Summary of the invention
For this purpose, the present invention provides a kind of new network security management equipment, method and mobile terminal, to try hard to solve or
At least alleviate above there are the problem of.
According to an aspect of the present invention, a kind of network security management equipment is provided, the equipment is resident in the terminal,
The equipment includes: network security detection unit, is adapted to detect for the security level of operation application requirement;And network security control is single
Member judges whether the security level of operation application is higher than the first intended level suitable for the security level according to operation application requirement,
If the security level for running application requirement is higher than the first intended level, by the network switching of mobile terminal to mobile data network
Network.
Optionally, in the network according to the invention equipment safety control, network security control unit is suitable for: answering in operation
When being higher than the first intended level with desired security level, judge whether the network that mobile terminal uses is Wireless LAN;
If the network that mobile terminal uses is Wireless LAN, by the network switching of mobile terminal to mobile data network.
Optionally, in the network according to the invention equipment safety control, network security control unit is further adapted for: judgement fortune
Whether row application will execute the operation of access first kind address;If operation application will execute the behaviour of access first kind address
Make, then by the network switching of mobile terminal to mobile data network.
Optionally, in the network according to the invention equipment safety control, first kind address includes related with payment
Address.
Optionally, in the network according to the invention equipment safety control, first kind address includes the address https.
Optionally, in the network according to the invention equipment safety control, network security control unit is further adapted for: judgement fortune
Whether the other application of row application and/or operation has input memory function;If the other application of operation application and/or operation
With input memory function, then closes operation application and/or close the input memory function of other operation applications.
Optionally, in the network according to the invention equipment safety control, network security detection unit is suitable for: every first
Predetermined time detects the security level of application requirement in mobile terminal.
Optionally, in the network according to the invention equipment safety control, network security detection unit is further adapted for: applying
It is performed, detects the security level of application requirement.
Optionally, in the network according to the invention equipment safety control, network security detection unit is suitable for: from server
Obtain the security level of mobile terminal application requirement.
Optionally, in the network according to the invention equipment safety control, network security detection unit is suitable for: according to movement
The permission of each application determines the security level of each application requirement in terminal.
According to another aspect of the present invention, a kind of network safety managing method is provided, this method is suitable in mobile terminal
Middle execution, this method comprises: the security level of detection operation application requirement;According to the safety level of the operation application requirement detected
Not, judge whether the security level for running application requirement is higher than the first intended level, if the security level of operation application requirement
Higher than the first intended level, then by the network switching of mobile terminal to mobile data network.
Optionally, in the network according to the invention method for managing security, further includes: in the safety level of operation application requirement
Not Gao Yu the first intended level when, then judge whether the network that mobile terminal uses is Wireless LAN;If mobile terminal
The network used is Wireless LAN, then by the network switching of mobile terminal to mobile data network.
Optionally, in the network according to the invention method for managing security, further includes: judge whether operation application will execute
Access the operation of first kind address;If operation application will execute the operation of access first kind address, by mobile terminal
Network switching to mobile data network.
Optionally, in the network according to the invention method for managing security, first kind address includes related with payment
Address.
Optionally, in the network according to the invention method for managing security, first kind address includes the address https.
Optionally, in the network according to the invention method for managing security, further includes: judgement operation application and/or operation
Other application whether there is input memory function;If the other application of operation application and/or operation has input memory function
Can, then it closes operation application and/or closes the input memory function of other operation applications.
Optionally, in the network according to the invention method for managing security, obtain mobile terminal using corresponding peace
The step of full rank includes: to obtain from server.
Optionally, in the network according to the invention method for managing security, obtain mobile terminal using corresponding peace
The step of full rank further include: the security level of each application requirement is determined according to the permission of application each in mobile terminal.
Optionally, in the network according to the invention method for managing security, the step of the security level of the application of operation is detected
It suddenly include: the security level every the first predetermined time detection mobile terminal application.
Optionally, in the network according to the invention method for managing security, the step of the security level of the application of operation is detected
Suddenly further include: be performed in application, detect the security level of application.
According to an aspect of the present invention, a kind of mobile terminal, including network security management equipment as described above are provided.
The technical solution provided according to the present invention, by judging the application of running of mobile terminal whether in higher safety
Rank, if so, automatically by the network switching of mobile terminal to mobile data network.In this way, greatly reducing being engaged in for user
The security risk faced when the higher operation of security level required.Meanwhile whole process does not need user's manual operation, more just
It is prompt.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
Fig. 1 is the structural block diagram of mobile terminal 100.Mobile terminal 100 with multiple point touching ability may include storage
Device interface 102, one or more data processors, image processor and/or central processing unit 104 and peripheral interface
106。
Memory interface 102, one or more processors 104 and/or peripheral interface 106 either discrete component,
It can integrate in one or more integrated circuits.In the mobile terminal 100, various elements can pass through one or more communication
Bus or signal wire couple.Sensor, equipment and subsystem may be coupled to peripheral interface 106, a variety of to help to realize
Function.For example, motion sensor 110, optical sensor 112 and range sensor 114 may be coupled to peripheral interface 106, with side
Just the functions such as orientation, illumination and ranging.Other sensors 116 can equally be connected with peripheral interface 106, such as positioning system
(such as GPS receiver), temperature sensor, biometric sensor or other sensor devices, it is possible thereby to help to implement correlation
Function.
Camera sub-system 120 and optical sensor 122 can be used for the camera of convenient such as record photos and video clips
The realization of function, wherein the camera sub-system and optical sensor for example can be charge-coupled device (CCD) or complementary gold
Belong to oxide semiconductor (CMOS) optical sensor.
It can help to realize communication function by one or more radio communication subsystems 124, wherein wireless communication
System may include radio-frequency transmitter and transmitter and/or light (such as infrared) Receiver And Transmitter.Radio communication subsystem
124 particular design and embodiment can depend on one or more communication networks that mobile terminal 100 is supported.For example,
Mobile terminal 100 may include be designed to support GSM network, GPRS network, EDGE network, Wi-Fi or WiMax network and
BlueboothTMThe communication subsystem 124 of network.
Audio subsystem 126 can be coupled with loudspeaker 128 and microphone 130, to help to implement to enable voice
Function, such as speech recognition, speech reproduction, digital record and telephony feature.
I/O subsystem 140 may include touch screen controller 142 and/or other one or more input controllers 144.
Touch screen controller 142 may be coupled to touch screen 146.For example, the touch screen 146 and touch screen controller
142 can be used any one of a variety of touch-sensing technologies to detect the contact carried out therewith and movement or pause,
Middle detection technology includes but is not limited to capacitive character, resistive, infrared and surface acoustic wave technique.
Other one or more input controllers 144 may be coupled to other input/control devicess 148, for example, one or
The pointer device of multiple buttons, rocker switch, thumb wheel, infrared port, USB port, and/or stylus etc.One or
Multiple buttons (not shown) may include the up/down button for controlling 130 volume of loudspeaker 128 and/or microphone.
Memory interface 102 can be coupled with memory 150.The memory 150 may include that high random access is deposited
Reservoir and/or nonvolatile memory, such as one or more disk storage equipments, one or more optical storage apparatus, and/
Or flash memories (such as NAND, NOR).
Memory 150 can store an operating system 152, such as the behaviour of Android, IOS or Windows Phone etc
Make system.The operating system 152 may include for handling basic system services and executing the finger of the task dependent on hardware
It enables.Memory 150, which can also store, various applies 154.In mobile device operation, can load operation be from memory 150
System 152, and executed by processor 104.At runtime using 154, it can also be loaded from memory 150, and by processor 104
It executes.It is operated on operating system using 154, realizes various users using the interface that operating system and bottom hardware provide
Desired function, such as instant messaging, web page browsing, pictures management.It, can also using can be independently of operating system offer
To be that operating system is included.
In various applications 154, one such application is network security management equipment 200, which can pass through inspection
The security level of running of mobile terminal application requirement is surveyed, and judges whether the security level of the application of operation is safe, so as to
It is switched to mobile data network, is effectively prevented when user is using Wireless LAN, the feelings that sensitive account password is cracked
Condition effectively increases the safety of system.
Fig. 2 shows the schematic diagrames of network security management equipment 200 according to an embodiment of the invention.As shown in Fig. 2,
Network security management equipment 200 includes network security detection unit 210 and network security control unit 220.
Under normal conditions, such as market logs in mobile terminal in application, for example logging in Alipay, micro- to user in public places
Letter etc., user can connect the free Wireless LAN of market offer.But it is related to propping up using the login of free Wireless LAN
Pay and comprising personal information in application, hacker can steal user account, password and personal letter using Wireless LAN
Breath, potential security risk are larger.
In design scheme of the invention, when user utilizes Wireless LAN to log in answering for mobile terminal in public places
Used time, network security detection unit 210 detect operation first and apply required security level.The each of running of mobile terminal answers
Different security levels is required with can be defined as.For example, the security level that the application (such as Alipay) for being related to payment requires
It can be set to height, being related to the security level that the applications (such as real time communication) of individual privacy data requires can be set to, and
Without or the desired security level of application (such as news) of seldom sensitive data can be set to low, set by high, medium and low mode
Set the security level of each application.The security level of each application requirement can also be set by the mode other than high, medium and low,
As L1 indicates that highest level, L5 indicate lowest level.It should be noted that can there are ways to each application requirement is arranged
Security level.
Security level required by each application can be obtained there are many mode, such as network security detection unit 210 is every
Every the security level of application requirement in the first predetermined time detection mobile terminal, wherein the first predetermined time can be 30 seconds.
For another example, user in click mobile terminal in application, i.e. application is performed, examine by network security detection unit 210
It surveys operation and applies required security level.
For another example, network security detection unit 210 obtains the security level of operation application requirement from server, for example, service
A list can be safeguarded and be updated to device, be stored with security level required by common application in table.Mobile terminal is from server
It can be obtained operation using required security level after downloading the table.
For another example, required by network security detection unit 210 determines each application according to the permission of application each in mobile terminal
Security level.Those permissions are more, or obtain more sensitive permission (as read mobile phone state and identity, reading communication
Record directly makes a phone call number etc.) application, required security level is higher.It should be noted that all available mobile whole
The safety level of end operation application requirement is all within the scope of the present invention otherwise.
Network security control unit 220 receives the safety level of operation application requirement via network security detection unit 210
Not, and judge whether the security level of operation application is higher than the first intended level, if the security level of operation application is higher than the
One rank, such as the first intended level can be set to medium rank L3, then by the network switching of mobile terminal to mobile data
Network, such as 3G, 4G mobile data network.
According to a kind of embodiment, when the security level for running application requirement is higher than the first intended level, judge to move
Whether the network that terminal uses is Wireless LAN.If the network that mobile terminal uses is Wireless LAN, will move
The network switching of dynamic terminal is to mobile data network.The safety measure that mobile data network operator provides is than general wireless local area
Network operator is more secure, and whole process does not need user's manual switching, very convenient for a user.
Mobile terminal can puzzle to user to prompt in order to avoid generating in handover network.Or user can be allowed free
It chooses whether to switch over.And when the application of high security level is exited, wireless office can be switched back to from mobile data network
Domain network is equally switched by prompting mode or user's selection mode, to save flow and improve network speed.
Above-mentioned is to select network according to the security level of operation application requirement, can also be further expanded.For example, network is pacified
Full control unit 220 can also judge whether operation application will execute the operation of access first kind address, for example, if operation
Using the operation that execute access first kind address, then by the network switching of mobile terminal to mobile data network.Wherein,
One type address includes and pays related address, such as the payment of Alipay, wechat etc..First kind address is related with payment
Address can also include the address https.User is greatly reduced in this way is engaged in the such security level of payment on mobile terminals
The security risk faced when more demanding operation.
According to one embodiment, user is in general shopping application such as Taobao, to safety level when browsing different commodity
Not Mei You too high request, but when commodity are added shopping cart and paid by user, such as jump to some scheduled branch
Chained address is paid, then needs higher security context.At this point, network security control unit can monitor this operation, and by this
Kind operation statistics in a list, such as are stored with the list of common payment link address, when user passes through https agreement
When accessing these chained addresses, automatically switching network to mobile data network.
Other than wireless network switching, safety can also be enhanced by other measures.For example, input method, browser
There is memory function, user may be entered method when inputting account, password or browser is remembered, and is synchronized to cloud, even
Word frequency analysis can be also used for.Although these functions may bring certain convenience to user, serious peace is also brought along
Full hidden danger.Therefore, network security control unit 220 can also judge whether the other application of operation application and/or operation has
Memory function is inputted, if the other application of operation application and/or operation has input memory function, the operation is closed and answers
With and/or close the input memory functions of other operation applications, in order to avoid sensitive data is recorded.
In design scheme of the invention, by judging whether the application of user's operation needs high security level, if
It is, automatically by the network switching of mobile terminal to mobile data network.In this way, the security level of being engaged in for greatly reducing user is wanted
Seek the security risk faced when higher operation.Meanwhile whole process does not need user's manual operation, it is more convenient.
Fig. 3 shows the flow chart of network safety managing method 300 according to an illustrative embodiment of the invention.Such as figure
Shown in 3, present implementation is suitable for executing in the mobile terminal 100, such as the network security management by describing above with reference to Fig. 2 is set
Standby 200 execute, so that the radio data network in mobile terminal is effectively switched to mobile data network, increase the peace of system
Quan Xing.The network safety managing method starts from step S310.
In step s310, the security level of detection operation application requirement.Wherein, the security level example of application requirement is run
It such as obtained from server, detect mobile terminal according to the permission determination of application each in mobile terminal, every the first predetermined time
The security level that detection is applied is performed using and application.
Then, in step s 320, according to the security level for detecting operation application requirement in step S310, described in judgement
Whether the security level of operation application requirement is higher than the first intended level, if the security level of the operation application requirement is higher than
First intended level, thens follow the steps S330.
Wherein, when the security level of the operation application requirement is higher than the first intended level, then judge that mobile terminal makes
Whether network is Wireless LAN.If the network that mobile terminal uses is Wireless LAN, by mobile terminal
Network switching to mobile data network.
According to a kind of embodiment, judge whether the operation application will execute the operation of access first kind address.Such as
Operation application described in fruit will execute the operation of access first kind address, then by the network switching of mobile terminal to mobile data network
Network.Wherein, first kind address includes and pays related address.First kind address and/or the related address packet with payment
Include the address https.
According to another embodiment, judge whether the other application of the operation application and/or operation there is input to remember
Recall function.If the other application of the operation application and/or operation has input memory function, the operation application is closed
And/or close the input memory function of other operation applications.
Then, in step S330, mobile terminal switches Wireless LAN to mobile data network.
In design scheme of the invention, by judging whether the application of user's operation is in higher security level, from
For the dynamic network switching by mobile terminal to mobile data network, greatly reduce user is engaged in the higher behaviour of security level required
As when the security risk that faces.Meanwhile whole process does not need user's manual operation, it is more convenient.
A9: according to network security management equipment described in claim A1, wherein the network security detection unit is suitable for:
The security level of mobile terminal application requirement is obtained from server.A10: it is set according to network security management described in claim A1
It is standby, wherein the network security detection unit is suitable for: determining each application requirement according to the permission of application each in mobile terminal
Security level.
B12: according to network safety managing method described in claim B11, wherein further include: it is wanted in operation application
When the security level asked is higher than the first intended level, then judge whether the network that mobile terminal uses is Wireless LAN;Such as
The network that fruit mobile terminal uses is Wireless LAN, then by the network switching of mobile terminal to mobile data network.B13:
According to network safety managing method described in claim B11, wherein further include: judge whether the operation application will execute visit
Ask the operation of first kind address;If the operation application will execute the operation of access first kind address, eventually by movement
The network switching at end is to mobile data network.B14: according to network safety managing method described in claim B13, wherein described
First kind address includes and pays related address.B15: it is set according to network security management described in claim B13 or B14
It is standby, wherein the first kind address includes the address https.B16: according to network security management side described in claim B11
Method, wherein further include: judge whether the other application of the operation application and/or operation has input memory function;If institute
The other application for stating operation application and/or operation has input memory function, then closes the operation application and/or close other
Run the input memory function of application.B17: according to network safety managing method described in claim B11, wherein the acquisition
Mobile terminal includes: to obtain from server using the step of corresponding security level.B18: according to claim B11
Network safety managing method, wherein it is described obtain mobile terminal using corresponding security level the step of further include: root
The security level of each application requirement is determined according to the permission of application each in mobile terminal.B19: according to claim B11
Network safety managing method, wherein the step of security level of the application of the detection operation includes: every the first predetermined time
Detect the security level of mobile terminal application.B20: according to network safety managing method described in claim B11, wherein described
The step of detecting the security level of the application of operation further include: be performed in application, detect the security level of application.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention
Example can be practiced without these specific details.In some instances, well known method, knot is not been shown in detail
Structure and technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect
Shield the present invention claims than feature more features expressly recited in each claim.More precisely, as following
As claims reflect, inventive aspect is all features less than single embodiment disclosed above.Therefore, it abides by
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself
As a separate embodiment of the present invention.
Those skilled in the art should understand that the module of the equipment in example disclosed herein or unit or groups
Part can be arranged in equipment as depicted in this embodiment, or alternatively can be positioned at and the equipment in the example
In different one or more equipment.Module in aforementioned exemplary can be combined into a module or furthermore be segmented into multiple
Submodule.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment
Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any
Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed
All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
Meaning one of can in any combination mode come using.
In addition, be described as herein can be by the processor of computer system or by executing by some in the embodiment
The combination of method or method element that other devices of the function are implemented.Therefore, have for implementing the method or method
The processor of the necessary instruction of element forms the device for implementing this method or method element.In addition, Installation practice
Element described in this is the example of following device: the device be used for implement as in order to implement the purpose of the invention element performed by
Function.
As used in this, unless specifically stated, come using ordinal number " first ", " second ", " third " etc.
Description plain objects, which are merely representative of, is related to the different instances of similar object, and is not intended to imply that the object being described in this way must
Must have the time it is upper, spatially, sequence aspect or given sequence in any other manner.
Although the embodiment according to limited quantity describes the present invention, above description, the art are benefited from
It is interior it is clear for the skilled person that in the scope of the present invention thus described, it can be envisaged that other embodiments.Additionally, it should be noted that
Language used in this specification primarily to readable and introduction purpose and select, rather than in order to explain or limit
Determine subject of the present invention and selects.Therefore, without departing from the scope and spirit of the appended claims, for this
Many modifications and changes are obvious for the those of ordinary skill of technical field.For the scope of the present invention, to this
Invent done disclosure be it is illustrative and not restrictive, it is intended that the scope of the present invention be defined by the claims appended hereto.