CN107305608A - The management method and device of terminal device - Google Patents

The management method and device of terminal device Download PDF

Info

Publication number
CN107305608A
CN107305608A CN201610254648.0A CN201610254648A CN107305608A CN 107305608 A CN107305608 A CN 107305608A CN 201610254648 A CN201610254648 A CN 201610254648A CN 107305608 A CN107305608 A CN 107305608A
Authority
CN
China
Prior art keywords
terminal device
current operation
allow
application
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610254648.0A
Other languages
Chinese (zh)
Inventor
刘刚
董杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
TD Tech Ltd
TD Tech Chengdu Co Ltd
Original Assignee
TD Tech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by TD Tech Ltd filed Critical TD Tech Ltd
Priority to CN201610254648.0A priority Critical patent/CN107305608A/en
Publication of CN107305608A publication Critical patent/CN107305608A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention provides the management method and device of a kind of terminal device, and the management method includes:The operation requests message that receiving terminal apparatus is sent;The operation requests message includes the information of terminal device current operation;According to the operation requests message, it is determined whether allow the terminal device to perform current operation;Operation acknowledgement message is sent to the terminal device;The operation acknowledgement message is used to indicate whether to allow the terminal device to perform current operation.By the way that the operation of user on the terminal device is reported into server, server is authenticated according to default authority, then notifies user to continue executing with or shield the operation being not allowed to, and improves the safety in utilization of terminal device.

Description

The management method and device of terminal device
Technical field
The present embodiments relate to the management method and dress of computer technology, more particularly to a kind of terminal device Put.
Background technology
At present, with the development of electronic technology, the use of various intelligent terminal devices is also increasingly popularized, Intelligent terminal has become the instrument of indispensable communication or amusement and recreation in life.
Installation system is configured with conventional terminal device, except intelligent terminal in the terminal device Outside the application program installed when dispatching from the factory, user can also get on download application from a software store Program goes to install, and can also be installed in addition from downloading application software on any website, or can be by No application software is unloaded from terminal device.
But, because user can not judge whether application software carries wooden horse or deposited with terminal device manufacturer In technical contradiction, potential danger can be brought to user.Current terminal device does not have systematic manager Security is relatively low during formula, use.
The content of the invention
The management method and device of a kind of terminal device provided in an embodiment of the present invention, for solving at present Terminal device do not have the problem of security is relatively low during systematic way to manage, use.
First aspect of the embodiment of the present invention provides a kind of management method of terminal device, including:
The operation requests message that receiving terminal apparatus is sent;The operation requests message is worked as including terminal device The information of preceding operation;
According to the operation requests message, it is determined whether allow the terminal device to perform current operation;
Operation acknowledgement message is sent to the terminal device;The operation acknowledgement message is used to indicate whether to permit Perhaps described terminal device performs current operation.
Optionally, the current operation include it is following at least one:Application, unloading application, interface are installed Using and public network connect.
Optionally, if the current operation is applied to install, the information of the current operation is including to be installed The first application mark, then it is described according to the operation requests message, it is determined whether to allow the terminal Equipment performs current operation, including:
Inquire about the default terminal device corresponding install and whether there is the described first application in permissions list Mark;The installation permissions list includes allowing the mark of the application of the installing terminal equipment;
If the permissions list of installing includes the mark of first application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation is applied for unloading, the information of the current operation is including to be unloaded The second application mark, then it is described according to the operation requests message, it is determined whether to allow the terminal Equipment performs current operation, including:
Inquire about in the corresponding unloading permissions list of the default terminal device with the presence or absence of the described second application Mark;The unloading permissions list includes the mark for the application for allowing the terminal device to unload;
If the permissions list of installing includes the mark of second application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation uses for interface, the information of the current operation includes interface Mark, then it is described according to the operation requests message, it is determined whether to allow the terminal device to perform current Operation, including:
According to the corresponding interface access right list of the default terminal device, determine whether to use The corresponding interface of the interface identifier.
Optionally, if the current operation connects for public network, the information of the current operation includes network Mark, then it is described according to the operation requests message, it is determined whether to allow the terminal device to perform current Operation, including:
According to the corresponding network insertion permissions list of the default terminal device, access is determined whether The corresponding network of the network identity.
Second aspect of the present invention provides a kind of management method of terminal device, including:
Operation requests message is sent to server according to current operation;The operation requests message includes described The information of current operation;
Receive the operation acknowledgement message that the server is returned;The operation acknowledgement message is used to indicate whether Allow to perform the current operation;
If the operation acknowledgement message indicates to allow to perform current operation, current operation is continued executing with.
Optionally, methods described also includes:
If the operation acknowledgement message indicates not allow to perform current operation, stop performing current operation.
Third aspect present invention provides a kind of management method of terminal device, including:
Receive the first configured information;First configured information is used for instruction terminal device losses;
According to first configured information, lock command is sent to the terminal device;The lock command For indicating that the terminal device forbids all operations.
Optionally, methods described also includes:
Data dump order is sent to the terminal device;The data dump order is used to indicate the end End equipment wipes all data of storage completely.
Fourth aspect present invention provides a kind of management method of terminal device, including:
The lock command that the reception server is sent;
According to the lock command, locking system interface and interface.
Optionally, methods described also includes:
The data dump order that the reception server is sent;
According to the data dump order, all data being locally stored are wiped completely.
Fifth aspect present invention provides a kind of managing device of terminal device, including:
Receiving module, the operation requests message sent for receiving terminal apparatus;The operation requests message Include the information of terminal device current operation;
Processing module, for according to the operation requests message, it is determined whether allow the terminal device to hold Row current operation;
Sending module, for sending operation acknowledgement message to the terminal device;The operation acknowledgement message It is used to indicate whether to allow the terminal device to perform current operation.
Optionally, the current operation for the terminal device that the receiving module is received include it is following at least one: Application, unloading application are installed, interface is used and public network is connected.
Optionally, if the current operation is applied to install, the information of the current operation is including to be installed First application mark, then the processing module specifically for:
Inquire about the default terminal device corresponding install and whether there is the described first application in permissions list Mark;The installation permissions list includes allowing the mark of the application of the installing terminal equipment;
If the permissions list of installing includes the mark of first application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation is applied for unloading, the information of the current operation is including to be unloaded Second application mark, then the processing module specifically for:
Inquire about in the corresponding unloading permissions list of the default terminal device with the presence or absence of the described second application Mark;The unloading permissions list includes the mark for the application for allowing the terminal device to unload;
If the permissions list of installing includes the mark of second application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation uses for interface, the information of the current operation includes interface Mark, then the processing module specifically for:
According to the corresponding interface access right list of the default terminal device, determine whether to use The corresponding interface of the interface identifier.
Optionally, if the current operation connects for public network, the information of the current operation includes network Mark, then the processing module specifically for:
According to the corresponding network insertion permissions list of the default terminal device, access is determined whether The corresponding network of the network identity.
Sixth aspect present invention provides a kind of managing device of terminal device, including:
Sending module, for sending operation requests message to server according to current operation;The operation please Message is asked to include the information of the current operation;
Receiving module, for receiving the operation acknowledgement message that the server is returned;The operation acknowledgement disappears Breath is used to indicate whether to allow to perform the current operation;
Processing module, if indicating to allow to perform current operation for the operation acknowledgement message, continues to hold Row current operation.
Optionally, if the processing module is additionally operable to the operation acknowledgement message and indicates not allow to perform currently Operation, then stop performing current operation.
Seventh aspect present invention provides a kind of managing device of terminal device, including:
Receiving module, for receiving the first configured information;First configured information is set for instruction terminal It is standby to lose;
Processing module, for according to first configured information, generating lock command;
Sending module, for sending the lock command to the terminal device;The lock command is used for Indicate that the terminal device forbids all operations.
Optionally, the sending module is additionally operable to send data dump order to the terminal device;It is described Data dump order is used to indicate that the terminal device wipes all data of storage completely.
Eighth aspect present invention provides a kind of managing device of terminal device, including:
Receiving module, the lock command sent for the reception server;
Processing module, for according to the lock command, locking system interface and interface.
Optionally, the receiving module is additionally operable to the data dump order of the reception server transmission;
The processing module is additionally operable to according to the data dump order, and all data being locally stored are complete Full erasing.
Ninth aspect present invention provides a kind of server, including:Have program stored therein instruction memory, use Processor, receiver and the transmitter performed is instructed in control program;
The receiver is used for the operation requests message that receiving terminal apparatus is sent;The operation requests message Include the information of terminal device current operation;
The processor is used for according to the operation requests message, it is determined whether allow the terminal device to hold Row current operation;
The transmitter is used to send operation acknowledgement message to the terminal device;The operation acknowledgement message It is used to indicate whether to allow the terminal device to perform current operation.
Optionally, if the current operation is applied to install, the information of the current operation is including to be installed First application mark, then the processor specifically for:
Inquire about the default terminal device corresponding install and whether there is the described first application in permissions list Mark;The installation permissions list includes allowing the mark of the application of the installing terminal equipment;
If the permissions list of installing includes the mark of first application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation is applied for unloading, the information of the current operation is including to be unloaded Second application mark, then the processor specifically for:
Inquire about in the corresponding unloading permissions list of the default terminal device with the presence or absence of the described second application Mark;The unloading permissions list includes the mark for the application for allowing the terminal device to unload;
If the permissions list of installing includes the mark of second application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation uses for interface, the information of the current operation includes interface Mark, then the processor specifically for:
According to the corresponding interface access right list of the default terminal device, determine whether to use The corresponding interface of the interface identifier.
Optionally, if the current operation connects for public network, the information of the current operation includes network Mark, then the processor specifically for:
According to the corresponding network insertion permissions list of the default terminal device, access is determined whether The corresponding network of the network identity.
Tenth aspect present invention provides a kind of terminal device, including:Have program stored therein instruction memory, The processor, transmitter and the receiver that perform are instructed for control program;
The transmitter is used to send operation requests message to server according to current operation;The operation please Message is asked to include the information of the current operation;
The receiver is used to receive the operation acknowledgement message that the server is returned;The operation acknowledgement disappears Breath is used to indicate whether to allow to perform the current operation;
Indicate to allow to perform current operation if the processor is used for the operation acknowledgement message, continue to hold Row current operation.
Optionally, if the processor is additionally operable to the operation acknowledgement message and indicates not allow to perform current behaviour Make, then stop performing current operation.
Tenth one side of the invention provides a kind of server, including:Have program stored therein instruction memory, The processor, receiver and the transmitter that perform are instructed for control program;
The receiver is used to receive the first configured information;First configured information is set for instruction terminal It is standby to lose;
The processor is used to, according to first configured information, generate lock command;
The transmitter is used to send lock command to the terminal device;The lock command is used to indicate The terminal device forbids all operations.
Optionally, the transmitter is additionally operable to send data dump order to the terminal device;The number It is used to indicate that the terminal device wipes all data of storage completely according to clear command.
The twelfth aspect of the present invention provides a kind of terminal device, including:Have program stored therein instruction memory, The processor and receiver that perform are instructed for control program;
The receiver is used for the lock command that the reception server is sent;
The processor is used for according to the lock command, locking system interface and interface.
Optionally, the receiver is additionally operable to the data dump order of the reception server transmission;
The processor is additionally operable to according to the data dump order, and all data being locally stored are complete Erasing.
The management method and device of terminal device provided in an embodiment of the present invention, terminal device are carrying out software Installation either unload or interface use or access public network before, according to operation to be performed to clothes Business device initiates application, and server is installed according to the application being pre-configured with and either unloads authority or the terminal The interface access right of equipment is authenticated, and returns to authenticating result to terminal device, and terminal device is in clothes Business device is just performed when allowing to perform current operation, otherwise shields current operation, it is to avoid the peace arbitrarily operated Full leak, effectively improves the security during terminal device use.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to reality The accompanying drawing used required for applying in example or description of the prior art is briefly described, it should be apparent that, under Accompanying drawing in the description of face is some embodiments of the present invention, for those of ordinary skill in the art, On the premise of not paying creative labor, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the management method embodiment one of terminal device of the present invention;
Fig. 2 is the flow chart of the management method embodiment two of terminal device of the present invention;
Fig. 3 is the flow chart of the management method embodiment three of terminal device of the present invention;
Fig. 4 is the structural representation of the managing device embodiment one of terminal device of the present invention;
Fig. 5 is the structural representation of the managing device embodiment three of terminal device of the present invention;
Fig. 6 is the structural representation of the managing device example IV of terminal device of the present invention;
Fig. 7 is the structural representation of the managing device embodiment five of terminal device of the present invention;
Fig. 8 is the structural representation of server example one of the present invention;
Fig. 9 is the structural representation of terminal device embodiment one of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with this hair Accompanying drawing in bright embodiment, the technical scheme in the embodiment of the present invention is clearly and completely described, Obviously, described embodiment is a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained under the premise of creative work is not made The every other embodiment obtained, belongs to the scope of protection of the invention.
Fig. 1 is the flow chart of the management method embodiment one of terminal device of the present invention, as shown in figure 1, this The management method for the terminal device that embodiment is provided is applied in server side, and the server can be UDC clothes Be engaged in device, or other can with the server of management terminal device, the management method of the terminal device it is specific Realize that step is;
S101:The operation requests message that receiving terminal apparatus is sent;The operation requests message includes terminal The information of equipment current operation.
In this step, the current operation include it is following at least one:Installation is applied, unloading is applied, Interface is used and public network is connected.Here interface is all available on the terminal device using referring to The use of interface, for example:Storage card, USB interface, SD card, bluetooth etc., public network connection are referred to Netting twine connection of the access of AP focuses, WIFI accesses or RJ45 interfaces etc..
Terminal device is either unloaded in the installation for carrying out software or above-mentioned interface is used or public network connects , it is necessary to operation requests message be sent to server, for asking whether current behaviour can be continued executing with when connecing Make, server receives the operation requests message, and the current operation of terminal device is authenticated.
S102:According to the operation requests message, it is determined whether allow the terminal device to perform current behaviour Make.
In this step, server can be inquired about according to the permissions list being pre-configured with, and determine terminal Whether the current operation of equipment is allowed to, and it is determined that after generate corresponding operation acknowledgement message.
S103:Operation acknowledgement message is sent to the terminal device;The operation acknowledgement message is used to indicate The terminal device whether is allowed to perform current operation.
The operation acknowledgement message is used to inform that terminal device is continued executing with, or shielding current operation.
The program at least includes following several possible situations in implementing:
The first situation:The current operation of terminal device is applied to install, the letter of the current operation Breath includes the to be installed first mark applied, then S102 is implemented as:
Inquire about the default terminal device corresponding install and whether there is the described first application in permissions list Mark;The installation permissions list includes allowing the mark of the application of the installing terminal equipment;
If the permissions list of installing includes the mark of first application, allow the terminal device Perform current operation;Otherwise, the terminal device is not allowed to perform current operation.
Terminal device is downloaded application program, i.e., the first application, and attempts to install first application, should The mark of first application, which is carried in operation requests, is sent to server, and it is installation operation to determine, clothes Business device is inquired about according to the list for the application for allowing to install being pre-configured with, it is determined whether is allowed to install and is somebody's turn to do First application.
Second of situation, the current operation of terminal device is applied for unloading, the letter of the current operation Breath includes the to be unloaded second mark applied, then S102 is implemented as:
Inquire about in the corresponding unloading permissions list of the default terminal device with the presence or absence of the described second application Mark;The unloading permissions list includes the mark for the application for allowing the terminal device to unload;
If the permissions list of installing includes the mark of second application, allow the terminal device Perform current operation;Otherwise, the terminal device is not allowed to perform current operation.
User unloads in terminal device to the second application installed, the mark quilt of second application Carrying is sent to server in operation requests, and determines it is unloading or deletion action, server according to What is be pre-configured with allows the list of the application of unloading to be inquired about, it is determined whether allow unloading second application. The list of the application program for not allowing unloading that is optional or being pre-configured with, is inquired about, really It is fixed whether to allow unloading second application.
The third situation, the current operation of terminal device uses for interface, then the current operation Information includes interface identifier, then S102 is implemented as:
According to the corresponding interface access right list of the default terminal device, determine whether to use The corresponding interface of the interface identifier.
When user connects other equipment on the terminal device, triggering terminal device-to-server sends operation please Message is sought, server goes to determine whether to use currently to be attempt to connect according to interface access right list The interface entered, further, can also directly be set in server side allows what is accessed on some interface The mark of other equipment, is meant that the interface only allows the mark of equipment of access, can be sent in advance Terminal device oneself goes to judge or after above-mentioned access action triggers, and server is known Do not confirm, this this programme is not limited.
4th kind of situation, the current operation of terminal device is public network connection, then the current operation Information includes network identity, then S102 is implemented as:
According to the corresponding network insertion permissions list of the default terminal device, access is determined whether The corresponding network of the network identity.
Server side can be pre-configured with the list for the network identity for allowing access, or not allow access Network identity, can be referred to as network insertion permissions list, be triggered after terminal device view access network Device-to-server sends operation requests message, is determined whether to perform by server.
The present embodiment provide terminal device management method, terminal device carry out software installation or Unloading, or interface are used or accessed before public network, and Shen is initiated to server according to operation to be performed Please, server installs the interface of either unloading authority or the terminal device according to the application being pre-configured with Access right is authenticated, and returns to authenticating result to terminal device, and terminal device allows to hold in server Just performed during operation before the trade, otherwise shield current operation, it is to avoid the security breaches arbitrarily operated, have Effect improves the security during terminal device use.
Fig. 2 is the flow chart of the management method embodiment two of terminal device of the present invention, as shown in Fig. 2 should Scheme is applied in terminal equipment side, and concrete implementation step includes:
S201:Operation requests message is sent to server according to current operation;The operation requests message package Include the information of the current operation.
In this step, the current operation can terminal device trigger automatically, for example:Wireless network Connection;Can also be user's operation triggering, for example, the installation or unloading of application program.
It is similar to the above embodiments, the current operation of the terminal device include it is following at least one:Install Using, unloading application, interface use and public network connect etc..
S202:Receive the operation acknowledgement message that the server is returned;The operation acknowledgement message is used to refer to Whether show allows to perform the current operation.
In this programme, detect have operations to execute when, to server send operation requests message, Current operation is wherein carried, so that server is authenticated to current operation, it is determined whether allow at the end The operation is carried out in end equipment, and operation acknowledgement message is returned to terminal device, the operation acknowledgement message is used Can allow to perform or do not allow to perform to notify terminal device authenticating result.
S203:If the operation acknowledgement message indicates to allow to perform current operation, current behaviour is continued executing with Make.
In this step, terminal device get server transmission operation acknowledgement message indicate allow perform Current operation, then continue executing with, for example:Allow certain application is installed, then continue to install, it is allowed to unload certain Program, then continue executing with uninstall action.
If the operation acknowledgement message indicates not allow to perform current operation, stop performing current operation. For example:Server does not allow to install certain application, then stops installing the journey after operation acknowledgement message is received Sequence, directly can also further delete the installation kit and data of the application.
The present embodiment provide terminal device management method, terminal device carry out software installation or Unloading, or interface are used or accessed before public network, and Shen is initiated to server according to operation to be performed Please, server installs the interface of either unloading authority or the terminal device according to the application being pre-configured with Access right is authenticated, and returns to authenticating result to terminal device, and terminal device allows to hold in server Just performed during operation before the trade, otherwise shield current operation, it is to avoid the security breaches arbitrarily operated, have Effect improves the security during terminal device use.
On the basis of above-described embodiment, below with mobile device management (English:Mobile Device Management, referred to as:MDM) exemplified by system, the management method to above-mentioned terminal device is carried out Illustrate:MDM be mainly used in the IT of enterprise management in there is provided complete mobile device Life Cycle Period management.By special server (for example:User equipment center (English:User and Device Center, Referred to as:UDC) server) realize slave unit registration, activation, using, eliminate links carry out it is complete Facial canal is managed.User and equipment control can specifically be realized, configuration management, safety management, the work(such as asset management Energy.
, can be by by MDM modes when installing terminal equipment third-party application software in this programme The program-package name of this application, version information, signing messages are sent on UDC servers by network and verified, UDC servers are authenticated according to the permissions list being pre-configured with to the third-party application, and are passed through MDM returning results, notify whether terminal device allows to install.Should in terminal device unloading company standard Used time, UDC servers decide whether to allow unloading according to the authority configuration of this terminal device, and return Notify terminal device.
First it can judge whether this terminal has installation authority when installing third party software, this authority is UDC Server is configured in terminal through MDM, and management system can install authority through MDM inquiries, if do not had There is installation Rights Management System not allow directly then to install, otherwise management system can pass the path of installation kit To MDM, the software kit name of MDM analysis software bags, software version number, signing messages issue UDC Server is verified, and the check results of return are returned to management system and determined whether by MDM again Install.
MDM is to application software installation/unloading, bluetooth, browser, built-in camera, player, public network Data cube computation, public network data-voice, screenshotss, SD card, USB, WIFI, AP focus etc. carry out authority Control, according to UDC servers through MDM terminal is carried out difference configuration come the authority of management terminal and Come into force with postponing.
Fig. 3 is the flow chart of the management method embodiment three of terminal device of the present invention, as shown in figure 3, should Scheme realizes that step includes:
S301:Receive the first configured information;First configured information is used for instruction terminal device losses.
In this step, server receives first of the other equipment transmission in addition to the terminal device Configured information, informs that the terminal device is lost or stolen.User can log in account by other equipment Number to server send indicate, inquiry message, active obtaining to the instruction can also be sent by server.
S302:According to first configured information, lock command is sent to the terminal device;The lock It is fixed to order for indicating that the terminal device forbids all operations.
In this step, after server determines that the terminal device is lost, send and lock to the terminal device Fixed order, the lock command instruction terminal equipment is locked, and it is meant that terminal device shielding is all Operation and access mode, for example:Do not allow to check data, unblock is not allowed, and shield all connect Mouthful, by taking mobile phone as an example, even others is connected to data wire, can not access any data in mobile phone, Terminal to loss carries out data protection.
S303:According to the lock command, locking system interface and interface.
In this programme, the lock command that terminal device the reception server is sent, and perform the lock command, Interface may have access into interface etc. to be locked, limitation operation and reading and writing data.
Further, if it is determined that after the terminal device is retrieved, server can be sent out to terminal device Unlocking command is sent, so that unlocking terminal equipment interface and interface.
Optionally, if server side determines that the terminal device can not be given for change, in order to guarantee data security, Data dump order can be sent to terminal device, so that terminal device receives the data and understands order, and Understand that order wipes all data of storage completely according to the data.
Specifically, by taking MDM as an example, when terminal is lost, UDC servers will be eventually through MDM End is locked, and now terminal can enter the interface of terminal locking and set the authority of minimum, this terminal Any operation can not be carried out equivalent to brick, UDC can be again through MDM to this terminal after terminal is found Operation is unlocked, if terminal can not be retrieved, UDC can be complete by the data of this terminal through MDM Full erasing.I.e. after UDC servers initiate lock command to terminal, it can be created in terminal in a system The window of portion's mistake (TYPE_SYSTEM_ERROR) type, this window has highest rank, Other window can not all be covered to it, and the response such as the touch of terminal device, button is shielded Processing is covered, authority has been done into minimum processing.It cannot see that other contents can not appoint after reaching locking What is operated.After UDC initiates data-delete command to terminal, terminal can enter recovery and recover mould Formula wipes data.
The management method for the terminal device that the present embodiment is provided, after terminal device loss, passes through service Device sends lock command, and terminal device authority is minimized, and shields all operations and interface access, carries High Information Security, after it is determined that terminal device can not be given for change, can be sent out by server to terminal device Send data to wipe message, thoroughly wipe data, it is to avoid the data in terminal device are stolen.
Below by taking the installation of third party software, Android system as an example, MDM is realized at framework layers (the English of service orientation management system:Android Interface Definition Language, referred to as: AIDL) interface and the AIDL interfaces towards MDM clients, use long-range call back function list (RemoteCallbackList) realize towards MDM client-side interface AIDL interface remotes readjustment, MDM Client realizes the AIDL interfaces of a service connection MDM service, registers RemoteCallbackList Readjustment.The service-seeking interface that management system passes through AIDL interface interchange MDM client services.
Fig. 4 is the structural representation of the managing device embodiment one of terminal device of the present invention, such as Fig. 4 institutes Show, the managing device 10 of the terminal device, including:
Receiving module 11, the operation requests message sent for receiving terminal apparatus;The operation requests disappear Breath includes the information of terminal device current operation;
Processing module 12, for according to the operation requests message, it is determined whether allow the terminal device Perform current operation;
Sending module 13, for sending operation acknowledgement message to the terminal device;The operation acknowledgement disappears Breath is used to indicate whether to allow the terminal device to perform current operation.
The managing device for the terminal device that the present embodiment is provided, is serviced for performing in any of the above-described embodiment The technical scheme of device side, its implementing principle and technical effect are similar, will not be repeated here.
On the basis of above-described embodiment one, in the managing device embodiment two of terminal device of the present invention, The current operation for the terminal device that the receiving module 11 is received include it is following at least one:Installing should With, unloading application, interface use and public network connect.
Optionally, if the current operation is applied to install, the information of the current operation is including to be installed First application mark, then the processing module 12 specifically for:
Inquire about the default terminal device corresponding install and whether there is the described first application in permissions list Mark;The installation permissions list includes allowing the mark of the application of the installing terminal equipment;
If the permissions list of installing includes the mark of first application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation is applied for unloading, the information of the current operation is including to be unloaded Second application mark, then the processing module 12 specifically for:
Inquire about in the corresponding unloading permissions list of the default terminal device with the presence or absence of the described second application Mark;The unloading permissions list includes the mark for the application for allowing the terminal device to unload;
If the permissions list of installing includes the mark of second application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation uses for interface, the information of the current operation includes interface Mark, then the processing module 12 specifically for:
According to the corresponding interface access right list of the default terminal device, determine whether to use The corresponding interface of the interface identifier.
Optionally, if the current operation connects for public network, the information of the current operation includes network Mark, then the processing module 12 specifically for:
According to the corresponding network insertion permissions list of the default terminal device, access is determined whether The corresponding network of the network identity.
The managing device for the terminal device that the present embodiment is provided, is serviced for performing in any of the above-described embodiment The technical scheme of device side, its implementing principle and technical effect are similar, will not be repeated here.
Fig. 5 is the structural representation of the managing device embodiment three of terminal device of the present invention, such as Fig. 5 institutes Show, the managing device 20 of the terminal device, including:
Sending module 21, for sending operation requests message to server according to current operation;The operation Request message includes the information of the current operation;
Receiving module 22, for receiving the operation acknowledgement message that the server is returned;The operation acknowledgement Message is used to indicate whether to allow to perform the current operation;
Processing module 23, if indicating to allow to perform current operation for the operation acknowledgement message, continues Perform current operation.
Optionally, if the processing module 23 is additionally operable to the operation acknowledgement message and indicates not allow to perform to work as Preceding operation, then stop performing current operation.
The managing device for the terminal device that the present embodiment is provided, for performing terminal in any of the above-described embodiment The technical scheme of equipment side, its implementing principle and technical effect are similar, will not be repeated here.
Fig. 6 is the structural representation of the managing device example IV of terminal device of the present invention, such as Fig. 6 institutes Show, the managing device 30 of the terminal device, including:
Receiving module 31, for receiving the first configured information;First configured information is used for instruction terminal Device losses;
Processing module 32, for according to first configured information, generating lock command;
Sending module 33, for sending the lock command to the terminal device;The lock command is used Forbid all operations in the instruction terminal device.
Optionally, the sending module 33 is additionally operable to send data dump order to the terminal device;Institute Stating data dump order is used to indicate that the terminal device wipes all data of storage completely.
The managing device for the terminal device that the present embodiment is provided, is serviced for performing in any of the above-described embodiment The technical scheme of device side, its implementing principle and technical effect are similar, will not be repeated here.
Fig. 7 is the structural representation of the managing device embodiment five of terminal device of the present invention, such as Fig. 7 institutes Show, the managing device 40 of the terminal device, including:
Receiving module 41, the lock command sent for the reception server;
Processing module 42, for according to the lock command, locking system interface and interface.
Optionally, the receiving module 41 is additionally operable to the data dump order of the reception server transmission;
The processing module 42 is additionally operable to according to the data dump order, by all data being locally stored Erasing completely.
The managing device for the terminal device that the present embodiment is provided, for performing terminal in any of the above-described embodiment The technical scheme of equipment side, its implementing principle and technical effect are similar, will not be repeated here.
Fig. 8 is the structural representation of server example one of the present invention, as shown in figure 8, the server 50 Including:Have program stored therein instruction memory 51, for control program instruct perform processor 52, Receiver 53 and transmitter 54;
The receiver 53 is used for the operation requests message that receiving terminal apparatus is sent;The operation requests disappear Breath includes the information of terminal device current operation;
The processor 52 is used for according to the operation requests message, it is determined whether allow the terminal device Perform current operation;
The transmitter 54 is used to send operation acknowledgement message to the terminal device;The operation acknowledgement disappears Breath is used to indicate whether to allow the terminal device to perform current operation.
Optionally, if the current operation is applied to install, the information of the current operation is including to be installed First application mark, then the processor 52 specifically for:
Inquire about the default terminal device corresponding install and whether there is the described first application in permissions list Mark;The installation permissions list includes allowing the mark of the application of the installing terminal equipment;
If the permissions list of installing includes the mark of first application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation is applied for unloading, the information of the current operation is including to be unloaded Second application mark, then the processor 52 specifically for:
Inquire about in the corresponding unloading permissions list of the default terminal device with the presence or absence of the described second application Mark;The unloading permissions list includes the mark for the application for allowing the terminal device to unload;
If the permissions list of installing includes the mark of second application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
Optionally, if the current operation uses for interface, the information of the current operation includes interface Mark, then the processor 52 specifically for:
According to the corresponding interface access right list of the default terminal device, determine whether to use The corresponding interface of the interface identifier.
Optionally, if the current operation connects for public network, the information of the current operation includes network Mark, then the processor 52 specifically for:
According to the corresponding network insertion permissions list of the default terminal device, access is determined whether The corresponding network of the network identity.
Optionally, the server is additionally operable to realize that the Telelock fixed sum data for the terminal device lost removes work( Can, specifically:
The receiver 53 is used to receive the first configured information;First configured information is used for instruction terminal Device losses;
The processor 52 is used to, according to first configured information, generate lock command;
The transmitter 54 is used to send lock command to the terminal device;The lock command is used to refer to Show that the terminal device forbids all operations.
Optionally, the transmitter 54 is additionally operable to send data dump order to the terminal device;It is described Data dump order is used to indicate that the terminal device wipes all data of storage completely.
The server that the present embodiment is provided is used for the technical scheme for performing preceding method embodiment, and it realizes former Reason is similar with technique effect, will not be repeated here.
Fig. 9 is the structural representation of terminal device embodiment one of the present invention, as shown in figure 9, the terminal is set Standby 60 include:Have program stored therein instruction memory 61, for control program instruct perform processor 62nd, transmitter 63 and receiver 64;
The transmitter 63 is used to send operation requests message to server according to current operation;The operation Request message includes the information of the current operation;
The receiver 64 is used to receive the operation acknowledgement message that the server is returned;The operation acknowledgement Message is used to indicate whether to allow to perform the current operation;
Indicate to allow to perform current operation if the processor 62 is used for the operation acknowledgement message, continue Perform current operation.
Optionally, if the processor 62 is additionally operable to the operation acknowledgement message and indicates not allow to perform currently Operation, then stop performing current operation.
Optionally, the terminal device can carry out Telelock fixed sum data removing with being serviced device, specifically:
The receiver 64 is used for the lock command that the reception server is sent;
The processor 62 is used for according to the lock command, locking system interface and interface.
Optionally, the receiver 64 is additionally operable to the data dump order of the reception server transmission;
The processor 62 is additionally operable to according to the data dump order, and all data being locally stored are complete Full erasing.
The terminal device that the present embodiment is provided is used for the technical scheme for performing preceding method embodiment, and it is realized Principle is similar with technique effect, will not be repeated here.
In the embodiment of above-mentioned server and terminal device, it should be appreciated that processor can be central processing Unit (English:Central Processing Unit, referred to as:CPU), it can also be other general procedures Device, digital signal processor (English:Digital Signal Processor, referred to as:DSP), special collection Into circuit (English:Application Specific Integrated Circuit, referred to as:ASIC) etc..It is logical It can be microprocessor with processor or the processor can also be any conventional processor etc..With reference to The step of method disclosed in the embodiment of the present invention, can be embodied directly in hardware processor and perform completion, or Hardware and software module combination in person's processor perform completion.
One of ordinary skill in the art will appreciate that:Realize all or part of step of above-mentioned each method embodiment Suddenly it can be completed by the related hardware of programmed instruction.Foregoing program can be stored in a computer can Read in storage medium.The program upon execution, performs the step of including above-mentioned each method embodiment;And Foregoing storage medium includes:ROM, RAM, magnetic disc or CD etc. are various can be with storage program generation The medium of code.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than right It is limited;Although the present invention is described in detail with reference to foregoing embodiments, this area it is common Technical staff should be understood:It can still be repaiied to the technical scheme described in foregoing embodiments Change, or equivalent substitution is carried out to which part or all technical characteristic;And these are changed or replaced Change, the essence of appropriate technical solution is departed from the scope of various embodiments of the present invention technical scheme.

Claims (16)

1. a kind of management method of terminal device, it is characterised in that including:
The operation requests message that receiving terminal apparatus is sent;The operation requests message is worked as including terminal device The information of preceding operation;
According to the operation requests message, it is determined whether allow the terminal device to perform current operation;
Operation acknowledgement message is sent to the terminal device;The operation acknowledgement message is used to indicate whether to permit Perhaps described terminal device performs current operation.
2. according to the method described in claim 1, it is characterised in that the current operation is included below extremely It is few one:Application, unloading application are installed, interface is used and public network is connected.
3. method according to claim 2, it is characterised in that if the current operation should to install With the information of the current operation includes the mark of the first application to be installed, then described according to the behaviour Make request message, it is determined whether allow the terminal device to perform current operation, including:
Inquire about the default terminal device corresponding install and whether there is the described first application in permissions list Mark;The installation permissions list includes allowing the mark of the application of the installing terminal equipment;
If the permissions list of installing includes the mark of first application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
4. method according to claim 2, it is characterised in that if the current operation should for unloading With the information of the current operation includes the mark of the second application to be unloaded, then described according to the behaviour Make request message, it is determined whether allow the terminal device to perform current operation, including:
Inquire about in the corresponding unloading permissions list of the default terminal device with the presence or absence of the described second application Mark;The unloading permissions list includes the mark for the application for allowing the terminal device to unload;
If the permissions list of installing includes the mark of second application, allow the terminal device Perform current operation;
Otherwise, the terminal device is not allowed to perform current operation.
5. method according to claim 2, it is characterised in that if the current operation makes for interface With, then the information of the current operation includes interface identifier, then described according to the operation requests message, Determine whether that the terminal device performs current operation, including:
According to the corresponding interface access right list of the default terminal device, determine whether to use The corresponding interface of the interface identifier.
6. method according to claim 2, it is characterised in that if the current operation connects for public network Connect, then the information of the current operation includes network identity, then described according to the operation requests message, Determine whether that the terminal device performs current operation, including:
According to the corresponding network insertion permissions list of the default terminal device, access is determined whether The corresponding network of the network identity.
7. a kind of management method of terminal device, it is characterised in that including:
Operation requests message is sent to server according to current operation;The operation requests message includes described The information of current operation;
Receive the operation acknowledgement message that the server is returned;The operation acknowledgement message is used to indicate whether Allow to perform the current operation;
If the operation acknowledgement message indicates to allow to perform current operation, current operation is continued executing with.
8. method according to claim 7, it is characterised in that methods described also includes:
If the operation acknowledgement message indicates not allow to perform current operation, stop performing current operation.
9. a kind of management method of terminal device, it is characterised in that including:
Receive the first configured information;First configured information is used for instruction terminal device losses;
According to first configured information, lock command is sent to the terminal device;The lock command For indicating that the terminal device forbids all operations.
10. method according to claim 9, it is characterised in that methods described also includes:
Data dump order is sent to the terminal device;The data dump order is used to indicate the end End equipment wipes all data of storage completely.
11. a kind of management method of terminal device, it is characterised in that including:
The lock command that the reception server is sent;
According to the lock command, locking system interface and interface.
12. method according to claim 11, it is characterised in that methods described also includes:
The data dump order that the reception server is sent;
According to the data dump order, all data being locally stored are wiped completely.
13. a kind of managing device of terminal device, it is characterised in that including:
Receiving module, the operation requests message sent for receiving terminal apparatus;The operation requests message Include the information of terminal device current operation;
Processing module, for according to the operation requests message, it is determined whether allow the terminal device to hold Row current operation;
Sending module, for sending operation acknowledgement message to the terminal device;The operation acknowledgement message It is used to indicate whether to allow the terminal device to perform current operation.
14. a kind of managing device of terminal device, it is characterised in that including:
Sending module, for sending operation requests message to server according to current operation;The operation please Message is asked to include the information of the current operation;
Receiving module, for receiving the operation acknowledgement message that the server is returned;The operation acknowledgement disappears Breath is used to indicate whether to allow to perform the current operation;
Processing module, if indicating to allow to perform current operation for the operation acknowledgement message, continues to hold Row current operation.
15. a kind of managing device of terminal device, it is characterised in that including:
Receiving module, for receiving the first configured information;First configured information is set for instruction terminal It is standby to lose;
Processing module, for according to first configured information, generating lock command;
Sending module, for sending the lock command to the terminal device;The lock command is used for Indicate that the terminal device forbids all operations.
16. a kind of managing device of terminal device, it is characterised in that including:
Receiving module, the lock command sent for the reception server;
Processing module, for according to the lock command, locking system interface and interface.
CN201610254648.0A 2016-04-21 2016-04-21 The management method and device of terminal device Pending CN107305608A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610254648.0A CN107305608A (en) 2016-04-21 2016-04-21 The management method and device of terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610254648.0A CN107305608A (en) 2016-04-21 2016-04-21 The management method and device of terminal device

Publications (1)

Publication Number Publication Date
CN107305608A true CN107305608A (en) 2017-10-31

Family

ID=60152439

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610254648.0A Pending CN107305608A (en) 2016-04-21 2016-04-21 The management method and device of terminal device

Country Status (1)

Country Link
CN (1) CN107305608A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109101797A (en) * 2018-08-20 2018-12-28 珠海格力电器股份有限公司 Intelligent device control method, intelligent device and server
CN109450872A (en) * 2018-10-23 2019-03-08 中国联合网络通信集团有限公司 Method for authenticating user identity, system, storage medium and electronic equipment
CN111222153A (en) * 2020-01-07 2020-06-02 腾讯科技(深圳)有限公司 Application program authority management method and device and storage medium
CN114547593A (en) * 2020-11-18 2022-05-27 成都鼎桥通信技术有限公司 Terminal application authentication method, device and equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119565A (en) * 2007-09-03 2008-02-06 华为技术有限公司 Mobile communications terminal data protection method, system and equipment
CN101442581A (en) * 2007-11-22 2009-05-27 华为技术有限公司 Method, terminal and system for managing locking
CN103514397A (en) * 2013-09-29 2014-01-15 西安酷派软件科技有限公司 Server, terminal and authority management and permission method
CN103761473A (en) * 2013-12-12 2014-04-30 北京宝利明威软件技术有限公司 Application management system and method for mobile terminal
CN104080085A (en) * 2014-07-15 2014-10-01 中国电建集团华东勘测设计研究院有限公司 Double authentication method, device and system for wireless network access
KR20160032512A (en) * 2014-09-16 2016-03-24 주식회사 엠엘소프트 Software Management Method Using CODESIGN
CN105474678A (en) * 2013-07-31 2016-04-06 良好科技公司 Centralized selective application approval for mobile devices

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119565A (en) * 2007-09-03 2008-02-06 华为技术有限公司 Mobile communications terminal data protection method, system and equipment
CN101442581A (en) * 2007-11-22 2009-05-27 华为技术有限公司 Method, terminal and system for managing locking
CN105474678A (en) * 2013-07-31 2016-04-06 良好科技公司 Centralized selective application approval for mobile devices
CN103514397A (en) * 2013-09-29 2014-01-15 西安酷派软件科技有限公司 Server, terminal and authority management and permission method
CN103761473A (en) * 2013-12-12 2014-04-30 北京宝利明威软件技术有限公司 Application management system and method for mobile terminal
CN104080085A (en) * 2014-07-15 2014-10-01 中国电建集团华东勘测设计研究院有限公司 Double authentication method, device and system for wireless network access
KR20160032512A (en) * 2014-09-16 2016-03-24 주식회사 엠엘소프트 Software Management Method Using CODESIGN

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109101797A (en) * 2018-08-20 2018-12-28 珠海格力电器股份有限公司 Intelligent device control method, intelligent device and server
CN109450872A (en) * 2018-10-23 2019-03-08 中国联合网络通信集团有限公司 Method for authenticating user identity, system, storage medium and electronic equipment
CN111222153A (en) * 2020-01-07 2020-06-02 腾讯科技(深圳)有限公司 Application program authority management method and device and storage medium
CN114547593A (en) * 2020-11-18 2022-05-27 成都鼎桥通信技术有限公司 Terminal application authentication method, device and equipment

Similar Documents

Publication Publication Date Title
US20190268155A1 (en) Method for Ensuring Terminal Security and Device
EP3975503A1 (en) Esim card replacement method and related device
US8839354B2 (en) Mobile enterprise server and client device interaction
US20120149338A1 (en) System and method for securely managing data stored on mobile devices, such as enterprise mobility data
US9405520B2 (en) Method for the dynamic creation of an execution environment for an application to secure the application, associated computer program product and computing apparatus
US9584494B2 (en) Terminal and server for applying security policy, and method of controlling the same
EP2383675B1 (en) Thin client-server system, thin client terminal, data management method, and computer readable recording medium
CN106341234B (en) Authorization method and device
KR101907486B1 (en) Mobile computing system for providing execution environment having high secure ability
US9838379B1 (en) Security tiering in a mobile communication device application framework
EP3337219A1 (en) Carrier configuration processing method, device and system, and computer storage medium
CN102246144A (en) Method and apparatus for installing programs on a computer platform
US11678176B1 (en) Electronic subscriber identity module (eSIM) transfer via activation code
CN109196891B (en) Method, terminal and server for managing subscription data set
CN107305608A (en) The management method and device of terminal device
CN101557584A (en) Method for realizing application authority control of mobile terminal and device
TW200541286A (en) Execution of unverified programs in a wireless device operating environment
US20110162033A1 (en) Location based security over wireless networks
US20140273973A1 (en) Method and system for replacing key deployed in se of mobile terminal
CN110930561A (en) Control method and device of intelligent lock
CN108494749B (en) Method, device and equipment for disabling IP address and computer readable storage medium
CN112581659A (en) Digital key user passing method, device, system and storage medium
CN106919812B (en) Application process authority management method and device
EP2981148B1 (en) Device management method, apparatus and system
CN104335619A (en) Remote unlocking of telecommunication device functionality

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171031

RJ01 Rejection of invention patent application after publication