WO2017113584A1 - Security control method and system for container of terminal - Google Patents

Security control method and system for container of terminal Download PDF

Info

Publication number
WO2017113584A1
WO2017113584A1 PCT/CN2016/084103 CN2016084103W WO2017113584A1 WO 2017113584 A1 WO2017113584 A1 WO 2017113584A1 CN 2016084103 W CN2016084103 W CN 2016084103W WO 2017113584 A1 WO2017113584 A1 WO 2017113584A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
container
preset
vpdn
sim card
Prior art date
Application number
PCT/CN2016/084103
Other languages
French (fr)
Chinese (zh)
Inventor
邵寿平
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2017113584A1 publication Critical patent/WO2017113584A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Definitions

  • the present invention relates to the field of terminal information security, and in particular to a method and system for controlling terminal container security.
  • the main object of the present invention is to provide a method and system for controlling the security of a terminal container, which can provide a safe container for a mobile phone application and ensure the operational safety of the application in the container.
  • the present invention provides a method for controlling the security of a terminal container, including:
  • the SIM card information of the terminal will be verified in response to the SIM card information. Passing the VPDN channel to the preset security authentication server to verify whether the SIM card of the terminal has a registration record on the preset security authentication server;
  • the target application After receiving the verification pass message of the preset security authentication server, the target application is entered, and the preset secure container policy is invoked.
  • the secure container policy comprises:
  • the determining whether the target application is an entry application to enter the secure container comprises:
  • the responding to the SIM card information verification instruction, before transmitting the SIM card information of the terminal to the preset security authentication server by using the VPDN channel further includes:
  • the preset disable device functions include a camera function, a pasteboard function, an SD card function, a screen capture function, a screen recording function, and a GPS function.
  • the secure container policy further includes:
  • the configuration information of the hidden APN includes:
  • the invention also provides a terminal container safety control system, comprising:
  • a container internal and external discriminating module configured to determine whether the target application is an entry application to enter the secure container in response to a click instruction to the target application, and if yes, enter the secure container;
  • the security authentication module is configured to respond to the VPDN creation command, disconnect the Internet, create a VPDN and connect; after determining that the VPDN connection is successful, respond to the SIM card information verification command, and transmit the SIM card information of the terminal to the preset security authentication server through the VPDN channel. Determining whether the SIM card of the terminal has a registration record on the preset security authentication server;
  • the in-container policy invoking module is configured to enter the target application after receiving the verification pass message of the preset secure authentication server, and invoke a preset secure container policy.
  • the secure container policy comprises:
  • the preset disable device functions include a camera function, a pasteboard function, an SD card function, a screen capture function, a screen recording function, and a GPS function.
  • a terminal container security control method and system provided by the present invention is used to determine whether a target application is an entry application for entering a secure container, and if so, enter a secure container; disconnect the Internet, create a VPDN and connect; and determine that the VPDN connection is successful, Passing the SIM card information of the terminal to the preset security authentication server through the VPDN channel, and verifying whether the SIM card of the terminal has a registration record on the preset security authentication server; after the verification is passed, entering the target application,
  • the preset security policy can be used to provide a secure container for applications that need to protect customer privacy. All applications can run in the same system without having to allocate additional memory and space, which can easily and efficiently protect the data security of the end user.
  • Embodiment 1 is a flowchart of Embodiment 1 of a method for controlling safety of a terminal container according to the present invention
  • FIG. 2 is a schematic diagram showing the detailed principle of a first embodiment of a terminal container security control method according to the present invention
  • FIG. 3 is a schematic diagram of still another detailed principle of a first embodiment of a method for controlling the security of a terminal container according to the present invention
  • FIG. 4 is a schematic diagram of still another detailed principle of a first embodiment of a method for controlling the security of a terminal container according to the present invention
  • FIG. 5 is a schematic structural diagram of Embodiment 2 of a terminal container safety control system according to the present invention.
  • the terminal of the present invention includes, but is not limited to, a smartphone, a tablet, and the like.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • FIG. 1 is a flow chart showing an embodiment of a method for controlling the security of a terminal container according to the present invention, including:
  • Step S101 responsive to the click instruction of the target application, determining whether the target application is an entry application to enter the secure container, and if yes, entering the secure container;
  • a container refers to the operating environment of a group of applications. This group of applications can be distributed to devices from the MDM mobile management platform.
  • the MDM client belongs to the in-container application.
  • the MDM mobile management platform can issue a container policy, that is, when the group of applications runs (the top-level activity is the application), the MDM client applies the policy (such as switching APNs and the like).
  • a broadcast is sent.
  • the broadcast ACTION is "com.pekall.action.TOP_PACKAGE" with the parameter Intent.putExtra("toppackage", current package name), ie the container change trigger is the top-level activity.
  • the schematic diagram is shown in Figure 2.
  • Step S102 respond to the VPDN creation instruction, disconnect the Internet, create a VPDN, and connect;
  • the terminal will preset an application that creates and connects to vpdn.
  • the vpdn configuration information is provided by the client.
  • the network is automatically disconnected before the creation. If the vpdn is created successfully, the user prompts, otherwise the prompt fails, exits the application, and connects to the Internet.
  • Step S103 After determining that the VPDN connection is successful, responding to the SIM card information verification command, transmitting the SIM card information of the terminal to the preset security authentication server through the VPDN channel, and verifying whether the SIM card of the terminal is in the preset security authentication service. There is a registration record at the end;
  • the SIM card information can be obtained by scanning the two-dimensional code corresponding to the SIM card information of the terminal. After the vpdn connection is successful, the user is prompted to scan the QR code provided by the SIM vendor, and the scan information is transmitted to the preset security authentication service through the VPDN channel. Performing SIM card information verification comparison, verifying whether the SIM card of the terminal has a registration record on the preset security authentication server, and returning a success message after the verification is passed, and pushing the preset application and policy; otherwise, prompting the SIM card The identity information does not match, the application is quit, and the Internet is connected. The process is shown in Figure 3.
  • Step S104 After receiving the verification pass message of the preset security authentication server, enter the target application and invoke a preset secure container policy;
  • the secure container policy can include:
  • the representative After receiving the verification pass message of the preset security authentication server, the representative completely enters the secure container, enters the target application that is initially clicked, and simultaneously invokes the security container preset policy:
  • the VPDN is already configured and connected.
  • a "Hidden” field is added to all APNs in the TelephonyProvider class, and the value is 0, which means the default display.
  • assign a value of 1 to the "Hidden” field of the APN indicating that it is hidden.
  • the Setting class will load the apn database. At this time, the "Hidden” field is determined. If the value is 1, it will not be displayed, and the VPDN configuration information is protected.
  • the control steps are divided into system attribute setting and function control.
  • the MDM application inside the container will immediately call the interface function that sets the system property value of the data connection.
  • the inside of the container uses the server push installation application to install the application.
  • the USB shielding method is the same as the data connection control, and the system attribute value is set and read. Take the implementation.
  • the security control of the mobile phone device mainly includes the shielding of the camera, the paste version, the SD card, the screen capture, the screen recording, the GPS, etc., and blocks the inflow of the Trojan hacker from the hardware, thereby achieving the purpose of ensuring the security of the user information.
  • the above four modules are encapsulated into corresponding strategies, namely application strategy: ApplicationPolicy getApplicationPolicy(); data connection strategy: PhoneRestrictionPolicy getPhoneRestrictionPolicy(); device control policy: RestrictionPolicy getRestrictionPolicy(); APN control strategy getAnpPolicy().
  • the solution implementation within the strategy can be implemented according to the user, and has the characteristics of simple and easy to expand. It is suitable for most government and enterprise users.
  • the security container strategy design is shown in Figure 4.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • FIG. 5 is a schematic structural view of an embodiment of a control system for terminal container security according to the present invention, including:
  • the inside and outside of the container discriminating module 101 is configured to determine whether the target application is an entry application to enter the secure container in response to a click instruction to the target application, and if yes, enter the secure container;
  • the security authentication module 102 is configured to respond to the VPDN creation instruction, disconnect the Internet, create a VPDN and connect; after determining that the VPDN connection is successful, respond to the SIM card information verification instruction, and transmit the SIM card information of the terminal to the preset security authentication service through the VPDN channel. End, verifying whether the SIM card of the terminal has a registration record on the preset security authentication server;
  • the in-container policy invoking module 103 is configured to enter the target application after receiving the verification pass message of the preset secure authentication server, and simultaneously invoke a preset secure container policy;
  • the secure container policy can include:
  • the inside and outside container discriminating module 101 determines whether the target application is an entry application into the secure container, and if so, enters the secure container; the security authentication module 102 disconnects the Internet, creates a VPDN and After the VPDN connection is successful, the SIM card information of the terminal is transmitted to the preset security authentication server through the VPDN channel, and the SIM card of the terminal is verified to have a registration record on the preset security authentication server; Afterwards, the target application is entered, and the in-container policy invoking module 103 invokes a preset security policy, hides the APN configuration information, disables the data connection path, shields the USB function, and disables the terminal's preset disabled device function.
  • Secure containers can be provided for applications that need to protect customer privacy. All applications can run on the same system without having to allocate extra memory and space, which can easily and efficiently protect end user data security.

Abstract

A security control method and system for a container of a terminal. The method comprises: determining, in response to a tap instruction on a target application, whether the target application is a portal application for entering a secure container, and if yes, entering the secure container (S101); disconnecting the Internet, and creating and connecting to a VPDN, in response to a VPDN creation instruction (S102); transferring, after determining that the VPDN is successfully connected, information about a SIM card of a terminal to a preset security authentication server by means of a VPDN channel in response to a SIM card information verification instruction, to verify whether the SIM card of the terminal has a registration record in the preset security authentication server (S103); entering the target application after receiving a verification success message from the preset security authentication server and invoking a preset secure container policy (S104). Whereby, a secure container can be provided for applications requiring client privacy protection, and all application programs can be run in a same system, without the need to allocate additional memory and space, such that data security of the terminal user can be protected conveniently and efficiently.

Description

一种终端容器安全的控制方法与系统Terminal container security control method and system
本申请要求于2015年12月31日提交中国专利局,申请号为201511031383.X、发明名称为“一种终端容器安全的控制方法与系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201511031383.X, entitled "Control Method and System for Terminal Container Safety", filed on December 31, 2015, the entire contents of which are hereby incorporated by reference. Combined in this application.
技术领域Technical field
本发明涉及终端信息安全领域,特别是涉及一种终端容器安全的控制方法与系统。The present invention relates to the field of terminal information security, and in particular to a method and system for controlling terminal container security.
背景技术Background technique
自从手机智能化和网络化介入之后,所带来功能和使用效率的提升,既为手机用户提供了非常大的帮助,同时也将一些安全隐患带到人们面前。Since the intelligentization and networked intervention of mobile phones, the increased functionality and efficiency of use have provided great help to mobile phone users, and brought some security risks to people.
现有的手机安全方案较少,一些公司推出双系统方案,在独立的安全系统中实现手机的安全策略,保障用户的信息的安全,为安全系统预留单独的数据分区,同标准系统独立开来。该方法能够有效保障用户数据的独立性,保障用户数据的隐私,但是双系统同时运行不仅制造成本高,且需要为安全系统预分配内存,加大电量消耗,运行成本也较高,不能简单高效地保障手机用户数据安全。There are few existing mobile phone security solutions. Some companies have introduced a dual-system solution to implement mobile phone security policies in independent security systems to ensure the security of users' information. A separate data partition is reserved for the security system, which is independent of the standard system. Come. The method can effectively guarantee the independence of user data and ensure the privacy of user data. However, the simultaneous operation of dual systems not only has high manufacturing cost, but also needs to pre-allocate memory for the security system, increase power consumption, and has high running cost, which cannot be simple and efficient. Secure mobile phone user data.
发明内容Summary of the invention
有鉴于此,本发明的主要目的在于提供一种终端容器安全的控制方法与系统,可以为手机应用提供安全容器,保障容器内应用的运行安全。In view of this, the main object of the present invention is to provide a method and system for controlling the security of a terminal container, which can provide a safe container for a mobile phone application and ensure the operational safety of the application in the container.
为实现上述目的,本发明提供了一种终端容器安全的控制方法,包括:To achieve the above object, the present invention provides a method for controlling the security of a terminal container, including:
响应对目标应用的点击指令,判断所述目标应用是否为进入安全容器的入口应用,若是,则进入所述安全容器;Responding to the click instruction of the target application, determining whether the target application is an entry application to enter the secure container, and if yes, entering the secure container;
响应VPDN创建指令,断开互联网,创建VPDN并连接;Respond to the VPDN creation instruction, disconnect the Internet, create a VPDN and connect;
确定VPDN连接成功后,响应SIM卡信息核实指令将终端的SIM卡信息 通过VPDN通道传递给预设安全认证服务端,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录;After confirming that the VPDN connection is successful, the SIM card information of the terminal will be verified in response to the SIM card information. Passing the VPDN channel to the preset security authentication server to verify whether the SIM card of the terminal has a registration record on the preset security authentication server;
在收到所述预设安全认证服务器的验证通过消息后,进入所述目标应用,同时调用预设的安全容器策略。After receiving the verification pass message of the preset security authentication server, the target application is entered, and the preset secure container policy is invoked.
优选地,所述安全容器策略包括:Preferably, the secure container policy comprises:
隐藏APN的配置信息,禁用数据连接途径,屏蔽USB功能以及禁用终端的预设禁用设备功能。Hide the APN configuration information, disable the data connection path, block the USB function, and disable the terminal's default disable device feature.
优选地,所述判断所述目标应用是否为进入安全容器的入口应用包括:Preferably, the determining whether the target application is an entry application to enter the secure container comprises:
判断对所述目标应用的点击所发送的广播中的包名参数是否为所述安全容器预设的应用包名。Determining whether the package name parameter in the broadcast sent by the click of the target application is an application package name preset by the secure container.
优选地,所述响应SIM卡信息核实指令,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端前还包括:Preferably, the responding to the SIM card information verification instruction, before transmitting the SIM card information of the terminal to the preset security authentication server by using the VPDN channel, further includes:
响应所述终端的SIM卡信息对应的二维码的扫描指令,获取所述终端的SIM卡信息。And acquiring the SIM card information of the terminal in response to the scanning instruction of the two-dimensional code corresponding to the SIM card information of the terminal.
优选地,所述预设禁用设备功能包括照相机功能、粘贴板功能、SD卡功能、截屏功能、录屏功能和GPS功能。Preferably, the preset disable device functions include a camera function, a pasteboard function, an SD card function, a screen capture function, a screen recording function, and a GPS function.
优选地,所述安全容器策略还包括:Preferably, the secure container policy further includes:
推送目标应用内预置应用的下载。Push downloads of preset apps within the target app.
优选地,所述隐藏APN的配置信息包括:Preferably, the configuration information of the hidden APN includes:
对所述APN的配置信息进行预设的隐藏字段赋值。Presetting a hidden field assignment to the configuration information of the APN.
本发明还提供了一种终端容器安全的控制系统,包括:The invention also provides a terminal container safety control system, comprising:
容器内外判别模块,用于响应对目标应用的点击指令,判断所述目标应用是否为进入安全容器的入口应用,若是,则进入所述安全容器;a container internal and external discriminating module, configured to determine whether the target application is an entry application to enter the secure container in response to a click instruction to the target application, and if yes, enter the secure container;
安全认证模块,用于响应VPDN创建指令,断开互联网,创建VPDN并连接;确定VPDN连接成功后,响应SIM卡信息核实指令,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录;The security authentication module is configured to respond to the VPDN creation command, disconnect the Internet, create a VPDN and connect; after determining that the VPDN connection is successful, respond to the SIM card information verification command, and transmit the SIM card information of the terminal to the preset security authentication server through the VPDN channel. Determining whether the SIM card of the terminal has a registration record on the preset security authentication server;
容器内策略调用模块,用于在收到所述预设安全认证服务器的验证通过消息后,进入所述目标应用,同时调用预设的安全容器策略。The in-container policy invoking module is configured to enter the target application after receiving the verification pass message of the preset secure authentication server, and invoke a preset secure container policy.
优选地,所述安全容器策略包括: Preferably, the secure container policy comprises:
隐藏APN的配置信息,禁用数据连接途径,屏蔽USB功能以及禁用终端的预设禁用设备功能。Hide the APN configuration information, disable the data connection path, block the USB function, and disable the terminal's default disable device feature.
优选地,所述预设禁用设备功能包括照相机功能、粘贴板功能、SD卡功能、截屏功能、录屏功能和GPS功能。Preferably, the preset disable device functions include a camera function, a pasteboard function, an SD card function, a screen capture function, a screen recording function, and a GPS function.
应用本发明提供的一种终端容器安全的控制方法与系统,判断目标应用是否为进入安全容器的入口应用,若是,则进入安全容器;断开互联网,创建VPDN并连接;确定VPDN连接成功后,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录;在验证通过后,进入所述目标应用,同时调用预设的安全策略,可以为需要保护客户隐私的应用提供安全容器,所有的应用程序可在同一系统中运行,不必分配额外的内存和空间,可以简单高效的保护终端用户的数据安全。A terminal container security control method and system provided by the present invention is used to determine whether a target application is an entry application for entering a secure container, and if so, enter a secure container; disconnect the Internet, create a VPDN and connect; and determine that the VPDN connection is successful, Passing the SIM card information of the terminal to the preset security authentication server through the VPDN channel, and verifying whether the SIM card of the terminal has a registration record on the preset security authentication server; after the verification is passed, entering the target application, At the same time, the preset security policy can be used to provide a secure container for applications that need to protect customer privacy. All applications can run in the same system without having to allocate additional memory and space, which can easily and efficiently protect the data security of the end user.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can obtain other drawings according to the provided drawings without any creative work.
图1为本发明一种终端容器安全的控制方法实施例一的流程图;1 is a flowchart of Embodiment 1 of a method for controlling safety of a terminal container according to the present invention;
图2为本发明一种终端容器安全的控制方法实施例一的详细原理示意图;2 is a schematic diagram showing the detailed principle of a first embodiment of a terminal container security control method according to the present invention;
图3为本发明一种终端容器安全的控制方法实施例一的又一详细原理示意图;3 is a schematic diagram of still another detailed principle of a first embodiment of a method for controlling the security of a terminal container according to the present invention;
图4为本发明一种终端容器安全的控制方法实施例一的又一详细原理示意图;4 is a schematic diagram of still another detailed principle of a first embodiment of a method for controlling the security of a terminal container according to the present invention;
图5为本发明一种终端容器安全的控制系统实施例二的结构示意图。FIG. 5 is a schematic structural diagram of Embodiment 2 of a terminal container safety control system according to the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是 全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, instead of All embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明所述终端包括但不限于智能手机、平板电脑等。The terminal of the present invention includes, but is not limited to, a smartphone, a tablet, and the like.
实施例一:Embodiment 1:
本发明提供了一种终端容器安全的控制方法,图1示出了本发明终端容器安全的控制方法实施例的流程图,包括:The present invention provides a method for controlling the security of a terminal container. FIG. 1 is a flow chart showing an embodiment of a method for controlling the security of a terminal container according to the present invention, including:
步骤S101:响应对目标应用的点击指令,判断所述目标应用是否为进入安全容器的入口应用,若是,则进入所述安全容器;Step S101: responsive to the click instruction of the target application, determining whether the target application is an entry application to enter the secure container, and if yes, entering the secure container;
容器专指一组应用的运行环境,这组应用可以从MDM移动管理平台分发给设备,默认情况下,MDM客户端属于容器内应用。MDM移动管理平台可以下发容器策略,即当这组应用运行时(顶层活动为该应用),MDM客户端应用该策略(比如切换APN等行为)。当顶层活动发生变化时,会发送一个广播,广播的ACTION为“com.pekall.action.TOP_PACKAGE”,并且带参数Intent.putExtra(“toppackage”,当前包名),即容器变化触发者是顶层活动发生改变并且参数中“包名”为手机设定的“应用包名”的广播,判断所述目标应用是否为进入安全容器的入口应用即通过:判断对目标应用的点击所发送的广播中的包名参数是否为安全容器预设的应用包名来实现,原理图如图2所示。A container refers to the operating environment of a group of applications. This group of applications can be distributed to devices from the MDM mobile management platform. By default, the MDM client belongs to the in-container application. The MDM mobile management platform can issue a container policy, that is, when the group of applications runs (the top-level activity is the application), the MDM client applies the policy (such as switching APNs and the like). When the top-level activity changes, a broadcast is sent. The broadcast ACTION is "com.pekall.action.TOP_PACKAGE" with the parameter Intent.putExtra("toppackage", current package name), ie the container change trigger is the top-level activity. The change occurs and the "package name" in the parameter is the broadcast of the "application package name" set by the mobile phone, and it is determined whether the target application is an entry application for entering the secure container, that is, by determining the broadcast sent by the click of the target application. Whether the package name parameter is the application package name preset by the secure container is implemented. The schematic diagram is shown in Figure 2.
步骤S102:响应VPDN创建指令,断开互联网,创建VPDN并连接;Step S102: respond to the VPDN creation instruction, disconnect the Internet, create a VPDN, and connect;
终端会预置一个创建并连接vpdn的应用,vpdn配置信息由客户提供,创建前自动断开互联网,如果vpdn创建成功,给出用户提示,否则提示失败,退出应用,连接互联网。The terminal will preset an application that creates and connects to vpdn. The vpdn configuration information is provided by the client. The network is automatically disconnected before the creation. If the vpdn is created successfully, the user prompts, otherwise the prompt fails, exits the application, and connects to the Internet.
步骤S103:确定VPDN连接成功后,响应SIM卡信息核实指令,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录;Step S103: After determining that the VPDN connection is successful, responding to the SIM card information verification command, transmitting the SIM card information of the terminal to the preset security authentication server through the VPDN channel, and verifying whether the SIM card of the terminal is in the preset security authentication service. There is a registration record at the end;
SIM卡信息可通过对终端SIM卡信息对应的二维码的扫描获取,在vpdn连接成功后,提示用户扫描SIM商提供的二维码,并且把扫描信息通过VPDN通道传递给预设安全认证服务端进行SIM卡信息核实比对,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录,验证通过则返回成功消息,并且推送预置的应用和策略;否则提示SIM卡身份信息不匹配,退出应用,连接互联网,流程如图3所示。 The SIM card information can be obtained by scanning the two-dimensional code corresponding to the SIM card information of the terminal. After the vpdn connection is successful, the user is prompted to scan the QR code provided by the SIM vendor, and the scan information is transmitted to the preset security authentication service through the VPDN channel. Performing SIM card information verification comparison, verifying whether the SIM card of the terminal has a registration record on the preset security authentication server, and returning a success message after the verification is passed, and pushing the preset application and policy; otherwise, prompting the SIM card The identity information does not match, the application is quit, and the Internet is connected. The process is shown in Figure 3.
步骤S104:在收到所述预设安全认证服务器的验证通过消息后,进入所述目标应用,同时调用预设的安全容器策略;Step S104: After receiving the verification pass message of the preset security authentication server, enter the target application and invoke a preset secure container policy;
所述安全容器策略可包括:The secure container policy can include:
隐藏APN的配置信息,禁用数据连接途径,屏蔽USB功能以及禁用终端的预设禁用设备功能。Hide the APN configuration information, disable the data connection path, block the USB function, and disable the terminal's default disable device feature.
当收到预设的安全认证服务器的验证通过消息后,代表完全进入安全容器,进入最初点击的目标应用,并同时调用安全容器预设的策略:After receiving the verification pass message of the preset security authentication server, the representative completely enters the secure container, enters the target application that is initially clicked, and simultaneously invokes the security container preset policy:
(1)APN安全控制(1) APN security control
为了保护用户的vpdn信息,需要对APN的配置信息进行隐藏处理。点击应用进入容器内部时,VPDN已经配置好并且连接上,为了方便控制APN的显示或者隐藏,在TelephonyProvider类中为所有APN添加一个”Hidden”字段,并且赋值为0,代表默认显示。在配置VPDN时,为该APN的”Hidden”字段赋值为1,表示隐藏。当用户点击设置页面去查看APN列表时,Setting类会去加载apn数据库,此时,进行”Hidden”字段判定,如果值为1就不予显示,达到对VPDN配置信息进行保护的目的。To protect the user's vpdn information, you need to hide the configuration information of the APN. When the application enters the inside of the container, the VPDN is already configured and connected. In order to control the display or hiding of the APN, a "Hidden" field is added to all APNs in the TelephonyProvider class, and the value is 0, which means the default display. When configuring the VPDN, assign a value of 1 to the "Hidden" field of the APN, indicating that it is hidden. When the user clicks the setting page to view the APN list, the Setting class will load the apn database. At this time, the "Hidden" field is determined. If the value is 1, it will not be displayed, and the VPDN configuration information is protected.
(2)数据连接安全控制(2) Data connection security control
为了防止用户隐私信息被木马获取,就需要截断所有木马流入的数据连接途径,包括wifi,Bluetooth,mms,sms。In order to prevent user privacy information from being obtained by Trojans, it is necessary to cut off the data connection path of all Trojans, including wifi, Bluetooth, mms, sms.
控制的步骤分为系统属性设定和功能控制,当进入容器内部时,容器内部的MDM应用会立即调用设置数据连接的系统属性值的接口函数。它们的接口函数分别为:boolean allowOutgoingWifi(boolean allow),boolean allowOutgoingBluetooth(boolean allow),boolean allowOutgoingMms(boolean allow),boolean allowOutgoingSms(boolean allow);当数据功能被启动时,通过读取系统属性值来判断是否进行数据连接流程,比如wifi的属性“persist.yulong.mdm.wifi”=1,说明在容器内,不允许进行数据连接,立即返回,从而实现对数据连接的安全控制。The control steps are divided into system attribute setting and function control. When entering the inside of the container, the MDM application inside the container will immediately call the interface function that sets the system property value of the data connection. Their interface functions are: boolean allowOutgoingWifi(boolean allow), boolean allowOutgoingBluetooth(boolean allow), boolean allowOutgoingMms(boolean allow), boolean allowOutgoingSms(boolean allow); when the data function is started, it is judged by reading the system attribute value. Whether to carry out the data connection process, such as wifi attribute "persist.yulong.mdm.wifi" = 1, indicating that in the container, data connection is not allowed, and immediately returns, thereby achieving security control of the data connection.
(3)应用安装安全控制(3) Application installation security control
容器内部采用服务器推送安装应用的方式进行应用安装,通过屏蔽USB功能和应用来源判断阻止用户或者黑客在容器内部进行应用安装,USB屏蔽方法和数据连接控制一样,通过系统属性值的设定和读取实现。 The inside of the container uses the server push installation application to install the application. By blocking the USB function and the application source, it is judged to prevent the user or the hacker from installing the application inside the container. The USB shielding method is the same as the data connection control, and the system attribute value is set and read. Take the implementation.
(4)手机设备安全控制(4) Mobile device security control
手机设备的安全控制主要包括照相机、粘贴版、SD卡、截屏、录屏、GPS等设备的屏蔽,从硬件上阻断木马黑客的流入,从而到达保障用户信息安全性目的。为了便于方案的普及和扩展,把以上四个模块封装成相应的策略,分别是应用策略:ApplicationPolicy getApplicationPolicy();数据连接策略:PhoneRestrictionPolicy getPhoneRestrictionPolicy();设备控制策略:RestrictionPolicy getRestrictionPolicy();APN控制策略getAnpPolicy()。策略内部的方案实现可以根据用户具体实现,具有简单易扩展的特点,适用于大部分政企用户,安全容器策略设计如图4所示。The security control of the mobile phone device mainly includes the shielding of the camera, the paste version, the SD card, the screen capture, the screen recording, the GPS, etc., and blocks the inflow of the Trojan hacker from the hardware, thereby achieving the purpose of ensuring the security of the user information. In order to facilitate the popularization and expansion of the scheme, the above four modules are encapsulated into corresponding strategies, namely application strategy: ApplicationPolicy getApplicationPolicy(); data connection strategy: PhoneRestrictionPolicy getPhoneRestrictionPolicy(); device control policy: RestrictionPolicy getRestrictionPolicy(); APN control strategy getAnpPolicy(). The solution implementation within the strategy can be implemented according to the user, and has the characteristics of simple and easy to expand. It is suitable for most government and enterprise users. The security container strategy design is shown in Figure 4.
应用本实施例提供的一种终端容器安全的控制方法,判断目标应用是否为进入安全容器的入口应用,若是,则进入安全容器;断开互联网,创建VPDN并连接;确定VPDN连接成功后,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录;在验证通过后,进入所述目标应用,同时调用预设的安全策略,隐藏APN的配置信息,禁用数据连接途径,屏蔽USB功能以及禁用终端的预设禁用设备功能。可以为需要保护客户隐私的应用提供安全容器,所有的应用程序可在同一系统中运行,不必分配额外的内存和空间,可以简单高效的保护终端用户的数据安全。Applying the terminal container security control method provided in this embodiment to determine whether the target application is an entry application for entering the secure container, and if so, entering the secure container; disconnecting the Internet, creating a VPDN and connecting; determining that the VPDN connection is successful, The SIM card information of the terminal is transmitted to the preset security authentication server through the VPDN channel, and the SIM card of the terminal is verified to have a registration record on the preset security authentication server; after the verification is passed, the target application is entered. Call the preset security policy, hide the APN configuration information, disable the data connection path, block the USB function, and disable the terminal's preset disable device function. Secure containers can be provided for applications that need to protect customer privacy. All applications can run on the same system without having to allocate extra memory and space, which can easily and efficiently protect end user data security.
实施例二:Embodiment 2:
本发明还提供了一种终端容器安全的控制系统,图5示出了本发明终端容器安全的控制系统实施例结构示意图,包括:The present invention also provides a control system for terminal container security, and FIG. 5 is a schematic structural view of an embodiment of a control system for terminal container security according to the present invention, including:
容器内外判别模块101,用于响应对目标应用的点击指令,判断所述目标应用是否为进入安全容器的入口应用,若是,则进入所述安全容器;The inside and outside of the container discriminating module 101 is configured to determine whether the target application is an entry application to enter the secure container in response to a click instruction to the target application, and if yes, enter the secure container;
安全认证模块102,用于响应VPDN创建指令,断开互联网,创建VPDN并连接;确定VPDN连接成功后,响应SIM卡信息核实指令,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录;The security authentication module 102 is configured to respond to the VPDN creation instruction, disconnect the Internet, create a VPDN and connect; after determining that the VPDN connection is successful, respond to the SIM card information verification instruction, and transmit the SIM card information of the terminal to the preset security authentication service through the VPDN channel. End, verifying whether the SIM card of the terminal has a registration record on the preset security authentication server;
容器内策略调用模块103,用于在收到所述预设安全认证服务器的验证通过消息后,进入所述目标应用,同时调用预设的安全容器策略;The in-container policy invoking module 103 is configured to enter the target application after receiving the verification pass message of the preset secure authentication server, and simultaneously invoke a preset secure container policy;
所述安全容器策略可包括: The secure container policy can include:
隐藏APN的配置信息,禁用数据连接途径,屏蔽USB功能以及禁用终端的预设禁用设备功能。Hide the APN configuration information, disable the data connection path, block the USB function, and disable the terminal's default disable device feature.
应用本实施例提供的一种终端容器安全的控制系统,容器内外判别模块101判断目标应用是否为进入安全容器的入口应用,若是,则进入安全容器;安全认证模块102断开互联网,创建VPDN并连接;确定VPDN连接成功后,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录;在验证通过后,进入所述目标应用,同时容器内策略调用模块103调用预设的安全策略,隐藏APN的配置信息,禁用数据连接途径,屏蔽USB功能以及禁用终端的预设禁用设备功能。可以为需要保护客户隐私的应用提供安全容器,所有的应用程序可在同一系统中运行,不必分配额外的内存和空间,可以简单高效的保护终端用户的数据安全。Applying the terminal container security control system provided by this embodiment, the inside and outside container discriminating module 101 determines whether the target application is an entry application into the secure container, and if so, enters the secure container; the security authentication module 102 disconnects the Internet, creates a VPDN and After the VPDN connection is successful, the SIM card information of the terminal is transmitted to the preset security authentication server through the VPDN channel, and the SIM card of the terminal is verified to have a registration record on the preset security authentication server; Afterwards, the target application is entered, and the in-container policy invoking module 103 invokes a preset security policy, hides the APN configuration information, disables the data connection path, shields the USB function, and disables the terminal's preset disabled device function. Secure containers can be provided for applications that need to protect customer privacy. All applications can run on the same system without having to allocate extra memory and space, which can easily and efficiently protect end user data security.
需要说明的是,本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。对于系统类实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。It should be noted that each embodiment in the specification is described in a progressive manner, and each embodiment focuses on differences from other embodiments, and the same similar parts between the embodiments are referred to each other. can. For the system class embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
最后,还需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。Finally, it is also to be understood that the term "comprises", "comprising" or any other variants thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device comprising a plurality of elements includes Those elements, but also other elements not explicitly listed, or elements that are inherent to such a process, method, item or equipment. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
以上对本发明所提供的方法和系统进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。 The method and system provided by the present invention are described in detail above, and the principles and embodiments of the present invention are described in detail herein. The description of the above embodiments is only for helping to understand the method and core idea of the present invention. At the same time, the description of the present invention is not limited to the scope of the present invention.

Claims (10)

  1. 一种终端容器安全的控制方法,其特征在于,包括:A method for controlling the security of a terminal container, comprising:
    响应对目标应用的点击指令,判断所述目标应用是否为进入安全容器的入口应用,若是,则进入所述安全容器;Responding to the click instruction of the target application, determining whether the target application is an entry application to enter the secure container, and if yes, entering the secure container;
    响应VPDN创建指令,断开互联网,创建VPDN并连接;Respond to the VPDN creation instruction, disconnect the Internet, create a VPDN and connect;
    确定VPDN连接成功后,响应SIM卡信息核实指令,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录;After determining that the VPDN connection is successful, responding to the SIM card information verification command, transmitting the SIM card information of the terminal to the preset security authentication server through the VPDN channel, and verifying whether the SIM card of the terminal is registered on the preset security authentication server. recording;
    在收到所述预设安全认证服务器的验证通过消息后,进入所述目标应用,同时调用预设的安全容器策略。After receiving the verification pass message of the preset security authentication server, the target application is entered, and the preset secure container policy is invoked.
  2. 根据权利要求1所述的终端容器安全的控制方法,其特征在于,所述安全容器策略包括:The terminal container security control method according to claim 1, wherein the secure container policy comprises:
    隐藏APN的配置信息,禁用数据连接途径,屏蔽USB功能以及禁用终端的预设禁用设备功能。Hide the APN configuration information, disable the data connection path, block the USB function, and disable the terminal's default disable device feature.
  3. 根据权利要求1所述的终端容器安全的控制方法,其特征在于,所述判断所述目标应用是否为进入安全容器的入口应用包括:The terminal container security control method according to claim 1, wherein the determining whether the target application is an entry application for entering a secure container comprises:
    判断对所述目标应用的点击所发送的广播中的包名参数是否为所述安全容器预设的应用包名。Determining whether the package name parameter in the broadcast sent by the click of the target application is an application package name preset by the secure container.
  4. 根据权利要求1所述的终端容器安全的控制方法,其特征在于,所述响应SIM卡信息核实指令,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端前还包括:The terminal container security control method according to claim 1, wherein the responding to the SIM card information verification instruction, before transmitting the SIM card information of the terminal to the preset security authentication server through the VPDN channel, further includes:
    响应所述终端的SIM卡信息对应的二维码的扫描指令,获取所述终端的SIM卡信息。And acquiring the SIM card information of the terminal in response to the scanning instruction of the two-dimensional code corresponding to the SIM card information of the terminal.
  5. 根据权利要求2所述的终端容器安全的控制方法,其特征在于,所述预设禁用设备功能包括照相机功能、粘贴板功能、SD卡功能、截屏功能、录屏功能和GPS功能。The terminal container security control method according to claim 2, wherein the preset disable device function comprises a camera function, an pasteboard function, an SD card function, a screen capture function, a screen recording function, and a GPS function.
  6. 根据权利要求2所述的终端容器安全的控制方法,其特征在于,所述安全容器策略还包括:The method for controlling the security of a terminal container according to claim 2, wherein the security container policy further comprises:
    推送目标应用内预置应用的下载。 Push downloads of preset apps within the target app.
  7. 根据权利要求2所述的终端容器安全的控制方法,其特征在于,所述隐藏APN的配置信息包括:The terminal container security control method according to claim 2, wherein the configuration information of the hidden APN comprises:
    对所述APN的配置信息进行预设的隐藏字段赋值。Presetting a hidden field assignment to the configuration information of the APN.
  8. 一种终端容器安全的控制系统,其特征在于,包括:A terminal container security control system, comprising:
    容器内外判别模块,用于响应对目标应用的点击指令,判断所述目标应用是否为进入安全容器的入口应用,若是,则进入所述安全容器;a container internal and external discriminating module, configured to determine whether the target application is an entry application to enter the secure container in response to a click instruction to the target application, and if yes, enter the secure container;
    安全认证模块,用于响应VPDN创建指令,断开互联网,创建VPDN并连接;确定VPDN连接成功后,响应SIM卡信息核实指令,将终端的SIM卡信息通过VPDN通道传递给预设安全认证服务端,验证所述终端的SIM卡是否在所述预设安全认证服务端有注册记录;The security authentication module is configured to respond to the VPDN creation command, disconnect the Internet, create a VPDN and connect; after determining that the VPDN connection is successful, respond to the SIM card information verification command, and transmit the SIM card information of the terminal to the preset security authentication server through the VPDN channel. Determining whether the SIM card of the terminal has a registration record on the preset security authentication server;
    容器内策略调用模块,用于在收到所述预设安全认证服务器的验证通过消息后,进入所述目标应用,同时调用预设的安全容器策略。The in-container policy invoking module is configured to enter the target application after receiving the verification pass message of the preset secure authentication server, and invoke a preset secure container policy.
  9. 根据权利要求8所述的终端容器安全的控制系统,所述安全容器策略包括:The terminal container security control system according to claim 8, wherein the secure container policy comprises:
    隐藏APN的配置信息,禁用数据连接途径,屏蔽USB功能以及禁用终端的预设禁用设备功能。Hide the APN configuration information, disable the data connection path, block the USB function, and disable the terminal's default disable device feature.
  10. 根据权利要求9所述的终端容器安全的控制系统,其特征在于,所述预设禁用设备功能包括照相机功能、粘贴板功能、SD卡功能、截屏功能、录屏功能和GPS功能。 The terminal container security control system according to claim 9, wherein the preset disable device function comprises a camera function, an pasteboard function, an SD card function, a screen capture function, a screen recording function, and a GPS function.
PCT/CN2016/084103 2015-12-31 2016-05-31 Security control method and system for container of terminal WO2017113584A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201511031383.X 2015-12-31
CN201511031383.XA CN105550577A (en) 2015-12-31 2015-12-31 Security control method and system for terminal container

Publications (1)

Publication Number Publication Date
WO2017113584A1 true WO2017113584A1 (en) 2017-07-06

Family

ID=55829764

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/084103 WO2017113584A1 (en) 2015-12-31 2016-05-31 Security control method and system for container of terminal

Country Status (2)

Country Link
CN (1) CN105550577A (en)
WO (1) WO2017113584A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105550577A (en) * 2015-12-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Security control method and system for terminal container
US10650138B2 (en) * 2017-01-27 2020-05-12 Hewlett Packard Enterprise Development Lp System call policies for containers

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050125661A1 (en) * 2003-11-07 2005-06-09 Nokia Corporation Operator root cetificates
CN103581184A (en) * 2013-10-31 2014-02-12 中国电子科技集团公司第十五研究所 Method and system for mobile terminal to get access to intranet server
CN103619020A (en) * 2013-12-09 2014-03-05 成都达信通通讯设备有限公司 Mobile payment security system for wireless data private network physical isolation internet
CN103618736A (en) * 2013-12-09 2014-03-05 成都达信通通讯设备有限公司 Safety application system for mobile terminal to automatically switch between different channel networking interfaces
CN105550577A (en) * 2015-12-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Security control method and system for terminal container

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140108793A1 (en) * 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050125661A1 (en) * 2003-11-07 2005-06-09 Nokia Corporation Operator root cetificates
CN103581184A (en) * 2013-10-31 2014-02-12 中国电子科技集团公司第十五研究所 Method and system for mobile terminal to get access to intranet server
CN103619020A (en) * 2013-12-09 2014-03-05 成都达信通通讯设备有限公司 Mobile payment security system for wireless data private network physical isolation internet
CN103618736A (en) * 2013-12-09 2014-03-05 成都达信通通讯设备有限公司 Safety application system for mobile terminal to automatically switch between different channel networking interfaces
CN105550577A (en) * 2015-12-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Security control method and system for terminal container

Also Published As

Publication number Publication date
CN105550577A (en) 2016-05-04

Similar Documents

Publication Publication Date Title
US11729594B2 (en) Network access method, device, and system
CN109889503B (en) Identity management method based on block chain, electronic device and storage medium
US20170317827A1 (en) Electronic stamp system for security intensification, control method thereof, and non-transitory computer readable storage medium having computer program recorded thereon
US11063934B2 (en) Information pushing method, server, sharer client and third-party client
US10623530B2 (en) Device for supporting communication between multiple types of safety carriers and communication method therefor
US10645568B2 (en) Carrier configuration processing method, device and system, and computer storage medium
CN103856446A (en) Login method and device, and open platform system
CN102821085A (en) Third party authorization login method, open platform and system
EP3533247B1 (en) Wireless network type detection method and electronic device
CN104980448B (en) Remote monitoring method, device and system
CN104794374A (en) Application authority management method and device used for Android system
CN103747433A (en) Method and mobile terminal for realizing root request management through manufacturer server
KR20150111557A (en) Local wireless data communication system, method and apparatus for automactic setup of imformation
WO2016095407A1 (en) Apparatus sharing method, device, server and terminal in multi-user shared environment
CN107871062A (en) A kind of application permission control method, device and terminal
US9898600B2 (en) Method and apparatus for managing application data of portable terminal
WO2017113584A1 (en) Security control method and system for container of terminal
CN103902882B (en) A kind of prevent user profile from leaking terminal and method
CN108494749B (en) Method, device and equipment for disabling IP address and computer readable storage medium
WO2019071927A1 (en) Authorization information obtaining method and apparatus, electronic device, and readable storage medium
CN106293962B (en) Method and device for calling system command
CN106919812B (en) Application process authority management method and device
KR102054424B1 (en) Service providing system and method for security supporting multi-channel authentication with user equipment, and non-transitory computer readable medium having computer program recorded thereon
KR101961714B1 (en) Service providing system and method for security based on multi-channel authentication with user equipment, and non-transitory computer readable medium having computer program recorded thereon
US20150180848A1 (en) Push-Based Trust Model For Public Cloud Applications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16880392

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16880392

Country of ref document: EP

Kind code of ref document: A1