WO2019210631A1 - Mobile terminal access control method and device - Google Patents
Mobile terminal access control method and device Download PDFInfo
- Publication number
- WO2019210631A1 WO2019210631A1 PCT/CN2018/102876 CN2018102876W WO2019210631A1 WO 2019210631 A1 WO2019210631 A1 WO 2019210631A1 CN 2018102876 W CN2018102876 W CN 2018102876W WO 2019210631 A1 WO2019210631 A1 WO 2019210631A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mobile service
- mobile
- access event
- service access
- target sdk
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
- H04M1/72406—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72448—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
- H04M1/72463—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/605—Copy protection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/608—Watermarking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
Definitions
- the present application relates to the field of computer software technology, and in particular, to a method and apparatus for mobile terminal access control.
- VPNs Virtual Private Network, virtual private network
- MDM Mobile Device Management
- mobile office chat app software on the market generally only has a simple chat and office portal function. Since the data flowing in the app in the enterprise has exceeded the boundary of the traditional enterprise data security protection, the enterprise works in the mobile device. Data management and protection are more difficult. Users can pass data, such as copying and pasting, screen capture, and taking photos, resulting in data leakage.
- the purpose of the present application is to overcome the deficiencies of the prior art and provide a mobile terminal access control method and apparatus capable of effectively controlling service access and ensuring information security.
- the present application provides a mobile terminal access control method, including the steps of: receiving input operation information for a mobile service instance; generating a corresponding mobile service access event according to the operation information; determining an enhanced security SDK Corresponding to the target SDK of the mobile operating system that generates the mobile service access event; calling the target SDK to perform real-time control on the security of the mobile service access event.
- the present application further provides a mobile terminal access control apparatus, including:
- Receiving an operation information module configured to receive the input operation information for the mobile service instance; generating an access event module, configured to generate a corresponding mobile service access event according to the operation information; and determining a target SDK module, configured to determine an enhanced security SDK Corresponding to the target SDK of the mobile operating system that generates the mobile service access event; and the control access event module, configured to invoke the target SDK to perform real-time control on the security of the mobile service access event.
- the present application also provides a mobile terminal access control adaptation device, comprising: one or more processors; a memory; one or more computer programs, wherein the one or more computer programs are stored In the memory and configured to be executed by the one or more processors, the one or more computer programs configured to perform the following steps of a mobile terminal access control method: receiving input for mobile The operation information of the service instance is generated; the corresponding mobile service access event is generated according to the operation information; the target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK is determined; and the target SDK is invoked to the mobile service.
- the security of the access event is controlled in real time.
- the present application also provides a computer readable nonvolatile storage medium having stored thereon a computer program executed by a processor to perform a mobile terminal access control method of the following steps: receiving an input And corresponding to the operation information of the mobile service instance; generating a corresponding mobile service access event according to the operation information; determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK; calling the target SDK
- a mobile terminal access control method of the following steps: receiving an input And corresponding to the operation information of the mobile service instance; generating a corresponding mobile service access event according to the operation information; determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK; calling the target SDK
- the security of mobile service access events is controlled in real time.
- the technical solution of the mobile terminal access control provided by the present application introduces multiple sets of SDKs respectively applicable to different mobile terminal operating systems in the enhanced security SDK, determines the target SDK by the mobile terminal operating system that generates the mobile service access event, and invokes the target SDK pair.
- the security of the mobile service access event is controlled in real time, so that the portal application can be installed and applied to multiple mobile terminal operating systems by only one set of installation files, thereby improving the efficiency and convenience of the use of the portal application.
- FIG. 1 is a flowchart of a mobile terminal access control method according to the present application.
- FIG. 2 is a flowchart of an embodiment of a mobile terminal access control method according to the present application.
- FIG. 3 is a schematic diagram of a cross-platform engine of a mobile application supporting HTML5 according to the present application
- FIG. 4 is a schematic diagram of the composition of an application portal module of the enterprise portal of the present application.
- FIG. 5 is a block diagram of a module of a mobile terminal access control apparatus of the present application.
- FIG. 6 is a schematic diagram of a mobile terminal access control adaptation device of the present application.
- a mobile terminal access control method disclosed in the present disclosure includes the following steps:
- Step 101 Receive input operation information for a mobile service instance.
- Step 102 Generate a corresponding mobile service access event according to the operation information.
- Step 103 Determine a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK.
- Step 104 Call the target SDK to perform real-time control on the security of the mobile service access event.
- the mobile terminal access control method disclosed in the disclosure can be applied to installation including android OS (Android operating system), IOS Enterprise mobile portal application APP software on mobile terminal operating systems such as OS (Apple operating system) and WinPhone OS (Microsoft mobile operating system).
- android OS Android operating system
- IOS Enterprise mobile portal application APP software on mobile terminal operating systems
- OS Apple operating system
- WinPhone OS Microsoft mobile operating system
- Step 201 Load a mobile service module.
- the mobile service module can be various office service modules, such as the attendance punch card service module, the project management service module, the enterprise office automation service module, the enterprise instant messaging tool business module, and the enterprise entertainment activity business module.
- the mobile service module can be pre-packaged in the APP installation file, which is loaded by default when the user installs, or can be dynamically loaded by the APP and the server after downloading data from the server (can be installed as a plug-in) during the process of using the APP. .
- the user can choose to load one or more mobile service modules.
- Step 202 The mobile service module runs a process, and the corresponding process receives operation information input by the user.
- the enterprise instant messaging tool business module runs and generates one or more mobile service instance processes, and the user long presses and pastes the chat information.
- the corresponding process receives the user's operation information.
- the project management service module runs and generates one or more processes of the mobile service instance, and clicks to implement the operation of opening a specific page carrying the confidential data. , the corresponding process receives the user's operation information.
- the enterprise office automation service module runs and generates one or more mobile service instance processes, and the user opens the page containing the enterprise trade secret information, and the page is When the operation of intercepting the screen image is performed, the corresponding process receives the operation information of the user.
- the process of one or more mobile service instances generated by the enterprise entertainment activity business module generates file data of the enterprise plan planning during use, when the user uses the mobile phone Bluetooth
- the driver such as infrared or NFC transmits the file to the outside
- the corresponding process receives the operation information of the user.
- the module runs and generates one or more mobile service instance processes during use, and the user saves the generated data or files to a local operation, or implements Click to access the specific content operation, the corresponding process can receive the user's operation information.
- Step 203 The process generates a corresponding mobile service access event according to the operation information.
- Step 204 The process determines a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK.
- Enhanced Security SDK Software The Development Kit, a software development kit, runs on top of the mobile terminal operating system and is programmed by extending the native capabilities of the mobile terminal operating system browser kernel.
- the enhanced security SDK seamlessly integrates cross-platform engines for mobile apps in the app.
- the enhanced security SDK includes several sets of SDK packages for different mobile operating systems.
- Each SDK package integrates a native interface corresponding to the mobile operating system, and the corresponding process determines the corresponding target SDK according to the mobile operating system that generates the mobile service access time. .
- step 205 the process accesses the target SDK through the mobile application cross-platform engine.
- the process corresponding to the mobile service access event accesses the target SDK through the mobile application cross-platform engine.
- the process accesses the browser kernel of the browser through a JAVAScript request interface of a browser built in the mobile terminal operating system, and then accesses the target SDK through a native interface of the mobile operating system integrated in the target SDK.
- the portal application in the present application can be installed without restriction to be applied to various mobile terminal operating system platforms, such as an Android operating system, an IOS operating system, and a WinPhone operating system.
- step 206 the process invokes the target SDK to perform real-time control on the security of the mobile service access event.
- the target SDK when the target SDK is invoked to control the security of the mobile service access event in real time, the information can be exchanged with the background server, the background server, the enterprise portal application App and the mobile service module therein, the mobile cross-platform engine, and enhanced security.
- the relationship between the SDKs is shown in Figure 3.
- the access type corresponding to the mobile service access event includes at least one of application interaction access, data storage access, and device capability access.
- the target SDK is invoked to control the security of the mobile service access event in real time.
- the security of the service application can be ensured through the control of interface interaction, data storage or device capability access, and the server can be uploaded for log archive for security administrator check.
- the mobile service access event is an application interactive access type, a data storage access type, and a device capability access type.
- the form dynamic watermark function can be implemented by re-encapsulating the browser form control on the IOS or Android platform to support dynamic watermark display. For example, when the user selects to open a specific page carrying the confidential data in the process of using the project management service, the process invokes the SDK to perform real-time control on the operation, adding a watermark to the specific page displayed to the user, and preventing the user from being The company’s secrets are revealed by taking pictures to obtain pictures and affecting the company.
- Copy and paste control function you can control the long press operation in the IOS platform, and control the copyEnable feature of the View component in the Android platform.
- the process invokes the SDK to perform real-time control on the operation, preventing the user from copying and pasting the confidential data to cause the enterprise secret to leak.
- Anti-screen control for example, the user uses the enterprise office automation business module to open a page containing the business secret information of the enterprise, and intercepts the screen image of the page, and the process calls the SDK to perform real-time control on the operation, which can be implemented on the android operating system.
- Anti-screen control for the IOS operating system can not prohibit screen capture, record screen capture operations, sent to the background server for record and archive, to prevent users from intercepting the screen to leak corporate secret content.
- the application local storage is encapsulated to implement an encrypted storage and automatic cache cleaning mechanism to ensure the security of the portal application terminal process data.
- the local data encryption storage function establishes a dedicated storage file for the entire mobile portal application as a unified storage area, and establishes a private file access mechanism in the storage area, and temporarily stores the temporary storage data for each process in the portal according to the area and uses the AES encryption and decryption algorithm to process .
- the user selects to install and use multiple mobile service modules, and implements a save local operation on the generated data or files in the process of using each mobile service instance, or performs an operation of clicking to access specific content, and the process may invoke the SDK pair. These operations perform data partitioning and encryption control as described above.
- the application cache management function dynamically creates a cache data area for the mobile service instance inside the portal, manages the cache data according to the operation status of the mobile service instance, and clears all cached contents before the application portal App exits.
- the remote data clearing function sends a data clearing instruction by the server's management background to delete the specified application and corresponding data on the mobile phone.
- a non-enterprise employee uses a portal application to perform a preset operation, such as accessing a data file
- the operation triggers a security protection function, and sends information to the management background.
- the management background judges information such as the employee's on-the-job status and mobile phone location. If it is determined that the employee corresponding to the portal application login account has resigned, or if the mobile phone where the portal App is installed has been lost, the data clearing instruction is issued, and the process calls the target SDK to perform real-time control on the operation according to the instruction, that is, delete the mobile phone. Specify the application or the corresponding data.
- Access control of terminal hardware capabilities such as Bluetooth transmission, infrared transmission, NFC transmission, positioning, and photographing, ensuring that the hardware access of the portal application is authorized to ensure that the hardware capability access is controlled and recordable.
- the file data of the enterprise activity plan is generated.
- the target is called.
- the SDK controls the operation in real time, and can detect the user authority information. If the user does not have the access control authority, the user is prohibited from accessing and controlling the hardware devices of the terminal.
- the mobile terminal access control apparatus disclosed in the disclosure includes:
- Receiving an operation information module configured to receive input operation information for a mobile service instance
- Generating an access event module configured to generate a corresponding mobile service access event according to the operation information
- Determining a target SDK module configured to determine a target SDK of a mobile operating system corresponding to the mobile service access event in the enhanced security SDK
- the control access event module is configured to invoke the target SDK to perform real-time control on security of the mobile service access event.
- the working processes of receiving the operation information module, generating the access event module, determining the target SDK module, and controlling the access time module respectively correspond to the steps 101, 102, 103, and 104 of the mobile terminal access control method of the present disclosure, and details are not described herein again.
- the present application also provides a mobile terminal access control adaptation device comprising: one or more processors; a memory; one or more computer programs, wherein the one or more computer programs are stored in the memory And configured to be executed by the one or more processors, the one or more computer programs configured to: perform the aforementioned mobile terminal access control method.
- the mobile terminal access control adaptation device may include a processor 1001, such as a CPU, a network interface 1002, a user interface 1003, and a memory 1004. Connection communication between these components can be achieved via a communication bus.
- the network interface 1002 may optionally include a standard wired interface (for connecting to a wired network), a wireless interface (such as a WI-FI interface, a Bluetooth interface, an infrared interface, etc. for connecting to a wireless network).
- the user interface 1003 can include a display, an input unit such as a keyboard, and the optional user interface 1003 can also include a standard wired interface (eg, for connecting a wired keyboard, a wired mouse, etc.) and/or a wireless interface (eg, Used to connect a wireless keyboard, wireless mouse).
- the memory 1004 may be a high speed RAM memory or a non-volatile memory such as a disk memory.
- the memory 1004 can also optionally be a storage device independent of the aforementioned processor 1001.
- the mobile terminal access control adaptation device may further include a camera, RF (Radio) Frequency, RF) circuits, sensors, audio circuits, WiFi modules, and more.
- RF Radio
- RF Radio
- the mobile terminal access control adaptation device structure shown in the figure does not constitute a limitation of the mobile terminal access control adaptation device, and may include more or less components than the illustration, or a combination of some Some parts, or different parts are arranged.
- the present application also provides a computer readable non-volatile storage medium having stored thereon a computer program that, when executed by a processor, implements the steps of the aforementioned mobile terminal access control method.
- an operating system, a network communication module, a user interface module, and a mobile terminal access control adaptation program may be included in the memory 1004 as a computer storage medium.
- the operating system is a program for managing and controlling the hardware and software resources of the mobile terminal access control adaptation device, and supports the operation of the network communication module, the user interface module, the mobile terminal access control adaptation program, and other programs or software;
- the management and control network interface 1002 is used to manage and control the user interface 1003.
- the present disclosure has at least the following beneficial technical effects compared to the prior art:
- the mobile terminal operating system built-in browser kernel JAVAScript callback interface accesses the mobile terminal operating system native API interface, so that the portal App can be installed unrestrictedly applied to various mobile terminal operating system platforms, and the mobile terminal access control method is added. Application flexibility.
- the enhanced security SDK is implemented by programming the native capability extension of the mobile terminal operating system browser kernel, and the implementation manner is simple and easy, which reduces the complexity of the software and improves the operation efficiency.
- the present disclosure includes apparatus that is directed to performing one or more of the operations described in this disclosure. These devices may be specially designed and manufactured for the required purposes, or may also include known devices in a general purpose computer. These devices have computer programs stored therein that are selectively activated or reconfigured.
- Such computer programs may be stored in a device (eg, computer) readable medium or in any type of medium suitable for storing electronic instructions and coupled to a bus, respectively, including but not limited to any Types of disks (including floppy disks, hard disks, optical disks, CD-ROMs, and magneto-optical disks), ROM (Read-Only Memory), RAM (Random AcceSS) Memory, RAM, EPROM (EraSable) Programmable Read-Only Memory, EEPROM (Electrically EraSable Programmable Read-Only Memory), flash memory, magnetic card or light card.
- a readable medium includes any medium that is stored or transmitted by a device (eg, a computer) in a readable form.
Abstract
Description
Claims (20)
- 一种移动终端访问控制方法,所述方法包括以下步骤:A mobile terminal access control method, the method comprising the following steps:接收输入的针对移动业务实例的操作信息;Receiving input operation information for a mobile service instance;根据所述操作信息产生对应的移动业务访问事件;Generating a corresponding mobile service access event according to the operation information;确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK;调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
- 如权利要求1所述的移动终端访问控制方法,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制,包括:The mobile terminal access control method according to claim 1, wherein the calling the target SDK to perform real-time control on the security of the mobile service access event comprises:所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK;The mobile service instance corresponding to the mobile service access event accesses the target SDK through a mobile application cross-platform engine;调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
- 如权利要求2所述的移动终端访问控制方法,所述移动业务实例为基于HTML5的移动业务实例,所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK包括:The mobile terminal access control method according to claim 2, wherein the mobile service instance is an HTML5-based mobile service instance, and the mobile service instance corresponding to the mobile service access event accessing the target SDK through the mobile application cross-platform engine comprises:所述移动业务实例通过所述移动终端操作系统内置的浏览器的JAVAScript请求接口访问所述浏览器的浏览器内核;The mobile service instance accesses a browser kernel of the browser through a JAVAScript request interface of a browser built in the mobile terminal operating system;通过所述目标SDK中集成的所述移动操作系统的原生接口访问所述目标SDK。The target SDK is accessed through a native interface of the mobile operating system integrated in the target SDK.
- 如权利要求1所述的移动终端访问控制方法,所述移动业务访问事件对应的访问类型包括:应用交互访问、数据存储访问和设备能力访问之中的至少一种。The mobile terminal access control method according to claim 1, wherein the access type corresponding to the mobile service access event comprises at least one of an application interaction access, a data storage access, and a device capability access.
- 如权利要求4所述的移动终端访问控制方法,所述移动业务访问事件对应的访问类型为应用交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The mobile terminal access control method according to claim 4, wherein the access type corresponding to the mobile service access event is an application interactive access, and the calling the target SDK to perform real-time control on the security of the mobile service access event includes:根据所述移动业务访问事件调用所述目标SDK以对窗体显示添加水印;或,Invoking the target SDK according to the mobile service access event to add a watermark to the form display; or,根据所述移动业务访问事件调用所述目标SDK以禁止复制粘贴操作;或,Invoking the target SDK according to the mobile service access event to prohibit copying and pasting operations; or当所述移动终端操作系统为Android操作系统时,根据所述移动业务访问事件调用所述目标SDK以禁止截屏操作;或,When the operating system of the mobile terminal is an Android operating system, the target SDK is invoked according to the mobile service access event to prohibit a screen capture operation; or当所述移动终端操作系统为IOS操作系统时,根据所述移动业务访问事件调用所述目标SDK以记录截屏操作,并将截屏记录上传至服务器。When the operating system of the mobile terminal is an IOS operating system, the target SDK is invoked according to the mobile service access event to record a screen capture operation, and the screen capture record is uploaded to the server.
- 如权利要求4所述的移动终端访问控制方法,所述移动业务访问事件对应的访问类型为数据存储访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The mobile terminal access control method according to claim 4, wherein the access type corresponding to the mobile service access event is a data storage access, and the calling the target SDK to perform real-time control on the security of the mobile service access event includes:根据所述移动业务访问事件调用所述目标SDK以建立统一存储区,将所述移动业务实例产生的临时存储数据存储于特定区域并加密;或,Invoking the target SDK according to the mobile service access event to establish a unified storage area, storing temporary storage data generated by the mobile service instance in a specific area and encrypting; or根据所述移动业务访问事件调用所述目标SDK以建立针对所述移动业务实例的缓存数据区,在程序退出前清除缓存数据区的所有数据;或Invoking the target SDK according to the mobile service access event to establish a cache data area for the mobile service instance, and clearing all data of the cache data area before the program exits; or根据所述移动业务访问事件调用所述目标SDK以清除特定数据存储区中的数据。The target SDK is invoked according to the mobile service access event to clear data in a particular data store.
- 如权利要求4所述的移动终端访问控制方法,所述移动业务访问事件对应的访问类型为设备交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The mobile terminal access control method according to claim 4, wherein the access type corresponding to the mobile service access event is device interactive access, and the calling the target SDK to perform real-time control on the security of the mobile service access event includes:根据所述移动业务访问事件调用所述目标SDK以禁止拍照操作;或,Invoking the target SDK according to the mobile service access event to prohibit a photographing operation; or根据所述移动业务访问事件调用所述目标SDK以禁止获取定位信息。The target SDK is invoked according to the mobile service access event to prohibit acquisition of location information.
- 一种移动终端访问控制装置,包括:A mobile terminal access control device includes:接收操作信息模块,用于接收输入的针对移动业务实例的操作信息;Receiving an operation information module, configured to receive input operation information for a mobile service instance;产生访问事件模块,用于根据所述操作信息产生对应的移动业务访问事件;Generating an access event module, configured to generate a corresponding mobile service access event according to the operation information;确定目标SDK模块,用于确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Determining a target SDK module, configured to determine a target SDK of a mobile operating system corresponding to the mobile service access event in the enhanced security SDK;控制访问事件模块,用于调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The control access event module is configured to invoke the target SDK to perform real-time control on security of the mobile service access event.
- 一种移动终端访问控制适配设备,包括:A mobile terminal access control adaptation device includes:一个或多个处理器;One or more processors;存储器;Memory一个或多个计算机程序,其中所述一个或多个计算机程序被存储在所述存储器中并被配置为由所述一个或多个处理器执行,所述一个或多个计算机程序配置用于:执行一种移动终端访问控制方法的下述步骤:One or more computer programs, wherein the one or more computer programs are stored in the memory and configured to be executed by the one or more processors, the one or more computer programs configured to: Perform the following steps of a mobile terminal access control method:接收输入的针对移动业务实例的操作信息;Receiving input operation information for a mobile service instance;根据所述操作信息产生对应的移动业务访问事件;Generating a corresponding mobile service access event according to the operation information;确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK;调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
- 根据权利要求9所述的移动终端访问控制适配设备,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制,包括:The mobile terminal access control adaptation device according to claim 9, wherein the calling the target SDK to perform real-time control on the security of the mobile service access event comprises:所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK;The mobile service instance corresponding to the mobile service access event accesses the target SDK through a mobile application cross-platform engine;调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
- 根据权利要求10所述的移动终端访问控制适配设备,所述移动业务实例为基于HTML5的移动业务实例,所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK包括:The mobile terminal access control adaptation device according to claim 10, wherein the mobile service instance is an HTML5-based mobile service instance, and the mobile service instance corresponding to the mobile service access event accesses the target SDK through a mobile application cross-platform engine include:所述移动业务实例通过所述移动终端操作系统内置的浏览器的JAVAScript请求接口访问所述浏览器的浏览器内核;The mobile service instance accesses a browser kernel of the browser through a JAVAScript request interface of a browser built in the mobile terminal operating system;通过所述目标SDK中集成的所述移动操作系统的原生接口访问所述目标SDK。The target SDK is accessed through a native interface of the mobile operating system integrated in the target SDK.
- 根据权利要求9所述的移动终端访问控制适配设备,所述移动业务访问事件对应的访问类型包括:应用交互访问、数据存储访问和设备能力访问之中的至少一种。The mobile terminal access control adaptation device according to claim 9, wherein the access type corresponding to the mobile service access event comprises at least one of an application interaction access, a data storage access, and a device capability access.
- 根据权利要求12所述的移动终端访问控制适配设备,所述移动业务访问事件对应的访问类型为应用交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The mobile terminal access control adaptation device according to claim 12, wherein the access type corresponding to the mobile service access event is an application interactive access, and the calling the target SDK controls the security of the mobile service access event in real time. include:根据所述移动业务访问事件调用所述目标SDK以对窗体显示添加水印;或,Invoking the target SDK according to the mobile service access event to add a watermark to the form display; or,根据所述移动业务访问事件调用所述目标SDK以禁止复制粘贴操作;或,Invoking the target SDK according to the mobile service access event to prohibit copying and pasting operations; or当所述移动终端操作系统为Android操作系统时,根据所述移动业务访问事件调用所述目标SDK以禁止截屏操作;或,When the operating system of the mobile terminal is an Android operating system, the target SDK is invoked according to the mobile service access event to prohibit a screen capture operation; or当所述移动终端操作系统为IOS操作系统时,根据所述移动业务访问事件调用所述目标SDK以记录截屏操作,并将截屏记录上传至服务器。When the operating system of the mobile terminal is an IOS operating system, the target SDK is invoked according to the mobile service access event to record a screen capture operation, and the screen capture record is uploaded to the server.
- 一种计算机可读非易失性存储介质,其上存储有计算机程序,该程序被处理器执行时实现一种移动终端访问控制方法的下述步骤:A computer readable non-volatile storage medium having stored thereon a computer program that, when executed by a processor, implements the following steps of a mobile terminal access control method:接收输入的针对移动业务实例的操作信息;Receiving input operation information for a mobile service instance;根据所述操作信息产生对应的移动业务访问事件;Generating a corresponding mobile service access event according to the operation information;确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK;调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
- 根据权利要求14所述的计算机可读非易失性存储介质,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制,包括:The computer readable non-volatile storage medium according to claim 14, wherein the calling the target SDK to perform real-time control on security of the mobile service access event comprises:所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK;The mobile service instance corresponding to the mobile service access event accesses the target SDK through a mobile application cross-platform engine;调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
- 根据权利要求15所述的计算机可读非易失性存储介质,所述移动业务实例为基于HTML5的移动业务实例,所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK包括:The computer readable non-volatile storage medium according to claim 15, wherein the mobile service instance is an HTML5-based mobile service instance, and the mobile service instance corresponding to the mobile service access event accesses the mobile application cross-platform engine The target SDK includes:所述移动业务实例通过所述移动终端操作系统内置的浏览器的JAVAScript请求接口访问所述浏览器的浏览器内核;The mobile service instance accesses a browser kernel of the browser through a JAVAScript request interface of a browser built in the mobile terminal operating system;通过所述目标SDK中集成的所述移动操作系统的原生接口访问所述目标SDK。The target SDK is accessed through a native interface of the mobile operating system integrated in the target SDK.
- 根据权利要求14所述的计算机可读非易失性存储介质,所述移动业务访问事件对应的访问类型包括:应用交互访问、数据存储访问和设备能力访问之中的至少一种。The computer readable non-volatile storage medium according to claim 14, wherein the access type corresponding to the mobile service access event comprises at least one of an application interaction access, a data storage access, and a device capability access.
- 根据权利要求17所述的计算机可读非易失性存储介质,所述移动业务访问事件对应的访问类型为应用交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The computer readable non-volatile storage medium according to claim 17, wherein the access type corresponding to the mobile service access event is an application interactive access, and the calling the target SDK performs security on the mobile service access event. Real-time control includes:根据所述移动业务访问事件调用所述目标SDK以对窗体显示添加水印;或,Invoking the target SDK according to the mobile service access event to add a watermark to the form display; or,根据所述移动业务访问事件调用所述目标SDK以禁止复制粘贴操作;或,Invoking the target SDK according to the mobile service access event to prohibit copying and pasting operations; or当所述移动终端操作系统为Android操作系统时,根据所述移动业务访问事件调用所述目标SDK以禁止截屏操作;或,When the operating system of the mobile terminal is an Android operating system, the target SDK is invoked according to the mobile service access event to prohibit a screen capture operation; or当所述移动终端操作系统为IOS操作系统时,根据所述移动业务访问事件调用所述目标SDK以记录截屏操作,并将截屏记录上传至服务器。When the operating system of the mobile terminal is an IOS operating system, the target SDK is invoked according to the mobile service access event to record a screen capture operation, and the screen capture record is uploaded to the server.
- 根据权利要求17所述的计算机可读非易失性存储介质,所述移动业务访问事件对应的访问类型为数据存储访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The computer readable non-volatile storage medium according to claim 17, wherein the access type corresponding to the mobile service access event is a data storage access, and the calling the target SDK performs security on the mobile service access event. Real-time control includes:根据所述移动业务访问事件调用所述目标SDK以建立统一存储区,将所述移动业务实例产生的临时存储数据存储于特定区域并加密;或,Invoking the target SDK according to the mobile service access event to establish a unified storage area, storing temporary storage data generated by the mobile service instance in a specific area and encrypting; or根据所述移动业务访问事件调用所述目标SDK以建立针对所述移动业务实例的缓存数据区,在程序退出前清除缓存数据区的所有数据;或Invoking the target SDK according to the mobile service access event to establish a cache data area for the mobile service instance, and clearing all data of the cache data area before the program exits; or根据所述移动业务访问事件调用所述目标SDK以清除特定数据存储区中的数据。The target SDK is invoked according to the mobile service access event to clear data in a particular data store.
- 根据权利要求17所述的计算机可读非易失性存储介质,所述移动业务访问事件对应的访问类型为设备交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The computer readable non-volatile storage medium according to claim 17, wherein the access type corresponding to the mobile service access event is device interactive access, and the calling the target SDK performs security on the mobile service access event. Real-time control includes:根据所述移动业务访问事件调用所述目标SDK以禁止拍照操作;或,Invoking the target SDK according to the mobile service access event to prohibit a photographing operation; or根据所述移动业务访问事件调用所述目标SDK以禁止获取定位信息。The target SDK is invoked according to the mobile service access event to prohibit acquisition of location information.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810413940.1A CN108632807B (en) | 2018-05-03 | 2018-05-03 | Mobile terminal access control method and device |
CN201810413940.1 | 2018-05-03 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019210631A1 true WO2019210631A1 (en) | 2019-11-07 |
Family
ID=63695294
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2018/102876 WO2019210631A1 (en) | 2018-05-03 | 2018-08-29 | Mobile terminal access control method and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108632807B (en) |
WO (1) | WO2019210631A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111371614A (en) * | 2020-03-04 | 2020-07-03 | 深信服科技股份有限公司 | Network access method, device and system |
CN113472687A (en) * | 2021-07-15 | 2021-10-01 | 北京京东振世信息技术有限公司 | Data processing method and device |
CN114650154A (en) * | 2020-12-17 | 2022-06-21 | 腾讯科技(深圳)有限公司 | Webpage permission behavior control method and device, computer equipment and storage medium |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109683990B (en) * | 2018-12-27 | 2019-07-23 | 四川新网银行股份有限公司 | H5 multiterminal cut-in method based on mixed mode mobile application |
CN109858205A (en) * | 2018-12-29 | 2019-06-07 | 深圳市雁联移动科技有限公司 | A kind of safe Enhancement Method and device suitable for enterprise mobile working portal |
CN111199046A (en) * | 2019-11-29 | 2020-05-26 | 云深互联(北京)科技有限公司 | Content protection method and device based on enterprise browser |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2743856A1 (en) * | 2012-12-14 | 2014-06-18 | Samsung Electronics Co., Ltd | Method and apparatus for protecting application program |
CN104572114A (en) * | 2015-01-23 | 2015-04-29 | 盟游(北京)科技有限公司 | Binding device, application updating device and method and application |
CN106372473A (en) * | 2016-09-02 | 2017-02-01 | 深圳中兴网信科技有限公司 | Screen capturing method, screen capturing device, terminal and server |
CN106845256A (en) * | 2017-01-24 | 2017-06-13 | 腾讯科技(深圳)有限公司 | A kind of method and terminal of encryption and decryption data in the application |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104317626B (en) * | 2014-11-13 | 2017-08-11 | 北京奇虎科技有限公司 | The methods, devices and systems of application software control of authority in terminal device |
CN106775668A (en) * | 2016-11-30 | 2017-05-31 | 广东亿迅科技有限公司 | The mobile applications Development Framework and implementation method of cross operating system |
CN107231378A (en) * | 2017-07-21 | 2017-10-03 | 云南电网有限责任公司信息中心 | A kind of security control method based on electric power mobile office equipment, apparatus and system |
CN107766728A (en) * | 2017-08-28 | 2018-03-06 | 国家电网公司 | Mobile application security managing device, method and mobile operation safety protection system |
-
2018
- 2018-05-03 CN CN201810413940.1A patent/CN108632807B/en active Active
- 2018-08-29 WO PCT/CN2018/102876 patent/WO2019210631A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2743856A1 (en) * | 2012-12-14 | 2014-06-18 | Samsung Electronics Co., Ltd | Method and apparatus for protecting application program |
CN104572114A (en) * | 2015-01-23 | 2015-04-29 | 盟游(北京)科技有限公司 | Binding device, application updating device and method and application |
CN106372473A (en) * | 2016-09-02 | 2017-02-01 | 深圳中兴网信科技有限公司 | Screen capturing method, screen capturing device, terminal and server |
CN106845256A (en) * | 2017-01-24 | 2017-06-13 | 腾讯科技(深圳)有限公司 | A kind of method and terminal of encryption and decryption data in the application |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111371614A (en) * | 2020-03-04 | 2020-07-03 | 深信服科技股份有限公司 | Network access method, device and system |
CN111371614B (en) * | 2020-03-04 | 2024-04-09 | 深信服科技股份有限公司 | Network access method, device and system |
CN114650154A (en) * | 2020-12-17 | 2022-06-21 | 腾讯科技(深圳)有限公司 | Webpage permission behavior control method and device, computer equipment and storage medium |
CN114650154B (en) * | 2020-12-17 | 2023-07-18 | 腾讯科技(深圳)有限公司 | Webpage authority behavior control method and device, computer equipment and storage medium |
CN113472687A (en) * | 2021-07-15 | 2021-10-01 | 北京京东振世信息技术有限公司 | Data processing method and device |
CN113472687B (en) * | 2021-07-15 | 2023-12-05 | 北京京东振世信息技术有限公司 | Data processing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN108632807A (en) | 2018-10-09 |
CN108632807B (en) | 2021-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019210631A1 (en) | Mobile terminal access control method and device | |
US9165139B2 (en) | System and method for creating secure applications | |
JP6718530B2 (en) | Image analysis and management | |
US8990920B2 (en) | Creating a virtual private network (VPN) for a single app on an internet-enabled device or system | |
US10901763B2 (en) | Systems and methods for user interface detection | |
US9240977B2 (en) | Techniques for protecting mobile applications | |
US11669376B2 (en) | Systems and methods for intercepting and enhancing SaaS application calls via embedded browser | |
US9306933B2 (en) | Ensuring network connection security between a wrapped app and a remote server | |
US9232012B1 (en) | Method and system for data usage accounting in a computing device | |
KR20160043044A (en) | Gateway device for terminating a large volume of vpn connections | |
US11893123B2 (en) | Systems and methods for screenshot mediation based on policy | |
US20200106699A1 (en) | Systems and methods for multilink wan connectivity for saas applications | |
CN105787373A (en) | Android terminal data leak-proof method in mobile office system | |
US20220197970A1 (en) | Systems and methods for improved remote display protocol for html applications | |
US11544415B2 (en) | Context-aware obfuscation and unobfuscation of sensitive content | |
US11783014B2 (en) | Trust zone hosted secure screen mode for discretionary presentation of sensitive corporate information to trusted endpoints | |
AU2019280105B1 (en) | Systems and methods for intercepting and enhancing SaaS application calls via embedded browser | |
WO2023216989A1 (en) | Method for converting file format, and electronic device | |
EP2738709A1 (en) | An improved method and device for enforcing privacy policies | |
WO2020187008A1 (en) | Service invocation control method, service invocation method, device, and terminal | |
KR102425978B1 (en) | Composite web UI provision system in cloud service platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18917173 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25.03.2021) |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25.03.2021) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18917173 Country of ref document: EP Kind code of ref document: A1 |