CN109167777A - A kind of cell phone intelligent terminal firewall device - Google Patents

A kind of cell phone intelligent terminal firewall device Download PDF

Info

Publication number
CN109167777A
CN109167777A CN201810987265.3A CN201810987265A CN109167777A CN 109167777 A CN109167777 A CN 109167777A CN 201810987265 A CN201810987265 A CN 201810987265A CN 109167777 A CN109167777 A CN 109167777A
Authority
CN
China
Prior art keywords
data
firewall
module
interface
intelligent terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810987265.3A
Other languages
Chinese (zh)
Inventor
华翔
孙阳
孙一阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Technological University
Original Assignee
Xian Technological University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Technological University filed Critical Xian Technological University
Priority to CN201810987265.3A priority Critical patent/CN109167777A/en
Publication of CN109167777A publication Critical patent/CN109167777A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72406User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72454User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions according to context-related or environment-related conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Environmental & Geological Engineering (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of to load a firewall module in general intelligent mobile phone system, the data transmitted from network are transmitted directly to firewall module via the 4G data interface module of mobile phone, are sent to CPU by the data-interface of firewall again after security strategy is verified and are handled;The data-interface of the firewall module and Smartphone device uses serial communication interface or parallel data grabbing card;Of the invention is then directed to intelligent mobile phone system feature herein, using the technologies such as data filtering and data safety protection, designs a kind of firewall specifically for smart phone.

Description

A kind of cell phone intelligent terminal firewall device
Technical field
The invention belongs to mobile phone firewall field more particularly to a kind of cell phone intelligent terminal firewall devices.
Background technique
Intelligent terminal is a kind of embedded computer system equipment, therefore its architecture frame and embedded system system Structure is consistent;Meanwhile an application direction of the intelligent terminal as embedded system, application scenarios setting are more bright Really, the personalization of intelligent terminal is very strong, and software is close with combination of hardware, and whole system is organically combined with concrete application, Therefore the life cycle of intelligent terminal is generally longer, and the update of system often using the entire product of replacement by the way of.
Therefore, in current network safety filed, for the intelligent terminal for accessing network safety in terms of research very It is few.Current network security research is formed mainly in the terminals such as a certain network or certain particular hosts, computer, server Network security protection, and for the intelligent terminal networks safety protection technique research investment very little such as mobile phone, therefore such as Fruit intelligent terminal, such as personal smart phone are difficult protecting data safety and system therein just by network attack Often work.It is then directed to embedded system feature herein, using the technologies such as data filtering and data safety protection, designs a kind of special For the firewall of smart phone.
Summary of the invention
Goal of the invention: in order to overcome the deficiencies in the prior art, the present invention provides data and transmits safer one Kind cell phone intelligent terminal firewall device.
Technical solution: to achieve the above object, a kind of cell phone intelligent terminal firewall device of the invention, in general intelligence A firewall module can be loaded in cell phone system, the data transmitted from network are direct via the 4G data interface module of mobile phone It is sent to firewall module, the data-interface after security strategy is verified again by firewall is sent at CPU Reason;The data-interface of the firewall module and Smartphone device uses serial communication interface or parallel data grabbing card.
Further, the security mechanism of this firewall module is according to the sourcesink address of grouping packet, port numbers and association Discuss type, mark determines whether that message passes through, institute according to information source from the packet header IP, TCP or UDP, and use Packet filtering technology in Conventional firewalls, the data packet for only meeting filter logic are just forwarded to corresponding destination outlet End, remaining ineligible data packet are then abandoned;According further to the rule of security strategy, the data of input and output are carried out and are added It is close, it authenticates, digital signature, the safety measures such as completeness check, guarantees the safety in data transmission.
Further, the access control safety strategy of the firewall module be by the monitoring to inputoutput data, Its input and output is controlled, a part attack is stopped.According to preassigned safety regulation, inputoutput data is monitored, Satisfactory data allow to pass through, and otherwise mask the data packet;
The data confidentiality of the firewall module and integrity security strategy be by the encryption to transmission data, encapsulation with The confidentiality to guarantee data is authenticated, so that the user of unauthorized can not obtain the information content.
Further, the functional module of the firewall module includes memory and computing module;And prepared safety Tactful storage module and the rule module formulated by security strategy;There are also the mistakes that legal judgement is made whether to data packet Module is filtered, and realizes the data interface module for carrying out data exchange with intelligent terminal;There are also the APP for realizing human-computer interaction Control module, for artificially changing security strategy setting in mobile phone operating system.
Further, 4G wireless data interface of the data packet from network transmission to smart phone first, wireless communication technique Used communication protocol needs to carry out protocol conversion could execute subsequent operation to it, be mentioned after protocol conversion by routing table Corresponding rule is taken, the judgement of security strategy rule is carried out to data packet, namely realize the packet filtering function of firewall.It is not inconsistent wherein The data packet for closing security strategy rule directly abandons, and the data packet for meeting security strategy is packaged, and agreement is carried out to it and is turned It changes and a series of activities such as data encryption and certification is connect after the completion of encapsulation by the embedded data inside smart phone Mouth such as bus, the CPU that serial ports etc. sends it to equipment carry out operation.Smart machine handled network send come in data Later, if desired external network send data, equally by process above, that is, first pass through internal data interface by data from CPU is sent to firewall module and carries out protocol conversion and packet filtering, then is sent to processed data mutually by external interface Networking network.
Further, the software module component part of the Firewall for Smart Phone module is 4 modules, respectively Bootloader, operating system, network interface driving and regular ordo judiciorum.Using operating system as core, Bootloader is negative The initialization of hardware is blamed, Network Interface Driver realizes the interaction with physical transport medium, and regular ordo judiciorum realizes fire prevention The various functions of wall;Bootloader initializes hardware device, establishes the mapping graph of memory headroom, finally to call embedded system System operation kernel prepares the environment correctly started;Operating system load driver program, enable firewall correctly receive and Send data packet;By operating system calling rule ordo judiciorum, received data packet is handled, and return to processing result;According to rule The then processing result of ordo judiciorum, operating system calling rule ordo judiciorum send allow by data packet.
Further, it is first determined the hardware configuration of Firewall for Smart Phone, hardware include carry out regular operation with And the CPU module of data encryption operation;With the RAM memory module of storage security strategy rule;And provide running memory Flash flash memory module;Realize the asic chip module of Wireless Data Protocol conversion;It is counted there are also most important with smart phone According to interactive data interface module;Power supply module;The man-machine interface of Firewall for Smart Phone develops software design using JAVA APP realizes that people is monitored and interacts to the firewall on mobile phone;
It is to register a security mechanism in intelligent terminal operation kernel in the data message process flow of smart phone Interface, security mechanism interface and actual network interface correspond, and then increase in the routing table and are directed toward firewall security machine The entrance of interface processed makes the data packet of all input and output be routed directly to safe handling mechanism interface, then will be at grouping encapsulation It is inner that reason program is placed on safe handling mechanism (i.e. firewall), so that the source code of IP need not be modified, firewall security administers machine Module in system includes: the encapsulation process of the inquiry of policy database SPD, regular selection and grouping;Last data packet It is sent to the data-interface of intelligent terminal, realizes secure communication.
The utility model has the advantages that of the invention is then directed to intelligent mobile phone system feature herein, it is anti-using data filtering and data safety The technologies such as shield design a kind of firewall specifically for smart phone, the realization human-computer interaction that Firewall for Smart Phone provides Both firewall operations APP allows user to carry out the adjustment of security strategy according to personal habits, prevents to execute or download certain journeys Sequence, or the specific IP of isolation realize the filtering to transmission data selectivity, to adapt to the online habit of different user.Simultaneously also The log of data interception be can recorde for user query.
Detailed description of the invention
Fig. 1 intelligent terminal accesses network diagram;
Fig. 2 Firewall for Smart Phone schematic diagram;
Fig. 3 firewall functionality module map;
Fig. 4 firewall work flow diagram;
Fig. 5 information exchange structure chart;
The hardware structural diagram of Fig. 6 Firewall for Smart Phone.
Specific embodiment
The present invention will be further explained with reference to the accompanying drawing.
As shown in attached drawing 1 to 6, common intelligent terminal in existing market, embedded system when accessing network, Data directly are received from network server, lacks hardware and software security protection means, is highly prone to attack.It is general with wireless The intelligent terminal that mode connects network is illustrated as follows.As shown in Figure 1, information is directly transferred to intelligent terminal from network Then data-interface is sent to CPU module by data-interface.
Firewall for Smart Phone design proposed in this paper, loads a firewall mould in general intelligent mobile phone system Block, the data transmitted from network are transmitted directly to firewall module via the 4G data interface module of mobile phone, by safe plan CPU is sent to by the data-interface of firewall again after being slightly verified to be handled.It is as follows shown in Fig. 2.
Wherein the data-interface of firewall and Smartphone device can use serial communication interface, as UART, SPI, USB, jtag interface etc. can also use parallel data grabbing card, such as SPP EPP interface.To meet the different need of distinct device It wants.And wireless data interface can then use corresponding interface, such as 3G, 4G, 5G to move according to different wireless communication techniques The wireless communication such as dynamic communication and Zigbee, WiFi, bluetooth, ultra wide band.
Since intelligent terminal reservoir is smaller, processor processes data ability is poor, therefore using independent external In the embedded system of terminal, the data exchange between intelligent terminal and network all needs to pass through this module loading The detection of external connection module is filtered, and realizes firewall functionality with this.Intelligent terminal function is relatively single, suffered attack mould Formula is generally also relatively simple.And the network function of intelligent terminal is relatively simple, can thus limit other access Mode reduces the chance attacked.The storage capacity of embedded system is relatively weak so that some residence memories virus compared with Hardly possible exists, while but also the attack of memory consumption is easy to go smoothly.
The characteristics of embedded system based on intelligent terminal mentioned above, set forth herein a kind of for the anti-of smart phone Wall with flues design scheme.This firewall provides encryption and authentication service in network layer.The security mechanism of this firewall is main Several points are as follows:
1 it according to grouping packet sourcesink address, port numbers and protocol type, mark determine whether that message passes through. Institute according to information source from IP, the packet header TCP or UDP.Using the packet filtering technology in Conventional firewalls, only meet filtering The data packet of logic is just forwarded to corresponding destination outlet end, remaining ineligible data packet is then abandoned.
2 carry out encryption, certification, digital signature, completeness check according to the rule of security strategy, to the data of input and output Etc. safety measures, guarantee data transmission in safety.
The security policy analysis of built-in network:
For smart phone, it is confined to its unicity and specific aim, the commonly used data encryption in PC communication, Data integrity certification, authentication and data source authentication be not all suitable for the embedded system of terminal, for intelligent end The specific firewall applications of end equipment networking must be set up suitable cryptographic protocol and encryption measures.It is determined in routing table with this The specific rules made decisions.
1 access control safety strategy: by the monitoring to inputoutput data, its input and output is controlled, one can be stopped Part is attacked.According to preassigned safety regulation, inputoutput data is monitored, satisfactory data allow to lead to It crosses, otherwise masks the data packet, since the network function that embedded device often provides is relatively fewer, for unnecessary number According to its disengaging can be controlled.
2 data confidentialities and integrity security strategy: by the encryption to transmission data, encapsulation is with certification to guarantee data Confidentiality, so that the user of unauthorized can not obtain the information content.
The functional module of firewall such as Fig. 3, including necessary memory and computing module;And prepared safe plan Slightly storage module and the rule module formulated by security strategy;There are also the filterings that legal judgement is made whether to data packet Module, and realize the data interface module that data exchange is carried out with intelligent terminal;There are also the APP controls for realizing human-computer interaction Molding block, for artificially changing security strategy setting in mobile phone operating system.It can be taken not according to different smart machines Same communication interface, can support serial line interface, parallel interface and RG45 cable interface.
The both firewall operations APP for the realization human-computer interaction that Firewall for Smart Phone provides, allows user according to individual Habit carries out the adjustment of security strategy, prevents to execute or download certain programs, or the specific IP of isolation is realized to transmission data The filtering of selectivity, to adapt to the online habit of different user.The log of data interception can also be recorded so that user looks into simultaneously It askes.
Data exchange process of the general smart phone after being loaded with proposed firewall, between network As shown in Figure 4.4G wireless data interface of the data packet from network transmission to smart phone first, used by wireless communication technique Communication protocol needs to carry out protocol conversion could execute subsequent operation to it, be extracted accordingly after protocol conversion by routing table Rule carries out the judgement of security strategy rule to data packet, namely realizes the packet filtering function of firewall.Safe plan is not met wherein Slightly regular data packet directly abandons, and the data packet for meeting security strategy is packaged, carries out protocol conversion and number to it According to a series of activities such as encryption and certification, after the completion of encapsulation, by the embedded data interface such as bus inside smart phone, The CPU that serial ports etc. sends it to equipment carries out operation.Smart machine is after having handled network and having sent the data come in, if needing It wants external network to send data to first pass through internal data interface equally by process above and be sent to data from CPU Firewall module carries out protocol conversion and packet filtering, then processed data are sent to internet by external interface.
The search efficiency of SPD Security Policy Database is an important factor for influencing fire wall performance, most of embedded In system, firewall, which is likely to require, provides Packet Filtering for more than one equipment, will be in the library SPD for each data packet It is middle to search corresponding rule, it is thus possible to the bottleneck of entire firewall data-handling capacity can be become.To solve this problem, first The storage organization for first considering database, pays attention to for filtering rule, communication protocol, SPI, destination address uniquely determines one Rule, we are used (agreement+SPI+ destination address) as querying condition, are inquired using Hash table structure.For strategy Database, it is contemplated that the transmission of data packet is continuous, so saving most recently used peace using caching technology in internal layer Full strategy, so that frequent query process is avoided, so as to improve system performance.
External intelligent terminal firewall hardware uses modularized design, by following module composition:
1. processor module is realized for realizing the calculating of packet filtering function and data encryption and executes firewall security plan Function slightly.
2. memory module for the rule set in Saving Safe Strategy, and provides the memory headroom of program operation.
3. data interface module, for receiving and sending the data packet from network to embedded system
4. debug circuit module is the channel of development platform and user interface, realizes the debugging of firewall system
5. peripheral circuit module, including power circuit, 3 part of crystal oscillating circuit and reset circuit.
The software configuration of Firewall for Smart Phone:
Since smart phone often exists, memory is small, the relatively poor feature of operational capability, therefore in design firewall When need in view of these factors.The modular constituent of Firewall for Smart Phone be 4 modules, respectively Bootloader, Operating system, network interface driving and regular ordo judiciorum.Using operating system as core, Bootloader is responsible for the initial of hardware Change, Network Interface Driver realizes the interaction with physical transport medium, and regular ordo judiciorum realizes the various functions of firewall. Fig. 5 is the information exchange structure chart of this 4 modules.
1Bootloader initializes hardware device, establishes the mapping graph of memory headroom, calls embedded system behaviour to be final Make kernel and prepares the environment correctly started.
2 operating system load driver programs, enable firewall correctly to receive and send data packet.
3, by operating system calling rule ordo judiciorum, handle received data packet, and return to processing result.
4 according to the processing result of regular ordo judiciorum, operating system calling rule ordo judiciorum send allow by number According to packet.
Since designed Firewall for Smart Phone has platform-neutral, any technology platform and hard can be selected Implementation of the part equipment as this firewall.The code migrating of protocol conversion and rule is realized in actual firewall is Theoretical conversion is actual committed step, could realize the data security transmission of intelligent terminal in true equipment in this way Ability.
Determine that the hardware configuration of Firewall for Smart Phone, hardware include to carry out regular operation and data encryption first The CPU module of operation;With the RAM memory module of storage security strategy rule;And provide the Flash flash memory mould of running memory Block;Realize the asic chip module of Wireless Data Protocol conversion;There are also the most important numbers that data interaction is carried out with smart phone According to interface module;Power supply module.Its hardware configuration such as Fig. 6.
Other than this minimal design scheme of the CPU+RAM+Flash+ bus used herein, it can also use The modes such as FPGA, gate array, chip IC design design realization firewall.
The man-machine interface of Firewall for Smart Phone develops software design APP using JAVA etc., it can be achieved that people is on mobile phone Firewall is monitored and interacts.
The concept of the security mechanism interface of firewall, the following institute of data message process flow are introduced in smart phone Show.
1. registering a security mechanism interface, security mechanism interface and actual network in intelligent terminal operation kernel Interface corresponds.
2. increasing the entrance for being directed toward firewall security mechanism interface in the routing table, keep the data packet of all input and output straight It picks toward safe handling mechanism interface.
3. it is inner that grouping encapsulation process program is placed on safe handling mechanism (i.e. firewall), so that need not modify IP's Source code, the module in firewall security governance mechanism include: the inquiry of policy database SPD, regular selection and grouping Encapsulation process (encryption and certification).
4. last data packet is sent to the data-interface of intelligent terminal, secure communication is realized.
The above is only a preferred embodiment of the present invention, it should be pointed out that: for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (7)

1. a kind of cell phone intelligent terminal firewall device, it is characterised in that: load one in general intelligent mobile phone system and prevent Wall with flues module, the data transmitted from network are transmitted directly to firewall module via the 4G data interface module of mobile phone, pass through Security strategy is sent to CPU by the data-interface of firewall again after being verified and is handled;The firewall module and intelligence The data-interface of energy cell phone apparatus uses serial communication interface or parallel data grabbing card.
2. a kind of cell phone intelligent terminal firewall device according to claim 1, it is characterised in that: this firewall module Security mechanism be according to the sourcesink address of grouping packet, port numbers and protocol type, mark determine whether that message passes through, Institute according to information source from the packet header IP, TCP or UDP, and using the packet filtering technology in Conventional firewalls, only meet The data packet of filter logic is just forwarded to corresponding destination outlet end, remaining ineligible data packet is then abandoned;Separately The outer rule according to security strategy carries out encryption, certification, digital signature, the safety such as completeness check to the data of input and output Measure guarantees the safety in data transmission.
3. a kind of cell phone intelligent terminal firewall device according to claim 2, it is characterised in that: the firewall module Access control safety strategy be that its input and output is controlled by the monitoring to inputoutput data, stop a part attack.Root According to preassigned safety regulation, inputoutput data is monitored, satisfactory data allow to pass through, and otherwise mask The data packet;
The data confidentiality and integrity security strategy of the firewall module are by the encryption to transmission data, encapsulation and certification Guarantee the confidentiality of data, so that the user of unauthorized can not obtain the information content.
4. a kind of cell phone intelligent terminal firewall device according to claim 3, it is characterised in that: the firewall module Functional module include memory and computing module;And prepared security strategy storage module and by security strategy formulate rule Then module;There are also being made whether the filtering module of legal judgement to data packet, and realize and intelligent terminal into The data interface module of row data exchange;There are also the APP control modules for realizing human-computer interaction, for artificially in mobile phone operating system Middle change security strategy setting.
5. a kind of cell phone intelligent terminal firewall device according to claim 4, it is characterised in that: data packet first is from net Network is transmitted to the 4G wireless data interface of smart phone, and communication protocol used by wireless communication technique needs to carry out protocol conversion Subsequent operation could be executed to it, corresponding rule is extracted by routing table after protocol conversion, and safe plan is carried out to data packet Slightly rule judgement, namely realize the packet filtering function of firewall.The data packet for not meeting security strategy rule wherein directly abandons, The data packet for meeting security strategy is packaged, protocol conversion and a series of works such as data encryption and certification are carried out to it Make, after the completion of encapsulation, by the embedded data interface such as bus inside smart phone, serial ports etc. sends it to equipment CPU carries out operation.Smart machine is after having handled network and having sent the data come in, and if desired external network sends data, Equally by process above, that is, internal data interface is first passed through by data and is sent to firewall module progress agreement turn from CPU It changes and packet filtering, then processed data is sent to by internet by external interface.
6. a kind of cell phone intelligent terminal firewall device according to claim 4, it is characterised in that: the smart phone is anti- The software module component part of wall with flues module be 4 modules, respectively Bootloader, operating system, network interface driving and Regular ordo judiciorum.Using operating system as core, Bootloader is responsible for the initialization of hardware, and Network Interface Driver is realized With the interaction of physical transport medium, regular ordo judiciorum realizes the various functions of firewall;Bootloader initialization hardware is set It is standby, the mapping graph of memory headroom is established, calls embedded system to operate the environment that kernel preparation correctly starts to be final;Operation system System load driver program, enables firewall correctly to receive and send data packet;Journey is adjudicated by operating system calling rule Sequence handles received data packet, and returns to processing result;According to the processing result of regular ordo judiciorum, operating system calls rule Then ordo judiciorum send allow by data packet.
7. a kind of cell phone intelligent terminal firewall device according to claim 6, it is characterised in that: determine intelligent hand first The hardware configuration of machine firewall, hardware include the CPU module for carrying out regular operation and data encryption operation;Pacify with storage The RAM memory module of full policing rule;And provide the Flash flash memory module of running memory;Realize Wireless Data Protocol conversion Asic chip module;There are also the most important data interface modules that data interaction is carried out with smart phone;Power supply module;Intelligence The man-machine interface of mobile phone firewall develops software design APP using JAVA, realize people the firewall on mobile phone is monitored and Interaction;
It is to register a security mechanism interface in intelligent terminal operation kernel in the data message process flow of smart phone, Security mechanism interface and actual network interface correspond, and then increase in the routing table and are directed toward firewall security mechanism interface Entrance, so that the data packet of all input and output is routed directly to safe handling mechanism interface, then will be grouped encapsulation process program It is inner to be placed on safe handling mechanism (i.e. firewall), so that the source code of IP need not be modified, in firewall security governance mechanism Module includes: the encapsulation process of the inquiry of policy database SPD, regular selection and grouping;Last data packet is sent to intelligence The data-interface of energy terminal device, realizes secure communication.
CN201810987265.3A 2018-08-28 2018-08-28 A kind of cell phone intelligent terminal firewall device Pending CN109167777A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810987265.3A CN109167777A (en) 2018-08-28 2018-08-28 A kind of cell phone intelligent terminal firewall device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810987265.3A CN109167777A (en) 2018-08-28 2018-08-28 A kind of cell phone intelligent terminal firewall device

Publications (1)

Publication Number Publication Date
CN109167777A true CN109167777A (en) 2019-01-08

Family

ID=64896979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810987265.3A Pending CN109167777A (en) 2018-08-28 2018-08-28 A kind of cell phone intelligent terminal firewall device

Country Status (1)

Country Link
CN (1) CN109167777A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113337A (en) * 2019-05-07 2019-08-09 山东渔翁信息技术股份有限公司 A kind of data transmission method, correlation technique and the relevant apparatus of zero-address equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1447263A (en) * 2003-03-17 2003-10-08 上海金诺网络安全技术发展股份有限公司 Method for handling computer network information security events
CN101860531A (en) * 2010-04-21 2010-10-13 北京星网锐捷网络技术有限公司 Filtering rule matching method of data packet and device thereof
US20120142320A1 (en) * 2010-12-02 2012-06-07 Chi Mei Communication Systems, Inc. Method for filtering incoming calls to communication device
CN102769703A (en) * 2012-07-17 2012-11-07 青岛海信移动通信技术股份有限公司 Mobile phone terminal and firewall monitoring method
CN103973700A (en) * 2014-05-21 2014-08-06 成都达信通通讯设备有限公司 Mobile terminal preset networking address firewall isolation application system
CN104866760A (en) * 2015-06-01 2015-08-26 成都中科创达软件有限公司 Smartphone security protection method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1447263A (en) * 2003-03-17 2003-10-08 上海金诺网络安全技术发展股份有限公司 Method for handling computer network information security events
CN101860531A (en) * 2010-04-21 2010-10-13 北京星网锐捷网络技术有限公司 Filtering rule matching method of data packet and device thereof
US20120142320A1 (en) * 2010-12-02 2012-06-07 Chi Mei Communication Systems, Inc. Method for filtering incoming calls to communication device
CN102769703A (en) * 2012-07-17 2012-11-07 青岛海信移动通信技术股份有限公司 Mobile phone terminal and firewall monitoring method
CN103973700A (en) * 2014-05-21 2014-08-06 成都达信通通讯设备有限公司 Mobile terminal preset networking address firewall isolation application system
CN104866760A (en) * 2015-06-01 2015-08-26 成都中科创达软件有限公司 Smartphone security protection method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
匡晋湘: "网络化嵌入式系统安全机制的研究", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 *
吴献文: "《计算机网络安全基础与技能训练》", 31 July 2008 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113337A (en) * 2019-05-07 2019-08-09 山东渔翁信息技术股份有限公司 A kind of data transmission method, correlation technique and the relevant apparatus of zero-address equipment

Similar Documents

Publication Publication Date Title
EP3111322B1 (en) Distributed rules engines for robust sensor networks
US8875276B2 (en) Ultra-low power single-chip firewall security device, system and method
JP2004532559A5 (en)
CN106716952A (en) Technologies for distributed detection of security anomalies
CN103607718B (en) Intelligent wireless network communication optimization equipment
CN107046508A (en) Message method of reseptance and the network equipment
CN104216761B (en) It is a kind of that the method for sharing equipment is used in the device that can run two kinds of operating system
CN101442513A (en) Method for implementing various service treatment function and multi-nuclear processor equipment
CN103019837A (en) Resource scheduling method, device and terminal equipment
CN107707557A (en) Anonymous access method, apparatus, the network equipment and readable storage medium storing program for executing
CN108833268B (en) Control system and operation method of variable description equipment of household wireless sensor network
CN101447007B (en) Safe outward communication method of active data safe storing equipment
CN109167777A (en) A kind of cell phone intelligent terminal firewall device
Akkermans et al. CerberOS: A Resource-Secure OS for Sharing IoT Devices.
CN103186729A (en) Encryption lock and method for protecting software by utilizing encryption lock
CN109314862A (en) Data distribution from loose impediment
CN205864441U (en) Ethernet-to-CAN (controller area network) module based on Microblaze verification
CN201623727U (en) Small single-unit firewall device based on network processor
CN101741636A (en) Computer network monitoring system using chip TMS320F2812
CN103051632B (en) Intelligent power-consumption communication safety protection method and system
CN109274648A (en) A kind of movable type cable firewall device
CN101377823A (en) Electric identification apparatus based on intelligent personal identification and implementing method thereof
CN109032281A (en) A kind of plug and play wireless network firewall device
CN108845638A (en) The firewall device of embedded system
Wen-zheng et al. Design and implementation of CNC machine remote monitoring and controlling system based on embedded internet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190108

RJ01 Rejection of invention patent application after publication