WO2019210631A1 - Mobile terminal access control method and device - Google Patents

Mobile terminal access control method and device Download PDF

Info

Publication number
WO2019210631A1
WO2019210631A1 PCT/CN2018/102876 CN2018102876W WO2019210631A1 WO 2019210631 A1 WO2019210631 A1 WO 2019210631A1 CN 2018102876 W CN2018102876 W CN 2018102876W WO 2019210631 A1 WO2019210631 A1 WO 2019210631A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile service
mobile
access event
service access
target sdk
Prior art date
Application number
PCT/CN2018/102876
Other languages
French (fr)
Chinese (zh)
Inventor
李睿
谢晴
罗海光
李洋
孔茉莉
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019210631A1 publication Critical patent/WO2019210631A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72406User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/605Copy protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/608Watermarking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]

Definitions

  • the present application relates to the field of computer software technology, and in particular, to a method and apparatus for mobile terminal access control.
  • VPNs Virtual Private Network, virtual private network
  • MDM Mobile Device Management
  • mobile office chat app software on the market generally only has a simple chat and office portal function. Since the data flowing in the app in the enterprise has exceeded the boundary of the traditional enterprise data security protection, the enterprise works in the mobile device. Data management and protection are more difficult. Users can pass data, such as copying and pasting, screen capture, and taking photos, resulting in data leakage.
  • the purpose of the present application is to overcome the deficiencies of the prior art and provide a mobile terminal access control method and apparatus capable of effectively controlling service access and ensuring information security.
  • the present application provides a mobile terminal access control method, including the steps of: receiving input operation information for a mobile service instance; generating a corresponding mobile service access event according to the operation information; determining an enhanced security SDK Corresponding to the target SDK of the mobile operating system that generates the mobile service access event; calling the target SDK to perform real-time control on the security of the mobile service access event.
  • the present application further provides a mobile terminal access control apparatus, including:
  • Receiving an operation information module configured to receive the input operation information for the mobile service instance; generating an access event module, configured to generate a corresponding mobile service access event according to the operation information; and determining a target SDK module, configured to determine an enhanced security SDK Corresponding to the target SDK of the mobile operating system that generates the mobile service access event; and the control access event module, configured to invoke the target SDK to perform real-time control on the security of the mobile service access event.
  • the present application also provides a mobile terminal access control adaptation device, comprising: one or more processors; a memory; one or more computer programs, wherein the one or more computer programs are stored In the memory and configured to be executed by the one or more processors, the one or more computer programs configured to perform the following steps of a mobile terminal access control method: receiving input for mobile The operation information of the service instance is generated; the corresponding mobile service access event is generated according to the operation information; the target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK is determined; and the target SDK is invoked to the mobile service.
  • the security of the access event is controlled in real time.
  • the present application also provides a computer readable nonvolatile storage medium having stored thereon a computer program executed by a processor to perform a mobile terminal access control method of the following steps: receiving an input And corresponding to the operation information of the mobile service instance; generating a corresponding mobile service access event according to the operation information; determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK; calling the target SDK
  • a mobile terminal access control method of the following steps: receiving an input And corresponding to the operation information of the mobile service instance; generating a corresponding mobile service access event according to the operation information; determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK; calling the target SDK
  • the security of mobile service access events is controlled in real time.
  • the technical solution of the mobile terminal access control provided by the present application introduces multiple sets of SDKs respectively applicable to different mobile terminal operating systems in the enhanced security SDK, determines the target SDK by the mobile terminal operating system that generates the mobile service access event, and invokes the target SDK pair.
  • the security of the mobile service access event is controlled in real time, so that the portal application can be installed and applied to multiple mobile terminal operating systems by only one set of installation files, thereby improving the efficiency and convenience of the use of the portal application.
  • FIG. 1 is a flowchart of a mobile terminal access control method according to the present application.
  • FIG. 2 is a flowchart of an embodiment of a mobile terminal access control method according to the present application.
  • FIG. 3 is a schematic diagram of a cross-platform engine of a mobile application supporting HTML5 according to the present application
  • FIG. 4 is a schematic diagram of the composition of an application portal module of the enterprise portal of the present application.
  • FIG. 5 is a block diagram of a module of a mobile terminal access control apparatus of the present application.
  • FIG. 6 is a schematic diagram of a mobile terminal access control adaptation device of the present application.
  • a mobile terminal access control method disclosed in the present disclosure includes the following steps:
  • Step 101 Receive input operation information for a mobile service instance.
  • Step 102 Generate a corresponding mobile service access event according to the operation information.
  • Step 103 Determine a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK.
  • Step 104 Call the target SDK to perform real-time control on the security of the mobile service access event.
  • the mobile terminal access control method disclosed in the disclosure can be applied to installation including android OS (Android operating system), IOS Enterprise mobile portal application APP software on mobile terminal operating systems such as OS (Apple operating system) and WinPhone OS (Microsoft mobile operating system).
  • android OS Android operating system
  • IOS Enterprise mobile portal application APP software on mobile terminal operating systems
  • OS Apple operating system
  • WinPhone OS Microsoft mobile operating system
  • Step 201 Load a mobile service module.
  • the mobile service module can be various office service modules, such as the attendance punch card service module, the project management service module, the enterprise office automation service module, the enterprise instant messaging tool business module, and the enterprise entertainment activity business module.
  • the mobile service module can be pre-packaged in the APP installation file, which is loaded by default when the user installs, or can be dynamically loaded by the APP and the server after downloading data from the server (can be installed as a plug-in) during the process of using the APP. .
  • the user can choose to load one or more mobile service modules.
  • Step 202 The mobile service module runs a process, and the corresponding process receives operation information input by the user.
  • the enterprise instant messaging tool business module runs and generates one or more mobile service instance processes, and the user long presses and pastes the chat information.
  • the corresponding process receives the user's operation information.
  • the project management service module runs and generates one or more processes of the mobile service instance, and clicks to implement the operation of opening a specific page carrying the confidential data. , the corresponding process receives the user's operation information.
  • the enterprise office automation service module runs and generates one or more mobile service instance processes, and the user opens the page containing the enterprise trade secret information, and the page is When the operation of intercepting the screen image is performed, the corresponding process receives the operation information of the user.
  • the process of one or more mobile service instances generated by the enterprise entertainment activity business module generates file data of the enterprise plan planning during use, when the user uses the mobile phone Bluetooth
  • the driver such as infrared or NFC transmits the file to the outside
  • the corresponding process receives the operation information of the user.
  • the module runs and generates one or more mobile service instance processes during use, and the user saves the generated data or files to a local operation, or implements Click to access the specific content operation, the corresponding process can receive the user's operation information.
  • Step 203 The process generates a corresponding mobile service access event according to the operation information.
  • Step 204 The process determines a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK.
  • Enhanced Security SDK Software The Development Kit, a software development kit, runs on top of the mobile terminal operating system and is programmed by extending the native capabilities of the mobile terminal operating system browser kernel.
  • the enhanced security SDK seamlessly integrates cross-platform engines for mobile apps in the app.
  • the enhanced security SDK includes several sets of SDK packages for different mobile operating systems.
  • Each SDK package integrates a native interface corresponding to the mobile operating system, and the corresponding process determines the corresponding target SDK according to the mobile operating system that generates the mobile service access time. .
  • step 205 the process accesses the target SDK through the mobile application cross-platform engine.
  • the process corresponding to the mobile service access event accesses the target SDK through the mobile application cross-platform engine.
  • the process accesses the browser kernel of the browser through a JAVAScript request interface of a browser built in the mobile terminal operating system, and then accesses the target SDK through a native interface of the mobile operating system integrated in the target SDK.
  • the portal application in the present application can be installed without restriction to be applied to various mobile terminal operating system platforms, such as an Android operating system, an IOS operating system, and a WinPhone operating system.
  • step 206 the process invokes the target SDK to perform real-time control on the security of the mobile service access event.
  • the target SDK when the target SDK is invoked to control the security of the mobile service access event in real time, the information can be exchanged with the background server, the background server, the enterprise portal application App and the mobile service module therein, the mobile cross-platform engine, and enhanced security.
  • the relationship between the SDKs is shown in Figure 3.
  • the access type corresponding to the mobile service access event includes at least one of application interaction access, data storage access, and device capability access.
  • the target SDK is invoked to control the security of the mobile service access event in real time.
  • the security of the service application can be ensured through the control of interface interaction, data storage or device capability access, and the server can be uploaded for log archive for security administrator check.
  • the mobile service access event is an application interactive access type, a data storage access type, and a device capability access type.
  • the form dynamic watermark function can be implemented by re-encapsulating the browser form control on the IOS or Android platform to support dynamic watermark display. For example, when the user selects to open a specific page carrying the confidential data in the process of using the project management service, the process invokes the SDK to perform real-time control on the operation, adding a watermark to the specific page displayed to the user, and preventing the user from being The company’s secrets are revealed by taking pictures to obtain pictures and affecting the company.
  • Copy and paste control function you can control the long press operation in the IOS platform, and control the copyEnable feature of the View component in the Android platform.
  • the process invokes the SDK to perform real-time control on the operation, preventing the user from copying and pasting the confidential data to cause the enterprise secret to leak.
  • Anti-screen control for example, the user uses the enterprise office automation business module to open a page containing the business secret information of the enterprise, and intercepts the screen image of the page, and the process calls the SDK to perform real-time control on the operation, which can be implemented on the android operating system.
  • Anti-screen control for the IOS operating system can not prohibit screen capture, record screen capture operations, sent to the background server for record and archive, to prevent users from intercepting the screen to leak corporate secret content.
  • the application local storage is encapsulated to implement an encrypted storage and automatic cache cleaning mechanism to ensure the security of the portal application terminal process data.
  • the local data encryption storage function establishes a dedicated storage file for the entire mobile portal application as a unified storage area, and establishes a private file access mechanism in the storage area, and temporarily stores the temporary storage data for each process in the portal according to the area and uses the AES encryption and decryption algorithm to process .
  • the user selects to install and use multiple mobile service modules, and implements a save local operation on the generated data or files in the process of using each mobile service instance, or performs an operation of clicking to access specific content, and the process may invoke the SDK pair. These operations perform data partitioning and encryption control as described above.
  • the application cache management function dynamically creates a cache data area for the mobile service instance inside the portal, manages the cache data according to the operation status of the mobile service instance, and clears all cached contents before the application portal App exits.
  • the remote data clearing function sends a data clearing instruction by the server's management background to delete the specified application and corresponding data on the mobile phone.
  • a non-enterprise employee uses a portal application to perform a preset operation, such as accessing a data file
  • the operation triggers a security protection function, and sends information to the management background.
  • the management background judges information such as the employee's on-the-job status and mobile phone location. If it is determined that the employee corresponding to the portal application login account has resigned, or if the mobile phone where the portal App is installed has been lost, the data clearing instruction is issued, and the process calls the target SDK to perform real-time control on the operation according to the instruction, that is, delete the mobile phone. Specify the application or the corresponding data.
  • Access control of terminal hardware capabilities such as Bluetooth transmission, infrared transmission, NFC transmission, positioning, and photographing, ensuring that the hardware access of the portal application is authorized to ensure that the hardware capability access is controlled and recordable.
  • the file data of the enterprise activity plan is generated.
  • the target is called.
  • the SDK controls the operation in real time, and can detect the user authority information. If the user does not have the access control authority, the user is prohibited from accessing and controlling the hardware devices of the terminal.
  • the mobile terminal access control apparatus disclosed in the disclosure includes:
  • Receiving an operation information module configured to receive input operation information for a mobile service instance
  • Generating an access event module configured to generate a corresponding mobile service access event according to the operation information
  • Determining a target SDK module configured to determine a target SDK of a mobile operating system corresponding to the mobile service access event in the enhanced security SDK
  • the control access event module is configured to invoke the target SDK to perform real-time control on security of the mobile service access event.
  • the working processes of receiving the operation information module, generating the access event module, determining the target SDK module, and controlling the access time module respectively correspond to the steps 101, 102, 103, and 104 of the mobile terminal access control method of the present disclosure, and details are not described herein again.
  • the present application also provides a mobile terminal access control adaptation device comprising: one or more processors; a memory; one or more computer programs, wherein the one or more computer programs are stored in the memory And configured to be executed by the one or more processors, the one or more computer programs configured to: perform the aforementioned mobile terminal access control method.
  • the mobile terminal access control adaptation device may include a processor 1001, such as a CPU, a network interface 1002, a user interface 1003, and a memory 1004. Connection communication between these components can be achieved via a communication bus.
  • the network interface 1002 may optionally include a standard wired interface (for connecting to a wired network), a wireless interface (such as a WI-FI interface, a Bluetooth interface, an infrared interface, etc. for connecting to a wireless network).
  • the user interface 1003 can include a display, an input unit such as a keyboard, and the optional user interface 1003 can also include a standard wired interface (eg, for connecting a wired keyboard, a wired mouse, etc.) and/or a wireless interface (eg, Used to connect a wireless keyboard, wireless mouse).
  • the memory 1004 may be a high speed RAM memory or a non-volatile memory such as a disk memory.
  • the memory 1004 can also optionally be a storage device independent of the aforementioned processor 1001.
  • the mobile terminal access control adaptation device may further include a camera, RF (Radio) Frequency, RF) circuits, sensors, audio circuits, WiFi modules, and more.
  • RF Radio
  • RF Radio
  • the mobile terminal access control adaptation device structure shown in the figure does not constitute a limitation of the mobile terminal access control adaptation device, and may include more or less components than the illustration, or a combination of some Some parts, or different parts are arranged.
  • the present application also provides a computer readable non-volatile storage medium having stored thereon a computer program that, when executed by a processor, implements the steps of the aforementioned mobile terminal access control method.
  • an operating system, a network communication module, a user interface module, and a mobile terminal access control adaptation program may be included in the memory 1004 as a computer storage medium.
  • the operating system is a program for managing and controlling the hardware and software resources of the mobile terminal access control adaptation device, and supports the operation of the network communication module, the user interface module, the mobile terminal access control adaptation program, and other programs or software;
  • the management and control network interface 1002 is used to manage and control the user interface 1003.
  • the present disclosure has at least the following beneficial technical effects compared to the prior art:
  • the mobile terminal operating system built-in browser kernel JAVAScript callback interface accesses the mobile terminal operating system native API interface, so that the portal App can be installed unrestrictedly applied to various mobile terminal operating system platforms, and the mobile terminal access control method is added. Application flexibility.
  • the enhanced security SDK is implemented by programming the native capability extension of the mobile terminal operating system browser kernel, and the implementation manner is simple and easy, which reduces the complexity of the software and improves the operation efficiency.
  • the present disclosure includes apparatus that is directed to performing one or more of the operations described in this disclosure. These devices may be specially designed and manufactured for the required purposes, or may also include known devices in a general purpose computer. These devices have computer programs stored therein that are selectively activated or reconfigured.
  • Such computer programs may be stored in a device (eg, computer) readable medium or in any type of medium suitable for storing electronic instructions and coupled to a bus, respectively, including but not limited to any Types of disks (including floppy disks, hard disks, optical disks, CD-ROMs, and magneto-optical disks), ROM (Read-Only Memory), RAM (Random AcceSS) Memory, RAM, EPROM (EraSable) Programmable Read-Only Memory, EEPROM (Electrically EraSable Programmable Read-Only Memory), flash memory, magnetic card or light card.
  • a readable medium includes any medium that is stored or transmitted by a device (eg, a computer) in a readable form.

Abstract

Disclosed is a mobile terminal access control method, comprising: receiving operating information input regarding a mobile service instance; generating a corresponding mobile service access event according to the operating information; determining, from a security enhanced SDK, a target SDK of a mobile operating system which correspondingly generates the mobile service access event; and calling the target SDK to carry out real-time control on the security of the mobile service access event. Compared with the prior art, in the present application, multiple sets of SDKs respectively suitable for different mobile terminal operating systems are introduced into a security enhanced SDK, a target SDK is determined by means of a mobile terminal operating system which generates a mobile service access event, and the target SDK is called to carry out real-time control on the security of the mobile service access event, so that a portal application can be installed and applied, only with one set of installation files, to multiple mobile terminal operating systems, and the efficiency and convenience of the usage of the portal application are improved.

Description

移动终端访问控制的方法及装置Method and device for access control of mobile terminal 技术领域Technical field
本申请要求于2018年5月3日提交中国专利局、申请号为201810413940.1,发明名称为“移动终端访问控制的方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 20181041394, filed on May 3, 2008, the entire disclosure of which is incorporated herein by reference. in.
本申请涉及计算机软件技术领域,更具体地,涉及一种移动终端访问控制的方法及装置。The present application relates to the field of computer software technology, and in particular, to a method and apparatus for mobile terminal access control.
背景技术Background technique
随着移动互联网的发展,企业为了提升员工办公效率,建设了各种移动办公应用软件。企业移动应用打破了传统企业网络访问控制边界,且移动设备具备个人消费品特性,个人和工作信息混杂,给企业带来了严重的信息安全隐患。因此,必须配置相应的移动安全管理手段,确保企业各业务系统和移动设备的安全。With the development of the mobile Internet, enterprises have built various mobile office applications in order to improve employee productivity. Enterprise mobile applications break the boundaries of traditional enterprise network access control, and mobile devices have the characteristics of personal consumer goods, and the mixed personal and work information brings serious information security risks to enterprises. Therefore, the corresponding mobile security management tools must be configured to ensure the security of all business systems and mobile devices of the enterprise.
目前,很多企业通过部署独立的VPN(Virtual Private Network,虚拟专用网络)设备来保障通信链路的安全,或者通过独立的MDM(Mobile Device Management,移动设备管理)软件来保证移动应用和设备的安全。发明人意识到虽然提高了系统安全性,但是牺牲了体验。移动互联网时代,用户对企业移动应用体验要求越来越高,需要新的、能与门户App(Application,手机应用程序)融合的方法,既能保证移动应用安全又不影响用户体验。但现有的移动办公App无法实现一套安装文件适用于不同的移动操作系统,影响了移动办公App的使用效率。Currently, many companies deploy independent VPNs (Virtual Private Network, virtual private network) equipment to ensure the security of the communication link, or to ensure the security of mobile applications and devices through independent MDM (Mobile Device Management) software. The inventors realized that while improving system security, the experience was sacrificed. In the era of mobile Internet, users have higher and higher requirements for enterprise mobile application experience, and need new methods that can be integrated with portal applications (applications, mobile applications) to ensure the security of mobile applications without affecting user experience. However, the existing mobile office app cannot implement a set of installation files suitable for different mobile operating systems, which affects the efficiency of mobile office applications.
此外,发明人发现市场上移动办公聊天App软件,一般只具备单纯的聊天、办公入口功能,由于企业内的数据在app中流转已经超出了传统企业数据安全防护的边界,企业对移动设备中办公数据的管理和防护难度增加。用户可以通过复制粘贴、截屏、拍照等手段将数据外传,造成数据泄露。In addition, the inventor found that mobile office chat app software on the market generally only has a simple chat and office portal function. Since the data flowing in the app in the enterprise has exceeded the boundary of the traditional enterprise data security protection, the enterprise works in the mobile device. Data management and protection are more difficult. Users can pass data, such as copying and pasting, screen capture, and taking photos, resulting in data leakage.
有鉴于此,有必要提供一种能够解决上述技术问题的移动终端访问控制方法及装置。In view of the above, it is necessary to provide a mobile terminal access control method and apparatus capable of solving the above technical problems.
技术问题technical problem
本申请的目的在于:克服现有技术的不足,提供一种能够有效控制业务访问,保障信息安全的移动终端访问控制方法及装置。The purpose of the present application is to overcome the deficiencies of the prior art and provide a mobile terminal access control method and apparatus capable of effectively controlling service access and ensuring information security.
技术解决方案Technical solution
为了实现上述目的,本申请提供了一种移动终端访问控制方法,其包括以下步骤:接收输入的针对移动业务实例的操作信息;根据所述操作信息产生对应的移动业务访问事件;确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。In order to achieve the above object, the present application provides a mobile terminal access control method, including the steps of: receiving input operation information for a mobile service instance; generating a corresponding mobile service access event according to the operation information; determining an enhanced security SDK Corresponding to the target SDK of the mobile operating system that generates the mobile service access event; calling the target SDK to perform real-time control on the security of the mobile service access event.
为了实现上述目的,本申请还提供了一种移动终端访问控制装置,其包括:In order to achieve the above object, the present application further provides a mobile terminal access control apparatus, including:
接收操作信息模块,用于接收输入的针对移动业务实例的操作信息;产生访问事件模块,用于根据所述操作信息产生对应的移动业务访问事件;确定目标SDK模块,用于确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;控制访问事件模块,用于调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。Receiving an operation information module, configured to receive the input operation information for the mobile service instance; generating an access event module, configured to generate a corresponding mobile service access event according to the operation information; and determining a target SDK module, configured to determine an enhanced security SDK Corresponding to the target SDK of the mobile operating system that generates the mobile service access event; and the control access event module, configured to invoke the target SDK to perform real-time control on the security of the mobile service access event.
为了实现上述目的,本申请还提供了一种移动终端访问控制适配设备,其包括:一个或多个处理器;存储器;一个或多个计算机程序,其中所述一个或多个计算机程序被存储在所述存储器中并被配置为由所述一个或多个处理器执行,所述一个或多个计算机程序配置用于:执行一种移动终端访问控制方法的下述步骤:接收输入的针对移动业务实例的操作信息;根据所述操作信息产生对应的移动业务访问事件;确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。In order to achieve the above object, the present application also provides a mobile terminal access control adaptation device, comprising: one or more processors; a memory; one or more computer programs, wherein the one or more computer programs are stored In the memory and configured to be executed by the one or more processors, the one or more computer programs configured to perform the following steps of a mobile terminal access control method: receiving input for mobile The operation information of the service instance is generated; the corresponding mobile service access event is generated according to the operation information; the target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK is determined; and the target SDK is invoked to the mobile service. The security of the access event is controlled in real time.
为了实现上述目的,本申请还提供了一种计算机可读非易失性存储介质,其上存储有计算机程序,该程序被处理器执行一种移动终端访问控制方法的下述步骤:接收输入的针对移动业务实例的操作信息;根据所述操作信息产生对应的移动业务访问事件;确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。In order to achieve the above object, the present application also provides a computer readable nonvolatile storage medium having stored thereon a computer program executed by a processor to perform a mobile terminal access control method of the following steps: receiving an input And corresponding to the operation information of the mobile service instance; generating a corresponding mobile service access event according to the operation information; determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK; calling the target SDK The security of mobile service access events is controlled in real time.
有益效果Beneficial effect
本申请提供的移动终端访问控制的技术方案,在增强安全SDK中引入多套分别适用于不同移动终端操作系统的SDK,通过产生移动业务访问事件的移动终端操作系统确定目标SDK,调用目标SDK对移动业务访问事件的安全性进行实时控制,使得门户App只需要一套安装文件就可以安装应用于多个移动终端操作系统,提升了门户App使用的效率和便利性。The technical solution of the mobile terminal access control provided by the present application introduces multiple sets of SDKs respectively applicable to different mobile terminal operating systems in the enhanced security SDK, determines the target SDK by the mobile terminal operating system that generates the mobile service access event, and invokes the target SDK pair. The security of the mobile service access event is controlled in real time, so that the portal application can be installed and applied to multiple mobile terminal operating systems by only one set of installation files, thereby improving the efficiency and convenience of the use of the portal application.
附图说明DRAWINGS
图1为本申请移动终端访问控制方法的流程图;1 is a flowchart of a mobile terminal access control method according to the present application;
图2为本申请移动终端访问控制方法实施例的流程图;2 is a flowchart of an embodiment of a mobile terminal access control method according to the present application;
图3为本申请支持HTML5的移动应用跨平台引擎的示意图;3 is a schematic diagram of a cross-platform engine of a mobile application supporting HTML5 according to the present application;
图4为本申请企业门户应用APP模块组成的示意图;4 is a schematic diagram of the composition of an application portal module of the enterprise portal of the present application;
图5为本申请移动终端访问控制装置的模块框图;以及5 is a block diagram of a module of a mobile terminal access control apparatus of the present application;
图6为本申请移动终端访问控制适配设备的示意图。6 is a schematic diagram of a mobile terminal access control adaptation device of the present application.
本发明的最佳实施方式BEST MODE FOR CARRYING OUT THE INVENTION
在此处键入本发明的最佳实施方式描述段落。The description of the preferred embodiment of the invention is entered here.
本发明的实施方式Embodiments of the invention
请参阅图1,本披露公开的移动终端访问控制方法包括以下步骤:Referring to FIG. 1 , a mobile terminal access control method disclosed in the present disclosure includes the following steps:
步骤101,接收输入的针对移动业务实例的操作信息;Step 101: Receive input operation information for a mobile service instance.
步骤102,根据所述操作信息产生对应的移动业务访问事件;Step 102: Generate a corresponding mobile service access event according to the operation information.
步骤103,确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Step 103: Determine a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK.
步骤104,调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。Step 104: Call the target SDK to perform real-time control on the security of the mobile service access event.
本披露公开的移动终端访问控制方法,能够应用于安装在包括android OS(安卓操作系统)、IOS OS(苹果操作系统)、WinPhone OS(微软手机操作系统)等移动终端操作系统上的企业移动门户应用APP软件。以下结合图2详细阐述该方法的实施过程。The mobile terminal access control method disclosed in the disclosure can be applied to installation including android OS (Android operating system), IOS Enterprise mobile portal application APP software on mobile terminal operating systems such as OS (Apple operating system) and WinPhone OS (Microsoft mobile operating system). The implementation of the method is explained in detail below in conjunction with FIG. 2.
步骤201,加载移动业务模块。Step 201: Load a mobile service module.
移动业务模块可以是各种办公业务模块,例如考勤打卡业务模块、项目管理业务模块、企业办公自动化业务模块、企业即时通讯工具业务模块、企业文娱活动业务模块等。The mobile service module can be various office service modules, such as the attendance punch card service module, the project management service module, the enterprise office automation service module, the enterprise instant messaging tool business module, and the enterprise entertainment activity business module.
移动业务模块可以预先打包在APP安装文件中,用户安装时默认加载,也可以是用户在使用APP的过程中,由APP与服务器通信从服务器下载数据后动态加载(可以是以插件的方式安装)。用户可以选择加载一个或多个移动业务模块。The mobile service module can be pre-packaged in the APP installation file, which is loaded by default when the user installs, or can be dynamically loaded by the APP and the server after downloading data from the server (can be installed as a plug-in) during the process of using the APP. . The user can choose to load one or more mobile service modules.
步骤202,移动业务模块运行产生进程,相应的进程接收用户输入的操作信息。Step 202: The mobile service module runs a process, and the corresponding process receives operation information input by the user.
例如,用户选择加载企业即时通讯工具业务模块后,在使用聊天功能的过程中,企业即时通讯工具业务模块运行并产生一个或多个移动业务实例的进程,当用户对聊天信息进行长按复制粘贴操作时,相应的进程接收到用户的操作信息。For example, after the user selects to load the enterprise instant messaging tool business module, in the process of using the chat function, the enterprise instant messaging tool business module runs and generates one or more mobile service instance processes, and the user long presses and pastes the chat information. During operation, the corresponding process receives the user's operation information.
例如,用户选择加载项目管理业务模块后,在使用项目管理业务的过程中,项目管理业务模块运行并产生一个或多个移动业务实例的进程,点选实施打开载有机密数据的特定页面的操作,则相应的进程接收到用户的操作信息。For example, after the user selects to load the project management service module, in the process of using the project management service, the project management service module runs and generates one or more processes of the mobile service instance, and clicks to implement the operation of opening a specific page carrying the confidential data. , the corresponding process receives the user's operation information.
又如,用户选择加载企业办公自动化业务模块后,在使用过程中,企业办公自动化业务模块运行并产生一个或多个移动业务实例的进程,用户打开含有企业商业秘密信息的页面,并对该页面进行截取屏幕图片的操作时,相应的进程接收到用户的操作信息。For another example, after the user selects to load the enterprise office automation service module, during the use process, the enterprise office automation service module runs and generates one or more mobile service instance processes, and the user opens the page containing the enterprise trade secret information, and the page is When the operation of intercepting the screen image is performed, the corresponding process receives the operation information of the user.
又如,用户选择加载和使用企业文娱活动业务模块后,企业文娱活动业务模块产生的一个或多个移动业务实例的进程,在使用过程中产生了企业方案策划的文件数据,当用户使用手机蓝牙、红外、NFC等驱动程序将该文件向外部传输时,相应的进程接收到用户的操作信息。For example, after the user selects to load and use the enterprise entertainment activity business module, the process of one or more mobile service instances generated by the enterprise entertainment activity business module generates file data of the enterprise plan planning during use, when the user uses the mobile phone Bluetooth When the driver such as infrared or NFC transmits the file to the outside, the corresponding process receives the operation information of the user.
再如,用户选择安装上述的一个或多个模块后,在使用过程中模块运行并产生一个或多个移动业务实例的进程,用户对所产生的数据或文件实施保存至本地的操作,或实施点选访问特定内容的操作,相应的进程均可以接收到用户的操作信息。For another example, after the user selects to install one or more of the above modules, the module runs and generates one or more mobile service instance processes during use, and the user saves the generated data or files to a local operation, or implements Click to access the specific content operation, the corresponding process can receive the user's operation information.
步骤203,进程根据操作信息产生对应的移动业务访问事件。Step 203: The process generates a corresponding mobile service access event according to the operation information.
步骤204,进程确定增强安全SDK中对应产生移动业务访问事件的移动操作系统的目标SDK。Step 204: The process determines a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK.
增强安全SDK(Software Development Kit,软件开发包)运行在移动终端操作系统之上,通过对移动终端操作系统浏览器内核原生能力扩展编程实现。增强安全SDK供APP中的移动应用跨平台引擎无缝集成。Enhanced Security SDK (Software The Development Kit, a software development kit, runs on top of the mobile terminal operating system and is programmed by extending the native capabilities of the mobile terminal operating system browser kernel. The enhanced security SDK seamlessly integrates cross-platform engines for mobile apps in the app.
增强安全SDK中包含若干套分别针对不同移动操作系统的SDK包,每个SDK包中集成有对应移动操作系统的原生接口,相应的进程根据产生移动业务访问时间的移动操作系统确定对应的目标SDK。The enhanced security SDK includes several sets of SDK packages for different mobile operating systems. Each SDK package integrates a native interface corresponding to the mobile operating system, and the corresponding process determines the corresponding target SDK according to the mobile operating system that generates the mobile service access time. .
步骤205,进程通过移动应用跨平台引擎访问目标SDK。In step 205, the process accesses the target SDK through the mobile application cross-platform engine.
请参阅图3,以相应的进程为基于HTML5的进程为例,移动业务访问事件对应的进程通过移动应用跨平台引擎访问目标SDK。Referring to FIG. 3, taking the corresponding process for the HTML5-based process as an example, the process corresponding to the mobile service access event accesses the target SDK through the mobile application cross-platform engine.
具体地,进程通过移动终端操作系统内置的浏览器的JAVAScript请求接口访问所述浏览器的浏览器内核,再通过目标SDK中集成的移动操作系统的原生接口访问目标SDK。Specifically, the process accesses the browser kernel of the browser through a JAVAScript request interface of a browser built in the mobile terminal operating system, and then accesses the target SDK through a native interface of the mobile operating system integrated in the target SDK.
因此本申请中的门户App可以不受限制地安装应用于各种移动终端操作系统平台,例如Android操作系统、IOS操作系统和WinPhone操作系统等。Therefore, the portal application in the present application can be installed without restriction to be applied to various mobile terminal operating system platforms, such as an Android operating system, an IOS operating system, and a WinPhone operating system.
步骤206,进程调用目标SDK对移动业务访问事件的安全性进行实时控制。In step 206, the process invokes the target SDK to perform real-time control on the security of the mobile service access event.
请参阅图4,当调用目标SDK对移动业务访问事件的安全性进行实时控制时,可以与后台服务器交互信息,后台服务器、企业门户应用App及其中的移动业务模块、移动跨平台引擎、增强安全SDK之间的关联关系如图3所示。Referring to FIG. 4, when the target SDK is invoked to control the security of the mobile service access event in real time, the information can be exchanged with the background server, the background server, the enterprise portal application App and the mobile service module therein, the mobile cross-platform engine, and enhanced security. The relationship between the SDKs is shown in Figure 3.
移动业务访问事件对应的访问类型包括:应用交互访问、数据存储访问和设备能力访问之中的至少一种。The access type corresponding to the mobile service access event includes at least one of application interaction access, data storage access, and device capability access.
调用目标SDK对移动业务访问事件的安全性进行实时控制,例如,通过对界面交互、数据存储或设备能力访问的控制保障业务应用的安全,同时可以上传服务器进行日志存档以备安全管理员检查。以下给出当移动业务访问事件为应用交互访问类型、数据存储访问类型和设备能力访问类型时的具体示例。The target SDK is invoked to control the security of the mobile service access event in real time. For example, the security of the service application can be ensured through the control of interface interaction, data storage or device capability access, and the server can be uploaded for log archive for security administrator check. The following is a specific example when the mobile service access event is an application interactive access type, a data storage access type, and a device capability access type.
(1)应用交互访问控制(1) Application interactive access control
对移动终端操作系统UI程序框架进行封装,支持窗体动态水印、复制粘贴控制、编辑框加密等,对应用界面交互进行安全防护。Encapsulate the mobile terminal operating system UI program framework, support form dynamic watermarking, copy and paste control, edit box encryption, etc., and secure the application interface interaction.
窗体动态水印功能,可以通过在IOS或Android平台上对浏览器窗体控件进行重新封装,使得支持动态水印展示来实现。例如,当用户在使用项目管理业务的过程中,点选实施打开载有机密数据的特定页面,则进程调用SDK对该操作进行实时控制,添加水印至对用户显示的该特定页面上,防止用户通过拍照获取图片的方式泄露企业秘密而对企业造成影响。The form dynamic watermark function can be implemented by re-encapsulating the browser form control on the IOS or Android platform to support dynamic watermark display. For example, when the user selects to open a specific page carrying the confidential data in the process of using the project management service, the process invokes the SDK to perform real-time control on the operation, adding a watermark to the specific page displayed to the user, and preventing the user from being The company’s secrets are revealed by taking pictures to obtain pictures and affecting the company.
复制粘贴控制功能,可以在IOS平台中对长按操作进行控制,在Android平台中通过设置View组件的copyEnable特性进行控制。例如,用户在使用聊天功能的过程中,当用户对聊天信息进行长按复制粘贴操作时,进程调用SDK对该操作进行实时控制,防止用户复制粘贴机密数据造成企业秘密泄露。Copy and paste control function, you can control the long press operation in the IOS platform, and control the copyEnable feature of the View component in the Android platform. For example, in the process of using the chat function, when the user performs a long press copy and paste operation on the chat information, the process invokes the SDK to perform real-time control on the operation, preventing the user from copying and pasting the confidential data to cause the enterprise secret to leak.
防截屏控制,例如,用户使用企业办公自动化业务模块,打开含有企业商业秘密信息的页面,并对该页面进行截取屏幕图片的操作,进程调用SDK对该操作进行实时控制,对android操作系统可以实现防截屏控制,对IOS操作系统无法禁止截屏的,记录截屏操作,发送到后台服务器进行记录存档,防止用户截取屏幕泄露企业机密内容。Anti-screen control, for example, the user uses the enterprise office automation business module to open a page containing the business secret information of the enterprise, and intercepts the screen image of the page, and the process calls the SDK to perform real-time control on the operation, which can be implemented on the android operating system. Anti-screen control, for the IOS operating system can not prohibit screen capture, record screen capture operations, sent to the background server for record and archive, to prevent users from intercepting the screen to leak corporate secret content.
(2)数据存储访问控制(2) Data storage access control
对应用程序本地存储进行封装,实现加密存储和自动缓存清理机制,确保门户应用终端流程数据的安全。The application local storage is encapsulated to implement an encrypted storage and automatic cache cleaning mechanism to ensure the security of the portal application terminal process data.
本地数据加密存储功能,为整个移动门户App建立专用存储文件作为统一存储区,并在存储区内建立私有文件访问机制,对门户内各进程产生临时存储数据按区域存储并采用AES加解密算法处理。例如,用户选择安装使用多个移动业务模块,在使用各移动业务实例的过程中对所产生的数据或文件实施保存至本地的操作,或实施点选访问特定内容的操作,进程可以调用SDK对这些操作进行如上所述的数据分区域存储和加密控制。The local data encryption storage function establishes a dedicated storage file for the entire mobile portal application as a unified storage area, and establishes a private file access mechanism in the storage area, and temporarily stores the temporary storage data for each process in the portal according to the area and uses the AES encryption and decryption algorithm to process . For example, the user selects to install and use multiple mobile service modules, and implements a save local operation on the generated data or files in the process of using each mobile service instance, or performs an operation of clicking to access specific content, and the process may invoke the SDK pair. These operations perform data partitioning and encryption control as described above.
应用缓存管理功能,为门户内部针对移动业务实例动态建立缓存数据区,根据移动业务实例运行情况进行缓存数据的管理,在应用门户App退出之前,清理所有缓存内容。The application cache management function dynamically creates a cache data area for the mobile service instance inside the portal, manages the cache data according to the operation status of the mobile service instance, and clears all cached contents before the application portal App exits.
远程数据清除功能,由服务器的管理后台下发数据清除指令,删除手机上的指定应用及相应数据。例如,非企业员工使用门户App时实施了预设的操作,比如对数据文件的访问,则该操作触发安全防护功能,向管理后台发送信息,管理后台通过对员工在职状态、手机位置等信息判断,确定该门户App登陆账户对应的员工已离职,或者确定该门户App安装所在的手机已丢失,则下发数据清除指令,进程根据指令,调用目标SDK对该操作进行实时控制,即删除手机上的指定应用或相应数据。The remote data clearing function sends a data clearing instruction by the server's management background to delete the specified application and corresponding data on the mobile phone. For example, when a non-enterprise employee uses a portal application to perform a preset operation, such as accessing a data file, the operation triggers a security protection function, and sends information to the management background. The management background judges information such as the employee's on-the-job status and mobile phone location. If it is determined that the employee corresponding to the portal application login account has resigned, or if the mobile phone where the portal App is installed has been lost, the data clearing instruction is issued, and the process calls the target SDK to perform real-time control on the operation according to the instruction, that is, delete the mobile phone. Specify the application or the corresponding data.
(3)设备能力访问控制(3) Equipment capability access control
对蓝牙传输、红外传输、NFC传输、定位、拍照等终端硬件能力进行访问控制,确保门户应用的硬件访问经过授权,确保硬件能力访问的受控和可记录。例如,用户使用企业文娱活动业务模块的过程中产生了企业活动方案策划的文件数据,当用户使用手机蓝牙、红外、NFC等驱动程序将该文件向外部传输时,或进行拍照操作时,调用目标SDK对该操作进行实时控制,可以检测用户权限信息,若该用户不具备访问控制权限,则禁止用户访问控制这些终端硬件设备。Access control of terminal hardware capabilities such as Bluetooth transmission, infrared transmission, NFC transmission, positioning, and photographing, ensuring that the hardware access of the portal application is authorized to ensure that the hardware capability access is controlled and recordable. For example, when the user uses the enterprise entertainment activity business module, the file data of the enterprise activity plan is generated. When the user uses the mobile phone Bluetooth, infrared, NFC, etc. to transmit the file to the outside, or when taking a photo operation, the target is called. The SDK controls the operation in real time, and can detect the user authority information. If the user does not have the access control authority, the user is prohibited from accessing and controlling the hardware devices of the terminal.
请参阅图5,本披露公开的移动终端访问控制装置包括:Referring to FIG. 5, the mobile terminal access control apparatus disclosed in the disclosure includes:
接收操作信息模块,用于接收输入的针对移动业务实例的操作信息;Receiving an operation information module, configured to receive input operation information for a mobile service instance;
产生访问事件模块,用于根据所述操作信息产生对应的移动业务访问事件;Generating an access event module, configured to generate a corresponding mobile service access event according to the operation information;
确定目标SDK模块,用于确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Determining a target SDK module, configured to determine a target SDK of a mobile operating system corresponding to the mobile service access event in the enhanced security SDK;
控制访问事件模块,用于调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The control access event module is configured to invoke the target SDK to perform real-time control on security of the mobile service access event.
接收操作信息模块、产生访问事件模块、确定目标SDK模块、控制访问时间模块的工作过程分别对应于本披露移动终端访问控制方法的步骤101、102、103、104,此处不再赘述。The working processes of receiving the operation information module, generating the access event module, determining the target SDK module, and controlling the access time module respectively correspond to the steps 101, 102, 103, and 104 of the mobile terminal access control method of the present disclosure, and details are not described herein again.
本申请还提供了一种移动终端访问控制适配设备,其包括:一个或多个处理器;存储器;一个或多个计算机程序,其中所述一个或多个计算机程序被存储在所述存储器中并被配置为由所述一个或多个处理器执行,所述一个或多个计算机程序配置用于:执行前述的移动终端访问控制方法。The present application also provides a mobile terminal access control adaptation device comprising: one or more processors; a memory; one or more computer programs, wherein the one or more computer programs are stored in the memory And configured to be executed by the one or more processors, the one or more computer programs configured to: perform the aforementioned mobile terminal access control method.
请参阅图5,移动终端访问控制适配设备可以包括:处理器1001,例如CPU,网络接口1002,用户接口1003,存储器1004。这些组件之间的连接通信可以通过通信总线实现。网络接口1002可选的可以包括标准的有线接口(用于连接有线网络)、无线接口(如WI-FI接口、蓝牙接口、红外线接口等,用于连接无线网络)。用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口(例如用于连接有线键盘、有线鼠标等)和/或无线接口(例如用于连接无线键盘、无线鼠标)。存储器1004可以是高速RAM存储器,也可以是稳定的存储器(non-volatile memory),例如磁盘存储器。存储器1004可选的还可以是独立于前述处理器1001的存储装置。Referring to FIG. 5, the mobile terminal access control adaptation device may include a processor 1001, such as a CPU, a network interface 1002, a user interface 1003, and a memory 1004. Connection communication between these components can be achieved via a communication bus. The network interface 1002 may optionally include a standard wired interface (for connecting to a wired network), a wireless interface (such as a WI-FI interface, a Bluetooth interface, an infrared interface, etc. for connecting to a wireless network). The user interface 1003 can include a display, an input unit such as a keyboard, and the optional user interface 1003 can also include a standard wired interface (eg, for connecting a wired keyboard, a wired mouse, etc.) and/or a wireless interface (eg, Used to connect a wireless keyboard, wireless mouse). The memory 1004 may be a high speed RAM memory or a non-volatile memory such as a disk memory. The memory 1004 can also optionally be a storage device independent of the aforementioned processor 1001.
可选地,移动终端访问控制适配设备还可以包括摄像头、RF(Radio Frequency,射频)电路,传感器、音频电路、WiFi模块等等。Optionally, the mobile terminal access control adaptation device may further include a camera, RF (Radio) Frequency, RF) circuits, sensors, audio circuits, WiFi modules, and more.
本领域技术人员可以理解,图中示出的移动终端访问控制适配设备结构并不构成对移动终端访问控制适配设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。It will be understood by those skilled in the art that the mobile terminal access control adaptation device structure shown in the figure does not constitute a limitation of the mobile terminal access control adaptation device, and may include more or less components than the illustration, or a combination of some Some parts, or different parts are arranged.
本申请还提供了一种计算机可读非易失性存储介质,其上存储有计算机程序,该程序被处理器执行时实现前述的移动终端访问控制方法的步骤。The present application also provides a computer readable non-volatile storage medium having stored thereon a computer program that, when executed by a processor, implements the steps of the aforementioned mobile terminal access control method.
请参阅图5,作为一种计算机存储介质的存储器1004中可以包括操作系统、网络通信模块、用户接口模块以及移动终端访问控制适配程序。其中,操作系统是管理和控制移动终端访问控制适配设备硬件与软件资源的程序,支持网络通信模块、用户接口模块、移动终端访问控制适配程序以及其他程序或软件的运行;网络通信模块用于管理和控制网络接口1002;用户接口模块用于管理和控制用户接口1003。Referring to FIG. 5, an operating system, a network communication module, a user interface module, and a mobile terminal access control adaptation program may be included in the memory 1004 as a computer storage medium. The operating system is a program for managing and controlling the hardware and software resources of the mobile terminal access control adaptation device, and supports the operation of the network communication module, the user interface module, the mobile terminal access control adaptation program, and other programs or software; The management and control network interface 1002 is used to manage and control the user interface 1003.
结合以上对本披露的详细描述可以看出,与现有技术相比,本披露至少具有以下有益的技术效果:As can be seen from the above detailed description of the disclosure, the present disclosure has at least the following beneficial technical effects compared to the prior art:
第一,通过移动终端操作系统内置浏览器内核JAVAScript回调接口访问移动终端操作系统原生API接口,使得门户App可以不受限制地安装应用于各种移动终端操作系统平台,增加了移动终端访问控制方法应用的灵活性。First, the mobile terminal operating system built-in browser kernel JAVAScript callback interface accesses the mobile terminal operating system native API interface, so that the portal App can be installed unrestrictedly applied to various mobile terminal operating system platforms, and the mobile terminal access control method is added. Application flexibility.
第二,通过在移动办公软件上增加设备管理和控制功能,结合管理后台的策略分发、用户信息、设备信息的检测和分析,增强对移动办公软件的设备安全、应用安全、数据安全的保障。Secondly, by adding device management and control functions to the mobile office software, combined with the policy distribution, user information, and device information detection and analysis in the management background, the device security, application security, and data security of the mobile office software are enhanced.
第三,通过对移动终端操作系统浏览器内核原生能力扩展编程实现增强安全SDK,实现方式简单易行,减少了软件的复杂度,提高了运行效率。Thirdly, the enhanced security SDK is implemented by programming the native capability extension of the mobile terminal operating system browser kernel, and the implementation manner is simple and easy, which reduces the complexity of the software and improves the operation efficiency.
本技术领域技术人员可以理解,本披露包括涉及用于执行本披露中所述操作中的一项或多项的设备。这些设备可以为所需的目的而专门设计和制造,或者也可以包括通用计算机中的已知设备。这些设备具有存储在其内的计算机程序,这些计算机程序选择性地激活或重构。这样的计算机程序可以被存储在设备(例如,计算机)可读介质中或者存储在适于存储电子指令并分别耦联到总线的任何类型的介质中,所述计算机可读介质包括但不限于任何类型的盘(包括软盘、硬盘、光盘、CD-ROM、和磁光盘)、ROM(Read-Only Memory,只读存储器)、RAM(Random AcceSS Memory,随即存储器)、EPROM(EraSable Programmable Read-Only Memory,可擦写可编程只读存储器)、EEPROM(Electrically EraSable Programmable Read-Only Memory,电可擦可编程只读存储器)、闪存、磁性卡片或光线卡片。也就是,可读介质包括由设备(例如,计算机)以能够读的形式存储或传输信息的任何介质。Those skilled in the art will appreciate that the present disclosure includes apparatus that is directed to performing one or more of the operations described in this disclosure. These devices may be specially designed and manufactured for the required purposes, or may also include known devices in a general purpose computer. These devices have computer programs stored therein that are selectively activated or reconfigured. Such computer programs may be stored in a device (eg, computer) readable medium or in any type of medium suitable for storing electronic instructions and coupled to a bus, respectively, including but not limited to any Types of disks (including floppy disks, hard disks, optical disks, CD-ROMs, and magneto-optical disks), ROM (Read-Only Memory), RAM (Random AcceSS) Memory, RAM, EPROM (EraSable) Programmable Read-Only Memory, EEPROM (Electrically EraSable Programmable Read-Only Memory), flash memory, magnetic card or light card. That is, a readable medium includes any medium that is stored or transmitted by a device (eg, a computer) in a readable form.
工业实用性Industrial applicability
在此处键入工业实用性描述段落。Type the industrial usability description paragraph here.
序列表自由内容Sequence table free content
在此处键入序列表自由内容描述段落。Type the sequence table free content description paragraph here.

Claims (20)

  1. 一种移动终端访问控制方法,所述方法包括以下步骤:A mobile terminal access control method, the method comprising the following steps:
    接收输入的针对移动业务实例的操作信息;Receiving input operation information for a mobile service instance;
    根据所述操作信息产生对应的移动业务访问事件;Generating a corresponding mobile service access event according to the operation information;
    确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK;
    调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
  2. 如权利要求1所述的移动终端访问控制方法,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制,包括:The mobile terminal access control method according to claim 1, wherein the calling the target SDK to perform real-time control on the security of the mobile service access event comprises:
    所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK;The mobile service instance corresponding to the mobile service access event accesses the target SDK through a mobile application cross-platform engine;
    调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
  3. 如权利要求2所述的移动终端访问控制方法,所述移动业务实例为基于HTML5的移动业务实例,所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK包括:The mobile terminal access control method according to claim 2, wherein the mobile service instance is an HTML5-based mobile service instance, and the mobile service instance corresponding to the mobile service access event accessing the target SDK through the mobile application cross-platform engine comprises:
    所述移动业务实例通过所述移动终端操作系统内置的浏览器的JAVAScript请求接口访问所述浏览器的浏览器内核;The mobile service instance accesses a browser kernel of the browser through a JAVAScript request interface of a browser built in the mobile terminal operating system;
    通过所述目标SDK中集成的所述移动操作系统的原生接口访问所述目标SDK。The target SDK is accessed through a native interface of the mobile operating system integrated in the target SDK.
  4. 如权利要求1所述的移动终端访问控制方法,所述移动业务访问事件对应的访问类型包括:应用交互访问、数据存储访问和设备能力访问之中的至少一种。The mobile terminal access control method according to claim 1, wherein the access type corresponding to the mobile service access event comprises at least one of an application interaction access, a data storage access, and a device capability access.
  5. 如权利要求4所述的移动终端访问控制方法,所述移动业务访问事件对应的访问类型为应用交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The mobile terminal access control method according to claim 4, wherein the access type corresponding to the mobile service access event is an application interactive access, and the calling the target SDK to perform real-time control on the security of the mobile service access event includes:
    根据所述移动业务访问事件调用所述目标SDK以对窗体显示添加水印;或,Invoking the target SDK according to the mobile service access event to add a watermark to the form display; or,
    根据所述移动业务访问事件调用所述目标SDK以禁止复制粘贴操作;或,Invoking the target SDK according to the mobile service access event to prohibit copying and pasting operations; or
    当所述移动终端操作系统为Android操作系统时,根据所述移动业务访问事件调用所述目标SDK以禁止截屏操作;或,When the operating system of the mobile terminal is an Android operating system, the target SDK is invoked according to the mobile service access event to prohibit a screen capture operation; or
    当所述移动终端操作系统为IOS操作系统时,根据所述移动业务访问事件调用所述目标SDK以记录截屏操作,并将截屏记录上传至服务器。When the operating system of the mobile terminal is an IOS operating system, the target SDK is invoked according to the mobile service access event to record a screen capture operation, and the screen capture record is uploaded to the server.
  6. 如权利要求4所述的移动终端访问控制方法,所述移动业务访问事件对应的访问类型为数据存储访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The mobile terminal access control method according to claim 4, wherein the access type corresponding to the mobile service access event is a data storage access, and the calling the target SDK to perform real-time control on the security of the mobile service access event includes:
    根据所述移动业务访问事件调用所述目标SDK以建立统一存储区,将所述移动业务实例产生的临时存储数据存储于特定区域并加密;或,Invoking the target SDK according to the mobile service access event to establish a unified storage area, storing temporary storage data generated by the mobile service instance in a specific area and encrypting; or
    根据所述移动业务访问事件调用所述目标SDK以建立针对所述移动业务实例的缓存数据区,在程序退出前清除缓存数据区的所有数据;或Invoking the target SDK according to the mobile service access event to establish a cache data area for the mobile service instance, and clearing all data of the cache data area before the program exits; or
    根据所述移动业务访问事件调用所述目标SDK以清除特定数据存储区中的数据。The target SDK is invoked according to the mobile service access event to clear data in a particular data store.
  7. 如权利要求4所述的移动终端访问控制方法,所述移动业务访问事件对应的访问类型为设备交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The mobile terminal access control method according to claim 4, wherein the access type corresponding to the mobile service access event is device interactive access, and the calling the target SDK to perform real-time control on the security of the mobile service access event includes:
    根据所述移动业务访问事件调用所述目标SDK以禁止拍照操作;或,Invoking the target SDK according to the mobile service access event to prohibit a photographing operation; or
    根据所述移动业务访问事件调用所述目标SDK以禁止获取定位信息。The target SDK is invoked according to the mobile service access event to prohibit acquisition of location information.
  8. 一种移动终端访问控制装置,包括:A mobile terminal access control device includes:
    接收操作信息模块,用于接收输入的针对移动业务实例的操作信息;Receiving an operation information module, configured to receive input operation information for a mobile service instance;
    产生访问事件模块,用于根据所述操作信息产生对应的移动业务访问事件;Generating an access event module, configured to generate a corresponding mobile service access event according to the operation information;
    确定目标SDK模块,用于确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Determining a target SDK module, configured to determine a target SDK of a mobile operating system corresponding to the mobile service access event in the enhanced security SDK;
    控制访问事件模块,用于调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The control access event module is configured to invoke the target SDK to perform real-time control on security of the mobile service access event.
  9. 一种移动终端访问控制适配设备,包括:A mobile terminal access control adaptation device includes:
    一个或多个处理器;One or more processors;
    存储器;Memory
    一个或多个计算机程序,其中所述一个或多个计算机程序被存储在所述存储器中并被配置为由所述一个或多个处理器执行,所述一个或多个计算机程序配置用于:执行一种移动终端访问控制方法的下述步骤:One or more computer programs, wherein the one or more computer programs are stored in the memory and configured to be executed by the one or more processors, the one or more computer programs configured to: Perform the following steps of a mobile terminal access control method:
    接收输入的针对移动业务实例的操作信息;Receiving input operation information for a mobile service instance;
    根据所述操作信息产生对应的移动业务访问事件;Generating a corresponding mobile service access event according to the operation information;
    确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK;
    调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
  10. 根据权利要求9所述的移动终端访问控制适配设备,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制,包括:The mobile terminal access control adaptation device according to claim 9, wherein the calling the target SDK to perform real-time control on the security of the mobile service access event comprises:
    所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK;The mobile service instance corresponding to the mobile service access event accesses the target SDK through a mobile application cross-platform engine;
    调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
  11. 根据权利要求10所述的移动终端访问控制适配设备,所述移动业务实例为基于HTML5的移动业务实例,所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK包括:The mobile terminal access control adaptation device according to claim 10, wherein the mobile service instance is an HTML5-based mobile service instance, and the mobile service instance corresponding to the mobile service access event accesses the target SDK through a mobile application cross-platform engine include:
    所述移动业务实例通过所述移动终端操作系统内置的浏览器的JAVAScript请求接口访问所述浏览器的浏览器内核;The mobile service instance accesses a browser kernel of the browser through a JAVAScript request interface of a browser built in the mobile terminal operating system;
    通过所述目标SDK中集成的所述移动操作系统的原生接口访问所述目标SDK。The target SDK is accessed through a native interface of the mobile operating system integrated in the target SDK.
  12. 根据权利要求9所述的移动终端访问控制适配设备,所述移动业务访问事件对应的访问类型包括:应用交互访问、数据存储访问和设备能力访问之中的至少一种。The mobile terminal access control adaptation device according to claim 9, wherein the access type corresponding to the mobile service access event comprises at least one of an application interaction access, a data storage access, and a device capability access.
  13. 根据权利要求12所述的移动终端访问控制适配设备,所述移动业务访问事件对应的访问类型为应用交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The mobile terminal access control adaptation device according to claim 12, wherein the access type corresponding to the mobile service access event is an application interactive access, and the calling the target SDK controls the security of the mobile service access event in real time. include:
    根据所述移动业务访问事件调用所述目标SDK以对窗体显示添加水印;或,Invoking the target SDK according to the mobile service access event to add a watermark to the form display; or,
    根据所述移动业务访问事件调用所述目标SDK以禁止复制粘贴操作;或,Invoking the target SDK according to the mobile service access event to prohibit copying and pasting operations; or
    当所述移动终端操作系统为Android操作系统时,根据所述移动业务访问事件调用所述目标SDK以禁止截屏操作;或,When the operating system of the mobile terminal is an Android operating system, the target SDK is invoked according to the mobile service access event to prohibit a screen capture operation; or
    当所述移动终端操作系统为IOS操作系统时,根据所述移动业务访问事件调用所述目标SDK以记录截屏操作,并将截屏记录上传至服务器。When the operating system of the mobile terminal is an IOS operating system, the target SDK is invoked according to the mobile service access event to record a screen capture operation, and the screen capture record is uploaded to the server.
  14. 一种计算机可读非易失性存储介质,其上存储有计算机程序,该程序被处理器执行时实现一种移动终端访问控制方法的下述步骤:A computer readable non-volatile storage medium having stored thereon a computer program that, when executed by a processor, implements the following steps of a mobile terminal access control method:
    接收输入的针对移动业务实例的操作信息;Receiving input operation information for a mobile service instance;
    根据所述操作信息产生对应的移动业务访问事件;Generating a corresponding mobile service access event according to the operation information;
    确定增强安全SDK中对应产生所述移动业务访问事件的移动操作系统的目标SDK;Determining a target SDK of the mobile operating system corresponding to the mobile service access event in the enhanced security SDK;
    调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
  15. 根据权利要求14所述的计算机可读非易失性存储介质,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制,包括:The computer readable non-volatile storage medium according to claim 14, wherein the calling the target SDK to perform real-time control on security of the mobile service access event comprises:
    所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK;The mobile service instance corresponding to the mobile service access event accesses the target SDK through a mobile application cross-platform engine;
    调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制。The target SDK is invoked to control the security of the mobile service access event in real time.
  16. 根据权利要求15所述的计算机可读非易失性存储介质,所述移动业务实例为基于HTML5的移动业务实例,所述移动业务访问事件对应的移动业务实例通过移动应用跨平台引擎访问所述目标SDK包括:The computer readable non-volatile storage medium according to claim 15, wherein the mobile service instance is an HTML5-based mobile service instance, and the mobile service instance corresponding to the mobile service access event accesses the mobile application cross-platform engine The target SDK includes:
    所述移动业务实例通过所述移动终端操作系统内置的浏览器的JAVAScript请求接口访问所述浏览器的浏览器内核;The mobile service instance accesses a browser kernel of the browser through a JAVAScript request interface of a browser built in the mobile terminal operating system;
    通过所述目标SDK中集成的所述移动操作系统的原生接口访问所述目标SDK。The target SDK is accessed through a native interface of the mobile operating system integrated in the target SDK.
  17. 根据权利要求14所述的计算机可读非易失性存储介质,所述移动业务访问事件对应的访问类型包括:应用交互访问、数据存储访问和设备能力访问之中的至少一种。The computer readable non-volatile storage medium according to claim 14, wherein the access type corresponding to the mobile service access event comprises at least one of an application interaction access, a data storage access, and a device capability access.
  18. 根据权利要求17所述的计算机可读非易失性存储介质,所述移动业务访问事件对应的访问类型为应用交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The computer readable non-volatile storage medium according to claim 17, wherein the access type corresponding to the mobile service access event is an application interactive access, and the calling the target SDK performs security on the mobile service access event. Real-time control includes:
    根据所述移动业务访问事件调用所述目标SDK以对窗体显示添加水印;或,Invoking the target SDK according to the mobile service access event to add a watermark to the form display; or,
    根据所述移动业务访问事件调用所述目标SDK以禁止复制粘贴操作;或,Invoking the target SDK according to the mobile service access event to prohibit copying and pasting operations; or
    当所述移动终端操作系统为Android操作系统时,根据所述移动业务访问事件调用所述目标SDK以禁止截屏操作;或,When the operating system of the mobile terminal is an Android operating system, the target SDK is invoked according to the mobile service access event to prohibit a screen capture operation; or
    当所述移动终端操作系统为IOS操作系统时,根据所述移动业务访问事件调用所述目标SDK以记录截屏操作,并将截屏记录上传至服务器。When the operating system of the mobile terminal is an IOS operating system, the target SDK is invoked according to the mobile service access event to record a screen capture operation, and the screen capture record is uploaded to the server.
  19. 根据权利要求17所述的计算机可读非易失性存储介质,所述移动业务访问事件对应的访问类型为数据存储访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The computer readable non-volatile storage medium according to claim 17, wherein the access type corresponding to the mobile service access event is a data storage access, and the calling the target SDK performs security on the mobile service access event. Real-time control includes:
    根据所述移动业务访问事件调用所述目标SDK以建立统一存储区,将所述移动业务实例产生的临时存储数据存储于特定区域并加密;或,Invoking the target SDK according to the mobile service access event to establish a unified storage area, storing temporary storage data generated by the mobile service instance in a specific area and encrypting; or
    根据所述移动业务访问事件调用所述目标SDK以建立针对所述移动业务实例的缓存数据区,在程序退出前清除缓存数据区的所有数据;或Invoking the target SDK according to the mobile service access event to establish a cache data area for the mobile service instance, and clearing all data of the cache data area before the program exits; or
    根据所述移动业务访问事件调用所述目标SDK以清除特定数据存储区中的数据。The target SDK is invoked according to the mobile service access event to clear data in a particular data store.
  20. 根据权利要求17所述的计算机可读非易失性存储介质,所述移动业务访问事件对应的访问类型为设备交互访问,所述调用所述目标SDK对所述移动业务访问事件的安全性进行实时控制包括:The computer readable non-volatile storage medium according to claim 17, wherein the access type corresponding to the mobile service access event is device interactive access, and the calling the target SDK performs security on the mobile service access event. Real-time control includes:
    根据所述移动业务访问事件调用所述目标SDK以禁止拍照操作;或,Invoking the target SDK according to the mobile service access event to prohibit a photographing operation; or
    根据所述移动业务访问事件调用所述目标SDK以禁止获取定位信息。The target SDK is invoked according to the mobile service access event to prohibit acquisition of location information.
PCT/CN2018/102876 2018-05-03 2018-08-29 Mobile terminal access control method and device WO2019210631A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810413940.1A CN108632807B (en) 2018-05-03 2018-05-03 Mobile terminal access control method and device
CN201810413940.1 2018-05-03

Publications (1)

Publication Number Publication Date
WO2019210631A1 true WO2019210631A1 (en) 2019-11-07

Family

ID=63695294

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/102876 WO2019210631A1 (en) 2018-05-03 2018-08-29 Mobile terminal access control method and device

Country Status (2)

Country Link
CN (1) CN108632807B (en)
WO (1) WO2019210631A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111371614A (en) * 2020-03-04 2020-07-03 深信服科技股份有限公司 Network access method, device and system
CN113472687A (en) * 2021-07-15 2021-10-01 北京京东振世信息技术有限公司 Data processing method and device
CN114650154A (en) * 2020-12-17 2022-06-21 腾讯科技(深圳)有限公司 Webpage permission behavior control method and device, computer equipment and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109683990B (en) * 2018-12-27 2019-07-23 四川新网银行股份有限公司 H5 multiterminal cut-in method based on mixed mode mobile application
CN109858205A (en) * 2018-12-29 2019-06-07 深圳市雁联移动科技有限公司 A kind of safe Enhancement Method and device suitable for enterprise mobile working portal
CN111199046A (en) * 2019-11-29 2020-05-26 云深互联(北京)科技有限公司 Content protection method and device based on enterprise browser

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2743856A1 (en) * 2012-12-14 2014-06-18 Samsung Electronics Co., Ltd Method and apparatus for protecting application program
CN104572114A (en) * 2015-01-23 2015-04-29 盟游(北京)科技有限公司 Binding device, application updating device and method and application
CN106372473A (en) * 2016-09-02 2017-02-01 深圳中兴网信科技有限公司 Screen capturing method, screen capturing device, terminal and server
CN106845256A (en) * 2017-01-24 2017-06-13 腾讯科技(深圳)有限公司 A kind of method and terminal of encryption and decryption data in the application

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104317626B (en) * 2014-11-13 2017-08-11 北京奇虎科技有限公司 The methods, devices and systems of application software control of authority in terminal device
CN106775668A (en) * 2016-11-30 2017-05-31 广东亿迅科技有限公司 The mobile applications Development Framework and implementation method of cross operating system
CN107231378A (en) * 2017-07-21 2017-10-03 云南电网有限责任公司信息中心 A kind of security control method based on electric power mobile office equipment, apparatus and system
CN107766728A (en) * 2017-08-28 2018-03-06 国家电网公司 Mobile application security managing device, method and mobile operation safety protection system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2743856A1 (en) * 2012-12-14 2014-06-18 Samsung Electronics Co., Ltd Method and apparatus for protecting application program
CN104572114A (en) * 2015-01-23 2015-04-29 盟游(北京)科技有限公司 Binding device, application updating device and method and application
CN106372473A (en) * 2016-09-02 2017-02-01 深圳中兴网信科技有限公司 Screen capturing method, screen capturing device, terminal and server
CN106845256A (en) * 2017-01-24 2017-06-13 腾讯科技(深圳)有限公司 A kind of method and terminal of encryption and decryption data in the application

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111371614A (en) * 2020-03-04 2020-07-03 深信服科技股份有限公司 Network access method, device and system
CN111371614B (en) * 2020-03-04 2024-04-09 深信服科技股份有限公司 Network access method, device and system
CN114650154A (en) * 2020-12-17 2022-06-21 腾讯科技(深圳)有限公司 Webpage permission behavior control method and device, computer equipment and storage medium
CN114650154B (en) * 2020-12-17 2023-07-18 腾讯科技(深圳)有限公司 Webpage authority behavior control method and device, computer equipment and storage medium
CN113472687A (en) * 2021-07-15 2021-10-01 北京京东振世信息技术有限公司 Data processing method and device
CN113472687B (en) * 2021-07-15 2023-12-05 北京京东振世信息技术有限公司 Data processing method and device

Also Published As

Publication number Publication date
CN108632807A (en) 2018-10-09
CN108632807B (en) 2021-08-17

Similar Documents

Publication Publication Date Title
WO2019210631A1 (en) Mobile terminal access control method and device
US9165139B2 (en) System and method for creating secure applications
JP6718530B2 (en) Image analysis and management
US8990920B2 (en) Creating a virtual private network (VPN) for a single app on an internet-enabled device or system
US10901763B2 (en) Systems and methods for user interface detection
US9240977B2 (en) Techniques for protecting mobile applications
US11669376B2 (en) Systems and methods for intercepting and enhancing SaaS application calls via embedded browser
US9306933B2 (en) Ensuring network connection security between a wrapped app and a remote server
US9232012B1 (en) Method and system for data usage accounting in a computing device
KR20160043044A (en) Gateway device for terminating a large volume of vpn connections
US11893123B2 (en) Systems and methods for screenshot mediation based on policy
US20200106699A1 (en) Systems and methods for multilink wan connectivity for saas applications
CN105787373A (en) Android terminal data leak-proof method in mobile office system
US20220197970A1 (en) Systems and methods for improved remote display protocol for html applications
US11544415B2 (en) Context-aware obfuscation and unobfuscation of sensitive content
US11783014B2 (en) Trust zone hosted secure screen mode for discretionary presentation of sensitive corporate information to trusted endpoints
AU2019280105B1 (en) Systems and methods for intercepting and enhancing SaaS application calls via embedded browser
WO2023216989A1 (en) Method for converting file format, and electronic device
EP2738709A1 (en) An improved method and device for enforcing privacy policies
WO2020187008A1 (en) Service invocation control method, service invocation method, device, and terminal
KR102425978B1 (en) Composite web UI provision system in cloud service platform

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18917173

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25.03.2021)

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25.03.2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18917173

Country of ref document: EP

Kind code of ref document: A1