CN106559399A - A kind of the Internet mobile terminal synthesis managing and control system - Google Patents

A kind of the Internet mobile terminal synthesis managing and control system Download PDF

Info

Publication number
CN106559399A
CN106559399A CN201510641320.XA CN201510641320A CN106559399A CN 106559399 A CN106559399 A CN 106559399A CN 201510641320 A CN201510641320 A CN 201510641320A CN 106559399 A CN106559399 A CN 106559399A
Authority
CN
China
Prior art keywords
internet
mobile terminal
management
control system
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510641320.XA
Other languages
Chinese (zh)
Inventor
毕玉明
聂跃进
苏静
蔡里宁
王平胜
尹群
贾利滨
赵晓辉
刘岗
李哲
黄乔
左洪文
张平义
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Joint Military Network Technology Center
Original Assignee
Beijing Joint Military Network Technology Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Joint Military Network Technology Center filed Critical Beijing Joint Military Network Technology Center
Priority to CN201510641320.XA priority Critical patent/CN106559399A/en
Publication of CN106559399A publication Critical patent/CN106559399A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Abstract

The invention discloses a kind of the Internet mobile terminal synthesis managing and control system, it is characterised in that include:The Internet mobile terminal managing and control system, the intelligent mobile terminal to accessing the Internet carry out comprehensive management and control, and the corresponding operating in mobile terminal is locked and forbidden;Internet traffic controlling and management;Real-time tracking and monitoring are carried out to the flow of the Internet and monitored results are implemented with corresponding management;And Internet user authentication management system in army, identification is authenticated to the user terminal of the Internet in access army.By using above-mentioned total management system, have effectively achieved the security management and control to mobile terminal, it is ensured that the safety of important information.

Description

A kind of the Internet mobile terminal synthesis managing and control system
Technical field
The present invention relates to the security management and control field of the Internet mobile terminal, particularly a kind of the Internet mobile terminal Comprehensive managing and control system.
Background technology
Existing smart mobile phone or can by other mobile terminal devices of wireless network access the Internet, May by taking pictures, imaging or the mode such as geographical location information is uploaded, by important information in state can be obtained, Some need the research and development area of the such as company's new product of region disclosed in restricted information, Experimental Area, or other The field of need for confidentiality, after mobile terminal device enters the region, it is impossible to ensure important information safety.By In the Internet mobile terminal device that there is currently no controllable management, just there is no the management movement end yet The management system of end equipment.And need the Internet mobile device used in strict region enter information Row management, it is easy to cause important information to reveal, affects information security.To the Internet of restricted area Management and control has become the major issue for being badly in need of solving.
The content of the invention
In view of this, it is an object of the invention to provide one kind can be to needing management and control region implementation information safety The Internet mobile terminal synthesis managing and control system of management and control.
Included based on the Internet mobile terminal synthesis managing and control system that the above-mentioned purpose present invention is provided:
The Internet mobile terminal managing and control system, the intelligent mobile terminal to accessing the Internet carry out comprehensive management and control, Corresponding operating in mobile terminal is locked and forbidden;Internet traffic controlling and management;To mutual The flow of networking carries out real-time tracking and monitoring, and monitored results are implemented with corresponding management;And the Internet User authentication management system, the user terminal to accessing the Internet in army are authenticated identification.
In some embodiments, the Internet mobile terminal managing and control system includes following subsystem:
Attack protection and Anti-Virus, carry out monitor in real time to network-wide security situation, according to level of security threat Early warning is carried out, and conventional security incident is tracked using DLP technologies, effectively prevent Cyberthreat;
Information filtering and auditing system, exercise supervision and manage to user's internet behavior, to user search, it is clear The sensitive public feelings information look at, issued is monitored, and guided according to prediction scheme, early warning or implement closure, And firewall box is combined, it is linked at the total gateway of network, by net using bypass mirror image listening mode Network data flow is analyzed, there is provided behavior monitoring and contents supervision,
Mobile solution management system, carries out security evaluation, security hardening and carries out to the application program in terminal Unified distribution and management, effectively block security breaches, prevent from installing the wood for producing by the download of application program Horse virus problems.
In some embodiments, the internet traffic controlling and management includes following subsystem:
3G/4G network access control systems, make mobile terminal enough enter network management and control by VPDN technologies Scope, ensures the safety of access network by L2TP Tunnel technology;
WLAN access control system, is encrypted using special host-host protocol, it is ensured that mobile whole Secure wireless communication between end and WLAN access equipment.
The Internet user authentication management system includes following subsystem in some embodiments:
Information situation during mobile terminal use, behavior, data are carried out by mobile device management system Monitoring in real time and management, so as to the safe and reliable of mobile terminal system is ensured in dynamic.
Authentication identifying system, for detect user identity it is whether legal and user's access authentication license after License access.
The Internet mobile terminal managing and control system also includes following subsystem in some embodiments:
Terminal remote management module, the mobile terminal for docking network implement remote-control, and remote control movement is eventually The network access at end, photographic head close the contents such as unlatching, data encrypting and deciphering, User logs in.
Wireless LAN safety management and control module, carries out remote management to WLAN, to access point apparatus, Access terminal and access network flow carry out remote monitoring.
It can be seen that the Internet mobile terminal synthesis managing and control system that the present invention is provided, by the movement for accessing the Internet Terminal management, internet traffic monitoring and management, user authentication manage three parts to needing in management and control region Internet user carry out information security monitoring and management and control, be achieved in needing the Internet in management and control region User can both access the Internet, download and installed application, not result in important information loss again.
Description of the drawings
Figure is the schematic diagram of the Internet mobile terminal synthesis management and control system structure of the present invention;
1- the Internets mobile terminal synthesis managing and control system, 11- the Internets mobile terminal managing and control system, 12- interconnections Net traffic monitoring and management system, 13- Internet user authentication management systems, 111- attack protections and anti-virus system System, 112- information filterings and auditing system, 113- Mobile solution managing and control systems, 114- mobile terminal remote pipes Reason system, 115- WLAN long-distance management systems, 121-3G/4G network access control systems, 122- Wireless local area network access control system, 131- mobile device management systems, 132- user identity management systems.
Specific embodiment
To make the object of the invention, technical scheme and advantage become more apparent, below in conjunction with specific embodiment, And referring to the drawings, the present invention is described in more detail.
As illustrated, the Internet mobile terminal synthesis managing and control system 1 that the present invention is provided, at least including as follows Several parts:
The Internet mobile terminal managing and control system 11, the intelligent mobile terminal to accessing the Internet carry out integrated pipe Control, is locked and is forbidden to the corresponding operating in mobile terminal.
Internet traffic controlling and management 12, carries out real-time tracking and monitoring to the flow of the Internet, And monitored results are implemented with corresponding management.
And Internet user authentication management system 13, the user terminal of the Internet in access army is recognized Card identification.
Wherein, the Internet mobile terminal managing and control system 1 includes following subsystem:
Attack protection and Anti-Virus 111, carry out (Millisecond) in real time and monitor to network-wide security situation, and one Denier finds that security incident carries out early warning (sending relevant person liable of SMS notification etc.) according to level of security threat, And long-term follow is carried out to conventional security incident using DLP technologies, effectively prevent the network prestige such as 0day attacks The side of body.
Information filtering and auditing system 112, by monitor bypass network egress flow, to user's internet behavior Exercise supervision and manage, sensitive public feelings information user being searched for, browsed, is issued is monitored, and according to Prediction scheme is guided, early warning or enforcement are blocked, and with reference to the ability of tracing to the source of secure accessing network, it is effectively right User's internet behavior, including access the type of website, streaming medium content, puppy parc type, download file, Many item securities such as SMTP monitoring exercise supervision and manage.
Mobile solution management system 113, carries out security evaluation, security hardening simultaneously to the application program in terminal Carry out unifying to distribute and managing, it is ensured that the existing abundant application program of mobile terminal, meet using the Internet Demand, and security breaches are effectively blocked, prevent the trojan horse for installing generation by the download of application program from asking Topic.AMS can remotely push application software and carry out installation of mourning in silence to designated flat, it is also possible to long-range Mourn in silence and delete the mounted application of designated flat.Application software in AMS is intended to carry out at reinforcing Reason, to prevent by malicious sabotage or implanted rogue program.
Internet traffic controlling and management 12 includes following subsystem:
3G/4G network access control systems 121, make mobile terminal enough enter network pipe by VPDN technologies Control scope, ensures the safety of access network by L2TP Tunnel technology;
WLAN access control system 122, is encrypted using special host-host protocol, it is ensured that moved Secure wireless communication between dynamic terminal and WLAN access equipment.
Internet user authentication management system 13 includes:
Mobile device management system 131, to the information situation during mobile terminal use, behavior, data Monitored in real time and managed, so as to the safe and reliable of mobile terminal system is ensured in dynamic.
Authentication identifying system 132, for detecting whether user identity is legal and permitted in user's access authentication Can after license access, user by after certification, having a status firewall based on this user, His access control policy can be set according to each user, WEB webpages and transmitting-receiving postal can only be such as accessed Part, it is impossible to run software of P2P etc..
The Internet mobile terminal managing and control system 11 can also include:
Mobile terminal remote management system 114, the mobile terminal for docking network implement remote-control, long-range to grasp The network access of control mobile terminal, photographic head close the contents such as unlatching, data encrypting and deciphering, User logs in. Data erasing can be carried out to designated equipment remotely, once mobile terminal is lost, all data can be wiped immediately
WLAN long-distance management system 115, carries out remote management to WLAN, to access point (AP) Many management elements such as equipment, access terminal and access network flow carry out remote monitoring and realize remote opening With the operation such as close, and can effectively prevent the Means of Intrusion such as rogue AP, pseudo-base station.
Those of ordinary skill in the art should be understood:The discussion of any of the above embodiment is exemplary only, It is not intended to imply that the scope of the present disclosure (including claim) is limited to these examples;In the think of of the present invention Under road, can also be combined between the technical characteristic in above example or different embodiments, step can To be realized with random order, and many other changes of the different aspect of the presence present invention as above, it is It is simple and clear they provide without in the details.Therefore, it is all within the spirit and principles in the present invention, done Any omission, modification, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (5)

1. a kind of the Internet mobile terminal synthesis managing and control system, it is characterised in that include:
The Internet mobile terminal managing and control system, the intelligent mobile terminal to accessing the Internet carry out comprehensive management and control, Corresponding operating in mobile terminal is locked and forbidden;
Internet traffic controlling and management;Real-time tracking and monitoring are carried out to the flow of the Internet, and it is right Monitored results implement corresponding management;And
Internet user authentication management system, the user terminal to accessing the Internet in army are authenticated identification.
2. the Internet mobile terminal according to claim 1 synthesis managing and control system, it is characterised in that institute Stating the Internet mobile terminal managing and control system includes following subsystem:
Attack protection and Anti-Virus, carry out monitor in real time to network-wide security situation, according to level of security threat Early warning is carried out, and conventional security incident is tracked using DLP technologies, effectively prevent Cyberthreat;
Information filtering and auditing system, sensitive public feelings information user being searched for, browsed, is issued are monitored, And guided according to prediction scheme, early warning or implement closure, with reference to firewall box, monitored using bypass mirror image Mode is linked at the total gateway of network, by being analyzed to network data flow, there is provided behavior monitoring and interior Hold monitoring;
Mobile solution management system, carries out security evaluation, security hardening and carries out to the application program in terminal Unified distribution and management, effectively block security breaches, prevent from installing the wood for producing by the download of application program Horse virus problems.
3. the Internet mobile terminal according to claim 1 synthesis managing and control system, it is characterised in that institute Stating internet traffic controlling and management includes following subsystem:
3G/4G network access control systems, make mobile terminal enough enter network management and control by VPDN technologies Scope, ensures the safety of access network by L2TP Tunnel technology;
WLAN access control system, is encrypted using special host-host protocol, it is ensured that mobile whole Secure wireless communication between end and WLAN access equipment.
4. the Internet mobile terminal according to claim 1 synthesis managing and control system, it is characterised in that institute Stating Internet user authentication management system includes following subsystem:
Information situation during mobile terminal use, behavior, data are carried out by mobile device management system Monitoring in real time and management, so as to the safe and reliable of mobile terminal system is ensured in dynamic.
Authentication identifying system, for detect user identity it is whether legal and user's access authentication license after License access.
5. the Internet mobile terminal according to claim 1 and 2 synthesis managing and control system, it is characterised in that The Internet mobile terminal managing and control system also includes following subsystem:
Terminal remote management module, the mobile terminal for docking network implement remote-control, and remote control movement is eventually The network access at end, photographic head close the contents such as unlatching, data encrypting and deciphering, User logs in.
Wireless LAN safety management and control module, carries out remote management to WLAN, to access point apparatus, Access terminal and access network flow carry out remote monitoring.
CN201510641320.XA 2015-09-30 2015-09-30 A kind of the Internet mobile terminal synthesis managing and control system Pending CN106559399A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510641320.XA CN106559399A (en) 2015-09-30 2015-09-30 A kind of the Internet mobile terminal synthesis managing and control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510641320.XA CN106559399A (en) 2015-09-30 2015-09-30 A kind of the Internet mobile terminal synthesis managing and control system

Publications (1)

Publication Number Publication Date
CN106559399A true CN106559399A (en) 2017-04-05

Family

ID=58417533

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510641320.XA Pending CN106559399A (en) 2015-09-30 2015-09-30 A kind of the Internet mobile terminal synthesis managing and control system

Country Status (1)

Country Link
CN (1) CN106559399A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107171855A (en) * 2017-06-19 2017-09-15 淄博掌游网络科技有限公司 A kind of information security managing and control system and information security management and control method
CN107301334A (en) * 2017-06-28 2017-10-27 广东欧珀移动通信有限公司 Pay class application program and download means of defence, device and mobile terminal
CN107634884A (en) * 2017-08-28 2018-01-26 深信服科技股份有限公司 Cloud network log-in management system and method based on Virtual Private Dialup Network
CN107889108A (en) * 2016-09-29 2018-04-06 北京军地联合网络技术中心 A kind of Distributed Area internet security guard system
CN109614181A (en) * 2018-11-15 2019-04-12 中国科学院计算机网络信息中心 Security postures methods of exhibiting, device and the storage medium of mobile terminal
CN109739203A (en) * 2019-02-25 2019-05-10 南京世界村云数据产业集团有限公司 A kind of industrial network Border Protection system
CN110351229A (en) * 2018-04-04 2019-10-18 电信科学技术研究院有限公司 A kind of terminal UE management-control method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789948A (en) * 2010-02-21 2010-07-28 浪潮通信信息***有限公司 Hierarchical type mobile internet security monitoring and protecting system
CN103442354A (en) * 2013-09-04 2013-12-11 上海辰锐信息科技公司 Mobile-police-terminal safety management and control system
CN104641377A (en) * 2012-10-19 2015-05-20 迈克菲股份有限公司 Data loss prevention for mobile computing devices
CN104702603A (en) * 2015-03-04 2015-06-10 南京邮电大学 Multi-view-angle security auditing system for mobile internet
CN104715168A (en) * 2015-02-13 2015-06-17 陈佳阳 File security control and trace method and system based on digital fingerprints

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789948A (en) * 2010-02-21 2010-07-28 浪潮通信信息***有限公司 Hierarchical type mobile internet security monitoring and protecting system
CN104641377A (en) * 2012-10-19 2015-05-20 迈克菲股份有限公司 Data loss prevention for mobile computing devices
CN103442354A (en) * 2013-09-04 2013-12-11 上海辰锐信息科技公司 Mobile-police-terminal safety management and control system
CN104715168A (en) * 2015-02-13 2015-06-17 陈佳阳 File security control and trace method and system based on digital fingerprints
CN104702603A (en) * 2015-03-04 2015-06-10 南京邮电大学 Multi-view-angle security auditing system for mobile internet

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107889108A (en) * 2016-09-29 2018-04-06 北京军地联合网络技术中心 A kind of Distributed Area internet security guard system
CN107171855A (en) * 2017-06-19 2017-09-15 淄博掌游网络科技有限公司 A kind of information security managing and control system and information security management and control method
CN107301334A (en) * 2017-06-28 2017-10-27 广东欧珀移动通信有限公司 Pay class application program and download means of defence, device and mobile terminal
CN107634884A (en) * 2017-08-28 2018-01-26 深信服科技股份有限公司 Cloud network log-in management system and method based on Virtual Private Dialup Network
CN107634884B (en) * 2017-08-28 2020-12-04 深信服科技股份有限公司 Cloud networking behavior management system and method based on virtual private dial-up network
CN110351229A (en) * 2018-04-04 2019-10-18 电信科学技术研究院有限公司 A kind of terminal UE management-control method and device
CN110351229B (en) * 2018-04-04 2020-12-08 电信科学技术研究院有限公司 Terminal UE (user equipment) management and control method and device
US11206541B2 (en) 2018-04-04 2021-12-21 Datang Mobile Communications Equipment Co., Ltd. Method and device for managing and controlling terminal UE
CN109614181A (en) * 2018-11-15 2019-04-12 中国科学院计算机网络信息中心 Security postures methods of exhibiting, device and the storage medium of mobile terminal
CN109739203A (en) * 2019-02-25 2019-05-10 南京世界村云数据产业集团有限公司 A kind of industrial network Border Protection system
CN109739203B (en) * 2019-02-25 2021-09-21 南京世界村云数据产业集团有限公司 Industrial network boundary protection system

Similar Documents

Publication Publication Date Title
Petrenko et al. Protection model of PCS of subway from attacks type «wanna cry»,«petya» and «bad rabbit» IoT
CN106559399A (en) A kind of the Internet mobile terminal synthesis managing and control system
CN109729180A (en) Entirety is intelligence community platform
US11155239B2 (en) Method and system for managing access of vehicle compartment
CN106911529A (en) Power network industry control safety detecting system based on protocol analysis
CN100486180C (en) Local network safety management method based on IEEE 802.1X protocol
US20200053567A1 (en) Security architecture for machine type communications
CN104244249A (en) Techniques for providing security protection in wireless network by switching modes
CN107276983A (en) A kind of the traffic security control method and system synchronous with cloud based on DPI
KR20130050865A (en) Caused by the use of smart device internal confidential data leakage prevention & trace system and method
CN109995769A (en) A kind of trans-regional full actual time safety management-control method of multi-tier Heterogeneous
CN115150208B (en) Zero-trust-based Internet of things terminal secure access method and system
CN113382076A (en) Internet of things terminal security threat analysis method and protection method
CN109165508A (en) A kind of external device access safety control system and its control method
CN113794714A (en) Network safety system for intelligent power plant architecture
CN115314286A (en) Safety guarantee system
Rekik et al. A cyber-physical threat analysis for microgrids
Miloslavskaya et al. Ensuring information security for internet of things
KR101237376B1 (en) Integrated security control System and Method for Smartphones
CN112839031A (en) Industrial control network security protection system and method
CN102970188B (en) A kind of 110kV digital transformer substation secure network
Monshizadeh et al. IoT Security
KR20200054495A (en) Method for security operation service and apparatus therefor
Das et al. Smart City Vulnerabilities: An Overview
CN110990900B (en) Computer network intelligent monitoring system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170405