CN103841120A - Data security management method, mobile terminal and system based on digital watermarking - Google Patents
Data security management method, mobile terminal and system based on digital watermarking Download PDFInfo
- Publication number
- CN103841120A CN103841120A CN201410122400.XA CN201410122400A CN103841120A CN 103841120 A CN103841120 A CN 103841120A CN 201410122400 A CN201410122400 A CN 201410122400A CN 103841120 A CN103841120 A CN 103841120A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- digital watermarking
- data
- security strategy
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title description 15
- 238000000034 method Methods 0.000 claims abstract description 59
- 238000004891 communication Methods 0.000 claims description 17
- 230000008859 change Effects 0.000 claims description 13
- 230000001172 regenerating effect Effects 0.000 claims description 10
- 230000000875 corresponding effect Effects 0.000 description 37
- 239000008186 active pharmaceutical agent Substances 0.000 description 20
- 230000006870 function Effects 0.000 description 18
- 230000008569 process Effects 0.000 description 11
- 101000633607 Bos taurus Thrombospondin-2 Proteins 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 238000004140 cleaning Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000005201 scrubbing Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013501 data transformation Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method, mobile terminal and system for achieving data security management based on digital watermarking. The method includes the steps that (a) when operation which enables local data to be away from the mobile terminal is detected, whether the local data contain digital watermarking or not is judged; (b) if the local data contain digital watermarking, whether the operation is allowed or not is judged according to a security policy corresponding to the digital watermarking; (c) if it is judged that the operation is not allowed, the operation can be prevented.
Description
Technical field
The present invention relates to data security field, more specifically, relate to data safety control method, mobile terminal and system based on digital watermarking.
Background technology
Current, day by day universal along with the use to mobile terminal in the internal network of enterprise, mobile office becomes one of main working way of corporate intranet gradually.This mobile terminal generally includes smart mobile phone, panel computer or notebook etc.These mobile terminals can carry out switch operating under the mode such as WiFi environment, the 2G/3G/4G of operator wireless access environment outside WiFi environment, enterprise conventionally in enterprise.For the adaptation of multiple wireless environment, make mobile office more flexible, also improve employee's office efficiency.
But, this adaptability of wireless environment is being brought easily simultaneously, also cause the problem of secure data area.For the fail safe of the confidential information of enterprises, exist the potential hazard that may these confidential information be let out by mobile terminal.For example, data secret relevant to enterprise that produce and/or obtain when the WiFi environment online office institute of employee by corporate intranet, likely in the time that the network environment of mobile terminal changes, be exposed in disclosed unprotected network, and may be stolen by malice third party; Or even likely confidential information is carried in external network and malice propagation by interior employee by mobile terminal.At present, also there is no the complete security control scheme for this problem.In this case, due to enterprise's secret or sensitive data are existed to the careless omission in security control, and likely bring secret or sensitive data be not intended to or have a mind to leak, thereby bring the even legal heavy losses of economy for enterprise.
Summary of the invention
In order to address the above problem, method, mobile terminal and the system of carrying out management data safety based on digital watermarking according to of the present invention are provided.
According to a first aspect of the invention, provide a kind of method of carrying out management data safety at mobile terminal place based on digital watermarking.The method comprises: (a) in the time the operation that will make local data leave described mobile terminal being detected, judge whether described local data comprises digital watermarking; (b), if described local data comprises digital watermarking, judge whether to allow described operation according to the security strategy corresponding with described digital watermarking; And if (c) judgement do not allow described operation, stop described operation.
In certain embodiments, described digital watermarking is that one or more terminal identification information and/or corporate identify information (CI) based on described mobile terminal generates.
In certain embodiments, described one or more terminal identification information comprises following at least one: media interviews control (MAC) address of the communication subsystem of the international mobile equipment identification number (IMEI) of described mobile terminal, described mobile terminal or the authentication information (AC) distributing to described mobile terminal.
In certain embodiments, described digital watermarking generates based on terminal summary info (DD) and/or corporate identify information (CI), and described terminal summary info (DD) is to generate according to the one or more terminal identification information of described mobile terminal.
In certain embodiments, described method also comprises: (d), detecting while receiving the operation of data from described mobile terminal outside, in described data, add digital watermarking.
In certain embodiments, step (d) also comprises: detecting while receiving the operation of data from described mobile terminal outside, only, when described data are during from the internal network address of safety, just in described data, add digital watermarking.
In certain embodiments, step (d) also comprises: if the packet receiving is containing the second digital watermarking, upgrade described the second digital watermarking with described digital watermarking.
In certain embodiments, step (b) also comprises: (b1) according to described digital watermarking, obtain the one or more terminal identification information of described mobile terminal; (b2) according to described one or more terminal identification information, obtain corresponding security strategy; And (b3) based on described security strategy, judge whether to allow described operation.
In certain embodiments, step (c) comprising: if judgement does not allow described operation,, by the network state of described mobile terminal is adjusted into limited network, stop described operation.
In certain embodiments, step (c) also comprises: except stoping described operation, also described in the user of described mobile terminal and/or network manager's alarm, operate and can not be performed.
In certain embodiments, in step (a) before, described method also comprises: (e) set up with the limited network of safe internal network and be connected; (f) according to the authentication information (AC) of user's input of described mobile terminal and/or the one or more terminal identification information of described mobile terminal, the certificate server in described internal network authenticates described mobile terminal; And if (g) authentication success, described mobile terminal is connected with the limited network of described internal network and is adjusted into proper network and connects.
In certain embodiments, step (g) also comprises: if authentification failure returns to step (f) and repeats authentication, and repeats to authenticate number of times and be no more than pre-determined number.
In certain embodiments, in step (e) afterwards, described method also comprises: (h) the security strategy list on described mobile terminal is synchronizeed with the security strategy list of safeguarding in certificate server in described internal network.
In certain embodiments, if the security strategy list of safeguarding in described certificate server is changed, require described mobile terminal to carry out security strategy list synchronization in propelling movement mode.
In certain embodiments, described method also comprises: (i), in the time that the one or more terminal identification information of described mobile terminal and/or corporate identify information (CI) change, regenerate digital watermarking; (j) use the digital watermarking regenerating to upgrade the digital watermarking in all data that comprise digital watermarking of described mobile terminal this locality; And (k) that the security strategy corresponding with former digital watermarking is corresponding with the digital watermarking regenerating.
In certain embodiments, step (d) also comprises: the record positional information relevant to the data of having added digital watermarking in the local data base of described mobile terminal.
In certain embodiments, described method also comprises: (1), if network disconnection detected or device shutdown request, judges whether to need to remove the data of having added digital watermarking according to the security strategy corresponding with described digital watermarking; And if (m) judgement will be removed, remove the data of having added digital watermarking according to the positional information that records in described local data base.
According to a second aspect of the invention, provide a kind of mobile terminal that carrys out management data safety based on digital watermarking.This mobile terminal comprises: digital watermarking judging unit, in the time the operation that will make local data leave described mobile terminal being detected, judges whether described local data comprises digital watermarking; Security strategy judging unit, if comprise digital watermarking for described local data, judges whether to allow described operation according to the security strategy corresponding with described digital watermarking; And operation prevention unit, if do not allow described operation for judgement, stop described operation.
In certain embodiments, described digital watermarking is that one or more terminal identification information and/or corporate identify information (CI) based on described mobile terminal generates.
In certain embodiments, described one or more terminal identification information comprises following at least one: media interviews control (MAC) address of the communication subsystem of the international mobile equipment identification number (IMEI) of described mobile terminal, described mobile terminal or the authentication information (AC) distributing to described mobile terminal.
In certain embodiments, described digital watermarking generates based on terminal summary info (DD) and/or corporate identify information (CI), and described terminal summary info (DD) is to generate according to the one or more terminal identification information of described mobile terminal.
In certain embodiments, described mobile terminal also comprises: digital watermarking adding device for detecting while receiving the operation of data from described mobile terminal outside, adds digital watermarking in described data.
In certain embodiments, described digital watermarking adding device also for: detecting while receiving the operation of data from described mobile terminal outside, only, when described data are during from the internal network address of safety, just in described data, add digital watermarking.
In certain embodiments, described digital watermarking adding device also for: if the packet receiving containing the second digital watermarking, upgrades described the second digital watermarking with described digital watermarking.
In certain embodiments, described security strategy judging unit also for: (b1) according to described digital watermarking, obtain the one or more terminal identification information of described mobile terminal; (b2) according to described one or more terminal identification information, obtain corresponding security strategy; And (b3) based on described security strategy, judge whether to allow described operation.
In certain embodiments, described operation stops unit to be used for: if judgement does not allow described operation,, by the network state of described mobile terminal is adjusted into limited network, stop described operation.
In certain embodiments, described operation stop unit also for: except stoping described operation, also described in the user of described mobile terminal and/or network manager's alarm, operate and can not be performed.
In certain embodiments, described mobile terminal also comprises: unit is set up in limited connection, is connected for setting up with the limited network of safe internal network; Mobile terminal authentication unit, for according to the authentication information (AC) of the user input of described mobile terminal and/or the one or more terminal identification information of described mobile terminal, the certificate server in described internal network authenticates described mobile terminal; And network connection adjustment unit, if for authentication success, described mobile terminal is connected with the limited network of described internal network and is adjusted into proper network connection.
In certain embodiments, described mobile terminal authentication unit also for: if authentification failure repeats authentication, and repeats to authenticate number of times and be no more than pre-determined number.
In certain embodiments, described mobile terminal also comprises: Policy List lock unit, and for the security strategy list of safeguarding in the certificate server of the security strategy list on described mobile terminal and described internal network is synchronizeed.
In certain embodiments, if the security strategy list of safeguarding in described certificate server is changed, require described mobile terminal to carry out security strategy list synchronization in propelling movement mode.
In certain embodiments, described mobile terminal also comprises: watermark regenerates unit, in the time that the one or more terminal identification information of described mobile terminal and/or corporate identify information (CI) change, regenerates digital watermarking; Digital watermarking updating block, for upgrading the digital watermarking of all data that comprise digital watermarking of described mobile terminal this locality with the digital watermarking regenerating; And corresponding relation maintenance unit, for the security strategy corresponding with former digital watermarking is corresponding with the digital watermarking regenerating.
In certain embodiments, described digital watermarking adding device also for: in the local data base record of the described mobile terminal positional information relevant to the data of having added digital watermarking.
In certain embodiments, described mobile terminal also comprises: data dump judging unit, if for network disconnection or device shutdown request being detected, judge whether to need to remove the data of having added digital watermarking according to the security strategy corresponding with described digital watermarking; And data dump performance element, if will remove for judgement, remove the data of having added digital watermarking according to the positional information recording in described local data base.
According to a third aspect of the invention we, provide a kind of system of carrying out management data safety based on digital watermarking.This system comprises: one or more according to the mobile terminal described in second aspect present invention; And certificate server, the one or more operation for the following operation: (1) safeguards synchronizeing between the security strategy list on local security policy list and described one or more mobile terminal; (2) authentication request of submitting to according to mobile terminal authenticates described mobile terminal; Or (3) safeguard mobile terminal submit to terminal identification information and/or digital watermarking and security strategy between corresponding relation.
Method, mobile terminal and the system of the application of the invention, can solve in corporate intranet mobile office process, because the change of the mobility of equipment and network environment causes the problem of leaking the crucial confidential data in corporate intranet environment.In addition, by far-end server authenticate, a whole set of data security system based on digital watermarking of digital watermarking plug-in unit, network environment monitoring function, security check function composition, form from authentication mechanism to data digital watermark, arrive again environmental change monitoring, and then to the whole testing mechanism take digital watermarking as safety guarantee of final security protection.In this system, can prevent secret leakage or the loss that causes information because of the variation of network environment or artificial deliberately operation of key in corporate intranet environment, the fail safe of raising enterprises information.
Accompanying drawing explanation
By below in conjunction with accompanying drawing explanation the preferred embodiments of the present invention, will make of the present invention above-mentioned and other objects, features and advantages are clearer, wherein:
Fig. 1 shows according to the schematic diagram of the example application scene of the system of carrying out management data safety based on digital watermarking of the present invention.
Fig. 2 shows the example flow diagram of carrying out management data safety based on digital watermarking according to of the present invention.
Fig. 3 show according to the embodiment of the present invention mobile terminal place carry out for carry out the flow chart of the exemplary method of management data safety based on digital watermarking.
Fig. 4 shows according to the block diagram of the example mobile terminal for method shown in execution graph 3 of the embodiment of the present invention.
Embodiment
To a preferred embodiment of the present invention will be described in detail, in description process, having omitted is unnecessary details and function for the present invention with reference to the accompanying drawings, obscures to prevent that the understanding of the present invention from causing.Below, the scene that is applied to mobile radio system take the present invention is example, and the present invention be have been described in detail.But the present invention is not limited thereto, the present invention also can be applied to fixed communications, wired communication system, or is applied to any mixed structure of mobile radio system, fixed communications, wired communication system etc.With regard to mobile communication system, the present invention is not limited to the concrete communication protocol of each related mobile communication terminal, can include, but is not limited to 2G, 3G, 4G, 5G network, WCDMA, CDMA2000, TD-SCDMA system etc., different mobile terminals can adopt identical communication protocol, also can adopt different communication protocol.In addition, the present invention is not limited to the specific operating system of mobile terminal, can include, but is not limited to iOS, Windows Phone, Symbian (Saipan), Android (Android) etc., different mobile terminals can adopt identical operating system, also can adopt different operating system.
Fig. 1 shows the schematic diagram that carrys out the application scenarios of the system 1000 of management data safety based on digital watermarking according to of the present invention.As shown in Figure 1, system 1000 can comprise mobile terminal 100 and certificate server (RAS) 200.For the sake of clarity, in figure, only show a terminal 100, a server 200, but the present invention is not limited thereto, can comprise the terminal of two or more numbers and/or server etc.Terminal 100 can belong to user or can be operated by user.Terminal 100 and server 200 can communicate by communication network 300.The example of communication network 300 can include, but is not limited to: the Internet, mobile communications network, fixed line (as xDSL, optical fiber etc.) etc.
In the embodiment shown in fig. 1, in order on mobile terminal 100, data security to be managed, data security client 150 (being designated hereinafter simply as client 150) is arranged on mobile terminal 100 according to an embodiment of the invention.Client 150 can be arranged in mobile terminal 100 with the form of software voluntarily by user, or can be arranged in mobile terminal 100 with the form of hardware or firmware by production firm.In certain embodiments, client 150 can be the application software of the present invention that is specifically designed to of for example having downloaded from network after user has bought mobile terminal 100.In further embodiments, client 150 can be to be for example arranged in advance the application program in mobile terminal 100 by production firm with firmware or example, in hardware.In other embodiment, client 150 can be that hardware module or the mobile terminal 100 produced by production firm are own.
First some terms and the abbreviation thereof that, explanation will be used hereinafter.
Digital watermarking (Digital Watermarking):
" digital watermarking " is a kind of mark of concealed embedding in the appearance noise cancellation signal such as image, audio or video (noise-tolerant signal).It is generally used for identifying the copyright owner of sort signal.Be the process in carrier signal by digital information hiding and add the process of digital watermarking, this hides Info and should (but be not must) exist certain associated with carrier signal.Digital watermarking can be for the authenticity of checking carrier signal or integrality, or for proving its possessory identity.Be similar to traditional digital watermark, digital watermarking is only appreciable (for example using certain algorithm) conventionally under given conditions, and is non at other times.Digital watermarking can be applied to the several data such as audio frequency, image, video, text, 3D model.In addition, same signal can carry multiple different digital watermarkings simultaneously, and these watermarks can be independent of each other.
Digital watermarking is roughly divided into two classes by purposes: robust digital watermark and rapid wear digital watermarking.Robust digital watermark is generally used for showing copyright information, ownership information of carrier signal etc., and its existence itself has shown the source, the owner, copyright of this carrier signal etc. information, and it is not easy the impact of the variation that is subject to carrier signal.Relatively, rapid wear digital watermarking is generally used for showing the integrality of carrier signal, if carrier signal is tampered (loss of data, interpolation and/or change), this digital watermarking will be damaged.The existence of rapid wear digital watermarking itself has shown that carrier signal is not to be tampered.
In one embodiment of the present of invention, in order to help enterprise network management person to come the source of identified leakage data, can use robust digital watermark.
Device authentication function (Device Authentication, hereafter is DA):
One of key function module of the present invention, for example, in the time that mobile terminal 100 is attempted access of radio network (WiFi network, GPRS network, WCDMA network, TDMA network etc.), it will call this " device authentication function " to himself identity of remote authentication server (RAS) 200 authentication.This DA function can be a functional module of client 150, can be also independent application or the background service etc. on mobile terminal 100.In addition, its can also with mobile terminal 100 on other functional module/application/service communicate, to transmit and to authenticate relevant data.
That in an embodiment of Android platform, DA function can realize by JNI utilization Java and C++, and it can be operated in the application/inner nuclear layer of system in the operating system of mobile terminal 100.Certainly, in other embodiments, it also can be realized by other any feasible patterns, the invention is not restricted to aforesaid way.
The function of digital watermark (Data Signer, hereafter is DS):
One of key function module of the present invention.Its digital watermarking of being responsible for the data, the data that receive that will send mobile terminal 100 and/or the local data that generate adds/detects/changes etc., and according to whether detecting that digital watermarking carries out respective handling to carrier data.In addition, DS also safeguards the local position information relevant to the data that comprise digital watermarking on mobile terminal 100, it is removed according to security strategy after a while.This DS function can be a functional module of client 150, can be also independent application or the background service etc. on mobile terminal 100.In addition, its can also with mobile terminal 100 on other functional module/application/service communicate, to transmit the data relevant to digital watermarking.
That in an embodiment of Android platform, DS function can realize by JNI utilization Java and C++, and it can be operated in the application/inner nuclear layer of system in the operating system of mobile terminal 100.Certainly, in other embodiments, it also can be realized by other any feasible patterns, the invention is not restricted to aforesaid way.
Network environment monitoring function (Network Ennvironment Monitor, hereafter is NEM):
One of key function module of the present invention.It is responsible for the wireless network environment of mobile terminal 100 to monitor and adjust according to authentication result, security strategy etc. networking state of mobile terminal 100, and according to whether detecting that digital watermarking carries out respective handling to carrier data.In addition, this NEM function can be a functional module of client 150, can be also independent application or the background service etc. on mobile terminal 100.In addition, its can also with mobile terminal 100 on other functional module/application/service communicate, to transmit the data relevant to network environment.
That in an embodiment of Android platform, NEM function can realize by JNI utilization Java and C++, and it can be operated in the application/inner nuclear layer of system in the operating system of mobile terminal 100.Certainly, in other embodiments, it also can be realized by other any feasible patterns, the invention is not restricted to aforesaid way.
Security policy engine (Security Policy Engine, hereafter is SPE):
One of key function module of the present invention.The security strategy list that it is responsible for safeguarding on mobile terminal 100, keeps itself and the synchronizeing of security strategy list on RAS200, and calls to provide corresponding security strategy and/or result of determination in response to other functional modules.In addition, this SPE function can be a functional module of client 150, can be also independent application or the background service etc. on mobile terminal 100.In addition, its can also with mobile terminal 100 on other functional module/application/service communicate, to transmit the data relevant to security strategy, it can also be communicated by letter with RAS200, to keep security strategy list synchronization.
That in an embodiment of Android platform, SPE can realize by JNI utilization Java and C++, and it can be operated in the application/inner nuclear layer of system in the operating system of mobile terminal 100.Certainly, in other embodiments, it also can be realized by other any feasible patterns, the invention is not restricted to aforesaid way.
Remote authentication server (Remote Authentication Server, hereafter is RAS):
It is one of important component part in data safety management system 1000 of the present invention.It is responsible for the security strategy list/configuration in maintaining enterprise Intranet, and in the time occurring upgrading, requires the mobile terminal being connected in corporate intranet by wireless network to carry out security strategy list synchronization in the mode (being not limited to this) for example pushing.In addition, its authentication request of being also responsible for the DA module of mobile terminal 100 to initiate authenticates, and according to the verify data of its maintenance etc. to mobile terminal 100 return authentication results.
In one embodiment, RAS200 can be that AAA (authentication, the authorization and accounting) service of supporting Raidus/Diameter agreement is slitted.Certainly, the invention is not restricted to this.In fact also can use any other applicable authentication protocol.
Corporate intranet security strategy (Corporation Intranet Security Policy, hereafter is CISP)
Security strategy list (Security Policy List, hereafter is SPA):
Security strategy/Policy List of being formulated by the network manager of corporate intranet.In an embodiment of the present invention, it is for stipulating, in the time which kind of condition the digital watermarking of the data that comprise digital watermarking meet, should carry out which type of processing to the unofficial biography operation relevant to these data etc.For example, the digital watermarking containing when this packet shows to hold the level of security of active user/user group of these data when lower, should stop this user/user group by wireless network to outside these data that transmit of mobile terminal 100.In one embodiment, for different mobile terminal, different user (group), corporate identify information etc., can carry out differentiated treatment by configuration security strategy.In one embodiment, its concrete manifestation form can be security strategy list (chained list).Certainly, in further embodiments, it also can be different from security strategy list, and security strategy list can be derived according to CISP.
Authentication information (Authentication Credential, hereafter is AC):
The DA for mobile terminal 100 being provided by the user of mobile terminal 100 initiates the required information of authentication request to RAS200.In one embodiment, it can be user's usemame/password.In another embodiment, it can be also the terminal identification information (for example, media interviews control (MAC) address of the communication subsystem of the international mobile equipment identification number of mobile terminal 100 (IMEI), mobile terminal 100 etc.) and the password being associated of mobile terminal 100.In fact, as long as can, for proving that to RAS200 mobile terminal 100 is any information of the validated user of corporate intranet, all can be used as authentication information.
Device Summary information (Device Digest, hereafter is DD):
The device Summary information being calculated according to terminal identification information, the authentication information etc. of terminal 100 by DA function.It can be for forming unique device identification (Device Identification, hereafter is DI) of terminal 100 together with corporate identify information.
Corporate identify information (Corporation Identification, hereafter is CI):
For the information that corporate intranet owned enterprise is identified.It is distinguished for the heterogeneous networks to the network that is subordinated to different enterprises, same enterprise etc., is distinguished from each other when facilitating identical mobile terminal 100 to carry out digital watermarking associative operation in different enterprise networks.
Data transaction record (Data Convert Record, hereafter is DCR):
In the time adding digital watermarking by DS to the data that get, the positional information relevant to these data recording in mobile terminal 100 local data bases, while determining to carry out data dump after a while, deletes data according to correspondence position information to facilitate.In one embodiment, this local data base can be the Sqlite database on mobile terminal 100.In one embodiment, DCR can be kept under for example "/sdcard/dataSigner/opLog " catalogue on mobile terminal 100.In addition, DCR can, with expressly preserving, also can preserve with encrypted test mode after encrypting.
Data dump request (Data Clean, hereafter is DC):
In the time that mobile terminal 100 prepares to close its wireless module (WiFi/GPRS/WCDMA/TDMA/CDMA2000 module etc.) or shutdown, send this DC by the NEM that this close/shutdown request detected to SPE and ask.Then, SPE judges whether to carry out data-cleaning operation according to corresponding security strategy, and can return to normal shutdown/module shutoff operation after removing.
Next, describe with reference to Fig. 1 and Fig. 2 the flow process of carrying out management data safety based on digital watermarking in detail.
First, the os starting of mobile terminal 100.This operating system is loading necessary system module (for example, the driver of each hardware module, file subsystem, network subsystem etc.) afterwards, loads SPE module and makes the example (operation).Now, SPE can carry out alternately with remote authentication server (RAS) 200, and obtain corporate intranet safety detection strategy configuration (CISP), and be loaded on internal memory, and form security strategy list (SPL) according to CISP.In alternative, CISP itself also can be presented as security strategy list (SPL), now without SPL forming process, directly loads.
In one embodiment, when in the WiFi environment of mobile terminal 100 Entry Firm Intranets, whether the NEM of mobile terminal 100 detects it is to enter for the first time.If so, conventionally can require mobile terminal 100 to carry out basic network configuration (automatic or manual) for the WiFi of this enterprise environment, to guarantee arriving this WiFi network by exact connect ion.In the time being connected to this WiFi network, NEM can set up the limited WiFi of access and connect (the networking state of mobile terminal 100 is " limited ").Now, in one embodiment, mobile terminal 100 can only communicate with RAS200 (network node that other is limited), and can not access any other network node in Intranet.If mobile terminal 100 is not to be connected to for the first time in Intranet, NEM can directly set up the limited WiFi connection of access, and without carrying out basic network configuration.
After limited connection is set up, using the variation of WiFi connection status for example, as trigger condition (, connecting from be connected to limited WiFi network without WiFi network), trigger NEM and automatically start browser application.By this browser application, can require user's input authentication information (for example, usemame/password) of mobile terminal 100, trigger DA simultaneously and send authentication request, to require DA to authenticate to RAS200.In another embodiment, the application that NEM starts can be that other are any for pointing out the application of user's input authentication information, and is not limited to browser application.In addition, in further embodiments, this authentication information can be also the predetermined authentication information (for example, built-in in the time producing mobile terminal 100) of local storage in mobile terminal 100.In this case, NEM can be without request user input authentication information, but use this predetermined authentication information to authenticate from trend RAS200 by DA.
After user confirms to submit to, DA use from user receive (via browser application or other application) to authentication information, send authentication request to RAS200.If because authentication information mistake or other reasons cause authentification failure, can repeat authentication.Can set in advance maximum authentication number of times.In this case, repeat to authenticate number of times and should be no more than this maximum authentication number of times.In one embodiment, maximum repeats to authenticate number of times and can be set to for example 3 times.In the case, in the time that retry exceedes 3 times, DA can notify NEM automatically to disconnect WiFi connection.Certainly, in other embodiments, maximum repeats to authenticate number of times and is not limited to 3 times, but can be set to as required any amount, the invention is not restricted to this.
If authentication success, DA is according to device-dependent terminal identification information, and for example MAC Address of the IMEI of mobile terminal 100, network interface card and/or distribute to mobile terminal 100/ its user's AC calculates device Summary information (DD).Then, DD and corporate identify information (CI) are combined in every way, generate the device identification (DI) for the specific mobile terminal 100 of unique identification specific enterprise network.Next, DA can send to this DI RAS200 file and back up to carry out end message.Meanwhile, DA notice NEM authentication result (authentication is passed through) also can pass to NEM by DI.And NEM can, according to this authentication result, become normal Access status by the WiFi connection status of mobile terminal 100 from constrained state.In addition, DA can send comprise DI in interior message to DS module, monitor and carry out respective digital watermark operation with the Intranet access behavior to this mobile terminal 100.
After the WiFi of normal Access status connects foundation, mobile terminal 100 enters operating state.In working order, when carry out data synchronous other data transfer modes such as (or) download/propelling movements to mobile terminal 100 this locality outside mobile terminal 100 time, DS is associated judgement network address information with this external data source (for example, the source IP address of packet), judge whether this address belongs to the address realm of corporate intranet (for example, whether in the network segment of 192.168.x.x).If not, show that these data are not the confidential data of corporate intranet, therefore DS can ignore these data, and these data is not carried out to any operation.If, show that these data are the confidential datas from corporate intranet, therefore DS will use digital watermark technology to carry out identification process to all this data, and can be alternatively the data record of processing and correspondence position be recorded in the database of terminal this locality 100 for example, in (, Sqlite database) specific data record (DCR).In addition, DS also can select the data except other network nodes from Intranet to add watermark.
In another embodiment, can be in the local data that produce of mobile terminal 100.In this case, for example, when NEM judges mobile terminal 100 now lower time of situation in corporate intranet (, authentication success), NEM can notify DS to carry out equally digital watermark processing to these data.In alternative, also can not carry out the whether judgement in Intranet, and directly the local any data that generate of mobile terminal 100 all be carried out to digital watermark processing.
In further embodiments, the part or all of data that DS also can not receive mobile terminal 100 are added digital watermarking.For example, in one embodiment, in the time that mobile terminal 100 receives the data that include the second digital watermarking, DS is by detecting this second digital watermarking, can find the different of this second digital watermarking and mobile terminal 100.Now, DS can select to replace this digital watermarking without the digital watermarking of self, maybe can select also will in these data, add the digital watermarking of oneself except the second digital watermarking.In the former case, this second digital watermarking can show that these data are not by 100 original leakages of mobile terminal to network manager, but by the original leakage of the personnel that hold the second digital watermarking.In a rear situation, can help network manager to make the approach (for example, first user is to the second user to the three users, etc.) of data leak clear.In addition, for judging that the standard of adding or do not add digital watermarking is also not limited to above-mentioned standard.
Due to above-mentioned digital watermark processing, the local generated data on mobile terminal 100 and/or the data of downloading from corporate intranet all have and show that these data belong to the digital watermarking of mobile terminal 100.In this case, in the time that mobile terminal 100 need to be to equipment unofficial biography transmission of data, or more generally, when mobile terminal 100 detects while having occurred to cause that local data may leave the operation of mobile terminal 100, DS can carry out data content inspection, to determine the DI information that wherein whether exists.If there is no, show that these data are not the confidential data of corporate intranet and/or the confidential data that mobile terminal 100 generates itself, therefore can continue follow-up normal data transfer operation.If but there is digital watermarking, DI can send the requirement of security strategy coupling to SPE, and will be correlated with DI information and data message send to SPE in the lump or respectively.
SPE, after receiving DI and wanting the data message of unofficial biography, can resolve and obtain DD and CI DI, then can resolve DD, obtains AC.Then, SPE can retrieve corresponding SPL according to AC, and obtains the security strategy corresponding with AC.Forbid that this AC (and/or its corresponding user/mobile terminal 100) makes to carry out in any way data unofficial biography if find corresponding security strategy, SPE can be back to DS by this strategy matching result, and can to notify NEM by DS be constrained state by WiFi connection status Iterim Change.In addition, mobile terminal 100 can be by the message of system alert message and so on, informs that to the user of mobile terminal 100 these data can not transmit by network.In addition can also may there is the leakage of a state or party secret to network manager's notice by wireless network in mobile terminal 100, on mobile terminal 100.If the security strategy corresponding with AC be forbidden data unofficial biography not, this data manipulation will be allowed to continue normally to carry out.
The mode of the data that in further embodiments, prevention mobile terminal 100 unofficial biography comprise digital watermarking is not limited to WiFi connection status to change to constrained state.For example, can return to malloc failure malloc by the process of transmitting these data to calling data-transformation facility, make this process can not transmit these data.Particularly, use in an embodiment of Android platform at mobile terminal 100, can modify to the system function for Internet Transmission in kernel spacing, to make it can stop according to the result of determination of the module such as NEM or SPE the transmission of corresponding data.
In one embodiment, in the time that the upper CI happened SP of RAS200 changes (for example, carry out security strategy adjustment by network manager), RAS200 can notify the SPE moving on all mobile terminals that are connected to Intranet by propelling movement mode, requires these mobile terminals to carry out CISP renewal (or security strategy list update).Lastest imformation can be according to DI as index and matching condition, and reloads by engine, completes renewal, to guarantee the accuracy of safety detection.
In addition, in the time that the hardware information (terminal identification information) of mobile terminal 100, AC and/or CI occur to change, DA may need to recalculate DD, and combination producing DI information and be synchronized to RAS200 again.Now, because change has occurred DI information (digital watermarking), therefore can upgrade the digital watermarking in all data that comprise digital watermarking in mobile terminal 100 this locality.The corresponding relation of in addition, also should renewal corresponding with terminal identification information or digital watermarking security strategy list.
In one embodiment, in the time there is WiFi disconnected operation or device shutdown operation on mobile terminal 100, sent to SPE by the NEM that this two generic operation detected that WiFi closes or device shutdown data scrubbing operation requests (DC).In the time that SPE receives DC request, search corresponding security strategy.If the indication of corresponding security strategy does not need to do any operation, SPE returns results to NEM, and continues follow-up normal disconnection or power-off operation.If security strategy indication needs the confidential data that cleaning is relevant with enterprise, SPE notice DS carries out corresponding data scrubbing operation.In this case, DS can retrieve all relative recordings in DCR record in Sqlite database according to DI information.According to the positional information in record, by all data that contain DI mark (digital watermarking), delete from mobile terminal 100 is local, to avoid the residual this locality of enterprise's sensitive data to bring disclosure risk.After DS and SPE complete operation, they can notify operating system to continue follow-up shutoff operation, to guarantee that mobile terminal 100 disconnects or equipment can be closed " neatly " neatly from corporate intranet safety, thus the security risk of avoiding significant data to exist.
So far, describe in detail according to the data safety management flow process based on digital watermarking of the present invention in conjunction with Fig. 1 and 2.
Fig. 3 shows according to the flow chart of the data safety control method based on digital watermarking 400 of carrying out in mobile terminal 100 of the embodiment of the present invention.As shown in Figure 3, method 400 can comprise step S410, S420 and S430.According to the present invention, execution can be carried out separately or combine to some steps of method 400, and can executed in parallel or order carry out, be not limited to the concrete operations order shown in Fig. 3.In certain embodiments, method 400 can mobile terminal 100 and/or client 150 as shown in Figure 1 be carried out.
Fig. 4 shows and carrys out the block diagram of the example mobile terminal 100 of management data safety according to the embodiment of the present invention based on digital watermarking.As shown in Figure 4, mobile terminal 100 can comprise: digital watermarking judging unit 110, security strategy judging unit 120 and operation stop unit 130.
Digital watermarking judging unit 110 can, in the time the operation that will make local data leave mobile terminal 100 being detected, judge whether local data comprises digital watermarking.Digital watermarking judging unit 110 can be CPU (CPU), digital signal processor (DSP), microprocessor, microcontroller of mobile terminal 100 etc., its can with the communications portion of mobile terminal 100 (for example, radio receiving-transmitting unit, Ethernet card, xDSL modulator-demodulator etc.) and/or storage area is (for example, RAM, SD card etc.) match, in the time the operation that will make local data leave mobile terminal 100 being detected, judge whether local data comprises digital watermarking.
If security strategy judging unit 120 can comprise digital watermarking for local data, judge whether to allow this operation according to the security strategy corresponding with digital watermarking.Security strategy judging unit 120 can be CPU (CPU), digital signal processor (DSP), microprocessor, microcontroller of mobile terminal 100 etc., its can with the storage area of mobile terminal 100 (for example, RAM, SD card etc.) match, comprise digital watermarking if judge local data, judge whether to allow this operation according to the security strategy corresponding with digital watermarking.
If operation stops unit 130 not allow this operation for judgement, stop this operation.It can be CPU (CPU), digital signal processor (DSP), microprocessor, microcontroller of mobile terminal 100 etc. that operation stops unit 130, its can with the communications portion of mobile terminal 100 (for example, radio receiving-transmitting unit, Ethernet card, xDSL modulator-demodulator etc.) match, do not allow this unofficial biography operation in judgement, stop this operation by operation communication part.For example, can be by the packet being associated with this operation is abandoned, or return to the request mode such as unsuccessfully to the process that request transmits these data, stop this operation.
In addition, mobile terminal 100 can also comprise unshowned other unit in Fig. 4, and such as digital watermarking adding device, limited connection are set up unit, mobile terminal authentication unit, network and connected adjustment unit, Policy List lock unit, watermark and regenerate unit, digital watermarking updating block, corresponding relation maintenance unit, data dump judging unit and/or data dump performance element etc.In certain embodiments, digital watermarking adding device can, for detecting while receiving the operation of data from mobile terminal 100 outsides, add digital watermarking in data.In certain embodiments, limited connection is set up unit and can be connected for setting up with the limited network of safe internal network.In certain embodiments, mobile terminal authentication unit can be for according to the authentication information (AC) of the user input of mobile terminal 100 and/or the one or more terminal identification information of mobile terminal 100, and the certificate server 200 in internal network authenticates mobile terminal 100.In certain embodiments, if network connection adjustment unit can be for authentication success, mobile terminal 100 is connected with the limited network of internal network and is adjusted into proper network connection.In certain embodiments, Policy List lock unit can be for being synchronizeed the security strategy list on mobile terminal 100 with the security strategy list of safeguarding in certificate server 200 in internal network.In certain embodiments, watermark regenerates unit and can, in the time that the one or more terminal identification information of mobile terminal 100 and/or corporate identify information (CI) change, regenerate digital watermarking.In certain embodiments, digital watermarking updating block can be for using the digital watermarking regenerating to upgrade the digital watermarking in all data that comprise digital watermarking of mobile terminal 100 this locality.In certain embodiments, corresponding relation maintenance unit can be for corresponding with the digital watermarking regenerating by the security strategy corresponding with former digital watermarking.In certain embodiments, if data dump judging unit can, for network disconnection or device shutdown request being detected, judge whether to need to remove the data of having added digital watermarking according to the security strategy corresponding with digital watermarking.In certain embodiments, if data dump performance element can will be removed for judgement, remove the data of having added digital watermarking according to the positional information recording in local data base.
Below with reference to Fig. 3 and Fig. 4, the method 400 and the mobile terminal 100 that carry out management data safety based on digital watermarking on mobile terminal 100, carried out according to the embodiment of the present invention are described in detail.
In step S420, if local data comprises digital watermarking, can judge whether to allow operation according to the security strategy corresponding with digital watermarking by the security strategy judging unit of mobile terminal 100 120.
In step S430, if judgement does not allow operation, can stop unit 130 to stop operation by the operation of mobile terminal 100.
In certain embodiments, digital watermarking can be that one or more terminal identification information and/or corporate identify information (CI) based on mobile terminal 100 generates.
In certain embodiments, one or more terminal identification information comprises following at least one: media interviews control (MAC) address of the international mobile equipment identification number (IMEI) of mobile terminal 100, the communication subsystem of mobile terminal 100 or the authentication information (AC) distributing to mobile terminal 100.
In certain embodiments, digital watermarking can generate based on terminal summary info (DD) and/or corporate identify information (CI), and terminal summary info (DD) can be to generate according to the one or more terminal identification information of mobile terminal 100.
In certain embodiments, method 400 can also comprise: detecting while receiving the operation of data from mobile terminal 100 outsides, in data, add digital watermarking (510).
In certain embodiments, step 510 can also comprise: detecting while receiving the operation of data from mobile terminal 100 outsides, only, when data are during from the internal network address of safety, just in data, add digital watermarking.
In certain embodiments, step 510 can also comprise: if the packet receiving is containing the second digital watermarking, upgrade the second digital watermarking with digital watermarking.
In certain embodiments, step 420 can also comprise: (422), according to digital watermarking, obtain the one or more terminal identification information of mobile terminal 100; (424), according to one or more terminal identification information, obtain corresponding security strategy; And (426) are based on security strategy, judge whether to allow operation.
In certain embodiments, step 430 can comprise: if judgement does not allow operation,, by the network state of mobile terminal 100 is adjusted into limited network, stop operation.
In certain embodiments, step 430 can also comprise: except stoping operation, also can not be performed to user and/or network manager's alarm operation of mobile terminal 100.
In certain embodiments, before step 410, method can also comprise: (402) are set up with the limited network of safe internal network and are connected; (404) according to the authentication information (AC) of user's input of mobile terminal 100 and/or the one or more terminal identification information of mobile terminal 100, the certificate server 200 in internal network authenticates mobile terminal 100; And (406) are if authentication success is connected mobile terminal 100 and is adjusted into proper network connection with the limited network of internal network.
In certain embodiments, step 406 can also comprise: if authentification failure returns to step 404 and repeats authentication, and repeats to authenticate number of times and be no more than pre-determined number.
In certain embodiments, after step 402, method 400 can also comprise: (403) are synchronizeed the security strategy list on mobile terminal 100 with the security strategy list of safeguarding in certificate server 200 in internal network.
In certain embodiments, if the security strategy list of safeguarding in certificate server 200 is changed, can require mobile terminal 100 to carry out security strategy list synchronization in propelling movement mode.
In certain embodiments, method 400 can also comprise: (610), in the time that the one or more terminal identification information of mobile terminal 100 and/or corporate identify information (CI) change, regenerate digital watermarking; (620) use the digital watermarking regenerating to upgrade the digital watermarking in all data that comprise digital watermarking of mobile terminal 100 this locality; And (630) are corresponding with the digital watermarking regenerating by the security strategy corresponding with former digital watermarking.
In certain embodiments, step 510 can also comprise: the record positional information relevant to the data of having added digital watermarking in the local data base of mobile terminal 100.
In certain embodiments, method 400 can also comprise: (520), if network disconnection detected or device shutdown request, judge whether to need to remove the data of having added digital watermarking according to the security strategy corresponding with digital watermarking; And (530) are if judgement will be removed, and remove the data of having added digital watermarking according to the positional information recording in local data base.
So far invention has been described in conjunction with the preferred embodiments.Should be appreciated that, those skilled in the art without departing from the spirit and scope of the present invention, can carry out various other change, replacement and interpolations.Therefore, scope of the present invention is not limited to above-mentioned specific embodiment, and should be limited by claims.
Claims (19)
1. a method of carrying out management data safety at mobile terminal place based on digital watermarking, comprising:
(a), in the time the operation that will make local data leave described mobile terminal being detected, judge whether described local data comprises digital watermarking;
(b), if described local data comprises digital watermarking, judge whether to allow described operation according to the security strategy corresponding with described digital watermarking; And
(c) if judgement does not allow described operation, stop described operation.
2. method according to claim 1, wherein, described digital watermarking is that one or more terminal identification information and/or the corporate identify information (CI) based on described mobile terminal generates.
3. method according to claim 2, wherein, described one or more terminal identification information comprises following at least one: media interviews control (MAC) address of the communication subsystem of the international mobile equipment identification number (IMEI) of described mobile terminal, described mobile terminal or the authentication information (AC) distributing to described mobile terminal.
4. method according to claim 2, wherein, described digital watermarking generates based on terminal summary info (DD) and/or corporate identify information (CI), and described terminal summary info (DD) is to generate according to the one or more terminal identification information of described mobile terminal.
5. method according to claim 1, wherein, described method also comprises:
(d) detecting while receiving the operation of data from described mobile terminal outside, in described data, add digital watermarking.
6. method according to claim 5, wherein, step (d) also comprises: detecting while receiving the operation of data from described mobile terminal outside, only, when described data are during from the internal network address of safety, just in described data, add digital watermarking.
7. method according to claim 5, wherein, step (d) also comprises:
If the packet receiving, containing the second digital watermarking, upgrades described the second digital watermarking with described digital watermarking.
8. method according to claim 1, wherein, step (b) also comprises:
(b1), according to described digital watermarking, obtain the one or more terminal identification information of described mobile terminal;
(b2) according to described one or more terminal identification information, obtain corresponding security strategy; And
(b3), based on described security strategy, judge whether to allow described operation.
9. method according to claim 1, wherein, step (c) comprising:
If judgement does not allow described operation,, by the network state of described mobile terminal is adjusted into limited network, stop described operation.
10. method according to claim 1, wherein, step (c) also comprises:
Except stoping described operation, also described in the user of described mobile terminal and/or network manager's alarm, operate and can not be performed.
11. methods according to claim 1, wherein, in step (a) before, described method also comprises:
(e) set up with the limited network of safe internal network and be connected;
(f) according to the authentication information (AC) of user's input of described mobile terminal and/or the one or more terminal identification information of described mobile terminal, the certificate server in described internal network authenticates described mobile terminal; And
(g) if authentication success is connected described mobile terminal and is adjusted into proper network connection with the limited network of described internal network.
12. methods according to claim 11, wherein, step (g) also comprises:
If authentification failure, returns to step (f) and repeat authentication, repeat to authenticate number of times and be no more than pre-determined number.
13. methods according to claim 11, wherein, in step (e) afterwards, described method also comprises:
(h) the security strategy list on described mobile terminal is synchronizeed with the security strategy list of safeguarding in certificate server in described internal network.
14. methods according to claim 13, wherein, if the security strategy list of safeguarding in described certificate server is changed, require described mobile terminal to carry out security strategy list synchronization in propelling movement mode.
15. methods according to claim 2, wherein, described method also comprises:
(i) in the time that the one or more terminal identification information of described mobile terminal and/or corporate identify information (CI) change, regenerate digital watermarking;
(j) use the digital watermarking regenerating to upgrade the digital watermarking in all data that comprise digital watermarking of described mobile terminal this locality; And
(k) security strategy corresponding with former digital watermarking is corresponding with the digital watermarking regenerating.
16. methods according to claim 5, wherein, step (d) also comprises:
The record positional information relevant to the data of having added digital watermarking in the local data base of described mobile terminal.
17. methods according to claim 16, wherein, described method also comprises:
(1), if network disconnection or device shutdown request detected, judge whether to need to remove the data of having added digital watermarking according to the security strategy corresponding with described digital watermarking; And
(m) if judgement will be removed, remove the data of having added digital watermarking according to the positional information recording in described local data base.
18. 1 kinds are carried out the mobile terminal of management data safety, comprising based on digital watermarking:
Digital watermarking judging unit, in the time the operation that will make local data leave described mobile terminal being detected, judges whether described local data comprises digital watermarking;
Security strategy judging unit, if comprise digital watermarking for described local data, judges whether to allow described operation according to the security strategy corresponding with described digital watermarking; And
Operation stops unit, if do not allow described operation for judgement, stops described operation.
19. 1 kinds are carried out the system of management data safety, comprising based on digital watermarking:
One or more according to the mobile terminal described in any one in claim 1~18; And
Certificate server, the one or more operation for the following operation:
(1) safeguard synchronizeing between the security strategy list on local security policy list and described one or more mobile terminal;
(2) authentication request of submitting to according to mobile terminal authenticates described mobile terminal; Or
(3) safeguard mobile terminal submit to terminal identification information and/or digital watermarking and security strategy between corresponding relation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410122400.XA CN103841120A (en) | 2014-03-28 | 2014-03-28 | Data security management method, mobile terminal and system based on digital watermarking |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410122400.XA CN103841120A (en) | 2014-03-28 | 2014-03-28 | Data security management method, mobile terminal and system based on digital watermarking |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103841120A true CN103841120A (en) | 2014-06-04 |
Family
ID=50804252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410122400.XA Pending CN103841120A (en) | 2014-03-28 | 2014-03-28 | Data security management method, mobile terminal and system based on digital watermarking |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103841120A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104579831A (en) * | 2014-12-26 | 2015-04-29 | 北京网秦天下科技有限公司 | Data transmission processing method and device |
| CN107483461A (en) * | 2017-08-30 | 2017-12-15 | 北京奇安信科技有限公司 | Terminal admittance control method and device under a kind of NAT environment |
| CN111435384A (en) * | 2019-01-14 | 2020-07-21 | 阿里巴巴集团控股有限公司 | Data security processing and data tracing method, device and equipment |
| CN112800397A (en) * | 2021-02-22 | 2021-05-14 | 四川奥诚科技有限责任公司 | Data asset protection method, system, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1741650A (en) * | 2004-08-24 | 2006-03-01 | 乐金电子(中国)研究开发中心有限公司 | Method for enciphering multimedia information transmitted by cell phone |
| US20080260201A1 (en) * | 2001-04-24 | 2008-10-23 | Rhoads Geoffrey B | Digital Watermarking Apparatus and Methods |
| CN101923733A (en) * | 2010-08-16 | 2010-12-22 | 中兴通讯股份有限公司 | Method and device for processing electronic entrance ticket |
| US20130125196A1 (en) * | 2005-05-18 | 2013-05-16 | William M. Shapiro | Method and apparatus for combining encryption and steganography in a file control system |
| CN103517224A (en) * | 2012-06-27 | 2014-01-15 | 中兴通讯股份有限公司 | Method and system for controlling short message forwarding |
-
2014
- 2014-03-28 CN CN201410122400.XA patent/CN103841120A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080260201A1 (en) * | 2001-04-24 | 2008-10-23 | Rhoads Geoffrey B | Digital Watermarking Apparatus and Methods |
| CN1741650A (en) * | 2004-08-24 | 2006-03-01 | 乐金电子(中国)研究开发中心有限公司 | Method for enciphering multimedia information transmitted by cell phone |
| US20130125196A1 (en) * | 2005-05-18 | 2013-05-16 | William M. Shapiro | Method and apparatus for combining encryption and steganography in a file control system |
| CN101923733A (en) * | 2010-08-16 | 2010-12-22 | 中兴通讯股份有限公司 | Method and device for processing electronic entrance ticket |
| CN103517224A (en) * | 2012-06-27 | 2014-01-15 | 中兴通讯股份有限公司 | Method and system for controlling short message forwarding |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104579831A (en) * | 2014-12-26 | 2015-04-29 | 北京网秦天下科技有限公司 | Data transmission processing method and device |
| CN107483461A (en) * | 2017-08-30 | 2017-12-15 | 北京奇安信科技有限公司 | Terminal admittance control method and device under a kind of NAT environment |
| CN111435384A (en) * | 2019-01-14 | 2020-07-21 | 阿里巴巴集团控股有限公司 | Data security processing and data tracing method, device and equipment |
| CN112800397A (en) * | 2021-02-22 | 2021-05-14 | 四川奥诚科技有限责任公司 | Data asset protection method, system, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105474678B (en) | Centralized selection of app licensing for mobile devices | |
| CN101226575B (en) | Method for locking application program | |
| CN111209558B (en) | Internet of things equipment identity authentication method and system based on block chain | |
| US8719956B2 (en) | Method and apparatus for sharing licenses between secure removable media | |
| CN104081408A (en) | System and method for bidirectional trust between downloaded applications and mobile devices including a secure charger and malware scanner | |
| CN100452908C (en) | System and method for preventing software and hardware with communication condition / function from being embezzled | |
| CN111079091A (en) | Software security management method and device, terminal and server | |
| CN110011848B (en) | Mobile operation and maintenance auditing system | |
| CN103944737A (en) | User identity authentication method, third-party authentication platform and operator authentication platform | |
| CN104573435A (en) | Method for terminal authority management and terminal | |
| CN110958239B (en) | Method and device for verifying access request, storage medium and electronic device | |
| JP2008146479A (en) | Software component, software component management method, and software component management system | |
| CN104704511A (en) | Qr code utilization in self-registration in a network | |
| CN105635082A (en) | Dynamic authorization method and system, authorization center, and authorization client | |
| CN105210076A (en) | Resilient and restorable dynamic device identification | |
| CN105516135A (en) | Method and device used for account login | |
| CN111586021B (en) | Remote office business authorization method, terminal and system | |
| CN108243404A (en) | Approval method, device and equipment for mobile phone number binding status | |
| CN103841120A (en) | Data security management method, mobile terminal and system based on digital watermarking | |
| CN105933374A (en) | Mobile terminal data backup method, system and mobile terminal | |
| CN102333068B (en) | SSH and SFTP (Secure Shell and Ssh File Transfer Protocol)-based tunnel intelligent management and control system and method | |
| CN104469736A (en) | Data processing method, server and terminal | |
| CN114466353B (en) | App user ID information protection device, method, electronic device and storage medium | |
| CN108388779A (en) | A kind of Portable Automatic stamper machine and management system and its management control method | |
| CN102842000A (en) | Method for realizing common software registration system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140604 |
|
| WD01 | Invention patent application deemed withdrawn after publication |