CN111988314A - System architecture and method for dynamically deploying network security service - Google Patents
System architecture and method for dynamically deploying network security service Download PDFInfo
- Publication number
- CN111988314A CN111988314A CN202010836646.9A CN202010836646A CN111988314A CN 111988314 A CN111988314 A CN 111988314A CN 202010836646 A CN202010836646 A CN 202010836646A CN 111988314 A CN111988314 A CN 111988314A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- network
- network security
- management server
- user information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a system architecture for dynamically deploying network security service and a method thereof, wherein the architecture comprises the following steps: when the network gateway receives a network connection request of the mobile terminal, if the network connection request is the first connection, the network gateway analyzes the network connection request to obtain the request user information in the network connection request, sends the request user information to the enterprise management server, and establishes a temporary channel between the enterprise management server and the mobile terminal; receiving an operation instruction generated after the mobile terminal operates the network security service, and establishing connection between an intranet and the mobile terminal according to the operation instruction; and when receiving the request user information uploaded by the network gateway, the enterprise management server acquires the corresponding position according to the request user information, and issues the network security service corresponding to the position to the mobile terminal through the temporary channel for the mobile terminal to operate. The framework can automatically deploy network security service in the personal mobile terminal, automatically manage the installed APP, and save labor cost.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a system architecture for dynamically deploying network security services and a method thereof.
Background
With the maturity and popularity of mobile terminals, personal mobile terminals, such as mobile phones and tablet computers, gradually enter the enterprise field, and this phenomenon is called as self-contained office (BYOD). Compared with the traditional informatization mode, the BYOD environment mainly has the following problems: the APP of a plurality of individuals is often installed on the personal mobile terminal, and malicious software on the market of the individual APP is like cow hair, so that enterprise data is put into potential safety hazards. Therefore, in order to ensure the safety of the internal network of the enterprise, an enterprise network manager is required to manage or uninstall the APP installed on the used personal mobile terminal, and simultaneously, after mutual protection is carried out according to the requirement of the enterprise network safety, the enterprise intranet can be connected, so that the problem of network safety of the enterprise using the personal mobile terminal is solved. However, when the number of the personal mobile terminals is large, enterprise network managers need to operate one by one, so that the efficiency is low, and the labor cost is high.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a system architecture for dynamically deploying network security services and a method thereof, which can automatically deploy the network security services in a personal mobile terminal, automatically manage the installed APP and save the labor cost.
In a first aspect, a system architecture for dynamically deploying network security services includes:
a network gateway: deployed on an intranet; the network gateway is used for analyzing the network connection request to obtain the request user information in the network connection request and sending the request user information to the enterprise management server to establish a temporary channel between the enterprise management server and the mobile terminal if the network connection request is the first connection when the network connection request of the mobile terminal is received; the network gateway is also used for receiving an operation instruction generated after the mobile terminal operates the network security service, and establishing the connection between the intranet and the mobile terminal according to the operation instruction;
enterprise management server: storing network security services corresponding to different positions; and the enterprise management server is used for acquiring corresponding positions according to the request user information when receiving the request user information uploaded by the network gateway, and issuing network security services corresponding to the positions to the mobile terminal through the temporary channel for the mobile terminal to operate.
Preferably, the temporary channel is preset with starting time;
and the network gateway is used for closing the temporary channel of the enterprise management server and the mobile terminal after detecting that the starting time of the temporary channel is reached.
Preferably, the network security service includes an APP detection process and an installation package installation process;
the APP detection process is used for detecting whether the APP installed in the mobile terminal exists in a preset blacklist or not after the mobile terminal runs, and generating a detection result;
the installation package installation process is used for installing a preset application program on the mobile terminal after the mobile terminal runs and generating an installation result;
and the network security service is used for generating the operation instruction according to the detection result and the installation result.
Preferably, the network gateway is specifically configured to:
analyzing the operation instruction from the mobile terminal to obtain an analysis result;
and when the detection result in the analysis result indicates that the APP installed in the mobile terminal does not exist in the preset blacklist and the installation result indicates that the installation is successful, establishing the connection between the intranet and the mobile terminal.
Preferably, the network gateway is further configured to:
after the request user information in the network connection request is obtained, setting a tracking upper limit;
when detecting that the frequency of initiating the network connection request by the request user information reaches the tracking upper limit, establishing a temporary channel between the enterprise management server and the mobile terminal, so that the enterprise management server can issue corresponding network security service to the mobile terminal;
and when the operation instruction uploaded by the mobile terminal is analyzed, and the detection result in the obtained analysis result indicates that the APP installed in the mobile terminal exists in a preset blacklist or the installation result indicates that the installation is unsuccessful, disconnecting the intranet from the mobile terminal, and deleting the request record of the request user information in the network gateway.
In a second aspect, a method for dynamically deploying network security services includes the following steps:
when a network gateway receives a network connection request of a mobile terminal, if the network connection request is the first connection, analyzing the network connection request to obtain request user information in the network connection request;
the network gateway sends the request user information to an enterprise management server, and a temporary channel between the enterprise management server and the mobile terminal is established;
when the enterprise management server receives the request user information uploaded by the network gateway, the enterprise management server acquires the corresponding position according to the request user information, and issues the network security service corresponding to the position to the mobile terminal through the temporary channel for the mobile terminal to operate;
and the network gateway receives an operation instruction generated after the mobile terminal operates the network security service, and establishes the connection between the intranet and the mobile terminal according to the operation instruction.
Preferably, the temporary channel is preset with starting time;
after the network gateway establishes a temporary channel between the enterprise management server and the mobile terminal, the method further comprises the following steps:
and after detecting that the starting time of the temporary channel is up, the network gateway closes the temporary channel of the enterprise management server and the mobile terminal.
Preferably, the network security service includes an APP detection process and an installation package installation process;
the APP detection process is used for detecting whether the APP installed in the mobile terminal exists in a preset blacklist or not after the mobile terminal runs, and generating a detection result;
the installation package installation process is used for installing a preset application program on the mobile terminal after the mobile terminal runs and generating an installation result;
and the network security service is used for generating the operation instruction according to the detection result and the installation result.
Preferably, the network gateway receives an operation instruction generated after the mobile terminal operates the network security service, and establishing the connection between the intranet and the mobile terminal according to the operation instruction specifically includes:
the network gateway analyzes the operation instruction from the mobile terminal to obtain an analysis result;
and when the detection result in the analysis result indicates that the APP installed in the mobile terminal does not exist in the preset blacklist and the installation result indicates that the installation is successful, establishing the connection between the intranet and the mobile terminal.
Preferably, after the network gateway establishes the connection between the intranet and the mobile terminal according to the operation instruction, the method further includes:
after the request user information in the network connection request is obtained, setting a tracking upper limit;
when detecting that the frequency of initiating the network connection request by the request user information reaches the tracking upper limit, establishing a temporary channel between the enterprise management server and the mobile terminal, so that the enterprise management server can issue corresponding network security service to the mobile terminal;
and when the operation instruction uploaded by the mobile terminal is analyzed, and the detection result in the obtained analysis result indicates that the APP installed in the mobile terminal exists in a preset blacklist or the installation result indicates that the installation is unsuccessful, disconnecting the intranet from the mobile terminal, and deleting the request record of the request user information in the network gateway.
According to the technical scheme, the system architecture and the method for dynamically deploying the network security service can automatically deploy the network security service in the personal mobile terminal, automatically manage the installed APP, and save labor cost.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
Fig. 1 is a block diagram of a system architecture according to an embodiment of the present invention.
Fig. 2 is a flowchart of a method according to a second embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and therefore are only examples, and the protection scope of the present invention is not limited thereby. It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which the invention pertains.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
The first embodiment is as follows:
a system architecture for dynamically deploying network security services, see fig. 1, comprising:
a network gateway: deployed on an intranet; the network gateway is used for analyzing the network connection request to obtain the request user information in the network connection request and sending the request user information to the enterprise management server to establish a temporary channel between the enterprise management server and the mobile terminal if the network connection request is the first connection when the network connection request of the mobile terminal is received; the network gateway is also used for receiving an operation instruction generated after the mobile terminal operates the network security service, establishing the connection between the intranet and the mobile terminal according to the operation instruction, and judging that the mobile terminal is authenticated;
enterprise management server: storing network security services corresponding to different positions; and the enterprise management server is used for acquiring corresponding positions according to the request user information when receiving the request user information uploaded by the network gateway, and issuing network security services corresponding to the positions to the mobile terminal through the temporary channel for the mobile terminal to operate.
Specifically, the request user information includes a user name, a job number or a flower name, or the like, which uniquely identifies the user. The enterprise management server is used for the human resource personnel of the enterprise to input the employee information and the corresponding positions. When the mobile terminal wants to access an enterprise intranet, the mobile terminal sends a network connection request to the network gateway to request to connect the enterprise intranet, and then the network gateway and the enterprise management server jointly detect whether the mobile terminal is provided with a malicious APP or not and install some network protection application programs on the mobile terminal. In an enterprise, employees in different positions relate to different enterprise confidential documents, and the confidentiality degrees are different, so that the system architecture adopts different detection methods and installs different application programs aiming at mobile terminals used in different positions. When the network connection request is non-initial connection (i.e. the mobile terminal is authenticated), it indicates that the mobile terminal has passed the authentication of the network gateway, and at this time, the connection between the intranet and the mobile terminal is established.
The temporary channel is only used for the enterprise management server to send the matched network security service to the mobile terminal. The mobile terminal runs the network security service issued by the enterprise management server, after the network security service is finished by the mobile terminal, a running instruction is generated and sent to the network gateway, if the running instruction is qualified, that is, malicious APP is not detected out and the installation of the network protection application program is finished, the network protection of the mobile terminal is in place, and the intranet can be safely accessed.
The system can automatically deploy network security service in the personal mobile terminal, automatically manage the installed APP, and the mobile terminal needing to be connected with the intranet only needs to initiate a network connection request to the network gateway, does not need to arrange special network management personnel to operate one by one, and is high in efficiency and labor cost saving.
Preferably, the temporary channel is preset with starting time;
and the network gateway is used for closing the temporary channel of the enterprise management server and the mobile terminal after detecting that the starting time of the temporary channel is reached.
Specifically, in order to ensure the network security of the enterprise, since the temporary channel is only used for the enterprise management server to issue the network security service to the mobile terminal, the opening time of the temporary channel does not need to be too long, and only the issuance of the network security service is completed. Therefore, the framework sets different starting times of the temporary channel aiming at different network security services, and when the starting time is up, the network security service is considered to be completely issued, and the temporary channel is closed.
Preferably, the network security service includes an APP detection process and an installation package installation process;
the APP detection process is used for detecting whether the APP installed in the mobile terminal exists in a preset blacklist or not after the mobile terminal runs, and generating a detection result;
the installation package installation process is used for installing a preset application program on the mobile terminal after the mobile terminal runs and generating an installation result;
and the network security service is used for generating the operation instruction according to the detection result and the installation result.
Specifically, malicious APPs are identified in the blacklist, and when some applications in the blacklist are installed in the mobile terminal, the mobile terminal is indicated to be installed with the malicious APPs, and at the moment, the intranet cannot be connected. The installation package installation process comprises installation packages of the applications needing to be installed by the position, such as antivirus software, firewall setting and the like. And when the installation package installation process is operated by the mobile terminal, automatically installing the installation package of the application program to finish network security protection. And after the network security service is executed, generating the operation instruction according to the detection result and the installation result, and feeding back the operation instruction to the network gateway, so that the network gateway judges whether to establish the connection between the intranet and the mobile terminal according to the operation instruction.
Preferably, the network gateway is specifically configured to:
analyzing the operation instruction from the mobile terminal to obtain an analysis result;
and when the detection result in the analysis result indicates that the APP installed in the mobile terminal does not exist in the preset blacklist and the installation result indicates that the installation is successful, establishing the connection between the intranet and the mobile terminal.
Specifically, the network gateway establishes connection between the intranet and the mobile terminal only after detecting that no malicious APP is installed in the mobile terminal and the installation package of the application program is installed.
Preferably, the network gateway is further configured to:
after the request user information in the network connection request is obtained, setting a tracking upper limit;
when detecting that the frequency of initiating the network connection request by the request user information reaches the tracking upper limit, establishing a temporary channel between the enterprise management server and the mobile terminal, so that the enterprise management server can issue corresponding network security service to the mobile terminal;
and when the operation instruction uploaded by the mobile terminal is analyzed, and the detection result in the obtained analysis result indicates that the APP installed in the mobile terminal exists in a preset blacklist or the installation result indicates that the installation is unsuccessful, disconnecting the intranet from the mobile terminal, and deleting the request record of the request user information in the network gateway.
Specifically, if the mobile terminal initiates the network connection request for the first time, APP detection and application program installation are performed on the mobile terminal according to the method, if the mobile terminal is not connected for the first time, it is indicated that the mobile terminal is authenticated and safe before, and at this time, in order to accelerate the network connection speed, the network connection request is not authenticated and is directly connected.
But in order to ensure the safety of the intranet, the method also has a timing monitoring function. After the mobile terminal is used for a plurality of times, namely the number of times of initiating the network connection request by the request user information reaches the tracking upper limit, the mobile terminal needs to be re-authenticated by adopting the method, if the mobile terminal is provided with a malicious APP or some network security protection application programs in the using process, the connection between the intranet and the mobile terminal is disconnected, and the request record of the request user information in the network gateway is deleted, so that the network gateway does not have the request record of the request user information, and the request user information is considered not to have the request for connecting the intranet. If the mobile terminal wants to connect the contents again, re-authentication is required according to the above-described method.
Example two:
a method for dynamically deploying network security services, see fig. 2, comprising the steps of:
s1: when a network gateway receives a network connection request of a mobile terminal, if the network connection request is the first connection, analyzing the network connection request to obtain request user information in the network connection request;
s2: the network gateway sends the request user information to an enterprise management server, and a temporary channel between the enterprise management server and the mobile terminal is established;
s3: when the enterprise management server receives the request user information uploaded by the network gateway, the enterprise management server acquires the corresponding position according to the request user information, and issues the network security service corresponding to the position to the mobile terminal through the temporary channel for the mobile terminal to operate;
s4: and the network gateway receives an operation instruction generated after the mobile terminal operates the network security service, and establishes the connection between the intranet and the mobile terminal according to the operation instruction.
Preferably, the temporary channel is preset with starting time;
after the network gateway establishes a temporary channel between the enterprise management server and the mobile terminal, the method further comprises the following steps:
and after detecting that the starting time of the temporary channel is up, the network gateway closes the temporary channel of the enterprise management server and the mobile terminal.
Preferably, the network security service includes an APP detection process and an installation package installation process;
the APP detection process is used for detecting whether the APP installed in the mobile terminal exists in a preset blacklist or not after the mobile terminal runs, and generating a detection result;
the installation package installation process is used for installing a preset application program on the mobile terminal after the mobile terminal runs and generating an installation result;
and the network security service is used for generating the operation instruction according to the detection result and the installation result.
Preferably, the network gateway receives an operation instruction generated after the mobile terminal operates the network security service, and establishing the connection between the intranet and the mobile terminal according to the operation instruction specifically includes:
the network gateway analyzes the operation instruction from the mobile terminal to obtain an analysis result;
and when the detection result in the analysis result indicates that the APP installed in the mobile terminal does not exist in the preset blacklist and the installation result indicates that the installation is successful, establishing the connection between the intranet and the mobile terminal.
Preferably, after the network gateway establishes the connection between the intranet and the mobile terminal according to the operation instruction, the method further includes:
after the request user information in the network connection request is obtained, setting a tracking upper limit;
when detecting that the frequency of initiating the network connection request by the request user information reaches the tracking upper limit, establishing a temporary channel between the enterprise management server and the mobile terminal, so that the enterprise management server can issue corresponding network security service to the mobile terminal;
and when the operation instruction uploaded by the mobile terminal is analyzed, and the detection result in the obtained analysis result indicates that the APP installed in the mobile terminal exists in a preset blacklist or the installation result indicates that the installation is unsuccessful, disconnecting the intranet from the mobile terminal, and deleting the request record of the request user information in the network gateway.
The method can automatically deploy network security service in the personal mobile terminal, automatically manage the installed APP, and save labor cost.
For the sake of brief description, the method provided by the embodiment of the present invention may refer to the corresponding contents in the foregoing system embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Claims (10)
1. A system architecture for dynamically deploying network security services, comprising:
a network gateway: deployed on an intranet; the network gateway is used for analyzing the network connection request to obtain the request user information in the network connection request and sending the request user information to the enterprise management server to establish a temporary channel between the enterprise management server and the mobile terminal if the network connection request is the first connection when the network connection request of the mobile terminal is received; the network gateway is also used for receiving an operation instruction generated after the mobile terminal operates the network security service, and establishing the connection between the intranet and the mobile terminal according to the operation instruction;
enterprise management server: storing network security services corresponding to different positions; and the enterprise management server is used for acquiring corresponding positions according to the request user information when receiving the request user information uploaded by the network gateway, and issuing network security services corresponding to the positions to the mobile terminal through the temporary channel for the mobile terminal to operate.
2. The system architecture for dynamically deploying network security services according to claim 1,
the temporary channel is preset with starting time;
and the network gateway is used for closing the temporary channel of the enterprise management server and the mobile terminal after detecting that the starting time of the temporary channel is reached.
3. The system architecture for dynamically deploying network security services according to claim 1,
the network security service comprises an APP detection process and an installation package installation process;
the APP detection process is used for detecting whether the APP installed in the mobile terminal exists in a preset blacklist or not after the mobile terminal runs, and generating a detection result;
the installation package installation process is used for installing a preset application program on the mobile terminal after the mobile terminal runs and generating an installation result;
and the network security service is used for generating the operation instruction according to the detection result and the installation result.
4. The system architecture for dynamically deploying network security services according to claim 3, wherein the network gateway is specifically configured to:
analyzing the operation instruction from the mobile terminal to obtain an analysis result;
and when the detection result in the analysis result indicates that the APP installed in the mobile terminal does not exist in the preset blacklist and the installation result indicates that the installation is successful, establishing the connection between the intranet and the mobile terminal.
5. The system architecture for dynamically deploying network security services as claimed in claim 4, wherein the network gateway is further configured to:
after the request user information in the network connection request is obtained, setting a tracking upper limit;
when detecting that the frequency of initiating the network connection request by the request user information reaches the tracking upper limit, establishing a temporary channel between the enterprise management server and the mobile terminal, so that the enterprise management server can issue corresponding network security service to the mobile terminal;
and when the operation instruction uploaded by the mobile terminal is analyzed, and the detection result in the obtained analysis result indicates that the APP installed in the mobile terminal exists in a preset blacklist or the installation result indicates that the installation is unsuccessful, disconnecting the intranet from the mobile terminal, and deleting the request record of the request user information in the network gateway.
6. A method for dynamically deploying network security services is characterized by comprising the following steps:
when a network gateway receives a network connection request of a mobile terminal, if the network connection request is the first connection, analyzing the network connection request to obtain request user information in the network connection request;
the network gateway sends the request user information to an enterprise management server, and a temporary channel between the enterprise management server and the mobile terminal is established;
when the enterprise management server receives the request user information uploaded by the network gateway, the enterprise management server acquires the corresponding position according to the request user information, and issues the network security service corresponding to the position to the mobile terminal through the temporary channel for the mobile terminal to operate;
and the network gateway receives an operation instruction generated after the mobile terminal operates the network security service, and establishes the connection between the intranet and the mobile terminal according to the operation instruction.
7. The method for dynamically deploying network security services according to claim 6,
the temporary channel is preset with starting time;
after the network gateway establishes a temporary channel between the enterprise management server and the mobile terminal, the method further comprises the following steps:
and after detecting that the starting time of the temporary channel is up, the network gateway closes the temporary channel of the enterprise management server and the mobile terminal.
8. The method for dynamically deploying network security services according to claim 6,
the network security service comprises an APP detection process and an installation package installation process;
the APP detection process is used for detecting whether the APP installed in the mobile terminal exists in a preset blacklist or not after the mobile terminal runs, and generating a detection result;
the installation package installation process is used for installing a preset application program on the mobile terminal after the mobile terminal runs and generating an installation result;
and the network security service is used for generating the operation instruction according to the detection result and the installation result.
9. The method for dynamically deploying network security services according to claim 8, wherein the network gateway receives an operation instruction generated after the mobile terminal operates the network security services, and establishing the connection between the intranet and the mobile terminal according to the operation instruction specifically comprises:
the network gateway analyzes the operation instruction from the mobile terminal to obtain an analysis result;
and when the detection result in the analysis result indicates that the APP installed in the mobile terminal does not exist in the preset blacklist and the installation result indicates that the installation is successful, establishing the connection between the intranet and the mobile terminal.
10. The method for dynamically deploying network security services according to claim 9, wherein after the network gateway establishes the connection between the intranet and the mobile terminal according to the operation instruction, the method further comprises:
after the request user information in the network connection request is obtained, setting a tracking upper limit;
when detecting that the frequency of initiating the network connection request by the request user information reaches the tracking upper limit, establishing a temporary channel between the enterprise management server and the mobile terminal, so that the enterprise management server can issue corresponding network security service to the mobile terminal;
and when the operation instruction uploaded by the mobile terminal is analyzed, and the detection result in the obtained analysis result indicates that the APP installed in the mobile terminal exists in a preset blacklist or the installation result indicates that the installation is unsuccessful, disconnecting the intranet from the mobile terminal, and deleting the request record of the request user information in the network gateway.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010836646.9A CN111988314A (en) | 2020-08-19 | 2020-08-19 | System architecture and method for dynamically deploying network security service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010836646.9A CN111988314A (en) | 2020-08-19 | 2020-08-19 | System architecture and method for dynamically deploying network security service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111988314A true CN111988314A (en) | 2020-11-24 |
Family
ID=73435432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010836646.9A Pending CN111988314A (en) | 2020-08-19 | 2020-08-19 | System architecture and method for dynamically deploying network security service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111988314A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124477A (en) * | 2021-11-05 | 2022-03-01 | 深圳市联软科技股份有限公司 | Business service system and method |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102333306A (en) * | 2010-06-30 | 2012-01-25 | 丛林网络公司 | The many service VPN networking clients that are used for mobile device |
| US20140007215A1 (en) * | 2012-06-15 | 2014-01-02 | Lockheed Martin Corporation | Mobile applications platform |
| CN103581184A (en) * | 2013-10-31 | 2014-02-12 | 中国电子科技集团公司第十五研究所 | Method and system for mobile terminal to get access to intranet server |
| CN103646215A (en) * | 2013-12-23 | 2014-03-19 | 北京奇虎科技有限公司 | Application installation control method, related system and related device |
| WO2014047168A1 (en) * | 2012-09-18 | 2014-03-27 | Citrix Systems, Inc. | Mobile device management and security |
| CN103713904A (en) * | 2013-12-26 | 2014-04-09 | 北京奇虎科技有限公司 | Method, related device and system for installing applications in working area of mobile terminal |
| WO2014176832A1 (en) * | 2013-04-28 | 2014-11-06 | 烽火通信科技股份有限公司 | System and method for intelligent terminal to manage home gateway |
| US20150326594A1 (en) * | 2014-05-06 | 2015-11-12 | International Business Machines Corporation | Network data collection and response system |
| US20150373023A1 (en) * | 2014-06-22 | 2015-12-24 | Citrix Systems, Inc. | Enabling User Entropy Encryption in Non-Compliant Mobile Applications |
| CN105471698A (en) * | 2015-12-23 | 2016-04-06 | 广东亿迅科技有限公司 | Inner network access system based on VPDN (virtual private dial network) and method thereof |
| CN105471866A (en) * | 2015-11-23 | 2016-04-06 | 深圳市联软科技有限公司 | Protection method and apparatus for mobile application |
| CN105554005A (en) * | 2015-12-24 | 2016-05-04 | 北京奇虎科技有限公司 | Enterprise network security management method, device and system and security gateway |
| US9369433B1 (en) * | 2011-03-18 | 2016-06-14 | Zscaler, Inc. | Cloud based social networking policy and compliance systems and methods |
| US20160205139A1 (en) * | 2013-09-06 | 2016-07-14 | Bae Systems Plc | Secured mobile communications device |
| CN106549957A (en) * | 2016-10-26 | 2017-03-29 | 上海众人网络安全技术有限公司 | A kind of legal authentication method of terminal applies and system |
| US20170223024A1 (en) * | 2016-01-29 | 2017-08-03 | Zscaler, Inc. | Client application based access control in cloud security systems for mobile devices |
| US9948612B1 (en) * | 2017-09-27 | 2018-04-17 | Citrix Systems, Inc. | Secure single sign on and conditional access for client applications |
| CN111277607A (en) * | 2020-02-14 | 2020-06-12 | 南京南瑞信息通信科技有限公司 | Communication tunnel module, application monitoring module and mobile terminal security access system |
-
2020
- 2020-08-19 CN CN202010836646.9A patent/CN111988314A/en active Pending
Patent Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102333306A (en) * | 2010-06-30 | 2012-01-25 | 丛林网络公司 | The many service VPN networking clients that are used for mobile device |
| US9369433B1 (en) * | 2011-03-18 | 2016-06-14 | Zscaler, Inc. | Cloud based social networking policy and compliance systems and methods |
| US20140007215A1 (en) * | 2012-06-15 | 2014-01-02 | Lockheed Martin Corporation | Mobile applications platform |
| WO2014047168A1 (en) * | 2012-09-18 | 2014-03-27 | Citrix Systems, Inc. | Mobile device management and security |
| CN104798355A (en) * | 2012-09-18 | 2015-07-22 | 思杰系统有限公司 | Mobile device management and security |
| WO2014176832A1 (en) * | 2013-04-28 | 2014-11-06 | 烽火通信科技股份有限公司 | System and method for intelligent terminal to manage home gateway |
| US20160205139A1 (en) * | 2013-09-06 | 2016-07-14 | Bae Systems Plc | Secured mobile communications device |
| CN103581184A (en) * | 2013-10-31 | 2014-02-12 | 中国电子科技集团公司第十五研究所 | Method and system for mobile terminal to get access to intranet server |
| CN103646215A (en) * | 2013-12-23 | 2014-03-19 | 北京奇虎科技有限公司 | Application installation control method, related system and related device |
| CN103713904A (en) * | 2013-12-26 | 2014-04-09 | 北京奇虎科技有限公司 | Method, related device and system for installing applications in working area of mobile terminal |
| US20150326594A1 (en) * | 2014-05-06 | 2015-11-12 | International Business Machines Corporation | Network data collection and response system |
| US20150373023A1 (en) * | 2014-06-22 | 2015-12-24 | Citrix Systems, Inc. | Enabling User Entropy Encryption in Non-Compliant Mobile Applications |
| CN105471866A (en) * | 2015-11-23 | 2016-04-06 | 深圳市联软科技有限公司 | Protection method and apparatus for mobile application |
| CN105471698A (en) * | 2015-12-23 | 2016-04-06 | 广东亿迅科技有限公司 | Inner network access system based on VPDN (virtual private dial network) and method thereof |
| CN105554005A (en) * | 2015-12-24 | 2016-05-04 | 北京奇虎科技有限公司 | Enterprise network security management method, device and system and security gateway |
| US20170223024A1 (en) * | 2016-01-29 | 2017-08-03 | Zscaler, Inc. | Client application based access control in cloud security systems for mobile devices |
| CN106549957A (en) * | 2016-10-26 | 2017-03-29 | 上海众人网络安全技术有限公司 | A kind of legal authentication method of terminal applies and system |
| US9948612B1 (en) * | 2017-09-27 | 2018-04-17 | Citrix Systems, Inc. | Secure single sign on and conditional access for client applications |
| CN111277607A (en) * | 2020-02-14 | 2020-06-12 | 南京南瑞信息通信科技有限公司 | Communication tunnel module, application monitoring module and mobile terminal security access system |
Non-Patent Citations (1)
| Title |
|---|
| 吴鑫等: "BYOD面临的安全问题及解决方案", 《指挥信息系统与技术》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124477A (en) * | 2021-11-05 | 2022-03-01 | 深圳市联软科技股份有限公司 | Business service system and method |
| CN114124477B (en) * | 2021-11-05 | 2024-04-05 | 深圳市联软科技股份有限公司 | Business service system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA3001282C (en) | Log information generation apparatus and recording medium, and log information extraction apparatus and recording medium | |
| AU2014235181B2 (en) | Certificate based profile confirmation | |
| US20100197293A1 (en) | Remote computer access authentication using a mobile device | |
| US20090217353A1 (en) | Method, system and device for network access control supporting quarantine mode | |
| EP2071883A2 (en) | Apparatus, method, program and recording medium for protecting data in a wireless communication terminal | |
| CN106060072B (en) | Authentication method and device | |
| US20210240807A1 (en) | Authentication method for mobile terminal and mobile terminal | |
| KR102178305B1 (en) | Security system for controlling IoT network access | |
| US9565165B2 (en) | System and method for controlling virtual private network access | |
| US10579411B2 (en) | Loading and running virtual working environments in a mobile device management system | |
| CN105631312A (en) | Method and system for processing rogue programs | |
| CN112153336B (en) | Monitoring method and related equipment | |
| US10341114B2 (en) | Providing device, terminal device, providing method, non-transitory computer readable storage medium, and authentication processing system | |
| US20200267146A1 (en) | Network analytics for network security enforcement | |
| US20210092136A1 (en) | Protecting Against Remote Desktop Protocol Intrusions | |
| KR20110002947A (en) | Network access control system using install information of mandatory program and method thereof | |
| CN111988314A (en) | System architecture and method for dynamically deploying network security service | |
| CN104486292A (en) | Enterprise-resource safety-access control method, device and system | |
| CN108154026B (en) | Root-free and non-invasive secure communication method and system based on Android system | |
| CN108494749B (en) | Method, device and equipment for disabling IP address and computer readable storage medium | |
| CN111726328A (en) | Method, system and related device for remotely accessing a first device | |
| WO2019127043A1 (en) | Terminal device control method and terminal device | |
| CN106919812B (en) | Application process authority management method and device | |
| KR102475738B1 (en) | Server that supports secure access of user terminal device and controlling method thereof | |
| CN109660579B (en) | Data processing method and system and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20230714 |
|
| AD01 | Patent right deemed abandoned |