[0044] It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.
[0045] refer to figure 1 , the first embodiment of the present invention provides a message notification isolation method, the method includes:
[0046] S10: Intercept the message to be displayed sent by the application to the notification bar;
[0047] It should be noted that the execution body of the method in this embodiment may be a message interception software development kit (Software Development Kit, SDK) integrated in the mobile terminal operating system, or may be a message interception packaged in the application program SDK, the mobile terminal can be a terminal device such as a smart phone or a tablet computer that can install an application program and has a notification bar.
[0048] Of course, when the execution body of the method in this embodiment is the message interception SDK packaged in the application program, the message interception SDK can be added to the installation package of the application program (APP) through the application packaging platform, wherein the application package can be To modify the application binary to improve its security and management capabilities, application packaging builds a management layer for the application by "wrapping" the application in a new containerizer (with the required application-level EMM management capabilities built in). It can realize functions such as user authentication, rights management, and data encryption.
[0049] In the specific implementation, in order to maintain interaction with users, APP can effectively increase the retention rate and improve user experience, it usually pushes notifications or messages to users in real time through application push technology. When the mobile terminal is in the standby state, the APP will wait for The display message is pushed to the notification bar.
[0050] It is understandable that the notification bar is also called a message notification bar, which is an interface used to display messages in the mobile terminal operating system. After the APP sends a message to be displayed to the notification bar, the notification bar will first display an icon It is displayed in the notification area in the form of , and the user can open the notification bar to view the detailed information of the notification. The notification area and the notification bar are both areas controlled by the system, and the user can view it at any time.
[0051] S20: Detect the current security state;
[0052] It should be noted that the detection of the current security state can be understood as detection of the current security state of the mobile terminal, so as to determine whether the message to be displayed needs to be quarantined.
[0053] Understandably, referring to figure 2 , the current security status can be detected by the message interception SDK. Of course, a message notification management program (ie, the "message notification management APP" in the figure) can also be installed in the mobile terminal operating system, and the message notification management program can detect the current security status. Security status is checked.
[0054] When the message notification management program is used to detect the current security status, the message interception SDK will intercept the message to be displayed and forward it to the message notification management program, and the message notification management program will detect the current security status. When the current security state is an unsafe state, the message to be displayed is also isolated and processed by the message notification management program. The specific method of interception is related to the type of mobile operating system. Taking the Android system as an example, the agent Notification class can be used , to intercept the sent message notification.
[0055] In a specific implementation, the detection of the current security state can be performed in various ways. The following three ways are used as examples, but the protection scope of the present invention is not limited.
[0056] The first method is: a security domain detection method; that is, it is judged whether the current operating system is in the security domain, and when the current operating system is not in the security domain, the current security state is determined to be an unsafe state.
[0057]It should be noted that the security domain is a new application and data running space opened up in the mobile terminal operating system. The applications and data in the security domain and the personal domain are isolated, and mutual access is limited, ensuring that the security domain Application and data security, that is, when the mobile terminal operating system is not in the security domain, the current security state is determined to be an unsafe state, otherwise, the current security state is determined to be a secure state.
[0058] The second method is: location detection method; that is, the current security state is determined according to the location of the mobile terminal, and the specific process is to obtain the current location first, and then determine whether the current location belongs to the preset location range. When the current position is not within the preset position range, it is determined that the current safe state is an unsafe state.
[0059] It is understandable that, for a mobile terminal, when it is within the range of users' frequent activities, such as areas such as home, company, or school, it can usually be considered that the mobile terminal is in the hands of the user, and data leakage generally does not occur. , when the current position is not within the preset position range, the current safe state is determined to be an unsafe state, otherwise, the current safe state is determined to be a safe state.
[0060] In a specific implementation, multiple security areas may be preset, that is to say, a range where the user often moves may be set as a security area, and the set security area may be added to the preset location range.
[0061] The third method is: connection detection method; that is, the current security state is determined according to the current network connection information of the mobile terminal, and the specific process is to first obtain the current network connection information, and then determine whether the current network connection information belongs to the preset connection information, when the current network connection information does not belong to the preset connection information, it is determined that the current security state is an unsafe state.
[0062] It is understandable that, for a mobile terminal, when it is connected to a frequently used network, such as a WIFI network in a home, company, or school, it can usually be considered that the mobile terminal is in the hands of the user, and data leakage generally does not occur. , therefore, when the current network connection information does not belong to the preset connection information, the current security state is determined to be an unsafe state; otherwise, the current security state is determined to be a secure state.
[0063] In a specific implementation, multiple security networks may be set, that is, a network frequently connected by a user may be set as a security network, and the set security network may be added to the preset connection information.
[0064] S30: When the current security state is an unsafe state, perform isolation processing on the message to be displayed.
[0065] It should be noted that the performing isolation processing on the message to be displayed when the current security state is an unsafe state may specifically include: detecting the to-be-displayed message when the current security state is an unsafe state Whether the message contains a preset keyword, if the message to be displayed contains a preset keyword, the message to be displayed is subjected to isolation processing, so as to effectively identify whether there is any privacy-related data in the message to be displayed, To prevent data leakage, if the message to be displayed does not contain a preset keyword, it means that the message to be displayed does not involve private data, so the message to be displayed is not processed.
[0066] It is understandable that when the message to be displayed is isolated, the message to be displayed can be directly discarded, that is, the message to be displayed is not displayed in the notification bar, but this method is easy to make the mobile terminal When a message to be displayed is received, the user will not be notified, so that the user cannot be informed in time that the message to be displayed is received by the mobile phone. In order to avoid this problem, in this embodiment, when the message to be displayed is quarantined, the The notification bar sends a prompt with unread messages instead of displaying the to-be-displayed message in the notification bar, so that the user can be informed in time that the mobile receives the to-be-displayed message, while avoiding data leakage.
[0067] In a specific implementation, when the current security state is the security state, the message to be displayed is sent to the notification bar, and the message to be displayed is no longer isolated.
[0068] In this embodiment, the current security state is detected by intercepting the message to be displayed sent by the application to the notification bar, and when the current security state is an unsafe state, the message to be displayed is isolated and processed to prevent the notification bar from being displayed in an unsafe state. Appropriate timing to display messages resulting in data breaches.
[0069] refer to image 3 , the first embodiment of the present invention provides a message notification isolation device, the device includes:
[0070] The message interception module 10 is used for intercepting the message to be displayed sent by the application to the notification bar;
[0071] It should be noted that the device in this embodiment may be a message interception software development kit (Software Development Kit, SDK) integrated in the mobile terminal operating system, or may be a message interception SDK packaged in the application program, so The mobile terminal may be a terminal device capable of installing an application program and having a notification bar, such as a smart phone or a tablet computer.
[0072] Of course, when the device of this embodiment is the message interception SDK packaged in the application program, the message interception SDK can be added to the installation package of the application program (APP) through the application packaging platform, wherein the application package can be a modified application Program binary to enhance the practice of adding its security and management capabilities by "wrapping" the application in a new containerized program (with the required application-level EMM management capabilities built in). Application packaging builds a management layer for the application, enabling users to Authentication, rights management, data encryption and other functions.
[0073] In the specific implementation, in order to maintain interaction with users, APP can effectively increase the retention rate and improve user experience, it usually pushes notifications or messages to users in real time through application push technology. When the mobile terminal is in the standby state, the APP will wait for The display message is pushed to the notification bar.
[0074] It is understandable that the notification bar is also called a message notification bar, which is an interface used to display messages in the mobile terminal operating system. After the APP sends a message to be displayed to the notification bar, the notification bar will first display an icon It is displayed in the notification area in the form of , and the user can open the notification bar to view the detailed information of the notification. The notification area and the notification bar are both areas controlled by the system, and the user can view it at any time.
[0075] The state detection module 20 is used to detect the current security state;
[0076] It should be noted that the detection of the current security state can be understood as detection of the current security state of the mobile terminal, so as to determine whether the message to be displayed needs to be quarantined.
[0077] Understandably, referring to figure 2 , the current security status can be detected by the message interception SDK. Of course, a message notification management program (ie, the "message notification management APP" in the figure) can also be installed in the mobile terminal operating system, and the message notification management program can detect the current security status. Security status is checked.
[0078] When the message notification management program is used to detect the current security status, the message interception SDK will intercept the message to be displayed and forward it to the message notification management program, and the message notification management program will detect the current security status. When the current security state is an unsafe state, the message to be displayed is also isolated and processed by the message notification management program, and the specific method of interception is related to the type of mobile operating system. Taking the Android system as an example, the proxy Notification class can be used , to intercept the sent message notification.
[0079] In a specific implementation, the detection of the current security state can be performed in various ways. The following three ways are used as examples, but the protection scope of the present invention is not limited.
[0080] The first method is: a security domain detection method; that is, it is judged whether the current operating system is in the security domain, and when the current operating system is not in the security domain, the current security state is determined to be an unsafe state.
[0081] It should be noted that the security domain is a new application and data running space opened up in the mobile terminal operating system. The applications and data in the security domain and the personal domain are isolated, and mutual access is limited, ensuring that the security domain Application and data security, that is, when the mobile terminal operating system is not in the security domain, the current security state is determined to be an unsafe state, otherwise, the current security state is determined to be a secure state.
[0082] The second method is: location detection method; that is, the current security state is determined according to the location of the mobile terminal, and the specific process is to obtain the current location first, and then determine whether the current location belongs to the preset location range. When the current position is not within the preset position range, it is determined that the current safe state is an unsafe state.
[0083] It is understandable that, for a mobile terminal, when it is within the range of users' frequent activities, such as areas such as home, company, or school, it can usually be considered that the mobile terminal is in the hands of the user, and data leakage generally does not occur. , when the current position is not within the preset position range, the current safe state is determined to be an unsafe state, otherwise, the current safe state is determined to be a safe state.
[0084] In a specific implementation, multiple security areas may be preset, that is to say, a range where the user often moves may be set as a security area, and the set security area may be added to the preset location range.
[0085] The third method is: connection detection method; that is, the current security state is determined according to the current network connection information of the mobile terminal, and the specific process is to first obtain the current network connection information, and then determine whether the current network connection information belongs to the preset connection information, when the current network connection information does not belong to the preset connection information, it is determined that the current security state is an unsafe state.
[0086] It is understandable that, for a mobile terminal, when it is connected to a frequently used network, such as a WIFI network in a home, company, or school, it can usually be considered that the mobile terminal is in the hands of the user, and data leakage generally does not occur. , therefore, when the current network connection information does not belong to the preset connection information, the current security state is determined to be an unsafe state; otherwise, the current security state is determined to be a secure state.
[0087] In a specific implementation, multiple security networks may be set, that is, a network frequently connected by a user may be set as a security network, and the set security network may be added to the preset connection information.
[0088] The message isolation module 30 is configured to isolate the message to be displayed when the current security state is an unsafe state.
[0089] It should be noted that the performing isolation processing on the message to be displayed when the current security state is an unsafe state may specifically include: detecting the to-be-displayed message when the current security state is an unsafe state Whether the message contains a preset keyword, if the message to be displayed contains a preset keyword, the message to be displayed is subjected to isolation processing, so as to effectively identify whether there is any privacy-related data in the message to be displayed, To prevent data leakage, if the message to be displayed does not contain a preset keyword, it means that the message to be displayed does not involve private data, so the message to be displayed is not processed.
[0090]It is understandable that when the message to be displayed is isolated, the message to be displayed can be directly discarded, that is, the message to be displayed is not displayed in the notification bar, but this method is easy to make the mobile terminal When the message to be displayed is received, the user will not be notified, so that the user cannot be informed in time that the message to be displayed is received by the mobile phone. In order to avoid this problem, in this embodiment, when the message to be displayed is quarantined, the The notification bar sends a prompt with unread messages, instead of displaying the to-be-displayed message in the notification bar, so that the user can be informed in time that the mobile receives the to-be-displayed message, while avoiding data leakage.
[0091] In a specific implementation, when the current security state is the security state, the message to be displayed is sent to the notification bar, and the message to be displayed is no longer isolated.
[0092] In this embodiment, the current security state is detected by intercepting the message to be displayed sent by the application to the notification bar, and when the current security state is an unsafe state, the message to be displayed is isolated and processed to prevent the notification bar from being in an unsafe state. Appropriate timing to display messages resulting in data breaches.
[0093] It should be noted that, herein, the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion, such that a process, method, article or system comprising a series of elements includes not only those elements, It also includes other elements not expressly listed or inherent to such a process, method, article or system. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article or system that includes the element.
[0094] The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages or disadvantages of the embodiments.
[0095] From the description of the above embodiments, those skilled in the art can clearly understand that the method of the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation. Based on this understanding, the technical solutions of the present invention can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products are stored in a storage medium (such as ROM/RAM, magnetic disk, CD-ROM), including several instructions to make a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the methods described in the various embodiments of the present invention.
[0096] The above are only preferred embodiments of the present invention, and are not intended to limit the scope of the present invention. Any equivalent structure or equivalent process transformation made by using the contents of the description and drawings of the present invention, or directly or indirectly applied in other related technical fields , are similarly included in the scope of patent protection of the present invention.
