.
Preferential, in said method, add up the same day and of that month flow behaviour in service described every day, and show that according to described flow behaviour in service and described flow amount restricted information the flow reminder message comprises:
Add up every day of that month honeycomb flow that the user uses and the same day wifi flow;
If the honeycomb flow of statistics reaches first preset proportion of of that month honeycomb flow amount, then show and carry the reminder message of saving flow;
If the honeycomb flow of statistics reaches second preset proportion of of that month honeycomb flow amount, show then and carry the reminder message that amount is about to use up that described second preset proportion is greater than described first preset proportion;
If the wifi flow of statistics greater than the 3rd preset proportion of wifi flow amount on the same day, then shows the reminder message of carrying the wifi use traffic.
The embodiment of the invention also provides a kind of portable terminal to close the rule auditing system, comprising: at least one equipment house keeper client and device management server, described equipment house keeper client are installed on the portable terminal that inserts Intranet;
Described equipment house keeper client, for the application program of installing on the end of scan operating system, and the application message of each application program that will scan feeds back to device management server; Whether monitoring has application program unloaded, if it is unloaded to have monitored application program, then sends the unloading message of unloaded application to device management server; Whether the monitoring portable terminal escapes from prison, and escapes from prison if monitor portable terminal, and the feedback information of then will escaping from prison is given device management server;
Described device management server is used for Health Category definite according to the application message of obtaining and described application message corresponding application program, and described Health Category is sent to described equipment house keeper client; According in the described unloading information updating terminal applies database about the relevant information of the application program of described unloading; The portable terminal that to escape from prison according to the described information of escaping from prison pipes off, and forbids that the described portable terminal that pipes off normally visits internal network; Transmitted traffic amount restricted information is to equipment house keeper client;
Described equipment house keeper client also is used for showing or do not show the unloading notice according to the Health Category that receives, so that the user is according to the unloading notice unloading corresponding application program of described demonstration; Add up the same day and of that month flow behaviour in service every day, and show the flow reminder message according to described flow behaviour in service and described flow amount restricted information.
Preferential, in said system, critical, malice, normal, unknown that described Health Category comprises.
Preferential, in said system, described equipment house keeper client comprises:
Scanning element is used for the application program of installing on the end of scan operating system obtaining the application message of each application program, but and treat that the network time spent feeds back to device management server with the application message of obtaining;
The first monitoring transmitting element, whether be used for monitoring has application program unloaded, if it is unloaded to have monitored application program, but the application program of record unloading and treat that the network time spent sends the unloading message of unloaded application to device management server then;
Whether the second monitoring transmitting element is used for the monitoring portable terminal and escapes from prison, and escapes from prison if monitor portable terminal, but then records the portable terminal of being escaped from prison and treat that the network time spent feedback information of will escaping from prison gives device management server;
Display unit is used for showing that when described Health Category when being critical carrying the unloading that unloads application program at once notifies; When described Health Category is malice, shows and carry the unloading notice that unloads application program as early as possible; When described Health Category when being normal or unknown, do not show the unloading notice.
Statistic unit, be used for adding up every day of that month honeycomb flow that the user uses and the same day wifi flow; If the honeycomb flow of statistics reaches first preset proportion of of that month honeycomb flow amount, then show and carry the reminder message of saving flow; If the honeycomb flow of statistics reaches second preset proportion of of that month honeycomb flow amount, show then and carry the reminder message that amount is about to use up that described second preset proportion is greater than described first preset proportion; If the wifi flow of statistics greater than the 3rd preset proportion of wifi flow amount on the same day, then shows the reminder message of carrying the wifi use traffic.
Preferential, in said system, obtain described normal health grade or unknown Health Category by the grade record of inquiring about in the described equipment house keeper client.
Embodiment of the invention portable terminal closes rule auditing method and system, by erection unit house keeper client on the portable terminal that inserts corporate intranet, to utilize each application program of installing on the equipment house keeper client scan terminal operating system to obtain the scanning result that carries application message, and the scanning result that obtains fed back to device management server, described device management server is determined Health Category with each application message corresponding application program according to scanning result, and described Health Category is sent to corresponding equipment house keeper client; Described equipment house keeper client shows or does not show the unloading notice according to each Health Category used that obtains, when showing the unloading notice, illustrate that there is bigger security threat in unloading notice corresponding application program, thereby can make the user according to the unloading notice unloading corresponding application program of described demonstration, guarantee the secure communication between portable terminal and corporate intranet, reduced network security hidden danger such as data leak.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 closes the signalling diagram of rule auditing method for embodiment of the invention portable terminal;
Fig. 2 is the escape from prison signalling diagram of method for supervising of the embodiment of the invention;
Fig. 3 is the signalling diagram of embodiment of the invention flux monitoring method;
Fig. 4 is the schematic flow sheet of embodiment of the invention flux monitoring method;
Fig. 5 closes a kind of structural representation of rule auditing system for embodiment of the invention portable terminal;
Fig. 6 closes a kind of concrete structure schematic diagram of rule auditing system for embodiment of the invention portable terminal.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Referring to shown in Figure 1, the portable terminal that Fig. 1 provides for the embodiment of the invention closes the signalling diagram of rule auditing method, realizes that the step of this method comprises:
Step 101: the application program of installing on the equipment house keeper client scan terminal operating system, and the application message of each application program that will scan feeds back to device management server, described equipment house keeper client is installed on the portable terminal.
Before realizing the embodiment of the invention, the user at first need (this portable terminal can be smart mobile phone at portable terminal, or ipad etc.) last erection unit house keeper client, described equipment house keeper client is carried the function of the application Monitoring Service of start self-starting, for the first time start portable terminal or only after the client installation, described application Monitoring Service function also will start and begin the application program of having installed on the end of scan operating system, when the scanning application program, scanning that can property performance period namely repeats to scan to obtain at any time the application message of related application with the time interval of setting.
After scanning is finished, equipment house keeper client can be with the title of application message as using that scans, the bag name, version, equipment unique hardware identifier, application operating position etc. sends to device management server, device management server can deposit the application message of obtaining in the terminal applies database, at this moment, described device management server calls auditing service, utilize the auditing service function with store in the terminal applies database about the application message of this portable terminal and use the application message about this portable terminal of storing in the sample database and compare, come to judge Health Category for each application program, wherein, the data message in the described application sample database mainly comprises the title of each application relevant with enterprise or custom-made, the bag name, version, Health Category etc.
In addition, in the running of mobile terminal process, when described application Monitoring Service function monitoring is mounted to certain new application, can automatically the application message of new application be noted, treat that but the network time spent sends to device management server with information, device management server can call auditing service automatically and audit, and with auditing result namely the Health Category of this new application program feed back to equipment house keeper client.
Step 102: the application message that described device management server basis is obtained is determined the Health Category with described application message corresponding application program, and described Health Category is sent to described equipment house keeper client.
Protection level according to enterprise's application programs customization, for application program is specified Health Category under different ruuning situation, a kind of application program can be to there being multiple Health Category, every kind of Health Category is applicable to a plurality of application programs, described Health Category can define from different aspects, for example: because the serious data leakage problem may appear in the use of certain application program, application in this case can be considered as the minimum application of health level, when certain application program is in normal operating condition and does not exist when also any potential safety hazard not occurring, application in this case can be considered as the highest application of health level, and every kind of health level can be named, in order to define the health degree of application program.
Step 103: described equipment house keeper client shows or does not show the unloading notice according to the Health Category that receives, so that the user is according to the unloading notice unloading corresponding application program of described demonstration.
When described equipment house keeper client got access to the Health Category of certain application, when Health Category when lower (having serious potential safety hazard), described equipment house keeper client can show that the notice of this application program of needs unloading is in order to warn to the user.
In step 103, the Health Category of using is divided into four grades such as " critical ", " malice ", " normally ", " the unknown ".The Health Category of application program is to define according to the extent of injury of using, and for example, the application of " critical " grade mainly refers to carry out the application that malice is deducted fees, information is stolen; The application of " malice " grade refers to that mainly the rogue uses or the self-defining application of enterprise, and behavior is to distribute indiscriminately advertisement etc.; The application of " normally " grade refers to common application, refers to the application that hazard level is lower, the application that does not have harm or disturb; The application of " the unknown " grade refer to not have in the application sample database of described device management server can reference sample application, i.e. these application are application irrelevant with enterprise information security and that business system is not worked the mischief.
After device management server feeds back to equipment house keeper client with the Health Category of application program, if being applied as " critical " uses, then the mode of carrying the unloading notice that at once unloads application program by demonstration reminds the user to unload this application at once, and device management server can send note and warns to the enterprise administrator simultaneously; Use if be applied as " malice ", carry the mode of the unloading notice that unloads application program as early as possible by demonstration and remind the user to unload as early as possible.If the Health Category of using is " normally " or " the unknown ", then do not show the unloading notice, only when opening equipment house keeper client, the user can see the Health Category of application, can not do any extra prompting, namely obtain described normal health grade or unknown Health Category by the grade record of inquiring about in the described equipment house keeper client.
In addition, the embodiment of the invention also comprises following function:
Utilize equipment house keeper client monitors whether to have application program unloaded; If equipment house keeper client monitors, then sends the unloading message of unloaded application to there being application program unloaded to device management server; Described device management server according in the described unloading information updating terminal applies database about the relevant information of the application program of described unloading.Wherein, title, bag name and the version (can be used for pointing out which application program is unloaded) etc. that comprise equipment unique hardware identifier (it is unloaded to can be used for pointing out application is arranged on which portable terminal), unloaded application in the described unloading message.
When the user sees the unloading notice, can select the unloading Health Category is the application program of " critical " or " malice ", the application Monitoring Service function monitoring of described equipment house keeper client is used to certain when unloaded, can automatically the information of application program be noted, but treat that the network time spent sends to device management server with application message.Device management server can upgrade the terminal applies database automatically, is " critical " if should use Health Category, and device management server can send note automatically to the enterprise administrator, notifies its caution to remove.
The portable terminal of the embodiment of the invention closes the rule auditing method, by erection unit house keeper client on the portable terminal that inserts corporate intranet, to utilize each application program of installing on the equipment house keeper client scan terminal operating system to obtain the scanning result that carries application message, and the scanning result that obtains fed back to device management server, described device management server is determined Health Category with each application message corresponding application program according to scanning result, and described Health Category is sent to corresponding equipment house keeper client; Described equipment house keeper client shows or does not show the unloading notice according to each Health Category used that obtains, when showing the unloading notice, illustrate that there is bigger security threat in unloading notice corresponding application program, thereby can make the user according to the unloading notice unloading corresponding application program of described demonstration, guarantee the secure communication between portable terminal and corporate intranet, reduced network security hidden danger such as data leak.
On the basis of above-described embodiment 1, the invention process 2 also comprises following function, and referring to shown in Figure 2, the signalling diagram of the method for supervising of escaping from prison that Fig. 2 provides for the embodiment of the invention specifically may further comprise the steps:
Step 201: whether equipment house keeper client monitors portable terminal escapes from prison.
Step 202: if equipment house keeper client monitors is escaped from prison to portable terminal, the feedback information of then will escaping from prison is given device management server.
Wherein, comprise the unique hardware identifier at least in the described information of escaping from prison, in order to point out which portable terminal is escaped from prison.
Step 203: the portable terminal that device management server will be escaped from prison pipes off, and forbids that the described portable terminal that pipes off normally visits internal network.
Escaping from prison is exactly to obtain administrator right, and equipment is escaped from prison when bringing user's operation ease, and some access rights strategies of equipment self will lose efficacy, and the issuable security risk of equipment will increase greatly.After portable terminal is mounted equipment house keeper client, when equipment house keeper client starts for the first time, the service meeting of escaping from prison starts simultaneously and whether portable terminal escaped from prison monitors, when finding that portable terminal is escaped from prison, transmission is escaped from prison information to device management server, the mobile terminal device that this quilt is escaped from prison in the auditing service of device management server pipes off, and notifies this equipment of enterprise administrator to be not suitable for inserting enterprise network; The service of escaping from prison all can start when portable terminal is started shooting at every turn, whether terminal is escaped from prison monitor, and closes self after monitoring finishes.Whether after portable terminal was put on the blacklist, this portable terminal is the access enterprise networks network normally, need to prove, portable terminal is piped off and need carry out according to the strategy of enterprise.
At above-described embodiment 1 with implement on 2 the basis, the invention process 3 also comprises following function, and referring to shown in Figure 3, the signalling diagram of the flux monitoring method that Fig. 3 provides for the embodiment of the invention specifically may further comprise the steps:
Step 301: device management server transmitted traffic amount restricted information is to equipment house keeper client.
Wherein, described flow amount restricted information comprise of that month honeycomb flow amount and the same day wifi flow amount.
Step 302: equipment house keeper client is added up the same day and of that month flow behaviour in service every day, and shows the flow reminder message according to described flow behaviour in service and described flow amount restricted information.
Referring to shown in Figure 4, the schematic flow sheet of the flux monitoring method that Fig. 4 provides for the embodiment of the invention, described equipment house keeper client specifically realizes the step 302 of present embodiment as follows:
Step 401: add up every day of that month honeycomb flow that the user uses and the same day wifi flow.
Step 402: if the honeycomb flow of statistics reaches first preset proportion of of that month honeycomb flow amount, then show and carry the reminder message of saving flow.
Step 403: if the honeycomb flow of statistics reaches second preset proportion of of that month honeycomb flow amount, show then and carry the reminder message that amount is about to use up that described second preset proportion is greater than described first preset proportion.
Step 404: if the wifi flow of statistics greater than the 3rd preset proportion of wifi flow amount on the same day, then shows the reminder message of carrying the wifi use traffic.
After the intact equipment house keeper client of user installation, equipment house keeper client and device management server communicate, and obtain the flow amount restricted information that service end is set, and comprise honeycomb flow amount and wifi flow amount.In addition, equipment house keeper client can be added up honeycomb flow, WiFi flow situation of that month, that took place the same day every day.For example: if the every month honeycomb flow amount that arranges is A, then when of that month flow reach A 75% the time, if in one day, find user's online then remind the user once to note saving flow, when of that month flow reached A 90% the time, the each online of user all reminds user's amount to be about to use up.For the WiFi flow, just think that one day flow surpasses 5% o'clock of of that month amount, just remind user's work of should concentrating one's energy, frequently surf the Net.
Referring to shown in Figure 5, the portable terminal that Fig. 5 provides for the embodiment of the invention closes a kind of structural representation of rule auditing system, this system comprises: at least one equipment house keeper client 1 and device management server 2, described equipment house keeper client 1 are installed on the portable terminal that inserts Intranet.
Described equipment house keeper client 1, for the application program of installing on the end of scan operating system, and the application message of each application program that will scan feeds back to device management server; Whether monitoring has application program unloaded, if it is unloaded to have monitored application program, then sends the unloading message of unloaded application to device management server; Whether the monitoring portable terminal escapes from prison, and escapes from prison if monitor portable terminal, and the feedback information of escaping from prison of the portable terminal of then will escaping from prison is given device management server;
Described device management server 2 is used for Health Category definite according to the application message of obtaining and described application message corresponding application program, and described Health Category is sent to described equipment house keeper client; According in the described unloading information updating terminal applies database about the relevant information of the application program of described unloading; The portable terminal that to escape from prison according to the described information of escaping from prison pipes off, and forbids that the described portable terminal that pipes off normally visits internal network; Transmitted traffic amount restricted information is to equipment house keeper client;
Described equipment house keeper client 1 also is used for showing or do not show the unloading notice according to the Health Category that receives, so that the user is according to the unloading notice unloading corresponding application program of described demonstration; Add up the same day and of that month flow behaviour in service every day, and show the flow reminder message according to described flow behaviour in service and described flow amount restricted information.
Referring to shown in Figure 6, the portable terminal that Fig. 6 provides for the embodiment of the invention closes a kind of concrete structure schematic diagram of rule auditing system, and wherein, described equipment house keeper client 1 comprises:
Scanning element 11 is used for the application program of installing on the end of scan operating system obtaining the application message of each application program, but and treat that the network time spent feeds back to device management server with the application message of obtaining;
The first monitoring transmitting element 12, whether be used for monitoring has application program unloaded, if it is unloaded to have monitored application program, but the application program of record unloading and treat that the network time spent sends the unloading message of unloaded application to device management server then;
Whether the second monitoring transmitting element 13 is used for the monitoring portable terminal and escapes from prison, and escapes from prison if monitor portable terminal, but then records the portable terminal of being escaped from prison and treat that the network time spent feedback information of will escaping from prison gives device management server;
Wherein, obtain described normal health grade or unknown Health Category by the grade record of inquiring about in the described equipment house keeper client.
Embodiment of the invention portable terminal closes the rule auditing system, by erection unit house keeper client on the portable terminal that inserts corporate intranet, to utilize each application program of installing on the equipment house keeper client scan terminal operating system to obtain the scanning result that carries application message, and the scanning result that obtains fed back to device management server, described device management server is determined Health Category with each application message corresponding application program according to scanning result, and described Health Category is sent to corresponding equipment house keeper client; Described equipment house keeper client shows or does not show the unloading notice according to each Health Category used that obtains, when showing the unloading notice, illustrate that there is bigger security threat in unloading notice corresponding application program, thereby can make the user according to the unloading notice unloading corresponding application program of described demonstration, guarantee the secure communication between portable terminal and corporate intranet, reduced network security hidden danger such as data leak.
As seen through the above description of the embodiments, those skilled in the art's all or part of step that can be well understood in above-described embodiment method can realize by the mode that software adds essential general hardware platform.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product can be stored in the storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be personal computer, server, perhaps such as network communication equipments such as media gateway, etc.) the described method of some part of each embodiment of the present invention or embodiment carried out.
Need to prove that each embodiment adopts the mode of going forward one by one to describe in this specification, what each embodiment stressed is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.For the embodiment disclosed method, because it is corresponding with the disclosed system of embodiment, so description is fairly simple, relevant part gets final product referring to the components of system as directed explanation.
Also need to prove, in this article, relational terms such as first and second grades only is used for an entity or operation are made a distinction with another entity or operation, and not necessarily requires or hint and have the relation of any this reality or in proper order between these entities or the operation.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby make and comprise that process, method, article or the equipment of a series of key elements not only comprise those key elements, but also comprise other key elements of clearly not listing, or also be included as the intrinsic key element of this process, method, article or equipment.Do not having under the situation of more restrictions, the key element that is limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises described key element and also have other identical element.
To the above-mentioned explanation of the disclosed embodiments, make this area professional and technical personnel can realize or use the present invention.Multiple modification to these embodiment will be apparent concerning those skilled in the art, and defined General Principle can realize under the situation that does not break away from the spirit or scope of the present invention in other embodiments herein.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet the wideest scope consistent with principle disclosed herein and features of novelty.
Claims (11)
1. a portable terminal closes the rule auditing method, it is characterized in that, comprising:
The application program of installing on the equipment house keeper client scan terminal operating system, and the application message of each application program that will scan feeds back to device management server, described equipment house keeper client is installed on the portable terminal;
The application message that described device management server basis is obtained is determined the Health Category with described application message corresponding application program, and described Health Category is sent to described equipment house keeper client;
Described equipment house keeper client shows or does not show the unloading notice according to the Health Category that receives, so that the user is according to the unloading notice unloading corresponding application program of described demonstration.
2. method according to claim 1 is characterized in that, critical, malice, normal, unknown that described Health Category comprises.
Describedly show or do not show that according to described Health Category the unloading notice comprises:
When described Health Category when being critical, show and carry the unloading notice that unloads application program at once;
When described Health Category is malice, shows and carry the unloading notice that unloads application program as early as possible;
When described Health Category when being normal or unknown, do not show the unloading notice.
3. method according to claim 2 is characterized in that, obtains described normal health grade or unknown Health Category by the grade record of inquiring about in the described equipment house keeper client.
4. method according to claim 1 is characterized in that, described method also comprises:
Whether equipment house keeper client monitors has application program unloaded, if it is unloaded to have monitored application program, then sends the unloading message of unloaded application to device management server;
Described device management server according in the described unloading information updating terminal applies database about the relevant information of the application program of described unloading.
5. method according to claim 1 is characterized in that, described method also comprises:
Whether equipment house keeper client monitors portable terminal escapes from prison, and escapes from prison if monitor portable terminal, and the feedback information of then will escaping from prison is given device management server;
The portable terminal that device management server will be escaped from prison according to the described information of escaping from prison pipes off, and forbids that the described portable terminal that pipes off normally visits internal network.
6. method according to claim 1 is characterized in that, described method also comprises:
Device management server transmitted traffic amount restricted information is to equipment house keeper client;
Equipment house keeper client is added up the same day and of that month flow behaviour in service every day, and shows the flow reminder message according to described flow behaviour in service and described flow amount restricted information.
7. method according to claim 6 is characterized in that, adds up the same day and of that month flow behaviour in service described every day, and shows that according to described flow behaviour in service and described flow amount restricted information the flow reminder message comprises:
Add up every day of that month honeycomb flow that the user uses and the same day wifi flow;
If the honeycomb flow of statistics reaches first preset proportion of of that month honeycomb flow amount, then show and carry the reminder message of saving flow;
If the honeycomb flow of statistics reaches second preset proportion of of that month honeycomb flow amount, show then and carry the reminder message that amount is about to use up that described second preset proportion is greater than described first preset proportion;
If the wifi flow of statistics greater than the 3rd preset proportion of wifi flow amount on the same day, then shows the reminder message of carrying the wifi use traffic.
8. a portable terminal closes the rule auditing system, it is characterized in that, comprising: at least one equipment house keeper client and device management server, described equipment house keeper client are installed on the portable terminal that inserts Intranet;
Described equipment house keeper client, for the application program of installing on the end of scan operating system, and the application message of each application program that will scan feeds back to device management server; Whether monitoring has application program unloaded, if it is unloaded to have monitored application program, then sends the unloading message of unloaded application to device management server; Whether the monitoring portable terminal escapes from prison, and escapes from prison if monitor portable terminal, and the feedback information of then will escaping from prison is given device management server;
Described device management server is used for Health Category definite according to the application message of obtaining and described application message corresponding application program, and described Health Category is sent to described equipment house keeper client; According in the described unloading information updating terminal applies database about the relevant information of the application program of described unloading; The portable terminal that to escape from prison according to the described information of escaping from prison pipes off, and forbids that the described portable terminal that pipes off normally visits internal network; Transmitted traffic amount restricted information is to equipment house keeper client;
Described equipment house keeper client also is used for showing or do not show the unloading notice according to the Health Category that receives, so that the user is according to the unloading notice unloading corresponding application program of described demonstration; Add up the same day and of that month flow behaviour in service every day, and show the flow reminder message according to described flow behaviour in service and described flow amount restricted information.
9. system according to claim 8 is characterized in that, critical, malice, normal, unknown that described Health Category comprises.
10. system according to claim 9 is characterized in that, described equipment house keeper client comprises:
Scanning element is used for the application program of installing on the end of scan operating system obtaining the application message of each application program, but and treat that the network time spent feeds back to device management server with the application message of obtaining;
The first monitoring transmitting element, whether be used for monitoring has application program unloaded, if it is unloaded to have monitored application program, but the application program of record unloading and treat that the network time spent sends the unloading message of unloaded application to device management server then;
Whether the second monitoring transmitting element is used for the monitoring portable terminal and escapes from prison, and escapes from prison if monitor portable terminal, but then records the portable terminal of being escaped from prison and treat that the network time spent feedback information of will escaping from prison gives device management server;
Display unit is used for showing that when described Health Category when being critical carrying the unloading that unloads application program at once notifies; When described Health Category is malice, shows and carry the unloading notice that unloads application program as early as possible; When described Health Category when being normal or unknown, do not show the unloading notice.
Statistic unit, be used for adding up every day of that month honeycomb flow that the user uses and the same day wifi flow; If the honeycomb flow of statistics reaches first preset proportion of of that month honeycomb flow amount, then show and carry the reminder message of saving flow; If the honeycomb flow of statistics reaches second preset proportion of of that month honeycomb flow amount, show then and carry the reminder message that amount is about to use up that described second preset proportion is greater than described first preset proportion; If the wifi flow of statistics greater than the 3rd preset proportion of wifi flow amount on the same day, then shows the reminder message of carrying the wifi use traffic.
11. method according to claim 10 is characterized in that, obtains described normal health grade or unknown Health Category by the grade record of inquiring about in the described equipment house keeper client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101457734A CN103269335A (en) | 2013-04-24 | 2013-04-24 | Method and system for compliance audit of movable terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101457734A CN103269335A (en) | 2013-04-24 | 2013-04-24 | Method and system for compliance audit of movable terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103269335A true CN103269335A (en) | 2013-08-28 |
Family
ID=49012944
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013101457734A Pending CN103269335A (en) | 2013-04-24 | 2013-04-24 | Method and system for compliance audit of movable terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103269335A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008034A (en) * | 2014-05-12 | 2014-08-27 | 可牛网络技术(北京)有限公司 | Monitoring software uninstalling method and device |
| CN104065728A (en) * | 2014-06-27 | 2014-09-24 | 珠海市君天电子科技有限公司 | State information control method, related equipment and related system |
| CN105224397A (en) * | 2015-10-30 | 2016-01-06 | 中国民生银行股份有限公司 | Intelligence POS management method and device |
| CN107438078A (en) * | 2017-08-17 | 2017-12-05 | 四川长虹电器股份有限公司 | One kind applies security protection system and method |
| CN107992748A (en) * | 2017-11-22 | 2018-05-04 | 江苏神州信源系统工程有限公司 | A kind of software control method and device |
| CN108829408A (en) * | 2018-06-19 | 2018-11-16 | 北京金山安全软件有限公司 | APP identification method and device, electronic equipment and medium |
| CN114489884A (en) * | 2021-12-21 | 2022-05-13 | 天翼云科技有限公司 | Application management method and device based on cloud desktop |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020103886A1 (en) * | 2000-12-04 | 2002-08-01 | International Business Machines Corporation | Non-local aggregation of system management data |
| CN101083554A (en) * | 2006-06-01 | 2007-12-05 | 华为技术有限公司 | Method, terminal equipment and equipment management system for assisting management of terminal equipment |
| CN101820641A (en) * | 2010-01-11 | 2010-09-01 | 华为终端有限公司 | Method and device for controlling data traffic |
| CN102638617A (en) * | 2012-03-30 | 2012-08-15 | 中国科学技术大学苏州研究院 | Active response system based on intrusion detection for Android mobile phones |
| CN102831338A (en) * | 2012-06-28 | 2012-12-19 | 北京奇虎科技有限公司 | Security detection method and system of Android application program |
-
2013
- 2013-04-24 CN CN2013101457734A patent/CN103269335A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020103886A1 (en) * | 2000-12-04 | 2002-08-01 | International Business Machines Corporation | Non-local aggregation of system management data |
| CN101083554A (en) * | 2006-06-01 | 2007-12-05 | 华为技术有限公司 | Method, terminal equipment and equipment management system for assisting management of terminal equipment |
| CN101820641A (en) * | 2010-01-11 | 2010-09-01 | 华为终端有限公司 | Method and device for controlling data traffic |
| CN102638617A (en) * | 2012-03-30 | 2012-08-15 | 中国科学技术大学苏州研究院 | Active response system based on intrusion detection for Android mobile phones |
| CN102831338A (en) * | 2012-06-28 | 2012-12-19 | 北京奇虎科技有限公司 | Security detection method and system of Android application program |
Non-Patent Citations (1)
| Title |
|---|
| 彭国军等: ""移动智能终端安全威胁分析与防护研究"", 《信息网络安全》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008034A (en) * | 2014-05-12 | 2014-08-27 | 可牛网络技术(北京)有限公司 | Monitoring software uninstalling method and device |
| CN104065728A (en) * | 2014-06-27 | 2014-09-24 | 珠海市君天电子科技有限公司 | State information control method, related equipment and related system |
| CN104065728B (en) * | 2014-06-27 | 2017-11-07 | 珠海市君天电子科技有限公司 | A kind of status information control method and relevant device, system |
| CN105224397A (en) * | 2015-10-30 | 2016-01-06 | 中国民生银行股份有限公司 | Intelligence POS management method and device |
| CN107438078A (en) * | 2017-08-17 | 2017-12-05 | 四川长虹电器股份有限公司 | One kind applies security protection system and method |
| CN107438078B (en) * | 2017-08-17 | 2020-11-03 | 四川长虹电器股份有限公司 | Application safety protection system and method |
| CN107992748A (en) * | 2017-11-22 | 2018-05-04 | 江苏神州信源系统工程有限公司 | A kind of software control method and device |
| CN108829408A (en) * | 2018-06-19 | 2018-11-16 | 北京金山安全软件有限公司 | APP identification method and device, electronic equipment and medium |
| CN114489884A (en) * | 2021-12-21 | 2022-05-13 | 天翼云科技有限公司 | Application management method and device based on cloud desktop |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103269335A (en) | Method and system for compliance audit of movable terminal | |
| CN109460660B (en) | Mobile device safety management system | |
| US20120284790A1 (en) | Live service anomaly detection system for providing cyber protection for the electric grid | |
| CN102446259B (en) | Component access control method and electronic equipment | |
| CN103646215A (en) | Application installation control method, related system and related device | |
| CN103246834B (en) | Control method and electronic equipment | |
| US8626121B2 (en) | Tracking mobile communication devices | |
| CN102149092A (en) | Method and device for processing user illegal access | |
| CN103577750A (en) | Privacy authority management method and device | |
| CN102090019A (en) | Automatically distributed network protection | |
| CN104462997A (en) | Method, device and system for protecting work data in mobile terminal | |
| CN101198121B (en) | Authentication method for limiting mobile phone without using by others | |
| CN102724355A (en) | Garbage information processing method and mobile phone termina | |
| CN112419130B (en) | Emergency response system and method based on network security monitoring and data analysis | |
| CN103248613B (en) | Method and device for controlling network access of application program | |
| CN104348817A (en) | User account protection method and user account protection device | |
| CN101242658A (en) | Mobile information multi-layer network secure auditing system | |
| CN103778379B (en) | Application in management equipment performs and data access | |
| CN106778331A (en) | A kind of monitoring method of application program, apparatus and system | |
| CN106325993A (en) | Freezing method of application program and terminal | |
| CN101877848A (en) | Mobile terminal, mobile terminal data protection method and mobile terminal monitoring system | |
| CN108667802A (en) | A kind of monitoring method and system of electric power application network safety | |
| CN103067246A (en) | Method and apparatus used for processing file received based on instant communication service | |
| CN102523345A (en) | Time-based management method and system for contact person in mobile equipment | |
| CN107644153A (en) | Document management method and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130828 |
|
| RJ01 | Rejection of invention patent application after publication |