CN104883680A - Data protection method and user terminal - Google Patents
Data protection method and user terminal Download PDFInfo
- Publication number
- CN104883680A CN104883680A CN201510249168.0A CN201510249168A CN104883680A CN 104883680 A CN104883680 A CN 104883680A CN 201510249168 A CN201510249168 A CN 201510249168A CN 104883680 A CN104883680 A CN 104883680A
- Authority
- CN
- China
- Prior art keywords
- user side
- application
- wifi network
- network
- target wifi
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
An embodiment of the invention discloses a data protection method used for monitoring management of applications on a user terminal according to an application black list corresponding to a safety level of a target network to which the user terminal is currently connected. The method includes that the user terminal determines the safety level of the currently connected target WIFI network; the user terminal determines the application black list corresponding to the safety level; the user terminal performs monitoring management on the applications of the user terminal. According to the invention, the user terminal can obtain the safety level of the current connected WIFI network and determines different application black lists according to the safety level. The user terminal can perform monitoring management on the applications on the user terminal according to the application black list. Namely, the user terminal can perform monitoring on the applications on the user terminal by adopting different monitoring strategies according to different network safety levels, so that data leakage when the user terminal runs safe applications due to unsafe network connection is avoided.
Description
Technical field
The present invention relates to the communications field, particularly relate to a kind of data guard method and user side.
Background technology
As a kind of user side, mobile phone more and more enters daily life, but the exposure problem of mobile phone private is further serious simultaneously, and the approach that privacy of user is revealed becomes more and more, thus needs badly and protects the private data on the user side of user's use.
Existing a kind of user side data guard method is the virus base built-in according to antivirus software; detect the hazardous applications on user side; then limit the operation of this hazardous applications or directly delete this danger operation, thus protection user side data, can not reveal because of this hazardous applications.
But, because some safety applications also need by network transceiving data, these safety applications generally can not be run by antivirus software restriction or delete, but due to the existence of some insecure networks, if the network inherently insecure network that user side connects, when so these safety applications pass through the insecure network transceiving data connected, also may shine into the leakage of user side data, the level of security at the networking according to user side connection that namely existing technology can not be real-time carries out monitoring management to the application on user side.
Summary of the invention
Embodiments provide a kind of data guard method, the application blacklist that the level of security for the objective network according to the current connection of user side is corresponding carries out monitoring management to the application on user side.
In view of this, first aspect present invention provides a kind of data guard method, comprising:
User side determines the level of security of the target WIFI network of current connection;
Described user side determines the application blacklist that described level of security is corresponding;
Described user side carries out monitoring management according to described application blacklist to the application on described user side.
Alternatively:
Described user side determines that the level of security of the target WIFI network of current connection comprises:
Described user side judges that whether described target WIFI network is the network in preset network black and white lists;
If so, then described user side determines the level of security of described target WIFI network according to described preset network black and white lists;
If not, then described user side sends probe data packet to described target WIFI network;
Described user side determines the level of security of described target WIFI network according to described probe data packet.
Alternatively:
Described user side sends probe data packet to described target WIFI network and comprises:
Described user side sends the first probe data packet to described target WIFI network, and whether described first probe data packet is fishing network for detecting described target WIFI network;
Described user side sends the second probe data packet to described target WIFI network, and whether described second probe data packet exists ARP spoofing attack behavior for detecting described target WIFI network;
Described user side sends the 3rd probe data packet to described target WIFI network, and whether described 3rd probe data packet exists DNS deception for detecting described target WIFI network;
According to described probe data packet, described user side determines that the level of security of described target WIFI network is specially:
Described user side determines the level of security of described target WIFI network according to described first probe data packet, the second probe data packet and the 3rd probe data packet.
Alternatively:
Described user side carries out monitoring management according to described application blacklist to the application on described user side and comprises:
For each application on described user side, described user side judges whether described application is network-type application;
If described application is network-type application, then described user side judges that whether described application is the application in described application blacklist;
If described application is the application in described application blacklist, then described user side shows information.
Alternatively:
Described user side shows that information comprises:
The information of all application in the disposable displaying of described user side described application blacklist;
Or,
When an application in described application blacklist is run, described user side shows the information of described application.
Second aspect present invention provides a kind of user side, comprising:
First determination module, for determining the level of security of the target WIFI network of current connection;
Second determination module, for determining the application blacklist that described level of security that described first determination module is determined is corresponding;
Processing module, carries out monitoring management for the described application blacklist determined according to described second determination module to the application on described user side.
Alternatively:
Described first determination module comprises:
Judging unit, for judging that whether described target WIFI network is the network in preset network black and white lists;
First determining unit, during for determining that described target WIFI network is the network in preset network black and white lists when described judging unit, determines the level of security of described target WIFI network;
Transmitting element, during for determining that described target WIFI network is not the network in preset network black and white lists when described judging unit, sends probe data packet to described target WIFI network;
Second determining unit, the probe data packet for sending according to described transmitting element determines the level of security of described target WIFI network.
Alternatively:
Described transmitting element comprises:
First sends subelement, and for sending the first probe data packet to described target WIFI network, whether described first probe data packet is fishing network for detecting described target WIFI network;
Second sends subelement, and for sending the second probe data packet to described target WIFI network, whether described second probe data packet exists ARP spoofing attack behavior for detecting described target WIFI network;
3rd sends subelement, and for sending the 3rd probe data packet to described target WIFI network, whether described 3rd probe data packet exists DNS deception for detecting described target WIFI network;
Described second determining unit specifically for:
The level of security of described target WIFI network is determined according to described first probe data packet, the second probe data packet and the 3rd probe data packet.
Alternatively:
Described processing module comprises:
First judging unit, for for each application on described user side, judges whether described application is network-type application;
Second judging unit, for the application of the network-type when the first judging unit determines described application, judges that whether described application is the application in described application blacklist;
Processing unit, for when described second judging unit determines that described application is the application in described application blacklist, shows information.
Alternatively:
Described processing unit comprises:
First process subelement, for the information of all application in the disposable displaying of described user side described application blacklist;
Second process subelement, for when an application in described application blacklist is run, described user side shows the information of described application.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages: in this programme, user side can get the level of security of the target WIFI network of current connection, and determine different application blacklists according to this level of security, user side carries out monitoring management according to this application blacklist to the application on user side, what namely user side can be real-time adopts different monitoring strategies to monitor the application on user side according to different network security level, thus when avoiding owing to being connected to insecure network, the leaking data caused during the application of user side security of operation.
Term " first ", " second ", " the 3rd " " 4th " etc. (if existence) in specification of the present invention and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.The embodiments described herein should be appreciated that the data used like this can be exchanged in the appropriate case, so that can be implemented with the order except the content except here diagram or description.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, such as, contain those steps or unit that the process of series of steps or unit, method, system, product or equipment is not necessarily limited to clearly list, but can comprise clearly do not list or for intrinsic other step of these processes, method, product or equipment or unit.
Refer to Fig. 1, in the embodiment of the present invention, an embodiment of data guard method comprises:
101, user side determines the level of security of the target WIFI network of current connection;
In the present embodiment, user side can determine the level of security of the target WIFI network of current connection.
It should be noted that, before user side is not connected to target WIFI network, user side can also obtain attachable WIFI network around by scanning, and tentatively judge the fail safe of all attachable WIFI network, can be specifically: if attachable WIFI network is unencrypted openly network, then can think that the fail safe of this WIFI network is not high, user side can on this WIFI display reminding information.
In actual applications, level of security can be set according to own situation by user, such as can be set as level of security 1, level of security 2, level of security 3, also can simply be set as danger, safety, the setting of level of security also can have user side default setting, does not specifically limit herein.
In the present embodiment and subsequent embodiment, user side can be a kind of subscriber equipment, such as mobile phone, and panel computer etc., specifically do not limit herein, and in subsequent embodiment, this part repeats no more.
102, user side determines the application blacklist that this level of security is corresponding;
In the present embodiment, after user side determines the level of security of target WIFI network of current connection, user side can determine the application blacklist that this level of security is corresponding.
It should be noted that, application blacklist corresponding to different level of securitys can difference also can be identical, can be set according to own situation by user in actual applications, also can be given tacit consent to by user side provide, and does not specifically limit herein.
103, user side carries out monitoring management according to this application blacklist to the application on this user side.
In the present embodiment, user side can carry out monitoring management according to this application blacklist to the application on user side after determining application blacklist.
It should be noted that, in the present embodiment and subsequent embodiment, user side carries out to the application on this user side the application that monitoring management comprises foreground is being run according to this application blacklist and carries out monitoring management, also comprise according to application blacklist Automatic clearance background application, in subsequent embodiment, this part repeats no more.
In the present embodiment, user side can get the level of security of the target WIFI network of current connection, and determine different application blacklists according to this level of security, user side carries out monitoring management according to this application blacklist to the application on user side, what namely user side can be real-time adopts different monitoring strategies to monitor the application on user side according to different network security level, thus when avoiding owing to being connected to insecure network, the leaking data caused during the application of user side security of operation.
Refer to Fig. 2, in the embodiment of the present invention, another embodiment of data guard method comprises:
201, user side judges that whether target WIFI network is the network in preset network black and white lists, if so, then performs step 202, if not, then performs step 203;
In the present embodiment, after user side is connected to target WIFI network, can judges that whether this target WIFI network is the network in preset network black and white lists, if so, then perform step 202, if not, then perform step 203.
It should be noted that, user side can upgrade preset network black and white lists by the webserver, the security information of corresponding network is included in preset network black and white lists, in actual applications, when user side is connected to target WIFI network, by the information of target WIFI network, level of security etc. can also be comprised and is sent to server, carry out record by server to preserve, specifically do not limit herein.
202, user side is according to the level of security of preset network black and white lists determination target WIFI network, performs step 205;
In the present embodiment, if when user side determines that the target WIFI network of current connection is the network in preset network black and white lists, user side is according to the level of security of this preset network black and white lists determination target WIFI network.
203, user side sends probe data packet to target WIFI network, performs step 204;
In the present embodiment, if when user side determination target WIFI network is not the network in preset network black and white lists, user side can send probe data packet to target WIFI network.
It should be noted that, user side sends probe data packet to target WIFI network and specifically comprises: user side sends the first probe data packet to target WIFI network, and whether this first probe data packet is fishing network specifically for detecting described target WIFI network, user side sends the second probe data packet to target WIFI network, whether the second probe data packet exists ARP spoofing attack behavior for detecting target WIFI network, user side sends the 3rd probe data packet to target WIFI network, whether the 3rd probe data packet exists DNS deception for detecting target WIFI network, user side disposablely can send multiple probe data packet to target WIFI network, also can send to target WIFI network several times, and determine to send follow-up probe data packet the need of continuing according to the probe data packet sent before, in actual applications, user side can also send other probe data packet to target WIFI network as required, specifically do not limit herein.
204, user side is according to the level of security of probe data packet determination target WIFI network, performs step 205;
In the present embodiment, after user side sends probe data packet to target WIFI network, user side can according to the level of security of probe data packet determination target WIFI network
It should be noted that, if user side sends the first probe data packet, the second probe data packet, the 3rd probe data packet to target WIFI network, then user side can be able to be specifically according to the level of security of probe data packet determination target WIFI network: user side is according to the level of security of the first probe data packet, the second probe data packet and the 3rd probe data packet determination target WIFI network.
205, user side determines the application blacklist that this level of security is corresponding;
In the present embodiment, after user side determines the level of security of target WIFI network of current connection, user side can determine the application blacklist that this level of security is corresponding.
It should be noted that, application blacklist corresponding to different level of securitys can difference also can be identical, can be set according to own situation by user in actual applications, also can be given tacit consent to by user side provide, and does not specifically limit herein.
206, user side carries out monitoring management according to this application blacklist to the application on user side.
In the present embodiment, user side can carry out monitoring management according to this application blacklist to the application on user side after determining application blacklist.
It should be noted that, user side carries out monitoring management according to this application blacklist to the application on user side and comprises: user side is monitored the application run, and manages the application of user side running background.
In the present embodiment, user side can get the level of security of the target WIFI network of current connection, and determine different application blacklists according to this level of security, user side carries out monitoring management according to this application blacklist to the application on user side, what namely user side can be real-time adopts different monitoring strategies to monitor the application on user side according to different network security level, thus when avoiding owing to being connected to insecure network, the leaking data caused during the application of user side security of operation.
There is provided a kind of user side below according to application blacklist to the mode of the application monitoring management on user side, concrete:
Refer to Fig. 3, in the embodiment of the present invention, another embodiment of data guard method comprises:
301, user side determines the level of security of the target WIFI network of current connection;
In the present embodiment, user side can determine the level of security of the target WIFI network of current connection, and concrete can be similar to the embodiment shown in Fig. 2, repeats no more herein.
It should be noted that, before user side is not connected to target WIFI network, user side can also obtain attachable WIFI network around by scanning, and tentatively judge the fail safe of all attachable WIFI network, can be specifically: if attachable WIFI network is unencrypted openly network, then can think that the fail safe of this WIFI network is not high, user side can on this WIFI display reminding information.
In actual applications, level of security can be set according to own situation by user, such as can be set as level of security 1, level of security 2, level of security 3, also can simply be set as danger, safety, the setting of level of security also can have user side default setting, does not specifically limit herein.
302, user side determines the application blacklist that this level of security is corresponding;
In the present embodiment, after user side determines the level of security of target WIFI network of current connection, user side can determine the application blacklist that this level of security is corresponding.
It should be noted that, application blacklist corresponding to different level of securitys can difference also can be identical, can be set according to own situation by user in actual applications, also can be given tacit consent to by user side provide, and does not specifically limit herein.
303, user side judges whether application is network-type application, if so, then performs step 304, if not, then performs step 306;
In the present embodiment, for each application on user side, user side can judge whether this application is network-type application, if so, then performs step 304, if not, then performs step 306.
It should be noted that, user side judges that whether this application is network-type application and can is specifically: user side is applied in use procedure and judges whether this application is network-type application according to this need of use traffic, also can be the APP packet by analyzing this application, whether apply for that network legal power judges whether this application is network-type application according to the APP packet of this application, in actual applications, user side can also judge whether this application is network-type application, does not specifically limit by other means herein.
304, user side judges whether this application is apply the application in blacklist, if so, then performs step 305, if not, then performs step 306;
In the present embodiment, when user side determines that this application is network-type application, user side judges whether this application is apply the application in blacklist, if so, then performs step 305, if not, then performs step 306.
305, user side shows information;
In the present embodiment, when user side determines that this is applied as the application of applying in blacklist, user side can show information.
It should be noted that, user side shows that information can be specifically: the information of all application in user side disposable displaying application blacklist; Or when applying an application in blacklist and being run, user side shows the information of this application, does not specifically limit herein.
306, user side performs other operations.
In the present embodiment, when not meeting Rule of judgment, user side can perform other operations, can be to run application run or conventionally manage application, does not specifically limit herein.
In the present embodiment, user side can get the level of security of the target WIFI network of current connection, and determine different application blacklists according to this level of security, user side carries out monitoring management according to this application blacklist to the application on user side, what namely user side can be real-time adopts different monitoring strategies to monitor the application on user side according to different network security level, thus when avoiding owing to being connected to insecure network, the leaking data caused during the application of user side security of operation.
It should be noted that, user side carries out monitoring management according to application blacklist to the application on user side and also comprises the application of user side according to application blacklist Automatic clearance running background.
Described above is the data guard method in the embodiment of the present invention, below the user side in the embodiment of the present invention is described, concrete:
Refer to Fig. 4, in the embodiment of the present invention, an embodiment of user side comprises:
First determination module 401, for determining the level of security of the target WIFI network of current connection;
Second determination module 402, for determining the application blacklist that level of security that the first determination module 401 is determined is corresponding;
Processing module 403, carries out monitoring management for the application blacklist determined according to the second determination module to the application on user side.
In the present embodiment, user side can get the level of security of the target WIFI network of current connection, and determine different application blacklists according to this level of security, user side carries out monitoring management according to this application blacklist to the application on user side, what namely user side can be real-time adopts different monitoring strategies to monitor the application on user side according to different network security level, thus when avoiding owing to being connected to insecure network, the leaking data caused during the application of user side security of operation.
Refer to Fig. 5, in the embodiment of the present invention, another embodiment of user side comprises:
First determination module 501, for determining the level of security of the target WIFI network of current connection;
Second determination module 502, for determining the application blacklist that level of security that the first determination module 501 is determined is corresponding;
Processing module 503, carries out monitoring management for the application blacklist determined according to the second determination module to the application on user side;
Wherein, the first determination module 501 comprises:
Judging unit 5011, for judging that whether target WIFI network is the network in preset network black and white lists;
First determining unit 5012, during for determining that target WIFI network is the network in preset network black and white lists when judging unit 5011, determines the level of security of target WIFI network;
Transmitting element 5013, during for determining that target WIFI network is not the network in preset network black and white lists when judging unit 5011, sends probe data packet to target WIFI network;
Second determining unit 5014, for the level of security of probe data packet determination target WIFI network sent according to transmitting element 5013.
It should be noted that, in the present embodiment, the realization of transmitting element 5013 can comprise:
First sends subelement 50131, and for sending the first probe data packet to target WIFI network, whether this first probe data packet is fishing network for detecting target WIFI network;
Second sends subelement 50132, and for sending the second probe data packet to target WIFI network, whether this second probe data packet exists ARP spoofing attack behavior for detecting target WIFI network;
3rd sends subelement 50133, and for sending the 3rd probe data packet to target WIFI network, whether the 3rd probe data packet exists DNS deception for detecting target WIFI network;
Second determining unit 5014 specifically for:
According to the level of security of the first probe data packet, the second probe data packet and the 3rd probe data packet determination target WIFI network.
In the present embodiment, user side can get the level of security of the target WIFI network of current connection, and determine different application blacklists according to this level of security, user side carries out monitoring management according to this application blacklist to the application on user side, what namely user side can be real-time adopts different monitoring strategies to monitor the application on user side according to different network security level, thus when avoiding owing to being connected to insecure network, the leaking data caused during the application of user side security of operation.
Refer to Fig. 6, in the embodiment of the present invention, another embodiment of user side comprises:
First determination module 601, for determining the level of security of the target WIFI network of current connection;
Second determination module 602, for determining the application blacklist that level of security that the first determination module 601 is determined is corresponding;
Processing module 603, carries out monitoring management for the application blacklist determined according to the second determination module 602 to the application on user side;
Wherein, processing module 603 comprises:
First judging unit 6031, for for each application on user side, judges whether this application is network-type application;
Second judging unit 6032, for the application of the network-type when the first judging unit 6031 determines this application, judges whether this application is apply the application in blacklist;
Processing unit 6033 is, when applying the application in blacklist, show information for determining to apply when the second judging unit 6032.
It should be noted that, in the present embodiment, processing unit 6033 specifically can also comprise:
First process subelement 60331, for the information of all application in user side disposable displaying application blacklist;
Second process subelement 60332, for when applying an application in blacklist and being run, user side shows the information of this application.
In the present embodiment, user side can get the level of security of the target WIFI network of current connection, and determine different application blacklists according to this level of security, user side carries out monitoring management according to this application blacklist to the application on user side, what namely user side can be real-time adopts different monitoring strategies to monitor the application on user side according to different network security level, thus when avoiding owing to being connected to insecure network, the leaking data caused during the application of user side security of operation.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that, disclosed system, apparatus and method, can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. various can be program code stored medium.
The above, above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Accompanying drawing explanation
Fig. 1 is an embodiment schematic diagram of data guard method in the embodiment of the present invention;
Fig. 2 is another embodiment schematic diagram of data guard method in the embodiment of the present invention;
Fig. 3 is another embodiment schematic diagram of data guard method in the embodiment of the present invention;
Fig. 4 is an embodiment schematic diagram of user side in the embodiment of the present invention;
Fig. 5 is another embodiment schematic diagram of user side in the embodiment of the present invention;
Fig. 6 is another embodiment schematic diagram of user side in the embodiment of the present invention.
Embodiment
Embodiments provide a kind of data guard method, the application blacklist that the level of security for the objective network according to the current connection of user side is corresponding carries out monitoring management to the application on user side.
The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, should belong to the scope of protection of the invention.
Claims (10)
1. a data guard method, is characterized in that, comprising:
User side determines the level of security of the target WIFI network of current connection;
Described user side determines the application blacklist that described level of security is corresponding;
Described user side carries out monitoring management according to described application blacklist to the application on described user side.
2. data guard method according to claim 1, is characterized in that, described user side determines that the level of security of the target WIFI network of current connection comprises:
Described user side judges that whether described target WIFI network is the network in preset network black and white lists;
If so, then described user side determines the level of security of described target WIFI network according to described preset network black and white lists;
If not, then described user side sends probe data packet to described target WIFI network;
Described user side determines the level of security of described target WIFI network according to described probe data packet.
3. data guard method according to claim 2, is characterized in that, described user side sends probe data packet to described target WIFI network and comprises:
Described user side sends the first probe data packet to described target WIFI network, and whether described first probe data packet is fishing network for detecting described target WIFI network;
Described user side sends the second probe data packet to described target WIFI network, and whether described second probe data packet exists ARP spoofing attack behavior for detecting described target WIFI network;
Described user side sends the 3rd probe data packet to described target WIFI network, and whether described 3rd probe data packet exists DNS deception for detecting described target WIFI network;
According to described probe data packet, described user side determines that the level of security of described target WIFI network is specially:
Described user side determines the level of security of described target WIFI network according to described first probe data packet, the second probe data packet and the 3rd probe data packet.
4. data guard method according to claim 1, is characterized in that, described user side carries out monitoring management according to described application blacklist to the application on described user side and comprises:
For each application on described user side, described user side judges whether described application is network-type application;
If described application is network-type application, then described user side judges that whether described application is the application in described application blacklist;
If described application is the application in described application blacklist, then described user side shows information.
5. data guard method according to claim 4, is characterized in that, described user side shows that information comprises:
The information of all application in the disposable displaying of described user side described application blacklist;
Or,
When an application in described application blacklist is run, described user side shows the information of described application.
6. a user side, is characterized in that, comprising:
First determination module, for determining the level of security of the target WIFI network of current connection;
Second determination module, for determining the application blacklist that described level of security that described first determination module is determined is corresponding;
Processing module, carries out monitoring management for the described application blacklist determined according to described second determination module to the application on described user side.
7. user side according to claim 6, is characterized in that, described first determination module comprises:
Judging unit, for judging that whether described target WIFI network is the network in preset network black and white lists;
First determining unit, during for determining that described target WIFI network is the network in preset network black and white lists when described judging unit, determines the level of security of described target WIFI network;
Transmitting element, during for determining that described target WIFI network is not the network in preset network black and white lists when described judging unit, sends probe data packet to described target WIFI network;
Second determining unit, the probe data packet for sending according to described transmitting element determines the level of security of described target WIFI network.
8. user side according to claim 7, is characterized in that, described transmitting element comprises:
First sends subelement, and for sending the first probe data packet to described target WIFI network, whether described first probe data packet is fishing network for detecting described target WIFI network;
Second sends subelement, and for sending the second probe data packet to described target WIFI network, whether described second probe data packet exists ARP spoofing attack behavior for detecting described target WIFI network;
3rd sends subelement, and for sending the 3rd probe data packet to described target WIFI network, whether described 3rd probe data packet exists DNS deception for detecting described target WIFI network;
Described second determining unit specifically for:
The level of security of described target WIFI network is determined according to described first probe data packet, the second probe data packet and the 3rd probe data packet.
9. user side according to claim 6, is characterized in that, described processing module comprises:
First judging unit, for for each application on described user side, judges whether described application is network-type application;
Second judging unit, for the application of the network-type when the first judging unit determines described application, judges that whether described application is the application in described application blacklist;
Processing unit, for when described second judging unit determines that described application is the application in described application blacklist, shows information.
10. user side according to claim 9, is characterized in that, described processing unit comprises:
First process subelement, for the information of all application in the disposable displaying of described user side described application blacklist;
Second process subelement, for when an application in described application blacklist is run, described user side shows the information of described application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510249168.0A CN104883680B (en) | 2015-05-15 | 2015-05-15 | A kind of data guard method and user terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510249168.0A CN104883680B (en) | 2015-05-15 | 2015-05-15 | A kind of data guard method and user terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104883680A true CN104883680A (en) | 2015-09-02 |
| CN104883680B CN104883680B (en) | 2019-08-30 |
Family
ID=53950980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510249168.0A Active CN104883680B (en) | 2015-05-15 | 2015-05-15 | A kind of data guard method and user terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104883680B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282141A (en) * | 2015-09-08 | 2016-01-27 | 北京元心科技有限公司 | Method for detecting security of wireless network accessed by intelligent terminal and intelligent terminal |
| CN105828331A (en) * | 2016-03-28 | 2016-08-03 | 乐视控股(北京)有限公司 | Wireless network safety management method and device |
| CN106412908A (en) * | 2016-09-28 | 2017-02-15 | 维沃移动通信有限公司 | Safety checking method for wireless local area network and mobile terminal |
| CN106658489A (en) * | 2016-09-30 | 2017-05-10 | 广东欧珀移动通信有限公司 | Terminal application processing method, device and mobile terminal |
| WO2017080255A1 (en) * | 2015-11-10 | 2017-05-18 | 中兴通讯股份有限公司 | Control method and device |
| CN106792671A (en) * | 2016-12-30 | 2017-05-31 | 广东欧珀移动通信有限公司 | Data ciphering method, device and terminal device |
| CN107547485A (en) * | 2016-06-29 | 2018-01-05 | 上海连尚网络科技有限公司 | A kind of method and apparatus that fishing focus is identified based on big data |
| CN107623916A (en) * | 2017-09-07 | 2018-01-23 | 上海掌门科技有限公司 | A kind of method and apparatus for carrying out WiFi network security monitoring |
| CN109788435A (en) * | 2018-12-28 | 2019-05-21 | 北京奇安信科技有限公司 | Hotspot management-control method, device, electronic equipment and storage medium |
| CN109992362A (en) * | 2017-12-29 | 2019-07-09 | 广东欧珀移动通信有限公司 | Applied program processing method and device, electronic equipment, computer readable storage medium |
| CN109992368A (en) * | 2017-12-29 | 2019-07-09 | 广东欧珀移动通信有限公司 | Applied program processing method and device, electronic equipment, computer readable storage medium |
| CN111212073A (en) * | 2020-01-02 | 2020-05-29 | 中国银行股份有限公司 | Public cloud-based blacklist account sharing method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080163242A1 (en) * | 2006-12-27 | 2008-07-03 | International Business Machines Corporation | Information processing apparatus, method, and program for controlling resource access by application program |
| CN102158385A (en) * | 2010-11-23 | 2011-08-17 | 东莞宇龙通信科技有限公司 | Data information transmission device and method applied to mobile terminal |
| CN104301117A (en) * | 2014-10-22 | 2015-01-21 | 中国联合网络通信集团有限公司 | Identity verification method and device |
-
2015
- 2015-05-15 CN CN201510249168.0A patent/CN104883680B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080163242A1 (en) * | 2006-12-27 | 2008-07-03 | International Business Machines Corporation | Information processing apparatus, method, and program for controlling resource access by application program |
| CN102158385A (en) * | 2010-11-23 | 2011-08-17 | 东莞宇龙通信科技有限公司 | Data information transmission device and method applied to mobile terminal |
| CN104301117A (en) * | 2014-10-22 | 2015-01-21 | 中国联合网络通信集团有限公司 | Identity verification method and device |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282141A (en) * | 2015-09-08 | 2016-01-27 | 北京元心科技有限公司 | Method for detecting security of wireless network accessed by intelligent terminal and intelligent terminal |
| WO2017080255A1 (en) * | 2015-11-10 | 2017-05-18 | 中兴通讯股份有限公司 | Control method and device |
| CN105828331A (en) * | 2016-03-28 | 2016-08-03 | 乐视控股(北京)有限公司 | Wireless network safety management method and device |
| CN107547485A (en) * | 2016-06-29 | 2018-01-05 | 上海连尚网络科技有限公司 | A kind of method and apparatus that fishing focus is identified based on big data |
| CN106412908A (en) * | 2016-09-28 | 2017-02-15 | 维沃移动通信有限公司 | Safety checking method for wireless local area network and mobile terminal |
| CN106658489B (en) * | 2016-09-30 | 2020-05-05 | Oppo广东移动通信有限公司 | Terminal application processing method and device and mobile terminal |
| CN106658489A (en) * | 2016-09-30 | 2017-05-10 | 广东欧珀移动通信有限公司 | Terminal application processing method, device and mobile terminal |
| CN106792671A (en) * | 2016-12-30 | 2017-05-31 | 广东欧珀移动通信有限公司 | Data ciphering method, device and terminal device |
| CN107623916A (en) * | 2017-09-07 | 2018-01-23 | 上海掌门科技有限公司 | A kind of method and apparatus for carrying out WiFi network security monitoring |
| WO2019047693A1 (en) * | 2017-09-07 | 2019-03-14 | 上海掌门科技有限公司 | Method and device for carrying out wifi network security monitoring |
| CN107623916B (en) * | 2017-09-07 | 2020-08-14 | 上海掌门科技有限公司 | Method and equipment for WiFi network security monitoring |
| CN109992362A (en) * | 2017-12-29 | 2019-07-09 | 广东欧珀移动通信有限公司 | Applied program processing method and device, electronic equipment, computer readable storage medium |
| CN109992368A (en) * | 2017-12-29 | 2019-07-09 | 广东欧珀移动通信有限公司 | Applied program processing method and device, electronic equipment, computer readable storage medium |
| CN109992362B (en) * | 2017-12-29 | 2021-08-13 | Oppo广东移动通信有限公司 | Application program processing method and device, electronic equipment and computer readable storage medium |
| CN109992368B (en) * | 2017-12-29 | 2023-10-20 | Oppo广东移动通信有限公司 | Application processing method and device, electronic equipment and computer readable storage medium |
| CN109788435A (en) * | 2018-12-28 | 2019-05-21 | 北京奇安信科技有限公司 | Hotspot management-control method, device, electronic equipment and storage medium |
| CN111212073A (en) * | 2020-01-02 | 2020-05-29 | 中国银行股份有限公司 | Public cloud-based blacklist account sharing method and device |
| CN111212073B (en) * | 2020-01-02 | 2022-07-05 | 中国银行股份有限公司 | Public cloud-based blacklist account sharing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104883680B (en) | 2019-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104883680A (en) | Data protection method and user terminal | |
| EP3375159B1 (en) | Dynamic honeypot system | |
| US20220239687A1 (en) | Security Vulnerability Defense Method and Device | |
| KR102329493B1 (en) | Method and apparatus for preventing connection in wireless intrusion prevention system | |
| KR101541073B1 (en) | Mobile Infringement Protection System based on smart apparatus for Securing Cloud Environments and Method thereof | |
| US11671402B2 (en) | Service resource scheduling method and apparatus | |
| CN103648094A (en) | Method, device and system for detecting illegal wireless access point | |
| WO2016086763A1 (en) | Wireless access node detecting method, wireless network detecting system and server | |
| CN108012271B (en) | Pseudo base station discovery method and device | |
| CN104683965A (en) | Interception method and equipment for spam short messages of pseudo base station | |
| CN106302373A (en) | A kind of connection control method and terminal | |
| CN108667802A (en) | A kind of monitoring method and system of electric power application network safety | |
| US11689928B2 (en) | Detecting unauthorized access to a wireless network | |
| US10154369B2 (en) | Deterrence of user equipment device location tracking | |
| CN105245494A (en) | Network attack determination method and device | |
| CN104378761A (en) | Method, device and system for detecting illegal access devices | |
| WO2020007250A1 (en) | Pseudo base station identification on-off control method and device, mobile terminal, and storage medium | |
| US9538398B2 (en) | Method, apparatus and system for establishing neighbor relation | |
| CN106919836B (en) | Application port detection method and device | |
| CN111866003B (en) | Risk assessment method and device for terminal | |
| CN115150209A (en) | Data processing method, industrial control system, electronic device, and storage medium | |
| CN105813056A (en) | Network access method and terminal | |
| CN103914423B (en) | A kind of information processing method and electronic equipment | |
| EP3048830A1 (en) | Method, system and computer program product of wireless user device authentication in a wireless network | |
| CN107124390B (en) | Security defense and implementation method, device and system of computing equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20171128 Address after: SED science and technology building, No. 1 Shenzhen Road, 518000 street and Guangdong Province, Nanshan District Guangdong 201 room Applicant after: Shenzhen City Li Ao Technology Co., Ltd. Address before: 518057 national communication No. 5, No. 5, Shenzhen, Shenzhen, Guangdong province 2118 Applicant before: SHENZHEN LEO NETWORK TECHNOLOGY CO., LTD. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |