CN114884685B

CN114884685B - Security management method for electronic device, electronic device and readable medium thereof

Info

Publication number: CN114884685B
Application number: CN202110163536.5A
Authority: CN
Inventors: 任兵飞; 肖艳光
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2021-02-05
Filing date: 2021-02-05
Publication date: 2023-08-22
Anticipated expiration: 2041-02-05
Also published as: CN114884685A

Abstract

The application relates to the field of network security and discloses a security management method of electronic equipment, the electronic equipment and a readable medium thereof. The security management method of the electronic equipment provided by the application combines the security sensitivity of the equipment to implement a corresponding security policy, realizes fine-grained security management and control of the equipment in the distributed network, and meets the actual use requirements of users.

Description

Security management method for electronic device, electronic device and readable medium thereof

Technical Field

The present application relates to the field of network security, and in particular, to a security management method for an electronic device, and a readable medium thereof.

Background

The Internet enables the production and the life of the human society to be more efficient and convenient, but network attack events are frequent, and the Internet has endless virus software layers such as Trojan, worms and the like, which form serious threat to network security. In the past, the attack characteristics aiming at single equipment (such as a mobile phone, a tablet, a personal notebook computer and the like) are generally simpler, and the single-equipment-based security detection system can effectively cope with the attack behaviors aiming at the single equipment by utilizing the data acquisition, detection and protection capabilities of the single equipment. However, in a distributed network composed of various intelligent devices in a home scenario, the attack path and attack behavior become very complex.

As shown in fig. 1, in a distributed network scenario composed of home devices, the main attack flow is: (1) An attacker initiates remote penetration from outside through the security defect or vulnerability of the central equipment; (2) After successful penetration, issuing a control command through a command and control (command and control, C & C) channel; (3) Controlling virus spreading (worm virus, etc.) in intranet devices such as tablet computers, cell phones, cameras, speakers, PCs, etc.; (4) Vandalism or privacy theft is made using vulnerabilities in devices such as large screens.

Because of the insufficient data collection capability and computing capability of a single device, for example, without a neural Network Processor (NPU) or the like, conventional single device-based security detection systems cannot effectively address challenges presented by distributed threats in a home scenario.

Disclosure of Invention

The application provides a safety management method of electronic equipment, the electronic equipment and a readable medium thereof.

In a first aspect, the security management method of an electronic device of the present application is used in a system formed by a first electronic device and a second electronic device, where the first electronic device is communicatively connected to the second electronic device, and includes:

the second electronic equipment acquires state information of the first electronic equipment;

the second electronic device determines a device security sensitivity level of the first electronic device based on the state information of the first electronic device, wherein the device security sensitivity level is used for representing the risk degree caused by information security of a user of the first electronic device after the first electronic device is subjected to network attack;

The state information of the first electronic device comprises at least one of information used for representing a mode of interaction with a user, a workplace, a working state, a distance between the first electronic device and a second electronic device and working time of the first electronic device;

the second electronic equipment generates and sends a corresponding security policy to the first electronic equipment based on the equipment security sensitivity level of the first electronic equipment;

the first electronic device receives the security policy and performs a corresponding security measure based on the security policy.

In some embodiments of the present application, the interaction mode of the user indicates the privacy degree of the user involved in the interaction process of the first electronic device and the user, for example, the mobile phone interacts with the user, the privacy of the user involved may be identity information of the user, the camera interacts with the user, the privacy of the user involved may be portrait information of the user, and the interaction of the desk lamp with the user may not involve the privacy of the user. The workplace of the first electronic device can be simply divided into a private place and a public place, for example, a living room and a coffee shop. The operational status indicates whether the first electronic device is used by a user. The distance between the first electronic equipment and the second electronic equipment can be detected by the control end, and the distance between the first electronic equipment and the second electronic equipment can be judged by detecting the relative distance. The working time can be simply divided into daytime and nighttime, for example, a home camera sends a video stream outwards in daytime, possibly because a customer monitors the home situation remotely, while a home camera sends a video stream outwards in nighttime, possibly because it is virus controlled, because at night the user has a rest at home without monitoring the home situation.

In one possible implementation of the first aspect, the determining, by the second electronic device, a device security sensitivity level of the first electronic device based on the state information of the first electronic device includes:

determining the device security sensitivity level associated with a set of the at least one of the status information from the set.

In some embodiments of the present application, the device security sensitivity level may be evaluated based on both the manner in which the smart device 300 interacts with the user and the workplace of the device.

For example, if a user uses a mobile phone to take a picture in a coffee shop and if a user uses a mobile phone to take a picture in a living room, the security sensitivity level of the device of the mobile phone in the living room is greater than that of the device of the mobile phone in the coffee shop.

In a possible implementation manner of the first aspect, the second electronic device determines a device security sensitivity level of the first electronic device based on the state information of the first electronic device, and further includes

Determining a device security sensitivity value corresponding to the at least one piece of information according to the at least one piece of information in the state information;

the device security sensitivity level is determined from the at least one device security sensitivity value.

In some embodiments of the present application, the device security sensitivity evaluation module 207 first evaluates the device security sensitivity value corresponding to the interaction mode of the smart device 300 with the user, and then evaluates the device security sensitivity level of the smart device 300 based on the device security sensitivity value.

In a possible implementation of the first aspect described above, in case the state information of the first electronic device comprises the way of the user interaction,

the information security interaction mode of the user, which is involved in the interaction process of the first electronic equipment and the user, is determined to be a first equipment security sensitivity value;

an interaction mode which does not interfere with the information security of the user in the interaction process of the first electronic equipment and the user is determined to be a second equipment security sensitive value;

wherein the first device security sensitivity value is higher than the second device security sensitivity value.

In some embodiments of the present application, the identity information of the user may be involved in the process of interaction between the mobile phone and the user, the device security sensitivity evaluation module 207 evaluates the device security sensitivity value of the mobile phone to be 10, the portrait information of the user may be involved in the process of interaction between the camera and the user, the device security sensitivity value of the mobile phone to be 7, the privacy of the user may not be involved in the process of interaction between the desk lamp and the user, and the device security sensitivity value of the desk lamp to be 2. The device security sensitivity evaluation module 207 then determines whether the device security sensitivity value of the smart device 300 is greater than a device security sensitivity threshold, if so, the device security sensitivity level is a high device security sensitivity level, and if not, the device security sensitivity level is a low device security sensitivity level.

For example, if the device security sensitivity threshold is set to 5, the device security sensitivity level of the mobile phone and the desk lamp is a high device security sensitivity level, and the device security sensitivity level of the desk lamp is a low device security sensitivity level.

In a possible implementation of the first aspect described above, in case the status information of the first electronic device comprises the workplace,

the private location will be determined as the third device security sensitivity value;

the disclosed locale will be determined as a fourth device security sensitivity value;

wherein the third device security sensitivity value is higher than the fourth device security sensitivity value.

For example, the device security sensitivity value of the mobile phone in the home is larger than the device security sensitivity value of the mobile phone in the coffee shop, and the device security sensitivity value of the bedroom camera is larger than the sensitivity value of the living room camera.

In a possible implementation of the above first aspect, in a case where the state information of the first electronic device includes the operating state, the state being in use is to be determined as a fifth device security sensitivity value;

the state not in use will be determined as the sixth device security sensitivity value;

wherein the fifth device security sensitivity value is higher than the sixth device security sensitivity value.

In some embodiments of the present application, the device security sensitivity evaluation module 207 evaluates the device security sensitivity value of the mobile phone being used by the user to 3, the device security sensitivity value of the mobile phone not being used to 10, and determines that the device security sensitivity level of the mobile phone being used is a low device security sensitivity level and the device security sensitivity level of the mobile phone not being used is a high device security sensitivity level based on the device security sensitivity threshold (e.g., 5).

In a possible implementation of the first aspect, in a case where the status information of the first electronic device includes the distance to the first electronic device, the status that the distance to the first electronic device is the first distance is to be determined as a seventh device security sensitivity value;

a state in which the distance to the first electronic device is a second distance less than the first distance is to be determined as an eighth device security sensitivity value;

wherein the seventh device security sensitivity value is higher than the eighth device security sensitivity value.

For example, if the user is in a living room, the mobile phone of the user is also in the living room, the control end can detect that the distance between the mobile phone and the user is 1 meter by means of determining signal strength and the like, and if the user is in the living room, the mobile phone of the user is in a bedroom, the control end can detect that the distance between the mobile phone and the user is 5 meters. The device security sensitivity evaluation module 207 first obtains the distance between the mobile phone and the user, and then determines that the device security sensitivity level of the mobile phone in the living room is a low device security sensitivity level and the device security sensitivity level of the mobile phone in the bedroom is a high device security sensitivity level based on the distance threshold (e.g., 3 meters).

In a possible implementation of the first aspect, in a case where the state information of the first electronic device includes the operation time, a first period of time during which the operation time is in a night state is to be determined as a ninth device security sensitivity value;

a second period of time during which the operating time is in a daytime state is to be determined as a tenth device security sensitivity value;

wherein the ninth device security sensitivity value is higher than the tenth device security sensitivity value.

The device security sensitivity evaluation module 207 evaluates the device security sensitivity value of the camera in the daytime to 3, the device security sensitivity value of the camera at night to 10, and determines the device security sensitivity level of the camera in the daytime to be a low device security sensitivity level and the device security sensitivity level of the camera at night to be a high device security sensitivity level based on the device security sensitivity threshold (e.g., 5).

In one possible implementation of the first aspect, determining the device security sensitivity level according to the at least one device security sensitivity value includes:

under the condition that a plurality of device security sensitivity values are obtained, determining the weighted device security sensitivity values through weighting calculation;

And determining the equipment security sensitivity level according to the weighted equipment security sensitivity value.

For example, when the user plays the mobile phone in the bedroom at night, the device security sensitivity module 207 first obtains a plurality of device security sensitivity values of the mobile phone, where the device security sensitivity value a corresponding to the workplace (bedroom) of the mobile phone is 10, the device security sensitivity value B corresponding to the working state (use state) of the mobile phone is 2, and the security sensitivity value C corresponding to the working time (night) of the mobile phone is 8. The weights of the workplace, the working time and the use state of the device are respectively 0.5, 0.3 and 0.2, the weighted device security sensitivity value of the mobile phone is 7.8 and is greater than the device security sensitivity threshold (for example, 5), and the device security sensitivity module 207 evaluates the device security sensitivity level of the mobile phone to be a high security sensitivity level.

In one possible implementation of the first aspect, the generating and sending, by the second electronic device, a corresponding security policy to the first electronic device based on a device security sensitivity level of the first electronic device includes:

if the equipment security sensitivity level of the first electronic equipment is a first security sensitivity level, the security policy is to block data traffic, and then the user is alerted;

If the device security sensitivity level of the first electronic device is a second security sensitivity level, the security policy is to firstly perform an abnormal alarm on the user, the user decides the next security measure,

wherein the first security sensitivity level is higher than the second security sensitivity level.

In one possible implementation of the first aspect, the method further includes: the device security sensitivity level may be manually configured by a user.

In some embodiments of the present application, the manual configuration rule may be that the user modifies the device security sensitivity level and corresponding security policy of the smart device 300 through the mobile phone APP. For example, according to the default rule, the desk lamp is evaluated as a low safety sensitivity device, the corresponding safety policy is to alert the user first, the user decides the next step, according to the manual configuration rule, the user can set the desk lamp as a high safety sensitivity device through the desk lamp APP on the mobile phone 100, and the corresponding safety policy can be changed to block the communication traffic.

In a second aspect, the present application provides a security management method of an electronic device, for a system formed by a first electronic device and a second electronic device, where the first electronic device is communicatively connected to the second electronic device, and the security management method is characterized by including:

And the second electronic equipment determines the equipment security sensitivity level of the first electronic equipment based on the big data analysis result, wherein if the big data analysis result is that the number of times of network attack of the third electronic equipment which is the same as the first electronic equipment is larger than a preset threshold value, the equipment security sensitivity level of the first electronic equipment is the first security sensitivity level.

If the big data analysis result shows that the number of times of network attack of the third electronic device which is the same as the first electronic device is smaller than a preset threshold value, the device security sensitivity level of the first electronic device is a second security sensitivity level, wherein the first security sensitivity level is higher than the second security sensitivity level;

In some embodiments of the present application, the dynamic evaluation rule may be a cloud server evaluation, for example, if the living room camera is evaluated as a low security sensitivity device according to a default rule, and the big data provided by the cloud server shows a case in which a large number of home cameras have been attacked by the network virus recently, so that the living room camera may be re-evaluated as a high security sensitivity device according to the result of the big data analysis.

In a third aspect, a readable medium stores instructions that, when executed on the readable medium electronic device, cause the readable medium electronic device to perform the method for security management of an electronic device according to the first aspect.

In a fourth aspect, an electronic device includes:

a memory storing instructions;

a processor coupled to the memory, the program instructions stored by the memory, when executed by the processor, cause the electronic device to perform the method of security management of an electronic device as described in the first aspect above.

Drawings

Fig. 1 provides a network attack schematic diagram of a distributed network according to some embodiments of the present application.

Fig. 2 provides a smart home scene graph according to some embodiments of the application.

Fig. 3 is a block diagram of a mobile phone architecture implementing an electronic device 100 according to some embodiments of the present application.

Fig. 4 provides a diagram of a security management system for an electronic device in a home scenario, according to some embodiments of the present application.

FIG. 5 provides a flow chart of a method of security management for an electronic device, according to some embodiments of the application.

Fig. 6 provides a diagram of a security management system for an electronic device in another home scenario, according to some embodiments of the application.

FIG. 7 provides a schematic diagram of configuring security policies based on device security sensitivity, according to some embodiments of the application.

FIG. 8 provides a flowchart of another method of security management for an electronic device, according to some embodiments of the application.

FIG. 9 is a diagram of a mobile phone interface providing a security policy for a high security sensitivity device according to some embodiments of the present application.

FIG. 10 is a diagram of a mobile phone interface providing a security policy for a low security sensitivity device according to some embodiments of the present application.

Fig. 11 provides a diagram of a security management system for an electronic device in another home scenario, according to some embodiments of the present application.

FIG. 12 provides a flowchart of another method of security management for an electronic device, according to some embodiments of the application.

Fig. 13 provides a software system of an electronic device 100 capable of implementing the functions of the electronic device 100 according to some embodiments of the application.

Detailed Description

The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application.

Fig. 2 shows a schematic diagram of an intelligent home scene provided by an embodiment of the application. As shown in fig. 2, the smart home scenario involves an electronic device 100, a router 200, a smart device 300, and a web server 400. The smart device 300 includes, but is not limited to, a camera, a desk lamp, a speaker, an air conditioner, a watch, and glasses, among others. The electronic device 100 is provided with Applications (APP) for controlling each intelligent device 300, a user wants to remotely control the intelligent device 300 through the electronic device 100, and can click the APP of the corresponding intelligent device 300 on the electronic device 100, and a control request of the electronic device 100 is forwarded to the intelligent device 300 through the router 200, so that remote control of the intelligent device 300 is realized. For example, when the user wants to turn off the desk lamp, by clicking the off button of the desk lamp APP on the electronic device 100, the control request for turning off the desk lamp is forwarded to the desk lamp through the router 200, and the desk lamp is automatically turned off after receiving the off request.

In addition, the user may also control the smart device 300 to interact with the web server 400 through the electronic device 100, for example, the user may want to store an image locally stored by the camera on the web server 400, the user may initiate a storage instruction to the web server 400 through the camera APP of the electronic device 100, and then the camera forwards the video stream to the web server 400 through the router 300.

As can be seen from fig. 2, in a distributed network of intelligent devices 300 in a home scenario, one device is attacked by a network virus, and the other devices may all suffer the same attack. However, after the security defect or vulnerability of the different smart devices 300 is attacked by the network, the security and privacy risks brought to the user are different, that is, the device security sensitivity of the different smart devices 300 is different. For example, cameras and desk lamps are also controlled by network viruses, which may steal private images of users, which is a serious hazard to users, while network viruses control desk lamps, which may turn on or off the desk lamps, which is a little hazard to users. Therefore, the safety sensitivity of the camera is higher than that of the desk lamp.

The existing security management method of the electronic device configures the same security policy for the intelligent device 300 with different device security sensitivities, for example, when the camera and the desk lamp are both subject to network attack, the adopted security policy is to directly block the abnormal data traffic of the network attack.

According to the safety management method of the electronic equipment, the corresponding safety strategy is configured based on the safety sensitivity of the equipment, for example, the equipment safety sensitivity of a camera is higher than that of a desk lamp, the safety strategies of the camera and the desk lamp are correspondingly configured to be different, for example, the safety strategy for configuring the camera can be used for directly blocking abnormal data flow and then giving an alarm to a user; the security policy for configuring the desk lamp may be to alert the user first, and the user decides the next step.

Therefore, the application implements the corresponding security policy by combining the security sensitivity of the equipment when security holes or abnormal behaviors are detected in the distributed network formed by the household intelligent equipment, realizes fine-granularity security control of the equipment in the distributed network, and meets the actual use demands of users.

It is understood that the electronic device 100 of the security management method of the electronic device of the present application includes, but is not limited to, a mobile phone, a desktop computer, a notebook computer, a tablet computer, and the like. For convenience of explanation, the electronic device 100 is taken as an example of the mobile phone 100.

Fig. 3 is a block diagram illustrating a structure of a mobile phone 100 capable of implementing the functions of the mobile phone 100 shown in fig. 2 according to an embodiment of the present application. Specifically, as shown in fig. 3, the mobile phone 100 includes a processor 110, a mobile communication module 120, a wireless communication module 125, a display 130, a camera 140, an external storage interface 150, an internal memory 151, an audio module 160, a sensor module 170, an input unit 180, and a power supply 190.

It should be understood that the structure illustrated in the embodiments of the present application is not limited to the specific configuration of the mobile phone 100. In other embodiments of the application, the handset 100 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (Application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a control unit, a video codec, a digital signal processor (digital signal processor, DSP), a DPU (data processing unit, a data processor), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.

A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby improving the efficiency of the system.

In some embodiments, the processor 110 may include one or more interfaces. The interfaces may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous receiver transmitter (universal asynchronous receiver/transmitter, UART) interface, a mobile industry processor interface (mobile industry processor interface, MIPI), a general-purpose input/output (GPIO) interface, a subscriber identity module (subscriber identity module, SIM) interface, and/or a universal serial bus (universal serial bus, USB) interface, among others.

It should be understood that the interfacing relationship between the modules illustrated in the embodiments of the present application is only illustrative, and is not limited to the structure of the mobile phone 100. In other embodiments of the present application, the mobile phone 100 may also use different interfacing manners, or a combination of multiple interfacing manners in the above embodiments.

The mobile communication module 120 may be used for receiving and transmitting signals during the process of receiving and transmitting information or communication, in particular, after receiving downlink information of the base station, the downlink information is processed by one or more processors 110; in addition, data relating to uplink is transmitted to the base station. Typically, the mobile communication module 120 includes, but is not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, an LNA (english: low Noise Amplifier, chinese low noise amplifier), a duplexer, and the like. In addition, the mobile communication module 120 may also communicate with networks and other devices through wireless communication. The wireless communication may use any communication standard or protocol including, but not limited to, GSM (English: global System of Mobile communication, chinese: global System for Mobile communications), GPRS (English: general Packet Radio Service, chinese: general packet radio service), CDMA (English: code Division Multiple Access, chinese: code division multiple Access), CDMA (English: wideband Code Division Multiple Access, chinese: wideband code division multiple Access), LTE (English: long Term Evolution, chinese: long term evolution), email, SMS (English: short Messaging Service, chinese: short message service), and the like.

The wireless communication module 125 may provide solutions for wireless communication including wireless local area network (wireless local area networks, WLAN) (e.g., wireless fidelity (wireless fidelity, wi-Fi) network), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field wireless communication technology (near field communication, NFC), infrared technology (IR), etc. applied to the handset 100. The wireless communication module 125 may be one or more devices that integrate at least one communication processing module. The wireless communication module 125 receives electromagnetic waves via an antenna, modulates the electromagnetic wave signals, filters the electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 125 may also receive a signal to be transmitted from the processor 110, frequency modulate it, amplify it, and convert it to electromagnetic waves for radiation via an antenna. In some embodiments, the wireless communication module 125 is capable of implementing the aforementioned multi-carrier technology based on Wi-Fi network communication protocols, thereby supporting ultra-wideband transmission by the handset 100 over existing Wi-Fi protocols.

The camera 140 is used to acquire still images or video. The scene is projected through a lens to a photosensitive element which converts the optical signal to an electrical signal, which is then passed to an image signal processor (image signal processor, ISP) for conversion to a digital image signal. The ISP outputs the digital image signals to a digital signal processor (digital signal processor, ISP) for processing. The DSP converts the digital image signal into an image signal in a standard RGB, YUV, or the like format. In some embodiments, the cell phone 100 may include 1 or N cameras 130, N being a positive integer greater than 1.

The external memory interface 150 may be used to connect an external memory card, such as a Micro SD card, to extend the memory capabilities of the handset 100. The external memory card communicates with the processor 110 through an external memory interface 150 to implement data storage functions. For example, files such as music, video, etc. are stored in an external memory card.

The internal memory 151 may be used to store computer executable program code including instructions. The internal memory 151 may include a storage program area and a storage data area. The storage program area may store an application program (such as a sound playing function, an image playing function, etc.) required for at least one function of the operating system, etc. The storage data area may store data (e.g., audio data, phonebook, etc.) created during use of the handset 100, etc. In addition, the internal memory 151 may include a high-speed random access memory, and may further include a nonvolatile memory such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (universal flash storage, UFS), and the like. In some embodiments of the application, processor 110 performs applications and data processing by executing instructions stored in internal memory 151, and/or instructions stored in a memory provided in the processor.

The mobile phone 100 further includes an audio module 160, where the audio module 160 may include a speaker, a receiver, a microphone, an earphone interface, and an application processor to implement audio functions. Such as music playing, recording, etc.

The audio module 160 is used to convert digital audio information into an analog audio signal output and also to convert an analog audio input into a digital audio signal. The audio module 160 may also be used to encode and decode audio signals. In some embodiments, the audio module 160 may be disposed in the processor 110, or some functional modules of the audio module 160 may be disposed in the processor 110.

The handset 100 further includes a sensor module 170, wherein the sensor module 170 may include a pressure sensor, a gyroscope sensor, a barometric sensor, a magnetic sensor, an acceleration sensor, a distance sensor, a proximity sensor, a fingerprint sensor, a temperature sensor, a touch sensor, an ambient light sensor, and the like.

The input unit 180 may be used to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.

The handset 100 also includes a power supply 190 (e.g., a battery) for powering the various components, which may preferably be logically connected to the processor 110 via a power management system so as to provide for managing charging, discharging, and power consumption by the power management system. The power supply 190 may also include one or more of any of a direct current or alternating current power supply, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.

Fig. 4 shows a system diagram of a security management scheme for an electronic device. As shown in fig. 4, the router 200 includes a traffic forwarding module 201, a traffic collecting module 202, a traffic processing module 203, a traffic detecting module 204, a policy enforcement module 205, and a policy configuration module 206. The system shown in fig. 4 is described below based on the respective modules of the router 200.

(1) The intelligent device 300 initiates a network request through an application APP or browser of the mobile phone 100;

(2) The router 200 transmits the data request of the smart device 300 to a specific network content providing server;

(3) After receiving the data traffic of the network server, the router 200 sends the data traffic to the traffic acquisition module 202 through the traffic forwarding module 201;

(4) The flow acquisition module 202 extracts a specific data flow from the original network data flow and sends the specific data flow to the flow processing module 203;

(5) The flow processing module 203 pre-processes the collected data flow and sends the data flow to the flow detection module 204, where the pre-processing may be obtaining five-tuple of the data flow, or payload data (original data), etc.

(6) The flow detection module 204 performs security detection on the preprocessed data flow, and sends the detection result to the policy execution module 205;

(7) The policy execution module 205 determines subsequent operations according to the detection result;

(8) If the detection result shows that the abnormal data traffic is found, the policy execution module 205 executes corresponding measures according to the security policy in the policy configuration module 206. For example, blocking data traffic of a web server or notifying a user of an abnormal result.

The following describes the technical solution of the present application in detail according to fig. 5 in combination with a specific scenario, based on the structures shown in fig. 3 and 4. Specifically, as shown in fig. 5, the security management method of the electronic device includes:

501: the smart device 300 sends a network request to a network server.

In some embodiments of the present application, the smart device 300 may access a web server through a system service, APP, browser, or the like, including but not limited to video, audio, games, web pages, and the like.

For example, the user clicks on a hundred degrees of the cell phone 100 ^TM The browser, the mobile phone 100 may send the data request to the hundred degrees server through the traffic forwarding module 201 of the router 200.

502: the router 200 forwards the data traffic sent by the network server to the traffic collection module 202 through the traffic forwarding module 201.

For example, for the above example, after receiving a data request for accessing the hundred degrees browser, the hundred degrees server sends the data traffic of the hundred degrees browser interface to the router 200, and the traffic forwarding module 201 of the router 200 sends the data traffic to the traffic collection module 202.

503: the traffic collection module 202 collects a specific data traffic from the data traffic sent from the network server, and sends the specific data traffic to the traffic processing module 203.

In some embodiments of the present application, the particular data traffic collected by the traffic collection module 202 may be data traffic based on common communication transport protocols, as abnormal data traffic is easily mixed into normal data traffic requested by the smart device 300 via common communication transport protocols. Among other common communication transmission protocols may be transmission control protocol (Transmission Control Protocol, TCP), user datagram protocol (User Datagram Protocol, UDP), etc.

In still other embodiments of the present application, the particular data traffic collected by the traffic collection module 202 may be other data traffic in addition to the target data traffic.

For example, a user may want access to hundred degrees via a cell phone ^TM Browser, and the data traffic sent by the network server to router 200 includes not only the gatewayData traffic on hundred degree browser pages, and data traffic on other browser pages, e.g. google ^TM Browser and dog searching device ^TM Browser, etc., the traffic collection module does not need to collect data traffic about hundred-degree browser pages, but only needs to collect google ^TM Browser and dog searching device ^TM Data traffic such as a browser.

504: the traffic processing module 203 pre-processes the specific data traffic and sends the pre-processed data traffic to the traffic detection module 204.

In some embodiments of the present application, the flow processing module 203 pre-processes the specific data flow sent by the flow acquisition module 202, and the result of the pre-processing may be to convert the specific data flow into a five tuple. Wherein the five-tuple comprises a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol. For example: quintuple 192.168.1.1 10000TCP 121.14.88.76 80 indicates that a terminal with an IP address of 192.168.1.1 is connected to a terminal with an IP address of 121.14.88.76 and a port of 80 via port 10000 using TCP protocol.

505: the flow detection module 204 detects the preprocessed data flow, and sends the detection result to the policy enforcement module 205.

In some embodiments of the present application, the traffic detection module 204 may detect a destination IP address of a five-tuple of a specific data traffic and determine whether the specific data traffic is an abnormal data traffic based on a white list of destination IP addresses.

For example, if router 200 specifies that the destination IP addresses that smart device 300 can access are a, b, c, and d, the whitelist of destination IP addresses in traffic detection module 204 that are accessible to smart device 300 can include a, b, c, and d. If the traffic detection module 204 detects a specific data traffic, the detected destination IP address is in the white list, indicating that the specific data traffic is not an abnormal traffic; conversely, if the traffic detection module 204 detects a particular data traffic, the detected destination IP address is not in the white list, indicating that the particular data traffic is an abnormal traffic, e.g., the detected destination IP address is e, and is not in the white list.

Because of the limited processing power of the traffic detection module 204 and the limited number of destination IP addresses in the whitelist, it is not completely accurate to determine whether a particular data traffic is an abnormal data traffic by means of the traffic detection module 204 alone.

In other embodiments of the present application, the cloud detection engine may determine whether the specific data traffic is abnormal data traffic, and the cloud detection engine may determine more accurately based on big data.

For example, the whitelist of destination IP addresses that the traffic detection module 204 can access with respect to the smart device 300 includes a, b, c, and d, the traffic detection module 204 detects a specific data traffic, and detects that the destination IP address of the specific data traffic is f, and since the destination IP address is f is not in the whitelist, the router 200 may send the destination IP address of f to the cloud detection engine for further detection, and the cloud detection engine may analyze whether the IP address is f is a malicious IP address according to big data, for example, if the big data analysis result is that the IP address is f and is reported multiple times to include malicious colloquid content, the cloud detection engine detects that the specific data traffic is abnormal traffic; and otherwise, if the big data analysis result is that the IP address f is a normal IP address, the cloud detection engine does not have abnormal traffic on the specific data traffic result.

506: the policy enforcement module 205 determines whether the detection result includes abnormal data traffic;

if the detection result sent by the flow detection module 204 does not include abnormal data flow, then 507 is executed, and the router 200 forwards the data flow of the network server; otherwise, if the detection result sent by the flow detection module 204 includes abnormal data flow, then 508 is performed.

508: the policy enforcement module 205 enforces the corresponding measures based on the policy configuration module 206.

The functions of the policy configuration module 206 include disabling the device connection router 200, disabling device surfing, setting network security permissions, and the like. I.e. the policy configuration module 206 configures the same security policy for all intelligent devices 300 connected to the router 200.

For example, policy configuration module 206 specifies that if an abnormal data traffic is contained in the data traffic forwarded by router 200, that data traffic is prevented from passing. The policy enforcement module 205 enforces the action as a blocking action, e.g., blocking traffic, and then logs the processing log for later querying by the user.

For example, the policy configuration module 206 provides that if the data traffic forwarded by the router 200 includes abnormal data traffic, the user is alerted to the abnormality, and the user decides the next step. The policy enforcement module 205 enforces the action to alert the user of the abnormality.

In the above embodiment, all the smart devices 300 share the same security policy. However, in an actual home scenario, different smart devices have different security protection requirements. For example, the security sensitivity of intelligent door locks and bedroom cameras is higher than that of low security sensitivity devices such as intelligent desk lamps. Thus, in a distributed scenario consisting of home smart devices, smart devices for different security sensitivities need to provide corresponding security policies.

Fig. 6 shows a system diagram of another security management scheme of an electronic device provided by the present application, and as shown in fig. 6, a router 200 includes a traffic forwarding module 201, a traffic collecting module 202, a traffic processing module 203, a traffic detecting module 204, a policy executing module 205, a device security sensitivity evaluating module 207, and a device security sensitivity policy management module 208. The functional description of the same modules of the router 200 in fig. 6 and the router 200 in fig. 4 will not be repeated, and the device security sensitivity evaluation module 207 and the policy management module 208 for device security sensitivity will be described in detail below.

Specifically, the device security sensitivity evaluation module 207 first acquires the device state information of the intelligent device 300, and then evaluates the device security sensitivity level of the device according to the device state information, and the granularity of evaluating the security sensitivity level of the device may be coarse or fine, for example, the device security sensitivity level of the device may be simply classified into a high security sensitivity level and a low security sensitivity level.

As shown in fig. 7, the device state may include device attributes, user attributes, and environment attributes.

1. Device attributes: the device attributes may include device type and device location.

(1) The device type represents the interaction mode of the smart device 300 and the user, and the device security sensitivity evaluation module 207 evaluates the device security sensitivity level of the smart device 300 according to the privacy degree of the user involved in the interaction process of the smart device 300 and the user.

In some embodiments of the present application, for example, a user may be involved in the user's identity information and the like during the interaction between the mobile phone and the user through the mobile phone, may be involved in the user's portrait information and the like during the interaction between the camera and the user through the camera, and may not be involved in the user's privacy during the interaction between the desk lamp and the user through the illumination provided by the desk lamp. Thus, the device security sensitivity evaluation module 207 can establish correspondence between the mobile phone, the camera and the desk lamp and the corresponding device security sensitivity level. For example, the device security sensitivity level of the mobile phone and the camera is determined to be a high security sensitivity level, and the device security sensitivity level of the desk lamp is determined to be a low security sensitivity level.

In still other embodiments of the present application, the device security sensitivity evaluation module 207 first evaluates the device security sensitivity value corresponding to the interaction mode of the smart device 300 with the user, and then evaluates the device security sensitivity level of the smart device 300 based on the device security sensitivity value.

For example, identity information of the user may be involved in the process of interaction between the mobile phone and the user, the device security sensitivity evaluation module 207 evaluates that the device security sensitivity value of the mobile phone is 10, portrait information of the user may be involved in the process of interaction between the camera and the user, the device security sensitivity value of the mobile phone is 7, privacy of the user may not be involved in the process of interaction between the desk lamp and the user, and the device security sensitivity value of the desk lamp is 2. The device security sensitivity evaluation module 207 then determines whether the device security sensitivity value of the smart device 300 is greater than a device security sensitivity threshold, if so, the device security sensitivity level is a high device security sensitivity level, and if not, the device security sensitivity level is a low device security sensitivity level.

(2) The device location may represent the workplace of the smart device 300 and the device security sensitivity assessment module 207 assesses the device security sensitivity level based on the workplace of the smart device 300.

In some embodiments of the application, the device security sensitivity value of the private venue is greater than the device security sensitivity value of the public venue. For example, the device security sensitivity value of the mobile phone in the home is larger than the device security sensitivity value of the mobile phone in the coffee shop, and the device security sensitivity value of the bedroom camera is larger than the sensitivity value of the living room camera.

It will be appreciated that the above embodiments evaluate the device security sensitivity level based on the manner in which the smart device 300 interacts with the user and the workplace of the device, respectively, and in other embodiments of the present application, the device security sensitivity level may be evaluated based on both the manner in which the smart device 300 interacts with the user and the workplace of the device.

2. User attributes: the user attribute may represent an operational status of the smart device 300, such as whether the smart device 300 is being used by a user.

In some embodiments of the application, the device security sensitivity value of the state not in use is greater than the device security sensitivity value of the state in use.

For example, the device security sensitivity evaluation module 207 evaluates the device security sensitivity value of the mobile phone being used by the user to 3, the device security sensitivity value of the mobile phone not being used to 10, and determines the device security sensitivity level of the mobile phone being used to be a low device security sensitivity level and the device security sensitivity level of the mobile phone not being used to be a high device security sensitivity level based on the device security sensitivity threshold (e.g., 5).

3. Environmental attributes: the environmental attributes include the relative distance of the smart device 300 from the user, the time of operation, etc.

(1) The relative distance between the intelligent device 300 and the user can be detected by the control end, the device security sensitivity evaluation module 207 evaluates the device sensitivity level of the intelligent device 300 based on the relative distance, and if the relative distance is smaller than the distance threshold, the device security sensitivity level of the intelligent device 300 is a low security sensitivity level; otherwise, if the relative distance is greater than the distance threshold, the device security sensitivity level of the smart device 300 is a high security sensitivity level.

(2) The operating time of the smart device can be simply divided into day and night.

For example, for a home camera, a user is working outside the day, and can control the home camera to remotely monitor the home through the mobile phone 100, and the camera needs to send a video stream to the user's mobile phone. By night the user has a rest at home, the remote monitoring of the home camera is not required to be controlled by the mobile phone 100, and if the home camera sends a video stream to the outside through the router 300, the home camera may be attacked by the network. Thus, the device security sensitivity evaluation module 207 evaluates the device security sensitivity value of the camera in the daytime to 3, the device security sensitivity value of the camera at night to 10, and determines the device security sensitivity level of the camera in the daytime to be a low device security sensitivity level and the device security sensitivity level of the camera at night to be a high device security sensitivity level based on the device security sensitivity threshold (e.g., 5).

In addition, in the case that the device security sensitivity module 207 obtains a plurality of security sensitivity values, a weighted security sensitivity value is determined through a weighting calculation, and then a device security sensitivity level of the smart device 300 is determined according to the weighted security sensitivity value.

It will be appreciated that the state information of the smart device 300 includes, but is not limited to, a manner of user interaction, a workplace, an operating state, a distance between the smart device 300 and the second electronic device, and an operating time, and the device security sensitivity module 207 may determine the device security sensitivity level associated with the set according to the set of the at least one information in the state information, may determine the security sensitivity value corresponding to the at least one information according to the at least one information in the state information, and may determine the device security sensitivity level according to the at least one security sensitivity value.

Returning to the system shown in fig. 6, after the device security sensitivity evaluation module 207 evaluates the device security sensitivity level of the smart device 300 based on the device identifier (default evaluation rule), the policy management module 208 of the device security sensitivity configures a corresponding security policy according to the device security sensitivity level. For example, for high security sensitivity devices, the security policy configured by the device security sensitivity policy management module 208 may be blocking communication traffic and then alerting the user, while for low security sensitivity devices, the security policy configured by the device security sensitivity policy management module 208 may be alerting the user first, the user deciding on the next step.

The following describes the technical solution of the present application in detail according to fig. 8 in combination with a specific scenario, based on the structures shown in fig. 3 and 6. Specifically, as shown in fig. 8, the security management method of the electronic device includes:

801: the intelligent device 300 sends a network request to the network server, and the specific process refers to the description of 501 in fig. 5, which is not described herein.

802: the router 200 forwards the data traffic sent by the network server to the traffic collection module 202 through the traffic forwarding module 201, and the specific process is described with reference to 502 in fig. 5, which is not described herein.

803: the flow collection module 202 collects specific data flows from the data flows sent by the network server, and sends the specific data flows to the flow processing module 203, and the specific process is described with reference to 503 in fig. 5, which is not described herein.

804: the flow processing module 203 pre-processes the specific data flow and sends the pre-processed data flow to the flow detection module 204, and the specific process is described with reference to 504 in fig. 5, which is not described herein.

805: the flow detection module 204 detects the preprocessed data flow and sends the detection result to the policy execution module 205, and the specific process is described with reference to 505 in fig. 5, which is not described herein.

806: the policy enforcement module 205 determines whether the detection result contains abnormal data traffic.

If the detection result sent by the traffic detection module 204 does not include abnormal data traffic, performing 807, and forwarding the data traffic of the network service by the router 200; otherwise, if the detection result sent by the flow detection module 204 includes abnormal data flow, 808 is performed.

808: the policy enforcement module 205 obtains the security policies from the policy management module 208 of the security sensitivity of the device.

With continued reference to fig. 7, the policy management module 208 of the device security sensitivity configures the security policy based on the device security sensitivity evaluation module 207 configuration module, and the evaluation rules of the device security sensitivity evaluation module 207 may include default evaluation rules, dynamic evaluation rules, and manual configuration rules. The default evaluation rule refers to the description of the above embodiments, and is not described herein. The dynamic evaluation rule and the manual configuration rule are specifically described below.

In some embodiments of the present application, the dynamic evaluation rule may be a cloud server evaluation, for example, if the living room camera is evaluated as a low security sensitivity device according to a default rule, and the big data provided by the cloud server shows a case in which a large number of home cameras have been attacked by the network virus recently, so that the security sensitivity level of the living room camera may be re-evaluated as a high security sensitivity level according to the result of the big data analysis.

It can be appreciated that the embodiment of the present application does not limit the evaluation rule of the security sensitivity of the device, and the evaluation rule may be other evaluation rules besides the three types shown above.

809: the policy enforcement module 205 enforces the corresponding operations based on the security policies.

810: if the device is high in safety sensitivity, abnormal data traffic is directly blocked, and then a user is alerted.

In some embodiments of the present application, the bedroom camera is evaluated as a high security sensitivity device, and if the router 200 detects that there is abnormal data traffic in the video stream transmitted by the bedroom camera, the router directly blocks the video stream transmission and then alerts the user.

For example, as shown in FIG. 9, the router 200 alerts the user that the interface displayed by the user's handset 100 may be "danger-! The bedroom camera is found to be attacked, the user can upgrade the camera software according to the prompt, and please upgrade the camera software in time.

811: if the device is low in safety sensitivity level, the user is given an abnormal alarm, and the user decides the next measure.

For example, as shown in fig. 10, when the user is using the mobile phone 100 to access the a website, the mobile phone 100 may be evaluated as a low security sensitivity device according to the default rule, and since the a website may contain content such as malicious colloquial, the interface popped up by the mobile phone 100 displays "the website may contain malicious colloquial content, whether to continue to access" and then the user decides whether to continue to access the a website.

The foregoing embodiments describe that the router 200 performs security measures based on the policy configuration module 206 or the management module 208 of the device security sensitivity, and in fact, the router 200 may perform security measures based on both the policy configuration module 206 and the management module 208 of the device security sensitivity, which may also achieve the effect of security protection.

Fig. 11 shows a system diagram of another security management scheme of an electronic device according to an embodiment of the present application, where the router 200 includes a traffic forwarding module 201, a traffic collecting module 202, a traffic processing module 203, a traffic detecting module 204, a policy executing module 205, a policy configuring module 206, a device security sensitivity evaluating module 207, and a device security sensitivity policy managing module 208, and each functional module of the router 200 is described with reference to fig. 4 and 6, which are not repeated herein.

The following describes the technical solution of the present application in detail according to fig. 12 in combination with a specific scenario, based on the structures shown in fig. 3 and 11. Specifically, as shown in fig. 12, the security management method of the electronic device includes:

1201: the intelligent device 300 sends a network request to the network server, and the specific process refers to the description of 501 in fig. 5, which is not described herein.

1202: the router 200 forwards the data traffic sent by the network server to the traffic collection module 202 through the traffic forwarding module 201, and the specific process is described with reference to 502 in fig. 5, which is not described herein.

1203: the flow collection module 202 collects specific data flows from the data flows sent by the network server, and sends the specific data flows to the flow processing module 203, and the specific process is described with reference to 503 in fig. 5, which is not described herein.

1204: the flow processing module 203 pre-processes the specific data flow and sends the pre-processed data flow to the flow detection module 204, and the specific process is described with reference to 504 in fig. 5, which is not described herein.

1205: the flow detection module 204 detects the preprocessed data flow and sends the detection result to the policy execution module 205, and the specific process is described with reference to 505 in fig. 5, which is not described herein.

1206: the policy enforcement module 205 determines whether the detection result contains abnormal data traffic.

If the detection result sent by the traffic detection module 204 does not include abnormal data traffic, execution 1207, the router 200 forwards the data traffic of the network service; otherwise, if the detection result sent by the flow detection module 204 includes abnormal data flow, execution 1208.

1208: the policy execution module 205 obtains the first security policy based on the policy configuration module 206, and the configuration manner of the first security policy is described with reference to 508 in fig. 5, which is not described herein.

1209: the policy executing module 205 obtains the second security policy based on the policy management module 208 of the device security sensitivity, and the configuration manner of the second security policy is described with reference to 808 in fig. 8, which is not described herein.

1210: the policy enforcement module 205 enforces the final security measures according to the acquired first security policy and second security policy.

In some embodiments of the present application, the first security policy is the same as the second policy, e.g., both the first security policy and the second policy are to directly block abnormal data traffic and then alert the user, the policy enforcement module 205 enforces the final security measure to directly block abnormal data traffic and then alert the user.

In other embodiments of the present application, the first security policy is different from the second security policy, and the policy execution module 205 executes the final security measure according to the second security policy, where the first security policy is only used as a reference, and the first security policy is not combined with the security sensitivity of the device, and cannot be dynamically configured, while the second security policy is combined with the security sensitivity of the device, and can be dynamically configured, and the second security policy is more consistent with the distributed network that can only be formed by the devices in the home scenario, so as to implement fine-grained management and control on the distributed network devices.

For example, the first security policy is to block abnormal data traffic directly and then alert the user, the second security policy is to alert the user first and decide the next measure by the user, and the policy enforcement module 205 enforces the final security measure by alerting the user first and deciding the next measure by the user.

As shown in fig. 13, the application package may include applications such as phone, camera, gallery, calendar, talk, map, navigation, WLAN, bluetooth, music, video, short message, etc.

The application framework layer provides an application programming interface (Application programming interface, API) and programming framework for application programs of the application layer. The application framework layer includes a number of predefined functions.

As shown in fig. 13, the application framework layer may include a window manager, a content provider, a view system, a phone manager, a resource manager, a notification manager, and the like.

The window manager is used for managing window programs. The window manager can acquire the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.

The content provider is used to store and retrieve data and make such data accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phonebooks, etc.

The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, a display interface including a text message notification icon may include a view displaying text and a view displaying a picture.

The telephony manager is arranged to provide communication functions for the terminal device. Such as the management of call status (including on, hung-up, etc.).

The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like.

The notification manager allows the application to display notification information in a status bar, can be used to communicate notification type messages, can automatically disappear after a short dwell, and does not require user interaction. Such as notification manager is used to inform that the download is complete, message alerts, etc. The notification manager may also be a notification in the form of a chart or scroll bar text that appears on the system top status bar, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, a text message is prompted in a status bar, a prompt tone is emitted, the terminal equipment vibrates, and an indicator light blinks.

Android runtimes include core libraries and virtual machines. Android run time is responsible for scheduling and management of the Android system.

The core library consists of two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.

The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application program layer and the application program framework layer as binary files. The virtual machine is used for executing the functions of object life cycle management, stack management, thread management, security and exception management, garbage collection and the like.

The system library may include a plurality of functional modules. For example: surface manager (surface manager), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), etc.

The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.

Media libraries support a variety of commonly used audio, video format playback and recording, still image files, and the like. The media library may support a variety of audio video encoding formats, such as: MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, etc.

The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.

The 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.

Reference in the specification to "some embodiments" or "examples" means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least one example implementation or technique according to the disclosure. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment.

The disclosure also relates to an operating device for performing the method. The apparatus may be specially constructed for the required purposes, or it may comprise a general-purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, magnetic-optical disks, read-only memories (ROMs), random Access Memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, application Specific Integrated Circuits (ASICs), or any type of media suitable for storing electronic instructions, and each may be coupled to a computer system bus. Furthermore, the computers referred to in the specification may include a single processor or may be architectures employing multiple processors for increased computing power.

The processes and displays presented herein are not inherently related to any particular computer or other apparatus. Various general-purpose systems may also be used with programs in accordance with the teachings herein, or it may prove convenient to construct more specialized apparatus to perform one or more method steps. The structure for a variety of these systems is discussed in the following description. In addition, any particular programming language sufficient to implement the techniques and embodiments of the present disclosure may be used. Various programming languages may be used to implement the present disclosure, as discussed herein.

Additionally, the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the disclosed subject matter. Accordingly, the present disclosure is intended to be illustrative, but not limiting, of the scope of the concepts discussed herein.

Claims

1. A security management method for an electronic device, for a system formed by a first electronic device and a second electronic device, where the first electronic device is communicatively connected to the second electronic device, the security management method comprising:

2. The method of claim 1, wherein the second electronic device determining a device security sensitivity level of the first electronic device based on the state information of the first electronic device comprises:

3. The method of claim 1, wherein the second electronic device determines a device security sensitivity level of the first electronic device based on the state information of the first electronic device, further comprising:

4. The method of claim 3, wherein, in the case where the status information of the first electronic device includes the manner in which the user interacted,

5. The method of claim 3, wherein, in the event that the status information of the first electronic device comprises the workplace,

6. The method of claim 3, wherein, in the case where the status information of the first electronic device includes the operational status,

The state in use will be determined as the fifth device security sensitivity value;

7. The method of claim 3, wherein, in the case where the status information of the first electronic device includes the distance to a second electronic device,

a state in which the distance to the second electronic device is the first distance is to be determined as a seventh device security sensitivity value;

a state in which the distance to the second electronic device is a second distance less than the first distance is to be determined as an eighth device security sensitivity value;

8. The method of claim 3, wherein, in the case where the status information of the first electronic device includes the operating time,

a first period of time during which the operating time is in the night state is to be determined as a ninth device security sensitivity value;

9. The method according to any of claims 4 to 8, wherein determining the device security sensitivity level from the at least one device security sensitivity value comprises:

10. The method of claim 1, wherein the second electronic device generates and transmits a corresponding security policy to the first electronic device based on the device security sensitivity level of the first electronic device, comprising:

if the equipment security sensitivity level of the first electronic equipment is a second security sensitivity level, the security policy is to firstly carry out abnormal alarm on a user, and the user decides the next security measure;

11. The method as recited in claim 1, further comprising: the device security sensitivity level may be manually configured by a user.

12. A security management method for an electronic device, wherein the security management method is used for a system formed by a first electronic device and a second electronic device, and the first electronic device is in communication connection with the second electronic device, and the security management method is characterized by comprising the following steps:

the second electronic device determines a device security sensitivity level of the first electronic device based on the big data analysis result, wherein,

if the big data analysis result shows that the number of times of network attack of the third electronic equipment of the same type as the first electronic equipment is larger than a preset threshold value, the equipment security sensitivity level of the first electronic equipment is a first security sensitivity level;

if the big data analysis result shows that the number of times of network attack of third electronic equipment of the same type as the first electronic equipment is smaller than a preset threshold value, the equipment security sensitivity level of the first electronic equipment is a second security sensitivity level, wherein the first security sensitivity level is higher than the second security sensitivity level;

13. A readable medium storing instructions that, when executed on the readable medium, cause the readable medium to perform the method of security management of an electronic device of any one of claims 1 to 12.

14. An electronic device, comprising:

a memory storing instructions;

a processor coupled to the memory, which when executed by the processor causes the electronic device to perform the method of security management of an electronic device of any of claims 1 to 12.