[go: up one dir, main page]

CN103685266B - Enterprise data protection method and device - Google Patents

Enterprise data protection method and device Download PDF

Info

Publication number
CN103685266B
CN103685266B CN201310666504.2A CN201310666504A CN103685266B CN 103685266 B CN103685266 B CN 103685266B CN 201310666504 A CN201310666504 A CN 201310666504A CN 103685266 B CN103685266 B CN 103685266B
Authority
CN
China
Prior art keywords
call
event
user
record
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310666504.2A
Other languages
Chinese (zh)
Other versions
CN103685266A (en
Inventor
王力
王鹏程
李旋
刘伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qizhi Business Consulting Co ltd
Beijing Qihoo Technology Co Ltd
360 Digital Security Technology Group Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201310666504.2A priority Critical patent/CN103685266B/en
Publication of CN103685266A publication Critical patent/CN103685266A/en
Priority to PCT/CN2014/087815 priority patent/WO2015085819A1/en
Priority to US15/103,531 priority patent/US20160316330A1/en
Priority to PCT/CN2014/093391 priority patent/WO2015085906A1/en
Application granted granted Critical
Publication of CN103685266B publication Critical patent/CN103685266B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides guard method and the device of a kind of business data.The method includes: set up the workspace for storing business data in the terminal;Wherein, the mode of the data acquisition encryption of workspace preserves;System event is monitored, and judges whether system event meets enterprise or the rule of user's setting;When system event meet that enterprise or user set regular when, perform and the corresponding operation of this event in workspace.By the invention it is possible to avoid the leakage of the business data causing due to the attack of rogue program, even if mobile terminal is lost, owing to workspace is encrypted, other people can not read and obtain business data, it is ensured that the security of business data, and can not be obtained by the malicious programs.

Description

企业数据的保护方法和装置Enterprise data protection method and device

技术领域technical field

本发明涉及信息安全领域,特别是涉及一种企业数据的保护方法和装置。背景技术The invention relates to the field of information security, in particular to a method and device for protecting enterprise data. Background technique

随着智能终端的成熟与普及,以手机、平板为代表的个人智能终端设备逐渐进入企业领域。未来企业将会支持员工在个人移动终端上运行企业办公应用程序,这类被称为BYOD(Bring Your Own Device,自带设备办公)的现象为企业安全和管理带来了新的挑战。With the maturity and popularization of smart terminals, personal smart terminal devices represented by mobile phones and tablets have gradually entered the enterprise field. In the future, enterprises will support employees to run enterprise office applications on personal mobile terminals. This phenomenon called BYOD (Bring Your Own Device) brings new challenges to enterprise security and management.

在这种情况下,由于允许员工通过移动终端进行便捷的办公,移动终端需保存用于工作的企业数据,例如邮件、短消息、通话记录、联系人信息等,同时也会保存用户的私人数据。In this case, since employees are allowed to work conveniently through mobile terminals, mobile terminals need to save corporate data for work, such as emails, short messages, call records, contact information, etc., and also save users' private data .

但是,由于存在如下情况:第一,企业员工的移动终端可以在任何时间、任何地点接入移动互联网或公共/家庭网络,移动终端中的企业数据也会暴露在来自互联网的攻击之下,具有安全缺陷。第二,同一移动终端上既有个人应用,又有企业应用和数据,个人应用可以随意访问、存取企业数据,从而存在企业数据被个人应用非法上传、共享和外泄的风险。第三,移动终端容易丢失,移动终端中所保存的企业敏感数据也因此面临泄密风险,设备丢失不但意味着敏感商业信息的泄漏和丢失,所丢失的设备也可能会变成攻击企业网络的跳板。第四,在移动互联网越来越深入人心的今天,攻击者们已经开始将视线由PC转向了移动终端。移动终端成为滋生安全风险的新温床,容易成为黑客入侵渗透企业内网的跳板。However, due to the following situations: first, the mobile terminals of enterprise employees can access the mobile Internet or public/home networks at any time and anywhere, and the enterprise data in the mobile terminals will also be exposed to attacks from the Internet. security flaws. Second, there are both personal applications and enterprise applications and data on the same mobile terminal. Personal applications can access and store enterprise data at will, so there is a risk that enterprise data will be illegally uploaded, shared, and leaked by personal applications. Third, mobile terminals are easy to lose, and sensitive enterprise data stored in mobile terminals is also exposed to the risk of leakage. The loss of devices not only means the leakage and loss of sensitive business information, but the lost devices may also become a springboard for attacking corporate networks . Fourth, as the mobile Internet is becoming more and more popular today, attackers have begun to shift their attention from PCs to mobile terminals. Mobile terminals have become a new breeding ground for security risks, and can easily become a springboard for hackers to infiltrate corporate intranets.

因此,目前情况下,移动终端中对于企业数据和用户的私人数据混乱存放的方式,安全性差,容易造成企业数据外泄带来泄密风险,企业数据易被恶意程序获取。Therefore, under the current circumstances, the chaotic storage of enterprise data and user's private data in the mobile terminal has poor security, which easily leads to leakage risks of enterprise data, and enterprise data is easily obtained by malicious programs.

发明内容Contents of the invention

鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的适于企业数据的保护方法和相应地装置。In view of the above problems, the present invention is proposed to provide a protection method and corresponding device suitable for enterprise data that overcome the above problems or at least partially solve the above problems.

依据本发明的一个方面,提供一种企业数据的保护方法,包括:According to one aspect of the present invention, a method for protecting enterprise data is provided, including:

在移动终端中建立用于存储企业数据的工作区;其中,工作区的数据采用加密的方式保存;Establish a workspace for storing enterprise data in the mobile terminal; among them, the data in the workspace is stored in an encrypted manner;

对系统事件进行监测,并判断系统事件是否符合企业或用户设定的规则;Monitor system events and judge whether system events comply with the rules set by the enterprise or users;

当系统事件符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作。When a system event meets the rules set by the enterprise or the user, the operation corresponding to the event is executed in the work area.

可选地,企业设定的规则包括:与系统事件对应的联系人处于企业设定的企业通讯录中;Optionally, the rules set by the enterprise include: the contact person corresponding to the system event is in the enterprise address book set by the enterprise;

用户设定的规则包括:与系统事件对应的联系人处于用户个人导入到工作区的通讯录中。The rules set by the user include: the contacts corresponding to the system events are in the address book that the user personally imports into the workspace.

可选地,对系统事件进行监测,并判断是否符合企业或用户设定的规则,包括:Optionally, monitor system events and judge whether they comply with the rules set by the enterprise or users, including:

对系统事件进行监测,判断与系统事件对应的联系人是否为工作联系人;Monitor system events and determine whether the contact corresponding to the system event is a work contact;

其中,工作联系人为处于企业设定的企业通讯录中或处于用户个人导入到工作区的通讯录中的联系人。Wherein, the work contact is a contact in the corporate address book set by the enterprise or in the address book imported by the user into the workspace.

可选地,系统事件包括以下中的任意一项:Optionally, system events include any of the following:

接收短信、发送短信、拨打电话、接听电话、发生未接来电。Receive text messages, send text messages, make calls, answer calls, and miss calls.

可选地,当系统事件为拨打电话或接听电话时,对系统事件进行监测包括:Optionally, when the system event is making a call or receiving a call, monitoring the system event includes:

通过操作系统中指定的广播接收器进行事件接收,当接收到事件时,判定当前发生与所述事件对应的拨打电话事件或接听电话事件。The event is received through the designated broadcast receiver in the operating system, and when the event is received, it is determined that a call-making event or a call-receiving event corresponding to the event is currently occurring.

可选地,所述指定的广播接收器为PhoneStateReceiver广播接收器。Optionally, the designated broadcast receiver is a PhoneStateReceiver broadcast receiver.

可选地,当系统事件为接收短信时,当系统事件符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作,包括:Optionally, when the system event is receiving a text message, when the system event meets the rules set by the enterprise or the user, the operation corresponding to the event is performed in the work area, including:

当短信的发件人为工作联系人时,拦截该短信进入系统收件箱,并将该短信存储到工作区中。When the sender of the short message is a work contact, the short message is intercepted and entered into the system inbox, and the short message is stored in the work area.

可选地,当系统事件为发送短信时,当系统事件符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作,包括:Optionally, when the system event is sending a short message, when the system event meets the rules set by the enterprise or the user, the operation corresponding to the event is performed in the work area, including:

当短信的收件人为工作联系人时,拦截该短信的发送记录进入系统发件箱,并将该短信的发送记录存储到工作区中。When the recipient of the short message is a work contact, the sending record of the short message is intercepted and entered into the system outbox, and the sending record of the short message is stored in the work area.

可选地,当系统事件为拨打电话时,当系统事件符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作,包括:Optionally, when the system event is a phone call, when the system event meets the rules set by the enterprise or the user, the operation corresponding to the event is performed in the work area, including:

当电话为通过保存在工作区中的通讯录拨出时,将操作系统记录的该拨打记录删除,并记录在工作区中。When the call is dialed out through the address book stored in the work area, the call record recorded by the operating system is deleted and recorded in the work area.

可选地,在将操作系统记录的该拨打记录删除之前,还包括:Optionally, before deleting the dialing record recorded by the operating system, further include:

判断用户是否已设置在操作系统的通话记录中显示工作联系人的通话记录;Determine whether the user has set the call records of work contacts to be displayed in the call records of the operating system;

将操作系统记录的该拨打记录删除,包括:Delete the call records recorded by the operating system, including:

当未设置在操作系统的通话记录中显示工作联系人的通话记录时,将操作系统记录的该拨打记录删除。When the call record of the work contact is not set to be displayed in the call record of the operating system, the call record recorded by the operating system is deleted.

可选地,当系统事件为接听电话时,当系统事件符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作,包括:Optionally, when the system event is answering a call, when the system event conforms to the rules set by the enterprise or the user, the operation corresponding to the event is executed in the work area, including:

当电话的来电号码为工作联系号码时,将该次接听电话产生的通话记录在操作系统的通话记录中删除,并复制到工作区中。When the caller number of the phone is the work contact number, the call record generated by answering the call is deleted in the call record of the operating system and copied to the work area.

可选地,当接听电话的来电号码与操作系统的通讯录中的联系人号码重合时,在将该次接听电话产生的通话记录在操作系统的通话记录中删除之前,还包括:Optionally, when the caller number for answering the call coincides with the contact number in the address book of the operating system, before deleting the call record generated by answering the call in the call record of the operating system, further include:

提示用户是否将该次接听电话产生的通话记录在操作系统的通话记录中删除;Prompt the user whether to delete the call record generated by answering the call in the call record of the operating system;

将该次接听电话产生的通话记录在操作系统的通话记录中删除,包括:Delete the call record generated by answering the call in the call record of the operating system, including:

当用户选择删除时,将该次接听电话产生的通话记录在操作系统的通话记录中删除。When the user chooses to delete, the call record generated by answering the call is deleted in the call record of the operating system.

可选地,当系统事件为发生未接来电时,当系统事件符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作,包括:Optionally, when the system event is a missed call, when the system event meets the rules set by the enterprise or the user, the operation corresponding to the event is performed in the work area, including:

当未接来电的来电号码为工作联系号码时,将该条未接来电的记录在操作系统的通话记录中删除,并复制到工作区中。When the caller number of the missed call is the work contact number, delete the record of the missed call in the call log of the operating system, and copy it to the work area.

可选地,当未接来电的来电号码与操作系统的通讯录中的联系人号码重合时,在将该条未接来电的记录在操作系统的通话记录中删除之前,还包括:Optionally, when the caller number of the missed call coincides with the contact number in the address book of the operating system, before deleting the record of the missed call in the call log of the operating system, it also includes:

提示用户是否将该条未接来电的记录在操作系统的通话记录中删除;Prompt the user whether to delete the record of the missed call in the call log of the operating system;

将该条未接来电的记录在操作系统的通话记录中删除,包括:Delete the record of the missed call in the call log of the operating system, including:

当用户选择删除时,将该条未接来电的记录在操作系统的通话记录中删除。When the user chooses to delete, the record of the missed call is deleted in the call record of the operating system.

可选地,该方法还包括:Optionally, the method also includes:

当用户欲访问工作区中的数据时,提示用户输入解锁码;When the user wants to access the data in the workspace, prompt the user to enter the unlock code;

接收并验证用户输入的解锁码是否正确;Receive and verify whether the unlock code entered by the user is correct;

当用户输入的解锁码正确时,允许用户访问工作区中的数据。When the unlock code entered by the user is correct, the user is allowed to access the data in the workspace.

依据本发明的一个方面,还提供了一种企业数据的保护装置,包括:According to an aspect of the present invention, a protection device for enterprise data is also provided, including:

建立模块,配置为在移动终端中建立用于存储企业数据的工作区;其中,工作区的数据采用加密的方式保存;Establishing a module configured to establish a workspace for storing enterprise data in the mobile terminal; wherein, the data in the workspace is stored in an encrypted manner;

监测模块,配置为对系统事件进行监测,并判断系统事件是否符合企业或用户设定的规则;The monitoring module is configured to monitor system events and determine whether the system events comply with the rules set by the enterprise or the user;

执行模块,配置为当系统事件符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作。The execution module is configured to execute an operation corresponding to the event in the work area when the system event meets the rules set by the enterprise or the user.

可选地,企业设定的规则包括:与系统事件对应的联系人处于企业设定的企业通讯录中;Optionally, the rules set by the enterprise include: the contact person corresponding to the system event is in the enterprise address book set by the enterprise;

用户设定的规则包括:与系统事件对应的联系人处于用户个人导入到工作区的通讯录中。The rules set by the user include: the contacts corresponding to the system events are in the address book that the user personally imports into the workspace.

可选地,监测模块配置为对系统事件进行监测,判断与系统事件对应的联系人是否为工作联系人;Optionally, the monitoring module is configured to monitor system events, and determine whether the contact corresponding to the system event is a work contact;

其中,工作联系人为处于企业设定的企业通讯录中或处于用户个人导入到工作区的通讯录中的联系人。Wherein, the work contact is a contact in the corporate address book set by the enterprise or in the address book imported by the user into the workspace.

可选地,系统事件包括以下中的任意一项:Optionally, system events include any of the following:

接收短信、发送短信、拨打电话、接听电话、发生未接来电。Receive text messages, send text messages, make calls, answer calls, and miss calls.

可选地,当系统事件为拨打电话或接听电话时,所述监测模块被配置为按照如下方式对系统事件进行监测:Optionally, when the system event is making a call or receiving a call, the monitoring module is configured to monitor the system event in the following manner:

通过操作系统中指定的广播接收器进行事件接收,当接收到事件时,判定当前发生与所述事件对应的拨打电话事件或接听电话事件。The event is received through the designated broadcast receiver in the operating system, and when the event is received, it is determined that a call-making event or a call-receiving event corresponding to the event is currently occurring.

可选地,所述指定的广播接收器为PhoneStateReceiver广播接收器。Optionally, the designated broadcast receiver is a PhoneStateReceiver broadcast receiver.

可选地,当系统事件为接收短信时,执行模块配置为当短信的发件人为工作联系人时,拦截该短信进入系统收件箱,并将该短信存储到工作区中。Optionally, when the system event is receiving a short message, the execution module is configured to intercept the short message from entering the system inbox when the sender of the short message is a work contact, and store the short message in the work area.

可选地,当系统事件为发送短信时,执行模块配置为当短信的收件人为工作联系人时,拦截该短信的发送记录进入系统发件箱,并将该短信的发送记录存储到工作区中。Optionally, when the system event is sending a short message, the execution module is configured to intercept the sending record of the short message and enter the system outbox when the recipient of the short message is a work contact, and store the sending record of the short message in the work area middle.

可选地,当系统事件为拨打电话时,执行模块配置为当电话为通过保存在工作区中的通讯录拨出时,将操作系统记录的该拨打记录删除,并记录在工作区中。Optionally, when the system event is a call, the execution module is configured to delete the call record recorded by the operating system and record it in the work area when the call is made through the address book saved in the work area.

可选地,该装置还包括:Optionally, the device also includes:

判断模块,配置为判断用户是否已设置在操作系统的通话记录中显示工作联系人的通话记录;The judging module is configured to judge whether the user has set the call log of the work contact to be displayed in the call log of the operating system;

执行模块还配置为当未设置在操作系统的通话记录中显示工作联系人的通话记录时,将操作系统记录的该拨打记录删除。The execution module is further configured to delete the call record recorded by the operating system when the call record of the work contact is not set to be displayed in the call record of the operating system.

可选地,当系统事件为接听电话时,执行模块配置为当电话的来电号码为工作联系号码时,将该次接听电话产生的通话记录在操作系统的通话记录中删除,并复制到工作区中。Optionally, when the system event is answering a call, the execution module is configured to delete the call record generated by answering the call in the call record of the operating system and copy it to the work area when the caller number of the call is a work contact number middle.

可选地,当接听电话的来电号码与操作系统的通讯录中的联系人号码重合时,装置还包括:Optionally, when the caller number for answering the call coincides with the contact number in the address book of the operating system, the device further includes:

第一提示模块,配置为提示用户是否将该次接听电话产生的通话记录在操作系统的通话记录中删除;The first prompting module is configured to prompt the user whether to delete the call record generated by answering the call in the call record of the operating system;

执行模块还配置为当用户选择删除时,将该次接听电话产生的通话记录在操作系统的通话记录中删除。The execution module is further configured to delete the call record generated by answering the call in the call record of the operating system when the user chooses to delete.

可选地,当系统事件为发生未接来电时,执行模块配置为当未接来电的来电号码为工作联系号码时,将该条未接来电的记录在操作系统的通话记录中删除,并复制到工作区中。Optionally, when the system event is a missed call, the execution module is configured to delete the record of the missed call in the call log of the operating system when the incoming number of the missed call is a work contact number, and copy into the workspace.

可选地,当未接来电的来电号码与操作系统的通讯录中的联系人号码重合时,装置还包括:Optionally, when the caller number of the missed call coincides with the contact number in the address book of the operating system, the device further includes:

第二提示模块,配置为提示用户是否将该条未接来电的记录在操作系统的通话记录中删除;The second prompt module is configured to prompt the user whether to delete the record of the missed call in the call record of the operating system;

执行模块还配置为当用户选择删除时,将该条未接来电的记录在操作系统的通话记录中删除。The execution module is further configured to delete the record of the missed call in the call record of the operating system when the user chooses to delete.

可选地,该装置还包括:Optionally, the device also includes:

第三提示模块,配置为当用户欲访问工作区中的数据时,提示用户输入解锁码;The third prompt module is configured to prompt the user to input the unlock code when the user wants to access the data in the work area;

验证模块,配置为接收并验证用户输入的解锁码是否正确;A verification module configured to receive and verify whether the unlock code input by the user is correct;

访问模块,配置为当验证模块验证用户输入的解锁码正确时,允许用户访问工作区中的数据。An access module configured to allow the user to access data in the workspace when the verification module verifies that the unlock code entered by the user is correct.

本发明提供了一种企业数据的保护方法和装置,通过在移动终端中建立存储企业数据的工作区,并以加密方式保存,同时对系统事件进行监测,当符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作。可见,本发明可以避免由于恶意程序的攻击造成的企业数据的泄漏,即使移动终端丢失,由于工作区已加密,其他人也不能读取得到企业数据,保证了企业数据的安全性,并且能不被恶意程序所获取。The present invention provides a method and device for protecting enterprise data. By establishing a work area for storing enterprise data in a mobile terminal and storing it in an encrypted manner, and monitoring system events at the same time, when the rules set by the enterprise or users are met, , to perform the action corresponding to the event in the workspace. It can be seen that the present invention can avoid the leakage of enterprise data caused by the attack of malicious programs. Even if the mobile terminal is lost, because the work area is encrypted, other people cannot read and obtain the enterprise data, which ensures the security of the enterprise data, and can not obtained by malicious programs.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same parts. In the attached picture:

图1是根据本发明一个实施例的一种企业数据的保护方法流程图;Fig. 1 is a flow chart of a method for protecting enterprise data according to an embodiment of the present invention;

图2是根据本发明一个实施例的一种企业数据的具体保护方法流程图;Fig. 2 is a flow chart of a specific method for protecting enterprise data according to an embodiment of the present invention;

图3是根据本发明一个实施例的一种企业数据的保护装置结构框图;Fig. 3 is a structural block diagram of a protection device for enterprise data according to an embodiment of the present invention;

图4是根据本发明一个实施例的企业数据的保护装置的一种具体应用场景示意图。Fig. 4 is a schematic diagram of a specific application scenario of an enterprise data protection device according to an embodiment of the present invention.

具体实施方式detailed description

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应该被这里阐述的实施例所限制。相反,提供这些实施例是为了能够透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure can be thoroughly understood, and will fully convey the scope of this disclosure to those skilled in the art.

其中,在本发明和以下本实施例中,工作区和个人区可以定义如下:Among them, in the present invention and the following embodiment, the work area and the personal area can be defined as follows:

工作区和个人区的定义,在设备使用过程中,为了方便管理设备中的个人资料和工作资料,可以在设备中划出一部分磁盘存储空间,配置新的权限信息,可以用于存储和管理工作资料。而该设备剩下的磁盘存储空间,可以用于存储、管理个人资料或者其他资料,剩下的磁盘存储空间可以拥有初始的权限信息。相对而言,存储工作资料的磁盘存储空间可以称之为工作区,而存储个人资料的磁盘存储空间可以称之为个人区。The definition of work area and personal area. During the use of the device, in order to facilitate the management of personal data and work data in the device, a part of disk storage space can be set aside in the device, and new permission information can be configured, which can be used to store and manage work material. The remaining disk storage space of the device can be used to store and manage personal data or other data, and the remaining disk storage space can have initial permission information. Relatively speaking, the disk storage space for storing work data can be called a work area, and the disk storage space for storing personal data can be called a personal area.

此外,为方便操作,个人区和工作区可以具有不同的UI(User Interface,用户界面),但是可以共同使用某些系统文件。In addition, for the convenience of operation, the personal area and the work area may have different UIs (User Interface, user interface), but may share some system files.

用户大部分时间可能会涉及个人区的操作,而比较少的时间涉及工作区的操作。当涉及工作区的操作时,由于休息等原因需要主动对设备进行加密,或者由于设备太久没有操作信息而自动进行加密,在设备加密后再次解密会回到工作区,需要进行个人区的权限信息的解密,再进行工作区的权限信息的解密,才能进入工作区。如果此时用户并不想回到工作区则需要再退出工作区,操作十分繁琐,但是直接省去工作区权限信息的解密又会有安全隐患。Most of the time the user may be involved in the operation of the personal area, but less time is involved in the operation of the work area. When it comes to the operation of the work area, the device needs to be actively encrypted due to reasons such as rest, or the device is automatically encrypted because the device has not operated information for too long. After the device is encrypted and decrypted again, it will return to the work area, and the authority of the personal area is required. Decrypt the information, and then decrypt the permission information of the work area to enter the work area. If the user does not want to return to the workspace at this time, he needs to exit the workspace again. The operation is very cumbersome, but directly saving the decryption of the workspace permission information will have potential safety hazards.

实施例一Embodiment one

本发明实施例提供了一种企业数据的保护方法。该方法对企业数据的保护装置进行了改进。本实施例中企业数据的保护装置可以安装在用户的多种便携式设备上,例如游戏控制台,膝上型计算机,便携式媒体播放器,板式计算机,平板计算机,PDA,移动计算机,以及移动电话等等。An embodiment of the present invention provides a method for protecting enterprise data. The method improves the protection device of enterprise data. The enterprise data protection device in this embodiment can be installed on various portable devices of users, such as game consoles, laptop computers, portable media players, tablet computers, tablet computers, PDAs, mobile computers, and mobile phones, etc. Wait.

其中,用户的输入类型可以是滑动输入,手势输入,触摸输入,以及语音输入。Wherein, the user's input type may be sliding input, gesture input, touch input, and voice input.

图1是根据本发明一个实施例的一种企业数据的保护方法流程图,该方法包括步骤S102至S106。Fig. 1 is a flowchart of a method for protecting enterprise data according to an embodiment of the present invention, the method includes steps S102 to S106.

S102,在移动终端中建立用于存储企业数据的工作区;其中,工作区的数据采用加密的方式保存。S102. Establish a workspace for storing enterprise data in the mobile terminal; wherein, the data in the workspace is stored in an encrypted manner.

S104,对系统事件进行监测,并判断系统事件是否符合企业或用户设定的规则。S104, monitor the system event, and determine whether the system event complies with the rules set by the enterprise or the user.

S106,当系统事件符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作。S106, when the system event conforms to the rules set by the enterprise or the user, perform an operation corresponding to the event in the work area.

本发明实施例提供了一种企业数据的保护方法,通过在移动终端中建立存储企业数据的工作区,并以加密方式保存,同时对系统事件进行监测,当符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作。可见,本发明实施例提供的方法可以避免由于恶意程序的攻击造成的企业数据的泄漏,即使移动终端丢失,由于工作区已加密,其他人也不能读取得到企业数据,保证了企业数据的安全性,并且能不被恶意程序所获取。The embodiment of the present invention provides a method for protecting enterprise data. By establishing a work area for storing enterprise data in a mobile terminal and storing it in an encrypted manner, and monitoring system events at the same time, when the rules set by the enterprise or users are met, , to perform the action corresponding to the event in the workspace. It can be seen that the method provided by the embodiment of the present invention can avoid the leakage of enterprise data caused by the attack of malicious programs. Even if the mobile terminal is lost, because the work area is encrypted, other people cannot read the enterprise data, which ensures the security of the enterprise data , and can not be obtained by malicious programs.

实施例二Embodiment two

本实施例为上述实施例一的一种具体应用场景,通过本实施例,能够更加清楚、具体地阐述本发明所提供的方法。This embodiment is a specific application scenario of the first embodiment above. Through this embodiment, the method provided by the present invention can be described more clearly and specifically.

图2是根据本发明一个实施例的一种企业数据的具体保护方法流程图,该方法包括步骤S201至S212。Fig. 2 is a flow chart of a specific method for protecting enterprise data according to an embodiment of the present invention, the method includes steps S201 to S212.

本发明实施例要对移动终端中的企业数据进行保护,这就需要首先来执行步骤S201,在移动终端中建立一个用于存储企业数据的工作区。In order to protect the enterprise data in the mobile terminal in the embodiment of the present invention, it is necessary to firstly perform step S201 to establish a workspace for storing enterprise data in the mobile terminal.

本实施例中,建立该工作区的目的在于存储工作中所产生的数据,实现将工作区中的数据与个人区的数据进行隔离存储,以便对工作区中的数据进行管理。In this embodiment, the purpose of establishing the workspace is to store data generated during work, so as to separate and store the data in the workspace and the data in the personal area, so as to manage the data in the workspace.

可选地,为了保证工作区数据的安全,工作区的数据采用加密的方式进行保存,用户可以为工作区的数据设置解锁密码,当用户输入的解锁码正确时,才允许用户访问工作区中的数据。Optionally, in order to ensure data security in the workspace, the data in the workspace is stored in an encrypted manner. Users can set an unlock password for the data in the workspace. Only when the unlock code entered by the user is correct, the user is allowed to access the The data.

以在安卓系统中为例,在对工作区的数据设置解锁密码并隔离保存时,可以采取如下方式:Taking the Android system as an example, when setting an unlock password for the data in the workspace and storing it in isolation, the following methods can be adopted:

分别创建并记录用户的个人区和工作区的Launcher,在显示桌面前,提示用户输入密码。若用户进行工作区的登入合法,则启动工作区Launcher,给用户提供工作区的桌面,用户可以通过该桌面进入工作区中的应用;若用户未进行登录,则从选择默认的个人区Launcher启动,用户通过该默认的Launcher进入个人区的应用,以达到工作区和个人区的隔离。Create and record the launchers of the user's personal area and work area respectively, and prompt the user to enter the password before displaying the desktop. If the user's login to the workspace is legal, start the workspace Launcher to provide the user with a desktop in the workspace through which the user can enter the application in the workspace; if the user does not log in, start from the selected default personal space Launcher , the user enters the application in the personal area through the default Launcher to achieve isolation between the work area and the personal area.

其中,Launcher为卓系统中的启动器或者桌面,可以从桌面上的图标进入其他应用。Wherein, the Launcher is a launcher or a desktop in the Zhuo system, and other applications can be accessed from icons on the desktop.

接下来,执行步骤S202,对系统事件进行监听,并判断该系统事件是否符合预先企业或用户设定的规则。若符合,在工作区内执行与该事件对应的操作。若不符合,则在个人区执行与系统事件对应的操作。Next, step S202 is executed to monitor the system event and determine whether the system event complies with the pre-set rules of the enterprise or the user. If so, execute the operation corresponding to the event in the workspace. If not, perform operations corresponding to system events in the personal area.

可选地,本实施例中所涉及的系统事件可以包括接收短信、发送短信、拨打电话、接听电话、发生未接来电、收发邮件等移动终端所能够支持的事件。Optionally, the system events involved in this embodiment may include events supported by the mobile terminal, such as receiving short messages, sending short messages, making calls, answering calls, occurrence of missed calls, and sending and receiving emails.

本实施例中,为了能够更好地对工作区的数据进行管理,移动终端中可以预先设置两个不同的通讯录,其中,一个为用于工作的企业通讯录,另一个为用户的私人通讯录,通讯录中可以保存有联系人的电话,邮箱,即时通讯等联系方式。In this embodiment, in order to better manage the data in the work area, two different address books can be preset in the mobile terminal, wherein one is the corporate address book for work, and the other is the user's private communication In the address book, contact information such as telephone numbers, email addresses, and instant messaging of contacts can be saved.

其中,企业通讯录设置在上述工作区内,企业通讯录中存储有与该用户工作相关的联系人,例如,企业通讯录中包括的联系人可以是该用户所处部门的全部同事。Wherein, the enterprise address book is set in the above-mentioned work area, and contacts related to the user's work are stored in the enterprise address book. For example, the contacts included in the enterprise address book may be all colleagues in the department of the user.

另外,为了方便对企业通讯录进行管理和更新,该企业通讯录还可以与服务器端同步,即用户的企业通讯录则会定时根据服务器来进行同步更新,例如,企业通讯录管理人员新加入了联系人,则该联系人也会更新至用户的企业通讯录中。In addition, in order to facilitate the management and update of the corporate address book, the corporate address book can also be synchronized with the server, that is, the user's corporate address book will be updated synchronously with the server at regular intervals. Contact, the contact will also be updated to the user's corporate address book.

需要说明的是,处于相同部门的用户,其所面对的工作联系人往往是不同的,例如,用户A所属行政部,其与人事部的工作来往较为密切,用户B也所属行政部,而其与国际部的工作来往较为密切,而往往企业通讯录中只会存储有该部门所共同的工作联系人,不能完全涵盖每个同事所面对的工作联系人。It should be noted that users in the same department often have different work contacts. For example, user A belongs to the administration department and has close work contacts with the personnel department, and user B also belongs to the administration department. It has close work contacts with the International Department, and often only the common work contacts of the department are stored in the corporate directory, which cannot fully cover the work contacts faced by each colleague.

所以,本实施例为了满足不同用户的需求,在工作区中,除存储有上述企业通讯录之外,还可以存储用户个人导入的联系人,这些联系人可以为与该用户工作关系密切而又非本部门的联系人。Therefore, in order to meet the needs of different users in this embodiment, in addition to storing the above-mentioned corporate address book, contacts imported by the user can also be stored in the work area. Non-departmental contacts.

例如,用户A所属行政部,而其与人事部的工作来往较为密切,这时,用户A可以将人事部的所有联系人导入到工作区,此时,企业通讯录中的联系人与用户A个人导入到工作区中的联系人共同构成了用户A的工作联系人。还例如,用户B也所属行政部,而其与国际部的工作来往较为密切,这时,用户B则可以将国际部的所有联系人导入到工作区,此时,企业通讯录中的联系人与用户B个人导入到工作区中的联系人共同构成了用户B的工作联系人。For example, user A belongs to the administrative department, and has close work contacts with the human resources department. At this time, user A can import all contacts of the human resources department to the work area. At this time, the contacts in the enterprise address book and user A The personal contacts imported into the workspace together constitute user A's work contacts. For another example, user B also belongs to the administration department, and has close work contacts with the international department. At this time, user B can import all contacts of the international department to the work area. At this time, the contacts in the corporate directory The contacts imported into the workspace together with user B's personal contacts constitute user B's work contacts.

可见,个人导入联系人的设置能够使得不同的用户根据其自身的需求来设定工作区的联系人,方便用户操作,同时也保证了企业数据的安全。It can be seen that the setting of personal imported contacts can enable different users to set the contacts in the work area according to their own needs, which is convenient for users to operate and also ensures the security of enterprise data.

与上述描述的工作区通讯录不同的是,私人通讯录设置在非工作区,可以包括与用户个人相关的联系人,例如,亲人、朋友等。但是,工作区的联系人可以与用户私人通讯录中的联系人可以重合,例如,联系人A即为该用户的同事,也是该用户的朋友,则联系人A可以同时被保存在企业通讯录和私人通讯录中,以保证企业数据的安全。Different from the address book in the work area described above, the private address book is set in the non-work area and can include contacts related to the user, such as relatives and friends. However, the contacts in the work area can overlap with the contacts in the user's private address book. For example, contact A is both the user's colleague and the user's friend, then contact A can be saved in the corporate address book at the same time and private address book to ensure the safety of corporate data.

综上,步骤S202在判断该系统事件是否符合预先企业或用户设定的规则时,具体可以通过如下步骤进行判断:To sum up, in step S202, when judging whether the system event conforms to the rules set by the enterprise or the user in advance, the judgment can be made through the following steps:

对系统事件进行监测,判断与系统事件对应的联系人是否为工作联系人。当为工作联系人时,确认符合预设规则,此时,根据系统事件的类别在工作区执行相应的操作。当不为工作联系人时,确认不符合预设规则符合,此时,根据系统事件的类别在非工作区内执行相应的操作。Monitor system events and determine whether the contact corresponding to the system event is a work contact. When it is a work contact, confirm that it meets the preset rules. At this time, perform corresponding operations in the work area according to the category of the system event. When it is not a work contact, confirm that it does not meet the preset rules. At this time, perform corresponding operations in the non-work area according to the category of the system event.

其中,工作联系人为处于上述企业设定的企业通讯录中或处于上述用户个人导入到工作区的通讯录中的联系人。Wherein, the work contact is a contact in the enterprise address book set by the above-mentioned enterprise or in the address book imported into the work area by the above-mentioned user.

本实施例为了更加清楚详细地介绍本方法,现以系统事件为接收短信、发送短信、拨打电话、接听电话、发生未接来电为例来进行具体介绍。下面分别介绍上述五种系统事件发生时,本方法的具体执行过程。In order to introduce this method more clearly and in detail in this embodiment, the specific introduction will now be given by taking system events such as receiving a short message, sending a short message, making a call, answering a call, and occurrence of a missed call as examples. The following describes the specific execution process of the method when the above five system events occur.

第一种情况,系统事件为接收短信事件。In the first case, the system event is the event of receiving a short message.

当系统事件为接收短信事件时,步骤S202判断与接收短信事件对应的联系人是否为工作联系人。当是工作联系人时,执行步骤S203,当不是工作联系人,则执行步骤S204。When the system event is an event of receiving a short message, step S202 determines whether the contact corresponding to the event of receiving a short message is a work contact. When it is a work contact, execute step S203, and when it is not a work contact, execute step S204.

步骤S203,拦截该短信进入系统收件箱,并将该短信存储到工作区中。Step S203, intercepting the short message to enter the system inbox, and storing the short message in the work area.

本实施例中,工作区中保存的短信记录还可以上传到服务器中,便于管理员的管理操作。In this embodiment, the short message records saved in the work area can also be uploaded to the server, which is convenient for the administrator to manage.

步骤S204,将该短信存入系统收件箱。Step S204, saving the short message into the system inbox.

步骤S203拦截该短信进入系统收件箱,并将该短信存储到工作区中的操作,实现了公私数据的分离,避免了与工作相关的来信处于用户的系统收件箱中而被恶意查看,从而保证了企业数据的安全。Step S203 intercepts the short message entering the system inbox, and stores the short message in the work area, which realizes the separation of public and private data, and prevents work-related incoming letters from being maliciously viewed in the user's system inbox. Thereby ensuring the security of enterprise data.

第二种情况,系统事件为发送短信事件。In the second case, the system event is an event of sending a short message.

当系统事件为发送短信事件时,步骤S202判断与发送短信事件对应的联系人是否为工作联系人。当是工作联系人时,执行步骤S205,当不是工作联系人时,则执行步骤S206。When the system event is an event of sending a short message, step S202 determines whether the contact corresponding to the event of sending a short message is a work contact. When it is a work contact, execute step S205, and when it is not a work contact, execute step S206.

步骤S205,拦截该短信的发送记录进入系统发件箱,并将该短信的发送记录存储到工作区中。Step S205, intercepting the sending record of the short message into the system outbox, and storing the sending record of the short message in the work area.

本实施例中,工作区中保存的短信发送记录还可以上传到服务器中,便于管理员的管理操作。In this embodiment, the short message sending record saved in the work area can also be uploaded to the server, which is convenient for the administrator to manage.

步骤S206,将该短信的发送记录存储到系统收件箱。Step S206, storing the sending record of the short message in the system inbox.

步骤S205拦截该短信的发送记录进入系统发件箱,并将该短信的发送记录存储到工作区中的操作,实现了公私数据的分离,避免了与工作相关的发信处于用户的系统发件箱中而被恶意查看,从而保证了企业数据的安全。Step S205 intercepts the sending record of the short message into the system outbox, and stores the sending record of the short message in the work area, which realizes the separation of public and private data and avoids work-related sending in the user's system sending It is maliciously viewed in the box, thus ensuring the security of enterprise data.

第三种情况,系统事件为拨打电话事件。In the third case, the system event is a phone call event.

当系统事件为拨打电话事件时,步骤S202判断与拨打电话事件对应的联系人是否为工作联系人。当是工作联系人时,执行步骤S207,当不是工作联系人,则执行步骤S208。When the system event is a call event, step S202 determines whether the contact corresponding to the call event is a work contact. When it is a work contact, execute step S207, and when it is not a work contact, execute step S208.

步骤S207,将操作系统记录的该拨打记录删除,并记录在工作区中。Step S207, delete the call record recorded by the operating system, and record it in the work area.

本实施例中,工作区中保存的电话拨打记录还可以上传到服务器中,便于管理员的管理操作。In this embodiment, the phone call record saved in the work area can also be uploaded to the server, which is convenient for the administrator to manage.

步骤S208,在该拨打记录存储到操作系统的拨打记录中。Step S208, the call record is stored in the call record of the operating system.

需要说明的是,为了使得用户方便查看拨打记录,在步骤S207将操作系统记录的该拨打记录删除之前,还可以包括如下操作:It should be noted that, in order to make it convenient for the user to view the dialing record, before step S207, the operation of deleting the dialing record recorded by the operating system may also include the following operations:

判断用户是否已设置在操作系统的通话记录中显示工作联系人的通话记录。当未设置在操作系统的通话记录中显示工作联系人的通话记录时,通过步骤S207将操作系统记录的该拨打记录删除。当设置在操作系统的通话记录中显示工作联系人的通话记录时,则将该拨打记录显示在操作系统的通话记录中,并同时记录在工作区中。Determine whether the user has set to display the call records of work contacts in the call records of the operating system. When the call record of the work contact is not set to be displayed in the call record of the operating system, the call record recorded by the operating system is deleted through step S207. When it is set to display the call record of the work contact in the call record of the operating system, the call record is displayed in the call record of the operating system and recorded in the work area at the same time.

本实施例中,根据不同的需求,用户可以分别设置工作区中每个联系人的通话记录是否显示在系统通话记录中,也可以进行统一设置,即设置成全部通话记录显示在系统通话记录中或者全部通话记录不显示在系统通话记录中。In this embodiment, according to different needs, the user can separately set whether the call records of each contact in the work area are displayed in the system call records, or can perform a unified setting, that is, set all call records to be displayed in the system call records Or all call records are not displayed in the system call records.

第四种情况,系统事件为接听电话事件。In the fourth case, the system event is an event of answering a phone call.

当系统事件为接听电话事件时,步骤S202判断与接听电话事件对应的联系人是否为工作联系人。当是工作联系人时,执行步骤S209,当不是工作联系人,则执行步骤S210。When the system event is a call answering event, step S202 determines whether the contact corresponding to the call answering event is a work contact. When it is a work contact, execute step S209, and when it is not a work contact, execute step S210.

步骤S209,将该次接听电话产生的通话记录在操作系统的通话记录中删除,并复制到所述工作区中。Step S209, delete the call record generated by answering the call in the call record of the operating system, and copy it to the work area.

以安卓系统为例,对于当系统事件为拨打电话或接听电话时,对操作系统的通话记录的维护(拷贝和转移),可采用如下方式:Taking the Android system as an example, when the system event is making a call or answering a call, the maintenance (copy and transfer) of the call records of the operating system can be done in the following ways:

通过PhoneStateReceiver广播接收器接收拨打电话和接听电话的事件,当发生拨打电话或接听电话事件时,启动CallLogObserverService服务对通话记录进行维护,包括通话记录的拷贝和转移操作。The events of making and receiving calls are received through the PhoneStateReceiver broadcast receiver. When a call is made or received, the CallLogObserverService service is started to maintain the call records, including the copy and transfer operations of the call records.

在启动CallLogObserverService服务时,可通过操作系统提供的startService服务实现。When starting the CallLogObserverService service, it can be realized through the startService service provided by the operating system.

其中,PhoneStateReceiver广播接收器接收对于拨打电话和接听电话的事件可通过如下代码实现:Among them, the PhoneStateReceiver broadcast receiver can receive events for making and answering calls through the following code:

具体地,在启动CallLogObserverService服务之前,还需要获取对于操作系统通讯录的读写权限,可采用如下方式:Specifically, before starting the CallLogObserverService service, it is also necessary to obtain the read and write permissions for the operating system address book, and the following methods can be used:

在androidmanifest.xml中声明用到的权限:Declare the permissions used in androidmanifest.xml:

<uses-permission android:name="android.permission.READ_PHONE_STATE"/><uses-permission android:name="android.permission.READ_PHONE_STATE"/>

其中,在进行通话记录的拷贝时可通过CallLogObserverService服务实现:Among them, when copying call records, it can be realized through the CallLogObserverService service:

在CallLogObserverService服务启动的过程中注册了一个监听服务ContentObserver,以及处理变化的Handler;In the process of starting the CallLogObserverService service, a listening service ContentObserver is registered, and a Handler that handles changes;

监听服务ContentObserver用语监听系统的通话记录数据库的变化(其URI为android.provider.CallLog.Calls.CONTENT_URI),当有通话记录的变动时,调用该Handler的onChange方法,更新工作区的通话记录数据库。The monitoring service ContentObserver monitors the changes of the call record database of the system (its URI is android.provider.CallLog.Calls.CONTENT_URI). When there is a change in the call record, the onChange method of the Handler is called to update the call record database in the workspace.

本实施例中,工作区中保存的电话接听记录还可以上传到服务器中,便于管理员的管理操作In this embodiment, the telephone answering record saved in the work area can also be uploaded to the server, which is convenient for the administrator to manage and operate

步骤S210,将该接听记录存储在操作系统的通话记录中。Step S210, storing the answering record in the call record of the operating system.

需要说明的是,当接听电话的来电号码与操作系统的通讯录中的联系人号码重合时,在步骤S209将该次接听电话产生的通话记录在操作系统的通话记录中删除之前,还可以包括如下操作:It should be noted that, when the caller number for answering the call coincides with the contact number in the address book of the operating system, before step S209 deletes the call record generated by answering the call in the call record of the operating system, it may also include Do as follows:

提示用户是否将该次接听电话产生的通话记录在操作系统的通话记录中删除。当用户选择删除时,通过步骤S209将该次接听电话产生的通话记录在操作系统的通话记录中删除。当用户选择不删除时,则将该次接听记录存储在操作系统的通话记录中,并复制到工作区中。Prompt the user whether to delete the call record generated by this answering call in the call record of the operating system. When the user chooses to delete, the call record generated by answering the call is deleted in the call record of the operating system through step S209. When the user chooses not to delete, the answering record is stored in the call record of the operating system and copied to the work area.

上述提示用户操作能够根据用户的不同需求来实现保存或者删除通话记录,保证了工作区数据安全性的同时也便于用户操作。The above operation of prompting the user can save or delete the call record according to the different needs of the user, which ensures the security of the data in the work area and is also convenient for the user to operate.

第五种情况,系统事件为未接来电事件。In the fifth case, the system event is a missed call event.

当系统事件为未接来电事件时,步骤S202判断与未接来电事件对应的联系人是否为工作联系人。当是工作联系人时,执行步骤S211,当不是工作联系人,则执行步骤S212。When the system event is a missed call event, step S202 determines whether the contact corresponding to the missed call event is a work contact. When it is a work contact, execute step S211, and when it is not a work contact, execute step S212.

步骤S211,将该条未接来电的记录在操作系统的通话记录中删除,并复制到所述工作区中。Step S211, delete the record of the missed call in the call record of the operating system, and copy it to the work area.

本实施例中,工作区中保存的未接来电记录还可以上传到服务器中,便于管理员的管理操作In this embodiment, the missed call record saved in the work area can also be uploaded to the server, which is convenient for the administrator to manage.

步骤S212,将该条未接来电的记录存储在操作系统的通话记录中。Step S212, storing the record of the missed call in the call record of the operating system.

需要说明的是,当未接来电的来电号码与操作系统的通讯录中的联系人号码重合时,在步骤S211将该条未接来电的记录在操作系统的通话记录中删除之前,还可以包括如下:It should be noted that, when the caller number of the missed call coincides with the contact number in the address book of the operating system, before the record of the missed call is deleted in the call log of the operating system in step S211, it may also include as follows:

提示用户是否将该条未接来电的记录在操作系统的通话记录中删除。当用户选择删除时,通过步骤S211将该条未接来电的记录在操作系统的通话记录中删除。当用户选择不删除时,则将该次未接记录存储在操作系统的通话记录中,并复制到工作区中。Prompt the user whether to delete the missed call record in the call history of the operating system. When the user chooses to delete, the record of the missed call is deleted in the call record of the operating system through step S211. When the user chooses not to delete, the missed call record is stored in the call record of the operating system and copied to the work area.

需要说明的是,本实施上述所描述的五种系统事件只是示例性的,并不限制本发明实施例所保护的范围,其他移动终端能够支持的系统事件也在本发明实施例所保护的范围之内。It should be noted that the five system events described above in this implementation are only exemplary and do not limit the scope of protection of the embodiments of the present invention. System events that other mobile terminals can support are also within the scope of protection of the embodiments of the present invention. within.

本发明实施例提供了一种企业数据的保护方法,通过在移动终端中建立存储企业数据的工作区,并以加密方式保存,同时对系统事件进行监测,当符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作。可见,本发明实施例所提供的方法可以避免由于恶意程序的攻击造成的企业数据的泄漏,即使移动终端丢失,由于工作区已加密,其他人也不能读取得到企业数据,保证了企业数据的安全性,并且能不被恶意程序所获取。The embodiment of the present invention provides a method for protecting enterprise data. By establishing a work area for storing enterprise data in a mobile terminal and storing it in an encrypted manner, and monitoring system events at the same time, when the rules set by the enterprise or users are met, , to perform the action corresponding to the event in the workspace. It can be seen that the method provided by the embodiment of the present invention can avoid the leakage of enterprise data due to the attack of malicious programs. Even if the mobile terminal is lost, because the work area is encrypted, other people cannot read the enterprise data, ensuring the security of the enterprise data. Security, and can not be obtained by malicious programs.

实施例三Embodiment three

图3是本发明一个实施例提供的一种企业数据的保护装置结构框图,该装置300包括:FIG. 3 is a structural block diagram of an enterprise data protection device provided by an embodiment of the present invention. The device 300 includes:

建立模块310,配置为在移动终端中建立用于存储企业数据的工作区;其中,工作区的数据采用加密的方式保存;The establishment module 310 is configured to establish a work area for storing enterprise data in the mobile terminal; wherein, the data in the work area is stored in an encrypted manner;

监测模块320,配置为对系统事件进行监测,并判断系统事件是否符合企业或用户设定的规则;The monitoring module 320 is configured to monitor system events and determine whether the system events comply with the rules set by the enterprise or the user;

执行模块330,配置为当系统事件符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作。The execution module 330 is configured to execute an operation corresponding to the event in the workspace when the system event meets the rules set by the enterprise or the user.

可选地,企业设定的规则包括:与系统事件对应的联系人处于企业设定的企业通讯录中;Optionally, the rules set by the enterprise include: the contact person corresponding to the system event is in the enterprise address book set by the enterprise;

用户设定的规则包括:与系统事件对应的联系人处于用户个人导入到工作区的通讯录中。The rules set by the user include: the contacts corresponding to the system events are in the address book that the user personally imports into the workspace.

可选地,监测模块320配置为对系统事件进行监测,判断与系统事件对应的联系人是否为工作联系人;Optionally, the monitoring module 320 is configured to monitor system events, and determine whether the contact corresponding to the system event is a work contact;

其中,工作联系人为处于企业设定的企业通讯录中或处于用户个人导入到工作区的通讯录中的联系人。Wherein, the work contact is a contact in the corporate address book set by the enterprise or in the address book imported by the user into the workspace.

可选地,系统事件包括以下中的任意一项:Optionally, system events include any of the following:

接收短信、发送短信、拨打电话、接听电话、发生未接来电。Receive text messages, send text messages, make calls, answer calls, and miss calls.

可选地,当系统事件为拨打电话或接听电话时,监测模块320被配置为按照如下方式对系统事件进行监测:Optionally, when the system event is making a call or receiving a call, the monitoring module 320 is configured to monitor the system event in the following manner:

通过操作系统中指定的广播接收器进行事件接收,当接收到事件时,判定当前发生与事件对应的拨打电话事件或接听电话事件。The event is received through the broadcast receiver specified in the operating system, and when the event is received, it is determined that the event of making a call or receiving a call corresponding to the event is currently occurring.

可选地,指定的广播接收器为PhoneStateReceiver广播接收器。Optionally, the specified broadcast receiver is PhoneStateReceiver broadcast receiver.

可选地,当系统事件为接收短信时,执行模块330配置为当短信的发件人为工作联系人时,拦截该短信进入系统收件箱,并将该短信存储到工作区中。Optionally, when the system event is receiving a short message, the execution module 330 is configured to intercept the short message from entering the system inbox when the sender of the short message is a work contact, and store the short message in the work area.

可选地,当系统事件为发送短信时,执行模块330配置为当短信的收件人为工作联系人时,拦截该短信的发送记录进入系统发件箱,并将该短信的发送记录存储到工作区中。Optionally, when the system event is sending a short message, the execution module 330 is configured to intercept the sending record of the short message and enter the system outbox when the recipient of the short message is a work contact, and store the sending record of the short message in the work in the district.

可选地,当系统事件为拨打电话时,执行模块330配置为当电话为通过保存在工作区中的通讯录拨出时,将操作系统记录的该拨打记录删除,并记录在工作区中。Optionally, when the system event is a call, the execution module 330 is configured to delete the call record recorded by the operating system and record it in the work area when the call is made through the address book saved in the work area.

可选地,该装置300还包括:Optionally, the device 300 also includes:

判断模块340,配置为判断用户是否已设置在操作系统的通话记录中显示工作联系人的通话记录;The judging module 340 is configured to judge whether the user has set the call record of the work contact to be displayed in the call record of the operating system;

执行模块330还配置为当未设置在操作系统的通话记录中显示工作联系人的通话记录时,将操作系统记录的该拨打记录删除。The execution module 330 is further configured to delete the call record recorded by the operating system when the call record of the work contact is not set to be displayed in the call record of the operating system.

可选地,当系统事件为接听电话时,执行模块330配置为当电话的来电号码为工作联系号码时,将该次接听电话产生的通话记录在操作系统的通话记录中删除,并复制到工作区中。Optionally, when the system event is answering a call, the execution module 330 is configured to delete the call record generated by answering the call in the call record of the operating system and copy it to the work contact number when the caller number of the call is a work contact number. in the district.

可选地,当接听电话的来电号码与操作系统的通讯录中的联系人号码重合时,装置还包括:Optionally, when the caller number for answering the call coincides with the contact number in the address book of the operating system, the device further includes:

第一提示模块350,配置为提示用户是否将该次接听电话产生的通话记录在操作系统的通话记录中删除;The first prompt module 350 is configured to prompt the user whether to delete the call record generated by answering the call in the call record of the operating system;

执行模块330还配置为当用户选择删除时,将该次接听电话产生的通话记录在操作系统的通话记录中删除。The execution module 330 is further configured to delete the call record generated by answering the call in the call record of the operating system when the user chooses to delete.

可选地,当系统事件为发生未接来电时,执行模块330配置为当未接来电的来电号码为工作联系号码时,将该条未接来电的记录在操作系统的通话记录中删除,并复制到工作区中。Optionally, when the system event is a missed call, the execution module 330 is configured to delete the record of the missed call in the call log of the operating system when the incoming call number of the missed call is a work contact number, and copied into the workspace.

可选地,当未接来电的来电号码与操作系统的通讯录中的联系人号码重合时,装置还包括:Optionally, when the caller number of the missed call coincides with the contact number in the address book of the operating system, the device further includes:

第二提示模块360,配置为提示用户是否将该条未接来电的记录在操作系统的通话记录中删除;The second prompt module 360 is configured to prompt the user whether to delete the record of the missed call in the call record of the operating system;

执行模块330还配置为当用户选择删除时,将该条未接来电的记录在操作系统的通话记录中删除。The execution module 330 is further configured to delete the record of the missed call in the call record of the operating system when the user chooses to delete.

可选地,该装置300还包括:Optionally, the device 300 also includes:

第三提示模块370,配置为当用户欲访问工作区中的数据时,提示用户输入解锁码;The third prompt module 370 is configured to prompt the user to input the unlock code when the user wants to access the data in the work area;

验证模块380,配置为接收并验证用户输入的解锁码是否正确;The verification module 380 is configured to receive and verify whether the unlock code input by the user is correct;

访问模块390,配置为当验证模块380验证用户输入的解锁码正确时,允许用户访问工作区中的数据。The access module 390 is configured to allow the user to access the data in the work area when the verification module 380 verifies that the unlock code input by the user is correct.

如图4所示,为本发明实施例所提供的保护装置的一种具体应用场景,包括:As shown in Figure 4, a specific application scenario of the protection device provided by the embodiment of the present invention includes:

员工设备,该员工设备相当于本发明实施例所提供的企业数据的保护装置,在员工设备中可安装有企业私有系统,该企业私有系统包括:Employee equipment, the employee equipment is equivalent to the enterprise data protection device provided by the embodiment of the present invention, the enterprise private system can be installed in the employee equipment, and the enterprise private system includes:

邮件系统、业务系统和OA(Office Automation,办公自动化)系统。Mail system, business system and OA (Office Automation, office automation) system.

上述系统保存在员工设备中的工作区,用于以加密的方式保存企业数据,用户可通过输入密码对企业私有系统中的企业数据进行访问。The above-mentioned system is stored in the work area of the employee's device, and is used to store the enterprise data in an encrypted manner, and the user can access the enterprise data in the enterprise's private system by entering a password.

同时,员工设备与天机企业私有云服务相连,该云服务中保存有云安全服务,可将云安全服务的规则(例如企业设定的规则)推送到员工设备,员工设备需根据企业设定的规则进行工作区和个人区数据的隔离,以达到企业数据的安全。At the same time, employee devices are connected to Tianji Enterprise's private cloud service, which stores cloud security services, and can push the rules of cloud security services (such as rules set by the enterprise) to employee devices. The rules isolate the data in the work area and the personal area to achieve the security of enterprise data.

并且,企业管理员可以在天机企业私有云服务中设定云安全服务的规则。In addition, enterprise administrators can set the rules of cloud security services in Tianji Enterprise Private Cloud Service.

本发明实施例提供了一种企业数据的保护装置,通过在移动终端中建立存储企业数据的工作区,并以加密方式保存,同时对系统事件进行监测,当符合企业或用户设定的规则时,在工作区内执行与该事件对应的操作。可见,本发明实施例所提供的装置可以避免由于恶意程序的攻击造成的企业数据的泄漏,即使移动终端丢失,由于工作区已加密,其他人也不能读取得到企业数据,保证了企业数据的安全性,并且能不被恶意程序所获取。The embodiment of the present invention provides a protection device for enterprise data. By establishing a work area for storing enterprise data in a mobile terminal and storing it in an encrypted manner, and monitoring system events at the same time, when the rules set by the enterprise or users are met, , to perform the action corresponding to the event in the workspace. It can be seen that the device provided by the embodiment of the present invention can avoid the leakage of enterprise data caused by the attack of malicious programs. Even if the mobile terminal is lost, because the work area is encrypted, other people cannot read the enterprise data, ensuring the security of enterprise data. Security, and can not be obtained by malicious programs.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings), as well as any method or method so disclosed, may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the claims, any one of the claimed embodiments can be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的企业数据的保护装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in the enterprise data protection device according to the embodiment of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

至此,本领域技术人员应认识到,虽然本文已详尽示出和描述了本发明的多个示例性实施例,但是,在不脱离本发明精神和范围的情况下,仍可根据本发明公开的内容直接确定或推导出符合本发明原理的许多其他变型或修改。因此,本发明的范围应被理解和认定为覆盖了所有这些其他变型或修改。So far, those skilled in the art should appreciate that, although a number of exemplary embodiments of the present invention have been shown and described in detail herein, without departing from the spirit and scope of the present invention, the disclosed embodiments of the present invention can still be used. Many other variations or modifications consistent with the principles of the invention are directly identified or derived from the content. Accordingly, the scope of the present invention should be understood and deemed to cover all such other variations or modifications.

本实施例还提供了A1.一种企业数据的保护方法,包括:This embodiment also provides A1. A method for protecting enterprise data, including:

在移动终端中建立用于存储企业数据的工作区;其中,所述工作区的数据采用加密的方式保存;Establishing a workspace for storing enterprise data in the mobile terminal; wherein, the data in the workspace is stored in an encrypted manner;

对系统事件进行监测,并判断所述系统事件是否符合企业或用户设定的规则;Monitor system events and judge whether the system events comply with the rules set by the enterprise or users;

当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作。When the system event conforms to the rule set by the enterprise or the user, the operation corresponding to the event is executed in the work area.

A2.根A1所述的方法,其中,所述企业设定的规则包括:与所述系统事件对应的联系人处于所述企业设定的企业通讯录中;A2. The method described in A1, wherein the rules set by the enterprise include: the contact person corresponding to the system event is in the enterprise address book set by the enterprise;

所述用户设定的规则包括:与所述系统事件对应的联系人处于用户个人导入到工作区的通讯录中。The rule set by the user includes: the contact person corresponding to the system event is in the address book imported by the user into the workspace.

A3.根据A2所述的方法,其中,所述对系统事件进行监测,并判断是否符合企业或用户设定的规则,包括:A3. The method according to A2, wherein the monitoring of the system event and judging whether it complies with the rules set by the enterprise or the user include:

对系统事件进行监测,判断与所述系统事件对应的联系人是否为工作联系人;Monitoring the system event, and judging whether the contact corresponding to the system event is a work contact;

其中,所述工作联系人为处于所述企业设定的企业通讯录中或处于用户个人导入到工作区的通讯录中的联系人。Wherein, the work contacts are contacts in the corporate address book set by the company or in the address book imported into the work area by the user.

A4.根据A3所述的方法,其中,所述系统事件包括以下中的任意一项:A4. The method according to A3, wherein the system event includes any one of the following:

接收短信、发送短信、拨打电话、接听电话、发生未接来电。Receive text messages, send text messages, make calls, answer calls, and miss calls.

A5.根据A4所述的方法,其中,当系统事件为拨打电话或接听电话时,所述对系统事件进行监测包括:A5. The method according to A4, wherein, when the system event is making a call or receiving a call, the monitoring of the system event includes:

通过操作系统中指定的广播接收器进行事件接收,当接收到事件时,判定当前发生与所述事件对应的拨打电话事件或接听电话事件。The event is received through the designated broadcast receiver in the operating system, and when the event is received, it is determined that a call-making event or a call-receiving event corresponding to the event is currently occurring.

A6.根据A5所述的方法,其中,所述指定的广播接收器为PhoneStateReceiver广播接收器。A6. The method according to A5, wherein the designated broadcast receiver is a PhoneStateReceiver broadcast receiver.

A7.根据A4所述的方法,其中,当所述系统事件为接收短信时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:A7. The method according to A4, wherein, when the system event is receiving a short message, when the system event meets the rules set by the enterprise or the user, execute the corresponding event in the work area operations, including:

当所述短信的发件人为工作联系人时,拦截该短信进入系统收件箱,并将该短信存储到所述工作区中。When the sender of the short message is a work contact, the short message is intercepted and entered into the system inbox, and the short message is stored in the work area.

A8.根据A4所述的方法,其中,当所述系统事件为发送短信时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:A8. The method according to A4, wherein, when the system event is sending a short message, when the system event conforms to the rules set by the enterprise or the user, execute the corresponding event in the work area operations, including:

当所述短信的收件人为工作联系人时,拦截该短信的发送记录进入系统发件箱,并将该短信的发送记录存储到所述工作区中。When the recipient of the short message is a work contact, the sending record of the short message is intercepted and entered into the system outbox, and the sending record of the short message is stored in the work area.

A9.根据A4所述的方法,其中,当所述系统事件为拨打电话时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:A9. The method according to A4, wherein, when the system event is a phone call, when the system event conforms to the rules set by the enterprise or the user, execute the corresponding event in the work area operations, including:

当所述电话为通过保存在所述工作区中的通讯录拨出时,将操作系统记录的该拨打记录删除,并记录在所述工作区中。When the call is dialed out through the address book stored in the work area, the dialing record recorded by the operating system is deleted and recorded in the work area.

A10.根据A9所述的方法,其中,在所述将操作系统记录的该拨打记录删除之前,还包括:A10. The method according to A9, wherein, before deleting the dialing record recorded by the operating system, it also includes:

判断用户是否已设置在操作系统的通话记录中显示工作联系人的通话记录;Determine whether the user has set the call records of work contacts to be displayed in the call records of the operating system;

所述将操作系统记录的该拨打记录删除,包括:Said deleting the dialing record recorded by the operating system includes:

当未设置在操作系统的通话记录中显示工作联系人的通话记录时,将操作系统记录的该拨打记录删除。When the call record of the work contact is not set to be displayed in the call record of the operating system, the call record recorded by the operating system is deleted.

A11.根据A4所述的方法,其中,当所述系统事件为接听电话时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:A11. The method according to A4, wherein, when the system event is answering a phone call, when the system event conforms to the rules set by the enterprise or the user, execute the corresponding event in the work area operations, including:

当所述电话的来电号码为工作联系号码时,将该次接听电话产生的通话记录在操作系统的通话记录中删除,并复制到所述工作区中。When the caller number of the phone is a work contact number, the call record generated by answering the call is deleted in the call record of the operating system and copied to the work area.

A12.根据A11所述的方法,其中,当接听电话的来电号码与操作系统的通讯录中的联系人号码重合时,在所述将该次接听电话产生的通话记录在操作系统的通话记录中删除之前,还包括:A12. The method according to A11, wherein, when the caller number of the answering call coincides with the contact number in the address book of the operating system, the call generated by answering the call is recorded in the call record of the operating system Before removing, also include:

提示用户是否将该次接听电话产生的通话记录在操作系统的通话记录中删除;Prompt the user whether to delete the call record generated by answering the call in the call record of the operating system;

所述将该次接听电话产生的通话记录在操作系统的通话记录中删除,包括:The call record generated by answering the call is deleted in the call record of the operating system, including:

当用户选择删除时,将该次接听电话产生的通话记录在操作系统的通话记录中删除。When the user chooses to delete, the call record generated by answering the call is deleted in the call record of the operating system.

A13.根据A4所述的方法,其中,当所述系统事件为发生未接来电时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:A13. The method according to A4, wherein, when the system event is a missed call, when the system event conforms to the rules set by the enterprise or the user, the event related to the event is executed in the work area Corresponding operations include:

当所述未接来电的来电号码为工作联系号码时,将该条未接来电的记录在操作系统的通话记录中删除,并复制到所述工作区中。When the incoming call number of the missed call is a work contact number, delete the missed call record in the call log of the operating system, and copy it to the work area.

A14.根据A13所述的方法,其中,当未接来电的来电号码与操作系统的通讯录中的联系人号码重合时,在所述将该条未接来电的记录在操作系统的通话记录中删除之前,还包括:A14. The method according to A13, wherein, when the incoming number of the missed call coincides with the contact number in the address book of the operating system, the record of the missed call is recorded in the call log of the operating system Before removing, also include:

提示用户是否将该条未接来电的记录在操作系统的通话记录中删除;Prompt the user whether to delete the record of the missed call in the call log of the operating system;

所述将该条未接来电的记录在操作系统的通话记录中删除,包括:The record of the missed call is deleted in the call record of the operating system, including:

当用户选择删除时,将该条未接来电的记录在操作系统的通话记录中删除。When the user chooses to delete, the record of the missed call is deleted in the call record of the operating system.

A15.根据A1至A14任一项所述的方法,还包括:A15. The method according to any one of A1 to A14, further comprising:

当用户欲访问所述工作区中的数据时,提示用户输入解锁码;prompting the user to input an unlock code when the user wants to access data in the workspace;

接收并验证所述用户输入的解锁码是否正确;receiving and verifying whether the unlock code input by the user is correct;

当用户输入的解锁码正确时,允许用户访问所述工作区中的数据。When the unlock code input by the user is correct, the user is allowed to access the data in the work area.

本实施例还提供B16.一种企业数据的保护装置,包括:The present embodiment also provides B16. A protection device for enterprise data, comprising:

建立模块,配置为在移动终端中建立用于存储企业数据的工作区;其中,所述工作区的数据采用加密的方式保存;An establishment module configured to establish a workspace for storing enterprise data in the mobile terminal; wherein, the data in the workspace is stored in an encrypted manner;

监测模块,配置为对系统事件进行监测,并判断所述系统事件是否符合企业或用户设定的规则;A monitoring module configured to monitor system events and determine whether the system events comply with rules set by the enterprise or users;

执行模块,配置为当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作。The execution module is configured to execute an operation corresponding to the event in the work area when the system event conforms to the rules set by the enterprise or the user.

B17.根据B16所述的装置,其中,所述企业设定的规则包括:与所述系统事件对应的联系人处于所述企业设定的企业通讯录中;B17. The device according to B16, wherein the rules set by the enterprise include: the contact person corresponding to the system event is in the enterprise address book set by the enterprise;

所述用户设定的规则包括:与所述系统事件对应的联系人处于用户个人导入到工作区的通讯录中。The rule set by the user includes: the contact person corresponding to the system event is in the address book imported by the user into the workspace.

B18.根据B17所述的装置,其中,所述监测模块配置为对系统事件进行监测,判断与所述系统事件对应的联系人是否为工作联系人;B18. The device according to B17, wherein the monitoring module is configured to monitor system events and determine whether the contact corresponding to the system event is a work contact;

其中,所述工作联系人为处于所述企业设定的企业通讯录中或处于用户个人导入到工作区的通讯录中的联系人。Wherein, the work contacts are contacts in the corporate address book set by the company or in the address book imported into the work area by the user.

B19.根据B18所述的装置,其中,所述系统事件包括以下中的任意一项:B19. The device according to B18, wherein the system event includes any one of the following:

接收短信、发送短信、拨打电话、接听电话、发生未接来电。Receive text messages, send text messages, make calls, answer calls, and miss calls.

B20.根据B19所述的装置,其中,当系统事件为拨打电话或接听电话时,所述监测模块被配置为按照如下方式对系统事件进行监测:B20. The device according to B19, wherein, when the system event is making a call or receiving a call, the monitoring module is configured to monitor the system event in the following manner:

通过操作系统中指定的广播接收器进行事件接收,当接收到事件时,判定当前发生与所述事件对应的拨打电话事件或接听电话事件。The event is received through the designated broadcast receiver in the operating system, and when the event is received, it is determined that a call-making event or a call-receiving event corresponding to the event is currently occurring.

B21.根据B20所述的装置,其中,所述指定的广播接收器为PhoneStateReceiver广播接收器。B21. The device according to B20, wherein the designated broadcast receiver is a PhoneStateReceiver broadcast receiver.

B22.根据B19所述的装置,其中,当所述系统事件为接收短信时,所述执行模块配置为当所述短信的发件人为工作联系人时,拦截该短信进入系统收件箱,并将该短信存储到所述工作区中。B22. The device according to B19, wherein, when the system event is receiving a short message, the execution module is configured to intercept the short message and enter the system inbox when the sender of the short message is a work contact, and Store the text message in said workspace.

B23.根据B19所述的装置,其中,当所述系统事件为发送短信时,所述执行模块配置为当所述短信的收件人为工作联系人时,拦截该短信的发送记录进入系统发件箱,并将该短信的发送记录存储到所述工作区中。B23. The device according to B19, wherein, when the system event is sending a short message, the execution module is configured to intercept the sending record of the short message and enter the system to send it when the recipient of the short message is a work contact box, and store the sending record of the short message in the work area.

B24.根据B19所述的装置,其中,当所述系统事件为拨打电话时,所述执行模块配置为当所述电话为通过保存在所述工作区中的通讯录拨出时,将操作系统记录的该拨打记录删除,并记录在所述工作区中。B24. The device according to B19, wherein, when the system event is a call, the execution module is configured to, when the call is dialed out through the address book stored in the work area, the operating system The recorded call record is deleted and recorded in the work area.

B25.根据B24所述的装置,其中,所述装置还包括:B25. The device according to B24, wherein the device further comprises:

判断模块,配置为判断用户是否已设置在操作系统的通话记录中显示工作联系人的通话记录;The judging module is configured to judge whether the user has set the call log of the work contact to be displayed in the call log of the operating system;

所述执行模块还配置为当未设置在操作系统的通话记录中显示工作联系人的通话记录时,将操作系统记录的该拨打记录删除。The execution module is further configured to delete the call record recorded by the operating system when the call record of the work contact is not set to be displayed in the call record of the operating system.

B26.根据B19所述的装置,其中,当所述系统事件为接听电话时,所述执行模块配置为当所述电话的来电号码为工作联系号码时,将该次接听电话产生的通话记录在操作系统的通话记录中删除,并复制到所述工作区中。B26. The device according to B19, wherein, when the system event is answering a call, the execution module is configured to record the call generated by answering the call in the Deleted from the call history of the operating system and copied to the workspace.

B27.根据B26所述的装置,其中,当接听电话的来电号码与操作系统的通讯录中的联系人号码重合时,所述装置还包括:B27. The device according to B26, wherein, when the caller number for answering the call coincides with the contact number in the address book of the operating system, the device also includes:

第一提示模块,配置为提示用户是否将该次接听电话产生的通话记录在操作系统的通话记录中删除;The first prompting module is configured to prompt the user whether to delete the call record generated by answering the call in the call record of the operating system;

所述执行模块还配置为当用户选择删除时,将该次接听电话产生的通话记录在操作系统的通话记录中删除。The execution module is further configured to delete the call record generated by answering the call in the call record of the operating system when the user chooses to delete.

B28.根据B19所述的装置,其中,当所述系统事件为发生未接来电时,所述执行模块配置为当所述未接来电的来电号码为工作联系号码时,将该条未接来电的记录在操作系统的通话记录中删除,并复制到所述工作区中。B28. The device according to B19, wherein, when the system event is a missed call, the execution module is configured to, when the incoming number of the missed call is a work contact number, send the missed call The record is deleted in the call log of the operating system and copied to the said workspace.

B29.根据B28所述的装置,其中,当未接来电的来电号码与操作系统的通讯录中的联系人号码重合时,所述装置还包括:B29. The device according to B28, wherein, when the caller number of the missed call coincides with the contact number in the address book of the operating system, the device also includes:

第二提示模块,配置为提示用户是否将该条未接来电的记录在操作系统的通话记录中删除;The second prompt module is configured to prompt the user whether to delete the record of the missed call in the call record of the operating system;

所述执行模块还配置为当用户选择删除时,将该条未接来电的记录在操作系统的通话记录中删除。The execution module is further configured to delete the record of the missed call in the call record of the operating system when the user chooses to delete.

B30.根据B16至B29任一项所述的装置,其中,所述装置还包括:B30. The device according to any one of B16 to B29, wherein the device further comprises:

第三提示模块,配置为当用户欲访问所述工作区中的数据时,提示用户输入解锁码;The third prompt module is configured to prompt the user to input the unlock code when the user wants to access the data in the work area;

验证模块,配置为接收并验证所述用户输入的解锁码是否正确;A verification module configured to receive and verify whether the unlock code input by the user is correct;

访问模块,配置为当所述验证模块验证用户输入的解锁码正确时,允许用户访问所述工作区中的数据。The access module is configured to allow the user to access the data in the work area when the verification module verifies that the unlock code input by the user is correct.

Claims (26)

1.一种企业数据的保护方法,包括:1. A method for protecting enterprise data, comprising: 在移动终端中建立用于存储企业数据的工作区;其中,所述工作区的数据采用加密的方式保存;Establishing a workspace for storing enterprise data in the mobile terminal; wherein, the data in the workspace is stored in an encrypted manner; 对系统事件进行监测,并判断所述系统事件是否符合企业或用户设定的规则;其中,企业设定的规则包括与所述系统事件对应的联系人处于所述企业设定的企业通讯录中;用户设定的规则包括与所述系统事件对应的联系人处于用户个人导入到工作区的通讯录中;Monitor system events and judge whether the system events comply with the rules set by the enterprise or the user; wherein, the rules set by the enterprise include that the contact person corresponding to the system event is in the enterprise address book set by the enterprise ; The rules set by the user include that the contact corresponding to the system event is in the address book that the user personally imports into the workspace; 当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作;When the system event conforms to the rules set by the enterprise or the user, perform an operation corresponding to the event in the work area; 其中,所述对系统事件进行监测,并判断是否符合企业或用户设定的规则,包括:对系统事件进行监测,判断与所述系统事件对应的联系人是否为工作联系人;所述工作联系人为处于所述企业设定的企业通讯录中或处于用户个人导入到工作区的通讯录中的联系人。Wherein, the monitoring of system events and judging whether they conform to the rules set by the enterprise or users include: monitoring the system events and judging whether the contact person corresponding to the system event is a work contact; A person is a contact in the enterprise address book set by the enterprise or in the address book imported into the workspace by the user. 2.根据权利要求1所述的方法,其中,所述系统事件包括以下中的任意一项:2. The method according to claim 1, wherein the system event comprises any one of the following: 接收短信、发送短信、拨打电话、接听电话、发生未接来电。Receive text messages, send text messages, make calls, answer calls, and miss calls. 3.根据权利要求2所述的方法,其中,当系统事件为拨打电话或接听电话时,所述对系统事件进行监测包括:3. The method according to claim 2, wherein, when the system event is making a call or receiving a call, said monitoring the system event comprises: 通过操作系统中指定的广播接收器进行事件接收,当接收到事件时,判定当前发生与所述事件对应的拨打电话事件或接听电话事件。The event is received through the designated broadcast receiver in the operating system, and when the event is received, it is determined that a call-making event or a call-receiving event corresponding to the event is currently occurring. 4.根据权利要求3所述的方法,其中,所述指定的广播接收器为PhoneStateReceiver广播接收器。4. The method according to claim 3, wherein the designated broadcast receiver is a PhoneStateReceiver broadcast receiver. 5.根据权利要求2所述的方法,其中,当所述系统事件为接收短信时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:5. The method according to claim 2, wherein, when the system event is receiving a short message, when the system event meets the rules set by the enterprise or the user, the event related to the event is executed in the work area. Corresponding operations include: 当所述短信的发件人为工作联系人时,拦截该短信进入系统收件箱,并将该短信存储到所述工作区中。When the sender of the short message is a work contact, the short message is intercepted and entered into the system inbox, and the short message is stored in the work area. 6.根据权利要求2所述的方法,其中,当所述系统事件为发送短信时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:6. The method according to claim 2, wherein, when the system event is sending a short message, when the system event meets the rules set by the enterprise or the user, the event related to the event is executed in the work area. Corresponding operations include: 当所述短信的收件人为工作联系人时,拦截该短信的发送记录进入系统发件箱,并将该短信的发送记录存储到所述工作区中。When the recipient of the short message is a work contact, the sending record of the short message is intercepted and entered into the system outbox, and the sending record of the short message is stored in the work area. 7.根据权利要求2所述的方法,其中,当所述系统事件为拨打电话时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:7. The method according to claim 2, wherein, when the system event is a phone call, when the system event conforms to the rules set by the enterprise or the user, the event related to the event is executed in the work area Corresponding operations include: 当所述电话为通过保存在所述工作区中的通讯录拨出时,将操作系统记录的该拨打记录删除,并记录在所述工作区中。When the call is dialed out through the address book stored in the work area, the dialing record recorded by the operating system is deleted and recorded in the work area. 8.根据权利要求7所述的方法,其中,在所述将操作系统记录的该拨打记录删除之前,还包括:8. The method according to claim 7, wherein, before deleting the dialing record recorded by the operating system, further comprising: 判断用户是否已设置在操作系统的通话记录中显示工作联系人的通话记录;Determine whether the user has set the call records of work contacts to be displayed in the call records of the operating system; 所述将操作系统记录的该拨打记录删除,包括:Said deleting the dialing record recorded by the operating system includes: 当未设置在操作系统的通话记录中显示工作联系人的通话记录时,将操作系统记录的该拨打记录删除。When the call record of the work contact is not set to be displayed in the call record of the operating system, the call record recorded by the operating system is deleted. 9.根据权利要求2所述的方法,其中,当所述系统事件为接听电话时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:9. The method according to claim 2, wherein, when the system event is answering a phone call, when the system event meets the rules set by the enterprise or the user, the event related to the event is executed in the work area Corresponding operations include: 当所述电话的来电号码为工作联系号码时,将该次接听电话产生的通话记录在操作系统的通话记录中删除,并复制到所述工作区中。When the caller number of the phone is a work contact number, the call record generated by answering the call is deleted in the call record of the operating system and copied to the work area. 10.根据权利要求9所述的方法,其中,当接听电话的来电号码与操作系统的通讯录中的联系人号码重合时,在所述将该次接听电话产生的通话记录在操作系统的通话记录中删除之前,还包括:10. The method according to claim 9, wherein, when the caller number of the answering call coincides with the contact number in the address book of the operating system, the call generated by the answering call is recorded in the call of the operating system Before the records are deleted, also include: 提示用户是否将该次接听电话产生的通话记录在操作系统的通话记录中删除;Prompt the user whether to delete the call record generated by answering the call in the call record of the operating system; 所述将该次接听电话产生的通话记录在操作系统的通话记录中删除,包括:The call record generated by answering the call is deleted in the call record of the operating system, including: 当用户选择删除时,将该次接听电话产生的通话记录在操作系统的通话记录中删除。When the user chooses to delete, the call record generated by answering the call is deleted in the call record of the operating system. 11.根据权利要求2所述的方法,其中,当所述系统事件为发生未接来电时,当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作,包括:11. The method according to claim 2, wherein, when the system event is a missed call, when the system event meets the rules set by the enterprise or the user, an The actions corresponding to the event include: 当所述未接来电的来电号码为工作联系号码时,将该条未接来电的记录在操作系统的通话记录中删除,并复制到所述工作区中。When the incoming call number of the missed call is a work contact number, delete the missed call record in the call log of the operating system, and copy it to the work area. 12.根据权利要求11所述的方法,其中,当未接来电的来电号码与操作系统的通讯录中的联系人号码重合时,在所述将该条未接来电的记录在操作系统的通话记录中删除之前,还包括:12. The method according to claim 11, wherein, when the caller number of the missed call coincides with the contact number in the address book of the operating system, the record of the missed call is recorded in the call of the operating system. Before the records are deleted, also include: 提示用户是否将该条未接来电的记录在操作系统的通话记录中删除;Prompt the user whether to delete the record of the missed call in the call log of the operating system; 所述将该条未接来电的记录在操作系统的通话记录中删除,包括:The record of the missed call is deleted in the call record of the operating system, including: 当用户选择删除时,将该条未接来电的记录在操作系统的通话记录中删除。When the user chooses to delete, the record of the missed call is deleted in the call record of the operating system. 13.根据权利要求1至12任一项所述的方法,还包括:13. The method according to any one of claims 1 to 12, further comprising: 当用户欲访问所述工作区中的数据时,提示用户输入解锁码;prompting the user to input an unlock code when the user wants to access data in the workspace; 接收并验证所述用户输入的解锁码是否正确;receiving and verifying whether the unlock code input by the user is correct; 当用户输入的解锁码正确时,允许用户访问所述工作区中的数据。When the unlock code input by the user is correct, the user is allowed to access the data in the work area. 14.一种企业数据的保护装置,包括:14. A protection device for enterprise data, comprising: 建立模块,配置为在移动终端中建立用于存储企业数据的工作区;其中,所述工作区的数据采用加密的方式保存;An establishment module configured to establish a workspace for storing enterprise data in the mobile terminal; wherein, the data in the workspace is stored in an encrypted manner; 监测模块,配置为对系统事件进行监测,并判断所述系统事件是否符合企业或用户设定的规则;其中,企业设定的规则包括与所述系统事件对应的联系人处于所述企业设定的企业通讯录中;用户设定的规则包括与所述系统事件对应的联系人处于用户个人导入到工作区的通讯录中;The monitoring module is configured to monitor system events and determine whether the system events comply with the rules set by the enterprise or the user; wherein, the rules set by the enterprise include that the contact person corresponding to the system event is in the In the corporate address book of the user; the rules set by the user include that the contact corresponding to the system event is in the address book imported by the user into the workspace; 执行模块,配置为当所述系统事件符合所述企业或用户设定的规则时,在所述工作区内执行与该事件对应的操作;An execution module configured to execute an operation corresponding to the event in the workspace when the system event conforms to the rules set by the enterprise or the user; 其中,所述监测模块进一步配置为对系统事件进行监测,判断与所述系统事件对应的联系人是否为工作联系人;所述工作联系人为处于所述企业设定的企业通讯录中或处于用户个人导入到工作区的通讯录中的联系人。Wherein, the monitoring module is further configured to monitor system events, and determine whether the contact corresponding to the system event is a work contact; Contacts in the address book that the individual imports into the workspace. 15.根据权利要求14所述的装置,其中,所述系统事件包括以下中的任意一项:15. The apparatus according to claim 14, wherein the system event comprises any one of the following: 接收短信、发送短信、拨打电话、接听电话、发生未接来电。Receive text messages, send text messages, make calls, answer calls, and miss calls. 16.根据权利要求15所述的装置,其中,当系统事件为拨打电话或接听电话时,所述监测模块被配置为按照如下方式对系统事件进行监测:16. The device according to claim 15, wherein, when the system event is making a call or receiving a call, the monitoring module is configured to monitor the system event in the following manner: 通过操作系统中指定的广播接收器进行事件接收,当接收到事件时,判定当前发生与所述事件对应的拨打电话事件或接听电话事件。The event is received through the designated broadcast receiver in the operating system, and when the event is received, it is determined that a call-making event or a call-receiving event corresponding to the event is currently occurring. 17.根据权利要求16所述的装置,其中,所述指定的广播接收器为PhoneStateReceiver广播接收器。17. The apparatus of claim 16, wherein the designated broadcast receiver is a PhoneStateReceiver broadcast receiver. 18.根据权利要求15所述的装置,其中,当所述系统事件为接收短信时,所述执行模块配置为当所述短信的发件人为工作联系人时,拦截该短信进入系统收件箱,并将该短信存储到所述工作区中。18. The device according to claim 15, wherein, when the system event is receiving a short message, the execution module is configured to intercept the short message and enter the system inbox when the sender of the short message is a work contact , and store the text message in the workspace. 19.根据权利要求15所述的装置,其中,当所述系统事件为发送短信时,所述执行模块配置为当所述短信的收件人为工作联系人时,拦截该短信的发送记录进入系统发件箱,并将该短信的发送记录存储到所述工作区中。19. The device according to claim 15, wherein, when the system event is sending a short message, the execution module is configured to intercept the sending record of the short message and enter the system when the recipient of the short message is a work contact Outbox, and store the sending record of the short message in the work area. 20.根据权利要求15所述的装置,其中,当所述系统事件为拨打电话时,所述执行模块配置为当所述电话为通过保存在所述工作区中的通讯录拨出时,将操作系统记录的该拨打记录删除,并记录在所述工作区中。20. The device according to claim 15, wherein when the system event is a phone call, the executing module is configured to, when the phone call is made through an address book stored in the workspace, set The call record recorded by the operating system is deleted and recorded in the work area. 21.根据权利要求20所述的装置,其中,所述装置还包括:21. The apparatus of claim 20, wherein the apparatus further comprises: 判断模块,配置为判断用户是否已设置在操作系统的通话记录中显示工作联系人的通话记录;The judging module is configured to judge whether the user has set the call log of the work contact to be displayed in the call log of the operating system; 所述执行模块还配置为当未设置在操作系统的通话记录中显示工作联系人的通话记录时,将操作系统记录的该拨打记录删除。The execution module is further configured to delete the call record recorded by the operating system when the call record of the work contact is not set to be displayed in the call record of the operating system. 22.根据权利要求15所述的装置,其中,当所述系统事件为接听电话时,所述执行模块配置为当所述电话的来电号码为工作联系号码时,将该次接听电话产生的通话记录在操作系统的通话记录中删除,并复制到所述工作区中。22. The device according to claim 15, wherein, when the system event is answering a call, the executing module is configured to, when the incoming number of the phone is a work contact number, call The recording is deleted in the call log of the operating system and copied to the said workspace. 23.根据权利要求22所述的装置,其中,当接听电话的来电号码与操作系统的通讯录中的联系人号码重合时,所述装置还包括:23. The device according to claim 22, wherein when the incoming call number for answering the call coincides with the contact number in the address book of the operating system, the device further comprises: 第一提示模块,配置为提示用户是否将该次接听电话产生的通话记录在操作系统的通话记录中删除;The first prompting module is configured to prompt the user whether to delete the call record generated by answering the call in the call record of the operating system; 所述执行模块还配置为当用户选择删除时,将该次接听电话产生的通话记录在操作系统的通话记录中删除。The execution module is further configured to delete the call record generated by answering the call in the call record of the operating system when the user chooses to delete. 24.根据权利要求15所述的装置,其中,当所述系统事件为发生未接来电时,所述执行模块配置为当所述未接来电的来电号码为工作联系号码时,将该条未接来电的记录在操作系统的通话记录中删除,并复制到所述工作区中。24. The device according to claim 15, wherein, when the system event is a missed call, the execution module is configured to: when the incoming number of the missed call is a work contact number, the missed call The records of incoming calls are deleted in the call records of the operating system and copied to the work area. 25.根据权利要求24所述的装置,其中,当未接来电的来电号码与操作系统的通讯录中的联系人号码重合时,所述装置还包括:25. The device according to claim 24, wherein, when the caller number of the missed call coincides with the contact number in the address book of the operating system, the device further comprises: 第二提示模块,配置为提示用户是否将该条未接来电的记录在操作系统的通话记录中删除;The second prompt module is configured to prompt the user whether to delete the record of the missed call in the call record of the operating system; 所述执行模块还配置为当用户选择删除时,将该条未接来电的记录在操作系统的通话记录中删除。The execution module is further configured to delete the record of the missed call in the call record of the operating system when the user chooses to delete. 26.根据权利要求14至25任一项所述的装置,其中,所述装置还包括:26. The device according to any one of claims 14 to 25, wherein the device further comprises: 第三提示模块,配置为当用户欲访问所述工作区中的数据时,提示用户输入解锁码;The third prompt module is configured to prompt the user to input the unlock code when the user wants to access the data in the work area; 验证模块,配置为接收并验证所述用户输入的解锁码是否正确;A verification module configured to receive and verify whether the unlock code input by the user is correct; 访问模块,配置为当所述验证模块验证用户输入的解锁码正确时,允许用户访问所述工作区中的数据。The access module is configured to allow the user to access the data in the work area when the verification module verifies that the unlock code input by the user is correct.
CN201310666504.2A 2013-12-10 2013-12-10 Enterprise data protection method and device Active CN103685266B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201310666504.2A CN103685266B (en) 2013-12-10 2013-12-10 Enterprise data protection method and device
PCT/CN2014/087815 WO2015085819A1 (en) 2013-12-10 2014-09-30 Method and device for public/private separation
US15/103,531 US20160316330A1 (en) 2013-12-10 2014-09-30 Method and device for business and private region separation
PCT/CN2014/093391 WO2015085906A1 (en) 2013-12-10 2014-12-09 Method and device for enterprise data protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310666504.2A CN103685266B (en) 2013-12-10 2013-12-10 Enterprise data protection method and device

Publications (2)

Publication Number Publication Date
CN103685266A CN103685266A (en) 2014-03-26
CN103685266B true CN103685266B (en) 2016-11-09

Family

ID=50321581

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310666504.2A Active CN103685266B (en) 2013-12-10 2013-12-10 Enterprise data protection method and device

Country Status (2)

Country Link
CN (1) CN103685266B (en)
WO (1) WO2015085906A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015085819A1 (en) * 2013-12-10 2015-06-18 北京奇虎科技有限公司 Method and device for public/private separation
CN103685266B (en) * 2013-12-10 2016-11-09 北京奇虎科技有限公司 Enterprise data protection method and device
CN104462997B (en) * 2014-12-04 2017-05-24 北京奇虎测腾科技有限公司 Method, device and system for protecting work data in mobile terminal
CN104954591B (en) * 2015-06-05 2018-07-31 小米科技有限责任公司 Method relating to telephone communications and device
CN105610671A (en) * 2016-01-11 2016-05-25 北京奇虎科技有限公司 Terminal data protection method and device
CN110427302A (en) * 2019-07-29 2019-11-08 努比亚技术有限公司 Trigger method, mobile terminal and the computer readable storage medium of content observer
CN111339543B (en) * 2020-02-27 2023-07-14 深信服科技股份有限公司 File processing method and device, equipment and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026822A (en) * 2006-02-24 2007-08-29 江苏高通科技实业有限公司 Method for protecting mobile phone private data
US8924970B2 (en) * 2011-08-05 2014-12-30 Vmware, Inc. Sharing work environment information sources with personal environment applications
US9665576B2 (en) * 2012-05-14 2017-05-30 International Business Machines Corporation Controlling enterprise data on mobile device via the use of a tag index
CN102982289A (en) * 2012-11-14 2013-03-20 广东欧珀移动通信有限公司 A data protection method and mobile intelligent terminal
CN103390026B (en) * 2013-06-20 2017-08-25 中国软件与技术服务股份有限公司 A kind of mobile intelligent terminal secure browser and its method of work
CN103685266B (en) * 2013-12-10 2016-11-09 北京奇虎科技有限公司 Enterprise data protection method and device

Also Published As

Publication number Publication date
CN103685266A (en) 2014-03-26
WO2015085906A1 (en) 2015-06-18

Similar Documents

Publication Publication Date Title
CN103685266B (en) Enterprise data protection method and device
Wei et al. Malicious android applications in the enterprise: What do they do and how do we fix it?
CN103647784B (en) A kind of method and apparatus of public and private isolation
US10257207B2 (en) Managed clone applications
US8387141B1 (en) Smartphone security system
CN102693395B (en) Method and device for intercepting calling of application program for service
US8763080B2 (en) Method and devices for managing permission requests to allow access to a computing resource
CN104462997B (en) Method, device and system for protecting work data in mobile terminal
CN104268479B (en) A kind of method of text maninulation isolation, device and mobile terminal
EP2562667A1 (en) Apparatus and method for providing security information on background process
CN103677935A (en) Installation and control method, system and device for application programs
CN103686716B (en) Android access control system for enhancing confidentiality and integrality
CA2778737C (en) Method and devices for managing permission requests to allow access to computing resource
CN105610671A (en) Terminal data protection method and device
US10778648B2 (en) Systems and methods for regional data storage and data anonymization
US11671531B1 (en) Techniques for managing communications between devices
CN107343279A (en) Network connection method, device, terminal equipment and storage medium
WO2018006591A1 (en) Multi-user terminal service processing method and device
WO2015085819A1 (en) Method and device for public/private separation
CN106453398A (en) Data encryption system and method
US8849247B2 (en) Remote mobile device information retrieval
CN104573534B (en) A kind of method and apparatus for handling private data in a mobile device
US11445057B2 (en) Private contact sharing
US10171394B2 (en) Multimedia mail service
CN111263356A (en) Short message processing method and system for terminal equipment, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee after: Beijing Qizhi Business Consulting Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

CP01 Change in the name or title of a patent holder
TR01 Transfer of patent right

Effective date of registration: 20220324

Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing

Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Beijing Qizhi Business Consulting Co.,Ltd.

TR01 Transfer of patent right