CN109460660A - A kind of mobile device safety management system - Google Patents
A kind of mobile device safety management system Download PDFInfo
- Publication number
- CN109460660A CN109460660A CN201811213329.0A CN201811213329A CN109460660A CN 109460660 A CN109460660 A CN 109460660A CN 201811213329 A CN201811213329 A CN 201811213329A CN 109460660 A CN109460660 A CN 109460660A
- Authority
- CN
- China
- Prior art keywords
- mobile device
- user
- management
- unit
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Abstract
The present invention relates to a kind of mobile device safety management systems, including mobile terminal and server end pipe platform, the mobile terminal manages platform communication connection by internet and server end, it includes mobile terminal intimidation defense management module that server end, which manages platform, corporate mobile devices management module, pushing module, the present invention can be realized entirety management of the platform to mobile device, platform includes mobile terminal intimidation defense management module, corporate mobile devices management module, pushing module, it is killed virus by mobile terminal intimidation defense management module to mobile device, and setting safety permission plan is got over, and security sandbox module guarantees the safety of mobile device, in addition corporate mobile devices management module can guarantee mobile device, and the application program of mobile device, the safety of document, and in the feelings that mobile device is lost Under condition, by deleting the file of mobile device or modifying the login password of mobile device, it is further ensured that the safety of enterprise's confidential document.
Description
Technical field
The present invention relates to a kind of technical field of network security, especially a kind of mobile device safety management system.
Background technique
With the rapid development of mobile device product, the application of smart phone, tablet computer commercially has become one
Kind development trend.How mobile device is managed concentratedly and controlled, has become an important key of business administration
Point.
The smart phone and tablet computer for being originally used for individual consumer's design are constantly by enterprise for carrying crucial industry
Business and core application, employee can also give enterprise's band although improving office efficiency using mobile device access company information
Carry out many security risks, often occur fund steal, information leakage the problems such as, tracing it to its cause is exactly because of mobile terminal device
The safety of access information can not be screened when accessing other systems, it is likely that it is hidden that the mobile terminal of employee has existed safety
Suffer from, is peeped since virus, wooden horse, rogue program are implanted the data in mobile terminal or in mobile terminal;Mobile terminal
The problems such as communicating data of carrying, note data, network data are maliciously obtained causes the safety of mobile terminal that cannot protect
Barrier;In addition, the problem of prior art is also lost together there is also secret data in enterprise after mobile device loss.Therefore, there is an urgent need for
A kind of safety management system can guarantee the safety of system data.
Summary of the invention
In view of the deficiencies of the prior art, the present invention provides a kind of mobile device safety management system, which can guarantee
The safety of mobile device can position mobile device, and by deleting file data or can repair when mobile device is lost
The safety for changing mobile device cryptographic assurance data further improves the safety of system.
The technical solution of the present invention is as follows: a kind of mobile device safety management system, including mobile terminal and server end pipe
Platform, the mobile terminal manage platform communication connection, the server end management by internet and server end
Platform includes mobile terminal intimidation defense management module, corporate mobile devices management module, pushing module;
The mobile terminal intimidation defense management module is used for security threat and safety problem to mobile terminal device
Carry out integral protection;
The corporate mobile devices management module is used for the mobile terminal device of trustship and the mobile device of trustship
Data file in the application program and mobile device terminal and server end pipe platform of the middle installation of terminal is integrated
Management;
The pushing module manages platform to mobile terminal PUSH message for server end.
Further, the mobile terminal intimidation defense management module include mobile antivirus module, safety permission module,
Application scan module, safe state of affairs sensing module, using package module, security sandbox module;
The mobile antivirus module is used for using virus killing technology with double engines to mobile terminal device and its using journey
Sequence carries out virus, wooden horse and malicious code killing, prevents the application program of user installation safety difference, and be used for system into
Row checking and killing virus, vulnerability scanning and patch reparation;
The safety permission module is used to audit to the mobile terminal device of server end management platform trustship, leads to
A variety of detection projects are crossed, time fence and geography fence strategy is cooperated to control mobile terminal device access, and to separated
The mobile terminal device of rule carries out fine-grained policy control, prevents dangerous mobile terminal device from running on server end management flat
On platform;
The application scan module, can for application program for preceding progress security sweep online to application program
Can occur application program virus infection wooden horse, application program access right tracking, application program without secure digital signature,
Application code is detected without processing relevant issues are obscured, and guarantees that application program is uploaded to server end management platform
Application shop safety, prevent because the modes such as decompiling or code injection carry out malice transformation to application program;
The safe state of affairs sensing module is used for the operation conditions of mobile terminal device, network behavior and user's row
Big data analysis is carried out for Multiple factors, current state and variation are carried out to all devices in current mobile terminal device network
Trend carries out activity-summary, and data structure is shown by patterned mode, checks for user, when first
Between prejudge safety problem, check security risk, prevent bigger security incident;
Described is used to the application program installation kit for having developed completion carrying out code injection and envelope using package module
Dress saves development cost and maintenance cost it is not necessary to modify the code of existing mobile terminal application, and has following function:
1) unified approach pressure, unified identity authentication: is carried out by the user identity of user name, password and certificate to application
Certification;
2), unified single-sign-on: all mobile applications is forced to have secure access to based on the single-sign-on of time and application level;
3), permission grant: allowing or is forbidden to use application program, offline use is applied or stored data into equipment;
4) it, automatically configures: automatically configuring user name, the address Server and the relevant personal settings information of self-defining data,
Need not move through user interactive operation;
5), automatic encryption: ensure that each application program storage all passes through encryption to all data of equipment;
6), DLP data are leakage-preventing: forbidding/allow enterprise using functions such as interior text copy/pastes;
7), dynamic strategy: dynamic updates application strategy;
8), statistical report: statistics is respectively using the information such as the frequency, time, duration and unified displaying;
9), optional erasing: Remote Selection wipes certain applications data, without influencing users personal data;
The security sandbox module is used for the safety of safeguards system data, by establishing DSA data isolation region,
DSA data isolation area is high strength encrypting, DSA by it is automatic carry out data break up and encipherment protection, external program can not obtain
Any data details of DSA, DSA include that disk partition information, file directory table, key safety cabinet region and encryption file are deposited
Storage area, by DSA storage file all be using one-time pad random key and AES256 Encryption Algorithm protected, and with
Secret key, which then passes through PKI public key, to carry out being stored encrypted in safe key safety cabinet region, to further ensure system number
According to safety.
Further, the corporate mobile devices management module includes mobile terminal device management module, mobile terminal
Appliance applications management module, document management module;
The mobile terminal device management module is used to carry out integrated management to mobile terminal device in trust;
The mobile terminal device application management module is used for the application journey installed in the mobile device of trustship
Sequence carries out monitor closely, supports black/white list strategy, all rogue programs in filtering black list, and system can be carried
Application shop carries out the setting of permission, allows or forbids installing application program from application shop, blocks the source of rogue program, protect
Demonstrate,prove application program it is legal with it is controllable;
The document management module is used to carry out enterprise document centrally stored, examination & approval, publication, long-range push, document
Retrieval management realizes the safety browsing ensured to mobile device Content Management enterprises document on the mobile apparatus and document
The update of content;The distribution of realization enterprise document and priority assignation and management.
The mobile terminal device management module include device management module, safety management module, user management module,
Plan gets over management module, and the device management module includes mobile terminal device status monitoring and data capture unit, and movement is eventually
End equipment rights management unit, mobile terminal device configuration management element;
The safety management module includes that mobile device loses positioning unit, mobile device lost contact detection unit, equipment
Lose data protection unit, network security control unit, system log management unit;
The user management module includes authentication and user's Life cycle control unit;
It includes equipment/user grouping policy management element that the plan, which gets over management module, and cross-platform multiple device binding is single
Member;
The mobile terminal device status monitoring and data capture unit be used for the hardware information to mobile terminal device,
Application information, security information carry out detailed track record and early warning, realize system to the thin of mobile terminal device information
Granularity control;
The mobile terminal device rights management unit be used for the function privilege to the mobile terminal device of designated user,
Application program permission, safety and privacy authority are configured and are managed, and are specifically included that
1) camera, is limited, records, make a phone call, receiving and dispatching short message;
2) WiFi access style and SSID, are limited;
3), limitation uses application shop, limitation installation application;
4), limitation is used using data line;
5) WIFI, is limited, Bluetooth function uses;
6), limitation uses browser, and limitation uses Javascript;
The mobile terminal device configuration management element is used to utilize the long-range management of user account configuration information and OTA
The mode of push establishes various configurations strategy, is mainly used for matching for WiFi, VPN, LDAP, Exchange, POP3, IMAP, APN
It sets, consistency operation can also be passed through by administrative staff and is pushed directly to designated user's terminal, avoid user from voluntarily inputting, separately
WiFi, VPN Account Type are configured outside, system automatic push simultaneously configure account, and user can be in the feelings without knowing password
It is connected to wireless network and Virtual Private Network under condition, that is, realizes secure accessing, while user being avoided to reveal account information;
In addition, wireless push can also be all made of according to the customized mobile device permission of different user, all configuration informations
Mode real time down can be issued as what the various dimensions of the overall situation, group, permission, user, equipment were configured;
The mobile device loses positioning unit and is used to remotely determine to mobile device by GPRS, 3G, 4G, WiFi
Position, and intelligent Drawing is carried out to the movement track of mobile device, the accurate personnel's for grasping mobile device and using mobile device
Movement track;
The mobile device lost contact detection unit is used to carry out lost contact policy control to the mobile device of loss, in movement
Device losses or in the state of can not networking, execute corresponding equipment lost contact strategy automatically, clash to mobile device specified
Data, remove mobile device information, lock mobile device operation, guarantee mobile device lost contact after under suspension state data pacify
Entirely;
The device losses data protection unit is used to carry out remote password setting to loss mobile device, locking is moved
Equipment, erasing system application, erasing system application data, erasing individual privacy data, safeguards system data safety, lose in equipment
The data that the first time of mistake saves mobile device carry out security management and control;
The network security control unit supports mobile device WIFI black and white lists, for the peace to WIFI wireless network
Full access carries out control limitation, prevents mobile setting from accessing unsafe WIFI wireless network, passes through what is surfed the Internet to mobile device
URL carries out tracking and monitoring and judges the internet behavior of mobile terminal by the record analysis to URL, so that it is guaranteed that mobile device
Internet Security;
The authentication and user's Life cycle control unit is used in accessing user's network, and system is to user
Corresponding certificate is produced, which can guarantee the authentication between user and server end management platform, and the certificate
With settable life cycle, the permission time limit of user can be set, since registering and completing, which starts to connect
By the comprehensive management of system, system is to status information all in the whole life cycle of user equipment access corporate environment, behaviour
Strict monitoring and unified configuration management are carried out as behavior;
The equipment/user grouping policy management element is used to carry out certainly equipment according to the different attribute of mobile device
Dynamic to sort out, different type equipment and different user devices freely establish group;
And the user management mechanism using based role, user's progress position, department, group are grouped at many levels, it is more
Angle is managed user;Enterprise is facilitated to carry out centralized and unified management, the settable difference of distinct device enterprise to mobile device
Administrator managed respectively;
The cross-platform multiple device binding unit is used for different mobile devices, Mobile operating system platform, single
Body user can bind with multiple platforms/version/operating system equipment, realize the unification of user's multiple device, concentrate
Management;
The system log management unit was used for user journal, device log, system alarm log, application program day
Will, System Operation Log, application program installation log, equipment operation log are managed, and user is facilitated to consult journal file
It determines that system current state, observation user using relevant data, and understand the service condition of system, and settable deletes automatically
Except log strategy.
The mobile terminal device application management module includes independent enterprise's application shop, application program remote point
Hair installs statistic unit, application program list application mould with erasing unit, application program black/white list monitoring unit, application program
Formula unit;
Upload, downloading, update of the independent enterprise's application shop for the application program of user, the restocking of program,
Undercarriage mechanism establishes the application shop of user oneself, is detached from distribution and management that third-party application shop is applied;
The described application program remote distribution and erasing unit are used for the batch distribution of application program, Remote Installation, far
Journey is removed, is remotely updated, remote wipe operates, and is avoided complicated cumbersome installation process, has been greatly improved batch deployment process
In working efficiency, in addition, system can be realized to mobile device remote unloading and data erasing, prevent from answering mobile device it is stolen,
It is unexpected to lose, cause user's confidential information to be revealed;
The application program black/white list monitoring unit is used for limiting in mobile device using installation, if
It was found that mobile device installs illegal application, system will inform the user that or forced unloading, to guarantee the safety of mobile device;
The application program installation statistic unit is for carrying out installation statistics, Yong Huke to the application program that enterprise pushes
Check push record, the installation situation, the relevant information for pushing situation of each application program;To not by regulation installation must answer
It is alerted with the mobile device of program, and carries out secondary push automatically;
The application program list application model unit is used to mobile device being locked in a certain application program, this applies journey
Sequence automatically turns on, and user can not exit, and user is not available the application program in addition to single application model program.
The document management module include mobile device enterprise's cloud storage unit, mobile device private cloud storage unit,
Document security administrative unit, document management unit, document policies administrative unit;
The mobile device enterprise's cloud storage unit is used to carry out storage and management on the mobile apparatus to enterprise document,
By downloading, realizing the publication of enterprise document and sharing to the synchronous of enterprise's cloud storage unit;
The mobile device private cloud storage unit is for the upload, downloading, storage to privately owned document;
The document security administrative unit is used for mobile device enterprise's cloud storage unit, mobile device private cloud storage
The file stored in unit is managed, and realizes the unified management of enterprise document and personal document, and ensure business data and
The physical isolation of personal data, and document is transmitted through upper in transmission process, carries out file encryption using high strength encrypting algorithm,
Prevention and control document leaks risk, system integration file browser, supports Word, PPT, PDF, JPG, TXT, MP4, MP3, AVI format,
The document being uploaded in system can not open leakage of content after preventing document to be lost by third party's browser;
The document management unit is used for the file distributing in enterprise's cloud to the mobile terminal of specified target user
On, realization enterprise document uniformly issues and file-sharing, and can checking to the file issued;
The document policies administrative unit is used to carry out tactical management to enterprise document, to document sharing, copy function
Corresponding management strategy is set, enterprise is facilitated to be managed document.
The pushing module includes mobile e-mail push administrative unit, mobile notice push administrative unit;
The mobile e-mail push administrative unit is used to ensure the safety of delivery email content and Email attachment, and
Support following mail protocol: IMAP, Exchange, POP3, and can be to mail security channel and mail text during push
Part is encrypted, and guarantees the safety of transmission Mail Contents and attachment;
The mobile notice administrative unit manages platform for server end and issues to the notice of mobile terminal, including enterprise
The transmitting and receiving of the publication of industry notification message, file and content;And support text, picture, video, Word, PPT matchmaker more than more kinds
The file of physique formula, and in transmission, it can be achieved that being encrypted to file transmission channel and being carried out to file data itself
Encryption.
Further, the mobile terminal includes user log-in block, security centre's management module, equipment information management
Module, memory management unit, application management unit, application shop, message center unit, documentation center administrative unit, mail pipe
Manage module;
The user log-in block logs in mobile terminal for user, realizes and connects with the communication of server end management platform
It connects, user pushes the circular mail registered address URL that administrative unit pushes by mobile e-mail, then according to the user name of registration
It is logged in password, user can also push the two dimensional code that administrative unit is sent according to mobile e-mail and log in;
Security centre's management module is used for the safety monitoring of mobile device, and to virus, wooden horse, malicious code
Comprehensive killing and quick killing vulnerability scanning and patch reparation are carried out, guarantees the safety of mobile device;
The equipment information management module is used to check essential information, the detailed hardware information, CPU information of mobile device
And hardware characteristic information;
The memory management unit can check current residual memory, sheet for being managed to the memory of mobile device
Machine memory, using committed memory, system committed memory and free memory information, and internally deposit and be purged or optimize;
The application management unit is for being managed the application program of mobile device;
The application shop is used to download the application program and third-party application program of enterprise's publication;
The message center unit is for checking enterprise message and attachment content that enterprise pushes to user, when receiving pipe
After the information that reason personnel push to mobile terminal, preset information will disappear while show the new information received;
The documentation center administrative unit is effective user-isolated public and private for managing enterprise document and personal document
Document, protects the personal document of user, at the same enterprise document is downloaded and enterprise document localization management;
The mail management module is used for the delivery email that management server end pipe platform is sent, and checks service
The delivery email that device end pipe platform is sent.
Further, security centre's management module includes quick killing unit, comprehensive killing unit, real time monitoring
Unit threatens reminding unit, operation note unit, virus base upgrade unit;
The quick killing unit is used to carry out quick killing to mobile device virus;
Comprehensive killing is used to the storage of mobile device and SD card, storage catalogue carrying out comprehensive killing, entirely
Face killing system All Files can be carried out to binary system killing and intellectual analysis threatens, after the completion of killing, if it find that viral
Or threaten, checking and killing virus can be recorded and be saved by system, and user can click the text that details check Virus Type, virus infection
Part attribute information, and corresponding processing mode can be taken virus;
The real time monitoring unit is for monitoring mobile device in real time, to guarantee the safety of running environment;
Threat of the threat reminding unit for reminding user's mobile device to be subject in time, to ensure that user locates in time
Reason threatens;
The operation note unit is used to record the relevant scanning information of virus of institute's killing, is conveniently used for subsequent look into
It sees;
The virus base upgrade unit is used to carry out online upgrading to virus base, to ensure the safety of running environment.
Further, a variety of detection projects include: whether mobile terminal device proposes power detection, whether installs in violation of rules and regulations
Whether application program detection, operating system version close rule detection, whether application version closes rule detection, whether SIM card is to award
Whether the detection of power SIM card meets the detection of geography fence strategy, whether meets the detection of time ring fence.
Further, the time ring fence refers to that by setting certain use time range, controlling movement sets
It is standby, this system cannot be used beyond the time range;The geography fence strategy, which refers to through geographic latitude, controls shifting
Dynamic equipment, will be unable to use this system beyond this range.
Further, the mobile terminal is suitable for the mobile terminal device of Android platform and iOS platform.
The invention has the benefit that
1, present system is equipped with mobile terminal, server end manages platform;Mobile terminal client terminal by internet with
Server end manages platform connection, realizes entirety management of the platform to mobile device, and platform includes that mobile terminal threat is anti-
Imperial management module, corporate mobile devices management module, pushing module set movement by mobile terminal intimidation defense management module
It is standby to be killed virus and be arranged that safety permission plan is got over and security sandbox module guarantees the safety of mobile device, in addition enterprise's shifting
Dynamic device management module can guarantee the safety of the application program of mobile device and mobile device, document, and in movement
In the case where device losses, by deleting the file of mobile device or modifying the login password of mobile device, it is further ensured that enterprise
The safety of industry confidential document, in addition, the system can also position the shifting lost the position of mobile device and can describe mobile device
Dynamic rail mark;User can guarantee mobile device, enterprise according to setting such as time ring fence, geography fence strategy security strategy
The safety of industry file;
2, system can send file to enterprise staff in the form of mail and notice pushing module, and due to browsing
File is to use built-in browser, and by encrypting to the channel and file attachment of starting file, further protect
The safety of pushing files is demonstrate,proved;
3, by setting enterprise's cloud storage unit and private cloud storage unit, each humanity of enterprise document has been spaced further apart it
It is part, practical, convenient for unified management;
4, only independent in system to use shop, and safety monitoring is carried out to it before application program restocking, guarantee
The safety of application program;
5, mobile terminal is provided with security centre and documentation center administrative unit, mail management module, is further ensured that
The safety of mobile terminal document is moved, with good application prospect.
Detailed description of the invention
Fig. 1 is structural framing figure of the invention.
Specific embodiment
Specific embodiments of the present invention will be further explained with reference to the accompanying drawing:
As shown in Figure 1, a kind of mobile device safety management system, including mobile terminal and server end pipe platform, institute
The mobile terminal stated manages platform communication connection by internet and server end, and the server end management platform includes moving
Dynamic terminal intimidation defense management module, corporate mobile devices management module, pushing module, before use, user is logged in by account
Server end management platform is managed collectively mobile terminal;
The mobile terminal intimidation defense management module is used for security threat and safety problem to mobile terminal device
Carry out integral protection;
The corporate mobile devices management module is used for the mobile terminal device of trustship and the mobile device of trustship
Data file in the application program and mobile device terminal and server end pipe platform of the middle installation of terminal is integrated
Management;
The pushing module manages platform to mobile terminal PUSH message for server end.
Further, the mobile terminal intimidation defense management module include mobile antivirus module, safety permission module,
Application scan module, safe state of affairs sensing module, using package module, security sandbox module.
The mobile antivirus module is used for using virus killing technology with double engines to mobile terminal device and its using journey
Sequence carries out virus, wooden horse and malicious code killing, prevents the application program of user installation safety difference, and be used for system into
Row checking and killing virus, vulnerability scanning and patch reparation.
The safety permission module is used to audit to the mobile terminal device of server end management platform trustship, leads to
A variety of detection projects are crossed, time fence and geography fence strategy is cooperated to control mobile terminal device access, and to separated
The mobile terminal device of rule carries out fine-grained policy control, prevents dangerous mobile terminal device from running on server end management flat
On platform, wherein a variety of detection projects include: whether mobile terminal device proposes power detection, whether installs and apply in violation of rules and regulations
Whether Programmable detection, operating system version close rule detection, whether application version closes rule detection, whether SIM card is authorization SIM
Whether card detection meets the detection of geography fence strategy, whether meets the detection of time ring fence.
The time ring fence, which refers to, controls mobile device by setting certain use time range, and exceeding should
Time range cannot use this system;The geography fence strategy, which refers to through geographic latitude, controls mobile device, surpasses
This range will be unable to use this system out.
The application scan module, can for application program for preceding progress security sweep online to application program
Can occur application program virus infection wooden horse, application program access right tracking, application program without secure digital signature,
Application code is detected without processing relevant issues are obscured, and guarantees that application program is uploaded to server end management platform
Application shop safety, prevent because the modes such as decompiling or code injection carry out malice transformation to application program.
The safe state of affairs sensing module is used for the operation conditions of mobile terminal device, network behavior and user's row
Big data analysis is carried out for Multiple factors, current state and variation are carried out to all devices in current mobile terminal device network
Trend carries out activity-summary, and data structure is shown by patterned mode, checks for user, when first
Between prejudge safety problem, check security risk, prevent bigger security incident.
Described is used to the application program installation kit for having developed completion carrying out code injection and envelope using package module
Dress saves development cost and maintenance cost it is not necessary to modify the code of existing mobile terminal application, and has following function:
1) unified approach pressure, unified identity authentication: is carried out by the user identity of user name, password and certificate to application
Certification;
2), unified single-sign-on: all mobile applications is forced to have secure access to based on the single-sign-on of time and application level;
3), permission grant: allowing or is forbidden to use application program, offline use is applied or stored data into equipment;
4) it, automatically configures: automatically configuring user name, the address Server and the relevant personal settings information of self-defining data,
Need not move through user interactive operation;
5), automatic encryption: ensure that each application program storage all passes through encryption to all data of equipment;
6), DLP data are leakage-preventing: forbidding/allow enterprise using functions such as interior text copy/pastes;
7), dynamic strategy: dynamic updates application strategy;
8), statistical report: statistics is respectively using the information such as the frequency, time, duration and unified displaying;
9), optional erasing: Remote Selection wipes certain applications data, without influencing users personal data.
The security sandbox module is used for the safety of safeguards system data, by establishing DSA data isolation region,
DSA data isolation area is high strength encrypting, DSA by it is automatic carry out data break up and encipherment protection, external program can not obtain
Any data details of DSA, DSA include that disk partition information, file directory table, key safety cabinet region and encryption file are deposited
Storage area, by DSA storage file all be using one-time pad random key and AES256 Encryption Algorithm protected, and with
Secret key, which then passes through PKI public key, to carry out being stored encrypted in safe key safety cabinet region, to further ensure system number
According to safety.
The corporate mobile devices management module includes mobile terminal device management module, mobile terminal device application journey
Sequence management module, document management module;The mobile terminal device management module is used for mobile terminal device in trust
Carry out integrated management;The mobile terminal device application management module is for answering what is installed in the mobile device of trustship
Carry out monitor closely with program, support black/white list strategy, all rogue programs in filtering black list, and can to system from
The application shop of band carries out the setting of permission, allows or forbids installing application program from application shop, blocks coming for rogue program
Source, guarantee application program it is legal with it is controllable;The document management module is used to carry out enterprise document centrally stored, careful
It criticizes, publication, long-range push, document retrieval management, realizes that, to mobile device Content Management, guarantee enterprises document is set in movement
The update of standby upper safety browsing and document content;The distribution of realization enterprise document and priority assignation and management.
The mobile terminal device management module include device management module, safety management module, user management module,
Plan gets over management module, and the device management module includes mobile terminal device status monitoring and data capture unit, and movement is eventually
End equipment rights management unit, mobile terminal device configuration management element;
The safety management module includes that mobile device loses positioning unit, mobile device lost contact detection unit, equipment
Lose data protection unit, network security control unit, system log management unit;
The user management module includes authentication and user's Life cycle control unit;
It includes equipment/user grouping policy management element that the plan, which gets over management module, and cross-platform multiple device binding is single
Member;
The mobile terminal device status monitoring and data capture unit be used for the hardware information to mobile terminal device,
Application information, security information carry out detailed track record and early warning, realize system to the thin of mobile terminal device information
Granularity control;
The mobile terminal device rights management unit be used for the function privilege to the mobile terminal device of designated user,
Application program permission, safety and privacy authority are configured and are managed, and are specifically included that
1) camera, is limited, records, make a phone call, receiving and dispatching short message;
2) WiFi access style and SSID, are limited;
3), limitation uses application shop, limitation installation application;
4), limitation is used using data line;
5) WIFI, is limited, Bluetooth function uses;
6), limitation uses browser, and limitation uses Javascript;
The mobile terminal device configuration management element is used to utilize the long-range management of user account configuration information and OTA
The mode of push establishes various configurations strategy, is mainly used for matching for WiFi, VPN, LDAP, Exchange, POP3, IMAP, APN
It sets, consistency operation can also be passed through by administrative staff and is pushed directly to designated user's terminal, avoid user from voluntarily inputting, separately
WiFi, VPN Account Type are configured outside, system automatic push simultaneously configure account, and user can be in the feelings without knowing password
It is connected to wireless network and Virtual Private Network under condition, that is, realizes secure accessing, while user being avoided to reveal account information;
In addition, wireless push can also be all made of according to the customized mobile device permission of different user, all configuration informations
Mode real time down can be issued as what the various dimensions of the overall situation, group, permission, user, equipment were configured;
The mobile device loses positioning unit and is used to remotely determine to mobile device by GPRS, 3G, 4G, WiFi
Position, and intelligent Drawing is carried out to the movement track of mobile device, the accurate personnel's for grasping mobile device and using mobile device
Movement track;
The mobile device lost contact detection unit is used to carry out lost contact policy control to the mobile device of loss, in movement
Device losses or in the state of can not networking, execute corresponding equipment lost contact strategy automatically, clash to mobile device specified
Data, remove mobile device information, lock mobile device operation, guarantee mobile device lost contact after under suspension state data pacify
Entirely;
The device losses data protection unit is used to carry out remote password setting to loss mobile device, locking is moved
Equipment, erasing system application, erasing system application data, erasing individual privacy data, safeguards system data safety, lose in equipment
The data that the first time of mistake saves mobile device carry out security management and control;
The network security control unit supports mobile device WIFI black and white lists, for the peace to WIFI wireless network
Full access carries out control limitation, prevents mobile setting from accessing unsafe WIFI wireless network, passes through what is surfed the Internet to mobile device
URL carries out tracking and monitoring and judges the internet behavior of mobile terminal by the record analysis to URL, so that it is guaranteed that mobile device
Internet Security;
The authentication and user's Life cycle control unit is used in accessing user's network, and system is to user
Corresponding certificate is produced, which can guarantee the authentication between user and server end management platform, and the certificate
With settable life cycle, the permission time limit of user can be set, since registering and completing, which starts to connect
By the comprehensive management of system, system is to status information all in the whole life cycle of user equipment access corporate environment, behaviour
Strict monitoring and unified configuration management are carried out as behavior;
The equipment/user grouping policy management element is used to carry out certainly equipment according to the different attribute of mobile device
Dynamic to sort out, different type equipment and different user devices freely establish group;And the user management mechanism using based role,
User's progress position, department, group are grouped at many levels, multi-angle is managed user;Facilitate enterprise to mobile device into
Row centralized and unified management, the settable different administrator of distinct device enterprise are managed respectively;
The cross-platform multiple device binding unit is used for different mobile devices, Mobile operating system platform, single
Body user can bind with multiple platforms/version/operating system equipment, realize the unification of user's multiple device, concentrate
Management;
The system log management unit was used for user journal, device log, system alarm log, application program day
Will, System Operation Log, application program installation log, equipment operation log are managed, and user is facilitated to consult journal file
It determines that system current state, observation user using relevant data, and understand the service condition of system, and settable deletes automatically
Except log strategy.
The mobile terminal device application management module includes independent enterprise's application shop, application program remote point
Hair installs statistic unit, application program list application mould with erasing unit, application program black/white list monitoring unit, application program
Formula unit;
Upload, downloading, update of the independent enterprise's application shop for the application program of user, the restocking of program,
Undercarriage mechanism establishes the application shop of user oneself, is detached from distribution and management that third-party application shop is applied;
The described application program remote distribution and erasing unit are used for the batch distribution of application program, Remote Installation, far
Journey is removed, is remotely updated, remote wipe operates, and is avoided complicated cumbersome installation process, has been greatly improved batch deployment process
In working efficiency, in addition, system can be realized to mobile device remote unloading and data erasing, prevent from answering mobile device it is stolen,
It is unexpected to lose, cause user's confidential information to be revealed;
The application program black/white list monitoring unit is used for limiting in mobile device using installation, if
It was found that mobile device installs illegal application, system will inform the user that or forced unloading, to guarantee the safety of mobile device;
The application program installation statistic unit is for carrying out installation statistics, Yong Huke to the application program that enterprise pushes
Check push record, the installation situation, the relevant information for pushing situation of each application program;To not by regulation installation must answer
It is alerted with the mobile device of program, and carries out secondary push automatically;
The application program list application model unit is used to mobile device being locked in a certain application program, this applies journey
Sequence automatically turns on, and user can not exit, and user is not available the application program in addition to single application model program.
The document management module include mobile device enterprise's cloud storage unit, mobile device private cloud storage unit,
Document security administrative unit, document management unit, document policies administrative unit;
The mobile device enterprise's cloud storage unit is used to carry out storage and management on the mobile apparatus to enterprise document,
By downloading, realizing the publication of enterprise document and sharing to the synchronous of enterprise's cloud storage unit;
The mobile device private cloud storage unit is for the upload, downloading, storage to privately owned document;
The document security administrative unit is used for mobile device enterprise's cloud storage unit, mobile device private cloud storage
The file stored in unit is managed, and realizes the unified management of enterprise document and personal document, and ensure business data and
The physical isolation of personal data, and document is transmitted through upper in transmission process, carries out file encryption using high strength encrypting algorithm,
Prevention and control document leaks risk, system integration file browser, supports Word, PPT, PDF, JPG, TXT, MP4, MP3, AVI format,
The document being uploaded in system can not open leakage of content after preventing document to be lost by third party's browser;
The document management unit is used for the file distributing in enterprise's cloud to the mobile terminal of specified target user
On, realization enterprise document uniformly issues and file-sharing, and can checking to the file issued;
The document policies administrative unit is used to carry out tactical management to enterprise document, to document sharing, copy function
Corresponding management strategy is set, enterprise is facilitated to be managed document.
The pushing module includes mobile e-mail push administrative unit, mobile notice push administrative unit;The shifting
Dynamic mail push administrative unit is used to ensure the safety of delivery email content and Email attachment, and following mail is supported to assist
View: IMAP, Exchange, POP3, and mail security channel and mail document can be encrypted during push, guarantee
Transmit the safety of Mail Contents and attachment;
The mobile notice administrative unit manages platform for server end and issues to the notice of mobile terminal, including enterprise
The transmitting and receiving of the publication of industry notification message, file and content;And support text, picture, video, Word, PPT matchmaker more than more kinds
The file of physique formula, and in transmission, it can be achieved that being encrypted to file transmission channel and being carried out to file data itself
Encryption.
The mobile terminal is suitable for the mobile terminal device of Android platform and iOS platform, the mobile terminal
Including user log-in block, security centre's management module, equipment information management module, memory management unit, application management unit,
Application shop, message center unit, documentation center administrative unit, mail management module;
The user log-in block logs in mobile terminal for user, realizes and connects with the communication of server end management platform
It connects, user pushes the circular mail registered address URL that administrative unit pushes by mobile e-mail, then according to the user name of registration
It is logged in password, user can also push the two dimensional code that administrative unit is sent according to mobile e-mail and log in;
Security centre's management module is used for the safety monitoring of mobile device, and to virus, wooden horse, malicious code
Comprehensive killing and quick killing vulnerability scanning and patch reparation are carried out, guarantees the safety of mobile device;
The equipment information management module is used to check essential information, the detailed hardware information, CPU information of mobile device
And hardware characteristic information;
The memory management unit can check current residual memory, sheet for being managed to the memory of mobile device
Machine memory, using committed memory, system committed memory and free memory information, and internally deposit and be purged or optimize;
The application management unit is for being managed the application program of mobile device;
The application shop is used to download the application program and third-party application program of enterprise's publication;
The message center unit is for checking enterprise message and attachment content that enterprise pushes to user, when receiving pipe
After the information that reason personnel push to mobile terminal, preset information will disappear while show the new information received;
The documentation center administrative unit is effective user-isolated public and private for managing enterprise document and personal document
Document, protects the personal document of user, at the same enterprise document is downloaded and enterprise document localization management;
The mail management module is used for the delivery email that management server end pipe platform is sent, and checks service
The delivery email that device end pipe platform is sent.
Security centre's management module includes quick killing unit, comprehensive killing unit, real time monitoring unit, threatens
Reminding unit, operation note unit, virus base upgrade unit;
The quick killing unit is used to carry out quick killing to mobile device virus;
Comprehensive killing is used to the storage of mobile device and SD card, storage catalogue carrying out comprehensive killing, entirely
Face killing system All Files can be carried out to binary system killing and intellectual analysis threatens, after the completion of killing, if it find that viral
Or threaten, checking and killing virus can be recorded and be saved by system, and user can click the text that details check Virus Type, virus infection
Part attribute information, and corresponding processing mode can be taken virus;
The real time monitoring unit is for monitoring mobile device in real time, to guarantee the safety of running environment;
Threat of the threat reminding unit for reminding user's mobile device to be subject in time, to ensure that user locates in time
Reason threatens;
The operation note unit is used to record the relevant scanning information of virus of institute's killing, is conveniently used for subsequent look into
It sees;
The virus base upgrade unit is used to carry out online upgrading to virus base, to ensure the safety of running environment.
The above embodiments and description only illustrate the principle of the present invention and most preferred embodiment, is not departing from this
Under the premise of spirit and range, various changes and improvements may be made to the invention, these changes and improvements both fall within requirement and protect
In the scope of the invention of shield.
Claims (10)
1. a kind of mobile device safety management system, it is characterised in that: described including mobile terminal and server end pipe platform
Mobile terminal platform communication connection is managed by internet and server end, the server end management platform includes movement
Terminal intimidation defense management module, corporate mobile devices management module, pushing module;
The mobile terminal intimidation defense management module is used to carry out the security threat and safety problem of mobile terminal device
Integral protection;
The corporate mobile devices management module is used for the mobile terminal device of trustship and the mobile device terminal of trustship
Middle installation application program and data file in mobile device terminal and server end pipe platform carry out integrated pipe
Reason;
The pushing module manages platform to mobile terminal PUSH message for server end.
2. a kind of mobile device safety management system according to claim 1, it is characterised in that: the mobile terminal prestige
Side of body defence management module perceives mould including mobile antivirus module, safety permission module, application scan module, the safe state of affairs
Block, using package module, security sandbox module;
The mobile antivirus module be used for using virus killing technology with double engines to mobile terminal device and its application program into
Row virus, wooden horse and malicious code killing prevent the application program of user installation safety difference, and for carrying out disease to system
Malicious killing, vulnerability scanning and patch reparation;
The safety permission module is used to audit to the mobile terminal device of server end management platform trustship, by more
Kind detection project, cooperates time fence and geography fence strategy to control mobile terminal device access, and to violation
Mobile terminal device carries out fine-grained policy control, prevent dangerous mobile terminal device run on server end management platform it
On;
The application scan module may go out for preceding progress security sweep online to application program for application program
Existing application program virus infection wooden horse, the tracking of application program access right, application program are without secure digital signature, application
Program code is detected without processing relevant issues are obscured, and guarantees that application program is uploaded to answering for server end management platform
With the safety in shop, prevent because the modes such as decompiling or code injection carry out malice transformation to application program;
The safe state of affairs sensing module is for more to the operation conditions of mobile terminal device, network behavior and user behavior
A factor carries out big data analysis, carries out current state and variation tendency to all devices in current mobile terminal device network
Activity-summary is carried out, and data structure is shown by patterned mode, is checked for user, it is pre- at the first time
Sentence safety problem, checks security risk, prevent bigger security incident;
Described is used to the application program installation kit for having developed completion carrying out code injection and encapsulation, nothing using package module
The code of existing mobile terminal application need to be modified, and realizes following setting:
1), unified identity authentication: unified approach pressure is carried out by the user identity of user name, password and certificate to application and is recognized
Card;
2), unified single-sign-on: all mobile applications is forced to have secure access to based on the single-sign-on of time and application level;
3), permission grant: allowing or is forbidden to use application program, offline use is applied or stored data into equipment;
4) it, automatically configures: automatically configuring user name, the address Server and the relevant personal settings information of self-defining data, be not necessarily to
By user interactive operation;
5), automatic encryption: ensure that each application program storage all passes through encryption to all data of equipment;
6), DLP data are leakage-preventing: forbidding/allow enterprise using functions such as interior text copy/pastes;
7), dynamic strategy: dynamic updates application strategy;
8), statistical report: statistics is respectively using the information such as the frequency, time, duration and unified displaying;
9), optional erasing: Remote Selection wipes certain applications data, without influencing users personal data;
The security sandbox module is used for the safety of safeguards system data, by establishing DSA data isolation region, DSA number
High strength encrypting according to isolated area, DSA by it is automatic carry out data break up and encipherment protection, external program can not obtain DSA's
Any data details, DSA include disk partition information, file directory table, key safety cabinet region and encrypt file storage area,
File by DSA storage is protected using the random key and AES256 Encryption Algorithm of one-time pad, and with secret
Key, which then passes through PKI public key, to carry out being stored encrypted in safe key safety cabinet region, to further ensure system data
Safety.
3. a kind of mobile device safety management system according to claim 1, it is characterised in that: the Enterprise Mobile is set
Standby management module includes mobile terminal device management module, mobile terminal device application management module, document management module;
The mobile terminal device management module is used to carry out integrated management to mobile terminal device in trust;
The mobile terminal device application management module be used for the application program installed in the mobile device of trustship into
Row monitor closely supports black/white list strategy, all rogue programs in filtering black list, and the application that can be carried to system
Shop carries out the setting of permission, allows or forbids installing application program from application shop, blocks the source of rogue program, guarantee to answer
With program it is legal with it is controllable;
The document management module is used for, examination & approval centrally stored to enterprise document progress, publication, long-range push, document recycling
The safety browsing ensured to mobile device Content Management enterprises document on the mobile apparatus and document content are realized in management
Update;The distribution of realization enterprise document and priority assignation and management.
4. a kind of mobile device safety management system according to claim 3, it is characterised in that: the mobile terminal is set
Standby management module includes that device management module, safety management module, user management module, plan get over management module, the equipment
Management module includes mobile terminal device status monitoring and data capture unit, and mobile terminal device rights management unit is mobile
Terminal equipment configuration administrative unit;
The safety management module includes that mobile device loses positioning unit, mobile device lost contact detection unit, device losses
Data protection unit, network security control unit, system log management unit;
The user management module includes authentication and user's Life cycle control unit;
It includes equipment/user grouping policy management element, cross-platform multiple device binding unit that the plan, which gets over management module,;
The mobile terminal device status monitoring and data capture unit are used for the hardware information to mobile terminal device, application
Program information, security information carry out detailed track record and early warning, realize system to the fine granularity of mobile terminal device information
Control;
The mobile terminal device rights management unit is used for the function privilege to the mobile terminal device of designated user, application
Program authority, safety and privacy authority are configured and are managed, and are specifically included that
1) camera, is limited, records, make a phone call, receiving and dispatching short message;
2) WiFi access style and SSID, are limited;
3), limitation uses application shop, limitation installation application;
4), limitation is used using data line;
5) WIFI, is limited, Bluetooth function uses;
6), limitation uses browser, and limitation uses Javascript;
The mobile terminal device configuration management element is used to push using the long-range management of user account configuration information with OTA
Mode establish various configurations strategy, be mainly used for the configuration of WiFi, VPN, LDAP, Exchange, POP3, IMAP, APN,
Consistency operation can also be passed through by administrative staff and be pushed directly to designated user's terminal, avoid user from voluntarily inputting, in addition
WiFi, VPN Account Type are configured, system automatic push simultaneously configure account, and user can be without the case where knowing password
Under be connected to wireless network and Virtual Private Network, that is, realize secure accessing, at the same avoid user reveal account information;
In addition, wireless push mode can also be all made of according to the customized mobile device permission of different user, all configuration informations
Real time down can be issued as what the various dimensions of the overall situation, group, permission, user, equipment were configured;
The mobile device loses positioning unit and is used to be remotely located mobile device by GPRS, 3G, 4G, WiFi,
And intelligent Drawing, the accurate action for grasping mobile device and the personnel using mobile device are carried out to the movement track of mobile device
Track;
The mobile device lost contact detection unit is used to carry out lost contact policy control to the mobile device of loss, in mobile device
In the state of losing or can not networking, corresponding equipment lost contact strategy is executed automatically, mobile device is carried out to clash specified data,
Remove mobile device information, lock mobile device operation, guarantee mobile device lost contact after under suspension state data safety;
The device losses data protection unit is used to carry out remote password setting to loss mobile device, locking movement is set
Standby, erasing system application, erasing system application data, erasing individual privacy data, safeguards system data safety, in device losses
First time data that mobile device is saved carry out security management and control;
The network security control unit supports mobile device WIFI black and white lists, visits for the safety to WIFI wireless network
Ask and carry out control limitation, prevent mobile setting from accessing unsafe WIFI wireless network, by the URL that surfs the Internet to mobile device into
Line trace monitoring, by the record analysis to URL, judges the internet behavior of mobile terminal, so that it is guaranteed that the online of mobile device
Safety;
The authentication and user's Life cycle control unit is used in accessing user's network, and system is produced to user
Corresponding certificate, which can guarantee the authentication between user and server end management platform, and the certificate has
Settable life cycle can set the permission time limit of user, and since registering and completing, which starts to receive system
The comprehensive management of system, system go to status information all in the whole life cycle of user equipment access corporate environment, operation
To carry out strict monitoring and unified configuration management;
The equipment/user grouping policy management element for returning equipment according to the different attribute of mobile device automatically
Class, different type equipment and different user devices freely establish group;
And the user management mechanism using based role, user's progress position, department, group are grouped at many levels, multi-angle
User is managed;Enterprise is facilitated to carry out centralized and unified management, the settable different pipe of distinct device enterprise to mobile device
Reason person is managed respectively;
The cross-platform multiple device binding unit is used for different mobile devices, Mobile operating system platform, and monomer is used
Family can be bound with multiple platforms/version/operating system equipment, realize unification, the centralized management of user's multiple device;
The system log management unit be used for user journal, device log, system alarm log, application log,
System Operation Log, application program installation log, equipment operation log are managed, and user is facilitated to consult journal file to determine
System current state, observation user use relevant data, and understand the service condition of system, and settable be automatically deleted day
Will strategy.
5. a kind of mobile device safety management system according to claim 3, it is characterised in that: the mobile terminal is set
Standby application management module include independent enterprise's application shop, application program remote distribution and erasing unit, application program it is black/
White list monitoring unit, application program install statistic unit, application program list application model unit;
Upload, downloading, update of the independent enterprise's application shop for the application program of user, the restocking of program, undercarriage
Mechanism establishes the application shop of user oneself, is detached from distribution and management that third-party application shop is applied;
The application program remote, which is distributed, to be used for erasing unit to the batch distribution of application program, Remote Installation, long-range shifting
It removes, remotely update, remote wipe operation, avoiding complicated cumbersome installation process, greatly improved during disposing in batches
Working efficiency prevents from answering mobile device stolen, unexpected in addition, system can be realized to mobile device remote unloading and data erasing
It loses, user's confidential information is caused to be revealed;
The application program black/white list monitoring unit is used for limiting in mobile device using installation, if discovery
Mobile device installs illegal application, and system will inform the user that or forced unloading, to guarantee the safety of mobile device;
For carrying out installation statistics to the application program that enterprise pushes, user can check the application program installation statistic unit
The push record of each application program, installation situation, the relevant information for pushing situation;Journey must be applied by regulation installation to no
The mobile device of sequence is alerted, and carries out secondary push automatically;
The application program list application model unit is used to mobile device being locked in a certain application program, and the application program is certainly
It is dynamic to open, and user can not exit, and user is not available the application program in addition to single application model program.
6. a kind of mobile device safety management system according to claim 3, it is characterised in that: the document management mould
Block includes mobile device enterprise's cloud storage unit, mobile device private cloud storage unit, document security administrative unit, document management
Unit, document policies administrative unit;
The mobile device enterprise's cloud storage unit passes through for carrying out storage and management on the mobile apparatus to enterprise document
Synchronous downloading to enterprise's cloud storage unit is realized the publication of enterprise document and is shared;
The mobile device private cloud storage unit is for the upload, downloading, storage to privately owned document;
The document security administrative unit is used for mobile device enterprise's cloud storage unit, mobile device private cloud storage unit
The file of middle storage is managed, and realizes the unified management of enterprise document and personal document, and ensures business data and number
According to physical isolation, and document it is upper be transmitted through in transmission process, using high strength encrypting algorithm carry out file encryption, prevention and control
Document leaks risk, system integration file browser, supports Word, PPT, PDF, JPG, TXT, MP4, MP3, AVI format, uploads
Document into system can not open leakage of content after preventing document to be lost by third party's browser;
The document management unit is used for the file distributing in enterprise's cloud to the mobile terminal of specified target user, real
Existing enterprise document uniformly issues and file-sharing, and can checking to the file issued;
The document policies administrative unit is used to carry out tactical management to enterprise document, and document sharing, copy function are arranged
Corresponding management strategy, facilitates enterprise to be managed document.
7. a kind of mobile device safety management system according to claim 1, it is characterised in that: the pushing module packet
Include mobile e-mail push administrative unit, mobile notice push administrative unit;
The mobile e-mail push administrative unit is used to ensure the safety of delivery email content and Email attachment, and supports
Following mail protocol: IMAP, Exchange, POP3, and during push can to mail security channel and mail document into
Row encryption, guarantees the safety of transmission Mail Contents and attachment;
The mobile notice administrative unit manages platform for server end and issues to the notice of mobile terminal, including enterprise is logical
Know the publication of message, the transmitting and receiving of file and content;And support more kinds of text, picture, video, Word, PPT multimedia lattice
The file of formula, and in transmission, it can be achieved that being encrypted to file transmission channel and being encrypted to file data itself
Processing.
8. a kind of mobile device safety management system according to claim 1, it is characterised in that: the mobile terminal visitor
Family end includes user log-in block, security centre's management module, equipment information management module, memory management unit, application management
Unit, application shop, message center unit, documentation center administrative unit, mail management module;
The user log-in block logs in mobile terminal for user, realizes the communication connection with server end management platform,
User pushes the circular mail registered address URL of administrative unit push by mobile e-mail, then according to the user name of registration and
Password is logged in, and user can also push the two dimensional code that administrative unit is sent according to mobile e-mail and log in;
Security centre's management module is used for the safety monitoring of mobile device, and carries out to virus, wooden horse, malicious code
Comprehensive killing and quick killing vulnerability scanning and patch reparation, guarantee the safety of mobile device;
The equipment information management module be used to check the essential information of mobile device, detailed hardware information, CPU information and
Hardware characteristic information;
The memory management unit can check current residual memory, in the machine for being managed to the memory of mobile device
It deposits, using committed memory, system committed memory and free memory information, and internally deposits and be purged or optimize;
The application management unit is for being managed the application program of mobile device;
The application shop is used to download the application program and third-party application program of enterprise's publication;
The message center unit is for checking enterprise message and attachment content that enterprise pushes to user, when receiving administrator
After the information that member pushes to mobile terminal, preset information will disappear while show the new information received;
The documentation center administrative unit is for managing enterprise document and personal document, effective user-isolated public and private text
Shelves, protect the personal document of user, while enterprise document is downloaded and enterprise document localization management;
The mail management module is used for the delivery email that management server end pipe platform is sent, and checks server end
Manage the delivery email that platform is sent.
9. a kind of mobile device safety management system according to claim 4, it is characterised in that: a variety of detections
Mesh include: mobile terminal device whether mention power detection, whether install violation application program detection, operating system version whether close rule
Whether detection, application version close rule detection, whether SIM card is the detection of authorization SIM card, whether meets the inspection of geography fence strategy
It surveys, whether meet the detection of time ring fence.
10. a kind of mobile device safety management system according to claim 8, it is characterised in that: the security centre
Management module include quick killing unit, comprehensive killing unit, real time monitoring unit, threaten reminding unit, operation note unit,
Virus base upgrade unit;
The quick killing unit is used to carry out quick killing to mobile device virus;
Comprehensive killing is used to the storage of mobile device and SD card, storage catalogue carrying out comprehensive killing, Quan Miancha
Binary system killing and intellectual analysis can be carried out for system All Files by, which killing, threatens, after the completion of killing, if it find that virus or
It threatens, checking and killing virus can be recorded and be saved by system, and user can click the file category that details check Virus Type, virus infection
Property information, and corresponding processing mode can be taken virus;
The real time monitoring unit is for monitoring mobile device in real time, to guarantee the safety of running environment;
Threat of the threat reminding unit for reminding user's mobile device to be subject in time, to ensure that user handles prestige in time
The side of body;
The operation note unit is used to record the relevant scanning information of virus of institute's killing, is conveniently used for subsequent check;
The virus base upgrade unit is used to carry out online upgrading to virus base, to ensure the safety of running environment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811213329.0A CN109460660B (en) | 2018-10-18 | 2018-10-18 | Mobile device safety management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811213329.0A CN109460660B (en) | 2018-10-18 | 2018-10-18 | Mobile device safety management system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109460660A true CN109460660A (en) | 2019-03-12 |
CN109460660B CN109460660B (en) | 2022-04-08 |
Family
ID=65607808
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811213329.0A Active CN109460660B (en) | 2018-10-18 | 2018-10-18 | Mobile device safety management system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109460660B (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110087238A (en) * | 2019-05-13 | 2019-08-02 | 商洛学院 | A kind of information safety of mobile electronic equipment protection system |
CN110266708A (en) * | 2019-06-27 | 2019-09-20 | 恒宝股份有限公司 | A kind of terminal security verifying system and method based on device clusters |
CN110266878A (en) * | 2019-05-24 | 2019-09-20 | 北京指掌易科技有限公司 | A method of it realizes using ordinary terminal as work special-purpose terminal |
CN110502900A (en) * | 2019-08-26 | 2019-11-26 | Oppo广东移动通信有限公司 | A kind of detection method, terminal, server and computer storage medium |
CN110728584A (en) * | 2019-10-23 | 2020-01-24 | 泰康保险集团股份有限公司 | Information processing method and device, readable storage medium and electronic equipment |
CN110784473A (en) * | 2019-10-31 | 2020-02-11 | 江苏安防科技有限公司 | Wisdom piping lane trade cloud security defense system |
CN111181973A (en) * | 2019-12-31 | 2020-05-19 | 沈阳骏杰卓越软件科技有限公司 | Terminal equipment safety management system |
CN112381557A (en) * | 2020-12-08 | 2021-02-19 | 集商网络科技(上海)有限公司 | Information management service system for background |
CN112449399A (en) * | 2019-09-02 | 2021-03-05 | 华为技术有限公司 | Communication method, device and system |
CN113285907A (en) * | 2020-02-19 | 2021-08-20 | 华为技术有限公司 | Notification prompting method, server and storage medium |
CN113596385A (en) * | 2021-08-16 | 2021-11-02 | 上海精仪达智能科技有限公司 | Interactive terminal based on multimedia paperless conference intelligent application |
CN113779562A (en) * | 2021-09-22 | 2021-12-10 | 恒安嘉新(北京)科技股份公司 | Zero trust based computer virus protection method, device, equipment and medium |
CN114827127A (en) * | 2022-03-28 | 2022-07-29 | 重庆创通联达智能技术有限公司 | File management method and system, cloud server and terminal equipment |
CN115499844A (en) * | 2022-09-22 | 2022-12-20 | 贵州电网有限责任公司 | Mobile terminal information safety protection system and method |
TWI791882B (en) * | 2019-08-09 | 2023-02-11 | 鴻海精密工業股份有限公司 | System and method for managing electronic device |
CN115499844B (en) * | 2022-09-22 | 2024-04-30 | 贵州电网有限责任公司 | Mobile terminal information safety protection system and method |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103326999A (en) * | 2012-12-14 | 2013-09-25 | 无锡华御信息技术有限公司 | File safety management system based on cloud service |
CN103413095A (en) * | 2013-08-21 | 2013-11-27 | 北京网秦天下科技有限公司 | Method and device for managing mobile terminal |
CN103716785A (en) * | 2013-12-26 | 2014-04-09 | 中国科学院信息工程研究所 | Mobile Internet security service system |
CN104991794A (en) * | 2015-06-18 | 2015-10-21 | 上海斐讯数据通信技术有限公司 | Android intelligent terminal application remote management system |
CN106557697A (en) * | 2015-09-30 | 2017-04-05 | 卡巴斯基实验室股份制公司 | The system and method for generating antivirus set of records ends |
US20170208067A1 (en) * | 2016-01-14 | 2017-07-20 | Avecto Limited | Computer Device and Method for Controlling Access to a Web Resource |
CN107172008A (en) * | 2017-04-01 | 2017-09-15 | 北京芯盾时代科技有限公司 | A kind of system and method for carrying out multisystem certification and synchronization in a mobile device |
CN107566430A (en) * | 2016-06-30 | 2018-01-09 | 全球能源互联网研究院 | A kind of electric power mobile terminal compliance inspection and policy controlling system |
-
2018
- 2018-10-18 CN CN201811213329.0A patent/CN109460660B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103326999A (en) * | 2012-12-14 | 2013-09-25 | 无锡华御信息技术有限公司 | File safety management system based on cloud service |
CN103413095A (en) * | 2013-08-21 | 2013-11-27 | 北京网秦天下科技有限公司 | Method and device for managing mobile terminal |
CN103716785A (en) * | 2013-12-26 | 2014-04-09 | 中国科学院信息工程研究所 | Mobile Internet security service system |
CN104991794A (en) * | 2015-06-18 | 2015-10-21 | 上海斐讯数据通信技术有限公司 | Android intelligent terminal application remote management system |
CN106557697A (en) * | 2015-09-30 | 2017-04-05 | 卡巴斯基实验室股份制公司 | The system and method for generating antivirus set of records ends |
US20170208067A1 (en) * | 2016-01-14 | 2017-07-20 | Avecto Limited | Computer Device and Method for Controlling Access to a Web Resource |
CN107566430A (en) * | 2016-06-30 | 2018-01-09 | 全球能源互联网研究院 | A kind of electric power mobile terminal compliance inspection and policy controlling system |
CN107172008A (en) * | 2017-04-01 | 2017-09-15 | 北京芯盾时代科技有限公司 | A kind of system and method for carrying out multisystem certification and synchronization in a mobile device |
Non-Patent Citations (2)
Title |
---|
CHEN-HSING WANG 等: "An Efficient Multimode Multiplier Supporting AES and Fundamental Operations of Public-Key Cryptosystems", 《IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS》 * |
姚鸿翔: "移动终端智能管理系统的研究与实现", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 * |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110087238A (en) * | 2019-05-13 | 2019-08-02 | 商洛学院 | A kind of information safety of mobile electronic equipment protection system |
CN110266878A (en) * | 2019-05-24 | 2019-09-20 | 北京指掌易科技有限公司 | A method of it realizes using ordinary terminal as work special-purpose terminal |
CN110266708A (en) * | 2019-06-27 | 2019-09-20 | 恒宝股份有限公司 | A kind of terminal security verifying system and method based on device clusters |
CN110266708B (en) * | 2019-06-27 | 2021-07-13 | 恒宝股份有限公司 | Terminal security verification system and method based on equipment cluster |
TWI791882B (en) * | 2019-08-09 | 2023-02-11 | 鴻海精密工業股份有限公司 | System and method for managing electronic device |
CN110502900B (en) * | 2019-08-26 | 2022-07-05 | Oppo广东移动通信有限公司 | Detection method, terminal, server and computer storage medium |
CN110502900A (en) * | 2019-08-26 | 2019-11-26 | Oppo广东移动通信有限公司 | A kind of detection method, terminal, server and computer storage medium |
CN112449399B (en) * | 2019-09-02 | 2023-03-10 | 华为技术有限公司 | Communication method, device and system |
CN112449399A (en) * | 2019-09-02 | 2021-03-05 | 华为技术有限公司 | Communication method, device and system |
CN110728584A (en) * | 2019-10-23 | 2020-01-24 | 泰康保险集团股份有限公司 | Information processing method and device, readable storage medium and electronic equipment |
CN110784473A (en) * | 2019-10-31 | 2020-02-11 | 江苏安防科技有限公司 | Wisdom piping lane trade cloud security defense system |
CN111181973A (en) * | 2019-12-31 | 2020-05-19 | 沈阳骏杰卓越软件科技有限公司 | Terminal equipment safety management system |
CN113285907A (en) * | 2020-02-19 | 2021-08-20 | 华为技术有限公司 | Notification prompting method, server and storage medium |
CN113285907B (en) * | 2020-02-19 | 2022-07-29 | 华为技术有限公司 | Notification prompting method, server and storage medium |
CN112381557A (en) * | 2020-12-08 | 2021-02-19 | 集商网络科技(上海)有限公司 | Information management service system for background |
CN113596385A (en) * | 2021-08-16 | 2021-11-02 | 上海精仪达智能科技有限公司 | Interactive terminal based on multimedia paperless conference intelligent application |
CN113779562A (en) * | 2021-09-22 | 2021-12-10 | 恒安嘉新(北京)科技股份公司 | Zero trust based computer virus protection method, device, equipment and medium |
CN114827127A (en) * | 2022-03-28 | 2022-07-29 | 重庆创通联达智能技术有限公司 | File management method and system, cloud server and terminal equipment |
CN114827127B (en) * | 2022-03-28 | 2024-02-13 | 重庆创通联达智能技术有限公司 | File management method, system, cloud server and terminal equipment |
CN115499844A (en) * | 2022-09-22 | 2022-12-20 | 贵州电网有限责任公司 | Mobile terminal information safety protection system and method |
CN115499844B (en) * | 2022-09-22 | 2024-04-30 | 贵州电网有限责任公司 | Mobile terminal information safety protection system and method |
Also Published As
Publication number | Publication date |
---|---|
CN109460660B (en) | 2022-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109460660A (en) | A kind of mobile device safety management system | |
US11950097B2 (en) | System and method for controlling mobile device access to a network | |
US11134104B2 (en) | Secure execution of enterprise applications on mobile devices | |
US20220174040A1 (en) | Combined security and qos coordination among devices | |
US11818129B2 (en) | Communicating with client device to determine security risk in allowing access to data of a service provider | |
US8595810B1 (en) | Method for automatically updating application access security | |
US10785230B1 (en) | Monitoring security of a client device to provide continuous conditional server access | |
CN103647784B (en) | A kind of method and apparatus of public and private isolation | |
Shumate et al. | Bring your own device: Benefits, risks and control techniques | |
US10749877B1 (en) | Performing a security action in response to a determination that a computing device is lost or stolen | |
CN103442354B (en) | A kind of movable police terminal security managing and control system | |
CN103716785B (en) | A kind of mobile Internet safety service system | |
CN104184735A (en) | Electric marketing mobile application safe protection system | |
US11812261B2 (en) | System and method for providing a secure VLAN within a wireless network | |
KR101534307B1 (en) | Caused by the use of smart device internal confidential data leakage prevention & trace system and method | |
US11678261B2 (en) | Distributed wireless communication access security | |
Kravets et al. | Mobile security solution for enterprise network | |
Samaras et al. | An enterprise security architecture for accessing SaaS cloud services with BYOD | |
CN104918248A (en) | Enterprise mobile safety gateway method of application flow management, application acceleration and safety | |
Yamin et al. | Mobile device management (MDM) technologies, issues and challenges | |
EP3817327A1 (en) | Monitoring security of a client device to provide continuous conditional server access | |
PH12014501888B1 (en) | Systems and methods for encrypted mobile voice communications | |
Kurtz | Hacking Wireless Access Points: Cracking, Tracking, and Signal Jacking | |
Demblewski | Security frameworks for machine-to-machine devices and networks | |
CN110489947A (en) | A kind of safety office managing and control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |