CN110087238A - A kind of information safety of mobile electronic equipment protection system - Google Patents

A kind of information safety of mobile electronic equipment protection system Download PDF

Info

Publication number
CN110087238A
CN110087238A CN201910391807.5A CN201910391807A CN110087238A CN 110087238 A CN110087238 A CN 110087238A CN 201910391807 A CN201910391807 A CN 201910391807A CN 110087238 A CN110087238 A CN 110087238A
Authority
CN
China
Prior art keywords
mobile electronic
module
file
electronic equipment
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910391807.5A
Other languages
Chinese (zh)
Other versions
CN110087238B (en
Inventor
杨滨峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shangluo University
Original Assignee
Shangluo University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shangluo University filed Critical Shangluo University
Priority to CN201910391807.5A priority Critical patent/CN110087238B/en
Publication of CN110087238A publication Critical patent/CN110087238A/en
Application granted granted Critical
Publication of CN110087238B publication Critical patent/CN110087238B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Abstract

The invention discloses a kind of information safety of mobile electronic equipment to protect system; it is related to field of information security technology; including user's mobile electronic equipment terminal, wireless telecommunications system and server terminal; user's mobile electronic equipment terminal is wirelessly connected the server terminal by the wireless telecommunications system, and user's mobile electronic equipment terminal is for inputting user operation instruction and file data.The present invention can not only network security in monitoring system; and classification encryption can be carried out to file data; user right and entry address are distinguished simultaneously, rights management etc. is carried out to mobile electronic device, in several ways the information security of integrated protection mobile electronic device.

Description

A kind of information safety of mobile electronic equipment protection system
Technical field
The present invention relates to field of information security technology, in particular to a kind of information safety of mobile electronic equipment protects system.
Background technique
Mobile electronic device: referring to and be made of electronic components such as integrated circuit, transistor, electron tubes, applying electronic skill The equipment that art plays a role, including electronic computer and the robot, numerical control or the stored program controlled that are controlled by electronic computer Deng.Mobile electronic device is usually desktop computer, smart phone, tablet computer and handheld device etc..
Currently, more and more enterprises and institutions are using movement with the continuous development of Internet technology and information technology Electronic equipment handles daily matters, but because the data stored in a mobile device have greater risk that can be abused, such as Employee stores perhaps some enterprises and institutions such as corporate espionage privately can be using the side of closing USB port or tertiary-structure network Formula, but this will lead to employee and can only make troubles in intra-company's processing work matters, and to office of working at home or go out, So just needing a kind of information safety of mobile electronic equipment protection system.
Summary of the invention
The embodiment of the invention provides a kind of information safety of mobile electronic equipment to protect system, to solve in the prior art There are the problem of.
A kind of information safety of mobile electronic equipment protection system, including user's mobile electronic equipment terminal, wireless telecommunications are set Standby and server terminal, user's mobile electronic equipment terminal are wirelessly connected the server by the wireless telecommunications system Terminal, user's mobile electronic equipment terminal is for inputting user operation instruction and file data;
The server terminal include human-machine operation module, mobile electronic device management module, virus monitor isolation module, File security control module, web portal security monitoring modular and network security monitoring modular, the human-machine operation module is for receiving User operation instruction and file data, the file security control module are used to carry out file data encryption and permission to use pipe Reason, the mobile electronic device management module are used to carry out rights management, the virus monitor isolation mode to mobile electronic device Block is for detecting system inner virus and being isolated in time, and the web portal security monitoring modular is for carrying out website in system Safety monitoring, the network security monitoring modular are used to carry out safety monitoring to network in system.
Preferably, user's mobile electronic equipment terminal is computer, smart phone or plate.
Preferably, the wireless telecommunications system is wireless transmitter and wireless receiver, GPRS data or wireless WIFI.
Preferably, the file security control module includes specified type file encryption module, designated program creation file Encrypting module, file permission management module, outgoing management module and backup management module, the specified type file encryption module It is encrypted for the file to specified type, the designated program creation file encryption module is used to create by designated program File encryption, the file permission management module for being managed to file permission, authorization of classify, outgoing management mould Block is for being managed file outgoing type, and the backup management module is for being managed file backup type.
Preferably, the mobile electronic device management module includes user management module, user identity authentication module and power Open module is limited, for being managed to user in system, the user identity authentication module is used for the user management module The user identity of login system is authenticated, the open module of the permission is used to carry out corresponding permission to according to user identity It is open.
Preferably, the web portal security monitoring modular is used to carry out website vulnerability scanning, detection webpage loophole, webpage are hung Horse, webpage tamper and fraudulent website remind administrator to repair and reinforce in time once discovery sends a warning at once.
Preferably, the network security monitoring modular is used to control network access and dialing access, auditing the network Safety checks boundary integrity, guarding network invasion and malicious code, limits administrator's entry address, once discovery At once it sends a warning and reminds administrator.
The invention has the advantages that: the present invention can not only network security in monitoring system, and can be to file data Classification encryption is carried out, while distinguishing user right and entry address, rights management etc. is carried out to mobile electronic device, by a variety of The information security of mode integrated protection mobile electronic device.
Detailed description of the invention
Fig. 1 is the structural schematic diagram that a kind of information safety of mobile electronic equipment provided in an embodiment of the present invention protects system;
Fig. 2 is the server terminal that a kind of information safety of mobile electronic equipment provided in an embodiment of the present invention protects system Structural schematic diagram;
Fig. 3 is the file security storage that a kind of information safety of mobile electronic equipment provided in an embodiment of the present invention protects system The structural schematic diagram of module;
Fig. 4 is the mobile electronic device that a kind of information safety of mobile electronic equipment provided in an embodiment of the present invention protects system The structural schematic diagram of management module.
Specific embodiment
Below with reference to the attached drawing in inventive embodiments, technical solution in the embodiment of the present invention carries out clear, complete Description, it is to be understood that the protection scope of the present invention is not limited by the specific implementation manner.
Referring to Fig.1-4, the present invention provides a kind of information safety of mobile electronic equipment to protect system, including the mobile electricity of user Sub- device end, wireless telecommunications system and server terminal, user's mobile electronic equipment terminal are laptop, intelligence Mobile phone and tablet computer etc..The wireless telecommunications system is wireless transmitter and wireless receiver, GPRS data or wireless WIFI facilitates and is wirelessly transferred.User's mobile electronic equipment terminal is wirelessly connected institute by the wireless telecommunications system Server terminal is stated, user's mobile electronic equipment terminal is for inputting user operation instruction and file data.
The server terminal include human-machine operation module, mobile electronic device management module, virus monitor isolation module, File security control module, web portal security monitoring modular and network security monitoring modular, the human-machine operation module is for receiving User operation instruction and file data, the file security control module are used to carry out file data encryption and permission to use pipe Reason, the mobile electronic device management module are used to carry out rights management, the virus monitor isolation mode to mobile electronic device Block is for detecting system inner virus and being isolated in time, and the web portal security monitoring modular is for carrying out website in system Safety monitoring, the network security monitoring modular are used to carry out safety monitoring to network in system.
The file security control module includes specified type file encryption module, designated program creation file encryption mould Block, file permission management module, outgoing management module and backup management module, the specified type file encryption module for pair The file of specified type is encrypted, and the designated program creation file encryption module, which is used to create file by designated program, to be added It is close, the file permission management module for being managed to file permission, authorization of classifying, the outgoing management module is used for File outgoing type is managed, the backup management module is for being managed file backup type, integrated management text Number of packages evidence.
The mobile electronic device management module includes the open mould of user management module, user identity authentication module and permission Block, for being managed to user in system, the user identity authentication module is used for login system the user management module The user identity of system is authenticated, and the open module of the permission is used to open to according to the corresponding permission of user identity progress, right Mobile electronic device carries out rights management.
The web portal security monitoring modular be used for by technological means to website carry out vulnerability scanning, detection webpage whether by The loopholes such as injection attacks, such as SQL injection, SSI injection, Ldap injection, Xpath injection, if there are the leakages of XSS cross site scripting Hole, webpage exist whether extension horse, with the presence or absence of buffer overflow, with the presence or absence of upload loophole, if there are source code leakage, it is hidden Whether catalogue is revealed, whether database is revealed and whether management address is revealed for hiding, and webpage is either with or without distorting, whether have fraud Website, once discovery send a warning at once, remind administrator repair and reinforce in time, thus in safeguards system website peace Row for the national games.
The network security monitoring modular does not allow to count for making the traffic handing capacity of the network equipment have redundant space Pass through according to band puppy parc, does not open remote dial access function, record the operation conditions, network flow, user of the network equipment The date and time of the events such as behavior, user, event type, whether event succeeds and other information relevant to audit;Simultaneously The behavior that internal network can be linked to privately to unauthorized device checks, accurately makes position, and effectively hindered it It is disconnected;Following attack: port scan, heavy attack, wooden horse backdoor attack is monitored in network boundary.Denial of Service attack delays Rush the generation of the intrusion events such as area's flooding, ip fragmentation attack, network worm attack;At network boundary to malicious code into Row detection and it is clear;Identity identification is carried out to the user of logging in network equipment;Network access and dialing access are controlled, examined Network security is counted, boundary integrity, guarding network invasion and malicious code is checked, administrator's entry address is limited, one Denier discovery sends a warning at once reminds administrator.
In conclusion the present invention can not only network security in monitoring system, and file data can be divided Class encryption, while user right and entry address are distinguished, rights management etc. is carried out to mobile electronic device, it is comprehensive in several ways Close the information security of protection mobile electronic device.
Disclosed above is only a specific embodiment of the invention, and still, the embodiment of the present invention is not limited to this, is appointed What what those skilled in the art can think variation should all fall into protection scope of the present invention.

Claims (7)

1. a kind of information safety of mobile electronic equipment protects system, which is characterized in that including user's mobile electronic equipment terminal, nothing Line communication apparatus and server terminal, user's mobile electronic equipment terminal are wirelessly connected institute by the wireless telecommunications system Server terminal is stated, user's mobile electronic equipment terminal is for inputting user operation instruction and file data;
The server terminal includes human-machine operation module, mobile electronic device management module, virus monitor isolation module, file Safety management module, web portal security monitoring modular and network security monitoring modular, the human-machine operation module is for receiving user Operational order and file data, the file security control module is used to carry out file data encryption and permission uses management, The mobile electronic device management module is used to carry out mobile electronic device rights management, and the virus monitor isolation module is used In being detected to system inner virus and being isolated in time, the web portal security monitoring modular is used to carry out safety to website in system Monitoring, the network security monitoring modular are used to carry out safety monitoring to network in system.
2. a kind of information safety of mobile electronic equipment as described in claim 1 protects system, which is characterized in that the user moves Dynamic electronic device terminal is computer, smart phone or plate.
3. a kind of information safety of mobile electronic equipment as described in claim 1 protects system, which is characterized in that the channel radio Interrogating equipment is wireless transmitter and wireless receiver, GPRS data or wireless WIFI.
4. a kind of information safety of mobile electronic equipment as described in claim 1 protects system, which is characterized in that the file peace Full management module include specified type file encryption module, designated program creation file encryption module, file permission management module, Outgoing management module and backup management module, the specified type file encryption module is for adding the file of specified type Close, the designated program creation file encryption module is used to create file encryption, the file permission management by designated program Module for file permission is managed, authorization of classify, the outgoing management module for file outgoing type progress Management, the backup management module is for being managed file backup type.
5. a kind of information safety of mobile electronic equipment as described in claim 1 protects system, which is characterized in that the mobile electricity Sub- device management module includes the open module of user management module, user identity authentication module and permission, the user management mould Block is for being managed user in system, and the user identity authentication module is for recognizing the user identity of login system Card, the open module of the permission are used for open to corresponding permission is carried out according to user identity.
6. a kind of information safety of mobile electronic equipment as described in claim 1 protects system, which is characterized in that the website peace Full monitoring modular is used to carry out website vulnerability scanning, detection webpage loophole, web page horse hanging, webpage tamper and fraudulent website, and one Denier discovery sends a warning at once, and administrator is reminded to repair and reinforce in time.
7. a kind of information safety of mobile electronic equipment as described in claim 1 protects system, which is characterized in that the network peace Full monitoring modular is used to control network access and dialing access, and auditing the network safety checks boundary integrity, takes precautions against net Network invasion and malicious code, limit administrator's entry address, once discovery sends a warning at once reminds administrator.
CN201910391807.5A 2019-05-13 2019-05-13 Information security protection system of mobile electronic equipment Active CN110087238B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910391807.5A CN110087238B (en) 2019-05-13 2019-05-13 Information security protection system of mobile electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910391807.5A CN110087238B (en) 2019-05-13 2019-05-13 Information security protection system of mobile electronic equipment

Publications (2)

Publication Number Publication Date
CN110087238A true CN110087238A (en) 2019-08-02
CN110087238B CN110087238B (en) 2022-09-23

Family

ID=67419847

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910391807.5A Active CN110087238B (en) 2019-05-13 2019-05-13 Information security protection system of mobile electronic equipment

Country Status (1)

Country Link
CN (1) CN110087238B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111371748A (en) * 2020-02-21 2020-07-03 浙江德迅网络安全技术有限公司 Method for realizing WEB firewall on cloud platform
CN112000953A (en) * 2020-08-20 2020-11-27 杭州银核存储区块链有限公司 Big data terminal safety protection system
CN116702229A (en) * 2023-08-04 2023-09-05 四川蓉城蕾茗科技有限公司 Safety house information safety control method and system

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101944168A (en) * 2009-07-09 2011-01-12 精品科技股份有限公司 Electronic file authority control and management system
CN102938762A (en) * 2012-10-26 2013-02-20 深圳出入境检验检疫局信息中心 File safety management system based on mobile terminal
CN103023993A (en) * 2012-11-28 2013-04-03 青岛双瑞海洋环境工程股份有限公司 Enterprise information system based on cloud computing
CN103034947A (en) * 2012-12-20 2013-04-10 成都羿明科技有限公司 Emin view mobile commercial platform system
CN104767715A (en) * 2014-01-03 2015-07-08 华为技术有限公司 Network access control method and equipment
CN105282178A (en) * 2015-11-29 2016-01-27 国网江西省电力公司信息通信分公司 Cloud computing security technology platform
CN105471857A (en) * 2015-11-19 2016-04-06 国网天津市电力公司 Power grid terminal invalid external connection monitoring blocking method
CN107547555A (en) * 2017-09-11 2018-01-05 北京匠数科技有限公司 A kind of web portal security monitoring method and device
CN107730128A (en) * 2017-10-23 2018-02-23 上海携程商务有限公司 Methods of risk assessment and system based on operation flow
CN107888607A (en) * 2017-11-28 2018-04-06 新华三技术有限公司 A kind of Cyberthreat detection method, device and network management device
CN109325739A (en) * 2018-09-19 2019-02-12 广东长城宽带网络服务有限公司 A kind of BYOD comprehensive office method based on information security
CN109460660A (en) * 2018-10-18 2019-03-12 广州市网欣计算机科技有限公司 A kind of mobile device safety management system

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101944168A (en) * 2009-07-09 2011-01-12 精品科技股份有限公司 Electronic file authority control and management system
CN102938762A (en) * 2012-10-26 2013-02-20 深圳出入境检验检疫局信息中心 File safety management system based on mobile terminal
CN103023993A (en) * 2012-11-28 2013-04-03 青岛双瑞海洋环境工程股份有限公司 Enterprise information system based on cloud computing
CN103034947A (en) * 2012-12-20 2013-04-10 成都羿明科技有限公司 Emin view mobile commercial platform system
CN104767715A (en) * 2014-01-03 2015-07-08 华为技术有限公司 Network access control method and equipment
CN105471857A (en) * 2015-11-19 2016-04-06 国网天津市电力公司 Power grid terminal invalid external connection monitoring blocking method
CN105282178A (en) * 2015-11-29 2016-01-27 国网江西省电力公司信息通信分公司 Cloud computing security technology platform
CN107547555A (en) * 2017-09-11 2018-01-05 北京匠数科技有限公司 A kind of web portal security monitoring method and device
CN107730128A (en) * 2017-10-23 2018-02-23 上海携程商务有限公司 Methods of risk assessment and system based on operation flow
CN107888607A (en) * 2017-11-28 2018-04-06 新华三技术有限公司 A kind of Cyberthreat detection method, device and network management device
CN109325739A (en) * 2018-09-19 2019-02-12 广东长城宽带网络服务有限公司 A kind of BYOD comprehensive office method based on information security
CN109460660A (en) * 2018-10-18 2019-03-12 广州市网欣计算机科技有限公司 A kind of mobile device safety management system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘旭峰等: "移动设备信息安全保护系统与方法", 《信息安全与通信保密》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111371748A (en) * 2020-02-21 2020-07-03 浙江德迅网络安全技术有限公司 Method for realizing WEB firewall on cloud platform
CN112000953A (en) * 2020-08-20 2020-11-27 杭州银核存储区块链有限公司 Big data terminal safety protection system
CN116702229A (en) * 2023-08-04 2023-09-05 四川蓉城蕾茗科技有限公司 Safety house information safety control method and system
CN116702229B (en) * 2023-08-04 2023-11-21 四川蓉城蕾茗科技有限公司 Safety house information safety control method and system

Also Published As

Publication number Publication date
CN110087238B (en) 2022-09-23

Similar Documents

Publication Publication Date Title
CN112217835B (en) Message data processing method and device, server and terminal equipment
CN104283889B (en) APT attack detectings and early warning system inside electric system based on the network architecture
CN101610264B (en) Firewall system, safety service platform and firewall system management method
CN110087238A (en) A kind of information safety of mobile electronic equipment protection system
CN207264475U (en) A kind of intelligent lock control system based on eID certifications
CN101667232A (en) Terminal credible security system and method based on credible computing
CN204465588U (en) A kind of host monitor based on server architecture and auditing system
CN106982204A (en) Credible and secure platform
Raghuvanshi et al. Internet of Things: Security vulnerabilities and countermeasures
Ukidve et al. Analysis of payment card industry data security standard [PCI DSS] compliance by confluence of COBIT 5 framework
Mohammed et al. Data security and protection: A mechanism for managing data theft and cybercrime in online platforms of educational institutions
CN204697072U (en) A kind of secure accessing managing and control system of network end nodes
CN115643573A (en) Privileged account authentication method and system based on dynamic security environment
Zeybek et al. A study on security awareness in mobile devices
Talukder et al. Point-of-sale device attacks and mitigation approaches for cyber-physical systems
Pan et al. PLC Protection System Based on Verification Separation.
Cho et al. Detection and response of identity theft within a company utilizing location information
Kshetri et al. cryptoRAN: A review on cryptojacking and ransomware attacks wrt banking industry--threats, challenges, & problems
Mishra et al. Cyber security in cloud platforms
Sun et al. Research on the design of the implementation plan of network security level protection of information security
CN113872966B (en) Digital asset all-in-one based on block chain
CN106941497B (en) Safety processing system based on information platform data
KR20110098983A (en) The smartphone and solution or program blocking from hacking by samrt ic card which can insert or eject
Gardner OVERVIEW OF PRACTICES AND PROCESSES OF THE CMMC ASSESSMENT GUIDES
Ahmad et al. A survey on taxonomies of attacks and vulnerabilities in computer systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant