CN103647784B - A kind of method and apparatus of public and private isolation - Google Patents
A kind of method and apparatus of public and private isolation Download PDFInfo
- Publication number
- CN103647784B CN103647784B CN201310713538.2A CN201310713538A CN103647784B CN 103647784 B CN103647784 B CN 103647784B CN 201310713538 A CN201310713538 A CN 201310713538A CN 103647784 B CN103647784 B CN 103647784B
- Authority
- CN
- China
- Prior art keywords
- service area
- space
- database
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000002955 isolation Methods 0.000 title claims abstract description 30
- 238000012544 monitoring process Methods 0.000 claims description 10
- 241001269238 Data Species 0.000 abstract description 3
- 230000000694 effects Effects 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000007596 consolidation process Methods 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 241000220317 Rosa Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000008595 infiltration Effects 0.000 description 1
- 238000001764 infiltration Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000035800 maturation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012857 repacking Methods 0.000 description 1
- 239000007858 starting material Substances 0.000 description 1
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of method and apparatus of public and private isolation, the system event of mobile terminal is monitored, judge whether system event meets default service area rule, when system event meets service area rule, in space, service area, perform the operation corresponding with system event, by with operate corresponding data encryption and be stored in the database in space, service area.The method and apparatus of public and private isolation of the present invention; set up a safety, independently service area on mobile terminals; all operational datas are stored in shielded place of safety; individual application is made to access business data; avoid business data by individual application illegal access; IT department can be made to protect application and the data of enterprise better, also experience for employee provides indiscriminate individual application, reach the effect of dual-use.
Description
Technical field
The present invention relates to technical field of network security, particularly relate to a kind of method and apparatus of public and private isolation.
Background technology
Along with the maturation of intelligent terminal is with universal, with mobile phone, dull and stereotypedly progress into enterprise field for the individual intelligent terminal of representative.According to the prediction of internal authority consulting firm, will support that employee runs enterprise's office application program on individual mobile terminal to the enterprises of 2014 90%, employee uses individual intelligent terminal to handle official business has become a kind of trend that cannot reverse.This kind ofly be called as BYOD(BringYourOwnDevice, from carrying device office) phenomenon be that enterprise security and management bring new challenge.The mobile device of enterprise staff can access mobile Internet or public/home Wi-Fi network at any time and place; business data in mobile terminal also can be exposed under the attack from the Internet; BYOD has broken old enterprise's network boundary; the ambiguity on this border makes BYOD become the weak link of enterprise information security system just, needs the safety of new method protection business data.
Existing individual application on same mobile terminal device, have again enterprise to apply data, individual application arbitrarily can access, access business data, thus there is the risk that business data illegally uploaded by individual application, shares and leak.As being stored in office mail, file, picture, communications records and the note etc. relevant with business tine in mobile phone, the leakage of these sensitive informations can bring great Information Security Risk to enterprise.Mobile device is easily lost, and therefore the enterprise's sensitive data preserved in mobile device also faces risk of divulging a secret, and the equipment of loss also may become the springboard attacking enterprise network.According to national Internet emergency center statistics, within 2012, newfound rogue program is more than 160,000, comparatively within 2011, increases by 25 times.The first half of the year in 2013, Android mobile phone virus rose suddenly and sharply about 8 times.Meanwhile, due to Root authority abuse and new assault technology, mobile terminal is easy to the springboard becoming hacker attacks infiltration corporate intranet.
Summary of the invention
In view of this, the technical problem that the present invention will solve is to provide a kind of method of public and private isolation, arranges service area on mobile terminals and completes corresponding operation.
A method for public and private isolation, comprising: monitor the system event of mobile terminal, judges whether described system event meets default service area rule; When described system event meets described service area rule, in space, service area, perform the operation corresponding with described system event, the data encryption corresponding with described operation is stored in the database in space, described service area.
According to one embodiment of the method for the invention, further, described system event is for comprising: call event and short message event; When judging that the calling party of described call or the sender of called number or note or the telephone number of addressee are stored in the database in space, service area, to described message registration or SMS encryption, this message registration or note are stored in the database in space, described service area, and in the message registration or short message record of described mobile terminal, this message registration or short message are deleted.Wherein, when described call event is for going electric event, in the incoming calls record of described mobile terminal, this message registration is deleted; Call options interface is provided, selects, when the calling party sent a telegram here or called number are stored in the database in space, service area, whether to delete the message registration of described mobile terminal by user.
According to one embodiment of the method for the invention, further, Mail rule options interface is provided, is arranged or service area can only be used to apply the Email Accounts received in service area by user, and described Email Accounts is stored in the database in space, described service area; When judge described system event be receive mail and the Email Accounts of sender be stored in the database in space, service area time, by the encryption of the Email attachment of Mail Contents and download, and the annex of the mail of Mail Contents and download is stored in the database in space, described service area.
According to one embodiment of the method for the invention, further, when user is inputted password authentification success after, user enter service area check message registration, note, mail or Email attachment time, the message registration be stored in the database in space, described service area, note, mail or Email attachment are decrypted; When judging that user terminates to check, delete the temporary file of message registration, note, mail or the Email attachment produced by deciphering; When user exits browser, the buffer memory of browser is removed; Wherein, the cryptographic algorithm of described message registration, note, mail or Email attachment is AES256 cryptographic algorithm.
According to one embodiment of the method for the invention, further, run service area on mobile terminals apply and enter service area, contact person is provided options interface to user, user chooses service area contact person from the contact person of mobile terminal addressbook, and service area contact store user chosen is in the database in space, described service area; Receive the working set policy Sum fanction that enterprise management platform sends, and described working set policy Sum fanction is stored in the database in space, described service area.
The technical problem that the present invention will solve is to provide a kind of device of public and private isolation, arranges service area on mobile terminals and completes corresponding operation.
A device for public and private isolation, comprising: event-monitoring unit, for monitoring the system event of mobile terminal, judges whether described system event meets default service area rule; Performance element, during for meeting described service area rule when described system event, perform the operation corresponding with described system event in space, service area, the data encryption corresponding with described operation is stored in the database in space, described service area.
According to an embodiment of device of the present invention, further, described system event is for comprising: call event and short message event; Described performance element comprises: call and note performance element; Described call and note performance element, for when judging that the calling party of described call or the sender of called number or note or the telephone number of addressee are stored in the database in space, service area, to described message registration and SMS encryption, this message registration or note are stored in the database in space, described service area, and in the message registration or short message record of described mobile terminal, this message registration or short message are deleted.Wherein, when described call event is for going electric event, this message registration is deleted by described call and note performance element in the incoming calls record of described mobile terminal; Described user option unit provides call options interface, and user selects, when the calling party sent a telegram here or called number are stored in the database in space, service area, whether to delete the message registration of described mobile terminal.
According to an embodiment of device of the present invention, further, described performance element comprises: user option unit and mail performance element; Described user option unit provides Mail rule options interface, is arranged and or service area can only be used to apply the Email Accounts received in service area, and be stored in by described Email Accounts in the database in space, described service area by user; Described mail performance element, for when judge described system event be receive mail and the Email Accounts of sender be stored in the database in space, service area time, by the encryption of the Email attachment of Mail Contents and download, and the annex of the mail of Mail Contents and download is stored in the database in space, described service area.
According to an embodiment of device of the present invention, further, when after the password authentification success that described performance element inputs user, user enter service area check message registration, note, mail or Email attachment time, described performance element is decrypted the message registration be stored in the database in space, described service area, note, mail or Email attachment; When judging that user terminates to check, described performance element deletes the temporary file of message registration, note, mail or the Email attachment produced by deciphering; When user exits browser, the buffer memory of browser is removed by described performance element; Wherein, the cryptographic algorithm of described message registration, note, mail or Email attachment is AES256 cryptographic algorithm.
According to an embodiment of device of the present invention, further, described device also comprises: tactful Sum fanction receiving element; When described call event is for going electric event, this message registration is deleted by described call and note performance element in the incoming calls record of described mobile terminal.Described user option unit provides call options interface, and user selects, when the calling party sent a telegram here or called number are stored in the database in space, service area, whether to delete the message registration of described mobile terminal; Run service area on mobile terminals apply and enter service area, described user option unit provides contact person options interface to user, user chooses service area contact person from the contact person of mobile terminal addressbook, and service area contact store user chosen is in the database in space, described service area; Described tactful Sum fanction receiving element receives the working set policy Sum fanction that enterprise management platform sends, and is stored in the database in space, described service area by described working set policy Sum fanction.
The method and apparatus of public and private isolation of the present invention; set up a safety, independently service area on mobile terminals; by all operational datas; namely enterprise's application and data are stored in shielded place of safety; individual application is made to access business data; avoid business data by individual application illegal access; not only by business data and personal data completely isolated; IT department is enable to protect application and the data of enterprise better; also experience for employee provides indiscriminate individual application, reach the effect of dual-use.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of an embodiment of method according to public and private isolation of the present invention;
Fig. 2 is the flow chart to call, note process in an embodiment according to the method for public and private isolation of the present invention;
Fig. 3 is the schematic diagram of an embodiment of device according to public and private isolation of the present invention;
Fig. 4 is the schematic diagram of an embodiment according to the device of public and private isolation of the present invention and enterprise network information interaction.
Embodiment
With reference to the accompanying drawings the present invention is described more fully, exemplary embodiment of the present invention is wherein described.Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The method of company of the present invention isolation, by setting up a strict Administrative Area or service area on mobile terminals, by multiple means such as encryption, monitorings, the data in guarantee work and the safety applied on mobile terminals.
Fig. 1 is the flow chart of an embodiment of the method for public and private isolation of the present invention, as shown in Figure 1:
Step 101, monitors the system event of mobile terminal, judges whether system event meets default service area rule.
Step 102, when system event meets service area rule, performs the operation corresponding with system event in space, service area,
Step 103, will be stored in the database in space, service area with the corresponding data encryption of operation.
The database in space, service area is relative to database original in mobile terminal or the database that independently arranges relative to the database of application various in mobile terminal, is that service area stores data and uses.Space, district is the resource (internal memory and storage card etc.) of mobile terminal and the logic operation space of user's division.Service area rule can be keyword in contact person, note etc.
Can in the database in space, service area, or in the storage device of mobile terminal, place the data of space, service area encryption, the data of encryption can relate to the data in system file, or financial sffairs paper, the data of producing in file, sale file, market file, human resources file etc. that user selectes; Significant data can also be the data of individual subscriber file, such as: photo, video, daily record etc.
According to one embodiment of present invention, user enters service area and carries out Related Work (enterprise) operation, such as edit schedule, send short messages, write mail, download form or take pictures etc., the data such as schedule, picture, mail, form, note are encrypted, and be stored in the database in space, service area, make public affairs, private data are isolated, cannot use after obtaining data by making other application in mobile terminal to data encrypting.
When data during user checks the database being stored in space, service area; need to input password; when mobile terminal is lost; because user is provided with the user cipher (this function can be arranged according to self custom, wish by user) checking service area data; as do not known, user cipher then cannot check service area data; or; the remote operation of business administration management server can be passed through; call the service area application in mobile terminal; delete the service area data stored in mobile terminal, the safety of business data can be protected.
Fig. 2 is the flow chart to call, note process in an embodiment according to the method for public and private isolation of the present invention, as shown in Figure 2:
Step 201, judges whether system is call event and short message event.
Step 202, judges whether contact person is stored in the database in space, service area.
Step 203, when whether the calling party of call or the sender of called number or note or the telephone number of addressee are stored in message registration and SMS encryption in the database in space, service area, this message registration or note are stored in the database in space, service area.
Step 204, deletes this message registration or short message in the message registration or short message record of mobile terminal.
By above-mentioned step, the call of work can be made, mail isolates with private call and mail, thus ensure the safety of job information.
According to one embodiment of present invention, Mail rule options interface can be provided, arranged or service area can only be used to apply the Email Accounts received in service area by user, and Email Accounts is stored in the database in space, service area, the data of work mail and personal mail are isolated.
When judge system event be receive mail and the Email Accounts of sender be stored in the database in space, service area time, by the encryption of the Email attachment of Mail Contents and download, and the annex of the mail of Mail Contents and download is stored in the database in space, service area.
According to one embodiment of present invention, user can arrange enterprise address book in the database in space, service area, namely sets up operative communication record, comprising: the information such as mobile phone, base, mailbox.When whether the mailbox of the telephone number of the calling party of call or the sender of called number or note or addressee, sender or addressee is the information about firms in enterprise's address list, if it is to message registration, note, email encryption being stored in the database in space, service area.
According to one embodiment of present invention, when after the password authentification success inputted user, user enters service area when checking message registration, note, mail or Email attachment, is decrypted the message registration be stored in the database in space, service area, note, mail or Email attachment.
Annex for mail can be opened by third-party software, when judging that user terminates to check, deletes the temporary file of message registration, note, mail or the Email attachment produced by deciphering.When user exits browser, the buffer memory of browser is removed.
Can adopt multiple encryption algorithms, such as, the cryptographic algorithm that message registration, note, mail or Email attachment are encrypted is AES256 cryptographic algorithm.
According to one embodiment of present invention, when call event is for going electric event, in the incoming calls record of mobile terminal, this message registration is deleted.This operation is carried out according to the OS Type in mobile terminal, such as, operating system is Android, first, registration is removed electric broadcast listening, is obtained Outgoing Number by OutCallReceiver, determine whether the contact person be stored in the database in space, service area, if so, then in the incoming calls record of mobile terminal, delete this message registration.Monitoring system is sent a telegram here or is gone the method for electricity mainly to comprise: TelephonyManager.listen () (monitoring carrys out electricity condition).
Call options interface is provided, select, when the calling party sent a telegram here or called number are stored in the database in space, service area, whether to delete the message registration of mobile terminal, like this by user, user can be arranged according to the custom of oneself, improves the satisfaction that user uses.
According to one embodiment of present invention, run service area on mobile terminals apply and enter service area, contact person is provided options interface to user, user chooses service area contact person from the contact person of mobile terminal addressbook, and service area contact store user chosen is in the database in space, service area, can facilitate user that service area contact person is set.
Receive the working set policy Sum fanction that enterprise management platform sends, and be stored in the database of service area by working set policy Sum fanction, the renewal of the renewal of the service area application in mobile terminal or strategy, code can be carried out easily.
According to one embodiment of present invention, financial sffairs paper, production file, sale file, market file, human resources file etc. can be sent to enterprise management platform by mobile terminal, and receive the result of enterprise management platform, and cryptographic storage.
According to one embodiment of present invention, monitor the system event of mobile terminal, the record in mobile terminal is deleted and can be arranged according to different operating system, such as, the operating system in mobile terminal is Android system.
The desktop starter in the acquiescence Launcher(Android system in the original individual district of register system is understood after first logging in service area application, the desktop UI of Android system is referred to as Launcher), if do not arrange or be this service area application, then from existing launcher Stochastic choice Launcher as individual district.
The maintenance to service area message registration in mobile phone is realized by CallLogObserverService service and PhoneStateReceiver radio receiver.Wherein PhoneStateReceiver radio receiver, ensures the startup of the CallLogObserverService service when there is incoming call or dialing.
Install in service area application or when arranging, need to state in androidmanifest.xml: the authority used:
<uses-
permissionandroid:name="android.permission.READ_PHONE_STATE"
The broadcast of/> receiving system:
<intent-filter>
<actionandroid:name="android.intent.action.PHONE_STATE"/>
<action
android:name="android.intent.action.NEW_OUTGOING_CALL"/>
</intent-filter>。
CallLogObserverService is responsible for the copy of concrete message registration, in the process that it starts, have registered a ContentObserver, and the Handler of processing variation.
The change (its URI is android.provider.CallLog.Calls.CONTENT_URI) of the message registration database of ContentObserver monitoring system, when there being the variation of message registration, the onChange method of this Handler can be called, upgrade the message registration database of service area.
According to one embodiment of present invention, consolidation process is carried out to the service area application of installing in the terminal, such as, operating system in mobile terminal is Android, because the application in Android mostly is JAVA language exploitation, because the final result of the application compiling of developing with JAVA is not binary file, than being easier to by some information of decompiling file acquisition, such as, password, partial code etc.
Change the content of the class.dex file of service area application, such as, change some Property Names, and its content is encrypted by some algorithms.Go deciphering more dynamically when the apk of service area application runs, also raw content, will ensure that it meets the intrinsic form of dex file when amendment class.dex.
Service area is being applied in the process of repacking, some configuration informations inside the global configuration file AndroidManifest.xml of amendment Android program, such as package;
The name attribute of application, service, provider; The authorities attribute of provider, and to revise inside .smali file and corresponding some of these attributes are quoted above.
By above-mentioned, consolidation process is carried out to the service area application of installing in mobile terminal, program can be prevented reverse easily by people, obtain the key messages such as key code system, reinforce the function simultaneously adding data encryption to program, increase coefficient of safety.
According to one embodiment of present invention, third party software operationally needs to call service area application, such as board, Mail Clients or other some application etc., service area application provides compiled so file, is realized by so file to the content-encrypt of class.dex file, decryption work.
By injecting codes in third-party application, make to go during third-party application apk initialization to call this so file, ensure that the opportunity that so storehouse is run is more Zao than the time of the reading and writing of files of third-party application, avoid occurring that class.dex file becomes " state of half encryption ", cause file corruption, the function of public and private isolation cannot be realized.
In the process that third-party application runs, the All Files operation tackling this third-party application inside so storehouse of providing apply in service area, realizes encrypting, can realize the function of public and private isolation.
Fig. 3 is the schematic diagram of an embodiment of device according to public and private isolation of the present invention, and as shown in Figure 3, the device 31 of public and private isolation comprises: event-monitoring unit 311 and performance element 312.
The system event of event-monitoring unit 311 pairs of mobile terminals is monitored, and judges whether system event meets default service area rule.Performance element 312 is when system event meets service area rule, and such as, whether service area rule is stored in the database of service area etc. for the keyword etc. in call, the contact person of note, mailbox, note.In space, service area, perform the operation corresponding with system event, by with operate corresponding data encryption and be stored in the database in space, service area.
According to one embodiment of present invention, performance element 312 comprises call and note performance element 313.When the calling party or the sender of called number or note or the telephone number of addressee that judge call are stored in the database in space, service area, call and note performance element 313 pairs of message registrations and SMS encryption, this message registration or note are stored in the database in space, service area, and in the message registration or short message record of mobile terminal, this message registration or short message are deleted.
According to one embodiment of present invention, performance element 312 comprises user option unit 314 and mail performance element 315.User option unit 314 provides Mail rule options interface, is arranged and or service area can only be used to apply the Email Accounts received in service area, and be stored in by Email Accounts in the database in space, service area by user.
When judge system event be receive mail and the Email Accounts of sender be stored in the database in space, service area time, the annex of the mail of Mail Contents and download by the encryption of the Email attachment of Mail Contents and download, and is stored in the database in space, service area by mail performance element 315.
According to one embodiment of present invention, user enters service area when checking message registration, note, mail or Email attachment, and performance element 312 is decrypted the message registration be stored in the database in space, service area, note, mail or Email attachment.
When judging that user terminates to check, performance element 312 deletes the temporary file of message registration, note, mail or the Email attachment produced by deciphering.
According to an embodiment of device of the present invention, when call event is for going electric event, this message registration is deleted by call and note performance element 313 in the incoming calls record of mobile terminal.
User option unit 314 provides call options interface, and user selects, when the calling party sent a telegram here or called number are stored in the database in space, service area, whether to delete the message registration of mobile terminal.
Run service area on mobile terminals apply and enter service area, user option unit 314 couples of users provide contact person options interface, user chooses service area contact person from the contact person of mobile terminal addressbook, and service area contact store user chosen is in the database in space, service area.
Strategy Sum fanction receiving element 316 receives the working set policy Sum fanction that enterprise management platform sends, and is stored in the database of service area by working set policy Sum fanction.Such as, service area rule comprises: whether the keyword in call, the contact person of note, mailbox, note is stored in the database of service area etc.Working set policy comprises: when converse or service area contact person that the contact of note artificially sets time, message registration, SMS encryption are stored and deletion record in the terminal; Need when checking the information in service area as user to carry out code authentication; Regular download, the application of renewal service area; Regular virus killing; Priority of service area application etc. is set.
Fig. 4 is the schematic diagram of an embodiment according to the device of public and private isolation of the present invention and enterprise network information interaction.As shown in Figure 4, arrange the device 411 of public and private isolation in mobile terminal 41, the device 411 of public and private isolation can have multiple implementation, such as, and integrated circuit, plug-in unit, application etc.
The device 411 of public and private isolation receives the working set policy Sum fanction of enterprise management platform (server) 42 transmission, and is stored in the database of service area by working set policy Sum fanction.Passage is deployed on the enterprise management platform (server) 42 of enterprise network inside, and keeper can easily realize mobile terminal administration, tactical management issues, Enterprise Application Management etc., can reduce the complexity of management, saves IT human input.
The form that passage is deployed in mail in enterprise network inside, business, OA server 43 can realize mobile terminal 41, official document issue.The device 411 of public and private isolation communicates with mail, business, OA server 43, carry out business operation, such as receive and dispatch note, write mail or download official document etc., the data such as file, picture, mail, note are encrypted, and are stored in the database in space, service area.
The method and apparatus of public and private isolation of the present invention, not only may be used in mobile terminal, also can be applied in the personal terminal such as individual PC, panel computer.
The method and apparatus of public and private isolation of the present invention; do not affecting employee on the basis of the impression that individual application uses; set up a safety, independently service area on mobile terminals, by all operational datas, namely enterprise's application and data are stored in shielded place of safety.Individual application cannot access business data; avoid business data by individual application illegal access; not only by business data and personal data completely isolated; IT department is enable to protect application and the data of enterprise better; also experience for employee provides indiscriminate individual application, reach the effect of dual-use.
Method and system of the present invention may be realized in many ways.Such as, any combination by software, hardware, firmware or software, hardware, firmware realizes method and system of the present invention.Said sequence for the step of method is only to be described, and the step of method of the present invention is not limited to above specifically described order, unless specifically stated otherwise.In addition, in certain embodiments, can be also record program in the recording medium by the invention process, these programs comprise the machine readable instructions for realizing according to method of the present invention.Thus, the present invention also covers the recording medium stored for performing the program according to method of the present invention.
Description of the invention provides in order to example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is in order to principle of the present invention and practical application are better described, and enables those of ordinary skill in the art understand the present invention thus design the various embodiments with various amendment being suitable for special-purpose.
Claims (8)
1. a method for public and private isolation, is characterized in that, comprising:
The system event of mobile terminal is monitored, judges whether described system event meets default service area rule;
When described system event meets described service area rule, in space, service area, perform the operation corresponding with described system event, the data encryption corresponding with described operation be stored in the database in space, described service area,
Described system event is for comprising: call event and short message event;
When judging that the calling party of described call or the sender of called number or note or the telephone number of addressee are stored in the database in space, service area, to described message registration or SMS encryption, this message registration or note are stored in the database in space, described service area, and in the message registration or short message record of described mobile terminal, this message registration or short message are deleted;
Wherein, when described call event is for going electric event, in the incoming calls record of described mobile terminal, this message registration is deleted; Call options interface is provided, selects, when the calling party sent a telegram here or called number are stored in the database in space, service area, whether to delete the message registration of described mobile terminal by user.
2. the method for claim 1, is characterized in that:
Mail rule options interface is provided, is arranged or service area can only be used to apply the Email Accounts received in service area by user, and described Email Accounts is stored in the database in space, described service area;
When judge described system event be receive mail and the Email Accounts of sender be stored in the database in space, service area time, by the encryption of the Email attachment of Mail Contents and download, and the annex of the mail of Mail Contents and download is stored in the database in space, described service area.
3. method as claimed in claim 1 or 2, is characterized in that:
When user is inputted password authentification success after, user enter service area check message registration, note, mail or Email attachment time, the message registration be stored in the database in space, described service area, note, mail or Email attachment are decrypted; When judging that user terminates to check, delete the temporary file of message registration, note, mail or the Email attachment produced by deciphering;
When user exits browser, the buffer memory of browser is removed;
Wherein, the cryptographic algorithm of described message registration, note, mail or Email attachment is AES256 cryptographic algorithm.
4. method as claimed in claim 3, is characterized in that:
Run service area on mobile terminals apply and enter service area, contact person is provided options interface to user, user chooses service area contact person from the contact person of mobile terminal addressbook, and service area contact store user chosen is in the database in space, described service area;
Receive the working set policy Sum fanction that enterprise management platform sends, and described working set policy Sum fanction is stored in the database in space, described service area.
5. a device for public and private isolation, comprising:
Event-monitoring unit, for monitoring the system event of mobile terminal, judges whether described system event meets default service area rule;
Performance element, during for meeting described service area rule when described system event, perform the operation corresponding with described system event in space, service area, is stored in the database in space, described service area by the data encryption corresponding with described operation,
Described performance element comprises: call and note performance element;
Described system event is for comprising: call event and short message event; Described call and note performance element, for when judging that the calling party of described call or the sender of called number or note or the telephone number of addressee are stored in the database in space, service area, to described message registration or SMS encryption, this message registration or note are stored in the database in space, described service area, and in the message registration or short message record of described mobile terminal, this message registration or short message are deleted;
Wherein, when described call event is for going electric event, this message registration is deleted by described call and note performance element in the incoming calls record of described mobile terminal;
Described user option unit provides call options interface, and user selects, when the calling party sent a telegram here or called number are stored in the database in space, service area, whether to delete the message registration of described mobile terminal.
6. device as claimed in claim 5, is characterized in that:
Described performance element comprises: user option unit and mail performance element;
Described user option unit provides Mail rule options interface, is arranged and or service area can only be used to apply the Email Accounts received in service area, and be stored in by described Email Accounts in the database in space, described service area by user;
Described mail performance element, for when judge described system event be receive mail and the Email Accounts of sender be stored in the database in space, service area time, by the encryption of the Email attachment of Mail Contents and download, and the annex of the mail of Mail Contents and download is stored in the database in space, described service area.
7. the device as described in claim 5 or 6, is characterized in that:
When after the password authentification success that described performance element inputs user, user enter service area check message registration, note, mail or Email attachment time, described performance element is decrypted the message registration be stored in the database in space, described service area, note, mail or Email attachment; When judging that user terminates to check, described performance element deletes the temporary file of message registration, note, mail or the Email attachment produced by deciphering; When user exits browser, the buffer memory of browser is removed by described performance element;
Wherein, the cryptographic algorithm of described message registration, note, mail or Email attachment is AES256 cryptographic algorithm.
8. device as claimed in claim 7, is characterized in that:
Described device also comprises: tactful Sum fanction receiving element;
Run service area on mobile terminals apply and enter service area, described user option unit provides contact person options interface to user, user chooses service area contact person from the contact person of mobile terminal addressbook, and service area contact store user chosen is in the database in space, described service area;
Described tactful Sum fanction receiving element receives the working set policy Sum fanction that enterprise management platform sends, and is stored in the database in space, described service area by described working set policy Sum fanction.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310713538.2A CN103647784B (en) | 2013-12-20 | 2013-12-20 | A kind of method and apparatus of public and private isolation |
| PCT/CN2014/087815 WO2015085819A1 (en) | 2013-12-10 | 2014-09-30 | Method and device for public/private separation |
| US15/103,531 US20160316330A1 (en) | 2013-12-10 | 2014-09-30 | Method and device for business and private region separation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310713538.2A CN103647784B (en) | 2013-12-20 | 2013-12-20 | A kind of method and apparatus of public and private isolation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103647784A CN103647784A (en) | 2014-03-19 |
| CN103647784B true CN103647784B (en) | 2016-02-17 |
Family
ID=50252940
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310713538.2A Active CN103647784B (en) | 2013-12-10 | 2013-12-20 | A kind of method and apparatus of public and private isolation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103647784B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015085819A1 (en) * | 2013-12-10 | 2015-06-18 | 北京奇虎科技有限公司 | Method and device for public/private separation |
| CN104462997B (en) * | 2014-12-04 | 2017-05-24 | 北京奇虎测腾科技有限公司 | Method, device and system for protecting work data in mobile terminal |
| CN104850787B (en) * | 2015-02-11 | 2018-06-05 | 数据通信科学技术研究所 | Based on the high mobile terminal operating system and its implementation for ensureing kernel module |
| CN105743874A (en) * | 2015-05-13 | 2016-07-06 | 乐视移动智能信息技术(北京)有限公司 | Privacy data information processing method and system |
| CN105404827B (en) * | 2015-12-24 | 2018-11-06 | 北京奇虎科技有限公司 | The method, apparatus and system communicated between control application program |
| CN105975859B (en) * | 2015-12-29 | 2019-04-16 | 武汉安天信息技术有限责任公司 | A kind of method and system of assistant analysis malicious code |
| CN105610671A (en) * | 2016-01-11 | 2016-05-25 | 北京奇虎科技有限公司 | Terminal data protection method and device |
| CN106127073B (en) * | 2016-06-21 | 2023-05-05 | 浙江集研信息科技有限公司 | User operation information protection method |
| CN106250072A (en) * | 2016-07-26 | 2016-12-21 | 北京明朝万达科技股份有限公司 | A kind of mobile terminal safety Method of printing and system |
| CN106453526A (en) * | 2016-09-27 | 2017-02-22 | 北京奇虎科技有限公司 | Mobile terminal and short message secrecy maintaining method and device |
| CN107819871B (en) * | 2017-11-22 | 2020-12-25 | 北京小米移动软件有限公司 | Application state determination method and device |
| CN110489947B (en) * | 2019-07-05 | 2022-07-15 | 北京中电飞华通信股份有限公司 | Safe office management and control system |
| CN111339543B (en) * | 2020-02-27 | 2023-07-14 | 深信服科技股份有限公司 | File processing method and device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102892094A (en) * | 2011-07-19 | 2013-01-23 | 米特尔网络公司 | Systems and methods for determining a network relationship between mobile devices |
| CN102905248A (en) * | 2011-07-29 | 2013-01-30 | 米特尔网络公司 | System for dynamic assignment of mobile subscriber identities and method thereof |
| CN103309790A (en) * | 2013-07-04 | 2013-09-18 | 福建伊时代信息科技股份有限公司 | Method and device for monitoring mobile terminal |
| CN103390124A (en) * | 2012-05-08 | 2013-11-13 | 迪斯克雷蒂克斯科技公司 | Device, system, and method of secure entry and handling of passwords |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140189356A1 (en) * | 2011-12-29 | 2014-07-03 | Intel Corporation | Method of restricting corporate digital information within corporate boundary |
-
2013
- 2013-12-20 CN CN201310713538.2A patent/CN103647784B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102892094A (en) * | 2011-07-19 | 2013-01-23 | 米特尔网络公司 | Systems and methods for determining a network relationship between mobile devices |
| CN102905248A (en) * | 2011-07-29 | 2013-01-30 | 米特尔网络公司 | System for dynamic assignment of mobile subscriber identities and method thereof |
| CN103390124A (en) * | 2012-05-08 | 2013-11-13 | 迪斯克雷蒂克斯科技公司 | Device, system, and method of secure entry and handling of passwords |
| CN103309790A (en) * | 2013-07-04 | 2013-09-18 | 福建伊时代信息科技股份有限公司 | Method and device for monitoring mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103647784A (en) | 2014-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103647784B (en) | A kind of method and apparatus of public and private isolation | |
| CN109460660B (en) | Mobile device safety management system | |
| CN103812871B (en) | Development method and system based on mobile terminal application program security application | |
| US20070186115A1 (en) | Dynamic Password Authentication System and Method thereof | |
| EP1804418A1 (en) | A dynamic password authentication system and the method thereof | |
| CN104662870A (en) | Data security management system | |
| KR101387600B1 (en) | Electronic file sending method | |
| CN103559455A (en) | Android device personal information protection method based on user identification | |
| CN103390026A (en) | Mobile intelligent terminal security browser and working method thereof | |
| CN105975867B (en) | A kind of data processing method | |
| CN104462997A (en) | Method, device and system for protecting work data in mobile terminal | |
| US20180330120A1 (en) | Stacked Encryption | |
| WO2015085906A1 (en) | Method and device for enterprise data protection | |
| US20110196953A1 (en) | Contact manager method and system | |
| CN104318286A (en) | NFC label data management method and system and terminal | |
| CN106027530A (en) | Instant message encryption system based on smartphone and implementation method thereof | |
| Rottermanner et al. | Privacy and data protection in smartphone messengers | |
| US20160316330A1 (en) | Method and device for business and private region separation | |
| CN103684780B (en) | Domain-based file encryption protection method | |
| JP5678150B2 (en) | User terminal, key management system, and program | |
| Tully et al. | Mobile security: a practitioner’s perspective | |
| CN104850798A (en) | Strategy-customized android equipment privacy protection system and realizing method therefor | |
| CN109033872A (en) | A kind of secure operating environment building method of identity-based | |
| WO2015080571A1 (en) | Secure single sign-on exchange of electronic data | |
| Wang et al. | MobileGuardian: A security policy enforcement framework for mobile devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220725 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |