CN107644165A - Security protection platform and safety protecting method and device - Google Patents
Security protection platform and safety protecting method and device Download PDFInfo
- Publication number
- CN107644165A CN107644165A CN201710760923.0A CN201710760923A CN107644165A CN 107644165 A CN107644165 A CN 107644165A CN 201710760923 A CN201710760923 A CN 201710760923A CN 107644165 A CN107644165 A CN 107644165A
- Authority
- CN
- China
- Prior art keywords
- platform
- terminal device
- application program
- mobile
- mobile solution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a kind of security protection platform and safety protecting method and device.Wherein, the platform includes:Mobile solution management platform and mobile terminal administration platform, wherein, mobile solution management platform is used to protect the life cycle of application program, and mobile terminal administration platform is used to protect the cycle of operation of terminal device.The present invention solves the technical problem that potential safety hazard existing for existing application program and terminal device threatens to the Electrical Safety of user.
Description
Technical field
The present invention relates to safety protection field, in particular to a kind of security protection platform and safety protecting method
And device.
Background technology
With the fast development of wireless communication technology and intelligent and portable equipment, there occurs huge for daily life and work
Big change.Using advanced radio communication and portable mobile terminal application, user can manage the public affairs whenever and wherever possible, in time should
To emergency.With the fast development of electric power information building-up work, power consumer in terms of Mobile solution it is also proposed that
Specific requirement.For example, the various affairs for needing the work of on-the-spot record data and needing timely processing can be by mobile whole
End application solves.
However, because the wireless environment residing for mobile terminal, the opening of Mobile solution and mobile terminal segmentization are tight
Reason causes mobile terminal from malicious program also rapidly increasing again etc., is concentrated mainly on following three aspects:Malicious application spreads unchecked,
Professional standard lacks and application market lacks supervision.Especially in concerned power, Mobile solution is compiled there is core code is counter
Risk, sensitive information leakage risk and code vulnerabilities risk etc. are translated, these risks may cause to let out using counterfeit, classified information
Dew, the serious consequences such as utilization, the attack organized by hacker, Electrical Safety, national grid to the people are organized by hacker
Infrastructure security and nation's security stably threaten.
The Electrical Safety of user is caused for potential safety hazard existing for above-mentioned existing application program and terminal device
The problem of threat, effective solution is not yet proposed at present.
The content of the invention
It is existing at least to solve the embodiments of the invention provide a kind of security protection platform and safety protecting method and device
The technical problem that potential safety hazard existing for some application programs and terminal device threatens to the Electrical Safety of user.
One side according to embodiments of the present invention, there is provided a kind of security protection platform, including:Mobile solution management is put down
Platform, for protecting the life cycle of application program;Mobile terminal administration platform, for the cycle of operation to terminal device
Protected.
Another aspect according to embodiments of the present invention, a kind of safety protecting method is additionally provided, the safety protecting method base
Application program and terminal device are protected in security protection platform, wherein, security protection platform comprises at least one of following:
Mobile solution management platform and mobile terminal administration platform, safety protecting method include:It is corresponding based on mobile solution management platform
Protected with the life cycle of program and the cycle of operation of terminal device is protected based on mobile terminal administration platform.
Another aspect according to embodiments of the present invention, a kind of safety device is additionally provided, wherein, security protection dress
Put for being protected based on security protection platform application program and terminal device, security protection platform comprise at least as follows it
One:Mobile solution management platform and mobile terminal administration platform, safety device include:Protection module, for based on movement
Application management platform is protected the life cycle of application program and based on mobile terminal administration platform to terminal device
The cycle of operation is protected.
Another aspect according to embodiments of the present invention, a kind of storage medium is additionally provided, the storage medium includes storage
Program, wherein, program performs safety protecting method.
Another aspect according to embodiments of the present invention, a kind of processor being additionally provided, the processor is used for operation program, its
In, program performs safety protecting method when running.
In embodiments of the present invention, using mobile solution management platform and mobile terminal administration platform to power equipment and
The mode that application program is protected, the life cycle of application program is protected by mobile solution management platform, it is mobile
Terminal management platform was protected the cycle of operation of terminal device, had reached anti-to application program and terminal device progress safety
The purpose of shield, it is achieved thereby that ensure the technique effect of the physical security of mobile terminal, network security and system safety, and then
Solves the technology that potential safety hazard existing for existing application program and terminal device threatens to the Electrical Safety of user
Problem.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of structural representation of security protection platform according to embodiments of the present invention;
Fig. 2 is a kind of structural representation of optional mobile solution management platform according to embodiments of the present invention;
Fig. 3 is a kind of structural representation of optional mobile terminal administration platform according to embodiments of the present invention;
Fig. 4 is a kind of method flow diagram of safety protecting method according to embodiments of the present invention;And
Fig. 5 is a kind of structural representation of safety device according to embodiments of the present invention.
Embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, it should all belong to the model that the present invention protects
Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so use
Data can exchange in the appropriate case, so as to embodiments of the invention described herein can with except illustrating herein or
Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment
Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product
Or the intrinsic other steps of equipment or unit.
Embodiment 1
According to embodiments of the present invention, there is provided a kind of embodiment of security protection platform.Wherein, Fig. 1 shows a kind of peace
The structural representation of full protection platform, as shown in figure 1, security protection platform 10 includes:Mobile solution management platform 101 and movement
Terminal management platform 103.Wherein, mobile solution management platform 101, for protecting the life cycle of application program;Move
Dynamic terminal management platform 103, for protecting the cycle of operation of terminal device.
It should be noted that the life cycle of above-mentioned application program (or Mobile solution) mainly includes following five ranks
Section:Demand customization, model customizing, application and development, detection examination and O&M of reaching the standard grade.Wherein, the stage is customized in demand, it is mobile to answer
Needed to meet mobile job platform terminal operating safety standard and mobile job platform access technology safety standard with management platform.
In the Custom modules stage, the requirement that mobile solution management platform only needs to customize the stage according to demand is to risk prevention system and safety
SDK carries out the secure content that selection can conveniently, needed for effective realization.In the application and development stage, mobile solution management platform
Safety detection service can be carried out to source code, determine the faulty wording in code, logic flaw, encode leak etc., and then ensure opening
The safety of hair stage power system Mobile solution.In detection acceptance phase, depth of penetration test, depth hair are carried out to application program
Potential safety hazard therein is dug, and Static Detection, dynamic detection, simulation interaction detection and Liquid penetrant testing etc. are carried out to it, to answer
Comprehensive detection service is provided for it before reaching the standard grade with program, and then ensures safety of the Mobile solution in detection acceptance phase
Property.In the O&M stage of reaching the standard grade, mobile solution management platform carries out security hardening service to application program, and by the application after reinforcing
The mobile application security distribution platform of power system is transferred to carry out unified distribution, while to reaching the standard grade using progress channel detection, with
Prevent occurring counterfeit, pirate application on internet, and then safety guarantee is provided with O&M for reaching the standard grade for application.
In addition it is also necessary to explanation, the above-mentioned cycle of operation comprise the following steps:Asset management, access management and control, authority pipe
Reason, configuration strategy issues and device losses management and control.Wherein, put down in resource management stage, terminal device in mobile terminal administration
The essential information of terminal device is obtained under the supervision of platform, wherein, the essential information of terminal device is including at least terminal device
The information such as system version, the mark of terminal device, model, MAC Address, operator, holder, operating system.In access management and control rank
Section, mobile terminal administration platform by MAC Address or SDK codes for that should carry out identity validation, to prevent any terminal device pair
Intranet data arbitrarily accesses, and then improves the safety guarantee to intranet data data.In the rights management stage, mobile terminal
Management platform is configured and managed to the authority of specified terminal device, and the authority of terminal device includes but is not limited to function power
Limit, application program authority, security and privacy authority.In configuration strategy issues the stage, mobile terminal administration platform is to all
Terminal device be managed collectively, and the self-defined mobile device authority of global configuration can be different to terminal device.Setting
Standby to lose the management and control stage, in device losses or in the case of can not networking, mobile terminal administration platform is held to terminal device automatically
Row lost contact strategy, for example, removing the information of terminal device, locking device etc..
From the foregoing, it will be observed that the application to power equipment and is answered using mobile solution management platform and mobile terminal administration platform
The mode protected with program, the life cycle of application program is protected by mobile solution management platform, it is mobile whole
End pipe platform was protected the cycle of operation of terminal device.
It is easily noted that, security protection platform ensures to use in terms of mobile application security and mobile terminal safety two
The Electrical Safety at family, mobile solution management platform can effectively ensure that application program normal operation on the terminal device, and then can expire
The access of sufficient a large number of users, it ensure that the normal operation of terminal device.Further, since mobile terminal administration platform can be set to terminal
The standby cycle of operation is protected, and then ensure that physical security, network security and the system safety of terminal device.
In addition, the application can reach the purpose that security protection is carried out to application program and terminal device, it is achieved thereby that
Ensure the technique effect of physical security, network security and the system safety of mobile terminal, and then solve and existing apply journey
The technical problem that potential safety hazard existing for sequence and terminal device threatens to the Electrical Safety of user.
In a kind of optional embodiment, a kind of structural representation of optional mobile solution management platform as shown in Figure 2
Figure, mobile solution management platform include:Mobile solution code detection module, SDK distribution module, Mobile solution
Security hardening module, Mobile solution channel detection module and big data collect server.
Wherein, Mobile solution code detection module, for being detected according to scanning strategy to the code of application program, and
Examining report is generated, wherein, scanning strategy comprises at least one of following:Static scanning and dynamic scan;SDK
Distribution module, for providing security function for application program, wherein, security function includes at least one following:Safety encryption work(
Energy, endorse function and secure storage function are communicated, mobile application security reinforces module, adds for carrying out safety to application program
Gu;Mobile solution channel detection module, for being monitored to channel, and generate channel examining report;Big data collects service
Device, for being counted to the information of server, and statistical report is generated, wherein, server comprises at least one of following:It is mobile
Application code detection service device, SDK Distributor, mobile application security reinforce server and movement should
With channel detection service device, the information of server is including at least one of following:The access times of server, usage time and make
With result.
In a kind of optional embodiment, Mobile solution code detection module utilizes code conversed analysis, and using static
Scan with potentially malicious behavior or potential safety hazard in the method positioning application program that dynamic scan is combined, specifically can be by interior
The linguistic analysis engine of database, engine and the plug-in unit put, it is corresponding from data flow, semanteme, structure, controlling stream, configuration stream etc.
Static analysis is carried out with the source code of program, and during analysis, will software security flaw rule distinctive with the application program
Collection is matched, searched, and then security scan present in the source code by application program comes out, and arranges generation detection report
Accuse.
Furthermore, it is necessary to explanation, static analysis is mainly the code to application program by code conversed analysis technology
Analyzed, and the analysis rule in rule analysis storehouse is retrieved to the key area in the code of application program, is entered
And the problems of most components and coding leak can be detected.Dynamic analysis are to utilize to apply automatic operating
The key technology such as contents extraction, dynamic behaviour activation, dynamic behaviour monitoring, automated analysis application program during with interacting, running
Sensitive behavior, wherein, the sensitive behavior of application program comprises at least one of following:Call behavior, file behavior and network
Behavior.In addition, dynamic analysis can also run application program by mobile terminal analogue technique, then according in rule analysis storehouse
Operation above-mentioned simulation behavior is interacted, meanwhile, behavior to application program and data carry out comprehensive packet capturing analysis, enter
And it can detect that application program risk that may be present in running environment.
Optionally, SDK distribution module can be that application program addition safety is encrypted, communication is endorsed, safety
The functions such as storage, and the plug in packages such as anti-virus, anti-hijacking, anti-screenshotss, safety keyboard are provided.
In a kind of optional embodiment, often occur that bank cipher is stolen to wait behavior in reality, reason be exactly with
Former interface is override by the program of malice when family is logged in Mobile banking app, that is, kidnapped, when user inputs information
When, information returns to the service end of rogue program, so that information is lost.And SDK distribution module is worked as by judging
Whether the preceding process shown on foreground is the application of oneself, and judges whether set the interface of anti-abduction.If set
The interface of anti-abduction, warning prompt is ejected once backstage is entered, otherwise without prompting.
In an alternative embodiment, some hackers can be by being cut in backstage detection application program (i.e. app)
Screen, the information of user is obtained by way of screenshotss, and screenshotss easily cause leakage information.In this application, by SO files
Middle calling system API changes window attributes, so that screenshotss disabler, meanwhile, SO files are encrypted, so that should
It is safer with program.
In an alternative embodiment, at present, the keyboard that Android developer uses is mainly by three kinds, i.e. system default
Keyboard, fixed keyboard is painted certainly and paints random keyboard certainly, write from memory because hacker can carry out alternative system using the keyboard of oneself exploitation
Recognizing keyboard, hacker can get the information that user inputted when using system default keyboard by system default keyboard, so as to
So that the information leakage of user.And fixed keyboard is painted certainly it is possible to prevente effectively from hacker obtains user profile by replacing keyboard,
But its defence hacker's is limited in one's ability.Therefore, use in this application and paint random keyboard certainly to improve the security of application program,
Meanwhile on the basis of random keyboard is painted certainly, the information inputted to user is entered by calling native methods in SO files
Row accidental enciphering, so as to substantially increase the degree of safety of user profile, effectively prevent the abduction of data decryptor keyboard, keyboard screenshotss etc.
Attack.
Optionally, mobile application security reinforcing module can be to the valuable source file in application program, SO files, operation number
Protected according to file etc., wherein, the valuable source file in application program is protected mainly in application program
Protection is encrypted in sensitive resource file, for example, webpage, shell script, certificate and configuration etc..In addition, carried out for SO files
Protection, the double-encryption mainly merged using SO file deformity protected modes and shell code are protected in application program
SO files are protected, and can specifically protect the coding section in SO files, and export function table.
It should be noted that Mobile solution reinforce module also have internal memory dynamic monitoring function, crash info collecting function,
The functions such as security postures perceptional function.
Optionally, Mobile solution channel detection module can detect to various application distribution channels, for example, 360 applications
Market, using treasured, An Zhi, using remittance, millet, 91 mobile phone assistants etc. apply.Static crawler technology can specifically be used and be based on
The mode that WebKit dynamic crawler technologies are combined, the page that static HTML and Dynamic Java script is generated is carried out efficient
Crawl.In addition, Mobile solution channel detection module is also using multitask, work Node distribution formula framework Grasp Modes more, by more
Platform server group is acquired into reptile cluster to channel data, and the storage cluster of multiple servers composition can be to the number that grabs
According to carrying out storage backup, and then the analysis to offline big data can be completed, guaranteed data security.
In a kind of optional embodiment, a kind of structural representation of optional mobile terminal administration platform as shown in Figure 3
Figure, mobile terminal administration platform include:Assets management module, access management and control module, authority management module, configuration strategy issue mould
Block and device losses management and control module.
Wherein, assets management module, for being managed to the facility information of terminal device, wherein, facility information is at least
Including one of following:System version, device identification, unit type, device address and the operating system of terminal device;Access pipe
Module is controlled, authentication is carried out for being detected to terminal device, and to detecting qualified terminal device;Rights management mould
Block, for terminal device authority to be configured and managed, wherein, equipment authority comprises at least one of following:Terminal device
Function privilege, security permission and privacy authority;Configuration strategy issues module, for issuing configuration information to terminal device, and
Configuration information is managed;Device losses management and control module, for being remotely located to terminal device, and determines terminal device
Motion track.
It should be noted that mobile terminal administration platform can make terminal device access network using following access way:
IPSec VPN access ways, L2TP VPN access ways, PPTP VPN access ways, SSL VPN access ways and operator
VPDN/APN access ways.
In addition it is also necessary to explanation, assets management module is it is possible to prevente effectively from user operates possibility on the terminal device
The potential safety hazard brought, prevent terminal device from causing leaking data after being accidentally lost.
In a kind of optional embodiment, access management and control module carries out initial qualification inspection to the terminal device logged in for the first time
Survey, and terminal device is registered to security protection platform.Afterwards, access management and control module will be that user issues exclusive certificate, the card
Book can ensure the authentication between user and server.After registration is completed, security protection platform can enter to terminal device
Row comprehensive management, and terminal device status information all in the whole life cycle for be linked into corporate environment, operation are gone
To carry out tight monitoring and unified configuration management.
In an alternative embodiment, configuration strategy issues the configuration information and user that module can be to user account
Configuration carry out remote management, unified configuration management is carried out to all terminal devices, meanwhile, can also configure unique user difference
In the self-defined terminal device authority of global configuration.Wherein, all configuration informations push mode real time down using wireless,
During issuing, enterprise need not withdraw the terminal device of user, during installation configuration information automatically, confirm without user
It can complete to install.
In an alternative embodiment, in the case where terminal device is lost or can not networked, device losses management and control
Module can be purged to the specified data of terminal device, and locking terminal equipment, or carried out recovery to terminal device and dispatched from the factory
Set, to ensure that data of the terminal device after lost contact or during suspension are not compromised.Meanwhile device losses management and control module is using fixed
Position technology is accurately positioned position or the motion track of terminal device, to ensure after terminal device is lost, according to terminal device
Position or motion track find terminal device, wherein, location technology can be but be not limited to GPS positioning technology, GPRS positioning
Technology, 3G location technologies, 4G location technologies and WiFi location technologies etc..
Embodiment 2
According to embodiments of the present invention, a kind of embodiment of the method for safety protecting method is additionally provided, it is necessary to illustrate,
The step of flow of accompanying drawing illustrates can perform in the computer system of such as one group computer executable instructions, also,
, in some cases, can be with different from shown in order execution herein although showing logical order in flow charts
The step of going out or describing.
Fig. 4 is the method flow diagram of safety protecting method according to embodiments of the present invention, as shown in figure 4, security protection side
Method is protected application program and terminal device based on security protection platform, wherein, security protection platform comprises at least as follows
One of:Mobile solution management platform and mobile terminal administration platform, safety protecting method include:
Step S402, the life cycle of application program is protected based on mobile solution management platform and based on movement
Terminal management platform was protected the cycle of operation of terminal device.
It should be noted that the life cycle of above-mentioned application program mainly includes following five stages:Demand customization, model
Customization, application and development, detection is checked and accepted and O&M of reaching the standard grade.The above-mentioned cycle of operation comprises the following steps:Asset management, access pipe
Control, rights management, configuration strategy issues and device losses management and control.
In addition it is also necessary to explanation, mobile solution management platform include:Mobile solution code detection module, software are opened
Send out kit distribution module, mobile application security reinforces module, Mobile solution channel detection module and big data and collects service
Device.And mobile terminal administration platform includes:Assets management module, access management and control module, authority management module, configuration strategy issue
Module and device losses management and control module.
From the foregoing, it will be observed that the application to power equipment and is answered using mobile solution management platform and mobile terminal administration platform
The mode protected with program, the life cycle of application program is protected by mobile solution management platform, it is mobile whole
End pipe platform was protected the cycle of operation of terminal device.
It is easily noted that, security protection platform ensures to use in terms of mobile application security and mobile terminal safety two
The Electrical Safety at family, mobile solution management platform can effectively ensure that application program normal operation on the terminal device, and then can expire
The access of sufficient a large number of users, it ensure that the normal operation of terminal device.Further, since mobile terminal administration platform can be set to terminal
The standby cycle of operation is protected, and then ensure that physical security, network security and the system safety of terminal device.
In addition, the application can reach the purpose that security protection is carried out to application program and terminal device, it is achieved thereby that
Ensure the technique effect of physical security, network security and the system safety of mobile terminal, and then solve and existing apply journey
The technical problem that potential safety hazard existing for sequence and terminal device threatens to the Electrical Safety of user.
In a kind of optional embodiment, life cycle of the mobile solution management platform by following aspect to application program
Protected:Inspection is carried out to application program, and management is encrypted to the executable file of application program;To application program
At least one dynamic link library file is merged, and obtains SO files, and shell code is merged with SO files, uses fusion
SO files afterwards application program are encrypted management.
It should be noted that above-mentioned executable file can be but be not limited to DEX file.
Specifically, the security risk that security protection platform can be directed to application program is evaded, and DEX file is carried out more
Weight structure is encrypted, so as to effectively prevent hacker by static disassembly to obtain the code of application program or instruction, and certain
The image copying of terminal device internal memory is effectively prevented in degree.
In an alternative embodiment, SO fusions are carried out to SO files, can be by two or more SO texts
Part is merged into a SO file, so that shell code is fused in the form of SO files in the SO files of row side, and with advanced
Written shell code, and then cause third-party application or equipment can not understand SO files, effectively prevent dis-assembling and its
His decoding of the compiler to the code of application program.
Embodiment 3
According to embodiments of the present invention, a kind of embodiment of safety device is additionally provided.Wherein, Fig. 5 shows one kind
The structural representation of safety device, as shown in figure 5, safety device is used for based on security protection platform to application program
Protected with terminal device, wherein, security protection platform comprises at least one of following:Mobile solution management platform and movement are eventually
End pipe platform, safety device include:Protection module.Wherein, protection module is used to be based on mobile solution management platform pair
The life cycle of application program is protected and the cycle of operation of terminal device is prevented based on mobile terminal administration platform
Shield.
In a kind of optional embodiment, life cycle of the mobile solution management platform by following aspect to application program
Protected:Inspection is carried out to application program, and management is encrypted to the executable file of application program;To application program
At least one dynamic link library file is merged, and obtains SO files, and shell code is merged with SO files, uses fusion
SO files afterwards application program are encrypted management.
Embodiment 4
Another aspect according to embodiments of the present invention, a kind of storage medium is additionally provided, the storage medium includes storage
Program, wherein, program performs the safety protecting method in embodiment 2.
Embodiment 5
Another aspect according to embodiments of the present invention, a kind of processor being additionally provided, the processor is used for operation program, its
In, the safety protecting method in embodiment 2 is performed when program is run.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment
The part of detailed description, it may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, others can be passed through
Mode is realized.Wherein, device embodiment described above is only schematical, such as the division of the unit, Ke Yiwei
A kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or
Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual
Between coupling or direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module
Connect, can be electrical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On unit.Some or all of unit therein can be selected to realize the purpose of this embodiment scheme according to the actual needs.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially
The part to be contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer
Equipment (can be personal computer, server or network equipment etc.) perform each embodiment methods described of the present invention whole or
Part steps.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can be with store program codes
Medium.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (10)
- A kind of 1. security protection platform, it is characterised in that including:Mobile solution management platform, for protecting the life cycle of application program;Mobile terminal administration platform, for protecting the cycle of operation of terminal device.
- 2. platform according to claim 1, it is characterised in that the mobile solution management platform includes:Mobile solution code detection module, for being detected according to scanning strategy to the code of the application program, and generate Examining report, wherein, the scanning strategy comprises at least one of following:Static scanning and dynamic scan;SDK distribution module, for providing security function for the application program, wherein, security function is included such as It is at least one lower:Safe encryption function, communicate endorse function and secure storage function;Mobile application security reinforces module, for carrying out security hardening to the application program;Mobile solution channel detection module, for being monitored to channel, and generate channel examining report.
- 3. platform according to claim 2, it is characterised in that the mobile solution management platform also includes:Big data collects server, for being counted to the information of server, and generates statistical report, wherein, the service Device comprises at least one of following:Mobile solution code detection server, SDK Distributor, Mobile solution peace Complete to reinforce server and Mobile solution channel detection service device, the information of the server is including at least one of following:It is described The access times of server, usage time and use result.
- 4. platform according to claim 1, it is characterised in that the mobile terminal administration platform includes:Assets management module, for being managed to the facility information of the terminal device, wherein, the facility information at least wraps Include one of following:System version, device identification, unit type, device address and the operating system of the terminal device;Access management and control module, recognize for being detected to the terminal device, and to detecting qualified terminal device progress identity Card;Authority management module, for the terminal device authority to be configured and managed, wherein, the equipment authority is at least wrapped Include one of following:Function privilege, security permission and the privacy authority of the terminal device.
- 5. platform according to claim 4, it is characterised in that the mobile terminal administration platform also includes:Configuration strategy issues module, for issuing configuration information to the terminal device, and the configuration information is managed;Device losses management and control module, for being remotely located to the terminal device, and determine the movement of the terminal device Track.
- 6. a kind of safety protecting method, it is characterised in that the safety protecting method is based on security protection platform to application program Protected with terminal device, wherein, the security protection platform comprises at least one of following:Mobile solution management platform and shifting Dynamic terminal management platform, the safety protecting method include:The life cycle of the application program is protected based on the mobile solution management platform and based on the movement Terminal management platform was protected the cycle of operation of the terminal device.
- 7. according to the method for claim 6, it is characterised in that the mobile solution management platform is by following aspect to institute The life cycle for stating application program is protected:Inspection is carried out to the application program, and management is encrypted to the executable file of the application program;At least one dynamic link library file of the application program is merged, obtains SO files, and by shell code and institute State SO files to be merged, management is encrypted to the application program using the SO files after fusion.
- 8. a kind of safety device, it is characterised in that the safety device is used for based on security protection platform to application Program and terminal device are protected, wherein, the security protection platform comprises at least one of following:Mobile solution management platform With mobile terminal administration platform, the safety device includes:Protection module, for being protected based on the mobile solution management platform the life cycle of the application program and The cycle of operation of the terminal device is protected based on the mobile terminal administration platform.
- A kind of 9. storage medium, it is characterised in that the storage medium includes the program of storage, wherein, described program right of execution Profit requires the safety protecting method described in any one in 6 to 7.
- A kind of 10. processor, it is characterised in that the processor is used for operation program, wherein, right of execution when described program is run Profit requires the safety protecting method described in any one in 6 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710760923.0A CN107644165A (en) | 2017-08-29 | 2017-08-29 | Security protection platform and safety protecting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710760923.0A CN107644165A (en) | 2017-08-29 | 2017-08-29 | Security protection platform and safety protecting method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107644165A true CN107644165A (en) | 2018-01-30 |
Family
ID=61110330
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710760923.0A Pending CN107644165A (en) | 2017-08-29 | 2017-08-29 | Security protection platform and safety protecting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107644165A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110390198A (en) * | 2019-07-31 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Risk method for inspecting, device and the electronic equipment of a kind of pair of small routine |
| CN110990833A (en) * | 2019-10-31 | 2020-04-10 | 重庆小雨点小额贷款有限公司 | SDK safety detection method and related equipment |
| CN112632644A (en) * | 2020-12-18 | 2021-04-09 | 深圳市安络科技有限公司 | Android system-based app screen capture prevention method, device and equipment |
| CN115499844A (en) * | 2022-09-22 | 2022-12-20 | 贵州电网有限责任公司 | Mobile terminal information safety protection system and method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588360A (en) * | 2009-07-03 | 2009-11-25 | 深圳市安络大成科技有限公司 | Associated equipment and method for internal network security management |
| CN103716785A (en) * | 2013-12-26 | 2014-04-09 | 中国科学院信息工程研究所 | Mobile Internet security service system |
| CN104202296A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Trusted security enhancement method for domestic operating system |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN105138920A (en) * | 2015-07-30 | 2015-12-09 | 浪潮电子信息产业股份有限公司 | Implementation method for safely managing intranet terminal |
| US20160197950A1 (en) * | 2015-01-05 | 2016-07-07 | Rangecloud Information Technology Co., Ltd. | Detection system and method for statically detecting applications |
| CN104135475B (en) * | 2014-07-18 | 2017-05-24 | 国家电网公司 | Safety protection method of electric power information for mobile Internet |
-
2017
- 2017-08-29 CN CN201710760923.0A patent/CN107644165A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588360A (en) * | 2009-07-03 | 2009-11-25 | 深圳市安络大成科技有限公司 | Associated equipment and method for internal network security management |
| CN103716785A (en) * | 2013-12-26 | 2014-04-09 | 中国科学院信息工程研究所 | Mobile Internet security service system |
| CN104135475B (en) * | 2014-07-18 | 2017-05-24 | 国家电网公司 | Safety protection method of electric power information for mobile Internet |
| CN104202296A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Trusted security enhancement method for domestic operating system |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| US20160197950A1 (en) * | 2015-01-05 | 2016-07-07 | Rangecloud Information Technology Co., Ltd. | Detection system and method for statically detecting applications |
| CN105138920A (en) * | 2015-07-30 | 2015-12-09 | 浪潮电子信息产业股份有限公司 | Implementation method for safely managing intranet terminal |
Non-Patent Citations (1)
| Title |
|---|
| 王嘉延 等: "企业移动应用安全超市技术架构研究", 《现代计算机》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110390198A (en) * | 2019-07-31 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Risk method for inspecting, device and the electronic equipment of a kind of pair of small routine |
| CN110390198B (en) * | 2019-07-31 | 2023-09-29 | 创新先进技术有限公司 | Risk inspection method and device for small program and electronic equipment |
| CN110990833A (en) * | 2019-10-31 | 2020-04-10 | 重庆小雨点小额贷款有限公司 | SDK safety detection method and related equipment |
| CN112632644A (en) * | 2020-12-18 | 2021-04-09 | 深圳市安络科技有限公司 | Android system-based app screen capture prevention method, device and equipment |
| CN115499844A (en) * | 2022-09-22 | 2022-12-20 | 贵州电网有限责任公司 | Mobile terminal information safety protection system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Asghar et al. | Cybersecurity in industrial control systems: Issues, technologies, and challenges | |
| Ab Rahman et al. | Forensic-by-design framework for cyber-physical cloud systems | |
| CN104933362B (en) | Android application software API misapplies class leak automated detection method | |
| Cheminod et al. | Review of security issues in industrial networks | |
| Green et al. | On the significance of process comprehension for conducting targeted ICS attacks | |
| Benjelloun et al. | Big data security: challenges, recommendations and solutions | |
| CN103577750B (en) | Privacy authority management method and device | |
| CN107766728A (en) | Mobile application security managing device, method and mobile operation safety protection system | |
| SA515360536B1 (en) | Method, device, and computer program for monitoring an industrial control system | |
| CN107644165A (en) | Security protection platform and safety protecting method and device | |
| CN115733681A (en) | Data security management platform for preventing data loss | |
| Song et al. | An analysis of technical security control requirements for digital I&C systems in nuclear power plants | |
| Bugeja et al. | IoTSM: an end-to-end security model for IoT ecosystems | |
| Lemaire et al. | A SysML extension for security analysis of industrial control systems | |
| Pal et al. | IoT technical challenges and solutions | |
| CN109040235A (en) | A kind of storage method of the industrial control system operation note based on block chain technology | |
| CN107689954A (en) | Power information system monitoring method and device | |
| Baig et al. | Cyber-security risk assessment framework for critical infrastructures | |
| Schmittner et al. | ThreatGet: ensuring the implementation of defense-in-depth strategy for IIoT based on IEC 62443 | |
| CN109818972A (en) | A kind of industrial control system information security management method, device and electronic equipment | |
| Hristova et al. | Security assessment methodology for industrial control system products | |
| CN110378120A (en) | Application programming interfaces attack detection method, device and readable storage medium storing program for executing | |
| Liebl et al. | Analyzing the attack surface and threats of industrial Internet of Things devices | |
| Arciniegas et al. | Architecture reasoning for supporting product line evolution: an example on security | |
| Bialas | Information security systems vs. critical information infrastructure protection systems-Similarities and differences |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180130 |
|
| RJ01 | Rejection of invention patent application after publication |