CN103546436A - Security control method, terminal, and cloud server - Google Patents
Security control method, terminal, and cloud server Download PDFInfo
- Publication number
- CN103546436A CN103546436A CN201210243542.2A CN201210243542A CN103546436A CN 103546436 A CN103546436 A CN 103546436A CN 201210243542 A CN201210243542 A CN 201210243542A CN 103546436 A CN103546436 A CN 103546436A
- Authority
- CN
- China
- Prior art keywords
- application
- terminal
- cloud server
- authority
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a security control method, a terminal and a cloud server. The method includes: when an application is installed in the terminal, an installation package of the application is uploaded to the cloud server for authentication; the terminal receives authentication analysis results returned by the cloud server and displays the authentication analysis results. Through the use of the security control method, the terminal and the cloud server, safety and reliability for the terminal using the application can be guaranteed effectively.
Description
Technical field
The present invention relates to the communications field, particularly relate to a kind of method of controlling security and terminal, Cloud Server.
Background technology
Along with mobile phone enters the intelligence epoch, on free, open intelligent mobile phone platform, because application developer is more, quality is also uneven, makes its fail safe be difficult to be guaranteed.For example application developer can be passed through exploitation, or utilizes Open Source Code to revise software, contains the malicious code that malice was deducted fees, stolen user privacy information and connects behaviors such as leaking by peripheral hardware, thereby user's mobile phone is caused safely to serious threat to implant.
A little less than the security control ability relative thin of current intelligent mobile phone terminal side, it can only guarantee that stability, data integrity to downloading detect, and cannot effectively verify that source, the shortage of mobile phone application software comprehensively tested and effective authentication mechanism.Also cannot may exist security threat behavior effectively manage and control to rear application program is installed, thereby cannot effectively guarantee the fail safe of mobile phone.Mainly the issue table of existence now in the following areas: 1) owing to being open development platform, therefore to the authority of mobile phone application, use control ratio looser, the authority application developer of the overwhelming majority only need to be stated and can obtain, especially the responsive authority on cell phone apparatus, comprise: the authority that relates to user charges class (comprises transmission message, call, online etc.), user privacy information class authority (comprises short message record, contact person record, message registration, cell phone apparatus information, geographical location information etc.), the local class authority that connects of cell phone apparatus (comprises that WIFI connects, bluetooth connection etc.) etc.2) mobile phone terminal side lacks and effectively differentiates and checking means the trust degree of application software, and application trust degree helps user to judge whether to install application just, and controls the Main Basis that application is used responsive authority.3) in application running, end side is also weaker for the access control ability of responsive authority, and especially it cannot, dynamically according to the assessment and analysis to program actual motion feature, make the adjustment of the control strategy of the alert and resourceful sense of opponent authority access in time.4) there is the problem of upgrading not in time in the conventional Initiative Defense control method based on end side, cannot well adapt to constantly the development of the rogue program of quick and explosive growth, and rogue program just can walk around and avoid the security control of end side easily.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of method of controlling security and terminal, Cloud Server, effectively to guarantee that terminal used the safety and reliability of application.
In order to solve the problems of the technologies described above, the invention provides a kind of method of controlling security, comprising:
Terminal, when application is installed, uploads to Cloud Server by the installation kit of this application and authenticates;
Described terminal receives the authentication that described Cloud Server returns and analyzes after conclusion, shows that described authentication analyzes conclusion.
Further, said method also has feature below: after conclusion is analyzed in the described authentication of described displaying, also comprise:
Described terminal receives and continues to install after the instruction of described application, to described Cloud Server, sends notice is installed;
Described terminal receives the control of authority strategy configuration file corresponding with described application that described Cloud Server sends, and resolves described control of authority strategy configuration file, obtains the permissions list of the required control of described application;
Described permissions list is stored as to local control of authority policy data.
Further, said method also has feature below: after the described permissions list of described storage, also comprise:
Described terminal monitoring after specified right, judges whether described specified right is the authority in described permissions list to described application access, in this way, refuses specified right described in described application access; If not, allow specified right described in described application access.
Further, said method also has feature below: also comprise:
Described terminal is recorded to safe journal file by described application to the access situation of described specified right;
Regularly described safe journal file is uploaded to described Cloud Server.
Further, said method also has feature below: also comprise:
Described terminal receives after the security information of described Cloud Server propelling movement, according to described security information, upgrades local control of authority policy data.
In order to address the above problem, the present invention also provides a kind of terminal, comprising:
The first module, for when application is installed, uploads to Cloud Server by the installation kit of this application and authenticates;
The second module, analyzes after conclusion for receiving the authentication that described Cloud Server returns, and shows that described authentication analyzes conclusion.
Further, above-mentioned terminal also has feature below: also comprise:
The 3rd module, continues to install after the instruction of described application for receiving, and to described Cloud Server, sends notice is installed;
Four module, the control of authority strategy configuration file corresponding with described application sending for receiving described Cloud Server, resolves described control of authority strategy configuration file, obtains the permissions list of the required control of described application;
The 5th module, for being stored as described permissions list local control of authority policy data.
Further, above-mentioned terminal also has feature below: also comprise:
The 6th module, for monitoring described application access after specified right, judges whether described specified right is the authority in described permissions list, in this way, refuses specified right described in described application access; If not, allow specified right described in described application access.
Further, above-mentioned terminal also has feature below: also comprise:
The 7th module, for being recorded to safe journal file by described application to the access situation of described specified right;
The 8th module, for being regularly uploaded to described Cloud Server by described safe journal file.
Further, above-mentioned terminal also has feature below: also comprise:
The 9th module, for receiving after the security information of described Cloud Server propelling movement, upgrades local control of authority policy data according to described security information.
In order to address the above problem, the present invention also provides a kind of method of controlling security, comprising:
Cloud Server receives after the application installation kit that terminal uploads, and described application installation kit is carried out to authentication processing;
Authentication is analyzed to conclusion and be handed down to described terminal.
Further, said method also has feature below: describedly described application installation kit is carried out to authentication processing comprise:
Described Cloud Server extracts application signature information from described application installation kit;
According to the PKI file of prefabricated Trusted Digital certificate, described application signature information is carried out to authentication processing.
Further, said method also has feature below: described authentication is analyzed after conclusion is handed down to described terminal, also comprised:
Described Cloud Server receives after the installation notice of described terminal transmission, to described terminal, sends the control of authority strategy configuration file corresponding with described application.
Further, said method also has feature below: also comprise:
Described Cloud Server receives the security log file that described terminal is uploaded, and security log file described in periodic analysis, in conjunction with Safety actuality information, regenerates the control of authority strategy configuration file of described application;
This control of authority strategy configuration file is pushed to described terminal.
In order to address the above problem, the present invention also provides a kind of Cloud Server, comprising:
The first module, for receiving after the application installation kit that terminal uploads, carries out authentication processing to described application installation kit;
The second module, for being handed down to authentication result described terminal.
Further, above-mentioned Cloud Server also has feature below: described the first module comprises:
First module for receiving after the application installation kit that terminal uploads, is extracted application signature information from described application installation kit;
Second unit, for carrying out authentication processing according to the PKI file of prefabricated Trusted Digital certificate to described application signature information.
Further, above-mentioned Cloud Server also has feature below: also comprise:
The 3rd module, for receiving after the installation notice of described terminal transmission, sends the control of authority strategy configuration file corresponding with described application to described terminal.
Further, above-mentioned Cloud Server also has feature below: also comprise:
Four module, the security log file of uploading for receiving described terminal, security log file described in periodic analysis, in conjunction with Safety actuality information, regenerates the control of authority strategy configuration file of described application;
The 5th module, for being pushed to described terminal by this control of authority strategy configuration file.
To sum up, the invention provides a kind of method of controlling security and terminal, Cloud Server, effectively to guarantee the safety and reliability of terminal use application.
Accompanying drawing explanation
In order to describe better the concrete implementation process of the present invention, below with reference to accompanying drawing, and in these accompanying drawings same reference identification numeral, the in the following description corresponding part of indication.
Fig. 1 is the flow chart of the method for controlling security of the embodiment of the present invention.
Fig. 2 is the flow chart that the Cloud Server of the embodiment of the present invention authenticates application reliability rating.
Fig. 3 is the flow chart that the end side of embodiment of the present invention control strategy that Cloud Server is issued is processed.
Fig. 4 is the flow chart that the end side of the embodiment of the present invention is processed responsive authority usage monitoring.
Fig. 5 is the flow chart that the Cloud Server active push safety control strategy of the embodiment of the present invention is processed.
Fig. 6 is the flow chart that the individual privacy information class control of authority strategy of the embodiment of the present invention generates.
Fig. 7 is the flow chart that the terminal of the embodiment of the present invention is managed the management control activity of its individual privacy information class authority access.
Fig. 8 is the schematic diagram of the terminal of the embodiment of the present invention.
Fig. 9 is the schematic diagram of the Cloud Server of the embodiment of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, hereinafter in connection with accompanying drawing, embodiments of the invention are elaborated.It should be noted that, in the situation that not conflicting, the embodiment in the application and the feature in embodiment be combination in any mutually.
For the problems referred to above, the embodiment of the present invention has proposed a kind of method of controlling security based on cloud service:
First, Cloud Server provides the multianalysis ability of application is installed, and authenticates and gives this and apply corresponding reliability rating, can give user installation suggestion, control of authority strategy simultaneously.
Secondly, the control of authority strategy issuing according to Cloud Server, terminal can be controlled the use of application to responsive authority, also can synchronously collect its Visitor Logs to responsive authority in application actual moving process simultaneously, for Cloud Server, carries out dynamic and intelligent analysis.
Finally, Cloud Server can be analyzed obtained application-aware authority access log, and the security service of constantly updating according to service end, while needing, can initiatively dynamically update/issue application-aware right access control strategy, or initiatively to user, push up-to-date application safety information, to help the security control management of user's decision-making to application.
Fig. 1 is the flow chart of the method for controlling security of the embodiment of the present invention, and as shown in Figure 1, the method for the present embodiment comprises the following steps:
S11, terminal, when application is installed, uploads to Cloud Server by the installation kit of this application and authenticate;
Particularly, user, when applying installation, uploads to Cloud Server by client terminals by application installation kit, carries out the authentication of security threat analysis and reliability rating and gives.
First Cloud Server can resolve the signing messages of application, and authenticates with the prefabricated trusted certificate of service end, according to the signing messages of application and the authentication result of certificate PKI, gives and applies different reliability rating attributes.
Cloud Server, according to the application trusted grade drawing, dynamically generates authentication and analyzes conclusion to client.
S12, terminal receive the authentication that described Cloud Server returns and analyze after conclusion, show that described authentication analyzes conclusion, and whether user can install this application according to conclusion decision like this.
When user selects application is installed, Cloud Server can issue corresponding responsive control of authority strategy according to the reliability rating of application and to client, carry out the monitoring of responsive authority, can comprise the following steps:
S13, terminal receive and continue to install after the instruction of described application, to described Cloud Server, send notice is installed;
S14, terminal receive the control of authority strategy configuration file corresponding with described application that described Cloud Server sends, and resolve described control of authority strategy configuration file, obtain the permissions list of the required control of described application;
S15, described permissions list is stored as to local control of authority policy data.
Be applied in actual moving process, terminal can, according to the control strategy obtaining from Cloud Server, manage and control the responsive authority access of this application.
When being applied in while using the responsive authority of controlled system, terminal (client software) can be used and make response (allow/refuse) this authority application according to control strategy, and the Visitor Logs of this responsive authority under can synchronous recording.In cycle, client initiatively uploads to Cloud Server for further dynamic analysis by the responsive authority Visitor Logs of application at a fixed time.
Cloud Server is by analyzing the responsive authority visit information of collecting from client, and capable of dynamic upgrades/issue the control of authority strategy of application.
Meanwhile, Cloud Server can also dynamically push application software security information to user according to the rule base upgrading, to help management and the control of user's decision-making to application and authority use.
As shown in Figure 2, Cloud Server is as follows to application reliability rating identifying procedure:
Step S201, when terminal is carried out the installation of new application, uploads to Cloud Server by client by application installation kit file;
Step S202, Cloud Server carries out application installation kit to carry out decompress(ion) and dissection process, extracts application signature information data, and records;
Step S203, the PKI file of the Trusted Digital certificate that the application signature information that Cloud Server obtains step S202 and Cloud Server are prefabricated carries out authentication processing, if authentication is passed through, performs step S204, otherwise execution step S205;
Step S204, if the prefabricated digital certificate authentication of this application signature and mobile phone passes through, give the corresponding level of trust of digital certificate that authentication is passed through, reliability rating can include but not limited to: " level of trust ”,“ operator of manufacturer level of trust ", " the 3rd side's cooperation manufacturer level of trust " etc.; Then go to step S206.
Step S205, if the prefabricated equal authentification failure of all digital certificates of application signature and mobile phone is given this application " trustless rank ", goes to step S206.
Step S206, Cloud Server is analyzed conclusion by the authentication of the trusted grade of application etc. and is handed down to terminal;
Step 207, Cloud Server receives after the installation notice of terminal, issues corresponding responsive control of authority strategy configuration file.
As shown in Figure 3, the control strategy handling process that terminal issues Cloud Server is as follows:
Step S301, terminal receive that Cloud Server issues this apply corresponding responsive authority and use control strategy configuration file;
Step S302, carries out the dissection process of control strategy configuration file, obtains the permissions list that this applies required control;
Step S303, the authority of the required control of application that parsing is obtained is added in system control strategy internal storage data, the control foundation while accessing as subsequent applications authority.
As shown in Figure 4, client is as follows to responsive authority usage monitoring handling process:
Step S401, when terminal monitoring uses the responsive authority of system to application, enters step S402;
Step S402, judges whether this authority belongs to the authority of required control the control of authority strategy obtaining from Cloud Server, if do not belong to, performs step S403, if belong to, performs step S404;
Step S403, due to the authority that authority is non-required control, therefore directly lets pass to the use of this authority, goes to step S405;
Step S404, authority is controlled authority, therefore the use of this authority is directly refused, and goes to step S405;
Step S405, records this responsive authority access situation of application, and the information such as the authority that it is accessed, access time are all saved in terminal security journal file.
As shown in Figure 5, Cloud Server active push safety control strategy handling process is as follows:
Step S501, the security log that Cloud Server periodic analysis obtains from terminal, the multidate information of constantly updating safely in conjunction with industry, is having situation about needing can regenerate the control strategy configuration file of application simultaneously;
Step S502, the applying control strategy configuration file that Cloud Server upgrades to terminal active push, simultaneously also can other relevant security information of active push;
Step S503, terminal receives the security information of Cloud Server, and the local control of authority policy data that dynamically upgrades in time is better protected the responsive authority access of terminal.
The enforcement of technique scheme, in efficient, the powerful computing capability of cloud security service end, under the support of the security control ability of dynamic flexible, can simply, effectively realize management and the control to the responsive authority of application access terminal, also can effectively evade the security threat behavior that mobile phone terminal application may exist, guarantee the fail safe of mobile phone terminal simultaneously.
Following content is based on concrete Application Example of the present invention.Here realize the most easily (being comprised access contact person record by malicious intrusions and the individual privacy information class bundle of permissions that needs most focused protection on intelligent mobile phone terminal; Message Record, cell phone apparatus information, geographical location information) be example, describe the realization flow that rights management is controlled at end side in detail.
It should be noted that, embodiment be take the authority of " untrusted application reliability rating " application and use to be controlled as example and describe, control principle and handling process that under other reliability rating, application permission is used are all consistent, are not just described in detail one by one here.
1) in the responsive control of authority strategy of untrusted application individual privacy class issuing at Cloud Server, the authorities such as access message record, contact person record, message registration, individual geographical location information are joined to " untrusted application reliability rating " to be needed in control authority, configuration file is with the definition of xml file format, and form is as follows:
Wherein, sysControlPermission label represents that this is system default control authority; TrustLevel label represents reliability rating classification, and " unApproved " represents insincere application reliability rating; PermissionGroup label represents authority group categories name, and " personal_info " represents that this bundle of permissions is individual privacy information class bundle of permissions; Permission label has represented the authority of required control under reliability rating; ACCESS_MESSAGE represents that access message records authority; ACCESS_CONTACTS representative access contact person record authority; ACCESS_MESSAGE represents that access message records authority; ACCESS_CALLLOG representative access message registration authority; The individual geographical location information of ACCESS_LOCATION representative access (comprising GPS location and architecture) authority; ACCESS_DEVICE_INFO representative access cell phone apparatus information authority (comprising IMEI, IMSI and loCal number etc.).Especially, it should be noted that, the individual privacy class authority of listing here can increase and decrease modification dynamically according to the needs of controlling, and the principle of control is all consistent with flow process.
As shown in Figure 6, it is as follows that individual privacy information class control of authority strategy generates idiographic flow:
Step S601, terminal receives the control of authority strategy configuration file that Cloud Server issues;
Step S602, carries out the dissection process of control of authority strategy configuration file, resolves the individual privacy information class permissions list that obtains " trustless grade " lower required control;
Step S603, the individual privacy information list of access rights that parsing is obtained is recorded in internal storage data structure, the control foundation during as subsequent applications access rights.
As shown in Figure 7, in application actual motion, terminal is as follows to the management control activity reason flow process of its individual privacy information class authority access:
Step S701, when authority control module monitors application while using individual privacy information authority, execution step S702;
Step S702, according to the control of authority strategy obtaining from Cloud Server, judges whether this application needs to control its access to individual privacy authority, if do not belong to, performs step S703, if belong to, performs step S704;
Step S703, owing to not needing to control the access of this application to individual privacy authority, therefore directly lets pass to the authority access of application, allows the individual privacy category information of its reading terminals.
Step S704, need to limit the access of this application to individual privacy authority, therefore the authority access of application is directly refused, and does not allow the individual privacy category information of its reading terminals.
Step S705, records this individual privacy authority access situation of application, and the information such as the authority that it is accessed, access time are all saved in terminal security journal file.
The enforcement of above-mentioned individual privacy information safety management technology scheme, user can well be according to the reliability rating of application, classification is controlled and the use of managing mobile phone terminal applies to individual privacy information class authority (access message record, contact person record, message registration etc.), can adjust flexibly the use control strategy of application to individual privacy information class authority according to user's actual user demand and scene.Under the support of the technical program, user can realize the object to the class rights management of mobile phone terminal individual privacy information and control easily, can effectively prevent the security threat behavior that mobile phone terminal individual privacy information class authority is maliciously encroached on, thereby effectively guarantee the fail safe of mobile phone terminal individual privacy information authority.
Fig. 8 is the schematic diagram of the terminal of the embodiment of the present invention, and as shown in Figure 8, the terminal of the present embodiment comprises:
The first module, for when application is installed, uploads to Cloud Server by the installation kit of this application and authenticates;
The second module, for receiving after the authentication result that described Cloud Server returns, shows described authentication result.
In a preferred embodiment, described terminal can also comprise:
The 3rd module, continues to install after the instruction of described application for receiving, and resolves described authentication result and comprises middle responsive control of authority strategy configuration file, obtains the permissions list of the required control of described application;
Four module, for being stored as described permissions list local control of authority policy data.
In a preferred embodiment, described terminal can also comprise:
The 5th module, for monitoring described application access after specified right, judges whether described specified right is the authority in described permissions list, in this way, refuses specified right described in described application access; If not, allow specified right described in described application access.
In a preferred embodiment, described terminal can also comprise:
The 6th module, for being recorded to safe journal file by described application to the access situation of described specified right;
The 7th module, for being regularly uploaded to described Cloud Server by described safe journal file.
In a preferred embodiment, described terminal can also comprise:
The 8th module, for receiving after the security information of described Cloud Server propelling movement, upgrades local control of authority policy data according to described security information.
Fig. 9 is the schematic diagram of the Cloud Server of the embodiment of the present invention, and as shown in Figure 9, the Cloud Server of the present embodiment comprises:
The first module, for receiving after the application installation kit that terminal uploads, carries out authentication processing to described application installation kit;
The second module, for being handed down to authentication result described terminal.
Wherein, described the first module can comprise:
First module for receiving after the application installation kit that terminal uploads, is extracted application signature information from described application installation kit;
Second unit, for carrying out authentication processing according to the PKI file of prefabricated Trusted Digital certificate to described application signature information.
In a preferential embodiment, described Cloud Server can comprise:
The 3rd module, the security log file of uploading for receiving described terminal, security log file described in periodic analysis, in conjunction with Safety actuality information, regenerates the control of authority strategy configuration file of described application;
Four module, for being pushed to described terminal by this control of authority strategy configuration file.
One of ordinary skill in the art will appreciate that all or part of step in said method can come instruction related hardware to complete by program, described program can be stored in computer-readable recording medium, as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits.Correspondingly, each the module/unit in above-described embodiment can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
It should be noted last that, above embodiment is only in order to explanation and unrestricted technical scheme described in the invention.Therefore, although this specification has been described in detail invention with reference to the above embodiments, but, those of ordinary skill in the art is to be understood that, still can the present invention be modified or be replaced on an equal basis, and all do not depart from technical scheme and the improvement thereof of the spirit and scope of the present invention, it all should be encompassed in the middle of claim scope of the present invention.
Claims (18)
1. a method of controlling security, comprising:
Terminal, when application is installed, uploads to Cloud Server by the installation kit of this application and authenticates;
Described terminal receives the authentication that described Cloud Server returns and analyzes after conclusion, shows that described authentication analyzes conclusion.
2. the method for claim 1, is characterized in that: after conclusion is analyzed in the described authentication of described displaying, also comprise:
Described terminal receives and continues to install after the instruction of described application, to described Cloud Server, sends notice is installed;
Described terminal receives the control of authority strategy configuration file corresponding with described application that described Cloud Server sends, and resolves described control of authority strategy configuration file, obtains the permissions list of the required control of described application;
Described permissions list is stored as to local control of authority policy data.
3. method as claimed in claim 2, is characterized in that: after the described permissions list of described storage, also comprise:
Described terminal monitoring after specified right, judges whether described specified right is the authority in described permissions list to described application access, in this way, refuses specified right described in described application access; If not, allow specified right described in described application access.
4. method as claimed in claim 3, is characterized in that: also comprise:
Described terminal is recorded to safe journal file by described application to the access situation of described specified right;
Regularly described safe journal file is uploaded to described Cloud Server.
5. the method as described in claim 2-4 any one, is characterized in that: also comprise:
Described terminal receives after the security information of described Cloud Server propelling movement, according to described security information, upgrades local control of authority policy data.
6. a terminal, comprising:
The first module, for when application is installed, uploads to Cloud Server by the installation kit of this application and authenticates;
The second module, analyzes after conclusion for receiving the authentication that described Cloud Server returns, and shows that described authentication analyzes conclusion.
7. terminal as claimed in claim 6, is characterized in that: also comprise:
The 3rd module, continues to install after the instruction of described application for receiving, and to described Cloud Server, sends notice is installed;
Four module, the control of authority strategy configuration file corresponding with described application sending for receiving described Cloud Server, resolves described control of authority strategy configuration file, obtains the permissions list of the required control of described application;
The 5th module, for being stored as described permissions list local control of authority policy data.
8. terminal as claimed in claim 7, is characterized in that: also comprise:
The 6th module, for monitoring described application access after specified right, judges whether described specified right is the authority in described permissions list, in this way, refuses specified right described in described application access; If not, allow specified right described in described application access.
9. terminal as claimed in claim 8, is characterized in that: also comprise:
The 7th module, for being recorded to safe journal file by described application to the access situation of described specified right;
The 8th module, for being regularly uploaded to described Cloud Server by described safe journal file.
10. the terminal as described in claim 2-9 any one, is characterized in that: also comprise:
The 9th module, for receiving after the security information of described Cloud Server propelling movement, upgrades local control of authority policy data according to described security information.
11. 1 kinds of method of controlling security, comprising:
Cloud Server receives after the application installation kit that terminal uploads, and described application installation kit is carried out to authentication processing;
Authentication is analyzed to conclusion and be handed down to described terminal.
12. methods as claimed in claim 11, is characterized in that: describedly described application installation kit is carried out to authentication processing comprise:
Described Cloud Server extracts application signature information from described application installation kit;
According to the PKI file of prefabricated Trusted Digital certificate, described application signature information is carried out to authentication processing.
13. methods as claimed in claim 11, is characterized in that: described authentication is analyzed after conclusion is handed down to described terminal, also comprised:
Described Cloud Server receives after the installation notice of described terminal transmission, to described terminal, sends the control of authority strategy configuration file corresponding with described application.
14. methods as described in claim 11-13 any one, is characterized in that: also comprise:
Described Cloud Server receives the security log file that described terminal is uploaded, and security log file described in periodic analysis, in conjunction with Safety actuality information, regenerates the control of authority strategy configuration file of described application;
This control of authority strategy configuration file is pushed to described terminal.
15. 1 kinds of Cloud Servers, comprising:
The first module, for receiving after the application installation kit that terminal uploads, carries out authentication processing to described application installation kit;
The second module, for being handed down to authentication result described terminal.
16. Cloud Servers as claimed in claim 15, is characterized in that: described the first module comprises:
First module for receiving after the application installation kit that terminal uploads, is extracted application signature information from described application installation kit;
Second unit, for carrying out authentication processing according to the PKI file of prefabricated Trusted Digital certificate to described application signature information.
17. Cloud Servers as claimed in claim 15, is characterized in that: also comprise:
The 3rd module, for receiving after the installation notice of described terminal transmission, sends the control of authority strategy configuration file corresponding with described application to described terminal.
18. Cloud Servers as described in claim 15-17 any one, is characterized in that: also comprise:
Four module, the security log file of uploading for receiving described terminal, security log file described in periodic analysis, in conjunction with Safety actuality information, regenerates the control of authority strategy configuration file of described application;
The 5th module, for being pushed to described terminal by this control of authority strategy configuration file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210243542.2A CN103546436B (en) | 2012-07-13 | 2012-07-13 | A kind of method of controlling security and terminal, Cloud Server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210243542.2A CN103546436B (en) | 2012-07-13 | 2012-07-13 | A kind of method of controlling security and terminal, Cloud Server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103546436A true CN103546436A (en) | 2014-01-29 |
| CN103546436B CN103546436B (en) | 2018-10-23 |
Family
ID=49969492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210243542.2A Active CN103546436B (en) | 2012-07-13 | 2012-07-13 | A kind of method of controlling security and terminal, Cloud Server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103546436B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125335A (en) * | 2014-06-24 | 2014-10-29 | 小米科技有限责任公司 | Method, device and system for managing authority |
| CN104767876A (en) * | 2015-03-03 | 2015-07-08 | 中国联合网络通信集团有限公司 | Safety software processing method and user terminal |
| CN104933355A (en) * | 2015-06-18 | 2015-09-23 | 上海斐讯数据通信技术有限公司 | Installation checkout system and checkout method thereof of trustable application of mobile terminal |
| CN104992111A (en) * | 2015-07-27 | 2015-10-21 | 上海斐讯数据通信技术有限公司 | Intelligent application installer and installing method based on mobile terminal |
| WO2016146046A1 (en) * | 2015-03-18 | 2016-09-22 | 中兴通讯股份有限公司 | Data access method and device |
| WO2017008608A1 (en) * | 2015-07-10 | 2017-01-19 | 腾讯科技(深圳)有限公司 | Cloud service based security information acquisition method for mobile terminal, terminal and storage medium, cloud service based security information delivery method for mobile terminal, and server |
| CN106485104A (en) * | 2015-08-25 | 2017-03-08 | 腾讯科技(深圳)有限公司 | The self-repairing method of terminal security strategy and device, system |
| US9787685B2 (en) | 2014-06-24 | 2017-10-10 | Xiaomi Inc. | Methods, devices and systems for managing authority |
| CN109005197A (en) * | 2018-09-11 | 2018-12-14 | 郑州云海信息技术有限公司 | A kind of configuration method of safety regulation, device and computer readable storage medium |
| CN109815682A (en) * | 2018-12-27 | 2019-05-28 | 北京字节跳动网络技术有限公司 | A kind of pair of permission is tracked the method, apparatus and computer readable medium of management |
| CN110113292A (en) * | 2018-02-01 | 2019-08-09 | 阿里巴巴集团控股有限公司 | Safety detection method and application power confirmation method, apparatus and system |
| CN110390205A (en) * | 2018-04-19 | 2019-10-29 | 腾讯科技(深圳)有限公司 | The determination method and apparatus of authority configuration strategy |
| CN111222122A (en) * | 2019-12-31 | 2020-06-02 | 航天信息股份有限公司 | Application authority management method and device and embedded equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008014800A1 (en) * | 2006-07-31 | 2008-02-07 | Telecom Italia S.P.A. | A system for implementing security on telecommunications terminals |
| CN102195987A (en) * | 2011-05-31 | 2011-09-21 | 成都七巧软件有限责任公司 | Distributed credibility authentication method and system thereof based on software product library |
| CN102404727A (en) * | 2011-11-24 | 2012-04-04 | 中兴通讯股份有限公司 | Method and device for safety control of mobile terminal |
-
2012
- 2012-07-13 CN CN201210243542.2A patent/CN103546436B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008014800A1 (en) * | 2006-07-31 | 2008-02-07 | Telecom Italia S.P.A. | A system for implementing security on telecommunications terminals |
| CN102195987A (en) * | 2011-05-31 | 2011-09-21 | 成都七巧软件有限责任公司 | Distributed credibility authentication method and system thereof based on software product library |
| CN102404727A (en) * | 2011-11-24 | 2012-04-04 | 中兴通讯股份有限公司 | Method and device for safety control of mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| BUGENG: "帮助开发者在云端测试Android应用,百度移动测试中心率先推出Android4.1云测试", 《HTTPS://36KR.COM/P/127427.HTML》 * |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2612587C2 (en) * | 2014-06-24 | 2017-03-09 | Сяоми Инк. | Permission management method, device and system |
| CN104125335A (en) * | 2014-06-24 | 2014-10-29 | 小米科技有限责任公司 | Method, device and system for managing authority |
| WO2015196714A1 (en) * | 2014-06-24 | 2015-12-30 | 小米科技有限责任公司 | Permission management method, device and system |
| JP2016524772A (en) * | 2014-06-24 | 2016-08-18 | 小米科技有限責任公司Xiaomi Inc. | Authority management method, apparatus, system, and recording medium |
| US9787685B2 (en) | 2014-06-24 | 2017-10-10 | Xiaomi Inc. | Methods, devices and systems for managing authority |
| CN104125335B (en) * | 2014-06-24 | 2017-08-25 | 小米科技有限责任公司 | Right management method, apparatus and system |
| CN104767876A (en) * | 2015-03-03 | 2015-07-08 | 中国联合网络通信集团有限公司 | Safety software processing method and user terminal |
| WO2016146046A1 (en) * | 2015-03-18 | 2016-09-22 | 中兴通讯股份有限公司 | Data access method and device |
| CN104933355A (en) * | 2015-06-18 | 2015-09-23 | 上海斐讯数据通信技术有限公司 | Installation checkout system and checkout method thereof of trustable application of mobile terminal |
| US10554673B2 (en) | 2015-07-10 | 2020-02-04 | Tencent Technology (Shenzhen) Company Limited | Methods and apparatuses for obtaining and delivering mobile terminal security information based on a cloud service |
| WO2017008608A1 (en) * | 2015-07-10 | 2017-01-19 | 腾讯科技(深圳)有限公司 | Cloud service based security information acquisition method for mobile terminal, terminal and storage medium, cloud service based security information delivery method for mobile terminal, and server |
| KR102056529B1 (en) * | 2015-07-10 | 2019-12-16 | 텐센트 테크놀로지(센젠) 컴퍼니 리미티드 | Cloud service based security information acquisition method for mobile terminal, terminal and storage medium, cloud service based security information delivery method and server for mobile terminal |
| CN104992111B (en) * | 2015-07-27 | 2018-09-28 | 上海斐讯数据通信技术有限公司 | A kind of intelligent use erector and installation method based on mobile terminal |
| CN104992111A (en) * | 2015-07-27 | 2015-10-21 | 上海斐讯数据通信技术有限公司 | Intelligent application installer and installing method based on mobile terminal |
| CN106485104B (en) * | 2015-08-25 | 2020-12-01 | 腾讯科技(深圳)有限公司 | Automatic restoration method, device and system for terminal security policy |
| CN106485104A (en) * | 2015-08-25 | 2017-03-08 | 腾讯科技(深圳)有限公司 | The self-repairing method of terminal security strategy and device, system |
| CN110113292A (en) * | 2018-02-01 | 2019-08-09 | 阿里巴巴集团控股有限公司 | Safety detection method and application power confirmation method, apparatus and system |
| CN110113292B (en) * | 2018-02-01 | 2022-04-29 | 阿里巴巴集团控股有限公司 | Security detection method and application right confirmation method, device and system |
| CN110390205B (en) * | 2018-04-19 | 2023-05-23 | 腾讯科技(深圳)有限公司 | Method and device for determining permission configuration policy |
| CN110390205A (en) * | 2018-04-19 | 2019-10-29 | 腾讯科技(深圳)有限公司 | The determination method and apparatus of authority configuration strategy |
| CN109005197A (en) * | 2018-09-11 | 2018-12-14 | 郑州云海信息技术有限公司 | A kind of configuration method of safety regulation, device and computer readable storage medium |
| CN109815682B (en) * | 2018-12-27 | 2021-07-23 | 北京字节跳动网络技术有限公司 | Method, device and computer recording medium for tracking and managing authority |
| CN109815682A (en) * | 2018-12-27 | 2019-05-28 | 北京字节跳动网络技术有限公司 | A kind of pair of permission is tracked the method, apparatus and computer readable medium of management |
| CN111222122A (en) * | 2019-12-31 | 2020-06-02 | 航天信息股份有限公司 | Application authority management method and device and embedded equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103546436B (en) | 2018-10-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103546436A (en) | Security control method, terminal, and cloud server | |
| US11966464B2 (en) | Security techniques for device assisted services | |
| US11405429B2 (en) | Security techniques for device assisted services | |
| CN102870093B (en) | Utilize the virtual system and method with proving multiple client in remote maintenance electric network | |
| CN103491056B (en) | The control method and device of application permission | |
| CN102404727A (en) | Method and device for safety control of mobile terminal | |
| CN102867143B (en) | A kind of fast filtering method of malicious application | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| CA2786892C (en) | Security techniques for device assisted services | |
| US8136157B2 (en) | Program providing device, storage medium, and vehicle-mounted information system | |
| CN109818972B (en) | Information security management method and device for industrial control system and electronic equipment | |
| CN108200110A (en) | A kind of data processing method, apparatus and system | |
| CN109977644A (en) | Right management method is classified under a kind of Android platform | |
| US20140335847A1 (en) | Method for establishing secure card history and audit for property hand-over | |
| KR20150030047A (en) | Method and system for application authentication | |
| CN106485104A (en) | The self-repairing method of terminal security strategy and device, system | |
| US11531613B1 (en) | Systems for remote determination of data from test devices | |
| CN117499918A (en) | Method and device for upgrading equipment to access cloud, electronic equipment and storage medium | |
| CN117521050A (en) | Feature library generation method and system | |
| Preety | Mechanisms and security architecture of agent based mobile system and its security services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20180704 Address after: 210012 No. 68, Bauhinia Road, Ningnan street, Yuhuatai District, Nanjing, Jiangsu Applicant after: Nanjing Zhongxing Software Co., Ltd. Address before: 518057 Nanshan District high tech Industrial Park, Shenzhen, Guangdong, Ministry of justice, Zhongxing Road, South China road. Applicant before: ZTE Corporation |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20191106 Address after: 518057 Nanshan District science and Technology Industrial Park, Guangdong high tech Industrial Park, ZTE building Patentee after: ZTE Communications Co., Ltd. Address before: 210012 Nanjing, Yuhuatai District, South Street, Bauhinia Road, No. 68 Patentee before: Nanjing Zhongxing Software Co., Ltd. |
|
| TR01 | Transfer of patent right |