CN103685266B - The guard method of business data and device - Google Patents

The guard method of business data and device Download PDF

Info

Publication number
CN103685266B
CN103685266B CN201310666504.2A CN201310666504A CN103685266B CN 103685266 B CN103685266 B CN 103685266B CN 201310666504 A CN201310666504 A CN 201310666504A CN 103685266 B CN103685266 B CN 103685266B
Authority
CN
China
Prior art keywords
event
workspace
record
user
message registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310666504.2A
Other languages
Chinese (zh)
Other versions
CN103685266A (en
Inventor
王力
王鹏程
李旋
刘伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qizhi Business Consulting Co ltd
Beijing Qihoo Technology Co Ltd
360 Digital Security Technology Group Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201310666504.2A priority Critical patent/CN103685266B/en
Publication of CN103685266A publication Critical patent/CN103685266A/en
Priority to US15/103,531 priority patent/US20160316330A1/en
Priority to PCT/CN2014/087815 priority patent/WO2015085819A1/en
Priority to PCT/CN2014/093391 priority patent/WO2015085906A1/en
Application granted granted Critical
Publication of CN103685266B publication Critical patent/CN103685266B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The invention provides guard method and the device of a kind of business data.The method includes: set up the workspace for storing business data in the terminal;Wherein, the mode of the data acquisition encryption of workspace preserves;System event is monitored, and judges whether system event meets enterprise or the rule of user's setting;When system event meet that enterprise or user set regular when, perform and the corresponding operation of this event in workspace.By the invention it is possible to avoid the leakage of the business data causing due to the attack of rogue program, even if mobile terminal is lost, owing to workspace is encrypted, other people can not read and obtain business data, it is ensured that the security of business data, and can not be obtained by the malicious programs.

Description

The guard method of business data and device
Technical field
The present invention relates to information security field, particularly relate to guard method and the device of a kind of business data.Background skill Art
With intelligent terminal maturation with universal, the individual intelligent terminal with mobile phone, flat board as representative progresses into Enterprise field.Following enterprise will support that employee runs enterprise's office application program on individual mobile terminal, this kind of is referred to as The phenomenon of BYOD (Bring Your Own Device, from carrying device office) is enterprise security and management brings new challenge.
In this case, owing to allowing employee to be handled official business easily by mobile terminal, mobile terminal need to preserve use In the business data of work, such as mail, short message, message registration, associated person information etc., also can preserve the individual of user simultaneously Data.
But, owing to there is following situation: first, the mobile terminal of enterprise staff can be at any time and any place Accessing mobile Internet or public/home network, the business data in mobile terminal is also exposed to the attack from internet Under, there is safety defect.Second, existing individual application on same mobile terminal, there is again enterprise to apply and data, individual application Can arbitrarily access, access business data, thus there is the wind that business data is illegally uploaded by individual application, shares and leak Danger.3rd, mobile terminal is easily lost, and therefore the enterprise's sensitive data being preserved in mobile terminal also faces risk of divulging a secret, if Standby loss not only means leakage and the loss of sensitive commercial information, and lost equipment is likely to become attack enterprise network Springboard.4th, in today that mobile Internet becomes more and more popular, assailants have begun to be turned to sight line by PC Mobile terminal.Mobile terminal becomes the new hotbed growing security risk, easily becomes the springboard of hacker attacks infiltration corporate intranet.
Therefore, under present circumstances, the mode in mobile terminal, the private data confusion of business data and user deposited, Poor stability, easily causes business data and leaks and bring risk of divulging a secret, and business data is easily obtained by rogue program.
Content of the invention
In view of the above problems, it is proposed that the present invention in case provide one overcome the problems referred to above or at least in part solve on State the guard method being suitable to business data and the correspondingly device of problem.
According to one aspect of the present invention, provide the guard method of a kind of business data, comprising:
Set up the workspace for storing business data in the terminal;Wherein, the data acquisition of workspace is encrypted Mode preserves;
System event is monitored, and judges whether system event meets enterprise or the rule of user's setting;
When system event meet that enterprise or user set regular when, perform and the corresponding behaviour of this event in workspace Make.
Alternatively, the rule that enterprise sets includes: the enterprise that corresponding contact person sets in enterprise with system event leads to In news record;
The rule that user sets includes: corresponding contact person imports to the logical of workspace in individual subscriber with system event In news record.
Alternatively, system event is monitored, and judges whether the rule meeting enterprise or user's setting, comprising:
System event is monitored, it is judged that whether corresponding contact person is working relation people with system event;
Wherein, working relation is artificially in enterprise's address list that enterprise sets or is in individual subscriber and imports to workspace Address list in contact person.
Alternatively, system event include following in any one:
Receive note, send note, call, receive calls, missed call occurs.
Alternatively, it when system event is for calling or receiving calls, is monitored including to system event:
Carry out event reception by the radio receiver specified in operating system, when an event is received, it is determined that currently send out Life calls event or the event that receives calls with described event is corresponding.
Alternatively, the described radio receiver specified is PhoneStateReceiver radio receiver.
Alternatively, when system event is for receiving note, when system event meet that enterprise or user set regular when, Perform and the corresponding operation of this event in workspace, comprising:
As the outbox of note artificial working relation people, intercept this note and enter system inbox, and this note is stored In workspace.
Alternatively, when system event is for sending note, when system event meet that enterprise or user set regular when, Perform and the corresponding operation of this event in workspace, comprising:
As the addressee of note artificial working relation people, intercept the transmission record entrance system outbox of this note, and will The transmission record of this note stores in workspace.
Alternatively, when system event is for calling, when system event meet that enterprise or user set regular when, Perform and the corresponding operation of this event in workspace, comprising:
When phone is transferred to for the address list by being saved in workspace, this calling record of operating system record is deleted Remove, and record in workspace.
Alternatively, before this calling record of operating system record is deleted, also include:
Judge whether user is already provided in the message registration of operating system the message registration showing working relation people;
This calling record of operating system record is deleted, comprising:
When the message registration being not disposed on operating system shows the message registration of working relation people, operating system is remembered This calling record of record is deleted.
Alternatively, when system event is for receiving calls, when system event meet that enterprise or user set regular when, Perform and the corresponding operation of this event in workspace, comprising:
When the caller ID of phone is working relation number, the message registration producing that receives calls this time is in operation system The message registration of system is deleted, and copies in workspace.
Alternatively, when the caller ID receiving calls overlaps with the contact number in the address list of operating system, Before the message registration producing that receives calls this time is deleted in the message registration of operating system, also include:
The message registration producing that prompts the user whether to receive calls this time is deleted in the message registration of operating system;
The message registration producing that receives calls this time is deleted in the message registration of operating system, comprising:
When user selects to delete, the message registration producing that receives calls this time is deleted in the message registration of operating system Remove.
Alternatively, when system event is for occurring missed call, when system event meets enterprise or the rule of user's setting When, perform and the corresponding operation of this event in workspace, comprising:
When the caller ID of missed call is working relation number, by the record of this missed call in operating system Message registration is deleted, and copies in workspace.
Alternatively, when the caller ID of missed call overlaps with the contact number in the address list of operating system, Before the record of this missed call is deleted in the message registration of operating system, also include:
Prompt the user whether in the message registration of operating system, delete the record of this missed call;
The record of this missed call is deleted in the message registration of operating system, comprising:
When user selects to delete, the record of this missed call is deleted in the message registration of operating system.
Alternatively, the method also includes:
When the data in user workspace to be accessed, prompting user inputs PUK;
Whether correct receive and verify the PUK that user inputs;
When the PUK of user's input is correct, it is allowed to user accesses the data in workspace.
According to one aspect of the present invention, additionally provide the protection device of a kind of business data, comprising:
Set up module, be configured to set up the workspace for storing business data in the terminal;Wherein, workspace The mode of data acquisition encryption preserves;
Monitoring modular, is configured to be monitored system event, and judges whether system event meets enterprise or user sets Fixed rule;
Perform module, be configured to when system event meet that enterprise or user set regular when, perform in workspace and The corresponding operation of this event.
Alternatively, the rule that enterprise sets includes: the enterprise that corresponding contact person sets in enterprise with system event leads to In news record;
The rule that user sets includes: corresponding contact person imports to the logical of workspace in individual subscriber with system event In news record.
Alternatively, monitoring modular is configured to be monitored system event, it is judged that corresponding contact person is with system event No for working relation people;
Wherein, working relation is artificially in enterprise's address list that enterprise sets or is in individual subscriber and imports to workspace Address list in contact person.
Alternatively, system event include following in any one:
Receive note, send note, call, receive calls, missed call occurs.
Alternatively, when system event is for calling or receiving calls, described monitoring modular is configured to according to as follows System event is monitored by mode:
Carry out event reception by the radio receiver specified in operating system, when an event is received, it is determined that currently send out Life calls event or the event that receives calls with described event is corresponding.
Alternatively, the described radio receiver specified is PhoneStateReceiver radio receiver.
Alternatively, when system event is for receiving note, perform module and be configured to when the artificial working relation of the outbox of note During people, intercept this note and enter system inbox, and store this note in workspace.
Alternatively, when system event is for sending note, perform module and be configured to when the artificial working relation of the addressee of note During people, intercept the transmission record entrance system outbox of this note, and store the transmission record of this note in workspace.
Alternatively, when system event is for calling, perform module and be configured to when phone is for by being saved in workspace In address list when transfering to, this calling record of operating system record is deleted, and records in workspace.
Alternatively, this device also includes:
Judge module, is configured to judge whether user is already provided in the message registration of operating system and shows working relation people Message registration;
Perform module to be additionally configured to when the call note showing working relation people in the message registration being not disposed on operating system During record, this calling record of operating system record is deleted.
Alternatively, when system event is for receiving calls, perform module and be configured to when the caller ID of phone is work connection When being number, the message registration producing that receives calls this time is deleted in the message registration of operating system, and copies to work Qu Zhong.
Alternatively, when the caller ID receiving calls overlaps with the contact number in the address list of operating system, dress Put and also include:
First reminding module, is configured to prompt the user whether this time to receive calls the message registration producing in operating system Message registration in delete;
Performing module and being additionally configured to when user selects to delete, the message registration producing that receives calls this time is in operation system The message registration of system is deleted.
Alternatively, when system event is for occurring missed call, perform module and be configured to the caller ID when missed call During for working relation number, the record of this missed call is deleted in the message registration of operating system, and copies to work Qu Zhong.
Alternatively, when the caller ID of missed call overlaps with the contact number in the address list of operating system, dress Put and also include:
Second reminding module, is configured to prompt the user whether to remember the record of this missed call in the call of operating system Record is deleted;
Perform module and be additionally configured to when user selects to delete, by the record of this missed call in the call of operating system Record is deleted.
Alternatively, this device also includes:
3rd reminding module, is configured to when the data in user workspace to be accessed, and prompting user inputs PUK;
Authentication module, is configured to receive and verifies that whether the PUK that user inputs is correct;
Access modules, is configured to when the PUK of authentication module checking user's input is correct, it is allowed to user accesses work Data in district.
The invention provides guard method and the device of a kind of business data, by setting up storage enterprise in the terminal The workspace of data, and cryptographically preserve, system event is monitored, when the rule meeting enterprise or user's setting simultaneously When then, perform and the corresponding operation of this event in workspace.Visible, the present invention can avoid owing to the attack of rogue program is made The leakage of the business data becoming, even if mobile terminal is lost, owing to workspace is encrypted, other people can not read and obtain enterprise Data, it is ensured that the security of business data, and can not be obtained by the malicious programs.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, the feature and advantage can Become apparent, below the detailed description of the invention especially exemplified by the present invention.
Brief description
By reading the detailed description of hereafter preferred embodiment, various other advantage and benefit common for this area Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of preferred embodiment, and is not considered as to the present invention Restriction.And it in whole accompanying drawing, is denoted by the same reference numerals identical parts.In the accompanying drawings:
Fig. 1 is the guard method flow chart of a kind of according to an embodiment of the invention business data;
Fig. 2 is the concrete guard method flow chart of a kind of according to an embodiment of the invention business data;
Fig. 3 is the protection device structured flowchart of a kind of according to an embodiment of the invention business data;
Fig. 4 is a kind of concrete application scenarios signal of the protection device of business data according to an embodiment of the invention Figure.
Detailed description of the invention
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although accompanying drawing shows the disclosure Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and the enforcement that should not illustrated here Example is limited.On the contrary, these embodiments are provided to be able to thoroughly understand the disclosure, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
Wherein, in the present invention and following the present embodiment, workspace and individual district can be defined as follows:
Workspace and individual district definition, equipment use during, for convenience the personal information in management equipment and Work data, can mark a part of disk storage space in a device, configure new authority information, may be used for storage and pipe Reason work data.And the remaining disk storage space of this equipment, may be used for storage, management personal information or other data, Remaining disk storage space can have initial authority information.Comparatively speaking, the disk storage space of work data is stored Workspace can be referred to as, and the disk storage space storing personal information can be referred to as individual district.
Additionally, for convenience of operation, individual district and workspace can have different UI(User Interface, Yong Hujie Face), but some system file can be used in conjunction with.
User's most of the time may relate to the operation in individual district, and the fewer time relates to the operation of workspace. When relating to the operation of workspace, owing to the reasons such as rest need actively to be encrypted equipment, or owing to equipment does not has very much for a long time There is operation information to be automatically encrypted, after equipment encryption, again solve secret meeting return to workspace, need to carry out the power in individual district The deciphering of limit information, then it is operated the deciphering of the authority information in district, workspace could be entered.If now user is not intended to back Then need the district that deactivates again to workspace, operate very loaded down with trivial details, but the deciphering directly saving workspace authority information again can There is potential safety hazard.
Embodiment one
Embodiments provide the guard method of a kind of business data.The protection device to business data for the method is entered Go improvement.In the present embodiment, the protection device of business data may be mounted on multiple portable sets of user, for example, swim Play console, laptop computer, portable electronic device, board type computer, tablet PC, PDA, mobile computer, And mobile phone etc..
Wherein, the input type of user can be to slidably input, and gesture inputs, touch input, and phonetic entry.
Fig. 1 is the guard method flow chart of a kind of according to an embodiment of the invention business data, and the method includes step Rapid S102 to S106.
S102, sets up the workspace for storing business data in the terminal;Wherein, the data acquisition of workspace is with adding Close mode preserves.
S104, is monitored to system event, and judges whether system event meets enterprise or the rule of user's setting.
S106, when system event meet that enterprise or user set regular when, in workspace, execution is corresponding with this event Operation.
Embodiments provide the guard method of a kind of business data, by setting up storage enterprise in the terminal The workspace of data, and cryptographically preserve, system event is monitored, when the rule meeting enterprise or user's setting simultaneously When then, perform and the corresponding operation of this event in workspace.Visible, the embodiment of the present invention provide method can avoid due to The leakage of the business data that the attack of rogue program causes, even if mobile terminal is lost, owing to workspace is encrypted, other people are also Can not read and obtain business data, it is ensured that the security of business data, and can not be obtained by the malicious programs.
Embodiment two
The present embodiment is a kind of concrete application scenarios of above-described embodiment one, by the present embodiment, and can clearer, tool Body ground illustrates method provided by the present invention.
Fig. 2 is the concrete guard method flow chart of a kind of according to an embodiment of the invention business data, the method bag Include step S201 to S212.
Business data in mobile terminal to be protected by the embodiment of the present invention, and this is accomplished by first coming step S201, sets up a workspace for storing business data in the terminal.
In the present embodiment, the purpose setting up this workspace is produced data in storage work, it is achieved by workspace In data with individual district data carry out isolated storage, in order to the data in workspace are managed.
Alternatively, in order to ensure the safety of workspace data, the mode of the data acquisition encryption of workspace preserves, and uses Family can arrange unlocking pin for the data of workspace, when the PUK of user's input is correct, just allows user to access work Data in district.
As a example by Android system, when the data of workspace are arranged unlocking pin and isolate preservation, can take Following manner:
Being respectively created and record the individual district of user and the Launcher of workspace, before display desktop, prompting user is defeated Enter password.If it is legal that user is operated logining of district, then start workspace Launcher, provide the user with the table of workspace Face, user can enter the application in workspace by this desktop;If user logs in, then from the individual district selecting acquiescence Launcher starts, and user enters the application in individual district by the Launcher of this acquiescence, to reach workspace and individual district Isolation.
Wherein, Launcher is the starter in tall and erect system or desktop, can the icon from desktop enter other should With.
It follows that step S202, system event is monitored, and judge whether this system event meets and look forward in advance The rule that industry or user set.If meeting, perform and the corresponding operation of this event in workspace.If not meeting, then individual District performs and the corresponding operation of system event.
Alternatively, involved in the present embodiment system event can include receive note, send note, call, The event receiving calls, occurring the mobile terminal such as missed call, receiving and dispatching mail to support.
In the present embodiment, in order to preferably the data of workspace are managed, mobile terminal can set in advance Putting two different address lists, wherein, one is the enterprise's address list for work, personal communication's record that another is user, Address list can be preserved the contact methods such as the phone of contact person, mailbox, instant messaging.
Wherein, enterprise's address list is arranged in above-mentioned workspace, is stored with related to this user job in enterprise's address list Contact person, for example, the contact person that enterprise's address list includes can be whole colleagues of department residing for this user.
In addition, for convenience enterprise's address list be managed and update, this enterprise's address list can also and server end Synchronization, i.e. enterprise's address list of user then timing can be synchronized renewal according to server, for example, and enterprise address list management people Member has been newly added contact person, then this contact person also can be updated in enterprise's address list of user.
It should be noted that be in the user of identical department, its faced by working relation people be often different, example As administration department belonging to user A, it is more close with the work dealing of Human Resources Department, user B also affiliated administration department, and Er Qiyu is international The work dealing in portion is more close, and the working relation people that this department that often only can be stored with in enterprise's address list is common, no Can be fully contemplated by each colleague faced by working relation people.
So, the present embodiment is in order to meet the demand of different user, in workspace, removes the above-mentioned enterprise address list that is stored with Outside, the contact person that individual subscriber imports can also be stored, these contact persons can in close relations with this user job and The contact person of non-this department.
For example, administration department belonging to user A, and its work dealing with Human Resources Department is more close, at this moment, user A can be by The All Contacts of Human Resources Department imports to workspace, and now, the contact person in enterprise's address list imports to work with A people of user Contact person in district together constitutes the working relation people of user A.Further for example, user B also affiliated administration department, and itself and the International Department Work dealing more close, at this moment, the All Contacts of the International Department then can be imported to workspace by user B, now, enterprise Contact person in address list and B people of user import to the working relation people that the contact person in workspace together constitutes user B.
Visible, the setting of individual importing contact person enables to different users and sets work according to the demand of himself The contact person in district, user-friendly, also ensure that the safety of business data simultaneously.
From unlike the workspace address list of foregoing description, personal communication record be arranged on nonclient area, can include with The related contact person of individual subscriber, for example, relatives, friend etc..But, the contact person of workspace can record with user personal communication In contact person can overlap, for example, contact person A is the colleague of this user, is also the friend of this user, then contact person A can To be stored in enterprise's address list and personal communication's record simultaneously, to ensure the safety of business data.
To sum up, step S202 judge whether this system event meets enterprise in advance or user sets regular when, specifically Can judge as follows:
System event is monitored, it is judged that whether corresponding contact person is working relation people with system event.When for work When making contact person, confirming to meet preset rules, now, the classification according to system event performs corresponding operation in workspace.When When not for working relation people, confirm that not meeting preset rules meets, and now, holds in nonclient area according to the classification of system event The corresponding operation of row.
Wherein, working relation is artificially in enterprise's address list that above-mentioned enterprise sets or is in the importing of above-mentioned individual subscriber Contact person in the address list of workspace.
The present embodiment introduces this method in detail in order to more clear, existing with system event be receive note, send note, Call, receive calls, there is missed call as a example by be specifically introduced.Introduce above-mentioned five kinds of system events separately below During generation, the concrete of this method performs process.
The first situation, system event is for receiving short message event.
When system event is for receiving short message event, step S202 judges and whether receives the corresponding contact person of short message event For working relation people.When being working relation people, step S203, when not being working relation people, then step S204.
Step S203, intercepts this note and enters system inbox, and store this note in workspace.
In the present embodiment, during in workspace, the note record of preservation can also be uploaded onto the server, it is simple to the pipe of keeper Reason operation.
This note is stored in system inbox by step S204.
Step S203 intercepts this note and enters system inbox, and this note stores the operation in workspace, it is achieved The separation of public and private data, it is to avoid the letter related to work is in maliciously to be checked in the system inbox of user, from And ensure that the safety of business data.
The second situation, system event is for sending short message event.
When system event is for sending short message event, step S202 judges and whether sends the corresponding contact person of short message event For working relation people.When being working relation people, step S205, when not being working relation people, then step S206.
Step S205, intercepts the transmission record entrance system outbox of this note, and by the transmission record storage of this note In workspace.
In the present embodiment, during in workspace, the short message sending record of preservation can also be uploaded onto the server, it is simple to keeper Management operation.
The transmission record of this note is stored system inbox by step S206.
Step S205 intercepts the transmission record entrance system outbox of this note, and by the transmission record storage of this note to Operation in workspace, it is achieved that the separation of public and private data, it is to avoid be in the system outbox of user to related the transmitting that work Case is maliciously checked, thus be ensure that the safety of business data.
The third situation, system event is for calling event.
When system event is for calling event, step S202 judges and whether calls the corresponding contact person of event For working relation people.When being working relation people, step S207, when not being working relation people, then step S208.
This calling record of operating system record is deleted, and is recorded in workspace by step S207.
In the present embodiment, during in workspace, the telephone call record of preservation can also be uploaded onto the server, it is simple to keeper Management operation.
Step S208, stores in the calling record of operating system at this calling record.
It should be noted that so that user conveniently checks calling record, in step S207 by operating system record Before this calling record is deleted, can also include operating as follows:
Judge whether user is already provided in the message registration of operating system the message registration showing working relation people.When not It is arranged in the message registration of operating system when showing the message registration of working relation people, by step S207, operating system is remembered This calling record of record is deleted.When the message registration being arranged on operating system shows the message registration of working relation people, then It is shown in this calling record in the message registration of operating system, and be recorded simultaneously in workspace.
In the present embodiment, according to different demands, user can be respectively provided with the call note of each contact person in workspace Whether record is shown in system message registration, it is also possible to carries out unifying to arrange, is i.e. arranged to whole message registration and is shown in system In message registration or whole message registration does not appears in system message registration.
4th kind of situation, system event is the event of receiving calls.
When system event for receive calls event when, step S202 judges and whether receives calls the corresponding contact person of event For working relation people.When being working relation people, step S209, when not being working relation people, then step S210.
Step S209, the message registration producing that receives calls this time is deleted in the message registration of operating system, and is answered Make in described workspace.
As a example by Android system, for when system event is for calling or receiving calls, the call to operating system The maintenance (copy and transfer) of record, can be in the following way:
Receive the event called and receive calls by PhoneStateReceiver radio receiver, when generation is dialled Make a phone call or receive calls event when, start CallLogObserverService service message registration is safeguarded, including The copy of message registration and transfer operation.
When starting CallLogObserverService service, can be taken by the startService that operating system provide Pragmatic existing.
Wherein, PhoneStateReceiver radio receiver receives and can lead to for the event called and receive calls Cross following code to realize:
Specifically, before starting CallLogObserverService service, in addition it is also necessary to obtain and operating system is led to The access limit of news record, can be in the following way:
The authority used is stated in androidmanifest.xml:
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
Wherein, can be realized by CallLogObserverService service when carrying out the copy of message registration:
Have registered one during CallLogObserverService service starts and monitor service ContentObserver, and the Handler of processing variation;
(its URI is in the change of the message registration database of monitoring service ContentObserver term monitoring system Android.provider.CallLog.Calls.CONTENT_URI), when there being the variation of message registration, this is called The onChange method of Handler, updates the message registration database of workspace.
In the present embodiment, during in workspace, the telephone receiving record of preservation can also be uploaded onto the server, it is simple to keeper Management operation
Step S210, answers this in message registration that record is stored in operating system.
It should be noted that when the caller ID receiving calls overlaps with the contact number in the address list of operating system When, this time received calls before the message registration producing deletes in the message registration of operating system in step S209, also may be used To include operating as follows:
The message registration producing that prompts the user whether to receive calls this time is deleted in the message registration of operating system.When When user selects to delete, by step S209, this time is received calls the message registration producing in the message registration of operating system Delete.When user selects not delete, then this time is answered in the message registration that record is stored in operating system, and copy to work Make in district.
Above-mentioned prompting user operation can realize preserving according to the different demands of user or delete message registration, it is ensured that User operation is also allowed for while workspace Information Security.
5th kind of situation, system event is missed call event.
When system event is missed call event, with the corresponding contact person of missed call event whether step S202 judge For working relation people.When being working relation people, step S211, when not being working relation people, then step S212.
The record of this missed call is deleted in the message registration of operating system by step S211, and copies to described In workspace.
In the present embodiment, during in workspace, the missed call record of preservation can also be uploaded onto the server, it is simple to keeper Management operation
Step S212, is stored in the record of this missed call in the message registration of operating system.
It should be noted that when the caller ID of missed call overlaps with the contact number in the address list of operating system When, step S211 by this missed call record in the message registration of operating system delete before, can also include as Under:
Prompt the user whether in the message registration of operating system, delete the record of this missed call.When user selects During deletion, by step S211, the record of this missed call is deleted in the message registration of operating system.When user selects When not deleting, then this time is not connect in the message registration that record is stored in operating system, and copy in workspace.
It it should be noted that the above-mentioned five kinds of described system events of this enforcement are exemplary, is not limiting as this The scope that bright embodiment is protected, the model that the system event that other mobile terminals can be supported also is protected in the embodiment of the present invention Within enclosing.
Embodiments provide the guard method of a kind of business data, by setting up storage enterprise in the terminal The workspace of data, and cryptographically preserve, system event is monitored, when the rule meeting enterprise or user's setting simultaneously When then, perform and the corresponding operation of this event in workspace.Visible, method that the embodiment of the present invention is provided can avoid by In the leakage of the business data that the attack of rogue program causes, even if mobile terminal is lost, owing to workspace is encrypted, other people Can not read and obtain business data, it is ensured that the security of business data, and can not be obtained by the malicious programs.
Embodiment three
Fig. 3 is the protection device structured flowchart of a kind of business data that one embodiment of the invention provides, and this device 300 wraps Include:
Set up module 310, be configured to set up the workspace for storing business data in the terminal;Wherein, work The mode of the data acquisition encryption in district preserves;
Monitoring modular 320, is configured to be monitored system event, and judges whether system event meets enterprise or user The rule setting;
Perform module 330, be configured to when system event meet that enterprise or user set regular when, execution in workspace The corresponding operation with this event.
Alternatively, the rule that enterprise sets includes: the enterprise that corresponding contact person sets in enterprise with system event leads to In news record;
The rule that user sets includes: corresponding contact person imports to the logical of workspace in individual subscriber with system event In news record.
Alternatively, monitoring modular 320 is configured to be monitored system event, it is judged that the corresponding contact person with system event It whether is working relation people;
Wherein, working relation is artificially in enterprise's address list that enterprise sets or is in individual subscriber and imports to workspace Address list in contact person.
Alternatively, system event include following in any one:
Receive note, send note, call, receive calls, missed call occurs.
Alternatively, when system event is for calling or receiving calls, monitoring modular 320 is configured to according to such as lower section System event is monitored by formula:
Carry out event reception by the radio receiver specified in operating system, when an event is received, it is determined that currently send out Life calls event or the event that receives calls with event is corresponding.
Alternatively, it is intended that radio receiver be PhoneStateReceiver radio receiver.
Alternatively, when system event is for receiving note, perform module 330 and be configured to artificially work connection when the outbox of note When being people, intercept this note and enter system inbox, and store this note in workspace.
Alternatively, when system event is for sending note, perform module 330 and be configured to artificially work connection when the addressee of note When being people, intercept the transmission record entrance system outbox of this note, and store the transmission record of this note in workspace.
Alternatively, when system event is for calling, perform module 330 and be configured to when phone is for by being saved in work When address list in district is transferred to, this calling record of operating system record is deleted, and records in workspace.
Alternatively, this device 300 also includes:
Judge module 340, is configured to judge whether user is already provided in the message registration of operating system and shows that work joins It is the message registration of people;
Perform module 330 to be additionally configured to when the call showing working relation people in the message registration being not disposed on operating system During record, this calling record of operating system record is deleted.
Alternatively, when system event is for receiving calls, perform module 330 and be configured to when the caller ID of phone is work During contact number, the message registration producing that receives calls this time is deleted in the message registration of operating system, and copies to work Make in district.
Alternatively, when the caller ID receiving calls overlaps with the contact number in the address list of operating system, dress Put and also include:
First reminding module 350, is configured to prompt the user whether this time to receive calls the message registration producing in operation The message registration of system is deleted;
Performing module 330 to be additionally configured to when user selects to delete, the message registration producing that receives calls this time is behaviour Make the message registration of system is deleted.
Alternatively, when system event is for occurring missed call, perform module 330 and be configured to the incoming call number when missed call When code is for working relation number, the record of this missed call is deleted in the message registration of operating system, and copies to work Make in district.
Alternatively, when the caller ID of missed call overlaps with the contact number in the address list of operating system, dress Put and also include:
Second reminding module 360, is configured to prompt the user whether record the leading in operating system of this missed call Words record is deleted;
Perform module 330 and be additionally configured to when user selects to delete, by the record of this missed call in operating system Message registration is deleted.
Alternatively, this device 300 also includes:
3rd reminding module 370, is configured to when the data in user workspace to be accessed, and prompting user inputs unblock Code;
Authentication module 380, is configured to receive and verifies that whether the PUK that user inputs is correct;
Access modules 390, is configured to when authentication module 380 verifies that the PUK that user inputs is correct, it is allowed to Yong Hufang Ask the data in workspace.
As shown in Figure 4, a kind of concrete application scenarios of the protection device being provided by the embodiment of the present invention, comprising:
Employee's equipment, this employee's equipment is equivalent to the protection device of the business data that the embodiment of the present invention is provided, member Can be provided with enterprise's private system in construction equipment, this enterprise's private system includes:
Mailing system, operation system and OA(Office Automation, office automation) system.
Said system is saved in the workspace in employee's equipment, for preserving business data, Yong Huke in the way of encryption By inputting password, the business data in enterprise's private system is conducted interviews.
Meanwhile, employee's equipment cloud service privately owned with nature's mystery enterprise is connected, and preserves cloud security service in this cloud service, can be by The rule (rule that for example enterprise sets) of cloud security service is pushed to employee's equipment, the rule that employee's equipment need to set according to enterprise It is then operated district and the isolation of individual district data, to reach the safety of business data.
Further, enterprise administrator can set the rule of cloud security service in the privately owned cloud service of nature's mystery enterprise.
Embodiments provide the protection device of a kind of business data, by setting up storage enterprise in the terminal The workspace of data, and cryptographically preserve, system event is monitored, when the rule meeting enterprise or user's setting simultaneously When then, perform and the corresponding operation of this event in workspace.Visible, device that the embodiment of the present invention is provided can avoid by In the leakage of the business data that the attack of rogue program causes, even if mobile terminal is lost, owing to workspace is encrypted, other people Can not read and obtain business data, it is ensured that the security of business data, and can not be obtained by the malicious programs.
In specification mentioned herein, illustrate a large amount of detail.It is to be appreciated, however, that the enforcement of the present invention Example can be put into practice in the case of not having these details.In some instances, it is not shown specifically known method, structure And technology, in order to do not obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, exist Above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes In example, figure or descriptions thereof.But, the method for the disclosure should be construed to reflect an intention that i.e. required guarantor The application claims protecting more feature than the feature being expressly recited in each claim.More precisely, it is such as following Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore, The claims following detailed description of the invention are thus expressly incorporated in this detailed description of the invention, wherein each claim itself All independent embodiments as the present invention.
Those skilled in the art are appreciated that and can carry out the module in the equipment in embodiment adaptively Change and they are arranged in one or more equipment different from this embodiment.Can be the module in embodiment or list Unit or assembly are combined into a module or unit or assembly, and can put them in addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit excludes each other, can use any Combination is to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed appoints Where all processes or the unit of method or equipment is combined.Unless expressly stated otherwise, this specification (includes adjoint power Profit requires, summary and accompanying drawing) disclosed in each feature the alternative features providing identical, equivalent or similar purpose can be carried out generation Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments In some included feature rather than further feature, but the combination of the feature of different embodiment means to be in the present invention's Within the scope of and form different embodiments.For example, in detail in the claims, embodiment required for protection one of arbitrarily Can mode use in any combination.
The all parts embodiment of the present invention can realize with hardware, or to run on one or more processor Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that and can use in practice Microprocessor or digital signal processor (DSP) realize in the protection device of business data according to embodiments of the present invention The some or all functions of some or all parts.The present invention is also implemented as performing method as described herein Part or all equipment or device program (for example, computer program and computer program).Such reality The program of the existing present invention can store on a computer-readable medium, or can have the form of one or more signal. Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or with any other form There is provided.
The present invention will be described rather than limits the invention to it should be noted above-described embodiment, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol that should not will be located between bracket is configured to limitations on claims.Word "comprising" does not excludes the presence of not Arrange element in the claims or step.Word "a" or "an" before being positioned at element does not excludes the presence of multiple such Element.The present invention can come in fact by means of the hardware including some different elements and by means of properly programmed computer Existing.If in the unit claim listing equipment for drying, several in these devices can be by same hardware branch Specifically embody.Word first, second and third use do not indicate that any order.These word explanations can be run after fame Claim.
So far, although those skilled in the art will appreciate that detailed the multiple of the present invention of illustrate and describing show herein Example embodiment, but, without departing from the spirit and scope of the present invention, still can be direct according to present disclosure Determine or derive other variations or modifications of many meeting the principle of the invention.Therefore, the scope of the present invention is it is understood that and recognize It is set to and cover other variations or modifications all these.
The present embodiment additionally provides the guard method of an A1. business data, comprising:
Set up the workspace for storing business data in the terminal;Wherein, the data acquisition of described workspace is with adding Close mode preserves;
System event is monitored, and judges whether described system event meets enterprise or the rule of user's setting;
When described system event meet that described enterprise or user set regular when, perform and this thing in described workspace The corresponding operation of part.
A2. the method described in root A1, wherein, the rule that described enterprise sets includes: corresponding with described system event It is that people is in enterprise's address list that described enterprise sets;
The rule that described user sets includes: corresponding contact person imports to work in individual subscriber with described system event Make in the address list in district.
A3. the method according to A2, wherein, described is monitored to system event, and judge whether to meet enterprise or The rule that user sets, comprising:
System event is monitored, it is judged that whether corresponding contact person is working relation people with described system event;
Wherein, described working relation is artificially in enterprise's address list that described enterprise sets or is in individual subscriber importing Contact person in the address list of workspace.
A4. the method according to A3, wherein, described system event include following in any one:
Receive note, send note, call, receive calls, missed call occurs.
A5. the method according to A4, wherein, when system event is for calling or receiving calls, described to system Event is monitored including:
Carry out event reception by the radio receiver specified in operating system, when an event is received, it is determined that currently send out Life calls event or the event that receives calls with described event is corresponding.
A6. the method according to A5, wherein, the described radio receiver specified is PhoneStateReceiver broadcast Receiver.
A7. the method according to A4, wherein, when described system event is for receiving note, when described system event symbol Close that described enterprise or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
As the outbox of described note artificial working relation people, intercept this note and enter system inbox, and by this note Store in described workspace.
A8. the method according to A4, wherein, when described system event is for sending note, when described system event symbol Close that described enterprise or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
As the addressee of described note artificial working relation people, intercept the transmission record entrance system outbox of this note, And store the transmission record of this note in described workspace.
A9. the method according to A4, wherein, when described system event is for calling, when described system event symbol Close that described enterprise or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
When described phone is transferred to for the address list by being saved in described workspace, by this group of operating system record Beat record to delete, and record in described workspace.
A10. the method according to A9, wherein, before described this calling record by operating system record is deleted, also Including:
Judge whether user is already provided in the message registration of operating system the message registration showing working relation people;
It is described by this calling record deletion of operating system record, comprising:
When the message registration being not disposed on operating system shows the message registration of working relation people, operating system is remembered This calling record of record is deleted.
A11. the method according to A4, wherein, when described system event is for receiving calls, when described system event symbol Close that described enterprise or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
When the caller ID of described phone is working relation number, the message registration producing that receives calls this time is behaviour Make the message registration of system is deleted, and copy in described workspace.
A12. the method according to A11, wherein, when in the address list with operating system for the caller ID receiving calls When contact number overlaps, delete in the message registration of operating system at the described message registration producing that this time received calls Before, also include:
The message registration producing that prompts the user whether to receive calls this time is deleted in the message registration of operating system;
The described message registration producing that receives calls this time is deleted in the message registration of operating system, comprising:
When user selects to delete, the message registration producing that receives calls this time is deleted in the message registration of operating system Remove.
A13. the method according to A4, wherein, when described system event is for occurring missed call, when described system thing Part meet that described enterprise or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
When the caller ID of described missed call is working relation number, by the record of this missed call in operation system The message registration of system is deleted, and copies in described workspace.
A14. the method according to A13, wherein, when in the caller ID of missed call with the address list of operating system When contact number overlaps, described, the record of this missed call before deletion, is gone back in the message registration of operating system Including:
Prompt the user whether in the message registration of operating system, delete the record of this missed call;
The described deletion in the message registration of operating system by the record of this missed call, comprising:
When user selects to delete, the record of this missed call is deleted in the message registration of operating system.
A15. the method according to any one of A1 to A14, also includes:
When user is intended to access the data in described workspace, prompting user inputs PUK;
Whether correct receive and verify the PUK that described user inputs;
When the PUK of user's input is correct, it is allowed to user accesses the data in described workspace.
The present embodiment also provides the B16. protection device of a business data, comprising:
Set up module, be configured to set up the workspace for storing business data in the terminal;Wherein, described work The mode of the data acquisition encryption in district preserves;
Monitoring modular, is configured to be monitored system event, and judges whether described system event meets enterprise or use The rule that family sets;
Perform module, be configured to when described system event meet that described enterprise or user set regular when, in described work Perform and the corresponding operation of this event in making district.
B17. the device according to B16, wherein, the rule that described enterprise sets includes: corresponding with described system event Contact person in enterprise's address list that described enterprise sets;
The rule that described user sets includes: corresponding contact person imports to work in individual subscriber with described system event Make in the address list in district.
B18. the device according to B17, wherein, described monitoring modular is configured to be monitored system event, it is judged that Whether corresponding contact person is working relation people with described system event;
Wherein, described working relation is artificially in enterprise's address list that described enterprise sets or is in individual subscriber importing Contact person in the address list of workspace.
B19. the device according to B18, wherein, described system event include following in any one:
Receive note, send note, call, receive calls, missed call occurs.
B20. the device according to B19, wherein, when system event is for calling or receiving calls, described monitoring Module is configured to be monitored system event as follows:
Carry out event reception by the radio receiver specified in operating system, when an event is received, it is determined that currently send out Life calls event or the event that receives calls with described event is corresponding.
B21. the device according to B20, wherein, the described radio receiver specified is that PhoneStateReceiver is wide Broadcast receiver.
B22. the device according to B19, wherein, when described system event is for receiving note, described execution module is joined It is set to as the outbox of described note artificial working relation people, intercept this note and enter system inbox, and this note is stored In described workspace.
B23. the device according to B19, wherein, when described system event is for sending note, described execution module is joined It is set to as the addressee of described note artificial working relation people, intercept the transmission record entrance system outbox of this note, and will The transmission record of this note stores in described workspace.
B24. the device according to B19, wherein, when described system event is for calling, described execution module is joined It is set to when described phone is for being transferred to by the address list that is saved in described workspace, this of operating system record is dialed note Record is deleted, and records in described workspace.
B25. the device according to B24, wherein, described device also includes:
Judge module, is configured to judge whether user is already provided in the message registration of operating system and shows working relation people Message registration;
Described execution module is additionally configured to work as and shows in the message registration being not disposed on operating system that working relation people's is logical During words record, this calling record of operating system record is deleted.
B26. the device according to B19, wherein, when described system event is for receiving calls, described execution module is joined Being set to when the caller ID of described phone is working relation number, the message registration producing that receives calls this time is in operation system The message registration of system is deleted, and copies in described workspace.
B27. the device according to B26, wherein, when in the address list with operating system for the caller ID receiving calls When contact number overlaps, described device also includes:
First reminding module, is configured to prompt the user whether this time to receive calls the message registration producing in operating system Message registration in delete;
Described execution module is additionally configured to when user selects to delete, and the message registration producing that receives calls this time is behaviour Make the message registration of system is deleted.
B28. the device according to B19, wherein, when for there is missed call in described system event, described execution mould Block is configured to when the caller ID of described missed call is working relation number, by the record of this missed call in operation system The message registration of system is deleted, and copies in described workspace.
B29. the device according to B28, wherein, when in the caller ID of missed call with the address list of operating system When contact number overlaps, described device also includes:
Second reminding module, is configured to prompt the user whether to remember the record of this missed call in the call of operating system Record is deleted;
Described execution module is additionally configured to when user selects to delete, by the record of this missed call in operating system Message registration is deleted.
B30. the device according to any one of B16 to B29, wherein, described device also includes:
3rd reminding module, is configured to when user is intended to access the data in described workspace, and prompting user inputs unblock Code;
Authentication module, is configured to receive and verifies that whether the PUK that described user inputs is correct;
Access modules, is configured to when the PUK of described authentication module checking user's input is correct, it is allowed to user accesses Data in described workspace.

Claims (26)

1. the guard method of a business data, comprising:
Set up the workspace for storing business data in the terminal;Wherein, the data acquisition of described workspace is encrypted Mode preserves;
System event is monitored, and judges whether described system event meets enterprise or the rule of user's setting;Wherein, look forward to The rule that industry sets includes that corresponding contact person is in enterprise's address list that described enterprise sets with described system event;User The rule setting includes that corresponding contact person imports in the address list of workspace in individual subscriber with described system event;
When described system event meet that described enterprise or user set regular when, perform and this event pair in described workspace The operation answered;
Wherein, described system event is monitored, and judges whether to meet enterprise or rule that user sets, comprising: to being System event is monitored, it is judged that whether corresponding contact person is working relation people with described system event;Described working relation people Import to the contact person in the address list of workspace for being in enterprise's address list that described enterprise sets or being in individual subscriber.
2. method according to claim 1, wherein, described system event include following in any one:
Receive note, send note, call, receive calls, missed call occurs.
3. method according to claim 2, wherein, when system event is for calling or receiving calls, described to being System event is monitored including:
Carry out event reception by the radio receiver specified in operating system, when an event is received, it is determined that current occur with Described event is corresponding calls event or the event that receives calls.
4. method according to claim 3, wherein, the described radio receiver specified is that PhoneStateReceiver is wide Broadcast receiver.
5. method according to claim 2, wherein, when described system event is for receiving note, when described system event Meet that described enterprise or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
As the outbox of described note artificial working relation people, intercept this note and enter system inbox, and this note is stored In described workspace.
6. method according to claim 2, wherein, when described system event is for sending note, when described system event Meet that described enterprise or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
As the addressee of described note artificial working relation people, intercept the transmission record entrance system outbox of this note, and will The transmission record of this note stores in described workspace.
7. method according to claim 2, wherein, when described system event is for calling, when described system event Meet that described enterprise or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
When described phone is for being transferred to by the address list that is saved in described workspace, this of operating system record is dialed note Record is deleted, and records in described workspace.
8. method according to claim 7, wherein, before described this calling record by operating system record is deleted, Also include:
Judge whether user is already provided in the message registration of operating system the message registration showing working relation people;
It is described by this calling record deletion of operating system record, comprising:
When the message registration being not disposed on operating system shows the message registration of working relation people, by operating system record This calling record is deleted.
9. method according to claim 2, wherein, when described system event is for receiving calls, when described system event Meet that described enterprise or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
When the caller ID of described phone is working relation number, the message registration producing that receives calls this time is in operation system The message registration of system is deleted, and copies in described workspace.
10. method according to claim 9, wherein, when in the address list with operating system for the caller ID receiving calls Contact number when overlapping, delete in the message registration of operating system at the described message registration producing that this time received calls Except before, also include:
The message registration producing that prompts the user whether to receive calls this time is deleted in the message registration of operating system;
The described message registration producing that receives calls this time is deleted in the message registration of operating system, comprising:
When user selects to delete, the message registration producing that receives calls this time is deleted in the message registration of operating system.
11. methods according to claim 2, wherein, when described system event is for occurring missed call, when described system Enterprise described in event matches or user set regular when, perform and the corresponding operation of this event in described workspace, comprising:
When the caller ID of described missed call is working relation number, by the record of this missed call in operating system Message registration is deleted, and copies in described workspace.
12. methods according to claim 11, wherein, when in the caller ID of missed call with the address list of operating system Contact number overlap when, described by this missed call record in the message registration of operating system delete before, Also include:
Prompt the user whether in the message registration of operating system, delete the record of this missed call;
The described deletion in the message registration of operating system by the record of this missed call, comprising:
When user selects to delete, the record of this missed call is deleted in the message registration of operating system.
13. methods according to any one of claim 1 to 12, also include:
When user is intended to access the data in described workspace, prompting user inputs PUK;
Whether correct receive and verify the PUK that described user inputs;
When the PUK of user's input is correct, it is allowed to user accesses the data in described workspace.
The protection device of 14. 1 kinds of business data, comprising:
Set up module, be configured to set up the workspace for storing business data in the terminal;Wherein, described workspace The mode of data acquisition encryption preserves;
Monitoring modular, is configured to be monitored system event, and judges whether described system event meets enterprise or user sets Fixed rule;Wherein, the rule that enterprise sets includes that with described system event corresponding contact person sets in described enterprise In enterprise's address list;The rule that user sets includes that corresponding contact person imports to work in individual subscriber with described system event Make in the address list in district;
Perform module, be configured to when described system event meet that described enterprise or user set regular when, in described workspace Interior execution and the corresponding operation of this event;
Wherein, described monitoring modular is further configured to be monitored system event, it is judged that corresponding with described system event Whether contact person is working relation people;Described working relation is artificially in enterprise's address list that described enterprise sets or is in use Family individual imports to the contact person in the address list of workspace.
15. devices according to claim 14, wherein, described system event include following in any one:
Receive note, send note, call, receive calls, missed call occurs.
16. devices according to claim 15, wherein, when system event is for calling or receiving calls, described prison Survey module to be configured to be monitored system event as follows:
Carry out event reception by the radio receiver specified in operating system, when an event is received, it is determined that current occur with Described event is corresponding calls event or the event that receives calls.
17. devices according to claim 16, wherein, the described radio receiver specified is PhoneStateReceiver Radio receiver.
18. devices according to claim 15, wherein, when described system event is for receiving note, described execution module It is configured to as the outbox of described note artificial working relation people, intercept this note and enter system inbox, and this note is deposited Store up in described workspace.
19. devices according to claim 15, wherein, when described system event is for sending note, described execution module It is configured to as the addressee of described note artificial working relation people, intercept the transmission record entrance system outbox of this note, and Store the transmission record of this note in described workspace.
20. devices according to claim 15, wherein, when described system event is for calling, described execution module It is configured to when described phone is for being transferred to by the address list that is saved in described workspace, this of operating system record is dialed Record is deleted, and records in described workspace.
21. devices according to claim 20, wherein, described device also includes:
Judge module, is configured to judge whether user is already provided in the message registration of operating system and shows that working relation people's is logical Words record;
Described execution module is additionally configured to when the call note showing working relation people in the message registration being not disposed on operating system During record, this calling record of operating system record is deleted.
22. devices according to claim 15, wherein, when described system event is for receiving calls, described execution module Being configured to when the caller ID of described phone is working relation number, the message registration producing that receives calls this time is in operation The message registration of system is deleted, and copies in described workspace.
23. devices according to claim 22, wherein, when in the address list with operating system for the caller ID receiving calls Contact number overlap when, described device also includes:
First reminding module, is configured to prompt the user whether the message registration producing the leading in operating system that receive calls this time Words record is deleted;
Described execution module is additionally configured to when user selects to delete, and the message registration producing that receives calls this time is in operation system The message registration of system is deleted.
24. devices according to claim 15, wherein, when for there is missed call in described system event, described execution Module is configured to when the caller ID of described missed call is working relation number, by the record of this missed call in operation The message registration of system is deleted, and copies in described workspace.
25. devices according to claim 24, wherein, when in the caller ID of missed call with the address list of operating system Contact number overlap when, described device also includes:
Second reminding module, is configured to prompt the user whether the record of this missed call in the message registration of operating system Delete;
Described execution module is additionally configured to when user selects to delete, by the record of this missed call in the call of operating system Record is deleted.
26. devices according to any one of claim 14 to 25, wherein, described device also includes:
3rd reminding module, is configured to when user is intended to access the data in described workspace, and prompting user inputs PUK;
Authentication module, is configured to receive and verifies that whether the PUK that described user inputs is correct;
Access modules, is configured to when the PUK of described authentication module checking user's input is correct, it is allowed to user accesses described Data in workspace.
CN201310666504.2A 2013-12-10 2013-12-10 The guard method of business data and device Active CN103685266B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201310666504.2A CN103685266B (en) 2013-12-10 2013-12-10 The guard method of business data and device
US15/103,531 US20160316330A1 (en) 2013-12-10 2014-09-30 Method and device for business and private region separation
PCT/CN2014/087815 WO2015085819A1 (en) 2013-12-10 2014-09-30 Method and device for public/private separation
PCT/CN2014/093391 WO2015085906A1 (en) 2013-12-10 2014-12-09 Method and device for enterprise data protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310666504.2A CN103685266B (en) 2013-12-10 2013-12-10 The guard method of business data and device

Publications (2)

Publication Number Publication Date
CN103685266A CN103685266A (en) 2014-03-26
CN103685266B true CN103685266B (en) 2016-11-09

Family

ID=50321581

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310666504.2A Active CN103685266B (en) 2013-12-10 2013-12-10 The guard method of business data and device

Country Status (2)

Country Link
CN (1) CN103685266B (en)
WO (1) WO2015085906A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160316330A1 (en) * 2013-12-10 2016-10-27 Beijing Qihoo Technology Company Limited Method and device for business and private region separation
CN103685266B (en) * 2013-12-10 2016-11-09 北京奇虎科技有限公司 The guard method of business data and device
CN104462997B (en) * 2014-12-04 2017-05-24 北京奇虎测腾科技有限公司 Method, device and system for protecting work data in mobile terminal
CN104954591B (en) * 2015-06-05 2018-07-31 小米科技有限责任公司 Method relating to telephone communications and device
CN105610671A (en) * 2016-01-11 2016-05-25 北京奇虎科技有限公司 Terminal data protection method and device
CN110427302A (en) * 2019-07-29 2019-11-08 努比亚技术有限公司 Trigger method, mobile terminal and the computer readable storage medium of content observer
CN111339543B (en) * 2020-02-27 2023-07-14 深信服科技股份有限公司 File processing method and device, equipment and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026822A (en) * 2006-02-24 2007-08-29 江苏高通科技实业有限公司 Method for protecting mobile phone private data
US9465633B2 (en) * 2011-08-05 2016-10-11 Vmware, Inc. Displaying applications of a virtual mobile device in a user interface of a mobile device
US9665576B2 (en) * 2012-05-14 2017-05-30 International Business Machines Corporation Controlling enterprise data on mobile device via the use of a tag index
CN102982289A (en) * 2012-11-14 2013-03-20 广东欧珀移动通信有限公司 Method of data protection and mobile intelligent terminal
CN103390026B (en) * 2013-06-20 2017-08-25 中国软件与技术服务股份有限公司 A kind of mobile intelligent terminal secure browser and its method of work
CN103685266B (en) * 2013-12-10 2016-11-09 北京奇虎科技有限公司 The guard method of business data and device

Also Published As

Publication number Publication date
CN103685266A (en) 2014-03-26
WO2015085906A1 (en) 2015-06-18

Similar Documents

Publication Publication Date Title
CN103685266B (en) The guard method of business data and device
US8732827B1 (en) Smartphone security system
CN105183307B (en) Application messages display control method and device
EP2562673B1 (en) Apparatus and method for securing mobile terminal
US9098696B2 (en) Appliqué providing a secure deployment environment (SDE) for a wireless communications device
CN103024061B (en) Network communication contact book shared system and method
WO2016045191A1 (en) Information processing method and information processing device
EP2562667A1 (en) Apparatus and method for providing security information on background process
CN103647784B (en) A kind of method and apparatus of public and private isolation
KR101093440B1 (en) Mobile telecommunication terminal capable of preventing spam calls and method there-of
CN106506511B (en) A kind of address list information processing method, device
CN105830477A (en) Operating system integrated domain management
CN104462997B (en) Method, device and system for protecting work data in mobile terminal
JP2018533864A (en) Remote control method, device and portable terminal
CN104038613A (en) Method and apparatus for information security management
WO2014012515A1 (en) Method and system to decrypt private contents
KR20150116228A (en) Method for managing contact information and electronic device implementing the same
KR20170034229A (en) Method for processing communication based on user account and electronic device for the same
CN105472581A (en) Temporary address book setting method and apparatus
CN101877848B (en) Mobile terminal, mobile terminal data protection method and mobile terminal monitoring system
US9047470B2 (en) Secure provisioning of commercial off-the-shelf (COTS) devices
CN106331010A (en) Network file access control method and device
US9648002B2 (en) Location-based user disambiguation
TW201448558A (en) Simple communication method and system thereof
WO2015085819A1 (en) Method and device for public/private separation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee after: Beijing Qizhi Business Consulting Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220324

Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing

Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Beijing Qizhi Business Consulting Co.,Ltd.