CN103312676B - Terminal, server and terminal safety management method - Google Patents

Terminal, server and terminal safety management method Download PDF

Info

Publication number
CN103312676B
CN103312676B CN201210068216.2A CN201210068216A CN103312676B CN 103312676 B CN103312676 B CN 103312676B CN 201210068216 A CN201210068216 A CN 201210068216A CN 103312676 B CN103312676 B CN 103312676B
Authority
CN
China
Prior art keywords
terminal
server
information
authority
solicited message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210068216.2A
Other languages
Chinese (zh)
Other versions
CN103312676A (en
Inventor
刘灵新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201210068216.2A priority Critical patent/CN103312676B/en
Publication of CN103312676A publication Critical patent/CN103312676A/en
Application granted granted Critical
Publication of CN103312676B publication Critical patent/CN103312676B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a kind of terminal, including:Communication unit, checking solicited message is sent to server, and receives the priority assignation information corresponding to checking solicited message from server;Processing unit, according to the priority assignation information from communication unit, configures corresponding terminal authorization and sets.Correspondingly, present invention also offers a kind of server and a kind of terminal safety management method.By the technical scheme, the information security issue that mobile terminal is brought can be solved, effectively ensure the information security in region to be protected.

Description

Terminal, server and terminal safety management method
Technical field
The present invention relates to electronic security(ELSEC) technical field, in particular to a kind of terminal, a kind of server and a kind of terminal Method for managing security.
Background technology
With the development of science and technology, modern enterprise is increasingly paid attention to information security, each enterprise thinks methods various to the greatest extent to prevent The only leakage of information, desktop security, filtrating mail etc..But the control to mobile terminal is very limited, existing information safety Control can not be bundled organically with mobile terminal, it is possible to cause information to be revealed from mobile terminal.Enterprise is often through limitation person Work and correspondents reach the purpose for ensuring information safety using the mode of mobile terminal, but so often to employee and contact Client causes many inconvenience.
Accordingly, it would be desirable to a kind of new safety management technology, can effectively solve the information security that mobile terminal is brought Problem, effectively ensures the information security in region to be protected.
The content of the invention
The technical problems to be solved by the invention are, there is provided a kind of new safety management technology, can effectively solve The information security issue that mobile terminal is brought, effectively ensures the information security in region to be protected.
In view of this, the invention provides a kind of terminal, including:Communication unit, checking solicited message is sent to service Device, and receive the priority assignation information corresponding to the checking solicited message from the server;Processing unit, according to from institute The priority assignation information of communication unit is stated, corresponding terminal authorization is configured and is set.In the technical scheme, can be by near Information exchange between field communication (NFC, Near Field Communication) equipment realizes the limit to terminal operation authority System, such as, by reading the checking solicited message in mobile phone, server issues corresponding authority, passes through according to the identity of user The authority of limiting terminal user, prevents the information of enterprise from being leaked by terminal, so as to effectively ensure the information security of enterprise. Here checking solicited message includes IMSI yards of (International Mobile of mobile phone Subscriberldentification Number, international mobile subscriber identity), IMEI code (International Mobile Equipment Identity International Mobile Equipment Identities code), phone number, preset accounts information in mobile phone etc..
In the above-mentioned technical solutions, it is preferable that the process that the processing unit configures the terminal authorization setting is specifically wrapped Include:Modification terminal system is set, the application programming interface of limiting terminal is called and/or monitor terminal is operated.In the technology In scheme, here for the limitation of authority, such as do not allow execution to take pictures, converse, can specifically be installed by terminal Supporting management program, the then after management program reads the Permission Levels of its acquisition, by such as API (Application Programming Interface, application program edition interface) call, the application of clicking operation etc. is monitored, you can understand Whether the program being currently up meets jurisdictions mandate, and allows it to run or close by force.
In the above-mentioned technical solutions, it is preferable that described terminal, also include:Position acquisition unit, obtains the terminal Real time position;Whether position judgment unit, according to the real time position that the position acquisition unit is obtained, judge the terminal Into or leave default specific region, if so, the checking solicited message is sent to the clothes by the communication unit then Business device;And the communication unit is additionally operable to:The spy is left for the terminal in the judged result of the position judgment unit In the case of determining region, receive the authority from the server and recover order;The processing unit is additionally operable to:According to from institute The authority for stating communication unit recovers order, cancels the authority limitation to the terminal.In the technical scheme, according to terminal The position of user determines the need for limiting the authority of its terminal, when the user of terminal enters comparatively important, information During level of security region higher, then rights management is carried out to its terminal, limits its access right, for example, do not allow to take pictures, Recover the access right of its terminal again when the user leaves the region;By the technical scheme, end can be neatly controlled The access right of user is held, while enterprise information security is effectively ensured, can also farthest facilitate terminal to make Use of the user to terminal.
In the above-mentioned technical solutions, it is preferable that described terminal, also include:Recording unit, is located at described in the terminal During specific region, the usage record of the terminal is generated;And the communication unit is additionally operable to:The spy is left in the terminal When determining region, the usage record is sent to the server.In the technical scheme, when being in specific region for terminal Service condition carry out recording and sending to server, further optimize the scheme of security assurance information, there is unexpected shape During condition, can be by checking the usage record of each terminal, the convenient treatment to unexpected situation can more effectively ensure enterprise Information security.
In the above-mentioned technical solutions, it is preferable that the application function in the terminal is preset with Permission Levels, then the treatment Unit includes:Access right obtains subelement, obtains the Permission Levels of the application function in the terminal;And function disabling Unit, is set according to the terminal authorization, and No starting Permission Levels are less than the corresponding Permission Levels of the priority assignation information Application function.In the technical scheme, by the way that the setting of Permission Levels is carried out to all of application program in terminal in advance, from And after obtaining current Permission Levels, the Permission Levels that can correspond directly to program are read out, and are allowed or forbidden The management of unlatching.
Present invention also offers a kind of server, including:Memory cell, priority assignation information and checking solicited message are entered Row is stored correspondingly;Information transmission unit, receives the checking solicited message for carrying out self terminal, and self-validation unit in future is right The priority assignation information of checking solicited message described in Ying Yu is sent to the terminal;And the authentication unit, according to from institute The checking solicited message of information transmission unit is stated, corresponding priority assignation information is obtained from the memory cell.At this In technical scheme, server issues corresponding operating right to terminal, to different bodies by obtaining the checking solicited message of terminal The people of part can make control of authority more accurate, by limiting terminal user to that should have respective due authority in the server Authority, prevent the information of enterprise from being leaked by terminal, it is achieved thereby that effectively ensureing the information security of enterprise.
In the above-mentioned technical solutions, it is preferable that described server, also include:Setting unit, sets the model of specific region Enclose so that the terminal is sent to the server checking solicited message when entering or leaving the specific region; Authority recovery unit, the checking request sent when the terminal leaves the specific region is received in described information transmission unit During information, generation authority recovers order, and is sent to the terminal by described information transmission unit;And described information transmission is single Unit is additionally operable to:The usage record from the terminal is received, the usage record includes that the terminal is located at the specific region When service condition.In the technical scheme, the position according to terminal user determines the need for limiting the authority of its terminal, When the user of terminal enters the comparatively important, region that information security rank is higher, then authority pipe is carried out to its terminal Reason, limits its access right, for example, do not allow to take pictures, and recovers the right to use of its terminal again when the user leaves the region Limit;By the technical scheme, can neatly control terminal user access right, effectively ensureing enterprise information security While, can also farthest facilitate use of the terminal user to terminal;In addition, server also records terminal specific Service condition during region, further optimizes the scheme of security assurance information, when there is unexpected situation, can be by checking The usage record of each terminal, the convenient treatment to unexpected situation can more effectively ensure the information security of enterprise.
Present invention also offers a kind of terminal safety management method, including:Step 202, terminal sends out checking solicited message Deliver to server;Step 204, the server is verified according to the checking solicited message for receiving to the terminal And generate corresponding priority assignation information;Step 206, the server sends to the terminal priority assignation information; Step 208, the terminal configures corresponding terminal authorization and sets according to the priority assignation information for receiving.In the technology In scheme, the limitation that can realize to terminal operation authority by information exchange between near-field communication device, such as by reading The checking solicited message in mobile phone is taken, server is issued corresponding authority, used by limiting terminal according to the identity of user The authority of person, prevents the information of enterprise from being leaked by terminal, so as to effectively ensure the information security of enterprise.Here checking please Ask IMSI yards of information including mobile phone, IMEI code, phone number, etc. preset accounts information in mobile phone.
In the above-mentioned technical solutions, it is preferable that be specially in the step 208:Terminal according to the priority assignation information, Set by changing terminal system, the application programming interface of limiting terminal is called and/or monitor terminal operative configuration terminal Function privilege is set.In the technical scheme, here for the limitation of authority, such as execution is not allowed to take pictures, converse, specifically Then after the management program reads the Permission Levels of its acquisition, can be passed through by installing supporting management program in terminal Such as application of API Calls, clicking operation etc. is monitored, you can whether the program that understanding is currently up meets authority will Ask, and allow it to run or close by force.
In the above-mentioned technical solutions, it is preferable that before the step 202, also include:Specific region is set;Obtain described The real time position of terminal, and judge whether the terminal enters the specific region, if so, then performing the step 202;And After the step 208, also include:If the terminal leaves the specific region, the terminal is by the checking request Information is sent to the server;And the server is after being proved to be successful, authority is recovered into order and is sent to the terminal, Cancel the authority limitation to the terminal.In the technical scheme, the position according to terminal user determines the need for limitation The authority of its terminal, when the user of terminal enters the comparatively important, region that information security rank is higher, then to its end End carries out rights management, limits its access right, for example, do not allow to take pictures, and it is recovered again when the user leaves the region The access right of terminal;By the technical scheme, can neatly control terminal user access right, effectively ensureing While enterprise information security, can also farthest facilitate use of the terminal user to terminal.
In the above-mentioned technical solutions, it is preferable that described terminal safety management method, also include:Generate the terminal position The usage record when specific region, and when the terminal leaves the specific region, the usage record is sent To the server.In the technical scheme, service condition when being in specific region for terminal carries out recording and sending extremely Server, further optimizes the scheme of security assurance information, when there is unexpected situation, can be by checking making for each terminal With record, conveniently the treatment to unexpected situation, can more effectively ensure the information security of enterprise.
In the above-mentioned technical solutions, it is preferable that the application function in the terminal is preset with Permission Levels, then the step 208 specifically include:The terminal is set according to the terminal authorization, and No starting Permission Levels are less than the priority assignation information The application function of corresponding Permission Levels.In the technical scheme, by being weighed to all of application program in terminal in advance The setting of grade is limited, so that after obtaining current Permission Levels, the Permission Levels that can correspond directly to program are read out, and Allowed or forbidden the management opened.
In the above-mentioned technical solutions, it is preferable that before the step 202, also include:By Permission Levels and checking request Information is stored correspondingly.In the technical scheme, the people to different identity can each should to that should have in the server Some authorities, make control of authority more accurate, by the authority of limiting terminal user, prevent the information of enterprise from being let out by terminal Leakage, it is achieved thereby that effectively ensureing the information security of enterprise.
In sum, the present invention issues corresponding authority for the checking solicited message in terminal, is made by limiting terminal The authority of user, prevents the information of enterprise from being leaked by terminal, can effectively ensure the information security of enterprise;Can also be for Different terminals carry out different restrictions in the authority of different zones, while enterprise information security is effectively ensured, can be with Farthest facilitate use of the terminal user to terminal;Service condition of the terminal also to it in specific region is recorded And send to server, the comprehensive control to the SOT state of termination is realized, further ensure the information security of enterprise;In addition, right The terminal of access right rank is preset with itself application function, its operating right can be more easily limited, makes control of authority It is more convenient, effective.
Brief description of the drawings
Fig. 1 shows the block diagram of terminal according to an embodiment of the invention;
Fig. 2 shows the block diagram of server according to an embodiment of the invention;
Fig. 3 shows the block diagram of Information Security Management System according to an embodiment of the invention;
Fig. 4 shows the flow chart of terminal safety management method according to an embodiment of the invention;
Fig. 5 is the particular flow sheet that terminal and server ensure enterprise information security according to an embodiment of the invention.
Specific embodiment
It is below in conjunction with the accompanying drawings and specific real in order to be more clearly understood that the above objects, features and advantages of the present invention Mode is applied to be further described in detail the present invention.
Many details are elaborated in the following description in order to fully understand the present invention, but, the present invention may be used also Implemented with being different from other modes described here using other, therefore, the present invention is not limited to following public specific reality Apply the limitation of example.
Fig. 1 shows the block diagram of terminal according to embodiments of the present invention.
As shown in figure 1, the invention provides a kind of terminal 100, including:Communication unit 102, checking solicited message is sent To server, and the priority assignation information corresponding to checking solicited message is received from the server;Processing unit 104, according to next From the priority assignation information of communication unit 102, configure corresponding terminal authorization and set.In the technical scheme, can be by near Information exchange between the communication apparatus of field realizes the limitation to terminal operation authority, such as by reading the checking request in mobile phone Information, server issues corresponding authority according to the identity of user, by the authority of limiting terminal user, prevents enterprise Information is leaked by terminal, so as to effectively ensure the information security of enterprise.Here checking solicited message includes mobile phone IMSI yards, IMEI code, phone number, preset accounts information in mobile phone etc..
In the above-mentioned technical solutions, the process of the configurating terminal priority assignation of processing unit 104 is specifically included:Modification terminal system System is set, the application programming interface of limiting terminal is called and/or monitor terminal is operated.It is right here in the technical scheme In the limitation of authority, such as execution is not allowed to take pictures, converse, specifically can be by installing supporting management on the terminal 100 Program, the then after management program reads the Permission Levels of its acquisition, by such as application of API Calls, clicking operation etc. It is monitored, you can understand whether the program being currently up meets jurisdictions mandate, and allows it to run or close by force.
In the above-mentioned technical solutions, terminal 100 also includes:Position acquisition unit 106, obtains the real time position of terminal 100; Position judgment unit 108, according to the real time position that position acquisition unit 106 is obtained, judges whether terminal 100 enters or leave pre- If specific region, if so, checking solicited message is sent to server by communication unit 102 then;And communication unit 102 is also For:In the case where the judged result of position judging unit 106 leaves specific region for terminal 100, receive and come from server Authority recover order;Processing unit 104 is additionally operable to:Order is recovered according to the authority from communication unit 102, is cancelled to terminal 100 authority limitation.In the technical scheme, the position according to terminal user determines the need for limiting its terminal 100 Authority, when the user of terminal 100 enters the comparatively important, region that information security rank is higher, then to its terminal 100 Rights management is carried out, its access right is limited, for example, does not allow to take pictures, recover its end again when the user leaves the region The access right at end;By the technical scheme, can neatly control terminal user access right, effectively ensureing enterprise While industry information security, can also farthest facilitate use of the terminal user to terminal 100.
In the above-mentioned technical solutions, terminal 100 also includes:Recording unit 110, it is raw when terminal 100 is located at specific region Into the usage record of terminal 100;And communication unit 102 is additionally operable to:When terminal 100 leaves specific region, by usage record Send to server.In the technical scheme, service condition when being in specific region for terminal 100 carries out recording and sending To server, the scheme of security assurance information is further optimized, when there is unexpected situation, can be by checking each terminal 100 usage record, the convenient treatment to unexpected situation can more effectively ensure the information security of enterprise.
In the above-mentioned technical solutions, the application function in terminal 100 is preset with Permission Levels, then processing unit 104 includes: Access right obtains subelement 104A, obtains the Permission Levels of the application function in terminal 100;And function disabling subelement 104B, is set according to terminal authorization, application work(of the No starting Permission Levels less than the corresponding Permission Levels of priority assignation information Energy.In the technical scheme, by carrying out the setting of Permission Levels to all of application program in terminal 100 in advance, so as to obtain After taking current Permission Levels, the Permission Levels that can correspond directly to program are read out, and are allowed or forbidden opening Management.
Fig. 2 shows the block diagram of server according to an embodiment of the invention.
Present invention also offers a kind of server 200, including:Memory cell 202, by priority assignation information and checking request Information is stored correspondingly;Information transmission unit 204, receives the checking solicited message for carrying out self terminal, and will be from testing The priority assignation information corresponding to checking solicited message for demonstrate,proving unit 206 is sent to terminal;And authentication unit 206, according to next The checking solicited message of self-information transmission unit 204, obtains corresponding priority assignation information from memory cell 202.In the skill In art scheme, server 200 issues corresponding operating right to terminal, to difference by obtaining the checking solicited message of terminal The people of identity can make control of authority more accurate in server 200 to that should have respective due authority, be made by limiting terminal The authority of user, prevents the information of enterprise from being leaked by terminal, it is achieved thereby that effectively ensureing the information security of enterprise.
In the above-mentioned technical solutions, server 200 also includes:Setting unit 208, sets the scope of specific region so that Terminal is sent to server 200 checking solicited message when entering or leaving specific region;Authority recovery unit 210, in letter When breath transmission unit 204 receives terminal and leaves the checking solicited message sent during specific region, generation authority recovers order, and Sent to terminal by information transmission unit 204;And information transmission unit 204 is additionally operable to:The usage record for carrying out self terminal is received, Service condition when usage record includes terminal positioned at specific region.In the technical scheme, according to the position of terminal user Determine the need for limiting the authority of its terminal, when the user of terminal is higher into comparatively important, information security rank Region when, then rights management is carried out to its terminal, limit its access right, do not allow for example to take pictures, when the user from Recover the access right of its terminal when opening the region again;By the technical scheme, neatly control terminal user can make With authority, while enterprise information security is effectively ensured, can also farthest facilitate terminal user to terminal Use;In addition, server 200 also records service condition of the terminal at specific region, security assurance information is further optimized Scheme, when there is unexpected situation, can be by checking the usage record of each terminal, the convenient treatment to unexpected situation can More effectively to ensure the information security of enterprise.
Fig. 3 shows the block diagram of Information Security Management System according to embodiments of the present invention.
As shown in figure 3, Information Security Management System 300 according to embodiments of the present invention, including terminal as shown in Figure 1 100 and server 200 as shown in Figure 2.Wherein, terminal 100 includes:Communication unit 102, checking solicited message is sent to clothes Business device 200, and receive the priority assignation information corresponding to checking solicited message from the server 200;Processing unit 104, according to Priority assignation information from communication unit 102, configures corresponding terminal authorization and sets.In the technical scheme, can pass through Information exchange between near-field communication device realizes the limitation to terminal operation authority, for example please by reading the checking in mobile phone Information is sought, server 200 issues corresponding authority according to the identity of user, by the authority of limiting terminal user, prevents The information of enterprise is leaked by terminal, so as to effectively ensure the information security of enterprise.Here checking solicited message includes hand IMSI yards of machine, IMEI code, phone number, preset accounts information in mobile phone etc..
In the above-mentioned technical solutions, the process of the configurating terminal priority assignation of processing unit 104 is specifically included:Modification terminal system System is set, the application programming interface of limiting terminal is called and/or monitor terminal is operated.It is right here in the technical scheme In the limitation of authority, such as execution is not allowed to take pictures, converse, specifically can be by installing supporting management on the terminal 100 Program, the then after management program reads the Permission Levels of its acquisition, by such as application of API Calls, clicking operation etc. It is monitored, you can understand whether the program being currently up meets jurisdictions mandate, and allows it to run or close by force.
In the above-mentioned technical solutions, terminal 100 also includes:Position acquisition unit 106, obtains the real time position of terminal 100; Position judgment unit 108, according to the real time position that position acquisition unit 106 is obtained, judges whether terminal 100 enters or leave pre- If specific region, if so, checking solicited message is sent to server 200 by communication unit 102 then;And communication unit 102 are additionally operable to:In the case where the judged result of position judging unit 106 leaves specific region for terminal 100, receive from clothes The authority of business device 200 recovers order;Processing unit 104 is additionally operable to:Order is recovered according to the authority from communication unit 102, is taken The authority limitation disappeared to terminal 100.In the technical scheme, the position according to terminal user determines the need for limiting its end The authority at end 100, when the user of terminal 100 enters the comparatively important, region that information security rank is higher, then to it Terminal 100 carries out rights management, limits its access right, for example, do not allow to take pictures, when the user leaves the region again Recover the access right of its terminal;By the technical scheme, can neatly control terminal user access right, effective While ground ensures enterprise information security, can also farthest facilitate use of the terminal user to terminal 100.
In the above-mentioned technical solutions, terminal 100 also includes:Recording unit 110, it is raw when terminal 100 is located at specific region Into the usage record of terminal 100;And communication unit 102 is additionally operable to:When terminal 100 leaves specific region, by usage record Send to server 200.In the technical scheme, service condition when being in specific region for terminal 100 is recorded simultaneously Send to server 200, further optimize the scheme of security assurance information, when there is unexpected situation, can be by checking The usage record of each terminal 100, the convenient treatment to unexpected situation can more effectively ensure the information security of enterprise.
In the above-mentioned technical solutions, the application function in terminal 100 is preset with Permission Levels, then processing unit 104 includes: Access right obtains subelement 104A, obtains the Permission Levels of the application function in terminal 100;And function disabling subelement 104B, is set according to terminal authorization, application work(of the No starting Permission Levels less than the corresponding Permission Levels of priority assignation information Energy.In the technical scheme, by carrying out the setting of Permission Levels to all of application program in terminal 100 in advance, so as to obtain After taking current Permission Levels, the Permission Levels that can correspond directly to program are read out, and are allowed or forbidden opening Management.
Server 200 includes:Memory cell 202, priority assignation information and checking solicited message are carried out correspondingly Storage;Information transmission unit 204, receives the checking solicited message of the first near-field communication device for carrying out self terminal 100, and will come from The priority assignation information corresponding to checking solicited message of authentication unit 206 is sent to terminal 100;And authentication unit 206, root According to the checking solicited message from information transmission unit 204, corresponding priority assignation information is obtained from memory cell 202. In the technical scheme, server 200 issues corresponding operating rights by obtaining the checking solicited message of terminal 100 to terminal 100 Limit, the people to different identity can make control of authority more accurate in server 200 to that should have respective due authority, pass through The authority of limiting terminal user, prevents the information of enterprise from being leaked by terminal, it is achieved thereby that effectively ensureing the letter of enterprise Breath safety.
In the above-mentioned technical solutions, server 200 also includes:Setting unit 208, sets the scope of specific region so that Terminal 100 is sent to server 200 checking solicited message when entering or leaving specific region;Authority recovery unit 210, When information transmission unit 204 receives the checking solicited message sent when terminal 100 leaves specific region, generation authority is recovered Order, and sent to terminal 100 by information transmission unit 204;And information transmission unit 204 is additionally operable to:Receive and carry out self terminal 100 usage record, service condition when usage record includes terminal 100 positioned at specific region.In the technical scheme, according to The position of terminal user determines the need for limiting the authority of its terminal 100, when the user of terminal 100 enters comparatively During the important, region that information security rank is higher, then rights management is carried out to its terminal 100, limit its access right, for example not Allow to take pictures, recover the access right of its terminal 100 again when the user leaves the region;By the technical scheme, can With the access right of neatly control terminal user, while enterprise information security is effectively ensured, can be with maximum journey Degree ground facilitates use of the terminal user to terminal 100;In addition, server 200 also records the making at specific region of terminal 100 With situation, the scheme of security assurance information is further optimized, when there is unexpected situation, can be by checking each terminal 100 Usage record, the convenient treatment to unexpected situation can more effectively ensure the information security of enterprise.
Fig. 4 shows the flow chart of terminal safety management method according to an embodiment of the invention.
Present invention also offers a kind of terminal safety management method, including:Step 402, terminal sends out checking solicited message Deliver to server;Step 404, server is verified and generated corresponding according to the checking solicited message for receiving, to terminal Priority assignation information;Step 406, server sends to terminal priority assignation information;Step 408, terminal is according to receiving Priority assignation information, configures corresponding terminal authorization and sets.In the technical scheme, can be by between near-field communication device Information exchange realizes limitation to terminal operation authority, such as by reading the checking solicited message in mobile phone, server according to The identity of user issues corresponding authority, by the authority of limiting terminal user, prevents the information of enterprise from being let out by terminal Leakage, so as to effectively ensure the information security of enterprise.Here IMSI yards including mobile phone of checking solicited message, IMEI code, hand Preset accounts information etc. in machine number, mobile phone.
In the above-mentioned technical solutions, it is specially in step 408:Terminal according to priority assignation information, by changing terminal system System is set, the application programming interface of limiting terminal is called and/or monitor terminal operative configuration termination function priority assignation. In the technical scheme, here for the limitation of authority, such as execution is not allowed to take pictures, converse, specifically can be by terminal It is upper that supporting management program is installed, then after the management program reads the Permission Levels of its acquisition, by such as API Calls, Application of clicking operation etc. is monitored, you can understand whether the program being currently up meets jurisdictions mandate, and allows it to run Or close by force.
In the above-mentioned technical solutions, before step 402, also include:Specific region is set;The real time position of terminal is obtained, And judge whether terminal enters specific region, if so, then performing step 402;And after step 408, also include:If terminal Specific region is left, then terminal sends to server checking solicited message;It is and server is after being proved to be successful, authority is extensive Order of reporting on completion of a task is sent to terminal, cancels the authority limitation to terminal.In the technical scheme, the position according to terminal user determines Whether need to limit the authority of its terminal, when the user of terminal enters the comparatively important, area that information security rank is higher During domain, then rights management is carried out to its terminal, limit its access right, for example, do not allow to take pictures, when the user leaves this Recover the access right of its terminal during region again;By the technical scheme, can neatly control terminal user the right to use Limit, while enterprise information security is effectively ensured, can also farthest facilitate use of the terminal user to terminal.
In the above-mentioned technical solutions, terminal safety management method also includes:Generation terminal is located at use during specific region Record, and when terminal leaves specific region, usage record is sent to server.In the technical scheme, for end Service condition when specific region carries out recording and sending to server, further optimizes the scheme of security assurance information, When there is unexpected situation, can be by checking the usage record of each terminal, the convenient treatment to unexpected situation can be more effective Ground ensures the information security of enterprise.
In the above-mentioned technical solutions, the application function in terminal is preset with Permission Levels, then step 408 is specifically included:Eventually End is set according to terminal authorization, application function of the No starting Permission Levels less than the corresponding Permission Levels of priority assignation information. In the technical scheme, by carrying out the setting of Permission Levels to all of application program in terminal in advance, so as to obtain current Permission Levels after, the Permission Levels that can correspond directly to program are read out, and allowed or forbidden open management.
In the above-mentioned technical solutions, also included before step 402:Permission Levels and checking solicited message are carried out one by one Accordingly store.In the technical scheme, the people to different identity can make power to that should have respective due authority in the server Limit control is more accurate, by the authority of limiting terminal user, prevents the information of enterprise from being leaked by terminal, it is achieved thereby that Effectively ensure the information security of enterprise.
Below by taking visiting personnel's carrying mobile phone Entry Firm Office Area as an example, the technical scheme in the present invention is described in detail.
In the present embodiment, the mobile phone entrained by visiting personnel has the technology of affiliated terminal in technical solution of the present invention special Levy, and the enterprise is then provided with the enterprise security systems including heretofore described server.
When visiting personnel's carrying mobile phone enters Administrative Area, its mobile phone is felt with supervisor (similar to punched-card machine) Should, information (comprising information such as phone number, terminal operating systems) searching, managing machine that supervisor is transmitted according to terminal is connected Enterprise information system to obtain the legal identity and terminal applies authority of the user and send terminal to, if the non-rule of identity It is prohibited from entering specific region and gives a warning;Region can be entered if identity is legal.Which terminal judges further according to application permission A little functions can use (such as camera, short message, online function) and record the end activity summary info in region.When from Automatic terminal institute of recovering is functional when opening, and the information of acquisition is uploaded into supervisor puts on record.
Fig. 5 is the particular flow sheet that terminal according to embodiments of the present invention and server ensure enterprise information security.
Idiographic flow is as shown in Figure 5:
Step 502, the personnel that come to visit sense mobile phone and supervisor.Here supervisor is equivalent to POS etc., wherein wrapping Sensing apparatus containing near-field communication, can be sensed and be received from mobile phone with the near-field communication device in mobile phone Checking solicited message.Meanwhile, supervisor is connected with server, such that it is able to checking solicited message is looked into the server Ask corresponding Permission Levels.It is of course also possible to all of checking solicited message and Permission Levels etc. are stored in supervisor, from And eliminate the construction and management of server.
Step 504, the safety control system on mobile phone obtains the checking solicited message of mobile phone, such as IMSI, IMEI, cell-phone number Code etc..
Step 506, checking solicited message is sent to server by near-field communication device.
Step 508, server determines whether that the visiting personnel enter according to checking solicited message, if it is not allowed, Then go to step 509.Here it is accomplished by advance accordingly being stored checking solicited message with the Permission Levels of setting, so as to Checking solicited message to receiving is inquired about.Specifically, the corresponding member of cellphone information can in the server be pre-registered Work or customer data information and authority information, authority information comprising whether available network services (call, short message, online), if Available terminal built-in device information (camera, bluetooth, wifi, infrared, audio frequency apparatus etc.), whether monitor, whether gone up when leaving Pass operation information etc..
Step 509, refusal cellie enter and give a warning.Here including the insufficient permission of itself personnel or There is no prestored information, the personnel of its authority cannot be confirmed, for without special circumstances such as prestored informations, can such as be unified Pre-set, such as be considered no authority.It is acceptable straight by using the supervisor as the managing device for being similar to " gate inhibition " Meet personnel of the refusal without authority and enter restricted area.It is of course also possible to " door " or " lock " physically is not used, but directly The monitoring virtualized to a certain region, the terminal to entering or leaving the region enters the acquisition and monitoring of row positional information, So as to further be managed.
Step 510, in the case where the visiting personnel allow access into Administrative Area, corresponding authority information is sent to visitor Family end.For example, the checking solicited message of the visiting personnel belongs to " common visitor " classification, then issue corresponding with " common visitor " Authority, it is assumed that do not allow to use mobile phone photograph in the authority.
Step 512, mobile phone is received after the authority that server is issued, and system is set accordingly, and stores end The operation information at end.For example adjusted by monitoring API (Application programming interface application programming interfaces) With the mode such as application of, monitoring clicking operation come the unlatching situation of the application in monitor terminal, so that the application power of limiting terminal Limit.
Step 514, when visiting personnel leave, mobile phone and supervisor is sensed, and nullifies the priority assignation in mobile phone, is recovered Original setting, and operation note to the server of upper transmission terminal backed up.
Step 516, allows the people for holding terminal to leave specific region after completing these operations.Certainly, do not used for above-mentioned In the case of devices such as " doors " or " lock " physically, the not limitation of the step.
To sum up, the present invention issues corresponding authority for the checking solicited message in terminal, by limiting terminal user Authority, prevent the information of enterprise from being leaked by terminal, can effectively ensure the information security of enterprise;Can also be for difference Terminal carries out different restrictions in the authority of different zones, while enterprise information security is effectively ensured, can be with maximum Facilitate to degree use of the terminal user to terminal;Service condition of the terminal also to it in specific region carries out recording concurrent Server is delivered to, the comprehensive control to the SOT state of termination is realized, the information security of enterprise has further been ensured;In addition, for certainly Body application function is preset with the terminal of access right rank, can more easily limit its operating right, makes control of authority more It is convenient, effective.
The preferred embodiments of the present invention are the foregoing is only, is not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.It is all within the spirit and principles in the present invention, made any repair Change, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (10)

1. a kind of terminal, it is characterised in that including:
Communication unit, checking solicited message is sent to server, and is received corresponding to the checking request from the server The priority assignation information of information;
Processing unit, according to the priority assignation information from the communication unit, configures corresponding terminal authorization and sets;
Application function in the terminal is preset with Permission Levels, then the processing unit includes:
Access right obtains subelement, obtains the Permission Levels of the application function in the terminal;And
Function disables subelement, is set according to the terminal authorization, and No starting Permission Levels are less than the priority assignation information The application function of corresponding Permission Levels;And
Position acquisition unit, obtains the real time position of the terminal;
Position judgment unit, according to the real time position that the position acquisition unit is obtained, judges whether the terminal enters Or default specific region is left, if so, the checking solicited message is sent to the server by the communication unit then.
2. terminal according to claim 1, it is characterised in that the processing unit by least one of or its combine The terminal authorization is configured to set:
Modification terminal system is set, the application programming interface of limiting terminal is called, monitor terminal is operated.
3. terminal according to claim 1 and 2, it is characterised in that
The communication unit is additionally operable to:The specific region is left for the terminal in the judged result of the position judgment unit In the case of, receive the authority from the server and recover order;
The processing unit is additionally operable to:Order is recovered according to the authority from the communication unit, is cancelled to the terminal Authority limitation.
4. terminal according to claim 2, it is characterised in that also include:
Recording unit, when the terminal is located at the specific region, generates the usage record of the terminal;And
The communication unit is additionally operable to:When the terminal leaves the specific region, the usage record is sent to described Server.
5. a kind of server, it is characterised in that including:
Memory cell, priority assignation information and checking solicited message are stored correspondingly;
Information transmission unit, receive come self terminal checking solicited message, and self-validation unit in future corresponding to the checking The priority assignation information of solicited message is sent to the terminal;And
The authentication unit, according to the checking solicited message from described information transmission unit, from the memory cell Obtain corresponding priority assignation information;
Setting unit, sets the scope of specific region so that the terminal, will be described when entering or leaving the specific region Checking solicited message is sent to the server.
6. server according to claim 5, it is characterised in that also include:
Authority recovery unit, the checking sent when the terminal leaves the specific region is received in described information transmission unit During solicited message, generation authority recovers order, and is sent to the terminal by described information transmission unit;And
Described information transmission unit is additionally operable to:The usage record from the terminal is received, the usage record includes the end Service condition when end is positioned at the specific region.
7. a kind of terminal safety management method, it is characterised in that including:
Step 202, terminal sends to server checking solicited message;
Step 204, the server verified according to the checking solicited message for receiving, to the terminal and generated it is right The priority assignation information answered;
Step 206, the server sends to the terminal priority assignation information;
Step 208, the terminal configures corresponding terminal authorization and sets according to the priority assignation information for receiving;
Application function in the terminal is preset with Permission Levels, then the step 208 is specifically included:
The terminal is set according to the terminal authorization, and No starting Permission Levels are less than the corresponding power of the priority assignation information Limit the application function of rank;And
Before the step 202, also include:
Specific region is set;
The real time position of the terminal is obtained, and judges whether the terminal enters the specific region, if so, then performing described Step 202.
8. terminal safety management method according to claim 7, it is characterised in that the step 208 is specially:
Terminal is set according to the priority assignation information by least one of or its combination described terminal authorization of configuration:Repair Change terminal system set, the application programming interface of limiting terminal call, monitor terminal operate.
9. the terminal safety management method according to claim 7 or 8, it is characterised in that
After the step 208, also include:
If the terminal leaves the specific region, the terminal sends to the server checking solicited message; And
The server recovers order and sends to the terminal after being proved to be successful, by authority, cancels the authority to the terminal Limitation.
10. terminal safety management method according to claim 8, it is characterised in that also include:
Usage record when generating the terminal positioned at the specific region, and when the terminal leaves the specific region, The usage record is sent to the server.
CN201210068216.2A 2012-03-15 2012-03-15 Terminal, server and terminal safety management method Active CN103312676B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210068216.2A CN103312676B (en) 2012-03-15 2012-03-15 Terminal, server and terminal safety management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210068216.2A CN103312676B (en) 2012-03-15 2012-03-15 Terminal, server and terminal safety management method

Publications (2)

Publication Number Publication Date
CN103312676A CN103312676A (en) 2013-09-18
CN103312676B true CN103312676B (en) 2017-06-20

Family

ID=49137462

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210068216.2A Active CN103312676B (en) 2012-03-15 2012-03-15 Terminal, server and terminal safety management method

Country Status (1)

Country Link
CN (1) CN103312676B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104581720A (en) * 2013-10-22 2015-04-29 沈阳讯网网络科技有限公司 Control method for turning off application function of mobile terminal
WO2015077842A1 (en) * 2013-11-28 2015-06-04 Kortek Industries Pty Ltd Modular wireless power, light and automation control with user verification
CN103646198A (en) * 2013-12-24 2014-03-19 北京奇虎科技有限公司 Method, system and device for locking working region of mobile terminal
CN103945268B (en) * 2014-03-17 2017-10-27 深圳创维-Rgb电子有限公司 A kind of control process method and system based on many account numbers Yu multiple target equipment
CN105205875B (en) * 2014-06-11 2018-11-02 中国移动通信集团公司 A kind of terminal equipment managing method, device, system and relevant device
CN104184738B (en) * 2014-09-01 2018-02-13 宇龙计算机通信科技(深圳)有限公司 The information sharing method of terminal, the information sharing apparatus of terminal and terminal
CN105516060A (en) * 2014-09-25 2016-04-20 宇龙计算机通信科技(深圳)有限公司 Entrance guard system, terminal, cloud server and safety strategy setting method
CN105141595A (en) * 2015-08-13 2015-12-09 陈武雄 System for controlling authority of third-party application of wearable equipment
CN105429966B (en) * 2015-11-04 2019-12-13 浙江宇视科技有限公司 Method and system for acquiring control authority of client to peripheral front-end equipment
CN105740372B (en) * 2016-01-27 2020-11-27 北京金山安全软件有限公司 Data recovery method and device and electronic equipment
CN105653989B (en) * 2016-03-23 2018-09-14 宇龙计算机通信科技(深圳)有限公司 A kind of information leakage preventing method and device
CN107579947A (en) * 2016-07-05 2018-01-12 中兴通讯股份有限公司 A kind of control method, device, server and the mobile terminal of visitor's terminal
CN106803027A (en) * 2016-12-16 2017-06-06 北京奇虎科技有限公司 Application function entrance starts method, device and mobile terminal
WO2019006595A1 (en) * 2017-07-03 2019-01-10 深圳前海达闼云端智能科技有限公司 Control method and apparatus, and electronic device
CN108668282B (en) * 2018-03-29 2021-01-15 努比亚技术有限公司 Information processing method, terminal and computer readable storage medium
CN109756839B (en) * 2018-12-30 2021-03-19 联想(北京)有限公司 Information processing method and first electronic device
CN112528266A (en) * 2020-12-09 2021-03-19 深圳市天彦通信股份有限公司 Visiting registration method and related device
CN112685724B (en) * 2020-12-26 2023-12-15 深圳市天彦通信股份有限公司 Equipment management method and related device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050122435A (en) * 2004-06-24 2005-12-29 주식회사 팬택앤큐리텔 Use restriction method through using a short message service in a mobile communication terminal
CN1829365A (en) * 2006-03-28 2006-09-06 江苏移动通信有限责任公司 User recognition module and method capable of realizing mobile terminal area locking
EP1830513A1 (en) * 2004-12-23 2007-09-05 Huawei Technologies Co., Ltd. A method for implementing the function of the scene security and a system thereof
CN101847299A (en) * 2010-04-02 2010-09-29 深圳市新国都技术股份有限公司 Method for limiting used space of electronic equipment and device thereof

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100448324C (en) * 2005-12-01 2008-12-31 中国移动通信集团公司 System and method for limiting mobile terminal functions
CN101835093B (en) * 2010-04-29 2015-10-21 中兴通讯股份有限公司 A kind of method of automatically banning auxiliary function of mobile terminal
CN101815339A (en) * 2010-05-17 2010-08-25 中兴通讯股份有限公司 Method and system for controlling regional service

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050122435A (en) * 2004-06-24 2005-12-29 주식회사 팬택앤큐리텔 Use restriction method through using a short message service in a mobile communication terminal
EP1830513A1 (en) * 2004-12-23 2007-09-05 Huawei Technologies Co., Ltd. A method for implementing the function of the scene security and a system thereof
CN1829365A (en) * 2006-03-28 2006-09-06 江苏移动通信有限责任公司 User recognition module and method capable of realizing mobile terminal area locking
CN101847299A (en) * 2010-04-02 2010-09-29 深圳市新国都技术股份有限公司 Method for limiting used space of electronic equipment and device thereof

Also Published As

Publication number Publication date
CN103312676A (en) 2013-09-18

Similar Documents

Publication Publication Date Title
CN103312676B (en) Terminal, server and terminal safety management method
CN105915344B (en) A kind of electron key shared service system for house lease
CN104517338B (en) Distance entrance and its implementation based on wireless network
CN107645482A (en) A kind of risk control method and device for business operation
CN106506442A (en) A kind of smart home multi-user identification and its Rights Management System
CN103473844A (en) Intelligent control method and intelligent control system for public rental housing
WO2008092336A1 (en) System and method for realizing remote control to terminal data
CN101521886A (en) Method and device for authenticating terminal and telecommunication smart card
CN103716785A (en) Mobile Internet security service system
US10402558B2 (en) Device restrictions during events
CN106558129A (en) The intelligent entrance guard and attendance checking system of short-distance wireless communication and control method
CN104916024A (en) Communication adapter with unlock key management function
CN105512524A (en) Method and device for controlling access right on terminal device
CN112511484B (en) U shield safety control management system
CN105467948A (en) Security system for community on-site service
CN105006045A (en) NFC cell phone dynamic password entrance guard system and control method thereof
CN205193906U (en) Cell -phone system of opening door based on cloud platform
CN110021091A (en) Access control system control method, access control system and gate inhibition and video monitor linkage system
CN106934300A (en) The safety control and method of a kind of data handling system
CN106411811A (en) Authentication method, system and device of accessing customer service
CN105516060A (en) Entrance guard system, terminal, cloud server and safety strategy setting method
CN106778334A (en) The guard method of account information and mobile terminal
KR101159268B1 (en) On line door lock control system for automatic teller machine
CN106101144A (en) Based on the information transceiving method that intranet and extranet are mutual
CN109859349A (en) A kind of entrance guard authentication method and system based on data SMS technology

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant