WO2017008608A1 - 基于云服务的移动终端安全信息获取方法、终端和存储介质、基于云服务的移动终端安全信息下发方法和服务器 - Google Patents
基于云服务的移动终端安全信息获取方法、终端和存储介质、基于云服务的移动终端安全信息下发方法和服务器 Download PDFInfo
- Publication number
- WO2017008608A1 WO2017008608A1 PCT/CN2016/085798 CN2016085798W WO2017008608A1 WO 2017008608 A1 WO2017008608 A1 WO 2017008608A1 CN 2016085798 W CN2016085798 W CN 2016085798W WO 2017008608 A1 WO2017008608 A1 WO 2017008608A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- mobile terminal
- security
- software
- event
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/68—Gesture-dependent or behaviour-dependent
Definitions
- the present invention relates to the field of cloud service technologies, and in particular, to a cloud service-based mobile terminal security information acquisition method, a terminal, and a storage medium, and to a cloud service-based mobile terminal security information delivery method and server.
- Various application softwares for different services are installed in the mobile terminal, and some kinds of application software installed in the mobile terminal may hide some virus software, so that the mobile terminal needs to be securely detected to discover the virus software.
- the security detection on the mobile terminal is manually triggered by the user, or the security detection on the mobile terminal is set to be performed at the time of power-on, or is set to be performed every interval, for example, security detection is performed once a day.
- the mobile terminal downloads the latest security data, such as the latest virus database, from the cloud. Further, the mobile terminal detects whether the software included in the virus database is installed locally and generates a corresponding detection report;
- the security detection of the mobile terminal cannot be performed in real time, there is always a delay of a long time. Therefore, the mobile terminal cannot be safely detected in combination with the latest security data, so that the virus software may pose a threat to the information security of the mobile terminal during the interval between two security detections.
- a cloud service-based mobile terminal security information acquiring method, a terminal, and a storage medium are provided;
- a cloud service-based mobile terminal security information delivery method and server are also provided.
- a method for acquiring security information of a mobile terminal based on a cloud service comprising:
- Synchronizing the mobile terminal information of the mobile terminal with the cloud including: transmitting the mobile terminal update information corresponding to the change of the mobile terminal information to the cloud, so that the cloud updates the cloud storage according to the mobile terminal update information Mobile terminal information of the mobile terminal;
- the cloud is sent to the mobile terminal, and the security risk of the mobile terminal is determined by the cloud in combination with the mobile terminal information and the latest security data of the cloud, and the update of the security data of the cloud is triggered.
- the determining step is performed; wherein the security data is used to report or describe software or software behavior that may constitute a security threat;
- Corresponding security processing is performed according to the security risk of the mobile terminal described in the security information, to prompt the user for the security risk existing in the mobile terminal or to eliminate the security risk existing in the mobile terminal.
- a cloud service-based mobile terminal security information delivery method includes:
- Synchronizing the mobile terminal information of the mobile terminal with the mobile terminal including: receiving mobile terminal update information reported by the mobile terminal, and updating mobile terminal information of the mobile terminal stored in the cloud according to the mobile terminal update information;
- the mobile terminal performs corresponding security processing according to the security risk of the mobile terminal described by the security information, so as to prompt the user for the security risk existing in the mobile terminal or eliminate the mobile terminal.
- a terminal comprising a memory and a processor, wherein the memory stores instructions that, when executed by the processor, cause the processor to perform the following steps:
- Synchronizing the mobile terminal information of the mobile terminal with the cloud including: transmitting the mobile terminal update information corresponding to the change of the mobile terminal information to the cloud, so that the cloud updates the cloud storage according to the mobile terminal update information Mobile terminal information of the mobile terminal;
- the cloud is sent to the mobile terminal, and the security risk of the mobile terminal is determined by the cloud in combination with the mobile terminal information and the latest security data of the cloud, and the update of the security data of the cloud is triggered.
- the determining step is performed; wherein the security data is used to report or describe software or software behavior that may constitute a security threat;
- Corresponding security processing is performed according to the security risk of the mobile terminal described in the security information, to prompt the user for the security risk existing in the mobile terminal or to eliminate the security risk existing in the mobile terminal.
- One or more non-volatile readable storage media storing computer-executable instructions, when executed by one or more processors, cause the one or more processors to perform the following steps:
- Synchronizing the mobile terminal information of the mobile terminal with the cloud including: transmitting the mobile terminal update information corresponding to the change of the mobile terminal information to the cloud, so that the cloud updates the cloud storage according to the mobile terminal update information Mobile terminal information of the mobile terminal;
- the security information is used to describe the mobile terminal
- the security information is generated when the cloud determines that the mobile terminal has a security risk
- the security information is sent by the cloud to the mobile terminal, and the mobile terminal has a security risk.
- the cloud is combined with the mobile terminal information and the latest security data of the cloud to determine that the update of the security data of the cloud triggers the performing of the determining step; wherein the security data is used for reporting or describing.
- Corresponding security processing is performed according to the security risk of the mobile terminal described in the security information, to prompt the user for the security risk existing in the mobile terminal or to eliminate the security risk existing in the mobile terminal.
- a server includes a memory and a processor, the memory storing instructions that, when executed by the processor, cause the processor to perform the following steps:
- Synchronizing the mobile terminal information of the mobile terminal with the mobile terminal including: receiving mobile terminal update information reported by the mobile terminal, and updating mobile terminal information of the mobile terminal stored in the cloud according to the mobile terminal update information;
- the mobile terminal performs corresponding security processing according to the security risk of the mobile terminal described by the security information, so as to prompt the user for the security risk existing in the mobile terminal or eliminate the mobile terminal.
- FIG. 1A is a partial structural block diagram of a mobile terminal that can run the cloud service-based mobile terminal security information obtaining method according to the present application in an embodiment
- FIG. 1B is a partial structural block diagram of a server that can run the cloud service-based mobile terminal security information delivery method according to the embodiment
- FIG. 2 is a schematic flowchart of a method for acquiring security information of a mobile terminal based on a cloud service in an embodiment
- FIG. 3A is a timing diagram of device information of a mobile terminal synchronized with a cloud in an embodiment
- FIG. 3B is a timing diagram of user information corresponding to a user account currently logged in by the cloud synchronization mobile terminal in an embodiment
- FIG. 4 is a schematic flowchart diagram of a process included in a method for acquiring security information of a mobile terminal based on a cloud service in an embodiment
- FIG. 5 is a schematic flowchart diagram of a process included in a method for acquiring security information of a mobile terminal based on a cloud service in another embodiment
- FIG. 6 is a schematic flowchart of a process for processing a security event of a mobile terminal based on a cloud service in an embodiment
- FIG. 7 is a schematic flowchart diagram of a process included in a process for processing a security event of a mobile terminal by using a cloud service according to an embodiment
- FIG. 8 is a schematic flowchart diagram of a process included in a process for processing a security event of a mobile terminal by using a cloud service according to another embodiment
- FIG. 9 is a schematic flowchart of a cloud service-based mobile terminal security information delivery method in an embodiment
- FIG. 10 is a schematic flowchart diagram of a process included in a cloud service-based mobile terminal security information delivery method according to an embodiment
- FIG. 11 is a schematic flow diagram of a flow of a cloud service-based mobile terminal security information delivery method according to another embodiment
- FIG. 12 is a schematic flowchart of a process for generating corresponding event security information for a security event occurring in a mobile terminal in an embodiment
- FIG. 13 is a schematic flowchart diagram of a process included in a process for generating corresponding event security information for a security event occurring in a mobile terminal in an embodiment
- FIG. 14 is a schematic flowchart of a process involved in generating a corresponding event security information for a security event occurring in a mobile terminal in another embodiment
- 15 is a schematic structural diagram of a terminal in an embodiment
- 16 is a schematic structural diagram of a terminal in another embodiment
- FIG. 17 is a schematic structural diagram of a server in an embodiment
- Figure 18 is a block diagram showing the structure of a server in another embodiment.
- FIG. 1A is a partial structural block diagram of a mobile terminal that can run the cloud service-based mobile terminal security information obtaining method according to the present application in an embodiment.
- the mobile terminal can be any terminal that can access the network, such as a mobile phone, a notebook computer, or a tablet computer. As shown in FIG.
- the mobile terminal includes a processor, a storage medium, a communication device, a network interface, a display screen, and an input mechanism connected through a system bus; wherein the input mechanism triggers related instructions according to a user operation,
- the display screen displays the related information to the user, the communication device is used to implement the call and the short message sending and receiving function, the network interface is used for communicating with the network, and the storage medium is used to store the cloud service-based mobile terminal security described in the present application.
- a software instruction of an information acquisition method wherein the storage medium is a non-volatile readable storage medium.
- the storage medium runs in an internal memory of an operating environment for software instructions for a cloud service-based mobile terminal security information acquisition method in a storage medium, the processor coordinates the work of the various components and executes the instructions to implement the cloud-based described herein Method for obtaining mobile terminal security information of a service.
- the structure shown in FIG. 1A is only related to the present application.
- the block diagram of the partial structure related to the solution does not constitute a limitation of the mobile terminal to which the solution of the present application is applied.
- the specific mobile terminal may include more or less components than those shown in the figure, or may combine some components. Or have different component arrangements.
- FIG. 1B is a block diagram showing a part of a structure of a server that can run the cloud service-based mobile terminal security information delivery method according to the embodiment.
- the server includes a processor, a storage medium, a memory, and a network interface connected by a system bus; wherein the network interface is for communicating with the network, and the memory is for buffering data, the storage medium Storing an operating system, a database, and software instructions for implementing the cloud service-based mobile terminal security information delivery method described herein, the processor coordinates the operations of the components and executes the instructions to implement the method described herein.
- the mobile terminal security information delivery method of the cloud service can understand that the structure shown in FIG.
- 1B is only a block diagram of a partial structure related to the solution of the present application, and does not constitute a limitation on a server to which the solution of the present application is applied.
- the specific server may include a ratio. More or fewer components are shown in the figures, or some components are combined, or have different component arrangements.
- a cloud service-based mobile terminal security information acquisition method includes the following steps:
- Step S202 Synchronizing the mobile terminal information with the cloud includes: transmitting, to the cloud, the mobile terminal update information corresponding to the change of the mobile terminal information, so that the cloud updates the mobile terminal information of the mobile terminal stored in the cloud according to the mobile terminal update information.
- the mobile terminal update information corresponding to the change of the mobile terminal information is sent to the cloud in real time; if the mobile terminal does not establish a communication connection with the cloud, the stored mobile terminal information occurs.
- the mobile terminal update information corresponding to the change is the mobile terminal update information to be reported, and the mobile terminal update information to be reported is reported when the communication connection is established with the cloud.
- the mobile terminal information includes one or two of the following two categories of information: device information of the mobile terminal and user information corresponding to the user account currently logged in by the mobile terminal.
- the device information of the mobile terminal includes a local software list of the mobile terminal and/or an operating system version of the mobile terminal, and the like.
- the user information corresponding to the user account currently logged in by the mobile terminal includes software setting information of the mobile terminal, a suspected fraudulent number set by the user, and one or more of the geographical areas where the user is located.
- the software setting information is used to characterize the behavior of the software allowed by the user and/or the behavior prohibited by the user.
- Step S204 Receive security information sent by the cloud, where the security information is generated when the cloud determines that the mobile terminal has a security risk, and the security information is sent by the cloud to the mobile terminal after the security information is generated, and whether the mobile terminal has a security risk, and the cloud terminal combines the information of the mobile terminal and the latest of the cloud.
- the security data is judged to be that the update of the security data in the cloud triggers the determination step.
- the security information is used to describe the security risks existing in the mobile terminal.
- the cloud determines whether the mobile terminal has a security risk by combining the mobile terminal information and the latest security data of the cloud.
- the security information received from the cloud includes one or more related information of virus software, software dangerous behavior, and operating system vulnerability existing in the mobile terminal, and is used to provide protection for mobile terminal information security.
- the security information for example, the information about the virus software in the local software list of the mobile terminal, the information about the dangerous behavior of the software in the local software list of the mobile terminal, the vulnerability information of the operating system of the current version of the mobile terminal, and / or the patch software corresponding to the vulnerability.
- the security data is used to report or describe software or software behavior that may constitute a security threat.
- Software or software behaviors that may constitute a security threat include the disclosure of user sensitive information without user authorization, theft of user sensitive information, modification of operating system settings, modification of software settings, software uninstallation/installation of software or software behavior.
- the security data may include one or more of virus software data and software risk behavior data.
- the security data of the cloud may be obtained by the cloud through the big data analysis process, or may be obtained by the cloud by acquiring the security data provided by the third party.
- Step S206 Perform corresponding security processing according to the security risk of the mobile terminal described by the security information, to prompt the user for the security risk existing in the mobile terminal or eliminate the existence of the mobile terminal. Security Risk.
- the corresponding security process is performed according to the security risk of the mobile terminal described in the security information, including one or more of the following processes: prompting the security information, and checking and killing the corresponding software according to the security information, Restrict the behavior of the corresponding software according to the security information and fix the corresponding vulnerability according to the security information.
- an interface or window containing security information in the interface content can be generated and displayed to alert the security information.
- the security information includes information about the virus software that exists in the mobile terminal.
- step S206 may check and kill the virus software indicated in the security information.
- the security information includes information about the software dangerous behavior of the mobile terminal.
- step S206 may limit the dangerous behavior of the software indicated in the security information, for example, setting a dangerous behavior of the corresponding software. Forbidden items, etc.
- the security information includes information about an operating system vulnerability existing in the mobile terminal.
- step S206 may repair the corresponding vulnerability according to the security information.
- the method for acquiring the security information of the mobile terminal based on the cloud service synchronizes the mobile terminal information of the mobile terminal with the cloud, and receives the security information sent by the cloud, where the security information is generated when the cloud determines that the mobile terminal has a security risk, and the security data of the cloud is generated.
- the update triggers the cloud to combine the mobile terminal information with the latest security data to determine whether the mobile terminal has a risk. After the security information is generated, the cloud sends the data to the mobile terminal.
- the security information can be generated and sent to the mobile terminal, so that the mobile terminal can receive the security information generated according to the latest security data in time for protecting the information security of the mobile terminal; instead of requiring the mobile terminal to initiate security detection, the security information can be obtained.
- the safety information generated based on the latest safety data the time to obtain the safety information can be prevented from being delayed.
- step S202 and the cloud synchronization mobile terminal information comprise the following steps:
- the mobile terminal Whenever the mobile terminal establishes a communication connection with the cloud, it checks whether there is a mobile terminal update information to be reported locally, and reports the existing mobile terminal update information to be reported to the cloud;
- the terminal establishes a communication connection, and if so, reports the mobile terminal update information corresponding to the change that occurred, and otherwise stores the mobile terminal update information corresponding to the changed change as the mobile terminal update information to be reported.
- the mobile terminal update information may be the full amount information of the latest mobile terminal information, or may be the difference information of the latest mobile terminal information relative to the mobile terminal information when the last mobile terminal update information is reported.
- the mobile terminal always reports the updated mobile terminal information to the cloud at the first time after the mobile terminal information is updated, instead of reporting the mobile terminal information when the cloud needs to use the mobile terminal information, thereby reducing the cloud in the cloud.
- Combining the information of the mobile terminal to obtain the information of the mobile terminal from the mobile terminal in the process of related processing improves the real-time performance of the related processing.
- the mobile terminal information and the mobile terminal update information are corresponding to the user account currently logged in by the mobile terminal, and the foregoing embodiment reports the existing mobile terminal update information to be reported to the user account currently logged in to the mobile terminal.
- the cloud is a cloud.
- step S202 and the cloud synchronization mobile terminal information further includes the following steps:
- the mobile terminal information corresponding to the currently logged-in user account is extracted from the cloud, and the local configuration is updated according to the extracted mobile terminal information, so that the local configuration and the extracted mobile terminal information are consistent.
- the mobile terminal when the same user account is logged in to different mobile terminals, the mobile terminal can pull the mobile terminal information corresponding to the user account from the cloud, and does not require the user to repeatedly set the mobile terminal information.
- the mobile terminal information includes two categories of information: device information of the mobile terminal (which may be referred to as device information) and user information corresponding to the user account currently logged in by the mobile terminal (referred to as user information);
- step S202 and the cloud synchronization mobile terminal information include the following steps:
- the device update information or the user update information corresponding to the change is reported to the cloud at a first time to make the The cloud is further updated according to the device update information or user update information.
- Device information or user information stored in the new cloud is further updated according to the device update information or user update information.
- each time the mobile terminal establishes a communication connection with the cloud it can check whether the device update information and the user update information to be reported exist locally, and report the device update information and the user update information that are to be reported to the cloud. ;
- the device information of the mobile terminal or the user information corresponding to the user account currently logged in by the mobile terminal is changed, it is checked whether the mobile terminal currently establishes a communication connection with the cloud, and if so, the device update information or the user corresponding to the change is reported.
- the information is updated, and the device update information or the user update information corresponding to the change is stored as device update information or user update information to be reported.
- the user information corresponding to the currently logged-in user account is extracted from the cloud, and the local configuration is updated according to the extracted user information, so that the local configuration and the pulled user information are consistent.
- the device update information may be the full amount information of the latest device information, or may be the difference information of the latest device information relative to the device information when the last device update information is reported;
- the user update information may be the full amount of the latest user information, or may be the difference information of the latest user information relative to the user information when the last user update information is reported.
- the mobile terminal when the same user account is logged in to different mobile terminals, the mobile terminal can pull the user information corresponding to the user account from the cloud, and does not require the user to repeatedly set the user information.
- the cloud service-based mobile terminal security information acquisition method reports the device update information and the device identifier to the cloud, and reports the user update information to the cloud corresponding to the currently logged-in user account.
- the cloud service-based mobile terminal security information obtaining method further includes the step of generating a device identifier.
- the cloud service-based mobile terminal security information acquisition method described in the present application is implemented by running a program instruction included in a client installed on the mobile terminal, and the step may be performed after the client is first installed on the mobile terminal.
- the device may be generated according to a globally unique identifier (GUID) of the mobile terminal Logo.
- GUID globally unique identifier
- the mobile terminal information may include one of the two categories of the device information and the user information, so that the process of synchronizing the mobile terminal information with the cloud may only cover the synchronization step of the device information or the user information. Synchronization steps.
- FIG. 3A is a timing diagram of device information for synchronizing a mobile terminal with a cloud in an embodiment.
- the mobile terminal After the mobile terminal is installed on the mobile terminal for the first time, the mobile terminal generates a device identifier; the client is a client that includes program instructions for implementing the cloud service-based mobile terminal security information acquisition method described in the present application.
- the mobile terminal reports the device identifier and the device information to the server in the cloud.
- the server establishes a device information image of the mobile terminal.
- the server may store the device identifier reported by the mobile terminal and the device information.
- the device information of the mobile terminal is changed.
- the mobile terminal reports the device update information corresponding to the change.
- the device information of the mobile terminal is changed, it is checked whether the mobile terminal has established a communication connection with the cloud, and if so, the device update information corresponding to the change is reported, otherwise the device update information corresponding to the change is stored as to be reported.
- Device update information Whenever the device information of the mobile terminal is changed, it is checked whether the mobile terminal has established a communication connection with the cloud, and if so, the device update information corresponding to the change is reported, otherwise the device update information corresponding to the change is stored as to be reported.
- each time the mobile terminal establishes a communication connection with the cloud it checks whether there is any device update information to be reported locally, and reports the device update information to be reported to the cloud server.
- the cloud server updates the device information image of the mobile terminal.
- the server may update the device information of the mobile terminal existing in the cloud according to the device update information of the mobile terminal reported by the mobile terminal.
- FIG. 3B is a timing diagram of user information corresponding to a user account currently logged in by the cloud synchronization mobile terminal in an embodiment.
- the mobile terminal sends the user account requesting the login to the server in the cloud.
- the server searches for user information corresponding to the user account.
- the server returns the user information corresponding to the user account to the mobile terminal.
- the server can request it The recorded user account performs related verification, and after verification, the user information corresponding to the user account is returned to the mobile terminal.
- the mobile terminal updates the local configuration according to the returned user information, so that the local configuration is consistent with the returned user information.
- the user information corresponding to the user account currently logged in by the mobile terminal is changed.
- the mobile terminal reports the user update information corresponding to the change.
- each time the mobile terminal establishes a communication connection with the cloud it checks whether there is a user update information to be reported locally, and reports the existing user update information to be reported to the cloud server.
- the server updates the user information corresponding to the currently logged-in user account of the mobile terminal.
- the server pushes the user information corresponding to the user account to other mobile terminals that are registered by the user account.
- the mobile terminal information includes a local software list of the mobile terminal; the local software list of the mobile terminal can include software information locally installed by the mobile terminal.
- the software information may include one or more of a software identification, a software name, and the like.
- the local software list of the mobile terminal may belong to the device information category described above.
- the security data includes virus software data; wherein the virus software data is used to characterize the virus software.
- the virus software data may include the software identifier of the virus software, and may also include the software name and hazard information of the virus software.
- the security information includes virus software prompt information; the virus software prompt information is used to prompt the mobile terminal's local software list to be determined by the cloud as the virus software according to the latest virus software data as the virus software.
- the virus software indicated in the virus software prompt information belongs to the virus software determined by the cloud according to the latest virus software data and belongs to the software included in the local software list of the mobile terminal.
- the update of the virus software data in the cloud triggers the virus software prompt information. generate.
- the cloud starts the generation of the virus software prompt information.
- the mobile terminal can receive the prompt information of the related software in the local software list as the virus software.
- FIG. 4 shows a flow branch included in the cloud service-based mobile terminal security information acquisition method of the above embodiment.
- a method for acquiring security information of a cloud service-based mobile terminal includes the following steps:
- Step S402 synchronizing the local software list of the mobile terminal with the cloud.
- Step S404 receiving the virus software prompt information sent by the cloud, and the virus software prompt information is generated by the cloud according to the local software list of the mobile terminal and the latest virus software data of the cloud involved in the local software list, and the virus software prompted by the virus software prompt information It belongs to the virus software determined by the cloud according to the latest virus software data and belongs to the software included in the local software list of the mobile terminal.
- the update of the virus software data in the cloud triggers the generation of the virus software prompt information.
- Step S406 performing corresponding security processing according to the virus software prompt information.
- the mobile terminal information may include software setting information of the mobile terminal, the software setting information is used to characterize the behavior of the software permitted by the user; the software setting information may include the software identification of the software and the behavior of the software allowed by the user. The identifier, the software identifier corresponding to the behavior identifier in the software setting information.
- the software setting information may belong to the user information category described above.
- the safety data may include software risk behavior data, which is used to characterize the dangerous behavior of the software;
- the software risk behavior data may include a software identifier of the software and a behavioral identifier of the dangerous behavior of the software, the software identifier and the behavior identifier are in software danger Corresponding to behavioral data.
- the safety information may include dangerous behavioral prompt information for prompting the dangerous behavior of the software; in one embodiment, the dangerous behavioral prompting information includes information about one or more specific behaviors of one or more software, and may also include prompts User prompts for the behavior of the software, such as limiting dangerous behavior, uninstalling software, etc.
- the dangerous behavior of the software prompted by the dangerous behavior prompt information is characterized by the software setting information as the user-permitted behavior of the corresponding software, and the dangerous behavior characterized by the software dangerous behavior data as the corresponding software.
- the update of the software dangerous behavior data in the cloud triggers the generation of dangerous behavioral prompt information.
- the cloud initiates the generation of dangerous behavior prompt information.
- the certain behavior of the software in the software setting information of the mobile terminal is determined by the latest software dangerous behavior data of the cloud as the dangerous behavior of the corresponding software, and the mobile terminal can receive the corresponding software corresponding Behavior is a reminder of dangerous behavior.
- FIG. 5 shows a flow branch included in the cloud service-based mobile terminal security information acquisition method of the above embodiment.
- a method for acquiring security information of a cloud service-based mobile terminal includes the following steps:
- Step S502 synchronizing the software setting information of the mobile terminal with the cloud.
- Step S504 receiving the dangerous behavior prompt information sent by the cloud, and the dangerous behavior prompt information is generated by the cloud according to the software setting information of the mobile terminal and the latest software dangerous behavior data of the cloud involved in the software setting information, and the software prompted by the dangerous behavior prompt information
- the dangerous behavior is characterized by the software setting information as the user-permitted behavior of the corresponding software, and the dangerous behavior of the corresponding software by the software dangerous behavior data.
- the update of the software dangerous behavior data in the cloud triggers the generation of the dangerous behavior prompt information.
- Step S506 performing corresponding security processing according to the dangerous behavior prompt information.
- the foregoing cloud service-based mobile terminal security information acquiring method further includes a process of processing a security event of the mobile terminal based on the cloud service.
- the process of processing a security event of a mobile terminal based on a cloud service includes the following steps:
- Step S602 monitoring a preset security event that occurs on the mobile terminal.
- the preset security event may include one or more of a communication event and a sensitive information acquisition event for acquiring sensitive information of the mobile terminal.
- Step S604 acquiring event characteristics of the generated security event.
- the event feature is used to represent a security event, and the event feature may include one or more of a program identifier of a triggering program of the security event, an event type of the security event, and an operational behavior information corresponding to the security event.
- step S606 the event feature is sent to the cloud, so that the cloud combines the mobile terminal information and the latest security data of the cloud to determine the event feature, thereby generating event security information corresponding to the security event.
- the event security information may include information related to the security risks that the security event has.
- the event security information may include prompt information of a behavior performed by the security event as a dangerous behavior, or risk information of a third party related to the security event, for example, the security event is a communication event, and the event security information may include a communication event related communication.
- the number may be a prompt message of the fraud number, etc.; for example, the security event is a payment event, and the event security information may include a prompt information that the bonus transfer account may be a fraud account.
- Step S608 receiving event security information corresponding to the security event.
- Step S610 performing processing corresponding to the security event according to the event security information.
- security events may be intercepted based on event security information to prevent further execution of security events, or to display or play event security information to prompt the user, and to monitor further operations of the user, and the like.
- the mobile terminal when a security event occurs in the mobile terminal, the mobile terminal sends the event feature to the cloud so that the cloud can generate event security information based on the mobile terminal information and the latest security data of the cloud, and the mobile terminal can perform the security event according to the event security information.
- the mobile terminal does not need to transmit the mobile terminal information in real time, thereby speeding up the return of the event security information of the cloud, and on the other hand, the cloud can generate event security information by combining the latest security data, thereby improving the mobile The effectiveness of the terminal in monitoring security events.
- the security event may include a communication event; the communication event may include one or more of a calling call event, a called call event, a received short message event, and a short message event.
- the calling event of the mobile terminal is a call event initiated by the mobile terminal
- the called call event of the mobile terminal is a call event initiated by the other mobile terminal and answered by the mobile terminal.
- the event feature of the communication event includes a communication number of the communication event; in one embodiment, the communication number of the communication event may be a communication number communicated with the mobile terminal, for example, a short message transmission number corresponding to the received short message event of the mobile terminal, and the mobile terminal's The short message receiving number corresponding to the short message event, the called number corresponding to the calling event of the mobile terminal, and the calling number corresponding to the called call event of the mobile terminal.
- the mobile terminal information includes a suspected fraudulent number set by the user; in one embodiment, the suspected fraudulent number set by the user may belong to the user information category described above.
- the cloud service-based mobile terminal security information obtaining method further includes the following steps: acquiring a suspected fraudulent number set by the user.
- the suspected fraudulent number set by the user may be obtained through the data input interface, or the suspected fraudulent number specified entry may be provided, and the suspected fraudulent number specified by the user may be obtained through the suspected fraudulent number designation entry as the suspected fraudulent number set by the user.
- the security data can include a collection of spoof numbers.
- the number in the fraudulent number set is determined by the cloud as a fraudulent number.
- the set of spoof numbers can be obtained by the cloud through big data analysis processing, or can be obtained from a third party by the cloud.
- the event security information may include fraudulent number hint information for prompting the communication number to be a fraudulent number.
- the fraudulent number prompt information is generated by the cloud when the communication number of the communication event belongs to a suspected fraudulent number set by the user and a number belonging to the fraudulent number set.
- FIG. 7 is a flow branch included in the process of processing a security event of a mobile terminal by using a cloud service in the foregoing embodiment.
- the foregoing process for processing a security event of a mobile terminal by using a cloud service includes the following steps:
- Step S702 monitoring a communication event occurring by the mobile terminal.
- Step S704 acquiring a communication number corresponding to the generated communication event.
- Step S706 Send a communication number corresponding to the communication event to the cloud, so that the cloud determines the communication number in combination with the suspected fraudulent number set by the user and the latest fraudulent number set in the cloud, thereby generating a fraudulent number prompt for prompting the communication number to be a fraudulent number.
- Information where the fraud number
- the prompt information is generated by the cloud when the communication number of the communication event belongs to a suspected fraudulent number set by the user and a number belonging to the fraudulent number set.
- Step S708 receiving fraudulent number prompt information.
- Step S710 performing processing corresponding to the communication event according to the fraudulent number prompt information.
- the scam number prompt information may be prompted in the form of voice, text or interface graphics.
- the communication event may be intercepted or terminated according to the fraudulent number prompt information, and the like.
- the cloud can return the fraudulent number prompt information of the communication number corresponding to the communication event to the mobile terminal in an efficient and timely manner, so that the mobile terminal can perform timely and effective information security protection against the communication event.
- the security event includes a sensitive information acquisition event for obtaining sensitive information of the mobile terminal; in one embodiment, the mobile terminal sensitive information may include root authority of the operating system of the mobile terminal, contact information stored by the mobile terminal, and movement. One or more of the current geographic location of the terminal, the short message content stored by the mobile terminal, and the like.
- the event feature of the sensitive information acquisition event is used to represent the behavior of the trigger program for the sensitive information acquisition event to obtain the sensitive information; in one embodiment, the event characteristics of the sensitive information acquisition event include the program identifier of the trigger program of the sensitive information acquisition event and the sensitive information. Obtain behavior information corresponding to the event, such as a behavior category or a behavior identifier, and the behavior information may include sensitive information acquired by the sensitive information acquisition event.
- the mobile terminal information may include software setting information of the mobile terminal, and the software setting information is used to represent the behavior of the software permitted by the user, and the software setting information may include a software identifier of the software and a behavior identifier of the software permitted by the user, the software identifier and This behavior indicator corresponds to the software setting information.
- the safety data may include software risk behavior data, which is used to characterize the dangerous behavior of the software;
- the software risk behavior data may include a software identifier of the software and a behavioral identifier of the dangerous behavior of the software, the software identifier and the behavior identifier are in software danger Corresponding to behavioral data.
- the event security information includes event danger prompt information for prompting the behavior corresponding to the sensitive information acquisition event to be a dangerous behavior
- the event danger prompt information is generated by the cloud when the following conditions are met: the behavior corresponding to the sensitive information acquisition event is represented by the software setting information as a user-permitted behavior of the triggering program, and is characterized by the software dangerous behavior data as a dangerous behavior of the triggering program. .
- FIG. 8 is a flow branch included in the process of processing a security event of a mobile terminal by using a cloud service in the foregoing embodiment.
- the foregoing process for processing a security event of a mobile terminal by using a cloud service includes the following steps:
- Step S802 monitoring a sensitive information acquisition event that is acquired by the mobile terminal and acquiring sensitive information of the mobile terminal.
- Step S804 acquiring an event feature of the generated sensitive information acquisition event.
- Step S806 Send the event feature of the sensitive information acquisition event to the cloud, so that the cloud combines the software setting information of the mobile terminal and the latest software dangerous behavior data of the cloud to determine the event feature, thereby generating a behavior for prompting the sensitive information acquisition event.
- the event danger warning information for dangerous behavior wherein the event danger prompt information is generated by the cloud when the following conditions are met: the behavior corresponding to the sensitive information acquisition event is characterized by the software setting information as the user-permitted behavior of the triggering program, and is dangerous by the software. Behavioral data is characterized as a dangerous behavior that triggers the program.
- Step S808 receiving event danger prompt information.
- Step S810 performing processing corresponding to the sensitive information acquisition event according to the event danger prompt information.
- the event danger warning information may be presented in the form of voice, text or interface graphics.
- the sensitive information acquisition event may be intercepted or terminated according to the event danger prompt information.
- the cloud can efficiently and timely return the event danger prompt information corresponding to the sensitive information acquisition event of the mobile terminal sensitive information to the mobile terminal, so that the mobile terminal can perform timely and effective information security protection for the sensitive information acquisition event.
- the cloud service-based mobile terminal security information delivery method described in this application is described below with reference to specific embodiments.
- the cloud service-based mobile terminal security information acquisition method described in the present application is executed by the mobile terminal, and the cloud service-based mobile terminal security information delivery method is performed by the cloud server.
- the mobile terminal cooperates with the server of the cloud to implement the cloud service-based mobile terminal described in this application.
- the explanations and definitions of the terms and technical features included in the security information acquisition method of the cloud service-based mobile terminal are applicable to the cloud service-based mobile terminal security information delivery method described below, and are applicable to the following.
- the security information acquisition device of the cloud service-based mobile terminal and the cloud service-based mobile terminal security information delivery device are applicable to the cloud service-based mobile terminal security information delivery device described below, and are applicable to the following.
- a cloud service-based mobile terminal security information delivery method includes the following steps:
- Step S902 synchronizing the mobile terminal information of the mobile terminal with the mobile terminal, comprising: receiving the mobile terminal update information reported by the mobile terminal, and updating the mobile terminal information of the mobile terminal stored in the cloud according to the mobile terminal update information.
- the user account currently logged in by the mobile terminal is reported to the cloud together with the mobile terminal update information.
- the cloud receives the mobile terminal update information reported by the mobile terminal and the user account currently logged in by the mobile terminal, according to the receiving.
- the mobile terminal update information updates the mobile terminal information corresponding to the received user account stored in the cloud.
- step of synchronizing the mobile terminal information with the mobile terminal in step S902 further includes the following steps:
- the mobile terminal information corresponding to the user account currently logged in by the mobile terminal is obtained from the mobile terminal information stored in the cloud, and the mobile terminal information is sent to the mobile terminal, so that the mobile terminal delivers the information according to the mobile terminal.
- the mobile terminal information updates the local configuration so that the local configuration of the mobile terminal is consistent with the delivered mobile terminal information.
- the mobile terminal when the same user account is logged in to different mobile terminals, the mobile terminal can pull the mobile terminal information corresponding to the user account from the cloud, and does not require the user to repeatedly set the mobile terminal information.
- Step S904 monitoring whether the security data is updated.
- the security data is used to report or describe software or software behavior that may constitute a security threat.
- Step S906 when the security data is updated, the mobile terminal information of the mobile terminal and the latest security data are used to determine whether the mobile terminal has a security risk, and the mobile terminal has a security risk. At the time, security information is generated for describing the security risks existing in the mobile terminal.
- the security information includes one or more related information of virus software, software dangerous behavior, and operating system vulnerability existing in the mobile terminal.
- Step S908 returning security information to the mobile terminal, so that the mobile terminal performs corresponding security processing according to the security risk of the mobile terminal described by the security information, so as to prompt the user for the security risk existing in the mobile terminal or eliminate the security risk existing by the mobile terminal.
- the cloud service-based mobile terminal security information delivery method synchronizes the mobile terminal information of the mobile terminal with the mobile terminal, and monitors whether the security data is updated, and when the security data related to the mobile terminal information is updated, combining the mobile terminal information and the latest
- the security data determines whether the mobile terminal has a security risk.
- When the mobile terminal has a security risk generates security information for describing the security risk existing by the mobile terminal, and returns the security information to the mobile terminal.
- the foregoing method does not require the mobile terminal to initiate The security detection can obtain the security information generated according to the latest security data.
- the security information can be generated and the security information can be sent to the mobile terminal, so that the mobile terminal
- the security information generated according to the latest security data can be obtained in time for protecting the information security of the mobile terminal.
- the mobile terminal information includes two categories of information: device information of the mobile terminal (which may be referred to as device information) and user information (which may be referred to as user information) corresponding to the user account currently logged in by the mobile terminal.
- step S902 comprises the following steps:
- the user information corresponding to the user account currently logged in by the mobile terminal is obtained from the user information stored in the cloud, and the user information is sent to the mobile terminal, so that the mobile terminal updates the user information according to the delivered user information.
- Local configuration to make the mobile terminal's local distribution It is consistent with the delivered user information.
- the mobile terminal when the same user account is logged in to different mobile terminals, the mobile terminal can pull the user information corresponding to the user account from the cloud, and does not require the user to repeatedly set the user information.
- the device update information received by the cloud corresponds to the device identifier
- the user update information received by the cloud corresponds to the user account.
- the cloud device may update the corresponding device information stored in the cloud according to the corresponding relationship between the received device identifier and the device update information, and update the corresponding user information stored in the cloud according to the corresponding relationship between the received user account and the user update information.
- the device update information and the user update information include an update time stamp.
- the device update information may be And the update timestamp in the user update information updates the corresponding device information and user information stored in the cloud in a first-to-last order.
- the first user update information and the second user update information correspond to the same user account, and the update timestamp of the first user update information is earlier than the update timestamp of the second user update information, and then the cloud is updated according to the first user update information.
- Corresponding user information is stored, and then the corresponding user information stored in the cloud is updated according to the second user update information.
- the mobile terminal information may include one of the two categories of device information and user information, so that the process of synchronizing the mobile terminal information with the mobile terminal may only cover the synchronization step or user information of the device information. Synchronization steps.
- the mobile terminal information includes a local software list of the mobile terminal
- Security data includes virus software data
- Security information includes virus software prompt information
- Step S906 includes the following steps:
- virus software data When the virus software data is updated, it is determined whether the virus software determined by the latest virus software data contains software in the local software list;
- the virus software determined by the latest virus software data includes the software in the local software list
- the software in the local software list included in the virus software determined by the latest virus software data is obtained, and the virus software prompt information is generated, and the virus software prompt information is generated.
- the software used to prompt for the acquisition is a virus software.
- FIG. 10 shows a flow branch included in the cloud service-based mobile terminal security information delivery method in the foregoing embodiment.
- a cloud service-based mobile terminal security information delivery method includes the following steps:
- Step S1002 Synchronize the local software list of the mobile terminal with the mobile terminal.
- step S1004 it is monitored whether the virus software data is updated.
- Step S1006 When the virus software data is updated, determining whether the virus software determined by the latest virus software data includes software in the local software list, when the virus software determined by the latest virus software data includes the software in the local software list. Obtain the software in the local software list included in the virus software determined by the latest virus software data, generate virus software prompt information, and the virus software prompt information is used to prompt the acquired software to be virus software.
- Step S1008 returning the virus software prompt information to the mobile terminal.
- the mobile terminal can receive the prompt information of the related software in the local software list as the virus software.
- the mobile terminal information includes software setting information of the mobile terminal, and the software setting information is used to characterize behavior of the software permitted by the user;
- the safety data includes software risk behavior data that is used to characterize the dangerous behavior of the software
- the safety information includes dangerous behavioral prompt information for prompting the dangerous behavior of the software
- Step S906 includes the following steps:
- the software dangerous behavior data When the software dangerous behavior data is updated, it is judged whether the dangerous behavior of the software characterized by the latest software dangerous behavior data and the software characterized by the software setting information include the same behavior corresponding to the same software in the behavior permitted by the user;
- FIG. 11 is a diagram showing a cloud service-based mobile terminal security information delivery method in the above embodiment. A process branch included. As shown in FIG. 11, in one embodiment, a cloud service-based mobile terminal security information delivery method includes the following steps:
- Step S1102 Synchronize the software setting information of the mobile terminal with the mobile terminal, and the software setting information is used to represent the behavior that the software is allowed by the user.
- Step S1104 monitoring whether the software dangerous behavior data is updated, and the software dangerous behavior data is used to characterize the dangerous behavior of the software.
- Step S1106 When the software dangerous behavior data is updated, determining whether the dangerous behavior of the software represented by the latest software dangerous behavior data and the software characterized by the software setting information include the same behavior corresponding to the same software in the behavior permitted by the user, and obtain The same behavior corresponding to the same software generates the dangerous behavior prompt information that the behavior corresponding to the obtained software is dangerous behavior.
- Step S1108 returning dangerous behavior prompt information to the mobile terminal.
- the certain behavior of the software in the software setting information of the mobile terminal is determined by the latest software dangerous behavior data of the cloud as the dangerous behavior of the corresponding software, and the mobile terminal can receive the corresponding software corresponding Behavior is a reminder of dangerous behavior.
- the cloud service-based mobile terminal security information delivery method further includes a process of generating corresponding event security information for a security event occurring by the mobile terminal;
- the process of generating corresponding event security information for a security event occurring by a mobile terminal includes the following steps:
- Step S1202 Receive an event feature corresponding to a security event that occurs in the mobile terminal.
- Step S1204 Combine the pre-synchronized mobile terminal information with the latest security data of the cloud to determine the event feature, and generate event security information corresponding to the security event.
- Step S1206 Return event security information corresponding to the security event to the mobile terminal, so that the mobile terminal performs processing corresponding to the security event according to the event security information.
- the mobile terminal when the mobile terminal generates a security event, the mobile terminal does not need to send the mobile terminal information in real time, and the cloud can perform the judgment according to the pre-synchronized mobile terminal information, thereby speeding up the cloud return event security information, and on the other hand, the cloud Combining the latest security data to generate event security information can improve the effectiveness of the mobile terminal in monitoring security events.
- the security event includes a communication event
- the event characteristics of the communication event include a communication number
- the mobile terminal information includes a suspected fraudulent number set by the user
- Security data includes a collection of fraudulent numbers
- the event security information includes a fraudulent number reminder information for prompting the communication number to be a fraudulent number
- Step S1204 includes the following steps:
- FIG. 13 is a flow branch included in the process of generating corresponding event security information for a security event occurring in a mobile terminal in the foregoing embodiment.
- the foregoing process for generating corresponding event security information for a security event occurring by a mobile terminal includes the following steps:
- Step S1302 Receive a communication number corresponding to a communication event that occurs in the mobile terminal.
- Step S1304 determining whether the communication number corresponding to the communication event belongs to the suspected fraudulent number set by the pre-synchronized user and the number in the latest fraudulent number set belonging to the cloud, and if so, generating the fraudulent number prompt information for prompting the communication number to be the fraudulent number. .
- Step S1306 returning the fraudulent number prompt information to the mobile terminal, so that the mobile terminal performs processing corresponding to the communication event according to the fraudulent number prompt information.
- the cloud can return the fraudulent number prompt information of the communication number corresponding to the communication event to the mobile terminal in an efficient and timely manner, so that the mobile terminal can perform timely and effective information security protection against the communication event.
- the security event includes obtaining a sensitive information acquisition event of the mobile terminal sensitive information
- the event feature of obtaining a sensitive information acquisition event of the sensitive information of the mobile terminal is used to represent the behavior of the trigger program for acquiring the sensitive information acquisition event to obtain the sensitive information;
- the mobile terminal information may include software setting information of the mobile terminal, and the software setting information is used to characterize behavior of the software permitted by the user;
- Safety data may include software risk behavior data, which is used to characterize the dangerous behavior of the software
- the event security information includes event danger prompt information for prompting the behavior corresponding to the sensitive information acquisition event to be a dangerous behavior
- Step S1204 includes the following steps:
- Determining whether the behavior corresponding to the sensitive information acquisition event is represented by the software setting information as a user-permitted behavior of the triggering program, and is characterized by the software dangerous behavior data as a dangerous behavior of the triggering program, and if so, generating an event danger prompting information.
- FIG. 14 is a flow branch included in the process of generating corresponding event security information for a security event occurring in a mobile terminal in the foregoing embodiment.
- the foregoing process for generating corresponding event security information for a security event occurring by a mobile terminal includes the following steps:
- Step S1402 Receive an event feature corresponding to the sensitive information acquisition event of the mobile terminal acquiring the sensitive information of the mobile terminal, and the event feature is used to represent the behavior of the trigger program for obtaining the sensitive information acquisition event to obtain the sensitive information.
- Step S1404 determining whether the behavior corresponding to the sensitive information acquisition event is represented by the pre-synchronized software setting information as a user-permitted behavior of the triggering program, and the latest software dangerous behavior data in the cloud is represented as a dangerous behavior of the triggering program, and if so, Generate event danger prompt information indicating that the behavior corresponding to the sensitive information acquisition event is a dangerous behavior.
- Step S1406 Returning event danger prompt information to the mobile terminal, so that the mobile terminal performs processing corresponding to the sensitive information acquisition event according to the event danger prompt information.
- the cloud can efficiently and timely return the event danger prompt information corresponding to the sensitive information acquisition event of the mobile terminal sensitive information to the mobile terminal, so that the mobile terminal can perform timely and effective information security protection for the sensitive information acquisition event.
- a terminal is provided, the internal structure of which may correspond to the structure as shown in FIG. 1A, each of which may be implemented in whole or in part by software, hardware or a combination thereof.
- the mobile terminal in this embodiment includes a terminal side message.
- the terminal side information synchronization module 1502 is configured to synchronize the mobile terminal information with the cloud, and includes: transmitting, to the cloud, the mobile terminal update information corresponding to the change of the mobile terminal information, so that the cloud updates the mobile terminal of the mobile terminal stored in the cloud according to the mobile terminal update information. information.
- the terminal-side information synchronization module 1502 sends the mobile terminal update information corresponding to the change of the mobile terminal information to the cloud in real time; if the communication connection is not established with the cloud, the terminal The side information synchronization module 1502 stores the mobile terminal update information corresponding to the change of the mobile terminal information as the mobile terminal update information to be reported, and reports the mobile terminal update information to be reported when establishing a communication connection with the cloud.
- the mobile terminal information includes one or both of the following two categories of information: device information of the mobile terminal and user information of the user account currently logged in by the mobile terminal.
- the device information of the mobile terminal includes a local software list of the mobile terminal and/or an operating system version of the mobile terminal, and the like.
- the user information of the user account currently logged in by the mobile terminal includes software setting information of the mobile terminal, a suspected fraudulent number set by the user, and one or more of the geographical areas where the user is located.
- the software setting information is used to characterize the behavior of the software allowed by the user and/or the behavior prohibited by the user.
- the security information receiving module 1504 is configured to receive the security information sent by the cloud.
- the security information is generated when the cloud determines that the mobile terminal has a security risk. After the security information is generated, the cloud sends the information to the mobile terminal, and the mobile terminal has a security risk. As well as the latest security data in the cloud, the update of the security data in the cloud triggers the determination step.
- the security information is used to describe the security risks existing in the mobile terminal.
- the security information received from the cloud includes one or more related information of virus software, software dangerous behavior, and operating system vulnerability existing in the mobile terminal, and is used to provide protection for mobile terminal information security.
- the security information for example, the information about the virus software in the local software list of the mobile terminal, the information about the dangerous behavior of the software in the local software list of the mobile terminal, the vulnerability information of the operating system of the current version of the mobile terminal, and / or the vulnerability Corresponding patch software, etc.
- the security data is used to report or describe software or software behavior that may constitute a security threat.
- Software or software behaviors that may constitute a security threat include the disclosure of user sensitive information without user authorization, theft of user sensitive information, modification of operating system settings, modification of software settings, software uninstallation/installation of software or software behavior.
- the security data may include one or more of virus software data and software risk behavior data.
- the security data of the cloud may be obtained by the cloud through the big data analysis process, or may be obtained by the cloud by acquiring the security data provided by the third party.
- the security processing module 1506 is configured to perform corresponding security processing according to the security risk of the mobile terminal described by the security information, to prompt the user for the security risk existing by the mobile terminal or to eliminate the security risk existing by the mobile terminal.
- the corresponding security processing is performed according to the security risk of the mobile terminal described in the security information, and may include one or more of the following processes: prompting the security information, and checking and killing the corresponding software according to the security information.
- the corresponding software behavior is restricted and the corresponding vulnerability is repaired according to the security information.
- the security processing module 1506 can generate an interface or window containing security information in the interface content and present the interface or window to prompt for security information.
- the security information includes information about the virus software that exists in the mobile terminal.
- the security processing module 1506 can check and kill the virus software indicated in the security information.
- the security information includes information about the software dangerous behavior of the mobile terminal.
- the security processing module 1506 may limit the dangerous behavior of the software indicated in the security information, for example, setting corresponding software. Dangerous acts are prohibited items, etc.
- the security information includes information about an operating system vulnerability existing in the mobile terminal.
- the security processing module 1506 may repair the corresponding vulnerability according to the security information.
- the terminal synchronizing the mobile terminal information of the mobile terminal with the cloud, and receiving the security sent by the cloud Full information, the security information is generated when the cloud determines that the mobile terminal has a security risk, and the update of the security data in the cloud triggers the cloud to combine the mobile terminal information and the latest security data to determine whether the mobile terminal has a risk.
- the cloud is moved to the mobile terminal.
- the terminal sends; therefore, once the security data on the cloud side is updated, and the mobile terminal is determined to be at risk, the security information can be generated and sent to the mobile terminal, so that the mobile terminal can receive the security information generated according to the latest security data in time.
- the time for obtaining the security information may be prevented from being delayed.
- the terminal side information synchronization module 1502 is configured to:
- the mobile terminal Whenever the mobile terminal establishes a communication connection with the cloud, it checks whether there is a mobile terminal update information to be reported locally, and reports the existing mobile terminal update information to be reported to the cloud;
- the mobile terminal update information is changed, check whether the mobile terminal currently establishes a communication connection with the cloud, and if yes, report the mobile terminal update information corresponding to the changed change, otherwise the mobile terminal corresponding to the changed change is updated.
- the information is stored as the mobile terminal update information to be reported.
- the mobile terminal update information may be the full amount information of the latest mobile terminal information, or may be the difference information of the latest mobile terminal information relative to the mobile terminal information when the last mobile terminal update information is reported.
- the updated mobile terminal information is always reported to the cloud at the first time after the mobile terminal information is updated, instead of reporting the mobile terminal information when the cloud needs to use the mobile terminal information, thereby reducing the cloud in combination with the mobile terminal.
- the terminal information acquires the information of the mobile terminal from the mobile terminal during the related processing, and improves the real-time performance of the related processing.
- the mobile terminal information and the mobile terminal update information correspond to the user account currently logged in by the mobile terminal.
- the terminal side information synchronization module 1502 adds the existing mobile terminal update information to be reported to the mobile terminal.
- the currently logged in user account is reported to the cloud.
- the terminal side information synchronization module 1502 is further configured to:
- the mobile terminal information corresponding to the currently logged-in user account is extracted from the cloud, and the local configuration is updated according to the extracted mobile terminal information, so that the local configuration and the extracted mobile terminal information are consistent.
- the mobile terminal when the same user account is logged in to different mobile terminals, the mobile terminal can pull the mobile terminal information corresponding to the user account from the cloud, and does not require the user to repeatedly set the mobile terminal information.
- the mobile terminal information includes two categories of information: device information of the mobile terminal and user information corresponding to the user account currently logged in by the mobile terminal;
- the terminal side information synchronization module 1502 is configured to:
- the device update information or the user update information corresponding to the change is reported to the cloud at a first time to make the The cloud updates the device information or user information stored in the cloud according to the device update information or the user update information.
- each time the mobile terminal establishes a communication connection with the cloud it checks whether there is a device update information and a user update information to be reported locally, and reports the device update information and the user update information that are to be reported to the cloud.
- the device information of the mobile terminal or the user information corresponding to the user account currently logged in by the mobile terminal is changed, it is checked whether the mobile terminal currently establishes a communication connection with the cloud, and if so, the device update information or the user update corresponding to the change is reported.
- the device updates the device update information or the user update information corresponding to the change as the device update information or the user update information to be reported.
- the user information corresponding to the currently logged-in user account is extracted from the cloud, and the local configuration is updated according to the extracted user information, so that the local configuration and the pulled user information are consistent.
- the device update information may be the full amount information of the latest device information, or may be the difference information of the latest device information relative to the device information when the last device update information is reported;
- the user update information may be the full amount of the latest user information, or may be the difference information of the latest user information relative to the user information when the last user update information is reported.
- the mobile terminal when the same user account is logged in to different mobile terminals, the mobile terminal may be from the cloud.
- the user information corresponding to the user account is pulled, and the user does not need to repeatedly set the user information.
- the terminal-side information synchronization module 1502 reports the device update information and the device identifier to the cloud, and reports the user update information to the cloud corresponding to the currently-registered user account.
- the terminal further includes a device identifier generating module (not shown) for generating the device identifier.
- the device identification generation module can generate a device identification based on a globally unique identifier (GUID) of the mobile terminal.
- GUID globally unique identifier
- the mobile terminal information may include one of the two categories of device information and user information described above, so that the terminal side information synchronization module 1502 may be used only for synchronizing device information or only for synchronizing user information.
- the mobile terminal information includes a local software list of the mobile terminal; the local software list of the mobile terminal can include software information locally installed by the mobile terminal.
- the software information may include one or more of a software identification, a software name, and the like.
- the local software list of the mobile terminal may belong to the device information category described above.
- the security data includes virus software data; wherein the virus software data is used to characterize the virus software.
- the virus software data may include the software identifier of the virus software, and may also include the software name and hazard information of the virus software.
- the security information includes virus software prompt information; the virus software prompt information is used to prompt the mobile terminal's local software list to be determined by the cloud as the virus software according to the latest virus software data as the virus software.
- the virus software indicated in the virus software prompt information belongs to the virus software determined by the cloud according to the latest virus software data and belongs to the software included in the local software list of the mobile terminal.
- the update of the virus software data in the cloud triggers the generation of the virus software prompt information.
- the cloud starts the generation of the virus software prompt information.
- some software in the local software list of the mobile terminal is updated by the cloud.
- the virus software data is determined to be virus software, and the mobile terminal can receive the prompt information of the related software in the local software list as the virus software.
- the terminal side information synchronization module 1502 can be used to synchronize the local software list of the mobile terminal with the cloud.
- the security information receiving module 1504 can be configured to receive the virus software prompt information sent by the cloud, and the virus software prompt information is generated by the cloud according to the local software list of the mobile terminal and the latest virus software data of the cloud involved in the local software list, and the virus software prompt information is included in the information.
- the prompted virus software belongs to the virus software determined by the cloud according to the latest virus software data and belongs to the software included in the local software list of the mobile terminal, and the update of the virus software data in the cloud triggers the generation of the virus software prompt information.
- the security processing module 1506 can be configured to perform corresponding security processing according to the virus software prompt information.
- the mobile terminal information may include software setting information of the mobile terminal, the software setting information is used to characterize the behavior of the software permitted by the user; the software setting information may include the software identification of the software and the behavior of the software allowed by the user. The identifier, the software identifier corresponding to the behavior identifier in the software setting information.
- the software setting information may belong to the user information category described above.
- the safety data may include software risk behavior data, which is used to characterize the dangerous behavior of the software;
- the software risk behavior data may include a software identifier of the software and a behavioral identifier of the dangerous behavior of the software, the software identifier and the behavior identifier are in software danger Corresponding to behavioral data.
- the safety information may include dangerous behavioral prompt information for prompting the dangerous behavior of the software; in one embodiment, the dangerous behavioral prompting information includes information about one or more specific behaviors of one or more software, and may also include prompts User prompts for the behavior of the software, such as limiting dangerous behavior, uninstalling software, etc.
- the dangerous behavior of the software prompted by the dangerous behavior prompt information is characterized by the software setting information as the user-permitted behavior of the corresponding software, and the dangerous behavior characterized by the software dangerous behavior data as the corresponding software.
- the update of the software dangerous behavior data in the cloud triggers a dangerous behavior prompt message.
- the generation of interest When the software dangerous behavior of the cloud is updated, the cloud initiates the generation of dangerous behavior prompt information.
- the certain behavior of the software in the software setting information of the mobile terminal is determined by the latest software dangerous behavior data of the cloud as the dangerous behavior of the corresponding software, and the mobile terminal can receive the corresponding software corresponding Behavior is a reminder of dangerous behavior.
- the terminal side information synchronization module 1502 can be used to synchronize the software setting information of the mobile terminal with the cloud.
- the security information receiving module 1504 can be configured to receive the dangerous behavior prompt information sent by the cloud, and the dangerous behavior prompt information is generated by the cloud according to the software setting information of the mobile terminal and the latest software dangerous behavior data of the cloud involved in the software setting information, and the dangerous behavior prompt information station
- the dangerous behavior of the prompted software is characterized by the software setting information as the user-permitted behavior of the corresponding software, and the dangerous behavior of the corresponding software by the software dangerous behavior data.
- the update of the software dangerous behavior data in the cloud triggers the generation of the dangerous behavior prompt information. .
- the security processing module 1506 can be configured to perform corresponding security processing according to the dangerous behavior prompt information.
- the terminal further includes a security event monitoring module 1602, an event feature obtaining module 1604, an event feature sending module 1606, an event security information receiving module 1608, and a security event processing module 1610.
- the security event monitoring module 1602 is configured to monitor a preset security event that occurs on the mobile terminal.
- the preset security event may include one or more of a communication event and a sensitive information acquisition event for acquiring sensitive information of the mobile terminal.
- the event feature acquisition module 1604 is configured to acquire event characteristics of the generated security event.
- the event feature is used to represent a security event, and the event feature may include one or more of a program identifier of a triggering program of the security event, an event type of the security event, and an operational behavior information corresponding to the security event.
- the event feature sending module 1606 is configured to send the event feature to the cloud, so that the cloud combines the mobile terminal information and the latest security data of the cloud to determine the event feature, thereby generating event security information corresponding to the security event.
- the event security information may include information related to the security risks that the security event has.
- the event security information may include prompt information of a behavior performed by the security event as a dangerous behavior, or risk information of a third party related to the security event, for example, the security event is a communication event, and the event security information may include a communication event related communication.
- the number may be a prompt message of the fraud number, etc.; for example, the security event is a payment event, and the event security information may include a prompt information that the bonus transfer account may be a fraud account.
- the event security information receiving module 1608 is configured to receive event security information corresponding to the security event.
- the security event processing module 1610 is configured to perform processing corresponding to the security event according to the event security information.
- the security event processing module 1610 can intercept security events based on event security information to prevent further execution of security events, or display or play event security information to prompt the user, and monitor further operations of the user, and the like.
- the cloud of the event feature is sent, so that the cloud can generate the event security information by combining the mobile terminal information with the latest security data of the cloud, and the mobile terminal can perform the security event according to the event security information.
- the mobile terminal does not need to send the mobile terminal information in real time, thereby speeding up the return of the event security information of the cloud.
- the cloud combines the latest security data to generate event security information, which can improve the mobile terminal pair. The effectiveness of monitoring security incidents.
- the security event may include a communication event; the communication event may include one or more of a calling call event, a called call event, a received short message event, and a short message event.
- the calling event of the mobile terminal is a call event initiated by the mobile terminal
- the called call event of the mobile terminal is a call event initiated by the other mobile terminal and answered by the mobile terminal.
- the event feature of the communication event includes a communication number of the communication event; in one embodiment, the communication number of the communication event may be a communication number communicated with the mobile terminal, for example, a short message transmission number corresponding to the received short message event of the mobile terminal, and the mobile terminal's The short message receiving number corresponding to the short message event, the called number corresponding to the calling event of the mobile terminal, and the calling number corresponding to the called call event of the mobile terminal.
- the mobile terminal information includes a suspected fraudulent number set by the user; in one embodiment, the suspected fraudulent number set by the user may belong to the user information category described above.
- the cloud service-based mobile terminal security information obtaining method further includes the following steps: acquiring a suspected fraudulent number set by the user.
- the suspected fraudulent number set by the user may be obtained through the data input interface, or the suspected fraudulent number specified entry may be provided, and the suspected fraudulent number specified by the user may be obtained through the suspected fraudulent number designation entry as the suspected fraudulent number set by the user.
- the security data can include a collection of spoof numbers.
- the number in the fraudulent number set is determined by the cloud as a fraudulent number.
- the set of spoof numbers can be obtained by the cloud through big data analysis processing, or can be obtained from a third party by the cloud.
- the event security information may include fraudulent number hint information for prompting the communication number to be a fraudulent number.
- the fraudulent number prompt information is generated by the cloud when the communication number of the communication event belongs to a suspected fraudulent number set by the user and a number belonging to the fraudulent number set.
- the security event monitoring module 1602 can be configured to listen for communication events occurring by the mobile terminal.
- the event feature acquisition module 1604 can be configured to obtain a communication number corresponding to the communication event that occurred.
- the event feature sending module 1606 can be configured to send a communication number corresponding to the communication event to the cloud, so that the cloud determines the communication number in combination with the suspected fraudulent number set by the user and the latest fraudulent number set of the cloud, thereby generating a prompting communication number for the fraudulent number.
- the fraudulent number prompt information wherein the fraudulent number prompt information is generated by the cloud when the communication number of the communication event belongs to a suspected fraudulent number set by the user and a number belonging to the fraudulent number set.
- the event security information receiving module 1608 can be configured to receive fraudulent number hint information.
- the security event processing module 1610 can be configured to perform processing corresponding to the communication event according to the fraudulent number prompt information.
- the security event processing module 1610 can prompt the fraudulent number reminder information in the form of voice, text, or interface graphics.
- the communication event may be intercepted or terminated according to the fraudulent number prompt information, and the like.
- the cloud can return the fraudulent number prompt information of the communication number corresponding to the communication event to the mobile terminal in an efficient and timely manner, so that the mobile terminal can perform timely and effective information security protection against the communication event.
- the security event includes a sensitive information acquisition event for obtaining sensitive information of the mobile terminal; in one embodiment, the mobile terminal sensitive information may include root authority of the operating system of the mobile terminal, contact information stored by the mobile terminal, and movement. One or more of the current geographic location of the terminal, the short message content stored by the mobile terminal, and the like.
- the event feature of the sensitive information acquisition event is used to represent the behavior of the trigger program for the sensitive information acquisition event to obtain the sensitive information; in one embodiment, the event characteristics of the sensitive information acquisition event include the program identifier of the trigger program of the sensitive information acquisition event and the sensitive information. Obtain behavior information corresponding to the event, such as a behavior category or a behavior identifier, and the behavior information may include sensitive information acquired by the sensitive information acquisition event.
- the mobile terminal information may include software setting information of the mobile terminal, and the software setting information is used to represent the behavior of the software permitted by the user, and the software setting information may include a software identifier of the software and a behavior identifier of the software permitted by the user, the software identifier and This behavior indicator corresponds to the software setting information.
- the safety data may include software risk behavior data, which is used to characterize the dangerous behavior of the software;
- the software risk behavior data may include a software identifier of the software and a behavioral identifier of the dangerous behavior of the software, the software identifier and the behavior identifier are in software danger Corresponding to behavioral data.
- the event security information includes event danger prompt information for prompting the behavior corresponding to the sensitive information acquisition event to be a dangerous behavior
- the event danger prompt information is generated by the cloud when the following conditions are met: the behavior corresponding to the sensitive information acquisition event is represented by the software setting information as a user-permitted behavior of the triggering program, and is characterized by the software dangerous behavior data as a dangerous behavior of the triggering program. .
- the security event monitoring module 1602 can be configured to monitor a sensitive information acquisition event of the mobile terminal that acquires sensitive information of the mobile terminal.
- the event feature obtaining module 1604 can be used to acquire an event of a sensitive information acquisition event that occurs. Sign.
- the event feature sending module 1606 can be configured to send the event feature of the sensitive information acquisition event to the cloud, so that the cloud combines the software setting information of the mobile terminal and the latest software dangerous behavior data of the cloud to determine the event feature, thereby generating the information for prompting the sensitive information.
- the behavior corresponding to the event is an event danger prompt information of the dangerous behavior, wherein the event danger prompt information is generated by the cloud when the following conditions are met: the behavior corresponding to the sensitive information acquisition event is represented by the software setting information as the user-permitted behavior of the triggering program, It is characterized by software risk behavior data as a dangerous behavior that triggers the program.
- the event security information receiving module 1608 can be configured to receive event danger prompt information.
- the security event processing module 1610 can be configured to perform processing corresponding to the sensitive information acquisition event according to the event danger prompt information.
- the security event processing module 1610 can prompt the event danger alert information in the form of voice, text, or interface graphics.
- the sensitive information acquisition event may be intercepted or terminated according to the event danger prompt information.
- the cloud can efficiently and timely return the event danger prompt information corresponding to the sensitive information acquisition event of the mobile terminal sensitive information to the mobile terminal, so that the mobile terminal can perform timely and effective information security protection for the sensitive information acquisition event.
- a server is provided, the internal structure of which may correspond to the structure as shown in FIG. 1B, each of which may be implemented in whole or in part by software, hardware or a combination thereof.
- the server in this embodiment includes a cloud side information synchronization module 1702, an update monitoring module 1704, a security information generating module 1706, and a security information sending module 1708, where:
- the cloud side information synchronization module 1702 is configured to synchronize mobile terminal information with the mobile terminal.
- the cloud side information synchronization module 1702 is configured to receive the mobile terminal update information reported by the mobile terminal, and update the mobile terminal information of the mobile terminal stored in the cloud according to the mobile terminal update information.
- the user account currently logged in by the mobile terminal is reported to the cloud together with the mobile terminal update information.
- the cloud side information synchronization module 1702 receives the mobile terminal update information reported by the mobile terminal and the current login of the mobile terminal. User account, based on the received mobile end The end update information updates the mobile terminal information corresponding to the received user account stored in the cloud.
- the cloud side information synchronization module 1702 is further configured to:
- the mobile terminal information corresponding to the user account currently logged in by the mobile terminal is obtained from the mobile terminal information stored in the cloud, and the mobile terminal information is sent to the mobile terminal, so that the mobile terminal delivers the information according to the mobile terminal.
- the mobile terminal information updates the local configuration so that the local configuration of the mobile terminal is consistent with the delivered mobile terminal information.
- the mobile terminal when the same user account is logged in to different mobile terminals, the mobile terminal can pull the mobile terminal information corresponding to the user account from the cloud, and does not require the user to repeatedly set the mobile terminal information.
- the update monitoring module 1704 is configured to monitor whether the security data has been updated.
- the security data is used to report or describe software or software behavior that may constitute a security threat.
- the security information generating module 1706 is configured to determine, according to the mobile terminal information of the mobile terminal and the latest security data, whether the mobile terminal has a security risk when the security data is updated, and when the mobile terminal has a security risk, generate a description for describing the existence of the mobile terminal. Security information for security risks.
- the security information includes one or more related information of virus software, software dangerous behavior, and operating system vulnerability existing in the mobile terminal.
- the security information sending module 1708 is configured to return security information to the mobile terminal, so that the mobile terminal performs corresponding security processing according to the security risk of the mobile terminal described by the security information, so as to prompt the user for the security risk existing in the mobile terminal or eliminate the mobile terminal.
- the server synchronizes the mobile terminal information of the mobile terminal with the mobile terminal, and monitors whether the security data is updated.
- the security data related to the mobile terminal information is updated, the mobile terminal information and the latest security data are combined to determine whether the mobile terminal has a security risk.
- the server does not need the mobile terminal to initiate security detection to obtain the latest security data.
- the generated security information can generate security information and send the security information to the mobile terminal once the security data on the cloud side is updated and the mobile terminal is determined to be in a risk, so that the mobile terminal can obtain the latest security data in time.
- Generated security Information for protecting information security of mobile terminals.
- the mobile terminal information includes two categories of information: device information of the mobile terminal and user information corresponding to the user account currently logged in by the mobile terminal;
- the cloud side information synchronization module 1702 is configured to:
- the user information corresponding to the user account currently logged in by the mobile terminal is obtained from the user information stored in the cloud, and the user information is sent to the mobile terminal, so that the mobile terminal updates the user information according to the delivered user information.
- the local configuration is such that the local configuration of the mobile terminal is consistent with the delivered user information.
- the mobile terminal when the same user account is logged in to different mobile terminals, the mobile terminal can pull the user information corresponding to the user account from the cloud, and does not require the user to repeatedly set the user information.
- the device update information received by the cloud corresponds to the device identifier
- the user update information received by the cloud corresponds to the user account.
- the cloud side information synchronization module 1702 can update the corresponding device information stored in the cloud according to the corresponding relationship between the received device identifier and the device update information, and update the corresponding user in the cloud storage according to the corresponding relationship between the received user account and the user update information. information.
- the device update information and the user update information include an update timestamp; when receiving the plurality of device update information corresponding to the same device identifier and the plurality of user update information corresponding to the same user account, the cloud side information synchronization module 1702 may update the corresponding device information and user information stored in the cloud in a first-to-last order according to the update timestamp in the device update information and the user update information.
- the first user update information and the second user update information correspond to the same user account, and the update timestamp of the first user update information is earlier than the update timestamp of the second user update information, and the cloud side information synchronization module 1702 may first The first user update information updates the corresponding user information stored in the cloud, and then updates the corresponding user information stored in the cloud according to the second user update information.
- the mobile terminal information may include the device information and the user information described above.
- the mobile terminal information includes a local software list of the mobile terminal
- Security data includes virus software data
- Security information includes virus software prompt information
- the security information generating module 1706 is configured to:
- virus software data When the virus software data is updated, it is determined whether the virus software determined by the latest virus software data contains software in the local software list;
- the virus software determined by the latest virus software data includes the software in the local software list
- the software in the local software list included in the virus software determined by the latest virus software data is obtained, and the virus software prompt information is generated, and the virus software prompt information is generated.
- the software used to prompt for access is virus software.
- the cloud side information synchronization module 1702 can be used to synchronize the local software list of the mobile terminal with the mobile terminal.
- the update monitoring module 1704 can be used to monitor whether virus software data has been updated.
- the security information generating module 1706 can be configured to: when the virus software data is updated, determine whether the virus software determined by the latest virus software data includes software in the local software list, and the virus software determined by the latest virus software data includes a local software list. In the software, the software in the local software list included in the virus software determined by the latest virus software data is obtained, and the virus software prompt information is generated, and the virus software prompt information is used to prompt the acquired software to be virus software.
- the security information sending module 1708 can be configured to return virus software prompt information to the mobile terminal.
- the mobile terminal can receive the prompt information of the related software in the local software list as the virus software.
- the mobile terminal information includes software setting information of the mobile terminal, and the software setting information is used to characterize behavior of the software permitted by the user;
- Safety data includes software risk behavior data, which is used to characterize the software Dangerous behavior
- the safety information includes dangerous behavioral prompt information for prompting the dangerous behavior of the software
- the security information generating module 1706 is configured to:
- the software dangerous behavior data When the software dangerous behavior data is updated, it is judged whether the dangerous behavior of the software characterized by the latest software dangerous behavior data and the software characterized by the software setting information include the same behavior corresponding to the same software in the behavior permitted by the user;
- the cloud side information synchronization module 1702 can be used to synchronize the software setting information of the mobile terminal with the mobile terminal, and the software setting information is used to characterize the behavior of the software allowed by the user.
- the update monitoring module 1704 can be used to monitor whether software dangerous behavior data is updated, and the software risk behavior data is used to characterize the dangerous behavior of the software.
- the security information generating module 1706 can be configured to determine, when the software dangerous behavior data is updated, whether the dangerous behavior of the software characterized by the latest software dangerous behavior data and the software characterized by the software setting information are allowed by the user to include the same software. The same behavior, obtain the same behavior corresponding to the same software, and generate the dangerous behavior prompt information that the behavior corresponding to the software obtained by the prompt is dangerous behavior.
- the security information sending module 1708 can be configured to return dangerous behavior prompt information to the mobile terminal.
- the certain behavior of the software in the software setting information of the mobile terminal is determined by the latest software dangerous behavior data of the cloud as the dangerous behavior of the corresponding software, and the mobile terminal can receive the corresponding software corresponding Behavior is a reminder of dangerous behavior.
- the server further includes an event feature receiving module 1802, an event security information generating module 1804, and an event security information sending module 1806, wherein:
- the event feature receiving module 1802 is configured to receive an event feature corresponding to a security event occurring by the mobile terminal.
- the event security information generating module 1804 is configured to determine event characteristics in combination with the pre-synchronized mobile terminal information and the latest security data of the cloud, and generate event security information corresponding to the security event.
- the event security information sending module 1806 is configured to return event security information corresponding to the security event to the mobile terminal, so that the mobile terminal performs processing corresponding to the security event according to the event security information.
- the mobile terminal when the mobile terminal generates a security event, the mobile terminal does not need to send the mobile terminal information in real time, and the cloud can perform the judgment according to the pre-synchronized mobile terminal information, thereby speeding up the speed of the cloud return event security information, and on the other hand, combining The latest security data generates event security information, which can improve the monitoring effectiveness of mobile terminals for security events.
- the security event includes a communication event
- the event characteristics of the communication event include a communication number
- the mobile terminal information includes a suspected fraudulent number set by the user
- Security data includes a collection of fraudulent numbers
- the event security information includes a fraudulent number reminder information for prompting the communication number to be a fraudulent number
- the event security information generating module 1804 is configured to:
- the event feature receiving module 1802 can be configured to receive a communication number corresponding to a communication event occurring by the mobile terminal.
- the event security information generating module 1804 can be configured to determine whether the communication number corresponding to the communication event belongs to a pre-synchronized user-set suspected fraud number and a number in the latest fraudulent number set belonging to the cloud, and if so, generate a prompt for the communication number to be a fraudulent number. Fraud number reminder information.
- the event security information sending module 1806 can be configured to return the fraudulent number prompt information to the mobile terminal, so that the mobile terminal performs processing corresponding to the communication event according to the fraudulent number prompt information.
- the fraudulent number prompting information of the communication number corresponding to the communication event can be returned to the mobile terminal in an efficient and timely manner, so that the mobile terminal can perform timely and effective information security protection against the communication event.
- the security event includes obtaining a sensitive information acquisition event of the mobile terminal sensitive information
- the mobile terminal information may include software setting information of the mobile terminal, and the software setting information is used to characterize behavior of the software permitted by the user;
- Safety data may include software risk behavior data, which is used to characterize the dangerous behavior of the software
- the event security information includes event danger prompt information for prompting that the behavior corresponding to the sensitive information acquisition event is a dangerous behavior
- the event security information generating module 1804 is configured to:
- Determining whether the behavior corresponding to the sensitive information acquisition event is represented by the software setting information as a user-permitted behavior of the triggering program, and is characterized by the software dangerous behavior data as a dangerous behavior of the triggering program, and if so, generating an event danger prompting information.
- the event feature receiving module 1802 can be configured to receive an event feature corresponding to the sensitive information acquisition event of the mobile terminal acquiring the sensitive information of the mobile terminal, and the event feature is used to represent the behavior of the trigger program for obtaining the sensitive information acquisition event to obtain the sensitive information.
- the event security information generating module 1804 can be configured to determine whether the behavior corresponding to the sensitive information acquisition event is characterized by the pre-synchronized software setting information as the user-permitted behavior of the triggering program, and the risk of the triggering program is represented by the latest software dangerous behavior data in the cloud. The behavior, if it is, generates event danger prompt information indicating that the behavior corresponding to the sensitive information acquisition event is a dangerous behavior.
- the event security information sending module 1806 can be configured to return event danger prompt information to the mobile terminal, so that the mobile terminal performs processing corresponding to the sensitive information acquisition event according to the event danger prompt information.
- the event danger prompt information corresponding to the sensitive information acquisition event for obtaining the sensitive information of the mobile terminal can be returned to the mobile terminal in an efficient and timely manner, so that the mobile terminal can perform timely and effective information security protection for the sensitive information acquisition event.
- the storage medium may be a magnetic disk, an optical disk, or a read-only storage memory (Read-Only)
- a nonvolatile storage medium such as a memory or a ROM, or a random access memory (RAM).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Bioethics (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (35)
- 一种基于云服务的移动终端安全信息获取方法,包括:与云端同步移动终端的移动终端信息,包括:向所述云端发送移动终端信息发生变更所对应的移动终端更新信息,以使得所述云端根据所述移动终端更新信息更新所述云端存储的所述移动终端的移动终端信息;接收所述云端发送的安全信息,所述安全信息用于描述所述移动终端存在的安全风险,所述安全信息由所述云端判定所述移动终端存在安全风险时生成,所述安全信息生成后由所述云端向所述移动终端发送,所述移动终端是否存在安全风险由所述云端结合所述移动终端信息以及所述云端的最新的安全数据判断得到,所述云端的安全数据的更新触发所述判断步骤的进行;其中,所述安全数据用于报告或描述可构成安全威胁的软件或软件行为;及根据所述安全信息所描述的移动终端存在的安全风险进行对应的安全处理,以向用户提示移动终端存在的安全风险或者消除移动终端存在的安全风险。
- 根据权利要求1所述的方法,其特征在于,所述移动终端信息包括两个类别的信息:移动终端的设备信息和移动终端当前登录的用户账号对应的用户信息;所述与云端同步移动终端的移动终端信息包括:每当移动终端的设备信息或移动终端当前登录的用户账号对应的用户信息发生变更时,第一时间向所述云端上报所述变更对应的设备更新信息或用户更新信息,以使得所述云端根据所述设备更新信息或用户更新信息更新云端存储的设备信息或用户信息;每当用户账号登录成功后,从所述云端拉取当前登录的用户账号对应的用户信息,根据拉取的用户信息更新本地配置,使得本地配置与拉取的用户信息保持一致。
- 根据权利要求1所述的方法,其特征在于,所述移动终端信息包括移动终端的本地软件列表;所述安全数据包括病毒软件数据;所述安全信息包括病毒软件提示信息;所述病毒软件提示信息中所提示的病毒软件属于云端根据最新的病毒软件数据所判定的病毒软件并且属于所述本地软件列表所包含的软件。
- 根据权利要求1所述的方法,其特征在于,所述移动终端信息包括移动终端的软件设置信息,所述软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述安全信息包括用于提示软件的危险行为的危险行为提示信息;所述危险行为提示信息所提示的软件的危险行为由所述软件设置信息表征为对应软件的被用户允许的行为、以及由所述软件危险行为数据表征为对应软件的危险行为。
- 根据权利要求1所述的方法,其特征在于,还包括:监听移动终端发生的预设的安全事件;获取发生的安全事件的事件特征;发送所述事件特征到云端,以使得所述云端结合所述移动终端信息以及云端最新的安全数据对所述事件特征进行判断,从而生成与所述安全事件对应的事件安全信息;接收所述安全事件对应的事件安全信息;根据所述事件安全信息进行所述安全事件对应的处理。
- 根据权利要求5所述的方法,其特征在于,所述安全事件包括通信事件;所述事件特征包括通信号码;所述移动终端信息包括用户设置的疑似诈骗号码;所述安全数据包括诈骗号码集合;所述事件安全信息包括用于提示所述通信号码为诈骗号码的诈骗号码提示信息;所述诈骗号码提示信息由云端在所述通信号码属于用户设置的疑似诈骗号码以及属于所述诈骗号码集合中的号码时生成。
- 根据权利要求5所述的方法,其特征在于,所述安全事件包括获取移动终端敏感信息的敏感信息获取事件;所述事件特征用于表征所述敏感信息获取事件的触发程序获取敏感信息的行为;所述移动终端信息包括移动终端的软件设置信息,软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述事件安全信息包括用于提示所述敏感信息获取事件对应的行为为危险行为的事件危险提示信息;所述事件危险提示信息由云端在以下条件成立时生成:所述敏感信息获取事件对应的行为由所述软件设置信息表征为所述触发程序的被用户允许的行为、且被所述软件危险行为数据表征为所述触发程序的危险行为。
- 一种基于云服务的移动终端安全信息下发方法,包括:与移动终端同步所述移动终端的移动终端信息,包括:接收所述移动终端上报的移动终端更新信息,根据所述移动终端更新信息更新云端存储的所述移动终端的移动终端信息;监测安全数据是否发生更新,所述安全数据用于报告或描述可构成安全威胁的软件或软件行为;当所述安全数据发生更新时,结合所述移动终端信息以及最新的安全数据判断所述移动终端是否存在安全风险;当所述移动终端存在安全风险时,生成用于描述所述移动终端存在的安全风险的安全信息;及向所述移动终端返回所述安全信息,使得所述移动终端根据所述安全信息所描述的移动终端存在的安全风险进行对应的安全处理,以向用户提示移 动终端存在的安全风险或者消除移动终端存在的安全风险。
- 根据权利要求8所述的方法,其特征在于,所述移动终端信息包括两个类别的信息:移动终端的设备信息和移动终端当前登录的用户账号对应的用户信息;所述与移动终端同步所述移动终端的移动终端信息包括:接收移动终端上报的移动终端的设备更新信息和移动终端当前登录的用户账号对应的用户更新信息,根据所述设备更新信息和用户更新信息更新云端存储的所述移动终端的设备信息和所述用户账号对应的用户信息;及每当移动终端的用户账号登录成功后,从云端存储的用户信息中获取所述用户账号对应的用户信息,向所述移动终端下发所述用户信息,使得所述移动终端根据所述下发的用户信息更新本地配置,以使得所述移动终端的本地配置与所述下发的用户信息保持一致。
- 根据权利要求8所述的方法,其特征在于,所述移动终端信息包括移动终端的本地软件列表;所述安全数据包括病毒软件数据,所述安全信息包括病毒软件提示信息;所述当所述安全数据发生更新时,结合所述移动终端信息以及最新的安全数据判断所述移动终端是否存在安全风险,当所述移动终端存在安全风险时,生成用于描述所述移动终端存在的安全风险的安全信息包括:当所述病毒软件数据发生更新时,判断最新的病毒软件数据所判定的病毒软件是否包含所述本地软件列表中的软件;及当最新的病毒软件数据所判定的病毒软件包含所述本地软件列表中的软件时,获取最新的病毒软件数据所判定的病毒软件包含的所述本地软件列表中的软件,生成病毒软件提示信息,所述病毒软件提示信息用于提示获取的软件为病毒软件。
- 根据权利要求8所述的方法,其特征在于,所述移动终端信息包括移动终端的软件设置信息,所述软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述安全信息包括用于提示软件的危险行为的危险行为提示信息;所述当所述安全数据发生更新时,结合所述移动终端信息以及最新的安全数据判断所述移动终端是否存在安全风险,当所述移动终端存在安全风险时,生成用于描述所述移动终端存在的安全风险的安全信息包括:当所述软件危险行为数据发生更新时,判断所述最新的软件危险行为数据所表征的软件的危险行为和所述软件设置信息所表征的软件被用户允许的行为中是否包含相同软件对应的相同行为;获取所述相同软件对应的相同行为;生成提示获取的软件对应的行为为危险行为的危险行为提示信息。
- 根据权利要求8所述的方法,其特征在于,还包括:接收所述移动终端发生的安全事件对应的事件特征;结合所述移动终端信息以及云端最新的安全数据对所述事件特征进行判断,生成所述安全事件对应的事件安全信息;向所述移动终端返回所述安全事件对应的事件安全信息,以使得所述移动终端根据所述事件安全信息进行所述安全事件对应的处理。
- 根据权利要求12所述的方法,其特征在于,所述安全事件包括通信事件;所述事件特征包括通信号码;所述移动终端信息包括用户设置的疑似诈骗号码;所述安全数据包括诈骗号码集合;所述事件安全信息包括用于提示所述通信号码为诈骗号码的诈骗号码提示信息;所述结合所述移动终端信息以及云端最新的安全数据对所述事件特征进行判断,生成所述安全事件对应的事件安全信息包括:判断所述通信事件对应的通信号码是否属于所述用户设置的疑似诈骗号 码以及属于所述诈骗号码集合中的号码,若是,则生成所述诈骗号码提示信息。
- 根据权利要求12所述的方法,其特征在于,所述安全事件包括获取移动终端敏感信息的敏感信息获取事件;所述事件特征用于表征所述敏感信息获取事件的触发程序获取敏感信息的行为;所述移动终端信息包括移动终端的软件设置信息,软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述事件安全信息包括用于提示所述敏感信息获取事件对应的行为为危险行为的事件危险提示信息;所述结合所述移动终端信息以及云端最新的安全数据对所述事件特征进行判断,生成所述安全事件对应的事件安全信息包括:判断所述敏感信息获取事件对应的行为是否由所述软件设置信息表征为所述触发程序的被用户允许的行为、且由所述软件危险行为数据表征为所述触发程序的危险行为,若是,则生成所述事件危险提示信息。
- 一种终端,包括存储器和处理器,所述存储器中储存有指令,其特征在于,所述指令被所述处理器执行时,使得所述处理器执行以下步骤:与云端同步移动终端的移动终端信息,包括:向所述云端发送移动终端信息发生变更所对应的移动终端更新信息,以使得所述云端根据所述移动终端更新信息更新所述云端存储的所述移动终端的移动终端信息;接收所述云端发送的安全信息,所述安全信息用于描述所述移动终端存在的安全风险,所述安全信息由所述云端判定所述移动终端存在安全风险时生成,所述安全信息生成后由所述云端向所述移动终端发送,所述移动终端是否存在安全风险由所述云端结合所述移动终端信息以及所述云端的最新的安全数据判断得到,所述云端的安全数据的更新触发所述判断步骤的进行; 其中,所述安全数据用于报告或描述可构成安全威胁的软件或软件行为;及根据所述安全信息所描述的移动终端存在的安全风险进行对应的安全处理,以向用户提示移动终端存在的安全风险或者消除移动终端存在的安全风险。
- 根据权利要求15所述的终端,其特征在于,所述移动终端信息包括两个类别的信息:移动终端的设备信息和移动终端当前登录的用户账号对应的用户信息;所述与云端同步移动终端的移动终端信息包括:每当移动终端的设备信息或移动终端当前登录的用户账号对应的用户信息发生变更时,第一时间向所述云端上报所述变更对应的设备更新信息或用户更新信息,以使得所述云端根据所述设备更新信息或用户更新信息更新云端存储的设备信息或用户信息;每当用户账号登录成功后,从所述云端拉取当前登录的用户账号对应的用户信息,根据拉取的用户信息更新本地配置,使得本地配置与拉取的用户信息保持一致。
- 根据权利要求15所述的终端,其特征在于,所述移动终端信息包括移动终端的本地软件列表;所述安全数据包括病毒软件数据;所述安全信息包括病毒软件提示信息;所述病毒软件提示信息中所提示的病毒软件属于云端根据最新的病毒软件数据所判定的病毒软件并且属于所述本地软件列表所包含的软件。
- 根据权利要求15所述的终端,其特征在于,所述移动终端信息包括移动终端的软件设置信息,所述软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述安全信息包括用于提示软件的危险行为的危险行为提示信息;所述危险行为提示信息所提示的软件的危险行为由所述软件设置信息表征为对应软件的被用户允许的行为、以及由所述软件危险行为数据表征为对应软件的危险行为。
- 根据权利要求15所述的终端,其特征在于,所述指令被所述处理器执行时,还使得所述处理器执行以下步骤:监听移动终端发生的预设的安全事件;获取发生的安全事件的事件特征;发送所述事件特征到云端,以使得所述云端结合所述移动终端信息以及云端最新的安全数据对所述事件特征进行判断,从而生成与所述安全事件对应的事件安全信息;接收所述安全事件对应的事件安全信息;根据所述事件安全信息进行所述安全事件对应的处理。
- 根据权利要求19所述的终端,其特征在于,所述安全事件包括通信事件;所述事件特征包括通信号码;所述移动终端信息包括用户设置的疑似诈骗号码;所述安全数据包括诈骗号码集合;所述事件安全信息包括用于提示所述通信号码为诈骗号码的诈骗号码提示信息;所述诈骗号码提示信息由云端在所述通信号码属于用户设置的疑似诈骗号码以及属于所述诈骗号码集合中的号码时生成。
- 根据权利要求19所述的终端,其特征在于,所述安全事件包括获取移动终端敏感信息的敏感信息获取事件;所述事件特征用于表征所述敏感信息获取事件的触发程序获取敏感信息的行为;所述移动终端信息包括移动终端的软件设置信息,软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述事件安全信息包括用于提示所述敏感信息获取事件对应的行为为危险行为的事件危险提示信息;所述事件危险提示信息由云端在以下条件成立时生成:所述敏感信息获取事件对应的行为由所述软件设置信息表征为所述触发程序的被用户允许的行为、且被所述软件危险行为数据表征为所述触发程序的危险行为。
- 一个或多个存储有计算机可执行指令的非易失性可读存储介质,所述计算机可执行指令被一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:与云端同步移动终端的移动终端信息,包括:向所述云端发送移动终端信息发生变更所对应的移动终端更新信息,以使得所述云端根据所述移动终端更新信息更新所述云端存储的所述移动终端的移动终端信息;接收所述云端发送的安全信息,所述安全信息用于描述所述移动终端存在的安全风险,所述安全信息由所述云端判定所述移动终端存在安全风险时生成,所述安全信息生成后由所述云端向所述移动终端发送,所述移动终端是否存在安全风险由所述云端结合所述移动终端信息以及所述云端的最新的安全数据判断得到,所述云端的安全数据的更新触发所述判断步骤的进行;其中,所述安全数据用于报告或描述可构成安全威胁的软件或软件行为;及根据所述安全信息所描述的移动终端存在的安全风险进行对应的安全处理,以向用户提示移动终端存在的安全风险或者消除移动终端存在的安全风险。
- 根据权利要求22所述的非易失性可读存储介质,其特征在于,所述移动终端信息包括两个类别的信息:移动终端的设备信息和移动终端当前登录的用户账号对应的用户信息;所述与云端同步移动终端的移动终端信息包括:每当移动终端的设备信息或移动终端当前登录的用户账号对应的用户信 息发生变更时,第一时间向所述云端上报所述变更对应的设备更新信息或用户更新信息,以使得所述云端根据所述设备更新信息或用户更新信息更新云端存储的设备信息或用户信息;每当用户账号登录成功后,从所述云端拉取当前登录的用户账号对应的用户信息,根据拉取的用户信息更新本地配置,使得本地配置与拉取的用户信息保持一致。
- 根据权利要求22所述的非易失性可读存储介质,其特征在于,所述移动终端信息包括移动终端的本地软件列表;所述安全数据包括病毒软件数据;所述安全信息包括病毒软件提示信息;所述病毒软件提示信息中所提示的病毒软件属于云端根据最新的病毒软件数据所判定的病毒软件并且属于所述本地软件列表所包含的软件。
- 根据权利要求22所述的非易失性可读存储介质,其特征在于,所述移动终端信息包括移动终端的软件设置信息,所述软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述安全信息包括用于提示软件的危险行为的危险行为提示信息;所述危险行为提示信息所提示的软件的危险行为由所述软件设置信息表征为对应软件的被用户允许的行为、以及由所述软件危险行为数据表征为对应软件的危险行为。
- 根据权利要求22所述的非易失性可读存储介质,其特征在于,所述指令被所述一个或多个处理器执行时,还使得所述一个或多个处理器执行以下步骤:监听移动终端发生的预设的安全事件;获取发生的安全事件的事件特征;发送所述事件特征到云端,以使得所述云端结合所述移动终端信息以及 云端最新的安全数据对所述事件特征进行判断,从而生成与所述安全事件对应的事件安全信息;接收所述安全事件对应的事件安全信息;根据所述事件安全信息进行所述安全事件对应的处理。
- 根据权利要求26所述的非易失性可读存储介质,其特征在于,所述安全事件包括通信事件;所述事件特征包括通信号码;所述移动终端信息包括用户设置的疑似诈骗号码;所述安全数据包括诈骗号码集合;所述事件安全信息包括用于提示所述通信号码为诈骗号码的诈骗号码提示信息;所述诈骗号码提示信息由云端在所述通信号码属于用户设置的疑似诈骗号码以及属于所述诈骗号码集合中的号码时生成。
- 根据权利要求26所述的非易失性可读存储介质,其特征在于,所述安全事件包括获取移动终端敏感信息的敏感信息获取事件;所述事件特征用于表征所述敏感信息获取事件的触发程序获取敏感信息的行为;所述移动终端信息包括移动终端的软件设置信息,软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述事件安全信息包括用于提示所述敏感信息获取事件对应的行为为危险行为的事件危险提示信息;所述事件危险提示信息由云端在以下条件成立时生成:所述敏感信息获取事件对应的行为由所述软件设置信息表征为所述触发程序的被用户允许的行为、且被所述软件危险行为数据表征为所述触发程序的危险行为。
- 一种服务器,包括存储器和处理器,所述存储器中储存有指令,其 特征在于,所述指令被所述处理器执行时,使得所述处理器执行以下步骤:与移动终端同步所述移动终端的移动终端信息,包括:接收所述移动终端上报的移动终端更新信息,根据所述移动终端更新信息更新云端存储的所述移动终端的移动终端信息;监测安全数据是否发生更新,所述安全数据用于报告或描述可构成安全威胁的软件或软件行为;当所述安全数据发生更新时,结合所述移动终端信息以及最新的安全数据判断所述移动终端是否存在安全风险,当所述移动终端存在安全风险时,生成用于描述所述移动终端存在的安全风险的安全信息;及向所述移动终端返回所述安全信息,使得所述移动终端根据所述安全信息所描述的移动终端存在的安全风险进行对应的安全处理,以向用户提示移动终端存在的安全风险或者消除移动终端存在的安全风险。
- 根据权利要求29所述的服务器,其特征在于,所述移动终端信息包括两个类别的信息:移动终端的设备信息和移动终端当前登录的用户账号对应的用户信息;所述与移动终端同步所述移动终端的移动终端信息包括:接收移动终端上报的移动终端的设备更新信息和移动终端当前登录的用户账号对应的用户更新信息,根据所述设备更新信息和用户更新信息更新云端存储的所述移动终端的设备信息和所述用户账号对应的用户信息;及每当移动终端的用户账号登录成功后,从云端存储的用户信息中获取所述用户账号对应的用户信息,向所述移动终端下发所述用户信息,使得所述移动终端根据所述下发的用户信息更新本地配置,以使得所述移动终端的本地配置与所述下发的用户信息保持一致。
- 根据权利要求29所述的服务器,其特征在于,所述移动终端信息包括移动终端的本地软件列表;所述安全数据包括病毒软件数据,所述安全信息包括病毒软件提示信息;所述当所述安全数据发生更新时,结合所述移动终端信息以及最新的安 全数据判断所述移动终端是否存在安全风险,当所述移动终端存在安全风险时,生成用于描述所述移动终端存在的安全风险的安全信息包括:当所述病毒软件数据发生更新时,判断最新的病毒软件数据所判定的病毒软件是否包含所述本地软件列表中的软件;及当最新的病毒软件数据所判定的病毒软件包含所述本地软件列表中的软件时,获取最新的病毒软件数据所判定的病毒软件包含的所述本地软件列表中的软件,生成病毒软件提示信息,所述病毒软件提示信息用于提示获取的软件为病毒软件。
- 根据权利要求29所述的服务器,其特征在于,所述移动终端信息包括移动终端的软件设置信息,所述软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述安全信息包括用于提示软件的危险行为的危险行为提示信息;所述当所述安全数据发生更新时,结合所述移动终端信息以及最新的安全数据判断所述移动终端是否存在安全风险,当所述移动终端存在安全风险时,生成用于描述所述移动终端存在的安全风险的安全信息包括:当所述软件危险行为数据发生更新时,判断所述最新的软件危险行为数据所表征的软件的危险行为和所述软件设置信息所表征的软件被用户允许的行为中是否包含相同软件对应的相同行为;获取所述相同软件对应的相同行为;生成提示获取的软件对应的行为为危险行为的危险行为提示信息。
- 根据权利要求29所述的服务器,其特征在于,所述指令被所述处理器执行时,还使得所述处理器执行以下步骤:接收所述移动终端发生的安全事件对应的事件特征;结合所述移动终端信息以及云端最新的安全数据对所述事件特征进行判断,生成所述安全事件对应的事件安全信息;向所述移动终端返回所述安全事件对应的事件安全信息,以使得所述移动终端根据所述事件安全信息进行所述安全事件对应的处理。
- 根据权利要求33所述的服务器,其特征在于,所述安全事件包括通信事件;所述事件特征包括通信号码;所述移动终端信息包括用户设置的疑似诈骗号码;所述安全数据包括诈骗号码集合;所述事件安全信息包括用于提示所述通信号码为诈骗号码的诈骗号码提示信息;所述结合所述移动终端信息以及云端最新的安全数据对所述事件特征进行判断,生成所述安全事件对应的事件安全信息包括:判断所述通信事件对应的通信号码是否属于所述用户设置的疑似诈骗号码以及属于所述诈骗号码集合中的号码,若是,则生成所述诈骗号码提示信息。
- 根据权利要求33所述的服务器,其特征在于,所述安全事件包括获取移动终端敏感信息的敏感信息获取事件;所述事件特征用于表征所述敏感信息获取事件的触发程序获取敏感信息的行为;所述移动终端信息包括移动终端的软件设置信息,软件设置信息用于表征软件被用户允许的行为;所述安全数据包括软件危险行为数据,所述软件危险行为数据用于表征软件的危险行为;所述事件安全信息包括用于提示所述敏感信息获取事件对应的行为为危险行为的事件危险提示信息;所述结合所述移动终端信息以及云端最新的安全数据对所述事件特征进行判断,生成所述安全事件对应的事件安全信息包括:判断所述敏感信息获取事件对应的行为是否由所述软件设置信息表征为所述触发程序的被用户允许的行为、且由所述软件危险行为数据表征为所述触发程序的危险行为,若是,则生成所述事件危险提示信息。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020177032507A KR102056529B1 (ko) | 2015-07-10 | 2016-06-15 | 모바일 단말용 클라우드 서비스 기반 보안 정보 취득 방법, 단말 및 저장 매체, 모바일 단말용 클라우드 서비스 기반 보안 정보 전달 방법 및 서버 |
US15/694,239 US10554673B2 (en) | 2015-07-10 | 2017-09-01 | Methods and apparatuses for obtaining and delivering mobile terminal security information based on a cloud service |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510407612.7A CN106330851B (zh) | 2015-07-10 | 2015-07-10 | 基于云服务的移动终端安全信息获取、下发方法和装置 |
CN201510407612.7 | 2015-07-10 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/694,239 Continuation US10554673B2 (en) | 2015-07-10 | 2017-09-01 | Methods and apparatuses for obtaining and delivering mobile terminal security information based on a cloud service |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017008608A1 true WO2017008608A1 (zh) | 2017-01-19 |
Family
ID=57725688
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/085798 WO2017008608A1 (zh) | 2015-07-10 | 2016-06-15 | 基于云服务的移动终端安全信息获取方法、终端和存储介质、基于云服务的移动终端安全信息下发方法和服务器 |
Country Status (5)
Country | Link |
---|---|
US (1) | US10554673B2 (zh) |
KR (1) | KR102056529B1 (zh) |
CN (1) | CN106330851B (zh) |
MY (1) | MY180643A (zh) |
WO (1) | WO2017008608A1 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107153790A (zh) * | 2016-03-04 | 2017-09-12 | 北京众思铭信息技术有限公司 | 移动终端安全防护方法、装置及移动终端 |
CN106992994B (zh) * | 2017-05-24 | 2020-07-03 | 腾讯科技(深圳)有限公司 | 一种云服务的自动化监控方法和系统 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103368904A (zh) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | 移动终端、可疑行为检测及判定系统和方法 |
CN103546436A (zh) * | 2012-07-13 | 2014-01-29 | 中兴通讯股份有限公司 | 一种安全控制方法及终端、云服务器 |
CN103632097A (zh) * | 2013-12-13 | 2014-03-12 | 扬州永信计算机有限公司 | 便携式移动终端安全威胁处理方法 |
US20140181530A1 (en) * | 2012-12-25 | 2014-06-26 | Kaspersky Lab Zao | System and Method for Protecting Cloud Services from Unauthorized Access and Malware Attacks |
CN103929323A (zh) * | 2013-12-16 | 2014-07-16 | 汉柏科技有限公司 | 一种云网络设备的健康度监控方法 |
CN104346566A (zh) * | 2013-07-31 | 2015-02-11 | 腾讯科技(深圳)有限公司 | 检测隐私权限风险的方法、装置、终端、服务器及系统 |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8763071B2 (en) * | 2008-07-24 | 2014-06-24 | Zscaler, Inc. | Systems and methods for mobile application security classification and enforcement |
US9781148B2 (en) * | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses between collections of mobile communications devices |
US9369433B1 (en) * | 2011-03-18 | 2016-06-14 | Zscaler, Inc. | Cloud based social networking policy and compliance systems and methods |
US9065800B2 (en) * | 2011-03-18 | 2015-06-23 | Zscaler, Inc. | Dynamic user identification and policy enforcement in cloud-based secure web gateways |
US9531758B2 (en) * | 2011-03-18 | 2016-12-27 | Zscaler, Inc. | Dynamic user identification and policy enforcement in cloud-based secure web gateways |
US9386035B2 (en) * | 2011-06-21 | 2016-07-05 | At&T Intellectual Property I, L.P. | Methods and apparatus to configure virtual private mobile networks for security |
US9143530B2 (en) * | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Secure container for protecting enterprise data on a mobile device |
CN102413011B (zh) * | 2011-11-18 | 2015-09-30 | 北京奇虎科技有限公司 | 一种局域网安全评估的方法和系统 |
US9094873B2 (en) * | 2012-05-14 | 2015-07-28 | Wei Lu | Classified relation networking optimization platform in open wireless architecture (OWA) mobile cloud terminal device |
US9485606B1 (en) * | 2013-01-24 | 2016-11-01 | Symantec Corporation | Systems and methods for detecting near field communication risks |
CN104426847A (zh) * | 2013-08-22 | 2015-03-18 | 腾讯科技(深圳)有限公司 | 互联网服务安全访问和验证的方法、系统和服务器 |
US9213831B2 (en) * | 2013-10-03 | 2015-12-15 | Qualcomm Incorporated | Malware detection and prevention by monitoring and modifying a hardware pipeline |
US20150222646A1 (en) * | 2014-01-31 | 2015-08-06 | Crowdstrike, Inc. | Tagging Security-Relevant System Objects |
US20160196132A1 (en) * | 2014-07-07 | 2016-07-07 | Symphony Teleca Corporation | Remote Embedded Device Update Platform Apparatuses, Methods and Systems |
US9680843B2 (en) * | 2014-07-22 | 2017-06-13 | At&T Intellectual Property I, L.P. | Cloud-based communication account security |
KR102311827B1 (ko) * | 2015-02-10 | 2021-10-13 | 주식회사 마크애니 | 사용자 적응형 모바일 디바이스 제어 방법 및 시스템 |
US10542031B2 (en) * | 2015-02-20 | 2020-01-21 | Authentic8, Inc. | Secure application for accessing web resources |
CN106209739B (zh) * | 2015-05-05 | 2019-06-04 | 科大国盾量子技术股份有限公司 | 云存储方法及系统 |
US11115417B2 (en) * | 2015-05-19 | 2021-09-07 | Microsoft Technology Licensing, Llc. | Secured access control to cloud-based applications |
-
2015
- 2015-07-10 CN CN201510407612.7A patent/CN106330851B/zh active Active
-
2016
- 2016-06-15 KR KR1020177032507A patent/KR102056529B1/ko active IP Right Grant
- 2016-06-15 MY MYPI2017703997A patent/MY180643A/en unknown
- 2016-06-15 WO PCT/CN2016/085798 patent/WO2017008608A1/zh active Application Filing
-
2017
- 2017-09-01 US US15/694,239 patent/US10554673B2/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103368904A (zh) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | 移动终端、可疑行为检测及判定系统和方法 |
CN103546436A (zh) * | 2012-07-13 | 2014-01-29 | 中兴通讯股份有限公司 | 一种安全控制方法及终端、云服务器 |
US20140181530A1 (en) * | 2012-12-25 | 2014-06-26 | Kaspersky Lab Zao | System and Method for Protecting Cloud Services from Unauthorized Access and Malware Attacks |
CN104346566A (zh) * | 2013-07-31 | 2015-02-11 | 腾讯科技(深圳)有限公司 | 检测隐私权限风险的方法、装置、终端、服务器及系统 |
CN103632097A (zh) * | 2013-12-13 | 2014-03-12 | 扬州永信计算机有限公司 | 便携式移动终端安全威胁处理方法 |
CN103929323A (zh) * | 2013-12-16 | 2014-07-16 | 汉柏科技有限公司 | 一种云网络设备的健康度监控方法 |
Also Published As
Publication number | Publication date |
---|---|
CN106330851B (zh) | 2019-12-20 |
MY180643A (en) | 2020-12-04 |
US10554673B2 (en) | 2020-02-04 |
KR102056529B1 (ko) | 2019-12-16 |
KR20170137155A (ko) | 2017-12-12 |
CN106330851A (zh) | 2017-01-11 |
US20170366567A1 (en) | 2017-12-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11956853B2 (en) | Apparatus and method for obtaining emergency data and providing a map view | |
CN102739868B (zh) | 移动终端的丢失处理方法及系统 | |
US11093303B2 (en) | Notification message processing method and apparatus | |
CN104468551A (zh) | 一种基于广告拦截节省流量的方法及装置 | |
CN107135186B (zh) | 一种电话防盗打的方法及装置 | |
CN110149599B (zh) | 一种短信防护方法及终端设备 | |
WO2019148936A1 (zh) | 信息提示 | |
CN110633112A (zh) | 信息处理方法及装置、设备、存储介质 | |
WO2014110991A1 (zh) | 一种信息实时展示的方法和移动通讯终端 | |
CN105635044B (zh) | 一种信息同步方法和设备 | |
CN106547590A (zh) | 隐私应用程序的启动方法和启动装置 | |
WO2017008608A1 (zh) | 基于云服务的移动终端安全信息获取方法、终端和存储介质、基于云服务的移动终端安全信息下发方法和服务器 | |
CN116578297A (zh) | H5页面的运行方法、装置、电子设备及存储介质 | |
CN113055169B (zh) | 数据加密方法、装置、电子设备及存储介质 | |
CN106850404B (zh) | 一种信息安全处理方法、系统、第一终端及第二终端 | |
CN110995706B (zh) | 用于通讯应用的身份验证系统、方法、设备和存储介质 | |
CN110245523B (zh) | 一种数据校验方法、系统和装置及计算机可读存储介质 | |
CN113329045A (zh) | 文件下载方法、装置、计算机可读存储介质和计算机设备 | |
CN110048928B (zh) | 信息提交、获取、交互方法、装置、设备及系统 | |
CN115632815A (zh) | 一种数据的更新方法、装置、电子设备及存储介质 | |
US10178188B2 (en) | System for a monitored and reconstructible personal rendezvous session | |
KR20140099389A (ko) | 금융 피싱 사기 문자 탐지 및 차단 시스템 및 그 금융 피싱 사기 문자 탐지 및 차단 방법 | |
CN105912926A (zh) | 合法安装包获取方法、装置及系统 | |
US20170155767A1 (en) | Methods circuits devices systems and associated computer executable code for providing digital services | |
Pranoto et al. | Android smartphone remote monitoring application using sms service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16823755 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20177032507 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 24.05.2018) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16823755 Country of ref document: EP Kind code of ref document: A1 |