CN106850701B

Movatterモバイル変換

Info

Publication number: CN106850701B
Application number: CN201710240824.XA
Authority: CN
Inventors: 黄诗智
Original assignee: Sangfor Technologies Co Ltd
Current assignee: Sangfor Technologies Co Ltd
Priority date: 2017-04-13
Filing date: 2017-04-13
Publication date: 2020-10-27
Anticipated expiration: 2037-04-13
Also published as: CN106850701A

Abstract

The application discloses a mobile terminal sharing isolation method and a system, and the method comprises the following steps: intercepting the application behavior to obtain a corresponding interception result; screening out behaviors related to the target sharing behaviors from the interception results to obtain corresponding screening results; the target sharing behavior is a sharing behavior between the enterprise application and the personal application; and carrying out blocking processing on the sharing behavior corresponding to the screening result. The method and the device have the advantages that the applied behaviors are intercepted firstly, if the behaviors related to the target sharing behaviors exist in the intercepting result, the behaviors are screened out, and the sharing behaviors corresponding to the screened behaviors are prevented from being processed. The target sharing behavior refers to the sharing behavior between the enterprise application and the personal application, so that the phenomenon that the personal application steals enterprise data through interaction with the enterprise application can be avoided, and the security of the enterprise data in the mobile office process is improved.

Description

Mobile terminal sharing isolation method and system

Technical Field

The invention relates to the technical field of information security, in particular to a mobile terminal sharing and isolating method and system.

Background

Currently, with the popularization of consumer-grade intelligent terminals, mobile office is also developing at a high speed. At present, when people perform mobile Office, various applications, such as OA (Office Automation), Office application, mail client, browser, etc., are required. Some of the applications (hereinafter referred to as enterprise applications collectively) are developed by enterprises, and some of the applications are internet applications, so that the control right is not completely on the enterprise, which easily causes the enterprise applications to leak data to personal applications through a sharing way, thereby reducing the security of the data. Therefore, how to improve the security of enterprise data in the mobile office process is a problem to be solved at present.

Disclosure of Invention

In view of the above, the present invention provides a method and a system for sharing and isolating a mobile terminal, which can improve the security of enterprise data in a mobile office process. The specific scheme is as follows:

a mobile terminal sharing isolation method comprises the following steps:

intercepting the application behavior to obtain a corresponding interception result;

screening out behaviors related to the target sharing behaviors from the interception results to obtain corresponding screening results; the target sharing behavior is a sharing behavior between an enterprise application and a personal application;

and carrying out blocking processing on the sharing behavior corresponding to the screening result.

Optionally, the process of intercepting the application behavior to obtain a corresponding interception result includes:

intercepting a query behavior of the enterprise application when the sharable application list is queried to obtain a corresponding query result;

correspondingly, the process of screening out behaviors related to the target sharing behavior from the interception results to obtain corresponding screening results includes:

and screening all personal applications from the query result to obtain the screening result.

intercepting the behavior of the enterprise application for directly sharing data with other applications to obtain the interception result;

and screening the behavior of the enterprise application for directly sharing data to the personal application from the interception result to obtain the screening result.

intercepting the behavior of calling enterprise application by the application through a system sharing interface to obtain the interception result;

and screening out the behavior of calling enterprise application by the personal application through a system sharing interface from the interception result to obtain the screening result.

Optionally, the process of intercepting the behavior of the application includes:

and intercepting the behavior of the application by using Hook technology.

The invention also correspondingly discloses a mobile terminal sharing and isolating system, which comprises:

the interception module is used for intercepting the application behavior to obtain a corresponding interception result;

the screening module is used for screening out behaviors related to the target sharing behaviors from the intercepting results to obtain corresponding screening results; the target sharing behavior is a sharing behavior between an enterprise application and a personal application;

and the blocking module is used for blocking the sharing behavior corresponding to the screening result.

Optionally, the intercepting module is specifically configured to intercept a query behavior of the enterprise application when querying the sharable application list, so as to obtain a corresponding query result;

correspondingly, the screening module is specifically configured to screen all personal applications from the query results to obtain the screening results.

Optionally, the intercepting module is specifically configured to intercept a behavior of the enterprise application directly sharing data with other applications, so as to obtain the intercepting result;

correspondingly, the screening module is specifically configured to screen out a behavior of the enterprise application directly sharing data with the personal application from the interception result, so as to obtain the screening result.

Optionally, the interception module is specifically configured to intercept a behavior of an application calling an enterprise application through a system sharing interface, so as to obtain the interception result;

correspondingly, the screening module is specifically configured to screen out a behavior that the personal application calls the enterprise application through a system sharing interface from the interception result, so as to obtain the screening result.

Optionally, the intercepting module is specifically configured to intercept the behavior of the application by using a Hook technology.

In the invention, the mobile terminal sharing and isolating method comprises the following steps: intercepting the application behavior to obtain a corresponding interception result; screening out behaviors related to the target sharing behaviors from the interception results to obtain corresponding screening results; the target sharing behavior is a sharing behavior between the enterprise application and the personal application; and carrying out blocking processing on the sharing behavior corresponding to the screening result.

Therefore, the application behaviors are intercepted, if the behaviors related to the target sharing behaviors exist in the intercepting result, the behaviors are screened out, and the sharing behaviors corresponding to the screened behaviors are prevented. The target sharing behavior refers to the sharing behavior between the enterprise application and the personal application, and accordingly, the phenomenon that the personal application steals enterprise data through interaction with the enterprise application can be avoided, and the security of the enterprise data in the mobile office process is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

Fig. 1 is a flowchart of a mobile terminal sharing and isolating method disclosed in an embodiment of the present invention;

fig. 2 is a flowchart of a specific mobile terminal sharing and isolating method disclosed in the embodiment of the present invention;

fig. 3 is a flowchart of a specific mobile terminal sharing and isolating method disclosed in the embodiment of the present invention;

fig. 4 is a flowchart of a specific mobile terminal sharing and isolating method disclosed in the embodiment of the present invention;

fig. 5 is a schematic structural diagram of a mobile terminal sharing and isolating system according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The embodiment of the invention discloses a mobile terminal sharing and isolating method, which is shown in a figure 1 and comprises the following steps:

step S11: and intercepting the application behavior to obtain a corresponding interception result.

Specifically, the present embodiment may intercept the behavior of the application by using a Hook technology.

Step S12: and screening out behaviors related to the target sharing behavior from the interception results to obtain corresponding screening results.

The target sharing behavior is a sharing behavior between the enterprise application and the personal application.

Step S13: and carrying out blocking processing on the sharing behavior corresponding to the screening result.

Therefore, the embodiment of the invention intercepts the application behaviors first, and if the interception result has the behaviors related to the target sharing behaviors, the embodiment of the invention screens the behaviors and performs blocking processing on the sharing behaviors corresponding to the screened behaviors. The target sharing behavior refers to the sharing behavior between the enterprise application and the personal application, and accordingly, the phenomenon that the personal application steals enterprise data through interaction with the enterprise application can be avoided, and the security of the enterprise data in the mobile office process is improved.

Referring to fig. 2, an embodiment of the present invention discloses a specific mobile terminal sharing and isolating method, including the following steps:

step S21: and intercepting the query behavior of the enterprise application when the sharable application list is queried to obtain a corresponding query result.

Specifically, in this embodiment, a Hook technology may be used to intercept a query behavior of the enterprise application when querying the sharable application list, so as to obtain the query result.

Step S22: and screening all personal applications from the query results to obtain screening results.

Step S23: and carrying out blocking processing on the sharing behavior corresponding to the screening result.

In this embodiment, the screening result is a personal application on the list obtained after the enterprise application queries the sharable application list, and in order to avoid acquiring enterprise data by the personal application, after determining the personal application on the sharable application list, the embodiment of the present invention performs blocking processing on a sharing behavior between the enterprise application and the personal application on the list.

Therefore, in this embodiment, after the query result is obtained, all the personal applications are screened out from the query result, and then the blocking processing is performed on the sharing behaviors corresponding to all the screened personal applications, so that all the sharing behaviors that can cause the data of the enterprise application to be leaked can be blocked in one-time interception of the enterprise application, and thus, efficient enterprise data security maintenance is realized.

Referring to fig. 3, an embodiment of the present invention discloses a specific mobile terminal sharing and isolating method, including the following steps:

step S31: and intercepting the behavior of the enterprise application for directly sharing data with other applications to obtain an interception result.

Specifically, in this embodiment, a Hook technology may be used to intercept a behavior of the enterprise application directly sharing data with other applications, so as to obtain the above-mentioned interception result.

Step S32: and screening the behavior of the enterprise application for directly sharing data to the personal application from the interception result to obtain a screening result.

Step S33: and carrying out blocking processing on the sharing behavior corresponding to the screening result.

Therefore, the embodiment can effectively avoid the problem of enterprise data leakage caused by the sharing behavior initiator by monitoring the behavior of the sharing behavior initiator, thereby effectively improving the security of the enterprise data.

Referring to fig. 4, an embodiment of the present invention discloses a specific mobile terminal sharing and isolating method, including the following steps:

step S41: and intercepting the behavior of calling the enterprise application by the application through the system sharing interface to obtain an interception result.

Specifically, in this embodiment, a Hook technology may be used to intercept a behavior of an application calling an enterprise application through a system sharing interface, so as to obtain an interception result.

Step S42: and screening out the behavior of calling the enterprise application by the personal application through the system sharing interface from the interception result to obtain a screening result.

Step S43: and carrying out blocking processing on the sharing behavior corresponding to the screening result.

It can be seen that this embodiment monitors through enterprise application's caller's action, can avoid effectively because enterprise application's caller and enterprise data that causes reveals the problem to improve enterprise data's security effectively.

Further, an embodiment of the present invention also discloses a mobile terminal sharing and isolating system, and as shown in fig. 5, the system includes:

theinterception module 11 is configured to intercept an application behavior to obtain a corresponding interception result;

thescreening module 12 is configured to screen a behavior related to the target sharing behavior from the interception result to obtain a corresponding screening result; the target sharing behavior is a sharing behavior between the enterprise application and the personal application;

and the blockingmodule 13 is configured to block the sharing behavior corresponding to the screening result.

It should be noted that, in this embodiment, the interceptingmodule 11 may be specifically configured to intercept the behavior of the application by using a Hook technology.

In a specific embodiment, the interceptingmodule 11 may be specifically configured to intercept a query behavior of the enterprise application when querying the sharable application list, so as to obtain a corresponding query result. Correspondingly, thescreening module 12 is specifically configured to screen all the personal applications from the query results to obtain the screening results. Therefore, in the embodiment, all sharing behaviors which can cause the data of the enterprise application to be leaked can be prevented in one interception action aiming at the enterprise application, and the efficient enterprise data security maintenance is realized.

In another specific embodiment, the interceptingmodule 11 may be specifically configured to intercept a behavior of the enterprise application directly sharing data with other applications, so as to obtain the intercepting result. Correspondingly, thescreening module 12 is specifically configured to screen a behavior of the enterprise application sharing data directly to the personal application from the interception result, so as to obtain the screening result. Therefore, the embodiment can effectively avoid the problem of enterprise data leakage caused by the sharing behavior initiator by monitoring the behavior of the sharing behavior initiator, thereby effectively improving the security of the enterprise data.

In another specific embodiment, the interceptingmodule 11 may be specifically configured to intercept a behavior of an application calling an enterprise application through a system sharing interface, so as to obtain the intercepting result. Correspondingly, thescreening module 12 is specifically configured to screen a behavior of the personal application calling the enterprise application through the system sharing interface from the interception result, so as to obtain the screening result. It can be seen that this embodiment can monitor through enterprise application's caller's action, can avoid effectively because enterprise data that enterprise application's caller and cause reveals the problem to improve enterprise data's security effectively.

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The method and the system for sharing and isolating the mobile terminal provided by the invention are described in detail, a specific example is applied in the text to explain the principle and the implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. A mobile terminal sharing isolation method is characterized by comprising the following steps:

intercepting the application behavior to obtain a corresponding interception result; the behavior of the application comprises at least one of a query behavior of the enterprise application when the enterprise application queries the sharable application list, a behavior of the enterprise application directly sharing data with other applications, and a behavior of the application calling the enterprise application through a system sharing interface;

blocking the sharing behavior corresponding to the screening result;

when the behavior of the application is specifically an inquiry behavior of an enterprise application when inquiring a sharable application list, screening out a behavior related to a target sharing behavior from the interception result to obtain a corresponding screening result, including:

screening all personal applications from corresponding query results obtained by intercepting the query behavior of the enterprise application when querying the sharable application list, and obtaining the screening results.

2. The mobile terminal sharing isolation method according to claim 1,

the process of intercepting the application behavior to obtain the corresponding interception result comprises the following steps:

3. The mobile terminal sharing isolation method according to claim 1,

4. The method for sharing and isolating by mobile terminals according to any one of claims 1 to 3, wherein the process of intercepting the behavior of the application includes:

and intercepting the behavior of the application by using Hook technology.

5. A mobile terminal sharing isolation system, comprising:

the interception module is used for intercepting the application behavior to obtain a corresponding interception result; the behavior of the application comprises at least one of a query behavior of the enterprise application when the enterprise application queries the sharable application list, a behavior of the enterprise application directly sharing data with other applications, and a behavior of the application calling the enterprise application through a system sharing interface;

the blocking module is used for blocking the sharing behavior corresponding to the screening result;

the intercepting module is specifically used for intercepting the inquiry behavior of the enterprise application when inquiring the sharable application list to obtain a corresponding inquiry result;

6. The mobile terminal sharing isolation system according to claim 5,

the intercepting module is specifically used for intercepting the behavior of the enterprise application for directly sharing data with other applications to obtain the intercepting result;

7. The mobile terminal sharing isolation system according to claim 5,

the interception module is specifically used for intercepting the behavior of calling the enterprise application by the application through a system sharing interface to obtain an interception result;

8. The system according to any one of claims 5 to 7, wherein the intercepting module is specifically configured to intercept the behavior of the application by using Hook technology.