CN109522708A - Security control method and device are carried out to the running environment of application program - Google Patents
Security control method and device are carried out to the running environment of application program Download PDFInfo
- Publication number
- CN109522708A CN109522708A CN201811360730.7A CN201811360730A CN109522708A CN 109522708 A CN109522708 A CN 109522708A CN 201811360730 A CN201811360730 A CN 201811360730A CN 109522708 A CN109522708 A CN 109522708A
- Authority
- CN
- China
- Prior art keywords
- application
- list
- network
- control
- destination application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses the running environment of a kind of pair of application program to carry out security control method and device.Wherein, this method comprises: obtaining the operating status of destination application;When the operating status for getting destination application is to be activated state or operating status, list update information is obtained from server, wherein, list update information is used to indicate the application program for updating and need to carrying out security management and control, list update information carries the first list of application, and the first list of application is for recording the updated application program that need to carry out security management and control;In the case that the application program that need in the updated carry out security management and control includes destination application, the mode of security management and control is carried out to the running environment of destination application, is to be activated state or operating status in the operating status of destination application.The present invention solves the lower technical problem of the safety for executing operate to application program in the related technology.
Description
Technical field
The present invention relates to computer fields, carry out bursting tube in particular to the running environment of a kind of pair of application program
Control method and device.
Background technique
With the development that computer and Internet technology are with rapid changepl. never-ending changes and improvements, the production and living of people be increasingly dependent on network into
Row, then the safety of network just becomes particularly important.Currently, people using electronic equipment connection network operate when, only
Be can initially connection network when the safety of network is detected, it is subsequent carry out other operation (such as to certain application carry out
Operation) when will not all detect the safety of network.Which results in safeties when user operates application execution to obtain
To guarantee, the information of user is easy to be stolen, and causes the loss of property.
For above-mentioned problem, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides the running environment of a kind of pair of application program to carry out security control method and device, so that
It is few to solve in the related technology to execute application program the lower technical problem of the safety operated.
According to an aspect of an embodiment of the present invention, the running environment for providing a kind of pair of application program carries out security management and control
Method, comprising: obtain the operating status of destination application;In the operating status for getting the destination application
When to be activated state or operating status, list update information is obtained from server, wherein the list update information is for referring to
Show that update need to carry out the application program of security management and control, the list update information carries the first list of application, and described first answers
With list for recording the updated application program that need to carry out security management and control;Updated security management and control need to be carried out described
In the case that application program includes the destination application, bursting tube is carried out to the running environment of the destination application
Control.
According to another aspect of an embodiment of the present invention, the running environment for additionally providing a kind of pair of application program carries out bursting tube
The device of control, comprising: first obtains module, for obtaining the operating status of destination application;Second obtains module, is used for
The operating status for getting the destination application is to obtain list from server when being activated state or operating status
More new information, wherein the list update information is used to indicate the application program for updating and need to carrying out security management and control, and the list is more
New information carries the first list of application, and first list of application is for recording the updated application that need to carry out security management and control
Program;First control module, for including the target application in the updated application program that need to carry out security management and control
In the case where program, security management and control is carried out to the running environment of the destination application.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, which is characterized in that the storage is situated between
Computer program is stored in matter, wherein the computer program is arranged to execute described in any of the above-described when operation
Method.
According to another aspect of an embodiment of the present invention, a kind of electronic device, including memory and processor are additionally provided,
It is characterized in that, computer program is stored in the memory, and the processor is arranged to hold by the computer program
Method described in row any of the above-described.
In embodiments of the present invention, using the operating status for obtaining destination application;Getting destination application
Operating status be to obtain list update information from server, wherein list update information when being activated state or operating status
It is used to indicate the application program for updating and need to carrying out security management and control, list update information carries the first list of application, the first application
List is for recording the updated application program that need to carry out security management and control;Need in the updated carry out the application journey of security management and control
In the case that sequence includes destination application, the mode of security management and control is carried out to the running environment of destination application, in target
The operating status of application program is when being activated state or operating status, to obtain list update information of the server to terminal transmission
The first indicated list of application, and include in the application that the need that first list of application is recorded carry out safe operation prompt
When destination application, the running environment that destination application is currently located is managed, can be obtained at any time from server
To the information of the newest application program that need to carry out security management and control, to improve safety when operating to application program
Property, and then solve the lower technical problem of the safety for executing operate to application program in the related technology.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is according to an embodiment of the present invention a kind of optionally to the running environment progress security control method of application program
Application environment schematic diagram;
Fig. 2 is according to an embodiment of the present invention a kind of optionally to the running environment progress security control method of application program
Schematic diagram one;
Fig. 3 is that a kind of of optional embodiment according to the present invention optionally carries out safety to the running environment of application program
The schematic diagram of management-control method;
Fig. 4 is a kind of schematic diagram two of the reminding method of optional safe operation according to an embodiment of the present invention;
Fig. 5 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure three;
Fig. 6 is that the another kind of optional embodiment according to the present invention optionally pacifies the running environment of application program
The schematic diagram of full management-control method;
Fig. 7 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure four;
Fig. 8 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure five;
Fig. 9 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure six;
Figure 10 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the stream of security control method
Journey figure seven;
Figure 11 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the stream of security control method
Journey figure eight;
Figure 12 is the signal of the reminding method of the optional safe operation of another kind of optional embodiment according to the present invention
Figure;
Figure 13 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the stream of security control method
Journey figure nine;
Figure 14 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the stream of security control method
Journey figure ten;
Figure 15 is according to an embodiment of the present invention a kind of optionally to the running environment progress security management and control dress of application program
The schematic diagram set;
Figure 16 is according to an embodiment of the present invention a kind of optionally to the running environment progress bursting tube prosecutor of application program
The application scenarios schematic diagram of method;And
Figure 17 is a kind of schematic diagram of optional electronic device according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
According to an aspect of an embodiment of the present invention, the running environment for providing a kind of pair of application program carries out security management and control
Method, as shown in Figure 1, carrying out one of the method for security management and control for the running environment to application program using the present patent application
The hardware implementation environment schematic diagram of better embodiment.Hardware implementation environment includes terminal 102 and server 104, terminal 102
The different application for realizing corresponding different function is installed in operating system;These application programs can be online education and answer
It is answered with, instant messaging application, community space application, game application, shopping application, browser application, financial application, multimedia
With, live streaming application etc.;Terminal 102 obtains the operating status of destination application 106, in the operation for getting destination application
State is to obtain list update information from server 104, wherein list update information is used when being activated state or operating status
The application program that need to carry out security management and control is updated in instruction, list update information carries the first list of application, the first application column
For table for recording the updated application program that need to carry out security management and control, need in the updated carry out the application program of security management and control
In the case where destination application, terminal 102 carries out security management and control to the running environment of destination application.
Fig. 2 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure one, as shown in Fig. 2, this method comprises:
S202 obtains the operating status of destination application;
S204, when the operating status for getting destination application is to be activated state or operating status, from server
Obtain list update information, wherein list update information is used to indicate the application program for updating and need to carrying out security management and control, and list is more
New information carries the first list of application, and the first list of application is for recording the updated application journey that need to carry out security management and control
Sequence;
S206, in the case that the application program that need in the updated carry out security management and control includes destination application, to mesh
The running environment for marking application program carries out security management and control.
Optionally, in the present embodiment, the above-mentioned running environment to application program carry out security control method can with but not
It is limited to be applied to carry out in the scene of security management and control the running environment of application program.Wherein, above-mentioned application program can with but not
It is limited to for various types of applications, for example, online education application, instant messaging application, community space application, game application, purchase
Object application, browser application, financial application, multimedia application, live streaming application etc..Specifically, can be, but not limited to be applied to pair
The running environment of financial application carries out in the scene of security management and control, or can with but be not limited to be applied to apply instant messaging
Running environment carries out in the scene of security management and control, to improve safety when operating to application.Above-mentioned is only a kind of example,
Any restriction is not done in the present embodiment to this.
Optionally, in the present embodiment, when detecting on server there are in the case where list update information, first is obtained
The mode of list of application, which can be, receives the first list of application indicated by the list update information that server actively issues, or
Person can also be that sending request to server requests first list of application, and receive that server responds that the request issues the
One list of application.
Optionally, in the present embodiment, the application program that need to carry out security management and control can be, but not limited to be matched by server
It sets, when the application program that need to carry out security management and control has update, server will generate list update information, and generate for remembering
Record the first list of application of the updated application program that need to carry out security management and control.
Optionally, in the present embodiment, the operating status of destination application can be, but not limited to include the state that is activated,
Operating status, closed state, illegal state etc..It can be by making it in these operations the operation that destination application executes
Switch in state, such as: to the icon of the destination application being in close state carry out single-click operation can make it by
Starting state, can be automatically into operating status after initialization of the destination application when have passed through starting, and operating status has can
To be divided into front stage operation state and background operation state, the destination application in front stage operation state has been performed display table
Background operation state can be entered after the operation of face, destination application in operating status is performed to exit operation or nullify and grasp
State can be converted to close off after work.
Optionally, in the present embodiment, running environment can be, but not limited to include network environment, system environments etc..It is right
The control that running environment carries out can be, but not limited to include that whether safety, system environments are with the presence or absence of loophole etc. for detection network environment
Deng.
In an optional embodiment, as shown in figure 3, destination application (A is applied in payment) is installed in terminal,
It is to be activated state (such as: clicking application icon etc.) or operating status (foreground getting payment using the operating status of A
Display or running background) in the case where, list update information is obtained from server, wherein list update information carries the
One list of application, the first list of application have recorded the updated application program that need to carry out security management and control: paying using A, immediately
Communication applications B, shopping application C.Due to having recorded payment in the first list of application using A, to payment using A running environment into
Row security management and control (network environment whether safety, system environments whether leaky etc.).
As it can be seen that through the above steps, when the operating status of destination application is to be activated state or operating status, obtaining
The first list of application indicated by list update information of the server to terminal transmission is taken, and is recorded in first list of application
Need carry out when including destination application in the application of safe operation prompt, operation ring that destination application is currently located
Border is managed, and the information of the newest application program that need to carry out security management and control can be got from server at any time, to mention
High safety when being operated to application program, and then solve the safety for executing operation to application program in the related technology
The lower technical problem of property.
Fig. 4 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure two, as shown in figure 4, above-mentioned steps S204 includes:
S402 is to be activated state or operating status, and target application in the operating status for getting destination application
List update information when program has been performed operation, on detection service device;
S404 obtains list update information from server in the case where detecting the list update information on server.
Optionally, in the present embodiment, above-mentioned that the operation that destination application is performed can be, but not limited to be possible
There are the operations of security risk.Such as: to payment class application start-up operation, to the delivery operation of shopping application, to Instant Messenger
The data input of news application operates, to transactional operation of game application etc..
Optionally, in the present embodiment, the behaviour destination application in the state that is activated or operating status executed
Make that the detection to the list update information on server can be triggered, and then using the list update information got to using journey
The running environment of sequence carries out security management and control, to improve the safety executed when operating to destination application.
Fig. 5 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure three, as shown in figure 5, after above-mentioned steps S402, further includes:
S502, in the case where not having list update information on detecting server, lookup is mounted with destination application
Terminal on stored second list of application, wherein the second list of application is server to the list of application of terminal transmission,
Second list of application is for recording the application that need to carry out security management and control;
S502, in the case where in finding the second list of application and the second list of application including the first application, to target
The running environment of application program carries out security management and control.
Optionally, in the present embodiment, it if there is no list update information on server, searches and has been stored in terminal
The second list of application, if finding the second list of application, by application indicated in the second list of application as need to be into
The application of row security management and control is compared with destination application, if in the second list of application including destination application,
Illustrate that destination application is the application that need to carry out security management and control, then the running environment to destination application carries out bursting tube
Control, to ensure that destination application executes operation under the running environment of safety.
Optionally, in the present embodiment, the second list of application can be, but not limited to be once the presence of list on the server
It is sent to client when more new information, which can be stored in the configuration file of data catalogue, service
Device, which has list update information every time and is sent to the list of application of client, is stored in the position, can be, but not limited to using most
New list of application replaces the list of application of position storage originally, and therefore, which can be, but not limited to only deposit
A list of application is stored up, in order to avoid can not judge the case where version of list of application or old list of application waste memory space
Occur.
In an optional embodiment, as shown in fig. 6, destination application (A is applied in payment) is installed in terminal,
Detecting the delivery operation (such as: detecting that user clicks paid icon etc.) executed to the payment application A and server
In the case where upper no list update information, stored second list of application in terminal is searched, the second list of application is found
For record it is updated need to carry out safe operation prompt application for payment using A, instant messaging application B, shopping application C,
Game application D and multimedia application E.Payment is had recorded in second list of application using A, then the running environment of A is applied to payment
Carry out security management and control.
Fig. 7 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure four, as shown in fig. 7, before step S402, further includes:
Step S702 obtains second list of application of the server to terminal transmission, wherein record in the second list of application
Using different from the application recorded in the first list of application.
Optionally, in the present embodiment, the second list of application can be, but not limited to be server history more new information, i.e.,
The server last time, there are the list of application that client is transferred to when list update information.Client receives server transport every time
List of application after stored, instantly after one-time detection to the operation executed to destination application, if server
Upper no list update information can not be communicated with server, then available the second stored list of application,
Security management and control is carried out using running environment of second list of application to application program.
Optionally, in the present embodiment, the first list of application is the update to the second list of application, therefore, the first application
List and the second list of application can be different, the version that the first list of application can be the supplement to the second list of application, delete.
Such as: the first list of application may include: payment using A, instant messaging application B, shopping application C, the second application
List may include: payment using A, shopping application C, game application D and multimedia application E.As it can be seen that the first list of application is compared
Instant messaging application B is supplemented in the second list of application, has deleted game application D and multimedia application E.
Fig. 8 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure five, as shown in figure 8, after above-mentioned steps S502, further includes:
S802 obtains stored third list of application in terminal in the case where not finding the second list of application,
In, third list of application is the list of application that carries in the installation kit of the corresponding client of server;
S804, operation in the case where having recorded destination application in third list of application, to destination application
Environment carries out security management and control.
Optionally, in the present embodiment, if detecting the operation executed to destination application, and do not have on server
List update information does not find the second list of application yet, then stored third list of application in available terminal, this
Three list of application are the list of application that carries in the installation kit of the corresponding client of server.
Optionally, in the present embodiment, when client is installed at the terminal, third list of application is carried in installation kit,
In the installation path that third list of application is stored in client in the installation process of client.It is detecting to target application
When the operation that program executes, if it is not received by the list update message of server, and stored before not finding
Second list of application, then the third list of application that can be used in installation kit carry out safety to the running environment of destination application
Control.
Optionally, in the present embodiment, third list of application can be, but not limited to be stored in matching in assets catalogue
Set file.New third list of application can be carried the client in latest edition when each client updates by server
In installation kit, to be updated to third list of application.
Fig. 9 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the process of security control method
Figure six, as shown in figure 9, above-mentioned steps S206 includes:
S902, the safety of the current connected first network of detection destination application;
S904 is monitored in the case where detecting that the safety of first network meets goal condition to destination application
The object run of execution.
Optionally, in the present embodiment, first network can be, but not limited to include Wireless Fidelity net (WIFI network) etc..
Optionally, in the present embodiment, the safety of first network, which meets goal condition, can be, but not limited to include first
Network is that network, the first network not encrypted are the network etc. for not needing verifying.
Figure 10 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the stream of security control method
Journey figure seven, as shown in Figure 10, above-mentioned steps S902 includes:
S1002 detects the encryption type of first network;
S1004 detects first network in the case where detecting the encryption type of first network is target encryption type
Auth type, wherein target encryption type is used to indicate first network without encryption;
S1006 determines first network in the case where detecting the auth type of first network is target authentication type
Safety meets goal condition, wherein without security authentication operation when target authentication type is used to indicate connection first network.
Optionally, in the present embodiment, above-mentioned first network can be, but not limited to include: WIFI network.
Optionally, in the present embodiment, above-mentioned encryption type can be, but not limited to include: WEP encryption, WPA encryption, EAP
It encrypts, without encryption and unknown encryption etc..
Optionally, in the present embodiment, above-mentioned auth type can be, but not limited to include: to carry out security authentication operation and not
Carry out security authentication operation etc..
In some cases, if network connection is arranged to the network of no encryption, authentication mechanism can also be used
The safety of network is monitored, such as: cell-phone number is registered identifying code and is logged in, using instant messaging application account number binding etc. side
Formula can authenticate user, i.e., without encryption, the network of authentication mechanism is not easily subject to network attack, safety again
It is extremely low.
Such as: it can suffer from man-in-the-middle attack, by SSLStrip attack etc..Man-in-the-middle attack (Man-in-
The-middle attack, referred to as MITM) refer to the both ends of attacker and communication be respectively created it is independent contact, and exchange
Its data received makes the both ends of communication think that they are passing through connection and the other side's direct dialogue of a secret, but thing
Entire session is all fully controlled by attacker in reality.In a man-in-the-niiddle, attacker can intercept the call of communication two party simultaneously
It is inserted into new content.SSLStrip attack refers to attacker when client and server establish connection, in attacker and service
HTTPS connection is formed between device, and forms HTTP connection between client and attacker, i.e., connects SSL layers from original HTTPS
It pulls out and in connecing, it is so to avoid client inspection certificate problem and kidnap HTTP clear data, accomplish to take advantage of simultaneously
Server and client side is deceived.
Optionally, in the present embodiment, using without encryption and without the network of safety certification as needing to carry out operation peace
The network prompted entirely operates the first application execution first detecting, and first application belongs to and needs to carry out safe operation
Prompt in application, the safety to first network detects, if first network is without encryption and without safety certification
Network, then monitor the object run that executes to destination application.To ensure the information security of user.
Figure 11 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the stream of security control method
Journey figure eight, as shown in figure 11, above-mentioned steps S904 includes:
S1102 prevents destination application from ringing in the case where detecting the action type of object run is target type
Object run is answered, and sends prompt information to terminal, wherein prompt information holds the first application by first network for prompting
Row object run is dangerous.
Optionally, in the present embodiment, it can be, but not limited to include text prompt, window to the prompt information that terminal is sent
Prompt (option can be provided for user to select) etc..
In an optional embodiment, destination application (payment application is installed as shown in figure 12, in terminal
A), there are column on detecting the start-up operation to the payment application execution (such as: clicking application icon etc.) and server
In the case where table more new information, the first list of application that server is indicated to the list update information of terminal transmission is obtained, wherein
First list of application is for recording the updated application that need to carry out security management and control: payment is using A, instant messaging application B, shopping
Using C.Payment is had recorded in first list of application using A, the safety of the current connected first network of detection terminal.It is examining
Measure first network safety meet goal condition in the case where, prevent destination application from responding above-mentioned start-up operation, and
It sends to terminal for prompting to execute the unsafe prompt information of start-up operation, the prompt using A to payment by first network
Information can be the prompt of textual form, such as display " executes start-up operation uneasiness using A to payment on the screen of terminal
Entirely " etc..
Figure 13 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the stream of security control method
Journey figure nine, as shown in figure 13, after above-mentioned steps S1102, further includes:
S1302, prompt information displayed on the terminals;
S1304 responds the operation executed to prompt information in the case where detecting the operation to prompt information execution,
Destination application is controlled.
Optionally, in the present embodiment, user can further operate prompt information, and terminal will be according to user
Operation provide corresponding feedback.Such as: several options are provided in prompt information, " ignoring prompt information ", " company of disconnection
Connect ", " handover network " etc., user can according to circumstances select, and terminal will execute the respective option according to the user's choice
Corresponding operation.
Figure 14 is that the running environment of a kind of pair of application program according to an embodiment of the present invention carries out the stream of security control method
Journey figure ten, as shown in figure 14, above-mentioned steps S1304 includes:
S1402 holds destination application under first network being used to indicate permission to the operation that prompt information executes
In the case where row object run, prompt information is cancelled, and operate to destination application performance objective by first network;
S1404 holds destination application under the second network being used to indicate permission to the operation that prompt information executes
In the case where row object run, terminal is switched into the second network from first network, and by the second network to target application journey
Sequence performance objective operation, wherein the highly-safe safety in first network of the second network;
S1406 carries out data to be transmitted caused by object run being used to indicate to the operation that prompt information executes
In the case where cryptographic operation, destination application performance objective is operated by first network, and data to be transmitted is added
Encrypted data to be transmitted is sent to server by first network by close processing.
Optionally, in the present embodiment, the operation executed to prompt information can serve to indicate that permission in first net
The object run is executed to the destination application under network.Such as: prompt information can be, but not limited to include: " ignore, and
Continue to execute object run " option etc..Detect to the option execute choose operation after, can cancel prompt letter
Breath, and continue through first network and destination application performance objective is operated.
Optionally, in the present embodiment, the operation executed to the prompt information is used to indicate permission under the second network
The object run is executed to the destination application.Such as: prompt information can be, but not limited to include: " to switch to second
Option of network " etc..Detect the option is executed choose operation after, terminal can be switched to the from first network
Two networks, and destination application performance objective is operated by the second network.
Optionally, in the present embodiment, the highly-safe safety in first network of the second network, such as: the second net
Network can be, but not limited to as carrier network etc..
Optionally, in the present embodiment, the operation executed to the prompt information is used to indicate to the object run institute
The data to be transmitted of generation carries out cryptographic operation.Such as: prompt information can be, but not limited to include: " encrypted transmission " option etc.
Deng.Detect to the option execute choose operation after, can continue through first network to destination application execute mesh
Mark operation, and in the case where object run generates data to be transmitted, data to be transmitted is encrypted, the first net is passed through
Encrypted data to be transmitted is sent to server by network, then operation is decrypted to encrypted data to be transmitted by server
And forward the data to be transmitted after decryption.It in this way, can also be with even if being held as a hostage by the data that first network transmits
Data are protected by the cipher mode consulted between client and server.
As a kind of optional scheme, the need with corresponding relationship are had recorded in the first list of application and carry out security management and control
Application program and operation, wherein above-mentioned steps S206 includes:
S1 includes having corresponding relationship in the application program and operation that the need with corresponding relationship carry out security management and control
In the case where destination application and the operation executed to destination application, the running environment of destination application is pacified
Full control.
Optionally, in the present embodiment, can be, but not limited to for recording in the first list of application is the tool to concrete application
Gymnastics is made.Such as: as shown in table 1, the first list of application has recorded the peace that running environment is carried out to which operation of which application
Full control and prompt operation.
In an optional embodiment, detect to instant messaging application B execute transfer operation (such as: click
Icon etc. of transferring accounts in session interface) and server on there are in the case where list update information, obtain server to terminal
First list of application of the list update information instruction of transmission, wherein the first list of application is as shown in table 1.It is answered first first
Instant messaging application B has been found in the application column of list, and has been found in the corresponding action column of instant communication applications B
Transfer operation can then determine in the first list of application and have recorded destination application, examine to the safety of first network
It surveys, in the case where detecting that the safety of first network meets goal condition, prevention transfers accounts to instant messaging application B execution
Operation, and send to terminal for prompting to execute the unsafe prompt of transfer operation to instant messaging application B by first network
Information, the prompt information can be the prompt of textual form, such as show and " held on the screen of terminal to instant messaging application B
Row transfer operation is dangerous " etc..
Table 1
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of
Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because
According to the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know
It knows, the embodiments described in the specification are all preferred embodiments, and related actions and modules is not necessarily of the invention
It is necessary.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much
In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing
The part that technology contributes can be embodied in the form of software products, which is stored in a storage
In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate
Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
Other side according to an embodiment of the present invention additionally provides a kind of for implementing the above-mentioned operation to application program
The running environment to application program that environment carries out security control method carries out security management and control device, as shown in figure 15, the device
Include:
First obtains module 1502, for obtaining the operating status of destination application;
Second obtains module 1504, for being to be activated state or operation in the operating status for getting destination application
When state, list update information is obtained from server, wherein list update information, which is used to indicate update, need to carry out security management and control
Application program, list update information carry the first list of application, and the first list of application updated need to be pacified for recording
The application program managed entirely;
First control module 1506, the application program that security management and control is carried out for need in the updated includes target application journey
In the case where sequence, security management and control is carried out to the running environment of destination application.
Optionally, in the present embodiment, the above-mentioned running environment to application program carry out security control method can with but not
It is limited to be applied to carry out in the scene of security management and control the running environment of application program.Wherein, above-mentioned application program can with but not
It is limited to for various types of applications, for example, online education application, instant messaging application, community space application, game application, purchase
Object application, browser application, financial application, multimedia application, live streaming application etc..Specifically, can be, but not limited to be applied to pair
The running environment of financial application carries out in the scene of security management and control, or can with but be not limited to be applied to apply instant messaging
Running environment carries out in the scene of security management and control, to improve safety when operating to application.Above-mentioned is only a kind of example,
Any restriction is not done in the present embodiment to this.
Optionally, in the present embodiment, when detecting on server there are in the case where list update information, first is obtained
The mode of list of application, which can be, receives the first list of application indicated by the list update information that server actively issues, or
Person can also be that sending request to server requests first list of application, and receive that server responds that the request issues the
One list of application.
Optionally, in the present embodiment, the application program that need to carry out security management and control can be, but not limited to be matched by server
It sets, when the application program that need to carry out security management and control has update, server will generate list update information, and generate for remembering
Record the first list of application of the updated application program that need to carry out security management and control.
Optionally, in the present embodiment, the operating status of destination application can be, but not limited to include the state that is activated,
Operating status, closed state, illegal state etc..It can be by making it in these operations the operation that destination application executes
Switch in state, such as: to the icon of the destination application being in close state carry out single-click operation can make it by
Starting state, can be automatically into operating status after initialization of the destination application when have passed through starting, and operating status has can
To be divided into front stage operation state and background operation state, the destination application in front stage operation state has been performed display table
Background operation state can be entered after the operation of face, destination application in operating status is performed to exit operation or nullify and grasp
State can be converted to close off after work.
Optionally, in the present embodiment, running environment can be, but not limited to include network environment, system environments etc..It is right
The control that running environment carries out can be, but not limited to include that whether safety, system environments are with the presence or absence of loophole etc. for detection network environment
Deng.
As it can be seen that, when the operating status of destination application is to be activated state or operating status, being obtained by above-mentioned apparatus
The first list of application indicated by list update information of the server to terminal transmission is taken, and is recorded in first list of application
Need carry out when including destination application in the application of safe operation prompt, operation ring that destination application is currently located
Border is managed, and the information of the newest application program that need to carry out security management and control can be got from server at any time, to mention
High safety when being operated to application program, and then solve the safety for executing operation to application program in the related technology
The lower technical problem of property.
As a kind of optional scheme, the second acquisition module includes:
First detection unit, for being the state that is activated or operation shape in the operating status for getting destination application
State, and when destination application has been performed the first operation, the list update information on detection service device;
First acquisition unit, for being obtained from server in the case where detecting the list update information on server
List update information.
Optionally, in the present embodiment, above-mentioned that the operation that destination application is performed can be, but not limited to be possible
There are the operations of security risk.Such as: to payment class application start-up operation, to the delivery operation of shopping application, to Instant Messenger
The data input of news application operates, to transactional operation of game application etc..
Optionally, in the present embodiment, the behaviour destination application in the state that is activated or operating status executed
Make that the detection to the list update information on server can be triggered, and then using the list update information got to using journey
The running environment of sequence carries out security management and control, to improve the safety executed when operating to destination application.
As a kind of optional scheme, above-mentioned apparatus further include:
Searching module, in the case where for not having list update information on detecting server, lookup is mounted with target
Stored second list of application in the terminal of application program, wherein the second list of application is server to terminal transmission
List of application, the second list of application is for recording the application that need to carry out security management and control;
Second control module, for including target application journey in finding the second list of application and the second list of application
In the case where sequence, security management and control is carried out to the running environment of destination application.
Optionally, in the present embodiment, it if there is no list update information on server, searches and has been stored in terminal
The second list of application, if finding the second list of application, by application indicated in the second list of application as need to be into
The application of row security management and control is compared with destination application, if in the second list of application including destination application,
Illustrate that destination application is the application that need to carry out security management and control, then the running environment to destination application carries out bursting tube
Control, to ensure that destination application executes operation under the running environment of safety.
Optionally, in the present embodiment, the second list of application can be, but not limited to be once the presence of list on the server
It is sent to client when more new information, which can be stored in the configuration file of data catalogue, service
Device, which has list update information every time and is sent to the list of application of client, is stored in the position, can be, but not limited to using most
New list of application replaces the list of application of position storage originally, and therefore, which can be, but not limited to only deposit
A list of application is stored up, in order to avoid can not judge the case where version of list of application or old list of application waste memory space
Occur.
As a kind of optional scheme, above-mentioned apparatus further include:
Third obtains module, for obtaining second list of application of the server to terminal transmission, wherein the second list of application
The application of middle record is different from the application recorded in the first list of application.
Optionally, in the present embodiment, the second list of application can be, but not limited to be server history more new information, i.e.,
The server last time, there are the list of application that client is transferred to when list update information.Client receives server transport every time
List of application after stored, instantly after one-time detection to the operation executed to destination application, if server
Upper no list update information can not be communicated with server, then available the second stored list of application,
Security management and control is carried out using running environment of second list of application to application program.
Optionally, in the present embodiment, the first list of application is the update to the second list of application, therefore, the first application
List and the second list of application can be different, the version that the first list of application can be the supplement to the second list of application, delete.
Such as: the first list of application may include: payment using A, instant messaging application B, shopping application C, the second application
List may include: payment using A, shopping application C, game application D and multimedia application E.As it can be seen that the first list of application is compared
Instant messaging application B is supplemented in the second list of application, has deleted game application D and multimedia application E.
As a kind of optional scheme, above-mentioned apparatus further include:
4th obtains module, in the case where not finding the second list of application, obtains stored the in terminal
Three list of application, wherein third list of application is the list of application that carries in the installation kit of the corresponding client of server;
Third control module answers target in the case where for having recorded destination application in third list of application
Security management and control is carried out with the running environment of program.,
Optionally, in the present embodiment, if detecting the operation executed to destination application, and do not have on server
List update information does not find the second list of application yet, then stored third list of application in available terminal, this
Three list of application are the list of application that carries in the installation kit of the corresponding client of server.
Optionally, in the present embodiment, when client is installed at the terminal, third list of application is carried in installation kit,
In the installation path that third list of application is stored in client in the installation process of client.It is detecting to target application
When the operation that program executes, if it is not received by the list update message of server, and stored before not finding
Second list of application, then the third list of application that can be used in installation kit carry out safety to the running environment of destination application
Control.
Optionally, in the present embodiment, third list of application can be, but not limited to be stored in matching in assets catalogue
Set file.New third list of application can be carried the client in latest edition when each client updates by server
In installation kit, to be updated to third list of application.
As a kind of optional scheme, the first control module includes:
Second detection unit, for detecting the safety of the current connected first network of destination application;
Monitoring unit, for monitoring to target in the case where detecting that the safety of first network meets goal condition
The object run that application program executes.
Optionally, in the present embodiment, first network can be, but not limited to include Wireless Fidelity net (WIFI network) etc..
Optionally, in the present embodiment, the safety of first network, which meets goal condition, can be, but not limited to include first
Network is that network, the first network not encrypted are the network etc. for not needing verifying.
As a kind of optional scheme, second detection unit includes:
First detection sub-unit, for detecting the encryption type of first network;
Second detection sub-unit, for detect first network encryption type be target encryption type in the case where,
Detect the auth type of first network, wherein target encryption type is used to indicate first network without encryption;
Determination unit, for determining the in the case where detecting the auth type of first network is target authentication type
The safety of one network meets goal condition, wherein without safety when target authentication type is used to indicate connection first network
Authentication operation.
Optionally, in the present embodiment, above-mentioned first network can be, but not limited to include: WIFI network.
Optionally, in the present embodiment, above-mentioned encryption type can be, but not limited to include: WEP encryption, WPA encryption, EAP
It encrypts, without encryption and unknown encryption etc..
Optionally, in the present embodiment, above-mentioned auth type can be, but not limited to include: to carry out security authentication operation and not
Carry out security authentication operation etc..
As a kind of optional scheme, monitoring unit is used for:
In the case where detecting the action type of object run is target type, destination application is prevented to respond target
Operation, and prompt information is sent to terminal, wherein prompt information executes destination application by first network for prompting
Object run is dangerous.
Optionally, in the present embodiment, it can be, but not limited to include text prompt, window to the prompt information that terminal is sent
Prompt (option can be provided for user to select) etc..
As a kind of optional scheme, device further include:
Display module is used for prompt information displayed on the terminals;
Control module, in the case where detecting the operation to prompt information execution, response to execute prompt information
Operation, destination application is controlled.
Optionally, in the present embodiment, user can further operate prompt information, and terminal will be according to user
Operation provide corresponding feedback.Such as: several options are provided in prompt information, " ignoring prompt information ", " company of disconnection
Connect ", " handover network " etc., user can according to circumstances select, and terminal will execute the respective option according to the user's choice
Corresponding operation.
As a kind of optional scheme, control module includes:
First processing units, for being used to indicate permission under first network to target to the operation that prompt information executes
In the case that application program performance objective operates, prompt information is cancelled, and mesh is executed to destination application by first network
Mark operation;
The second processing unit, for being used to indicate permission under the second network to target to the operation that prompt information executes
In the case that application program performance objective operates, terminal is switched into the second network from first network, and pass through the second network pair
Destination application performance objective operation, wherein the highly-safe safety in first network of the second network;
Third processing unit, for being used to indicate to the operation that prompt information executes to be passed caused by object run
In the case that transmission of data carries out cryptographic operation, destination application performance objective is operated by first network, and to be transmitted
Data are encrypted, and encrypted data to be transmitted is sent to server by first network.
Optionally, in the present embodiment, the operation executed to prompt information can serve to indicate that permission in first net
The object run is executed to the destination application under network.Such as: prompt information can be, but not limited to include: " ignore, and
Continue to execute object run " option etc..Detect to the option execute choose operation after, can cancel prompt letter
Breath, and continue through first network and destination application performance objective is operated.
Optionally, in the present embodiment, the operation executed to the prompt information is used to indicate permission under the second network
The object run is executed to the destination application.Such as: prompt information can be, but not limited to include: " to switch to second
Option of network " etc..Detect the option is executed choose operation after, terminal can be switched to the from first network
Two networks, and destination application performance objective is operated by the second network.
Optionally, in the present embodiment, the highly-safe safety in first network of the second network, such as: the second net
Network can be, but not limited to as carrier network etc..
Optionally, in the present embodiment, the operation executed to the prompt information is used to indicate to the object run institute
The data to be transmitted of generation carries out cryptographic operation.Such as: prompt information can be, but not limited to include: " encrypted transmission " option etc.
Deng.Detect to the option execute choose operation after, can continue through first network to destination application execute mesh
Mark operation, and in the case where object run generates data to be transmitted, data to be transmitted is encrypted, the first net is passed through
Encrypted data to be transmitted is sent to server by network, then operation is decrypted to encrypted data to be transmitted by server
And forward the data to be transmitted after decryption.It in this way, can also be with even if being held as a hostage by the data that first network transmits
Data are protected by the cipher mode consulted between client and server.
As a kind of optional scheme, the need with corresponding relationship are had recorded in the first list of application and carry out security management and control
Application program and operation, wherein the first control module is used for:
It include the mesh with corresponding relationship in the application program and operation that the need with corresponding relationship carry out security management and control
In the case where marking application program and the operation executed to destination application, safety is carried out to the running environment of destination application
Control.
Optionally, in the present embodiment, can be, but not limited to for recording in the first list of application is the tool to concrete application
Gymnastics is made.
The application environment of the embodiment of the present invention can be, but not limited to referring to the application environment in above-described embodiment, the present embodiment
In this is repeated no more.The embodiment of the invention provides the optional tools of one kind of the connection method for implementing above-mentioned real time communication
Body application example.
As a kind of optional embodiment, the reminding method of aforesaid operations safety can be, but not limited to be applied to such as Figure 16 institute
That shows carries out the object run executed on destination application in the scene of the security management and control of running environment.User is in public field
In often have the scene needed when ining succession WiFi using payment class software, but if the WiFi that user is connected to does not have
If having data encryption measure, it will be easy to be stolen personal information by criminal or carry out go-between using SSLStrip to attack
It hits, to steal the data of user, user account number will be caused to be stolen, by consequences such as property losses.
In this scene, client carries out WiFi safety detection when WiFi in user's connection, current detecting
WiFi reminds user to carry out corresponding safety operation in time when having potential/determining risk.And it opens payment class in user to answer
With when will do it the safety of WiFi and judge, if the WiFi that user currently connects is unencryption, have bigger
The risk attacked.Client can pop up dialog box in time and remind user at this time, and user is allowed to turn off WiFi or use
The operation such as safe encrypted tunnel, to avoid the attack by criminal.The list of this payment application (is equivalent to simultaneously
State the first list of application) configuration distributing can be gone up beyond the clouds, it is adapted to the payment application type constantly updated later,
It is allowed to be protected in time.
Optionally, in the present embodiment, above-mentioned process can be, but not limited to include the following steps:
Step 1, client is opened, safety of payment protection is opened in setting option, and it is corresponding according to prompt to authorize client
Permission.
Step 2, the interface for exiting client, allows client in running background.
Step 3, it when opening payment class application (such as finance APP, bank APP, shopping APP), detects and is connected to
Risky WiFi (no encryption and non-authentication class WiFi).
Step 4, it according to the corresponding safety operation of frame progress is played, avoids risk.
Optionally, in the present embodiment, client after start-up, if there is from issue from the background payment application configuration text
Part, then can read the configuration file issued and parsed, and if not just will use in client assets catalogue built-in matches
Set file.The caching for paying class list of application is generated after parsing configuration file, is stored in the process on backstage.As long as usually client
The background process at end is survived, and caching will always exist.
Optionally, in the present embodiment, user opens payment class application, and at this moment the background process of client, which has detected, answers
With starting, the payment the list of application whether application coincide in caching is first determined whether.If coincideing, current net is obtained
Network connection event, learns whether user is connected to WiFi.If being connected to WiFi, checked in this network connection event
The cipher mode of this WiFi and whether need to authenticate.If the WiFi is the WiFi for not needing to authenticate not encrypted, horse
Upper bullet frame reminds user, so that user be allowed to carry out safe operation.
By the above process, the moment protects the environment that user uses payment software, it is only necessary to after remain client
Platform process survival, so that it may which come into force this function.It, can be in time by issuing configuration file after payment software list update
Mode trigger the payment software list buffer update of application, without updating client, can also protect newest branch
Pay software.
Another aspect according to an embodiment of the present invention additionally provides a kind of for implementing the prompt of aforesaid operations safety
Electronic device, as shown in figure 17, the electronic device include: one or more (one is only shown in figure) processors 1702, storage
Device 1704, sensor 1706, encoder 1708 and transmitting device 1710 are stored with computer program in the memory, at this
Reason device is arranged to execute the step in any of the above-described embodiment of the method by computer program.
Optionally, in the present embodiment, above-mentioned electronic device can be located in multiple network equipments of computer network
At least one network equipment.
Optionally, in the present embodiment, above-mentioned processor can be set to execute following steps by computer program:
S1 obtains the operating status of destination application;
S2 is obtained when the operating status for getting destination application is to be activated state or operating status from server
Take list update information, wherein list update information is used to indicate the application program for updating and need to carrying out security management and control, list update
Information carries the first list of application, and the first list of application is for recording the updated application program that need to carry out security management and control;
S3, in the case that the application program that need in the updated carry out security management and control includes destination application, to target
The running environment of application program carries out security management and control.
Optionally, it will appreciated by the skilled person that structure shown in Figure 17 is only to illustrate, electronic device can also
To be smart phone (such as Android phone, iOS mobile phone), tablet computer, palm PC and mobile internet device
The terminal devices such as (Mobile Internet Devices, MID), PAD.Figure 17 it does not make to the structure of above-mentioned electronic device
At restriction.For example, electronic device may also include more or less component (such as network interface, display dress than shown in Figure 17
Set), or with the configuration different from shown in Figure 17.
Wherein, memory 1702 can be used for storing software program and module, such as the safe operation in the embodiment of the present invention
Reminding method and the corresponding program instruction/module of device, processor 1704 by operation be stored in it is soft in memory 1702
Part program and module realize the controlling party of above-mentioned target element thereby executing various function application and data processing
Method.Memory 1702 may include high speed random access memory, can also include nonvolatile memory, such as one or more magnetism
Storage device, flash memory or other non-volatile solid state memories.In some instances, memory 1702 can further comprise
The memory remotely located relative to processor 1704, these remote memories can pass through network connection to terminal.Above-mentioned net
The example of network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Above-mentioned transmitting device 1710 is used to that data to be received or sent via a network.Above-mentioned network specific example
It may include cable network and wireless network.In an example, transmitting device 1710 includes a network adapter (Network
Interface Controller, NIC), can be connected by cable with other network equipments with router so as to interconnection
Net or local area network are communicated.In an example, transmitting device 1710 is radio frequency (Radio Frequency, RF) module,
For wirelessly being communicated with internet.
Wherein, specifically, memory 1702 is for storing application program.
The embodiments of the present invention also provide a kind of storage medium, computer program is stored in the storage medium, wherein
The computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
Optionally, in the present embodiment, above-mentioned storage medium can be set to store by executing based on following steps
Calculation machine program:
S1 obtains the operating status of destination application;
S2 is obtained when the operating status for getting destination application is to be activated state or operating status from server
Take list update information, wherein list update information is used to indicate the application program for updating and need to carrying out security management and control, list update
Information carries the first list of application, and the first list of application is for recording the updated application program that need to carry out security management and control;
S3, in the case that the application program that need in the updated carry out security management and control includes destination application, to target
The running environment of application program carries out security management and control.
Optionally, storage medium is also configured to store for executing step included in the method in above-described embodiment
Computer program, this is repeated no more in the present embodiment.
Optionally, in the present embodiment, those of ordinary skill in the art will appreciate that in the various methods of above-described embodiment
All or part of the steps be that the relevant hardware of terminal device can be instructed to complete by program, the program can store in
In one computer readable storage medium, storage medium may include: flash disk, read-only memory (Read-Only Memory,
ROM), random access device (Random Access Memory, RAM), disk or CD etc..
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
If the integrated unit in above-described embodiment is realized in the form of SFU software functional unit and as independent product
When selling or using, it can store in above-mentioned computer-readable storage medium.Based on this understanding, skill of the invention
Substantially all or part of the part that contributes to existing technology or the technical solution can be with soft in other words for art scheme
The form of part product embodies, which is stored in a storage medium, including some instructions are used so that one
Platform or multiple stage computers equipment (can be personal computer, server or network equipment etc.) execute each embodiment institute of the present invention
State all or part of the steps of method.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment
The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed client, it can be by others side
Formula is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, and only one
Kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
It is desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed it is mutual it
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module
It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (14)
1. the method that the running environment of a kind of pair of application program carries out security management and control characterized by comprising
Obtain the operating status of destination application;
When the operating status for getting the destination application is to be activated state or operating status, obtained from server
Take list update information, wherein the list update information is used to indicate the application program for updating and need to carrying out security management and control, described
List update information carries the first list of application, and first list of application updated need to carry out security management and control for recording
Application program;
It is described it is updated need to carry out the application program of security management and control include the destination application in the case where, to described
The running environment of destination application carries out security management and control.
2. the method according to claim 1, wherein in the operation shape for getting the destination application
State is when being activated state or operating status, and obtaining list update information from server includes:
It is to be activated state or operating status, and the target is answered in the operating status for getting the destination application
When being performed operation with program, the list update information on the server is detected;
In the case where detecting the list update information on the server, the list is obtained more from the server
New information.
3. according to the method described in claim 2, it is characterized in that, detect the list update information on the server it
Afterwards, the method also includes:
In the case where not having the list update information on detecting the server, lookup is mounted with the target application journey
Stored second list of application in the terminal of sequence, wherein second list of application is the server to the terminal
The list of application of transmission, second list of application is for recording the application that need to carry out security management and control;
It is right in the case where including the described first application in finding second list of application and second list of application
The running environment of the destination application carries out security management and control.
4. according to the method described in claim 3, it is characterized in that, detecting the list update information on the server
Before, the method also includes:
Obtain second list of application of the server to the terminal transmission, wherein remember in second list of application
The application of record is different from the application recorded in first list of application.
5. according to the method described in claim 3, it is characterized in that, being mounted in the terminal of the destination application searching
After stored second list of application, the method also includes:
In the case where not finding second list of application, stored third list of application in the terminal is obtained,
In, the third list of application is the list of application that carries in the installation kit of the corresponding client of the server;
In the case where having recorded the destination application in the third list of application, to the fortune of the destination application
Row environment carries out security management and control.
6. the method according to claim 1, wherein the running environment to the destination application carries out safety
Control includes:
Detect the safety of the current connected first network of the destination application;
In the case where detecting that the safety of the first network meets goal condition, the destination application is held in monitoring
Capable object run.
7. according to the method described in claim 6, it is characterized in that, detect the destination application it is current connected first
The safety of network includes:
Detect the encryption type of the first network;
In the case where detecting the encryption type of the first network is target encryption type, the first network is detected
Auth type, wherein the target encryption type is used to indicate the first network without encryption;
In the case where detecting the auth type of the first network is target authentication type, the first network is determined
Safety meet the goal condition, wherein the target authentication type is used to indicate the connection first network Shi Bujin
Row security authentication operation.
8. according to the method described in claim 6, it is characterized in that, the object run that monitoring executes the destination application
Include:
In the case where detecting the action type of the object run is target type, the destination application is prevented to respond
The object run, and prompt information is sent to terminal, wherein the prompt information passes through the first network pair for prompting
It is dangerous that the destination application executes the object run.
9. according to the method described in claim 8, it is characterized in that, after sending the prompt information to the terminal, institute
State method further include:
The prompt information is shown on the terminal;
In the case where detecting the operation to prompt information execution, the operation executed to the prompt information is responded, it is right
The destination application is controlled.
10. according to the method described in claim 9, it is characterized in that, to the destination application carry out control include:
Permission is used to indicate under the first network to the destination application in the operation executed to the prompt information
In the case where executing the object run, the prompt information is cancelled, and by the first network to the target application journey
Sequence executes the object run;
Permission is used to indicate under the second network to destination application execution in the operation executed to the prompt information
In the case where the object run, the terminal is switched into second network from the first network, and passes through described the
Two networks execute the object run to the destination application, wherein second network it is highly-safe in described the
The safety of one network;
It is used to indicate in the operation executed to the prompt information and data to be transmitted caused by the object run is added
In the case where close operation, the object run is executed to the destination application by the first network, and to it is described to
Transmission data are encrypted, and encrypted data to be transmitted is sent to the server by the first network.
11. the method according to claim 1, wherein having recorded in first list of application has corresponding close
The need of system carry out the application program and operation of security management and control, wherein in the updated application journey that need to carry out security management and control
In the case that sequence includes the destination application, carrying out security management and control to the running environment of the destination application includes:
It include the mesh with corresponding relationship in the application program and operation that the need with corresponding relationship carry out security management and control
In the case where marking application program and the operation executed to the destination application, to the running environment of the destination application
Carry out security management and control.
12. the device that the running environment of a kind of pair of application program carries out security management and control characterized by comprising
First obtains module, for obtaining the operating status of destination application;
Second obtains module, for being to be activated state or operation in the operating status for getting the destination application
When state, list update information is obtained from server, wherein the list update information, which is used to indicate update, need to carry out bursting tube
The application program of control, the list update information carry the first list of application, and first list of application is updated for recording
Need afterwards carry out the application program of security management and control;
First control module, for including the target application journey in the updated application program that need to carry out security management and control
In the case where sequence, security management and control is carried out to the running environment of the destination application.
13. a kind of storage medium, which is characterized in that be stored with computer program in the storage medium, wherein the computer
Program is arranged to execute method described in any one of claim 1 to 11 when operation.
14. a kind of electronic device, including memory and processor, which is characterized in that be stored with computer journey in the memory
Sequence, the processor are arranged to execute side described in any one of claim 1 to 11 by the computer program
Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811360730.7A CN109522708B (en) | 2018-11-15 | 2018-11-15 | Method and device for safely controlling running environment of application program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811360730.7A CN109522708B (en) | 2018-11-15 | 2018-11-15 | Method and device for safely controlling running environment of application program |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109522708A true CN109522708A (en) | 2019-03-26 |
CN109522708B CN109522708B (en) | 2023-09-22 |
Family
ID=65778120
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811360730.7A Active CN109522708B (en) | 2018-11-15 | 2018-11-15 | Method and device for safely controlling running environment of application program |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109522708B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112015437A (en) * | 2019-05-31 | 2020-12-01 | 腾讯科技(深圳)有限公司 | Processing method and device for push information |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102081722A (en) * | 2011-01-04 | 2011-06-01 | 奇智软件(北京)有限公司 | Method and device for protecting appointed application program |
CN104268476A (en) * | 2014-09-30 | 2015-01-07 | 北京奇虎科技有限公司 | Application running method |
CN104268475A (en) * | 2014-09-30 | 2015-01-07 | 北京奇虎科技有限公司 | Application running system |
CN107635262A (en) * | 2017-09-20 | 2018-01-26 | 广东欧珀移动通信有限公司 | Terminal connects switching method, device, electronic equipment and the storage medium of network |
-
2018
- 2018-11-15 CN CN201811360730.7A patent/CN109522708B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102081722A (en) * | 2011-01-04 | 2011-06-01 | 奇智软件(北京)有限公司 | Method and device for protecting appointed application program |
CN104268476A (en) * | 2014-09-30 | 2015-01-07 | 北京奇虎科技有限公司 | Application running method |
CN104268475A (en) * | 2014-09-30 | 2015-01-07 | 北京奇虎科技有限公司 | Application running system |
CN107635262A (en) * | 2017-09-20 | 2018-01-26 | 广东欧珀移动通信有限公司 | Terminal connects switching method, device, electronic equipment and the storage medium of network |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112015437A (en) * | 2019-05-31 | 2020-12-01 | 腾讯科技(深圳)有限公司 | Processing method and device for push information |
CN112015437B (en) * | 2019-05-31 | 2023-09-26 | 腾讯科技(深圳)有限公司 | Push information processing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN109522708B (en) | 2023-09-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105009138B (en) | The method and system asked for processing data storehouse client | |
US8966096B2 (en) | Device-pairing by reading an address provided in device-readable form | |
CN103843002B (en) | Dynamic cleaning for malware using cloud technology | |
CN108463827A (en) | System and method for detecting sensitive information leakage while protecting privacy | |
RU2560810C2 (en) | Method and system for protecting information from unauthorised use (versions thereof) | |
CN108496382A (en) | Security information transmitting system and method for personal identification | |
CN110492990A (en) | Private key management method, apparatus and system under block chain scene | |
CN105592146A (en) | Equipment control method, device and terminal | |
CN109011583A (en) | virtual resource transfer method and device, storage medium and electronic device | |
US20120233314A1 (en) | Visualization of Access Information | |
CN110321696A (en) | Account safety guard method and system based on small routine | |
CN109768977B (en) | Streaming media data processing method and device, related equipment and medium | |
CN105847243A (en) | Method and device for accessing smart camera | |
CN111355732B (en) | Link detection method and device, electronic equipment and storage medium | |
CN108432179A (en) | For the system and method that prevention data is lost while protecting privacy | |
CN104753944A (en) | Account security verifying method and system | |
Abed et al. | Review of security issues in Internet of Things and artificial intelligence‐driven solutions | |
Puthal et al. | Decision tree based user-centric security solution for critical IoT infrastructure | |
US10826901B2 (en) | Systems and method for cross-channel device binding | |
CN114207613A (en) | Techniques for an energized intrusion detection system | |
CN111582876A (en) | Operation authentication method, device, storage medium and electronic device | |
CN105591746B (en) | A kind of processing method and processing system of online binding accepting terminal | |
CN109522708A (en) | Security control method and device are carried out to the running environment of application program | |
CN110377763B (en) | Media file viewing method and device, storage medium and electronic device | |
CN107276874B (en) | Network connection method, device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |