CN109460660B - Mobile device safety management system - Google Patents
Mobile device safety management system Download PDFInfo
- Publication number
- CN109460660B CN109460660B CN201811213329.0A CN201811213329A CN109460660B CN 109460660 B CN109460660 B CN 109460660B CN 201811213329 A CN201811213329 A CN 201811213329A CN 109460660 B CN109460660 B CN 109460660B
- Authority
- CN
- China
- Prior art keywords
- mobile
- management
- equipment
- unit
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Abstract
The invention relates to a mobile equipment safety management system, which comprises a mobile terminal and a server end management platform, wherein the mobile terminal is in communication connection with the server end management platform through the Internet, the server end management platform comprises a mobile terminal threat defense management module, an enterprise mobile equipment management module and a push module, the mobile equipment safety management system can realize the overall management of the platform on the mobile equipment, the platform comprises the mobile terminal threat defense management module, the enterprise mobile equipment management module and the push module, the mobile equipment is sterilized through the mobile terminal threat defense management module, a safety admittance strategy is set, the safety sandbox module ensures the safety of the mobile equipment, in addition, the enterprise mobile equipment management module can ensure the safety of the mobile equipment, application programs and documents of the mobile equipment, and under the condition that the mobile equipment is lost, the security of the confidential documents of the enterprise is further ensured by deleting the files of the mobile equipment or modifying the login password of the mobile equipment.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a mobile equipment security management system.
Background
With the rapid development of mobile device products, the commercial application of smart phones and tablet computers has become a development trend. How to centrally manage and control mobile devices has become an important key point for enterprise management.
Originally, a smart phone and a tablet computer designed for personal consumers are continuously used by enterprises for bearing key services and core applications, and employees use mobile equipment to access enterprise information, so that although the office efficiency is improved, a lot of potential safety hazards are brought to the enterprises, and problems of fund stealing, information leakage and the like often occur, the reason for this is that the security of access information cannot be screened when the mobile terminal equipment accesses other systems, and it is likely that the potential safety hazards exist in the mobile terminals of the employees, and viruses, trojans and malicious programs are implanted into the mobile terminals or data in the mobile terminals are peeped; the safety of the mobile terminal cannot be guaranteed due to the problems that call data, short message data and network data borne by the mobile terminal are maliciously acquired and the like; in addition, the prior art also has the problem that the confidential data of the enterprise is lost together after the mobile equipment is lost. Therefore, a security management system is needed to ensure the security of the system data.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a mobile equipment safety management system which can ensure the safety of mobile equipment, can position the mobile equipment when the mobile equipment is lost, can ensure the safety of data by deleting file data or modifying mobile equipment passwords, and further improves the safety of the system.
The technical scheme of the invention is as follows: a mobile device safety management system comprises a mobile terminal and a server side management platform, wherein the mobile terminal is in communication connection with the server side management platform through the Internet, and the server side management platform comprises a mobile terminal threat defense management module, an enterprise mobile device management module and a pushing module;
the mobile terminal threat defense management module is used for integrally protecting the security threat and the security problem of the mobile terminal equipment;
the enterprise mobile equipment management module is used for comprehensively managing hosted mobile terminal equipment, application programs installed in the hosted mobile equipment terminal and data documents in the mobile equipment terminal and the server-side management platform;
the push module is used for the server management platform to push messages to the mobile terminal.
Furthermore, the threat defense management module of the mobile terminal comprises a mobile antivirus module, a security access module, an application program scanning module, a security state perception module, an application encapsulation module and a security sandbox module;
the mobile antivirus module is used for killing viruses, trojans and malicious codes on the mobile terminal equipment and the application program thereof by using a virus dual-engine killing technology, preventing a user from installing the application program with poor safety, and performing virus killing, vulnerability scanning and patch repair on the system;
the safety access module is used for auditing the mobile terminal equipment managed by the server side management platform, controlling the access of the mobile terminal equipment by matching with time fence and geo-fence strategies through various detection items, and performing fine-grained strategy control on the illegal mobile terminal equipment to prevent the dangerous mobile terminal equipment from running on the server side management platform;
the application program scanning module is used for carrying out safety scanning before the application program is online, detecting the problems that the application program is infected with virus trojans, the use authority of the application program is tracked, the application program is not subjected to a safety digital signature and the application program code is not subjected to obfuscation processing possibly existing in the application program, ensuring the safety of the application store of the server-side management platform to which the application program is uploaded, and preventing the application program from being maliciously transformed in modes of decompilation, code injection and the like;
the security situation perception module is used for carrying out big data analysis on a plurality of factors of the running state, the network behavior and the user behavior of the mobile terminal equipment, carrying out behavior summary on the current state and the change trend of all equipment in the current mobile terminal equipment network, displaying a data structure in a graphical mode for a user to check, prejudging security problems at the first time, checking potential safety hazards and preventing larger security events;
the application encapsulation module is used for injecting and encapsulating codes into the developed application program installation package without modifying the codes of the existing mobile terminal application, saves development cost and maintenance cost, and has the following functions:
1) unified identity authentication: carrying out forced authentication on the user identity of the application in a unified mode through a user name, a password and a certificate;
2) unified single sign-on: enforcing single sign-on security access of all mobile applications based on time and application level;
3) and authority authorization: enabling or disabling use of the application, offline use of the application, or storing data in the device;
4) and automatic configuration: automatically configuring personal setting information related to a user name, a Server address and custom data without user interaction operation;
5) and automatic encryption: ensuring that all data stored to the device by each application is encrypted;
6) DLP data leakage prevention: forbidding/allowing the functions of copying/pasting texts in the enterprise application and the like;
7) and dynamic strategy: dynamically updating the application strategy;
8) and statistics report: counting information such as use frequency, time, duration and the like of each application and uniformly displaying the information;
9) and optional erasing: remotely selectively erasing part of the application data without affecting the user's personal data;
the security sandbox module is used for guaranteeing the security of system data, a DSA data isolation area is established and is encrypted in a high strength mode, the DSA can automatically break up and encrypt and protect the data, an external program cannot obtain any data details of the DSA, the DSA comprises disk partition information, a file directory table, a key safe area and an encrypted file storage area, files stored through the DSA are protected through a one-time pad random key and an AES256 encryption algorithm, the random key is encrypted and stored in the secure key safe area through a PKI public key, and therefore the security of the system data is further guaranteed.
Furthermore, the enterprise mobile equipment management module comprises a mobile terminal equipment management module, a mobile terminal equipment application program management module and a document management module;
the mobile terminal equipment management module is used for comprehensively managing the hosted mobile terminal equipment;
the mobile terminal device application program management module is used for closely monitoring application programs installed in the hosted mobile device, supporting a blacklist/whitelist strategy, filtering all malicious programs in a blacklist, setting authority of an application store carried by the system, allowing or forbidding installation of the application programs from the application store, blocking the sources of the malicious programs and ensuring legality and controllability of the application programs;
the document management module is used for carrying out centralized storage, approval, release, remote push and document recovery management on the enterprise files, realizing content management on the mobile equipment and ensuring safe browsing of the internal documents of the enterprise on the mobile equipment and updating of the document contents; the distribution of enterprise documents and the setting and management of the authority are realized.
The mobile terminal equipment management module comprises an equipment management module, a safety management module, a user management module and a policy crossing management module, wherein the equipment management module comprises a mobile terminal equipment state monitoring and data acquisition unit, a mobile terminal equipment authority management unit and a mobile terminal equipment configuration management unit;
the safety management module comprises a mobile equipment loss positioning unit, a mobile equipment loss connection detection unit, an equipment loss data protection unit, a network safety control unit and a system log management unit;
the user management module comprises an identity authentication and user full life cycle management and control unit;
the policy crossing management module comprises a device/user grouping policy management unit and a cross-platform multi-device binding unit;
the mobile terminal equipment state monitoring and data acquiring unit is used for carrying out detailed tracking recording and early warning on hardware information, application program information and safety information of the mobile terminal equipment, so that fine-grained management and control of the system on the mobile terminal equipment information are realized;
the mobile terminal device authority management unit is used for configuring and managing the function authority, the application program authority, the safety and the privacy authority of the mobile terminal device of an appointed user, and mainly comprises the following steps:
1) limiting the camera, recording, dialing a phone call, and receiving and sending a short message;
2) limiting WiFi access type and SSID;
3) an application store is limited in use, and installation of applications is limited;
4) the use of the data line is limited;
5) the WIFI and Bluetooth functions are limited;
6) the browser is limited to be used, and the Javascript is limited to be used;
the mobile terminal device configuration management unit is used for establishing a plurality of configuration strategies by utilizing remote management and OTA (over the air) pushing modes of user account configuration information, is mainly used for configuration of WiFi (wireless fidelity), VPN (virtual private network), LDAP (lightweight directory Access protocol), Exchange, POP3, IMAP (Internet access protocol) and APN (access point name), can also be directly pushed to a specified user terminal through background operation by a manager to avoid self input of a user, and can automatically push and configure an account for configuration of WiFi and VPN account types, so that the user can be connected to a wireless network and a virtual private network without knowing a password, namely, safe access is realized, and account information leakage of the user is avoided;
in addition, the authority of the mobile equipment can be customized according to different users, all configuration information is issued in real time in a wireless push mode, and configuration can be issued according to the overall situation, the group, the authority, the user and the multi-dimension of the equipment;
the mobile equipment loss positioning unit is used for remotely positioning the mobile equipment through GPRS, 3G and 4G, WiFi, intelligently drawing the action track of the mobile equipment and accurately mastering the action tracks of the mobile equipment and personnel using the mobile equipment;
the mobile equipment loss detection unit is used for carrying out loss strategy control on lost mobile equipment, automatically executing a corresponding equipment loss strategy under the condition that the mobile equipment is lost or cannot be networked, wiping out specified data from the mobile equipment, clearing mobile equipment information, locking mobile equipment operation and ensuring data safety under the condition that the mobile equipment is disconnected;
the device lost data protection unit is used for performing remote password setting, locking the mobile device, erasing system application data, erasing personal privacy data and guaranteeing system data safety on the lost mobile device, and performing safety control on data stored in the mobile device at the first time when the device is lost;
the network security control unit supports a WIFI black and white list of the mobile equipment, is used for controlling and limiting the security access of the WIFI wireless network, prevents mobile devices from accessing the unsafe WIFI wireless network, tracks and monitors the URL of the mobile equipment for surfing the internet, and judges the surfing behavior of the mobile terminal through recording and analyzing the URL, so that the safety of surfing the internet of the mobile equipment is ensured;
the identity authentication and user full life cycle management and control unit is used for producing a corresponding certificate for a user by the system when the user network is accessed, the certificate can ensure the identity authentication between the user and the server management platform, the certificate has a settable life cycle, the authority limit of the user can be set, the mobile equipment starts to receive the comprehensive management of the system from the completion of registration, and the system carries out strict monitoring and uniform configuration management on all state information and operation behaviors of the user equipment in the whole life cycle of accessing the enterprise environment;
the device/user grouping strategy management unit is used for automatically classifying the devices according to different attributes of the mobile devices, and different types of devices and different user devices freely establish groups;
and adopting a user management mechanism based on roles to carry out multi-level grouping on positions, departments and groups of the users, and managing the users at multiple angles; enterprises can conveniently carry out centralized and unified management on the mobile equipment, and different equipment enterprises can set different administrators for respective management;
the cross-platform multi-device binding unit is used for binding different mobile devices and mobile operating system platforms, and a single user can be bound with devices of a plurality of platforms/versions/operating systems, so that unified and centralized management of the user multi-devices is realized;
the system log management unit is used for managing a user log, an equipment log, a system alarm log, an application program log, a system operation log, an application program installation log and an equipment operation log, is convenient for a user to consult log files to determine the current state of the system, observe data related to the use of the user and know the use condition of the system, and can set an automatic log deleting strategy.
The mobile terminal device application program management module comprises an independent enterprise application store, an application program remote distribution and erasing unit, an application program black/white list monitoring unit, an application program installation counting unit and an application program single application mode unit;
the independent enterprise application store is used for uploading, downloading and updating application programs of the users, an on-shelf mechanism and an off-shelf mechanism of the programs, establishes the application store of the users and distributes and manages the applications without a third-party application store;
the remote application program distribution and erasing unit is used for batch distribution, remote installation, remote removal, remote updating and remote erasing operation of the application programs, so that a complex and tedious installation process is avoided, the working efficiency in a batch deployment process is greatly improved, in addition, the system can realize remote unloading and data erasing of the mobile equipment, and the situation that confidential information of a user is leaked due to the fact that the mobile equipment is stolen and accidentally lost is avoided;
the application program black/white list monitoring unit is used for limiting application installation on the mobile equipment, and if illegal application installation on the mobile equipment is found, the system informs a user or enforcedly unloads the mobile equipment, so that the safety of the mobile equipment is ensured;
the application program installation counting unit is used for carrying out installation counting on the application programs pushed by an enterprise, and a user can check the pushing record, the installation condition and the relevant information of the pushing condition of each application program; the method comprises the steps of warning the mobile equipment which does not install necessary application programs according to the regulations, and automatically pushing for the second time;
the application program single application mode unit is used for locking the mobile equipment to a certain application program, the application program is automatically started, the user cannot exit, and the user cannot use the application programs except the single application mode program.
The document management module comprises a mobile equipment enterprise cloud storage unit, a mobile equipment private cloud storage unit, a document security management unit, a document management unit and a document policy management unit;
the mobile equipment enterprise cloud storage unit is used for storing and managing enterprise documents on the mobile equipment, and the enterprise documents are issued and shared through synchronous downloading of the enterprise cloud storage unit;
the mobile equipment private cloud storage unit is used for uploading, downloading and storing private documents;
the document security management unit is used for managing files stored in the mobile device enterprise cloud storage unit and the mobile device private cloud storage unit, realizing unified management of enterprise documents and personal documents, ensuring physical isolation of enterprise data and personal data, and encrypting the documents by adopting a high-strength encryption algorithm in the uploading and transmission processes, preventing and controlling the risk of document leakage, integrating a document browser with the system, supporting Word, PPT, PDF, JPG, TXT, MP4, MP3 and AVI formats, uploading the documents to the system, and being incapable of being opened by a third-party browser to prevent the content leakage after the documents are lost;
the document management unit is used for distributing the files in the enterprise cloud to the mobile terminal of a specified target user, realizing uniform issuing and file sharing of enterprise documents and checking the issued files;
the document strategy management unit is used for carrying out strategy management on the documents of the enterprise, setting corresponding management strategies for the document sharing and copying functions and facilitating the management of the documents of the enterprise.
The push module comprises a mobile mail push management unit and a mobile notification push management unit;
the mobile mail pushing management unit is used for ensuring the safety of pushing mail content and mail attachments and supporting the following mail protocols: IMAP, Exchange and POP3, and can encrypt the mail security channel and mail file in the pushing process, so as to ensure the security of the transmitted mail content and attachment;
the mobile notification management unit is used for the server side management platform to issue the notification to the mobile terminal, including issuing the enterprise notification message and sending and receiving the file and the content; and the system supports files in various multimedia formats such as characters, pictures, videos, Word and PPT, and can realize encryption of a file transmission channel and encryption processing of file data during transmission.
Furthermore, the mobile terminal comprises a user login module, a security center management module, an equipment information management module, a memory management unit, an application store, a message center unit, a document center management unit and a mail management module;
the user login module is used for a user to log in the mobile terminal and realize communication connection with the server management platform, the user logs in according to a registered user name and a registered password through a notification mail registration address URL pushed by the mobile mail pushing management unit, and the user can also log in according to a two-dimensional code sent by the mobile mail pushing management unit;
the security center management module is used for security monitoring of the mobile equipment, and performing comprehensive killing, quick vulnerability scanning and patch repair on viruses, trojans and malicious codes to ensure the security of the mobile equipment;
the device information management module is used for checking basic information, detailed hardware information, CPU information and hardware characteristic information of the mobile device;
the memory management unit is used for managing the memory of the mobile equipment, checking the current residual memory, the local memory, the application occupied memory, the system occupied memory and the available memory information, and clearing or optimizing the memory;
the application management unit is used for managing the application program of the mobile equipment;
the application store is used for downloading the application program released by the enterprise and the application program of a third party;
the message center unit is used for checking enterprise messages and attachment contents pushed to the user by an enterprise, and when receiving information pushed to the mobile terminal by a manager, the preset information disappears and the received new information is displayed;
the document center management unit is used for managing enterprise documents and personal documents, effectively isolating public and private documents of users, protecting the personal documents of the users, and simultaneously downloading the enterprise documents and locally managing the enterprise documents;
the mail management module is used for managing the push mails sent by the server side management platform and checking the push mails sent by the server side management platform.
Furthermore, the safety center management module comprises a quick searching and killing unit, a comprehensive searching and killing unit, a real-time monitoring unit, a threat reminding unit, an operation recording unit and a virus library upgrading unit;
the rapid searching and killing unit is used for rapidly searching and killing the viruses of the mobile equipment;
the comprehensive checking and killing is used for carrying out comprehensive checking and killing on the storage of the mobile equipment, the SD card and the storage directory, the comprehensive checking and killing can carry out binary checking and killing and intelligent threat analysis on all files of the system, after the checking and killing is finished, if viruses or threats are found, the system can store virus checking and killing records, a user can click details to check the virus type and the file attribute information of virus infection, and a corresponding processing mode can be adopted for the viruses;
the real-time monitoring unit is used for monitoring the mobile equipment in real time so as to ensure the safety of the operating environment;
the threat reminding unit is used for reminding the user of the threat to the mobile equipment in time so as to ensure that the user can deal with the threat in time;
the operation recording unit is used for recording the scanning information related to the searched and killed viruses, and is convenient for subsequent checking;
the virus library upgrading unit is used for upgrading the virus library on line so as to ensure the safety of the operating environment.
Further, the plurality of detection items include: whether the mobile terminal equipment is subjected to right-lifting detection or not, whether illegal application program detection is installed or not, whether the operating system version is in compliance detection or not, whether the application program version is in compliance detection or not, whether the SIM card is an authorized SIM card or not, whether the geofence strategy detection is met or not, and whether the time fence strategy detection is met or not.
Further, the time fence strategy is to control the mobile device by setting a certain time range of use beyond which the system cannot be used; the geo-fencing strategy refers to controlling the mobile device by geographic latitude, and the system cannot be used beyond the range.
Furthermore, the mobile terminal is suitable for mobile terminal equipment of an Android platform and an iOS platform.
The invention has the beneficial effects that:
1. the system is provided with a mobile terminal and a server management platform; the mobile terminal client is connected with the server management platform through the Internet to realize the overall management of the platform on the mobile equipment, the platform comprises a mobile terminal threat defense management module, an enterprise mobile equipment management module and a push module, the mobile equipment is sterilized through the mobile terminal threat defense management module, a security access strategy is set, and the security of the mobile equipment is ensured through a security sandbox module; the user can ensure the security of the mobile equipment and the enterprise file according to the setting of security policies such as a time fence policy, a geo-fence policy and the like;
2. the system can send files to enterprise employees in the form of mails and notifications through the pushing module, and further ensures the security of the pushed files because a built-in browser is adopted for browsing the files and a channel for launching the files and file attachments are encrypted;
3. by arranging the enterprise cloud storage unit and the private cloud storage unit, personal files of enterprise files are further separated, the practicability is high, and unified management is facilitated;
4. only independent application stores are arranged in the system, and the application programs are monitored safely before being put on shelf, so that the safety of the application programs is ensured;
5. the mobile terminal is provided with the security center, the document center management unit and the mail management module, so that the security of the mobile terminal file is further ensured, and the mobile terminal file management method has a good application prospect.
Drawings
Fig. 1 is a structural frame diagram of the present invention.
Detailed Description
The following further describes embodiments of the present invention with reference to the accompanying drawings:
as shown in fig. 1, a mobile device security management system includes a mobile terminal and a server-side management platform, where the mobile terminal is in communication connection with the server-side management platform through the internet, and the server-side management platform includes a mobile terminal threat defense management module, an enterprise mobile device management module, and a push module, and before use, a user logs in the server-side management platform through an account to perform unified management on the mobile terminal;
the mobile terminal threat defense management module is used for integrally protecting the security threat and the security problem of the mobile terminal equipment;
the enterprise mobile equipment management module is used for comprehensively managing hosted mobile terminal equipment, application programs installed in the hosted mobile equipment terminal and data documents in the mobile equipment terminal and the server-side management platform;
the push module is used for the server management platform to push messages to the mobile terminal.
Furthermore, the mobile terminal threat defense management module comprises a mobile antivirus module, a security access module, an application program scanning module, a security state perception module, an application encapsulation module and a security sandbox module.
The mobile antivirus module is used for killing viruses, trojans and malicious codes on the mobile terminal equipment and the application program thereof by using a virus dual-engine killing technology, preventing a user from installing the application program with poor safety, and performing virus killing, vulnerability scanning and patch repair on the system.
The safety access module is used for auditing the mobile terminal equipment managed by the server side management platform, controlling the access of the mobile terminal equipment by matching with time fence and geo-fence strategies through various detection items, and performing fine-grained strategy control on the illegal mobile terminal equipment to prevent the dangerous mobile terminal equipment from running on the server side management platform, wherein the various detection items comprise: whether the mobile terminal equipment is subjected to right-lifting detection or not, whether illegal application program detection is installed or not, whether the operating system version is in compliance detection or not, whether the application program version is in compliance detection or not, whether the SIM card is an authorized SIM card or not, whether the geofence strategy detection is met or not, and whether the time fence strategy detection is met or not.
The time fence strategy is to control the mobile equipment by setting a certain using time range, and the system cannot be used beyond the time range; the geo-fencing strategy refers to controlling the mobile device by geographic latitude, and the system cannot be used beyond the range.
The application program scanning module is used for carrying out safety scanning before the application program is online, detecting the problems that the application program is infected with virus trojans, the use authority of the application program is tracked, the application program is not subjected to a safety digital signature, and the application program code is not subjected to obfuscation processing, ensuring the safety of the application store of the application program uploaded to the server-side management platform, and preventing the application program from being maliciously reformed in modes of decompilation or code injection and the like.
The security situation perception module is used for carrying out big data analysis on multiple factors of the running state, the network behavior and the user behavior of the mobile terminal equipment, carrying out behavior summary on the current state and the change trend of all equipment in the current mobile terminal equipment network, displaying a data structure in a graphical mode for a user to check, prejudging security problems at the first time, checking potential safety hazards and preventing larger security events.
The application encapsulation module is used for injecting and encapsulating codes into the developed application program installation package without modifying the codes of the existing mobile terminal application, saves development cost and maintenance cost, and has the following functions:
1) unified identity authentication: carrying out forced authentication on the user identity of the application in a unified mode through a user name, a password and a certificate;
2) unified single sign-on: enforcing single sign-on security access of all mobile applications based on time and application level;
3) and authority authorization: enabling or disabling use of the application, offline use of the application, or storing data in the device;
4) and automatic configuration: automatically configuring personal setting information related to a user name, a Server address and custom data without user interaction operation;
5) and automatic encryption: ensuring that all data stored to the device by each application is encrypted;
6) DLP data leakage prevention: forbidding/allowing the functions of copying/pasting texts in the enterprise application and the like;
7) and dynamic strategy: dynamically updating the application strategy;
8) and statistics report: counting information such as use frequency, time, duration and the like of each application and uniformly displaying the information;
9) and optional erasing: and remotely and selectively erasing part of the application data without influencing the personal data of the user.
The security sandbox module is used for guaranteeing the security of system data, a DSA data isolation area is established and is encrypted in a high strength mode, the DSA can automatically break up and encrypt and protect the data, an external program cannot obtain any data details of the DSA, the DSA comprises disk partition information, a file directory table, a key safe area and an encrypted file storage area, files stored through the DSA are protected through a one-time pad random key and an AES256 encryption algorithm, the random key is encrypted and stored in the secure key safe area through a PKI public key, and therefore the security of the system data is further guaranteed.
The enterprise mobile equipment management module comprises a mobile terminal equipment management module, a mobile terminal equipment application program management module and a document management module; the mobile terminal equipment management module is used for comprehensively managing the hosted mobile terminal equipment; the mobile terminal device application program management module is used for closely monitoring application programs installed in the hosted mobile device, supporting a blacklist/whitelist strategy, filtering all malicious programs in a blacklist, setting authority of an application store carried by the system, allowing or forbidding installation of the application programs from the application store, blocking the sources of the malicious programs and ensuring legality and controllability of the application programs; the document management module is used for carrying out centralized storage, approval, release, remote push and document recovery management on the enterprise files, realizing content management on the mobile equipment and ensuring safe browsing of the internal documents of the enterprise on the mobile equipment and updating of the document contents; the distribution of enterprise documents and the setting and management of the authority are realized.
The mobile terminal equipment management module comprises an equipment management module, a safety management module, a user management module and a policy crossing management module, wherein the equipment management module comprises a mobile terminal equipment state monitoring and data acquisition unit, a mobile terminal equipment authority management unit and a mobile terminal equipment configuration management unit;
the safety management module comprises a mobile equipment loss positioning unit, a mobile equipment loss connection detection unit, an equipment loss data protection unit, a network safety control unit and a system log management unit;
the user management module comprises an identity authentication and user full life cycle management and control unit;
the policy crossing management module comprises a device/user grouping policy management unit and a cross-platform multi-device binding unit;
the mobile terminal equipment state monitoring and data acquiring unit is used for carrying out detailed tracking recording and early warning on hardware information, application program information and safety information of the mobile terminal equipment, so that fine-grained management and control of the system on the mobile terminal equipment information are realized;
the mobile terminal device authority management unit is used for configuring and managing the function authority, the application program authority, the safety and the privacy authority of the mobile terminal device of an appointed user, and mainly comprises the following steps:
1) limiting the camera, recording, dialing a phone call, and receiving and sending a short message;
2) limiting WiFi access type and SSID;
3) an application store is limited in use, and installation of applications is limited;
4) the use of the data line is limited;
5) the WIFI and Bluetooth functions are limited;
6) the browser is limited to be used, and the Javascript is limited to be used;
the mobile terminal device configuration management unit is used for establishing a plurality of configuration strategies by utilizing remote management and OTA (over the air) pushing modes of user account configuration information, is mainly used for configuration of WiFi (wireless fidelity), VPN (virtual private network), LDAP (lightweight directory Access protocol), Exchange, POP3, IMAP (Internet access protocol) and APN (access point name), can also be directly pushed to a specified user terminal through background operation by a manager to avoid self input of a user, and can automatically push and configure an account for configuration of WiFi and VPN account types, so that the user can be connected to a wireless network and a virtual private network without knowing a password, namely, safe access is realized, and account information leakage of the user is avoided;
in addition, the authority of the mobile equipment can be customized according to different users, all configuration information is issued in real time in a wireless push mode, and configuration can be issued according to the overall situation, the group, the authority, the user and the multi-dimension of the equipment;
the mobile equipment loss positioning unit is used for remotely positioning the mobile equipment through GPRS, 3G and 4G, WiFi, intelligently drawing the action track of the mobile equipment and accurately mastering the action tracks of the mobile equipment and personnel using the mobile equipment;
the mobile equipment loss detection unit is used for carrying out loss strategy control on lost mobile equipment, automatically executing a corresponding equipment loss strategy under the condition that the mobile equipment is lost or cannot be networked, wiping out specified data from the mobile equipment, clearing mobile equipment information, locking mobile equipment operation and ensuring data safety under the condition that the mobile equipment is disconnected;
the device lost data protection unit is used for performing remote password setting, locking the mobile device, erasing system application data, erasing personal privacy data and guaranteeing system data safety on the lost mobile device, and performing safety control on data stored in the mobile device at the first time when the device is lost;
the network security control unit supports a WIFI black and white list of the mobile equipment, is used for controlling and limiting the security access of the WIFI wireless network, prevents mobile devices from accessing the unsafe WIFI wireless network, tracks and monitors the URL of the mobile equipment for surfing the internet, and judges the surfing behavior of the mobile terminal through recording and analyzing the URL, so that the safety of surfing the internet of the mobile equipment is ensured;
the identity authentication and user full life cycle management and control unit is used for producing a corresponding certificate for a user by the system when the user network is accessed, the certificate can ensure the identity authentication between the user and the server management platform, the certificate has a settable life cycle, the authority limit of the user can be set, the mobile equipment starts to receive the comprehensive management of the system from the completion of registration, and the system carries out strict monitoring and uniform configuration management on all state information and operation behaviors of the user equipment in the whole life cycle of accessing the enterprise environment;
the device/user grouping strategy management unit is used for automatically classifying the devices according to different attributes of the mobile devices, and different types of devices and different user devices freely establish groups; and adopting a user management mechanism based on roles to carry out multi-level grouping on positions, departments and groups of the users, and managing the users at multiple angles; enterprises can conveniently carry out centralized and unified management on the mobile equipment, and different equipment enterprises can set different administrators for respective management;
the cross-platform multi-device binding unit is used for binding different mobile devices and mobile operating system platforms, and a single user can be bound with devices of a plurality of platforms/versions/operating systems, so that unified and centralized management of the user multi-devices is realized;
the system log management unit is used for managing a user log, an equipment log, a system alarm log, an application program log, a system operation log, an application program installation log and an equipment operation log, is convenient for a user to consult log files to determine the current state of the system, observe data related to the use of the user and know the use condition of the system, and can set an automatic log deleting strategy.
The mobile terminal device application program management module comprises an independent enterprise application store, an application program remote distribution and erasing unit, an application program black/white list monitoring unit, an application program installation counting unit and an application program single application mode unit;
the independent enterprise application store is used for uploading, downloading and updating application programs of the users, an on-shelf mechanism and an off-shelf mechanism of the programs, establishes the application store of the users and distributes and manages the applications without a third-party application store;
the remote application program distribution and erasing unit is used for batch distribution, remote installation, remote removal, remote updating and remote erasing operation of the application programs, so that a complex and tedious installation process is avoided, the working efficiency in a batch deployment process is greatly improved, in addition, the system can realize remote unloading and data erasing of the mobile equipment, and the situation that confidential information of a user is leaked due to the fact that the mobile equipment is stolen and accidentally lost is avoided;
the application program black/white list monitoring unit is used for limiting application installation on the mobile equipment, and if illegal application installation on the mobile equipment is found, the system informs a user or enforcedly unloads the mobile equipment, so that the safety of the mobile equipment is ensured;
the application program installation counting unit is used for carrying out installation counting on the application programs pushed by an enterprise, and a user can check the pushing record, the installation condition and the relevant information of the pushing condition of each application program; the method comprises the steps of warning the mobile equipment which does not install necessary application programs according to the regulations, and automatically pushing for the second time;
the application program single application mode unit is used for locking the mobile equipment to a certain application program, the application program is automatically started, the user cannot exit, and the user cannot use the application programs except the single application mode program.
The document management module comprises a mobile equipment enterprise cloud storage unit, a mobile equipment private cloud storage unit, a document security management unit, a document management unit and a document policy management unit;
the mobile equipment enterprise cloud storage unit is used for storing and managing enterprise documents on the mobile equipment, and the enterprise documents are issued and shared through synchronous downloading of the enterprise cloud storage unit;
the mobile equipment private cloud storage unit is used for uploading, downloading and storing private documents;
the document security management unit is used for managing files stored in the mobile device enterprise cloud storage unit and the mobile device private cloud storage unit, realizing unified management of enterprise documents and personal documents, ensuring physical isolation of enterprise data and personal data, and encrypting the documents by adopting a high-strength encryption algorithm in the uploading and transmission processes, preventing and controlling the risk of document leakage, integrating a document browser with the system, supporting Word, PPT, PDF, JPG, TXT, MP4, MP3 and AVI formats, uploading the documents to the system, and being incapable of being opened by a third-party browser to prevent the content leakage after the documents are lost;
the document management unit is used for distributing the files in the enterprise cloud to the mobile terminal of a specified target user, realizing uniform issuing and file sharing of enterprise documents and checking the issued files;
the document strategy management unit is used for carrying out strategy management on the documents of the enterprise, setting corresponding management strategies for the document sharing and copying functions and facilitating the management of the documents of the enterprise.
The push module comprises a mobile mail push management unit and a mobile notification push management unit; the mobile mail pushing management unit is used for ensuring the safety of pushing mail content and mail attachments and supporting the following mail protocols: IMAP, Exchange and POP3, and can encrypt the mail security channel and mail file in the pushing process, so as to ensure the security of the transmitted mail content and attachment;
the mobile notification management unit is used for the server side management platform to issue the notification to the mobile terminal, including issuing the enterprise notification message and sending and receiving the file and the content; and the system supports files in various multimedia formats such as characters, pictures, videos, Word and PPT, and can realize encryption of a file transmission channel and encryption processing of file data during transmission.
The mobile terminal is suitable for mobile terminal equipment of an Android platform and an iOS platform, and comprises a user login module, a security center management module, an equipment information management module, a memory management unit, an application store, an information center unit, a document center management unit and a mail management module;
the user login module is used for a user to log in the mobile terminal and realize communication connection with the server management platform, the user logs in according to a registered user name and a registered password through a notification mail registration address URL pushed by the mobile mail pushing management unit, and the user can also log in according to a two-dimensional code sent by the mobile mail pushing management unit;
the security center management module is used for security monitoring of the mobile equipment, and performing comprehensive killing, quick vulnerability scanning and patch repair on viruses, trojans and malicious codes to ensure the security of the mobile equipment;
the device information management module is used for checking basic information, detailed hardware information, CPU information and hardware characteristic information of the mobile device;
the memory management unit is used for managing the memory of the mobile equipment, checking the current residual memory, the local memory, the application occupied memory, the system occupied memory and the available memory information, and clearing or optimizing the memory;
the application management unit is used for managing the application program of the mobile equipment;
the application store is used for downloading the application program released by the enterprise and the application program of a third party;
the message center unit is used for checking enterprise messages and attachment contents pushed to the user by an enterprise, and when receiving information pushed to the mobile terminal by a manager, the preset information disappears and the received new information is displayed;
the document center management unit is used for managing enterprise documents and personal documents, effectively isolating public and private documents of users, protecting the personal documents of the users, and simultaneously downloading the enterprise documents and locally managing the enterprise documents;
the mail management module is used for managing the push mails sent by the server side management platform and checking the push mails sent by the server side management platform.
The safety center management module comprises a quick searching and killing unit, a comprehensive searching and killing unit, a real-time monitoring unit, a threat reminding unit, an operation recording unit and a virus library upgrading unit;
the rapid searching and killing unit is used for rapidly searching and killing the viruses of the mobile equipment;
the comprehensive checking and killing is used for carrying out comprehensive checking and killing on the storage of the mobile equipment, the SD card and the storage directory, the comprehensive checking and killing can carry out binary checking and killing and intelligent threat analysis on all files of the system, after the checking and killing is finished, if viruses or threats are found, the system can store virus checking and killing records, a user can click details to check the virus type and the file attribute information of virus infection, and a corresponding processing mode can be adopted for the viruses;
the real-time monitoring unit is used for monitoring the mobile equipment in real time so as to ensure the safety of the operating environment;
the threat reminding unit is used for reminding the user of the threat to the mobile equipment in time so as to ensure that the user can deal with the threat in time;
the operation recording unit is used for recording the scanning information related to the searched and killed viruses, and is convenient for subsequent checking;
the virus library upgrading unit is used for upgrading the virus library on line so as to ensure the safety of the operating environment.
The foregoing embodiments and description have been presented only to illustrate the principles and preferred embodiments of the invention, and various changes and modifications may be made therein without departing from the spirit and scope of the invention as hereinafter claimed.
Claims (9)
1. A mobile device security management system, characterized by: the system comprises a mobile terminal and a server management platform, wherein the mobile terminal is in communication connection with the server management platform through the Internet, and the server management platform comprises a mobile terminal threat defense management module, an enterprise mobile equipment management module and a pushing module;
the mobile terminal threat defense management module is used for integrally protecting the security threat and the security problem of the mobile terminal equipment;
the enterprise mobile equipment management module is used for comprehensively managing hosted mobile terminal equipment, application programs installed in the hosted mobile equipment terminal and data documents in the mobile equipment terminal and the server-side management platform;
the push module is used for the server management platform to push messages to the mobile terminal;
the threat defense management module of the mobile terminal comprises a mobile antivirus module, a security access module, an application program scanning module, a security state perception module, an application encapsulation module and a security sandbox module;
the mobile antivirus module is used for killing viruses, trojans and malicious codes on the mobile terminal equipment and the application program thereof by using a virus dual-engine killing technology, preventing a user from installing the application program with poor safety, and performing virus killing, vulnerability scanning and patch repair on the system;
the safety access module is used for auditing the mobile terminal equipment managed by the server side management platform, controlling the access of the mobile terminal equipment by matching with time fence and geo-fence strategies through various detection items, and performing fine-grained strategy control on the illegal mobile terminal equipment to prevent the dangerous mobile terminal equipment from running on the server side management platform;
the application program scanning module is used for carrying out safety scanning before the application program is online, detecting the problems that the application program is infected with virus trojans, the use authority of the application program is tracked, the application program is not subjected to a safety digital signature and the application program code is not subjected to obfuscation processing possibly existing in the application program, ensuring the safety of the application store which uploads the application program to the server-side management platform and preventing the application program from being maliciously reformed in a decompilation or code injection mode;
the security situation perception module is used for carrying out big data analysis on a plurality of factors of the running state, the network behavior and the user behavior of the mobile terminal equipment, carrying out behavior summary on the current states and the change trends of all equipment in the current mobile terminal equipment network, displaying a data structure in a graphical mode for a user to check, prejudging security problems at the first time, checking potential safety hazards and preventing larger security events;
the application encapsulation module is used for injecting and encapsulating codes into the developed application program installation package without modifying the codes of the existing mobile terminal application, and realizes the following settings:
1) unified identity authentication: carrying out forced authentication on the user identity of the application in a unified mode through a user name, a password and a certificate;
2) unified single sign-on: enforcing single sign-on security access of all mobile applications based on time and application level;
3) and authority authorization: enabling or disabling use of the application, offline use of the application, or storing data in the device;
4) and automatic configuration: automatically configuring personal setting information related to a user name, a Server address and custom data without user interaction operation;
5) and automatic encryption: ensuring that all data stored to the device by each application is encrypted;
6) DLP data leakage prevention: inhibit/enable text copy/paste functionality within enterprise applications;
7) and dynamic strategy: dynamically updating the application strategy;
8) and statistics report: counting the use frequency, time and duration information of each application and uniformly displaying;
9) and optional erasing: remotely selectively erasing part of the application data without affecting the user's personal data;
the security sandbox module is used for guaranteeing the security of system data, a DSA data isolation area is established and is encrypted in a high strength mode, the DSA can automatically break up and encrypt and protect the data, an external program cannot obtain any data details of the DSA, the DSA comprises disk partition information, a file directory table, a key safe area and an encrypted file storage area, files stored through the DSA are protected through a one-time pad random key and an AES256 encryption algorithm, the random key is encrypted and stored in the secure key safe area through a PKI public key, and therefore the security of the system data is further guaranteed.
2. The system of claim 1, wherein: the enterprise mobile equipment management module comprises a mobile terminal equipment management module, a mobile terminal equipment application program management module and a document management module;
the mobile terminal equipment management module is used for comprehensively managing the hosted mobile terminal equipment;
the mobile terminal device application program management module is used for closely monitoring application programs installed in the hosted mobile device, supporting a blacklist/whitelist strategy, filtering all malicious programs in a blacklist, setting authority of an application store of the system, allowing or forbidding installation of the application programs from the application store, blocking the sources of the malicious programs and ensuring the legality and controllability of the application programs;
the document management module is used for carrying out centralized storage, approval, release, remote push and document recovery management on the enterprise files, realizing content management on the mobile equipment and ensuring safe browsing of the internal documents of the enterprise on the mobile equipment and updating of the document contents; the distribution of enterprise documents and the setting and management of the authority are realized.
3. The system of claim 2, wherein: the mobile terminal equipment management module comprises an equipment management module, a safety management module, a user management module and a strategy management module, wherein the equipment management module comprises a mobile terminal equipment state monitoring and data acquisition unit, a mobile terminal equipment authority management unit and a mobile terminal equipment configuration management unit;
the safety management module comprises a mobile equipment loss positioning unit, a mobile equipment loss connection detection unit, an equipment loss data protection unit, a network safety control unit and a system log management unit;
the user management module comprises an identity authentication and user full life cycle management and control unit;
the strategy management module comprises a device/user grouping strategy management unit and a cross-platform multiple device binding unit;
the mobile terminal equipment state monitoring and data acquiring unit is used for carrying out detailed tracking recording and early warning on hardware information, application program information and safety information of the mobile terminal equipment, so that fine-grained management and control of the system on the mobile terminal equipment information are realized;
the mobile terminal device authority management unit is used for configuring and managing the function authority, the application program authority, the safety and the privacy authority of the mobile terminal device of the appointed user, and comprises the following steps:
1) limiting the camera, recording, dialing a phone call, and receiving and sending a short message;
2) limiting WiFi access type and SSID;
3) an application store is limited in use, and installation of applications is limited;
4) the use of the data line is limited;
5) the WIFI and Bluetooth functions are limited;
6) the browser is limited to be used, and the Javascript is limited to be used;
the mobile terminal device configuration management unit is used for establishing a plurality of configuration strategies in a remote management and OTA (over the air) pushing mode of user account configuration information, is used for configuring WiFi (wireless fidelity), VPN (virtual private network), LDAP (lightweight directory access protocol), Exchange, POP3, IMAP (Internet access protocol) and APN (access point name), and is directly pushed to a specified user terminal through background operation by a manager to avoid user self-input;
in addition, according to the mobile equipment authority defined by different users, all configuration information is issued in real time in a wireless push mode, and configuration is issued according to the overall situation, the group, the authority, the user and the equipment in multiple dimensions;
the mobile equipment loss positioning unit is used for remotely positioning the mobile equipment through GPRS, 3G and 4G, WiFi, intelligently drawing the action track of the mobile equipment and accurately mastering the action tracks of the mobile equipment and personnel using the mobile equipment;
the mobile equipment loss detection unit is used for carrying out loss strategy control on lost mobile equipment, automatically executing a corresponding equipment loss strategy under the condition that the mobile equipment is lost or cannot be networked, erasing specified data on the mobile equipment, clearing mobile equipment information, locking mobile equipment operation and ensuring data safety under the condition that the mobile equipment is disconnected;
the device lost data protection unit is used for performing remote password setting, locking the mobile device, erasing system application data, erasing personal privacy data and guaranteeing system data safety on the lost mobile device, and performing safety control on data stored in the mobile device at the first time when the device is lost;
the network security control unit supports a WIFI black-and-white list of the mobile equipment, is used for controlling and limiting the security access of the WIFI wireless network, prevents the mobile equipment from accessing the unsafe WIFI wireless network, tracks and monitors the URL of the mobile equipment for surfing the internet, and judges the internet surfing behavior of the mobile terminal through recording and analyzing the URL, so that the internet surfing security of the mobile equipment is ensured;
the identity authentication and user full life cycle management and control unit is used for producing a corresponding certificate for a user by the system when the user network is accessed, the certificate can ensure the identity authentication between the user and the server management platform, the certificate has a settable life cycle, the authority limit of the user is set, the mobile equipment starts to receive the comprehensive management of the system from the completion of registration, and the system carries out strict monitoring and uniform configuration management on all state information and operation behaviors of the user equipment in the whole life cycle of accessing the enterprise environment;
the device/user grouping strategy management unit is used for automatically classifying the devices according to different attributes of the mobile devices, and different types of devices and different user devices freely establish groups;
and adopting a user management mechanism based on roles to carry out multi-level grouping on positions, departments and groups of the users, and managing the users at multiple angles; enterprises can conveniently carry out centralized and unified management on the mobile equipment, and different equipment enterprises can set different administrators for respective management;
the cross-platform multi-device binding unit is used for binding different mobile devices, mobile operating system platforms, single users and devices of a plurality of platforms/versions/operating systems, so that unified and centralized management of the user multi-devices is realized;
the system log management unit is used for managing a user log, an equipment log, a system alarm log, an application program log, a system operation log, an application program installation log and an equipment operation log, and is convenient for a user to consult log files to determine the current state of the system, observe data related to the use of the user, know the use condition of the system and set an automatic log deleting strategy.
4. The system of claim 2, wherein: the mobile terminal device application program management module comprises an independent enterprise application store, an application program remote distribution and erasing unit, an application program black/white list monitoring unit, an application program installation counting unit and an application program single application mode unit;
the independent enterprise application store is used for uploading, downloading and updating application programs of the users, an on-shelf mechanism and an off-shelf mechanism of the programs, establishes the application store of the users and distributes and manages the applications without a third-party application store;
the remote application program distribution and erasing unit is used for batch distribution, remote installation, remote removal, remote updating and remote erasing operation of the application programs, so that a complex and tedious installation process is avoided, the working efficiency in a batch deployment process is greatly improved, in addition, the system realizes remote unloading and data erasing of the mobile equipment, and the mobile equipment is prevented from being stolen and accidentally lost, so that confidential information of a user is prevented from being leaked;
the application program black/white list monitoring unit is used for limiting application installation on the mobile equipment, and if illegal application installation on the mobile equipment is found, the system informs a user or enforcedly unloads the mobile equipment, so that the safety of the mobile equipment is ensured;
the application program installation counting unit is used for carrying out installation counting on the application programs pushed by an enterprise, and a user checks the pushing record, the installation condition and the relevant information of the pushing condition of each application program; the method comprises the steps of warning the mobile equipment which does not install necessary application programs according to the regulations, and automatically pushing for the second time;
the application program single application mode unit is used for locking the mobile equipment to a certain application program, the application program is automatically started, the user cannot exit, and the user cannot use the application programs except the single application mode program.
5. The system of claim 2, wherein: the document management module comprises a mobile equipment enterprise cloud storage unit, a mobile equipment private cloud storage unit, a document security management unit, a document management unit and a document policy management unit;
the mobile equipment enterprise cloud storage unit is used for storing and managing enterprise documents on the mobile equipment, and the issuing and sharing of the enterprise documents are realized through synchronous downloading of the enterprise cloud storage unit;
the mobile equipment private cloud storage unit is used for uploading, downloading and storing private documents;
the document security management unit is used for managing files stored in a mobile device enterprise cloud storage unit and a mobile device private cloud storage unit, realizing unified management of enterprise documents and personal documents, ensuring physical isolation of enterprise data and personal data, encrypting the documents by adopting a high-strength encryption algorithm in an uploading process and a transmission process, preventing and controlling the risk of document leakage, integrating a document browser into a system, supporting Word, PPT, PDF, JPG, TXT, MP4, MP3 and AVI formats, uploading the documents into the system, and being incapable of being opened by a third-party browser to prevent content leakage after the documents are lost;
the document management unit is used for distributing the files in the enterprise cloud to a mobile terminal of a specified target user, realizing uniform issuing and file sharing of enterprise documents and checking the issued files;
the document strategy management unit is used for carrying out strategy management on the documents of the enterprise, setting corresponding management strategies for the document sharing and copying functions and facilitating the management of the documents of the enterprise.
6. The system of claim 1, wherein: the push module comprises a mobile mail push management unit and a mobile notification push management unit;
the mobile mail pushing management unit is used for ensuring the safety of pushing mail content and mail attachments and supporting the following mail protocols: IMAP, Exchange and POP3, and encrypting the mail security channel and mail file in the pushing process to ensure the security of the transmitted mail content and attachment;
the mobile notification push management unit is used for issuing a notification to the mobile terminal by the server side management platform, and comprises issuing of an enterprise notification message and sending and receiving of a file and content; and the system supports files in various multimedia formats such as characters, pictures, videos, Word and PPT, and realizes encryption of a file transmission channel and encryption processing of file data during transmission.
7. The system of claim 1, wherein: the mobile terminal client comprises a user login module, a security center management module, an equipment information management module, a memory management unit, an application store, a message center unit, a document center management unit and a mail management module;
the user login module is used for a user to log in the mobile terminal and realize communication connection with the server management platform, the user logs in according to a registered user name and a registered password through a notification mail registration address URL pushed by the mobile mail pushing management unit, and the user logs in according to the two-dimensional code sent by the mobile mail pushing management unit;
the security center management module is used for security monitoring of the mobile equipment, and performing comprehensive killing, quick vulnerability scanning and patch repair on viruses, trojans and malicious codes to ensure the security of the mobile equipment;
the device information management module is used for checking basic information, detailed hardware information, CPU information and hardware characteristic information of the mobile device;
the memory management unit is used for managing the memory of the mobile equipment, checking the current residual memory, the local memory, the application occupied memory, the system occupied memory and the available memory information, and clearing or optimizing the memory;
the application management unit is used for managing the application program of the mobile equipment;
the application store is used for downloading the application program released by the enterprise and the application program of a third party;
the message center unit is used for checking enterprise messages and attachment contents pushed to the user by an enterprise, and when receiving information pushed to the mobile terminal by a manager, the preset information disappears and the received new information is displayed;
the document center management unit is used for managing enterprise documents and personal documents, effectively isolating public and private documents of users, protecting the personal documents of the users, and simultaneously downloading the enterprise documents and locally managing the enterprise documents;
the mail management module is used for managing the push mails sent by the server side management platform and checking the push mails sent by the server side management platform.
8. The system of claim 1, wherein: the plurality of detection items comprise: whether the mobile terminal equipment is subjected to right-lifting detection or not, whether illegal application program detection is installed or not, whether the operating system version is in compliance detection or not, whether the application program version is in compliance detection or not, whether the SIM card is an authorized SIM card or not, whether the geofence strategy detection is met or not, and whether the time fence strategy detection is met or not.
9. The system according to claim 7, wherein: the safety center management module comprises a quick searching and killing unit, a comprehensive searching and killing unit, a real-time monitoring unit, a threat reminding unit, an operation recording unit and a virus library upgrading unit;
the rapid searching and killing unit is used for rapidly searching and killing the viruses of the mobile equipment;
the comprehensive checking and killing unit is used for carrying out comprehensive checking and killing on the storage of the mobile equipment, the SD card and the storage directory, the comprehensive checking and killing can carry out binary checking and killing and intelligent threat analysis on all files of the system, after the checking and killing is finished, if viruses or threats are found, the system can store virus checking and killing records, a user clicks details to check the virus type and the file attribute information of virus infection, and a corresponding processing mode is adopted for the viruses;
the real-time monitoring unit is used for monitoring the mobile equipment in real time so as to ensure the safety of the operating environment;
the threat reminding unit is used for reminding the user of the threat to the mobile equipment in time so as to ensure that the user can deal with the threat in time;
the operation recording unit is used for recording the scanning information related to the searched and killed viruses, and is convenient for subsequent checking;
the virus library upgrading unit is used for upgrading the virus library on line so as to ensure the safety of the operating environment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811213329.0A CN109460660B (en) | 2018-10-18 | 2018-10-18 | Mobile device safety management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811213329.0A CN109460660B (en) | 2018-10-18 | 2018-10-18 | Mobile device safety management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109460660A CN109460660A (en) | 2019-03-12 |
| CN109460660B true CN109460660B (en) | 2022-04-08 |
Family
ID=65607808
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811213329.0A Active CN109460660B (en) | 2018-10-18 | 2018-10-18 | Mobile device safety management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109460660B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110087238B (en) * | 2019-05-13 | 2022-09-23 | 商洛学院 | Information security protection system of mobile electronic equipment |
| CN110266878A (en) * | 2019-05-24 | 2019-09-20 | 北京指掌易科技有限公司 | A method of it realizes using ordinary terminal as work special-purpose terminal |
| CN110266708B (en) * | 2019-06-27 | 2021-07-13 | 恒宝股份有限公司 | Terminal security verification system and method based on equipment cluster |
| CN112346830A (en) * | 2019-08-09 | 2021-02-09 | 富泰华工业(深圳)有限公司 | Electronic device management and control system and method |
| CN110502900B (en) * | 2019-08-26 | 2022-07-05 | Oppo广东移动通信有限公司 | Detection method, terminal, server and computer storage medium |
| CN112449399B (en) * | 2019-09-02 | 2023-03-10 | 华为技术有限公司 | Communication method, device and system |
| CN110728584B (en) * | 2019-10-23 | 2023-03-21 | 泰康保险集团股份有限公司 | Information processing method and device, readable storage medium and electronic equipment |
| CN110784473A (en) * | 2019-10-31 | 2020-02-11 | 江苏安防科技有限公司 | Wisdom piping lane trade cloud security defense system |
| CN111181973A (en) * | 2019-12-31 | 2020-05-19 | 沈阳骏杰卓越软件科技有限公司 | Terminal equipment safety management system |
| CN113285907B (en) * | 2020-02-19 | 2022-07-29 | 华为技术有限公司 | Notification prompting method, server and storage medium |
| CN112381557A (en) * | 2020-12-08 | 2021-02-19 | 集商网络科技(上海)有限公司 | Information management service system for background |
| CN113596385A (en) * | 2021-08-16 | 2021-11-02 | 上海精仪达智能科技有限公司 | Interactive terminal based on multimedia paperless conference intelligent application |
| CN114827127B (en) * | 2022-03-28 | 2024-02-13 | 重庆创通联达智能技术有限公司 | File management method, system, cloud server and terminal equipment |
| CN115499844A (en) * | 2022-09-22 | 2022-12-20 | 贵州电网有限责任公司 | Mobile terminal information safety protection system and method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566430A (en) * | 2016-06-30 | 2018-01-09 | 全球能源互联网研究院 | A kind of electric power mobile terminal compliance inspection and policy controlling system |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103326999A (en) * | 2012-12-14 | 2013-09-25 | 无锡华御信息技术有限公司 | File safety management system based on cloud service |
| CN103413095B (en) * | 2013-08-21 | 2016-08-10 | 北京网秦天下科技有限公司 | The method and apparatus of management mobile terminal |
| CN103716785B (en) * | 2013-12-26 | 2017-09-22 | 中国科学院信息工程研究所 | A kind of mobile Internet safety service system |
| CN104991794A (en) * | 2015-06-18 | 2015-10-21 | 上海斐讯数据通信技术有限公司 | Android intelligent terminal application remote management system |
| RU2617654C2 (en) * | 2015-09-30 | 2017-04-25 | Акционерное общество "Лаборатория Касперского" | System and method of formation of anti-virus records used to detect malicious files on user's computer |
| GB2546304B (en) * | 2016-01-14 | 2020-04-08 | Avecto Ltd | Computer device and method for controlling access to a web resource |
| CN107172008B (en) * | 2017-04-01 | 2019-10-18 | 北京芯盾时代科技有限公司 | A kind of system and method carrying out multisystem certification and synchronization in a mobile device |
-
2018
- 2018-10-18 CN CN201811213329.0A patent/CN109460660B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566430A (en) * | 2016-06-30 | 2018-01-09 | 全球能源互联网研究院 | A kind of electric power mobile terminal compliance inspection and policy controlling system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109460660A (en) | 2019-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109460660B (en) | Mobile device safety management system | |
| US11950097B2 (en) | System and method for controlling mobile device access to a network | |
| EP3706022B1 (en) | Permissions policy manager to configure permissions on computing devices | |
| US10402546B1 (en) | Secure execution of enterprise applications on mobile devices | |
| EP1866789B1 (en) | Mobile data security system and methods | |
| KR101359324B1 (en) | System for enforcing security policies on mobile communications devices | |
| KR101614901B1 (en) | Network assisted fraud detection apparatus and methods | |
| US9119017B2 (en) | Cloud based mobile device security and policy enforcement | |
| CN103647784B (en) | A kind of method and apparatus of public and private isolation | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| Kumar et al. | Mobile cloud computing: Standard approach to protecting and securing of mobile cloud ecosystems | |
| Kravets et al. | Mobile security solution for enterprise network | |
| CN104918248A (en) | Enterprise mobile safety gateway method of application flow management, application acceleration and safety | |
| CN109842600B (en) | Method for realizing mobile office, terminal equipment and MDM equipment | |
| CN113365277A (en) | Wireless network safety protection system | |
| GHALLALI et al. | MOBILE SECURITY: DESIGNING A NEW FRAMEWORK LIMITING MALWARE SPREAD IN THE MOBILE CLOUD COMPUTING. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |