CN105657697A - Method and device for protecting short message security - Google Patents
Method and device for protecting short message security Download PDFInfo
- Publication number
- CN105657697A CN105657697A CN201510991287.3A CN201510991287A CN105657697A CN 105657697 A CN105657697 A CN 105657697A CN 201510991287 A CN201510991287 A CN 201510991287A CN 105657697 A CN105657697 A CN 105657697A
- Authority
- CN
- China
- Prior art keywords
- short message
- mobile terminal
- enterprise
- encrypted
- note
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a Method and device for protecting short message security. The method comprises following steps: when detecting a short message sending operation on a mobile terminal, judging whether a secure short message function is started; if the function is started, encrypting the short message data according to an encryption and decryption algorithm in an appointed storage module; sending the short message data to an opposite party through a mobile phone network; decrypting the opposite party short message data according to the encryption and decryption algorithm in the appointed storage module, wherein the opposite party short message data are received through the mobile phone network; in this way, the transmitted short message data in the short message process are encrypted; the security of the short message contents is ensured; and the confidentiality demands of enterprises can be satisfied.
Description
Technical field
The present invention relates to information security field, it is specifically related to a kind of method and the device of protecting note safety.
Background technology
Along with the maturation of mobile terminal is with universal, progressing into enterprise field taking mobile phone, panel computer as the individual mobile terminal of representative, this kind of phenomenon is called as handles official business (BringYourOwnDevice, BYOD) from carrying equipment. Comparing the pattern of conventional information, mainly there is the potential safety hazard of three aspects in BYOD environment: be first accessed by mobile network's link, the natural network being in an opening, and the important infosystem of tradition is all accessed by enterprise's Intranet; Secondly, it may also be useful to environment different with conventional information pattern, traditional most of the time, device losses possibility was very little all in fixing office space, and BYOD uses mobile terminal usually, was more prone to loss; Often installing the APP of a lot of individual on three, the BYOD personal device used, and malice software on individual APP market is countless, business data is just placed among potential safety hazard by this simultaneously.
Therefore, use in the process that mobile terminal sends note at enterprise staff, it is possible to the situation that note is intercepted and captured occurs, produce the problem divulged a secret.
Summary of the invention
In view of the above problems, it is proposed that the present invention overcomes the problems referred to above or the method for protection note safety solved the problem at least in part and device to provide a kind of.
According to an aspect of the present invention, it provides a kind of method protecting note safety, comprising:
Judge whether secure short message function opens when the short message sending detected on mobile terminal operates;
If opened, be sent to the other side by mobile telephone network after being then encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in described designated store module.
Can selection of land, described judge whether secure short message function opens and comprise:
Configuration information according to obtaining from enterprise network security management server judges whether secure short message function opens.
Can selection of land, the method comprises further:
The pattern only for communication between enterprise contacts has been judged whether out according to the configuration information obtained from enterprise network security management server;
If opening this pattern, then it is invalid or hiding to be set to by the short message sending correlation function control of the telephone number not belonging to Enterprise linkage list on this mobile terminal.
Can selection of land, the method comprises further:
Regularly or irregularly from enterprise network security management server download Enterprise linkage list.
Can selection of land, described designated store module is the storage card in mobile terminal;
The method comprises further:
Before being encrypted, judge whether the storage card in mobile terminal exists;
If there is no then point out the user can not use safety SMS;
If existed, judge further the storage card in mobile terminal be whether before with this mobile terminal or the storage card bound with the SIM card on this mobile terminal;
If otherwise prompting user can not use safety SMS;
Whether the SIM card if it is judged further in mobile terminal exists, and is be encrypted, otherwise prompting user can not use safety SMS.
Can selection of land, the method comprises further:
Before being encrypted, carry out a handshake operation with the other side, exchange secret key; Wherein, the secret key of each handshake exchange is all not identical;
Secret key according to exchanging is encrypted and decryption processing.
Can selection of land, the method comprises further:
Before being encrypted, loCal number is sent to enterprise network security management server and carries out authentication processing; If certification by; carry out described encrypt treatment; If certification failure, point out user authentication failure.
Can selection of land, the method comprises further:
Receive the destruction instruction of enterprise network security management server, according to this destruction instruction, delete the data in the workspace on mobile terminal according to the destruction strategy in described designated store module and/or mobile terminal is delayed machine.
According to the another aspect of the present invention, it provides a kind of device protecting note safety, comprising:
Judging unit, is suitable for judging whether secure short message function opens when the short message sending detecting on mobile terminal operates;
Note processing unit, be suitable for when secure short message function is opened, be sent to the other side by mobile telephone network after being encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in described designated store module.
Can selection of land, described judging unit, be suitable for according to from enterprise network security management server obtain configuration information judge whether secure short message function opens.
Can selection of land, described judging unit, be further adapted for according to from enterprise network security management server obtain configuration information judged whether out only between enterprise contacts communication pattern;
This device comprises further: control management module, being suitable for when opening the pattern of call between only for enterprise contacts, it is invalid or hiding to be set to by the short message sending correlation function control of the telephone number not belonging to Enterprise linkage list on this mobile terminal.
Can selection of land, this device comprises further:
Download unit, is suitable for regularly or irregularly from enterprise network security management server downloading Enterprise linkage list.
Can selection of land, described designated store module is the storage card in mobile terminal;
Described note processing unit, whether the storage card being suitable for judging in mobile terminal before being encrypted exists; If there is no then point out the user can not use safety SMS; If existed, judge further the storage card in mobile terminal be whether before with this mobile terminal or the storage card bound with the SIM card on this mobile terminal; If otherwise prompting user can not use safety SMS; Whether the SIM card if it is judged further in mobile terminal exists, and is be encrypted, otherwise prompting user can not use safety SMS.
Can selection of land, described note processing unit, is further adapted for and carried out a handshake operation before being encrypted with the other side, exchange secret key; Wherein, the secret key of each handshake exchange is all not identical; Secret key according to exchanging is encrypted and decryption processing.
Can selection of land, described note processing unit, is further adapted for and loCal number was sent to enterprise network security management server before being encrypted carries out authentication processing; If certification by; carry out described encrypt treatment; If certification failure, point out user authentication failure.
Can selection of land, this device comprises further: destroy unit, be suitable for receiving the destruction instruction of enterprise network security management server, according to this destruction instruction, delete the data in the workspace on mobile terminal according to the destruction strategy in described designated store module and/or mobile terminal is delayed machine.
From the above, the technical scheme of the present invention, when the short message sending detected on mobile terminal operates, judge whether to open secure short message function, if opening this function, it is sent to the other side by mobile telephone network after being then encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in designated store module, the note data transmitted in such note process is just through encryption, ensure that the security of short message content, the privacy requirements of enterprise can be met.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to the technique means of the present invention can be better understood, and can be implemented according to the content of specification sheets, and in order to above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become clear for those of ordinary skill in the art and understand. Accompanying drawing is only for illustrating the object of preferred implementation, and does not think limitation of the present invention. And in whole accompanying drawing, represent identical parts with identical reference symbol. In the accompanying drawings:
Fig. 1 shows the schema of a kind of according to an embodiment of the invention method protecting note safety;
Fig. 2 shows the structural representation of a kind of according to an embodiment of the invention device protecting note safety.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings more in detail. Although show exemplary embodiment of the present disclosure in accompanying drawing, it should be understood, however, that the embodiment that can realize the disclosure in a variety of manners and should do not set forth here limits. On the contrary, it is provided that these embodiments are to can more thoroughly understand the disclosure, and can pass on complete for the scope of the present disclosure to the technician of this area.
Fig. 1 shows the schema of a kind of according to an embodiment of the invention method protecting note safety, and as shown in Figure 1, the method comprises:
When the short message sending detected on mobile terminal operates, step S110, judges whether secure short message function opens.
Also that is to say, secure short message function be can option, such as, user enterprise external use this mobile terminal carry out normal short message send also be possible.
Step S120, if opened, be sent to the other side by mobile telephone network after being then encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in designated store module.
Visible, method shown in Fig. 1, when the short message sending detected on mobile terminal operates, judge whether to open secure short message function, if opening this function, it is sent to the other side by mobile telephone network after being then encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in designated store module, the note data transmitted in such note process is just through encryption, ensure that the security of short message content, the privacy requirements of enterprise can be met.
In one embodiment of the invention, in the method shown in Fig. 1, judge whether secure short message function opens and comprise: the configuration information according to obtaining from enterprise network security management server judges whether secure short message function opens.
Such as, the enterprise network security management application on the mobile terminal that user uses communicates with enterprise network security management server, gets configuration information, judges whether secure short message function opens according to this configuration information. The SMS of mobile terminal can be integrated in enterprise network security management application equally, and user calls SMS module and carries out short message sending when operating, if secure short message function is opened, then operates with reference to the method in previous embodiment.
In one embodiment of the invention, aforesaid method comprises further: judged whether out the pattern only for communication between enterprise contacts according to the configuration information obtained from enterprise network security management server; If opening this pattern, then it is invalid or hiding to be set to by the short message sending correlation function control of the telephone number not belonging to Enterprise linkage list on this mobile terminal.
Such as, enterprise requirements employee can only communicate with specific enterprise contacts in enterprises. And on the mobile terminal of employee, might have stored the information of multiple contact people, many contact people are not enterprise contacts. In this case, so that it may to arrange a kind of pattern only for enterprise contacts communication, and judge whether this pattern opens from the configuration information of enterprise network security management server acquisition. In this mode, if user inputs on address list, note application interface or have selected the telephone number not belonging to Enterprise linkage list, corresponding short message sending correlation function control is that being set to invalid or hiding (is such as grey, can not click), with regard to guaranteeing, employee cannot use the telephone number outside this mobile terminal and Enterprise linkage list to carry out sending the operation of note for this. The address list of employee to contact people is divided into enterprise contacts and non-enterprise contacts two class, and can also be distinguished to identify. Wherein, only the telephone number in Enterprise linkage list can be preserved for enterprise contacts, and unknown number is when user newly-built contact people, can only select " being only saved in non-enterprise contacts " or " being saved in existing contact people ", and existing contact people also can only be non-enterprise contacts.
In BYOD environment, existing individual application and data on same mobile terminal, the application of Ye You enterprise and data, the region at individual application and data place is called as individual district, and the region at enterprise's application and data place is called as workspace. Therefore about the note record of user, it is possible to only record in workspace and send, and enable the note record that secure short message function carries out short message sending operation, and be synchronized in enterprise network security management server.
In one embodiment of the invention, aforesaid method comprises further: regularly or irregularly from enterprise network security management server download Enterprise linkage list.
The employee of enterprise has mobility, the renewal that therefore Enterprise linkage list also can be regular. Therefore, mobile terminal when network security management server sends notice, or spontaneously regularly or irregularly from enterprise network security management server can download Enterprise linkage list.
In one embodiment of the invention, in the method shown in Fig. 1, designated store module is the storage card in mobile terminal; The method comprises further: judged before being encrypted whether the storage card in mobile terminal exists; If there is no then point out the user can not use safety SMS; If existed, judge further the storage card in mobile terminal be whether before with this mobile terminal or the storage card bound with the SIM card on this mobile terminal; If otherwise prompting user can not use safety SMS; Whether the SIM card if it is judged further in mobile terminal exists, and is be encrypted, otherwise prompting user can not use safety SMS.
In the present embodiment, utilize the storage card in mobile terminal, as note data is carried out encryption and decryption by the enciphering and deciphering algorithm in MicroSD card (being once called as TF card), adopt hardware mode higher compared to the encryption safe of software mode like this. Specifically, enciphering and deciphering algorithm can be the close SM2 algorithm (SM2cryptographicalgorithm) of state, and this is a kind of commercial password grouping ellipse curve public key cipher algorithm worked out by national management office. Enciphering and deciphering algorithm can also be the close SM3 of state, the close SM4 of state. Therefore, if this storage card does not exist, then can not carry out encryption and decryption operation, therefore point out the user can not use safety call function; For guaranteeing security, it is possible to require that the SIM card in every platform mobile terminal and storage card are bindings further, such as, company is the storage card that each employee provides unified configuration, and the SIM card with each employee is bound.
In one embodiment of the invention, the method shown in Fig. 1 comprises further: carried out a handshake operation before being encrypted with the other side, exchanges secret key; Wherein, the secret key of each handshake exchange is all not identical; Secret key according to exchanging is encrypted and decryption processing.
Such as, arranging a password management services, each designated store module, such as storage card all needs to register on that server, and after each designated store Module registers, its inside just stores corresponding certificate and enterprise's key. And before sending note every time, both sides first carry out a handshake operation, intercourse key, and the key of handshake exchange is not identical every time, i.e. " one-time pad ", guarantee each communication process like this, the operation of encryption and decryption cannot be carried out from outside by force, process can only be encrypted and decrypted by the key of this exchange. Such as, in the close SM2 algorithm of state, note Fang Jun utilizes the memory module of mobile terminal to adopt asymmetric algorithm to carry out handshake operation by password management services to exchange key with receiving to send note side, the ECC elliptic curve adopted is the passage of a safety, therefore greatly meets the security requirement of enterprise.
In one embodiment of the invention, the method shown in Fig. 1 comprises further: loCal number was sent to enterprise network security management server before being encrypted and carries out authentication processing; If certification by; be encrypted; If certification failure, point out user authentication failure.
In the present embodiment, require that the loCal number that user uses also needs in Enterprise linkage list, therefore before being encrypted, loCal number is sent to enterprise network security management server and carries out authentication processing, only could use safety SMS by certification.
In one embodiment of the invention, method shown in Fig. 1 comprises further: the destruction instruction receiving enterprise network security management server, according to this destruction instruction, delete the data in the workspace on mobile terminal according to the destruction strategy in designated store module and/or mobile terminal is delayed machine.
In this embodiment, designated store module can store destroys strategy, delete the data in the workspace on mobile terminal further when the destruction instruction receiving enterprise network security management server and/or mobile terminal is delayed machine, when solving mobile terminal loss, the problem that the data in mobile terminal workspace may be revealed.
Fig. 2 shows the structural representation of a kind of according to an embodiment of the invention device protecting note safety, and as shown in Figure 2, the device 200 of protection note safety comprises:
Judging unit 210, is suitable for judging whether secure short message function opens when the short message sending detecting on mobile terminal operates. Also that is to say, secure short message function be can option, such as, user enterprise external use this mobile terminal carry out normal short message send also be possible.
Note processing unit 220, be suitable for when secure short message function is opened, be sent to the other side by mobile telephone network after being encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in designated store module.
Visible, device shown in Fig. 2, by cooperatively interacting of each unit, when the short message sending detected on mobile terminal operates, judge whether to open secure short message function, if opening this function, it is sent to the other side by mobile telephone network after being then encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in designated store module, the note data transmitted in such note process is just through encryption, ensure that the security of short message content, the privacy requirements of enterprise can be met.
In one embodiment of the invention, in the device shown in Fig. 2, judging unit 210, the configuration information according to obtaining from enterprise network security management server that is suitable for judges whether secure short message function opens.
Such as, the enterprise network security management application on the mobile terminal that user uses communicates with enterprise network security management server, gets configuration information, judges whether secure short message function opens according to this configuration information. The SMS of mobile terminal can be integrated in enterprise network security management application equally, and user calls SMS module and carries out short message sending when operating, if secure short message function is opened, then operates with reference to the method in previous embodiment.
In one embodiment of the invention, in said apparatus, judging unit 210, is further adapted for and has judged whether out the pattern only for call between enterprise contacts according to the configuration information obtained from enterprise network security management server; This device comprises further: control management module 230, being suitable for when opening the pattern of call between only for enterprise contacts, it is invalid or hiding to be set to by the short message sending correlation function control of the telephone number not belonging to Enterprise linkage list on this mobile terminal.
Such as, enterprise requirements employee can only communicate with specific enterprise contacts in enterprises. And on the mobile terminal of employee, might have stored the information of multiple contact people, many contact people are not enterprise contacts. In this case, so that it may to arrange a kind of pattern only for enterprise contacts communication, and judge whether this pattern opens from the configuration information of enterprise network security management server acquisition. In this mode, if user inputs on address list, note application interface or have selected the telephone number not belonging to Enterprise linkage list, corresponding short message sending correlation function control is that being set to invalid or hiding (is such as grey, can not click), with regard to guaranteeing, employee cannot use the telephone number outside this mobile terminal and Enterprise linkage list to carry out sending the operation of note for this. The address list of employee to contact people is divided into enterprise contacts and non-enterprise contacts two class, and can also be distinguished to identify. Wherein, only the telephone number in Enterprise linkage list can be preserved for enterprise contacts, and unknown number is when user newly-built contact people, can only select " being only saved in non-enterprise contacts " or " being saved in existing contact people ", and existing contact people also can only be non-enterprise contacts.
In BYOD environment, existing individual application and data on same mobile terminal, the application of Ye You enterprise and data, the region at individual application and data place is called as individual district, and the region at enterprise's application and data place is called as workspace. Therefore about the note record of user, it is possible to only record in workspace and send, and enable the note record that secure short message function carries out short message sending operation, and be synchronized in enterprise network security management server.
In one embodiment of the invention, said apparatus comprises further: download unit 240, is suitable for regularly or irregularly from enterprise network security management server downloading Enterprise linkage list.
The employee of enterprise has mobility, the renewal that therefore Enterprise linkage list also can be regular. Therefore, mobile terminal when network security management server sends notice, or spontaneously regularly or irregularly from enterprise network security management server can download Enterprise linkage list.
In one embodiment of the invention, in the device shown in Fig. 2, designated store module is the storage card in mobile terminal; Note processing unit 220, whether the storage card being suitable for judging in mobile terminal before being encrypted exists; If there is no then point out the user can not use safety SMS; If existed, judge further the storage card in mobile terminal be whether before with this mobile terminal or the storage card bound with the SIM card on this mobile terminal; If otherwise prompting user can not use safety SMS; Whether the SIM card if it is judged further in mobile terminal exists, and is be encrypted, otherwise prompting user can not use safety SMS.
In the present embodiment, utilize the storage card in mobile terminal, as note data is carried out encryption and decryption by the enciphering and deciphering algorithm in MicroSD card (being once called as TF card), adopt hardware mode higher compared to the encryption safe of software mode like this. Specifically, enciphering and deciphering algorithm can be the close SM2 algorithm (SM2cryptographicalgorithm) of state, and this is a kind of commercial password grouping ellipse curve public key cipher algorithm worked out by national management office. Enciphering and deciphering algorithm can also be the close SM3 of state, the close SM4 of state. Therefore, if this storage card does not exist, then can not carry out encryption and decryption operation, therefore point out the user can not use safety call function; For guaranteeing security, it is possible to require that the SIM card in every platform mobile terminal and storage card are bindings further, such as, company is the storage card that each employee provides unified configuration, and the SIM card with each employee is bound.
In one embodiment of the invention, in the device shown in Fig. 2, note processing unit 220, is further adapted for and carried out a handshake operation before being encrypted with the other side, exchange secret key; Wherein, the secret key of each handshake exchange is all not identical; Secret key according to exchanging is encrypted and decryption processing.
Such as, arranging a password management services, each designated store module, such as storage card all needs to register on that server, and after each designated store Module registers, its inside just stores corresponding certificate and enterprise's key. And before sending note every time, both sides first carry out a handshake operation, intercourse key, and the key of handshake exchange is not identical every time, i.e. " one-time pad ", guarantee each communication process like this, the operation of encryption and decryption cannot be carried out from outside by force, process can only be encrypted and decrypted by the key of this exchange. Such as, in the close SM2 algorithm of state, note Fang Jun utilizes the memory module of mobile terminal to adopt asymmetric algorithm to carry out handshake operation by password management services to exchange key with receiving to send note side, the ECC elliptic curve adopted is the passage of a safety, therefore greatly meets the security requirement of enterprise.
In one embodiment of the invention, in the device shown in Fig. 2, note processing unit 220, is further adapted for and loCal number was sent to enterprise network security management server before being encrypted carries out authentication processing; If certification by; be encrypted; If certification failure, point out user authentication failure.
In the present embodiment, require that the loCal number that user uses also needs in Enterprise linkage list, therefore before being encrypted, loCal number is sent to enterprise network security management server and carries out authentication processing, only could use safety SMS by certification.
In one embodiment of the invention, device shown in Fig. 2 comprises further: destroy unit 250, be suitable for receiving the destruction instruction of enterprise network security management server, according to this destruction instruction, delete the data in the workspace on mobile terminal according to the destruction strategy in designated store module and/or mobile terminal is delayed machine.
In this embodiment, designated store module can store destroys strategy, delete the data in the workspace on mobile terminal further when the destruction instruction receiving enterprise network security management server and/or mobile terminal is delayed machine, when solving mobile terminal loss, the problem that the data in mobile terminal workspace may be revealed.
In sum, the technical scheme of the present invention, when the short message sending detected on mobile terminal operates, judge whether to open secure short message function, if opening this function, it is sent to the other side by mobile telephone network after being then encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in designated store module, the note data transmitted in such note process is just through encryption, ensure that the security of short message content, the privacy requirements of enterprise can be met.
It should be understood that
Intrinsic not relevant to any certain computer, virtual device or other equipment with display at this algorithm provided. Various multipurpose plant can also with use based on together with this teaching. According to description above, it is to construct the structure required by this kind of device is apparent. In addition, the present invention is not also for any certain programmed language. It should be appreciated that various programming language can be utilized to realize the content of the present invention described here, and the description done by language-specific above is the preferred forms in order to disclose the present invention.
In specification sheets mentioned herein, describe a large amount of detail. However, it is understood that embodiments of the invention can be put into practice when not having these details. In some instances, it is not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, it is to be understood that, one or more in order to what simplify the disclosure and help to understand in each inventive aspect, above to, in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes. But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim. More properly saying, as reflected in claim book below, inventive aspect is all features less than disclosed single embodiment above. Therefore, the claim book following embodiment is thus incorporated to this embodiment clearly, and wherein each claim itself is as the independent embodiment of the present invention.
Those skilled in the art it can be appreciated that the module in the equipment in embodiment can be carried out adaptively change and they are arranged in one or more equipment different from this embodiment. Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule block or subelement or subgroup part can be put them in addition. Except at least some in such feature and/or process or unit mutually repels, it is possible to adopt any combination all processes or the unit of all features disclosed in this specification sheets (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment to be combined. Unless expressly stated otherwise, each feature disclosed in this specification sheets (comprising adjoint claim, summary and accompanying drawing) can by providing alternative features that is identical, equivalent or similar object to replace.
In addition, the technician of this area can understand, although embodiments more described herein comprise in other embodiment some included feature instead of further feature, but the combination of the feature of different embodiment means to be within the scope of the present invention and forms different embodiments. Such as, in the following claims, the one of any of claimed embodiment can use with arbitrary array mode.
Each parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more treater, or realizes with their combination. It will be understood by one skilled in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize the some or all parts in the device of protection note safety according to embodiments of the present invention. Such as, the present invention can also be embodied as part or all the equipment for performing method as described herein or device program (computer program and computer program). The program of such the present invention of realization can store on a computer-readable medium, or can have the form of one or more signal. Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
Should it is to be noted that above-described embodiment the present invention will be described instead of limits the invention, and those skilled in the art can design alternative embodiment when not departing from the scope of claims. In the claims, it should not any reference symbol construction between bracket is become limitations on claims. Word " comprises " element or step not getting rid of and exist and do not arrange in the claims. Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element. The present invention can by means of including the hardware of some different elements and realize by means of the computer suitably programmed. In the unit claim listing some devices, some in these devices can be carry out particular embodiment by same hardware branch. Word first, second and third-class use do not represent any order. Can be title by these word explanations.
The present invention discloses A1, a kind of method protecting note safety, and wherein the method comprises:
Judge whether secure short message function opens when the short message sending detected on mobile terminal operates;
If opened, be sent to the other side by mobile telephone network after being then encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in described designated store module.
A2, method as described in A1, wherein, described judge whether secure short message function opens and comprise:
Configuration information according to obtaining from enterprise network security management server judges whether secure short message function opens.
A3, method as described in A2, wherein, the method comprises further:
The pattern only for communication between enterprise contacts has been judged whether out according to the configuration information obtained from enterprise network security management server;
If opening this pattern, then it is invalid or hiding to be set to by the short message sending correlation function control of the telephone number not belonging to Enterprise linkage list on this mobile terminal.
A4, method as described in A3, wherein, the method comprises further:
Regularly or irregularly from enterprise network security management server download Enterprise linkage list.
A5, method as described in A1, wherein, described designated store module is the storage card in mobile terminal;
The method comprises further:
Before being encrypted, judge whether the storage card in mobile terminal exists;
If there is no then point out the user can not use safety SMS;
If existed, judge further the storage card in mobile terminal be whether before with this mobile terminal or the storage card bound with the SIM card on this mobile terminal;
If otherwise prompting user can not use safety SMS;
Whether the SIM card if it is judged further in mobile terminal exists, and is be encrypted, otherwise prompting user can not use safety SMS.
A6, method as described in A1, wherein, the method comprises further:
Before being encrypted, carry out a handshake operation with the other side, exchange secret key; Wherein, the secret key of each handshake exchange is all not identical;
Secret key according to exchanging is encrypted and decryption processing.
A7, method as described in A1, wherein, the method comprises further:
Before being encrypted, loCal number is sent to enterprise network security management server and carries out authentication processing; If certification by; carry out described encrypt treatment; If certification failure, point out user authentication failure.
A8, method as described in A1, wherein, the method comprises further:
Receive the destruction instruction of enterprise network security management server, according to this destruction instruction, delete the data in the workspace on mobile terminal according to the destruction strategy in described designated store module and/or mobile terminal is delayed machine.
The present invention discloses B9, a kind of device protecting note safety, and wherein this device comprises:
Judging unit, is suitable for judging whether secure short message function opens when the short message sending detecting on mobile terminal operates;
Note processing unit, be suitable for when secure short message function is opened, be sent to the other side by mobile telephone network after being encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in described designated store module.
B10, device as described in B9, wherein,
Described judging unit, the configuration information according to obtaining from enterprise network security management server that is suitable for judges whether secure short message function opens.
B11, device as described in B10, wherein,
Described judging unit, is further adapted for and has judged whether out the pattern only for communication between enterprise contacts according to the configuration information obtained from enterprise network security management server;
This device comprises further: control management module, being suitable for when opening the pattern of call between only for enterprise contacts, it is invalid or hiding to be set to by the short message sending correlation function control of the telephone number not belonging to Enterprise linkage list on this mobile terminal.
B12, device as described in B11, wherein, this device comprises further:
Download unit, is suitable for regularly or irregularly from enterprise network security management server downloading Enterprise linkage list.
B13, device as described in B9, wherein, described designated store module is the storage card in mobile terminal;
Described note processing unit, whether the storage card being suitable for judging in mobile terminal before being encrypted exists; If there is no then point out the user can not use safety SMS; If existed, judge further the storage card in mobile terminal be whether before with this mobile terminal or the storage card bound with the SIM card on this mobile terminal; If otherwise prompting user can not use safety SMS; Whether the SIM card if it is judged further in mobile terminal exists, and is be encrypted, otherwise prompting user can not use safety SMS.
B14, device as described in B9, wherein,
Described note processing unit, is further adapted for and carried out a handshake operation before being encrypted with the other side, exchange secret key; Wherein, the secret key of each handshake exchange is all not identical; Secret key according to exchanging is encrypted and decryption processing.
B15, device as described in B9, wherein,
Described note processing unit, is further adapted for and loCal number was sent to enterprise network security management server before being encrypted carries out authentication processing; If certification by; carry out described encrypt treatment; If certification failure, point out user authentication failure.
B16, device as described in B9, wherein, this device comprises further:
Destroy unit, be suitable for receiving the destruction instruction of enterprise network security management server, according to this destruction instruction, delete the data in the workspace on mobile terminal according to the destruction strategy in described designated store module and/or mobile terminal is delayed machine.
Claims (10)
1. protecting a method for note safety, wherein the method comprises:
Judge whether secure short message function opens when the short message sending detected on mobile terminal operates;
If opened, be sent to the other side by mobile telephone network after being then encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in described designated store module.
2. the method for claim 1, wherein, described judge whether secure short message function opens and comprises:
Configuration information according to obtaining from enterprise network security management server judges whether secure short message function opens.
3. method as claimed in claim 2, wherein, the method comprises further:
The pattern only for communication between enterprise contacts has been judged whether out according to the configuration information obtained from enterprise network security management server;
If opening this pattern, then it is invalid or hiding to be set to by the short message sending correlation function control of the telephone number not belonging to Enterprise linkage list on this mobile terminal.
4. method as claimed in claim 3, wherein, the method comprises further:
Regularly or irregularly from enterprise network security management server download Enterprise linkage list.
5. the method for claim 1, wherein, described designated store module is the storage card in mobile terminal;
The method comprises further:
Before being encrypted, judge whether the storage card in mobile terminal exists;
If there is no then point out the user can not use safety SMS;
If existed, judge further the storage card in mobile terminal be whether before with this mobile terminal or the storage card bound with the SIM card on this mobile terminal;
If otherwise prompting user can not use safety SMS;
Whether the SIM card if it is judged further in mobile terminal exists, and is be encrypted, otherwise prompting user can not use safety SMS.
6. the method for claim 1, wherein, the method comprises further:
Before being encrypted, carry out a handshake operation with the other side, exchange secret key; Wherein, the secret key of each handshake exchange is all not identical;
Secret key according to exchanging is encrypted and decryption processing.
7. the method for claim 1, wherein, the method comprises further:
Before being encrypted, loCal number is sent to enterprise network security management server and carries out authentication processing; If certification by; carry out described encrypt treatment; If certification failure, point out user authentication failure.
8. the method for claim 1, wherein, the method comprises further:
Receive the destruction instruction of enterprise network security management server, according to this destruction instruction, delete the data in the workspace on mobile terminal according to the destruction strategy in described designated store module and/or mobile terminal is delayed machine.
9. protecting a device for note safety, wherein this device comprises:
Judging unit, is suitable for judging whether secure short message function opens when the short message sending detecting on mobile terminal operates;
Note processing unit, be suitable for when secure short message function is opened, be sent to the other side by mobile telephone network after being encrypted according to the enciphering and deciphering algorithm in designated store module by note data, and by by mobile telephone network reception to the other side's note data be decrypted according to the enciphering and deciphering algorithm in described designated store module.
10. device as claimed in claim 9, wherein,
Described judging unit, the configuration information according to obtaining from enterprise network security management server that is suitable for judges whether secure short message function opens.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510991287.3A CN105657697A (en) | 2015-12-24 | 2015-12-24 | Method and device for protecting short message security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510991287.3A CN105657697A (en) | 2015-12-24 | 2015-12-24 | Method and device for protecting short message security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105657697A true CN105657697A (en) | 2016-06-08 |
Family
ID=56476746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510991287.3A Pending CN105657697A (en) | 2015-12-24 | 2015-12-24 | Method and device for protecting short message security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105657697A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1688176A (en) * | 2005-05-16 | 2005-10-26 | 航天科工信息技术研究院 | Method for implementing wireless authentication and data safety transmission based on GSM network |
| CN101188496A (en) * | 2007-12-10 | 2008-05-28 | 中兴通讯股份有限公司 | A SMS encryption transport method |
| CN101330685A (en) * | 2008-05-19 | 2008-12-24 | 深圳市中兴集成电路设计有限责任公司 | Method for ciphering and transmitting short message |
| US20110021234A1 (en) * | 2009-07-21 | 2011-01-27 | Scott Ferrill Tibbitts | Method and system for controlling a mobile communication device in a moving vehicle |
| US20110106709A1 (en) * | 2009-10-30 | 2011-05-05 | Nokia Corporation | Method and apparatus for recovery during authentication |
| CN102857889A (en) * | 2012-09-12 | 2013-01-02 | 中兴通讯股份有限公司 | Method and device for encrypting short messages |
| CN104202485A (en) * | 2014-09-23 | 2014-12-10 | 厦门美图移动科技有限公司 | Safety call method, safety call device and mobile terminal |
| CN104363325A (en) * | 2014-11-17 | 2015-02-18 | 深圳市中兴移动通信有限公司 | Terminal calling method and system |
| CN104917603A (en) * | 2014-09-22 | 2015-09-16 | 中兴通讯股份有限公司 | Information secure transmission method, receiving terminal and sending terminal |
| CN104980338A (en) * | 2015-05-12 | 2015-10-14 | 上海斐讯数据通信技术有限公司 | Enterprise instant messaging security application system based on mobile intelligent terminal |
-
2015
- 2015-12-24 CN CN201510991287.3A patent/CN105657697A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1688176A (en) * | 2005-05-16 | 2005-10-26 | 航天科工信息技术研究院 | Method for implementing wireless authentication and data safety transmission based on GSM network |
| CN100350816C (en) * | 2005-05-16 | 2007-11-21 | 航天科工信息技术研究院 | Method for implementing wireless authentication and data safety transmission based on GSM network |
| CN101188496A (en) * | 2007-12-10 | 2008-05-28 | 中兴通讯股份有限公司 | A SMS encryption transport method |
| CN101330685A (en) * | 2008-05-19 | 2008-12-24 | 深圳市中兴集成电路设计有限责任公司 | Method for ciphering and transmitting short message |
| US20110021234A1 (en) * | 2009-07-21 | 2011-01-27 | Scott Ferrill Tibbitts | Method and system for controlling a mobile communication device in a moving vehicle |
| US20110106709A1 (en) * | 2009-10-30 | 2011-05-05 | Nokia Corporation | Method and apparatus for recovery during authentication |
| CN102857889A (en) * | 2012-09-12 | 2013-01-02 | 中兴通讯股份有限公司 | Method and device for encrypting short messages |
| CN104917603A (en) * | 2014-09-22 | 2015-09-16 | 中兴通讯股份有限公司 | Information secure transmission method, receiving terminal and sending terminal |
| CN104202485A (en) * | 2014-09-23 | 2014-12-10 | 厦门美图移动科技有限公司 | Safety call method, safety call device and mobile terminal |
| CN104363325A (en) * | 2014-11-17 | 2015-02-18 | 深圳市中兴移动通信有限公司 | Terminal calling method and system |
| CN104980338A (en) * | 2015-05-12 | 2015-10-14 | 上海斐讯数据通信技术有限公司 | Enterprise instant messaging security application system based on mobile intelligent terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chu et al. | Security and privacy analyses of internet of things children’s toys | |
| CN105553951B (en) | Data transmission method and device | |
| Landman | Managing smart phone security risks | |
| CN104903905B (en) | By the security service management for computer application for the object code for changing computer application | |
| CN103647784B (en) | A kind of method and apparatus of public and private isolation | |
| CN105812332A (en) | Data protection method | |
| Nyamtiga et al. | Enhanced security model for mobile banking systems in Tanzania | |
| CN104205891A (en) | Virtual sim card cloud platform | |
| CN103246850A (en) | Method and device for processing file | |
| CN103390026A (en) | Mobile intelligent terminal security browser and working method thereof | |
| JP2018533864A (en) | Remote control method, device and portable terminal | |
| CN105022966A (en) | Database data encryption and decryption method and system | |
| Castiglione et al. | Do you trust your phone? | |
| CN104168565A (en) | Method for controlling safe communication of intelligent terminal under undependable wireless network environment | |
| Agarwal et al. | Security issues in mobile payment systems | |
| Sathyan et al. | Multi-layered collaborative approach to address enterprise mobile security challenges | |
| Tan et al. | M-commerce security: the impact of wireless application protocol (WAP) security services on e-business and e-health solutions | |
| Tully et al. | Mobile security: a practitioner’s perspective | |
| CN105187379B (en) | Password based on multi-party mutual mistrust splits management method | |
| Au et al. | Mobile security and privacy: Advances, challenges and future research directions | |
| Benoit et al. | Mobile terminal security | |
| CN117494151A (en) | Improved memory system | |
| Diwan | An experimental analysis of security vulnerabilities in industrial internet of things services | |
| US20160316330A1 (en) | Method and device for business and private region separation | |
| Becher | Security of smartphones at the dawn of their ubiquitousness |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160608 |