[go: up one dir, main page]

WO2011069438A1 - Working method and system for self-learning intellectualized short message firewall of mobile terminal - Google Patents

Working method and system for self-learning intellectualized short message firewall of mobile terminal Download PDF

Info

Publication number
WO2011069438A1
WO2011069438A1 PCT/CN2010/079522 CN2010079522W WO2011069438A1 WO 2011069438 A1 WO2011069438 A1 WO 2011069438A1 CN 2010079522 W CN2010079522 W CN 2010079522W WO 2011069438 A1 WO2011069438 A1 WO 2011069438A1
Authority
WO
WIPO (PCT)
Prior art keywords
software
short message
sms
name
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2010/079522
Other languages
French (fr)
Chinese (zh)
Inventor
李锋
林宇
邹仕洪
史文勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Netqin Technology Co Ltd
Original Assignee
Beijing Netqin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Netqin Technology Co Ltd filed Critical Beijing Netqin Technology Co Ltd
Publication of WO2011069438A1 publication Critical patent/WO2011069438A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Definitions

  • the present invention essentially describes a method for establishing a short message firewall by means of human-computer interaction, relying on the knowledge accumulation of the server for statistical calculation, and for comprehensive conditions such as different user characteristics.
  • This SMS firewall has a very important feature, which is self-learning.
  • the system includes two modes of operation: intelligent SMS firewall and high-intensity SMS firewall, which can meet the needs of different users.
  • the communication sub-module M201 receives the setting information of the software of the user of the communication sub-module M105, and transmits it to the statistical calculation sub-module M202.
  • the statistical calculation sub-module M202 performs statistical calculation on all user setting information, updates the result to the server knowledge accumulation sub-module M203, and the server knowledge accumulation sub-module M203 updates the SMS firewall knowledge base.
  • the server knowledge accumulation sub-module M203 transmits the latest SMS firewall knowledge base to the client communication sub-module M105 through the server communication sub-module M201.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

A working method and system for self-learning intellectualized short message firewall of mobile terminal are provided in the present invention. According to another embodiment of the present invention, a working method for self-learning intellectualized short message firewall of mobile terminal is provided, and includes the following steps: the transmission of the short message is monitored, the number and the corresponding process name or software name are matched by the client side when a short message is transmitted, and it is judged whether the process name or software name of the transmitted short message belongs to the local black list; if the process name or software name of the transmitted short message belongs to the local black list, the transmission of the short message is stopped. Furthermore, it can be judged that the process name or software name of the transmitted short message belong to one of the black list, the white list, the rascal software and the green software or the combination with the method of the present invention. The system and method of the present invention can solve the problem in a dilemma that both the behavior that the malicious and rascal software transmits short message automatically must be avoided and the behavior that the normal manufacturer and production transmit short message must be taken account of.

Description

自学习的移动终端智能化短信防火墙的工作方法及系统 技术领域  Self-learning mobile terminal intelligent SMS firewall working method and system

本发明涉及移动通信领域,特别是涉及移动终端的智能化短信防 火墙系统。 背景技术  The present invention relates to the field of mobile communications, and more particularly to an intelligent short message firewall system for a mobile terminal. Background technique

随着移动终端智能化越来越普及,移动终端上应用软件越来越丰 富, 整个产业蓬勃发展。 但是, 随之而来的安全隐患也越来越大。 其 中, 通过短信计费的恶意、 流氓扣费行为, 已经成为目前阻碍无线互 联网健康发展一个绊脚石。  With the increasing popularity of mobile terminals, the application software on mobile terminals is becoming more and more abundant, and the entire industry is booming. However, the security risks that come with it are also growing. Among them, malicious and rogue deductions through SMS billing have become a stumbling block to the healthy development of the wireless Internet.

针对这个问题, 目前市场上出现了一些短信防火墙软件, 其初衷 就是为了避免偷偷发送短信等流氓行为。  In response to this problem, some SMS firewall software has appeared on the market, the original intention is to avoid sneaking SMS and other rogue behaviors.

然而, 现在的这些软件, 实现机制很简单, 用户要么选择全部拦 截, 要么每次发送短信时都提醒用户进行确认操作, 所有这些方法, 都有一个公共的弊端: 不智能, 不能区分场景, 对于用户的使用并非 方便。 发明内容  However, in today's software, the implementation mechanism is very simple. The user either chooses to block all of them, or reminds the user to confirm the operation each time a text message is sent. All of these methods have a common drawback: not smart, can't distinguish scenes, User use is not convenient. Summary of the invention

为了更好的解决既要防止恶意、 流氓软件(木马程序) 的自动发 短信的行为, 又要兼顾市场上正规厂商、 产品 (广大用户认可) 的发 送短信行为这个两难的问题。提出了一种自学习的移动终端短信防火 墙系统, 本系统包括智能化短信防火墙、高强度短信防火墙等工作模 式。  In order to better solve the problem of preventing the malicious texting of rogue software (trojans), it is also necessary to take into account the dilemma of sending SMS messages by regular manufacturers and products (accepted by users). A self-learning mobile terminal SMS firewall system is proposed. The system includes a smart SMS firewall and a high-intensity SMS firewall.

根据本发明的一个方面,提供一种自学习的移动终端智能化短信 防火墙的工作方法, 包括以下步骤: 监控短信的发出, 当有短信发出 时, 客户端将号码与对应进程名或软件名匹配, 并判断发送短信的进 程名或软件名是否属于本地 "黑名单"; 如果发送短信的进程名或软件 名在本地"黑名单 "中, 则终止短信发送。  According to an aspect of the present invention, a self-learning mobile terminal intelligent SMS firewall working method includes the following steps: monitoring the sending of a short message, when a short message is sent, the client matches the number with the corresponding process name or software name. And determine whether the process name or software name of the sent SMS belongs to the local "blacklist"; if the process name or software name of the sent SMS is in the local "blacklist", the short message is sent.

进一步地, 如果发送短信的进程名或软件名不在本地"黑名单" 中, 客户端判断是否属于本地"白名单"; 如果发送短信的进程名或软 件名在本地"白名单 "中, 则允许短信发送。 此外, 如果发送短信的进 程名或软件名不在本地"白名单 "中, 可提醒用户当前某个进程或软件 准备发送短信, 请求用户判断是否允许发送短信。在用户判断是否允 许发送短信之后, 可提示用户对未出现在本地 "白名单"、 "黑名单"中 的上述发送短信的进程或软件进行分类。 Further, if the process name or software name of the short message is not in the local "blacklist", the client determines whether it belongs to the local "whitelist"; if the process name or soft of the short message is sent The name of the item is in the local "white list", and the text message is allowed to be sent. In addition, if the process name or software name of the short message is not in the local "white list", the user may be reminded that a certain process or software is ready to send a text message, requesting the user to determine whether to allow the text message to be sent. After the user determines whether to allow the sending of the short message, the user may be prompted to classify the above-mentioned process or software for sending the short message that does not appear in the local "white list" or "black list".

进一步地, 如果发送短信的进程名或软件名不在本地"白名单" 中,则根据短信防火墙知识库的分类判断发送短信的进程或软件是否 属于"流氓软件"; 如果发送短信的进程或软件是"流氓软件", 则终止 短信发送。  Further, if the process name or the software name of the short message is not in the local "white list", it is determined according to the classification of the SMS firewall knowledge base whether the process or software for sending the short message belongs to "rogue software"; if the process or software for sending the short message is "Rogue software" terminates the sending of text messages.

进一步地, 如果发送短信的进程或软件不是"流氓软件", 则判断 发送短信的进程或软件是否属于"绿色软件"; 如果发送短信的进程或 软件是"绿色软件", 则允许短信发送。  Further, if the process or software for sending the short message is not "rogue software", it is judged whether the process or software for sending the short message belongs to "green software"; if the process or software for sending the short message is "green software", the short message is allowed to be sent.

更进一步地, 如果发送短信的进程或软件不是"绿色软件", 则提 醒用户当前某个进程或软件准备发送短信,请求用户判断是否允许发 送短信。 此外, 还可在用户判断是否允许发送短信之后, 进入短信防 火墙知识库建立流程, 对于未分类的进程或软件进行分类。  Further, if the process or software for sending the short message is not "green software", the user is reminded that a certain process or software is ready to send a text message, requesting the user to determine whether to allow the text message to be sent. In addition, after the user determines whether to allow the short message to be sent, the user enters the SMS firewall knowledge base establishment process to classify the unclassified process or software.

根据本发明的另一方面, 其中短信防火墙知识库建立流程包括: 客户端的短信监听子模块监听所有发出的短信;客户端对所有发出成 功的短信进行分析, 对应这些短信, 客户端会做出提示, 并匹配出对 应的进程名或软件名, 告知用户; 用户对发出短信的进程或软件行为 作出判断, 并将这些进程或软件设定为 "举报 "或"信任"类型; 设定完 成之后, 将设定结果上报至服务器; 服务器存储所有用户上报的设定 结果, 并定期进行统计计算分析, 当被设定为"举报"或"信任"类型的 进程或软件, 其被设定的比例或阈值满足某个条件时, 便被系统裁定 为"流氓软件"或"绿色软件"; 系统将这一结果存储或更新至服务器端 的短信防火墙知识库中;客户端定期与服务器同步更新客户端的短信 防火墙知识库中的数据。  According to another aspect of the present invention, the SMS firewall knowledge base establishing process includes: the short message monitoring sub-module of the client listens to all sent short messages; the client analyzes all the successfully sent short messages, and the client prompts the corresponding short messages. And matching the corresponding process name or software name to inform the user; the user makes a judgment on the process or software behavior of sending the short message, and sets the process or software to the "report" or "trust" type; after the setting is completed, Report the setting result to the server; the server stores the setting result reported by all users, and performs statistical calculation analysis periodically, when the process or software of the type of "report" or "trust" is set, the proportion or When the threshold meets a certain condition, it is arbitrarily determined by the system as "rogue software" or "green software"; the system stores or updates this result to the SMS firewall knowledge base of the server; the client periodically updates the client's SMS firewall with the server. The data in the knowledge base.

根据本发明另一方面,提供一种自学习的移动终端智能化短信防 火墙系统, 包括客户端模块和服务器。其中客户端模块负责移动终端 的重要事件的监控, 以及知识的积累, 与服务器通讯, 包括: 模式设 定子模块, 用于设定防火墙的工作模式; 短信监听子模块, 对所有收 发短信进行监听; 短信拦截子模块, 对短信进行拦截、 判断、 提醒; 客户端知识积累子模块, 对所有用户的操作、 设置数据信息, 进行记 录缓存, 并决定对短信的处理方式; 客户端通讯子模块, 负责与服务 器之间的知识数据信息的传递。 服务器负责对来自客户端数据的存 储,数据的统计计算, 与客户端通讯,包括:服务器知识积累子模块, 将来自客户端的知识数据信息进行存储; 统计计算子模块, 负责对知 识数据信息的计算、 分析; 服务器通讯子模块, 负责与客户端之间的 知识数据信息的传递。 According to another aspect of the present invention, a self-learning mobile terminal intelligent short message firewall system is provided, including a client module and a server. The client module is responsible for monitoring the important events of the mobile terminal, and accumulating knowledge, communicating with the server, including: The stator module is used to set the working mode of the firewall; the short message monitoring sub-module monitors all sent and received short messages; the short message intercepting sub-module intercepts, judges, and reminds the short message; the client knowledge accumulation sub-module, operates on all users , setting data information, performing record buffering, and determining the processing method of the short message; the client communication sub-module is responsible for transmitting the knowledge data information with the server. The server is responsible for storing the data from the client, statistical calculation of the data, and communicating with the client, including: a server knowledge accumulation sub-module, storing knowledge data information from the client; a statistical calculation sub-module, responsible for calculating the knowledge data information , analysis; server communication sub-module, responsible for the transfer of knowledge data information with the client.

本发明实质上描述了一种通过人机交互的方式,依托服务器的知 识积累进行统计计算, 并针对不同的用户特征等综合条件, 建立短信 防火墙。 这种短信防火墙具备一个很重要的特性, 就是自学习能力。 本系统包括智能化短信防火墙、高强度短信防火墙两种工作模式, 能 够满足不同用户的需求场景。  The present invention essentially describes a method for establishing a short message firewall by means of human-computer interaction, relying on the knowledge accumulation of the server for statistical calculation, and for comprehensive conditions such as different user characteristics. This SMS firewall has a very important feature, which is self-learning. The system includes two modes of operation: intelligent SMS firewall and high-intensity SMS firewall, which can meet the needs of different users.

本发明的系统和方法很好地解决了既要防止恶意、流氓软件(木 马程序) 的自动发短信的行为, 又要兼顾市场上正规厂商、 产品 (广 大用户认可) 的发送短信行为这个两难的问题。  The system and method of the invention well solves the problem of preventing automatic malicious texting of malicious and rogue software (trojan program), and also takes into consideration the dilemma of sending text messages by regular manufacturers and products (approved by users) in the market. problem.

而且, 本发明的系统是一种自学习的系统, 能够不断的自我完善 短信防火墙的精度。 附图说明  Moreover, the system of the present invention is a self-learning system that continuously improves the accuracy of the SMS firewall. DRAWINGS

参照附图阅读本发明的说明书,能够更好地理解本发明的技术方 案。 本发明的附图仅示意性给出了本发明的优选实施方式, 其中: 图 1是短信防火墙知识库的建立流程;  The technical scheme of the present invention can be better understood by reading the description of the present invention with reference to the accompanying drawings. The drawings of the present invention are only illustrative of a preferred embodiment of the present invention, wherein: FIG. 1 is a process for establishing a knowledge base of a short message firewall;

图 2是智能化短信防火墙工作流程;  Figure 2 is the workflow of the intelligent SMS firewall;

图 3是高强度短信防火墙工作流程;  Figure 3 is the workflow of the high-intensity SMS firewall;

图 4是系统模块结构图。 具体实施方式  Figure 4 is a block diagram of the system module. detailed description

本发明实质上描述了一种通过人机交互的方式,依托服务器的知 识积累进行统计计算, 并针对不同的用户特征等综合条件, 建立短信 防火墙。 这种短信防火墙具备一个很重要的特性, 就是自学习能力。 本发明的短信防火墙系统包括智能化短信防火墙、高强度短信防火墙 两种工作模式, 能够满足不同用户的需求场景。 The invention essentially describes a method for establishing a short message by means of human-computer interaction, relying on the knowledge accumulation of the server for statistical calculation, and for comprehensive conditions such as different user characteristics. Firewall. This SMS firewall has a very important feature, which is self-learning. The short message firewall system of the invention comprises two working modes: an intelligent short message firewall and a high-intensity short message firewall, which can meet the demand scenarios of different users.

本发明的短信防火墙系统中需要建立短信防火墙知识库,其中短 信防火墙系统由客户端和服务器构成,在客户端和服务器中都建立有 短信防火墙知识库。其中短信防火墙知识库最原始是在服务器中统计 计算生成的, 然后同步至客户端的。下面参照图 1描述短信防火墙知 识库的建立流程。  The SMS firewall system of the present invention needs to establish a knowledge base of the SMS firewall, wherein the short message firewall system is composed of a client and a server, and a knowledge base of the SMS firewall is established in both the client and the server. The SMS firewall knowledge base is the most primitive in the server, and then synchronized to the client. The process of establishing the SMS firewall knowledge base will be described below with reference to FIG.

作为示例, 本发明的短信防火墙知识库建立流程如下:  As an example, the establishment process of the SMS firewall knowledge base of the present invention is as follows:

步骤 S101 : 客户端安装在移动终端之后, 客户端的短信监听子 模块开始工作, 监听所有发出的短信。  Step S101: After the client is installed in the mobile terminal, the short message monitoring sub-module of the client starts working and listens to all sent short messages.

步骤 S102: 客户端对所有发出成功的短信进行分析, 例如包括 号码、 内容等。例如, 号码为特定号段(中国大陆地区 106开头的 sp 号码), 内容包含了典型的当时产业标准的订购短信格式的字符串。 对应这些短信,客户端会做出提示,并匹配出对应的进程名或软件名, 告知用户。  Step S102: The client analyzes all the successfully sent short messages, including, for example, a number, content, and the like. For example, the number is a specific number segment (sp number starting with 106 in mainland China), and the content contains a typical string of the current industry standard ordering SMS format. Corresponding to these short messages, the client will prompt and match the corresponding process name or software name to inform the user.

步骤 S103 : 用户对发出短信的进程或软件行为作出判断, 并将 这些进程或软件设定为"举报"或"信任"类型。  Step S103: The user makes a judgment on the process or software behavior of sending the short message, and sets the process or software to the "report" or "trust" type.

步骤 S104: 设定完成之后, 将设定结果上报至服务器。  Step S104: After the setting is completed, the setting result is reported to the server.

步骤 S105 : 服务器存储所有用户上报的设定结果, 并定期进行 统计计算分析。 当被设定为"举报"或"信任"类型的进程或软件, 其被 设定的比例或阈值满足某个条件时, 便被系统裁定为"流氓软件 (例 如, 木马程序) "、 "绿色软件"。 系统将这一结果存储或更新至服务 器端的短信防火墙知识库中。  Step S105: The server stores the setting result reported by all the users, and performs statistical calculation analysis periodically. When a process or software of the type set to "report" or "trust" is set to a certain ratio or threshold that satisfies a certain condition, it is arbitrated by the system as "rogue software (for example, Trojans)", "green" software". The system stores or updates this result to the SMS firewall knowledge base on the server side.

例如, 当某进程或软件被设定为"举报"类型的比例超过预定比例 时, 预定比例可以为 50%, 优选为 30% , 更优选为 10%, 则该进程 或软件被服务器裁定为"流氓软件", 例如, 木马程序。 或者, 当某进 程或软件被设定为"举报"类型的次数超过设定阈值时,阈值可以为 20 次,优选为 10次,更优选为 5次,则该进程或软件被服务器裁定为"流 氓软件"。 其中预定比例和预定阈值可以根据安全级别等具体情况设 定。 For example, when a process or software is set to a "report" type ratio that exceeds a predetermined ratio, the predetermined ratio may be 50%, preferably 30%, more preferably 10%, then the process or software is determined by the server as " Rogue software", for example, Trojans. Alternatively, when the number of times a process or software is set to the "report" type exceeds a set threshold, the threshold may be 20 times, preferably 10 times, more preferably 5 times, then the process or software is ruled by the server as " Rogue software". The predetermined ratio and the predetermined threshold may be set according to specific conditions such as the security level. Set.

类似地, 当某进程或软件被设定为"信任"类型的比例超过预定比 例时, 预定比例可以为 60% , 优选为 80% , 更优选为 90% , 则该进 程或软件被服务器裁定为"绿色软件"。 或者, 当某进程或软件被设定 为"信任"类型的次数超过设定阈值时,阈值可以为 100次,优选为 150 次, 更优选为 200次, 则该进程或软件被服务器裁定为"绿色软件"。 其中预定比例和预定阈值可以根据安全级别等具体情况设定。  Similarly, when a process or software is set to a "trust" type ratio exceeding a predetermined ratio, the predetermined ratio may be 60%, preferably 80%, more preferably 90%, then the process or software is determined by the server as "green software". Alternatively, when the number of times a process or software is set to the "trust" type exceeds a set threshold, the threshold may be 100 times, preferably 150 times, more preferably 200 times, then the process or software is ruled by the server as " green software". The predetermined ratio and the predetermined threshold may be set according to specific conditions such as the security level.

步骤 S106: 客户端定期与服务器同步更新客户端的短信防火墙 知识库中的数据。 同步的方法, 包括客户端主动联网获取、 服务器下 发短信指令告知等多种方式。  Step S106: The client periodically updates the data in the client's SMS firewall knowledge base with the server. The method of synchronization includes a method such as client active network acquisition, server sending SMS instruction, and the like.

步骤 S107 : 本流程结束。  Step S107: This process ends.

本发明的短信防火墙知识库能够不断的自学习, 将知识进行更 新, 不断的逼近真实的产业环境。  The short message firewall knowledge base of the invention can continuously self-learn, update knowledge, and constantly approach the real industrial environment.

具体地, 例举一个自学习的实施例如下:  Specifically, an example of self-learning is exemplified as follows:

当一个软件 A由于某些恶意行为, 被 50%的用户 "举报", 那么, 软件 A则被评为流氓软件, 所有软件 A发出的短信将被拦截。  When a software A is "reported" by 50% of users due to some malicious behavior, then software A is rated as rogue software, and all text messages sent by software A will be intercepted.

但是, 由于服务提供商不断的改进软件, 并且被用户认可。 经过 一段时间, 软件 A又被 60%的用户 "信任", 那么, 软件 A不再是流 氓软件, 变成了绿色软件, 所有软件 A发出的短信将正常发出。  However, as service providers continue to improve the software and are recognized by users. After a period of time, software A is "trusted" by 60% of users. Then, software A is no longer rogue software, it becomes green software, and all text messages sent by software A will be issued normally.

这样, 短信防火墙知识库就根据用户的判断, 不断的自学习, 将 知识进行更新, 不断的逼近真实的产业环境。  In this way, the SMS firewall knowledge base continuously learns according to the judgment of the user, updates the knowledge, and constantly approaches the real industrial environment.

短信防火墙知识库是对进程 /软件的分类数据库, 可将进程 /软件 分为受信任、 不受信任两类。 例如, "绿色软件"为受信任的, "流氓 软件"为不受信任的。 这些进程 /软件在发送短信时, 系统会根据类型 进行相应的处理, 比如允许发送、 终止发送。  The SMS Firewall Knowledge Base is a classification database of processes/software that divides processes/software into trusted and untrusted categories. For example, "green software" is trusted and "rogue software" is untrusted. When these processes/software send SMS messages, the system will process them according to the type, such as allowing sending and terminating sending.

可以将移动终端的进程 /软件分别列入进程 /软件"黑名单"和进程 /软件"白名单"。 其中, "黑名单"和"白名单"可由用户手动编辑。 可以 在客户端本地维护的进程 /软件列表, 当进程 /软件"黑名单 "中的进程 / 软件发送短信时, 系统会终止发送。 当进程 /软件"白名单 "中的进程 / 软件发送短信时, 系统会允许发送。 也可以初始化或预置一些"白名 单", 比如在客户端初始化时, 将移动终端的系统进程均放入白名单。 例如, "黑名单"、 "白名单"可以通过以下方式设定: The process/software of the mobile terminal can be included in the process/software "blacklist" and the process/software "whitelist" respectively. Among them, "blacklist" and "whitelist" can be manually edited by the user. A list of processes/software that can be maintained locally on the client. When the process/software in the process/software "blacklist" sends a text message, the system terminates the transmission. When the process/software in the process/software "whitelist" sends a text message, the system will allow the transmission. Can also initialize or preset some "white name" For example, the "blacklist" and "whitelist" can be set in the following ways:

方法一: 服务器下发设定。 具体地, 可以通过客户端联网同步服 务器所设定的 "黑名单"、 "白名单"; 也可以通过服务器下发短信指令 至客户端, 完成"黑名单"、 "白名单"的设定与更新。  Method 1: The server sends the settings. Specifically, the "blacklist" and "whitelist" set by the server can be synchronized by the client network; or the server can send a short message instruction to the client to complete the setting of "blacklist" and "whitelist". Update.

方法二: 用户在客户端中手动输入设定。  Method 2: The user manually enters the settings in the client.

根据本发明的一个实施例, "黑名单"、 "白名单"可与短信防火墙 知识库一起, 共同完成对发出短信的拦截和放行发送。  According to an embodiment of the present invention, the "blacklist" and "whitelist" can be used together with the SMS firewall knowledge base to complete the interception and release of the sent SMS.

根据本发明的一个实施例,智能化短信防火墙模式的工作流程如 下: 当有短信发出时, 客户端将号码与对应进程名或软件名匹配, 并 判断发送短信的进程名或软件名是否属于本地"黑名单"? 如果发送 短信的进程名或软件名在本地"黑名单 "中, 则终止短信发送, 流程结 束。 如果发送短信的进程名或软件名不在本地 "黑名单"中, 则允许短 信发送,流程结束。这种工作模式的安全级别较低,只要是不属于 "黑 名单"中的进程或软件在发送短信, 通常都允许发送。  According to an embodiment of the present invention, the workflow of the intelligent short message firewall mode is as follows: When a short message is sent, the client matches the number with the corresponding process name or software name, and determines whether the process name or software name of the sent short message belongs to the local "blacklist"? If the process name or software name of the sent SMS is in the local "blacklist", the SMS transmission is terminated and the process ends. If the process name or software name of the sent SMS is not in the local "blacklist", the short message is allowed to be sent and the process ends. This mode of operation has a lower security level, as long as processes or software that are not part of the "blacklist" are sending text messages, they are usually allowed to be sent.

优选地, 如果发送短信的进程名或软件名不在本地"黑名单"中, 客户端还进一步判断发送短信的进程名或软件名是否属于本地"白名 单"? 如果发送短信的进程名或软件名在本地"白名单 "中, 则允许短 信发送, 流程结束。 如果发送短信的进程名或软件名不在本地 "白名 单"中, 则提醒用户哪个进程或软件准备发送短信, 请求用户判断是 否允许发送短信。 然后可进入本地"白名单"、 "黑名单"设置界面, 对 未出现在本地 "白名单"、 "黑名单"中的进程或软件进行分类。 这种工 作模式的安全级别较前一种模式高, 需要同时满足不在"黑名单"中且 在"白名单 "中的进程或软件才能自动发送短信。 对于未出现在本地 "白名单"、 "黑名单"中的进程或软件, 客户可进行确认和分类。  Preferably, if the process name or software name of the short message is not in the local "blacklist", the client further determines whether the process name or software name of the sent short message belongs to the local "white list"? If the process name or software name of the text message is in the local "white list", the short message is allowed to be sent, and the process ends. If the process name or software name of the sent SMS is not in the local "white list", the user is reminded which process or software is ready to send a text message, requesting the user to determine whether to allow the text message to be sent. You can then enter the local "whitelist" and "blacklist" settings interface to classify processes or software that do not appear in the local "whitelist" or "blacklist". This mode of operation is more secure than the previous mode, and processes or software that are not in the "blacklist" and in the "whitelist" can automatically send text messages. For processes or software that do not appear in the local "whitelist" or "blacklist", customers can confirm and categorize them.

此外, 客户端在工作的时候, 还会结合客户端的短信防火墙知识 库、 进程 /软件"黑名单"、 进程 /软件"白名单 "的数据信息进行综合判 断, 对发出的短信进行处理。  In addition, when the client is working, it will combine the data of the client's SMS firewall knowledge base, process/software "blacklist", and process/software "whitelist" to make a comprehensive judgment and process the sent SMS.

根据本发明的另一个实施例,智能化短信防火墙模式的工作流程 如下: 监控短信的发出, 当有短信发出时, 客户端将号码与对应进程 名或软件名匹配, 并判断发送短信的进程名或软件名是否属于本地 "黑名单"? 如果发送短信的进程名或软件名在本地"黑名单 "中, 则终 止短信发送,流程结束。如果发送短信的进程名或软件名不在本地 "黑 名单"中, 则客户端判断是否属于本地 "白名单"? 如果发送短信的进 程名或软件名在本地 "白名单"中, 则允许短信发送, 流程结束。 如果 发送短信的进程名或软件名不在本地"白名单 "中, 则根据短信防火墙 知识库的分类判断发送短信的进程或软件是否属于"流氓软件"? 如 果是"流氓软件", 则终止短信发送, 流程结束。如果不是"流氓软件", 则判断是否属于"绿色软件", 如果是"绿色软件", 则允许短信发送, 流程结束。 如果不是"绿色软件", 则提醒用户哪个进程或软件准备发 送短信, 请求用户判断是否允许发送短信, 然后进入短信防火墙知识 库建立流程, 对于未分类的进程或软件, 进行分类。 这种工作模式的 安全级别最高, 需要同时满足不在"黑名单 "中且在"白名单 "中, 而且 属于"绿色软件"不属于 "流氓软件"的进程或软件才能自动发送短信。 对于短信防火墙知识库中未分类的进程或软件,需要客户进行确认和 分类。 According to another embodiment of the present invention, the workflow of the intelligent SMS firewall mode is as follows: Monitoring the sending of a short message, when a short message is sent, the client will number and the corresponding process Does the name or software name match, and determine whether the process name or software name of the sent SMS belongs to the local "blacklist"? If the process name or software name of the short message is in the local "blacklist", the short message is sent, and the process ends. If the process name or software name of the sent SMS is not in the local "blacklist", does the client determine whether it belongs to the local "whitelist"? If the process name or software name of the text message is in the local "white list", the text message is allowed to be sent, and the process ends. If the process name or software name of the short message is not in the local "white list", according to the classification of the SMS firewall knowledge base, it is judged whether the process or software for sending the short message belongs to "rogue software"? If it is "rogue software", the SMS is terminated and the process ends. If it is not "rogue software", it is judged whether it belongs to "green software". If it is "green software", SMS is allowed to be sent, and the process ends. If it is not "green software", it reminds the user which process or software is ready to send a text message, asks the user to judge whether to allow the text message to be sent, and then enters the SMS firewall knowledge base establishment process to classify the unclassified process or software. This mode of operation has the highest level of security and requires simultaneous processing of processes or software that are not in the "blacklist" and in the "whitelist", and that belong to "greenware" that does not belong to "rogue software" to automatically send text messages. For the unclassified process or software in the SMS firewall knowledge base, the customer needs to be confirmed and classified.

当然,本发明的智能化短信防火墙模式的工作流程不限于上述方 式, 可以根据安全级别的需要, 判断是否属于 "黑名单"、 "白名单"、 "流氓软件"和"绿色软件"之一或其组合。例如,属于"黑名单 "或"流氓 软件"的进程或软件, 不允许自动发送短信; 属于"白名单 "或"绿色软 件"的进程或软件允许自动发送短信。 也可以根据需要设置, 只有同 时属于 "白名单"和"绿色软件"的进程或软件才允许自动发送短信。 此 外, 对于不属于"黑名单"、 "白名单"、 "流氓软件"和"绿色软件"中的 进程或软件, 用户可根据情况设定为允许或不允许自动发送短信。  Certainly, the workflow of the intelligent short message firewall mode of the present invention is not limited to the above manner, and may determine whether it belongs to one of "blacklist", "whitelist", "rogue software" and "green software" according to the security level requirement or Its combination. For example, a process or software belonging to a "blacklist" or "rogue software" does not allow automatic sending of text messages; processes or software belonging to "whitelisting" or "greenware" allow automatic sending of text messages. It can also be set as needed. Only processes or software that are both "whitelisted" and "greenware" are allowed to automatically send text messages. In addition, for processes or software that are not in the "blacklist", "whitelist", "rogue software" and "greenware", the user can set or not allow automatic sending of text messages depending on the situation.

此外,本发明的智能化短信防火墙模式的工作流程的顺序也不限 于上述方式, 也可以先根据短信防火墙知识库的分类判断是否属于 "流氓软件"? 如果是"流氓软件", 则终止短信发送, 流程结束。 如果 不是"流氓软件", 则判断是否属于"绿色软件", 如果是"绿色软件", 则允许短信发送, 流程结束。 如果不是"绿色软件", 客户端将号码与 对应进程名或软件名匹配, 并判断是否属于本地 "黑名单"? 如果在本 地"黑名单 "中, 则终止短信发送, 流程结束。 如果不在本地 "黑名单" 中, 则客户端判断是否属于本地 "白名单"? 如果在本地"白名单 "中, 则允许短信发送, 流程结束。 如果不在本地 "白名单"中, 则提醒用户 哪个进程或软件准备发送短信, 请求用户判断是否允许发送短信。然 后可进入本地 "白名单"、 "黑名单"设置界面, 对未出现在本地"白名 单"、 "黑名单"中的进程或软件进行分类。 In addition, the order of the workflow of the intelligent short message firewall mode of the present invention is not limited to the above manner, and may also be determined according to the classification of the SMS firewall knowledge base to determine whether it belongs to "rogue software". If it is "rogue software", the SMS is terminated and the process ends. If it is not "rogue software", it is judged whether it belongs to "green software". If it is "green software", SMS is allowed to be sent, and the process ends. If it is not "green software", the client matches the number with the corresponding process name or software name and determines whether it is a local "blacklist"? If in this In the "blacklist", the SMS is terminated and the process ends. If it is not in the local "blacklist", does the client determine whether it belongs to the local "whitelist"? If it is in the local "white list", SMS is allowed to be sent, and the process ends. If it is not in the local "white list", the user is reminded which process or software is ready to send a text message, requesting the user to determine whether to allow the text message to be sent. You can then enter the local "whitelist" and "blacklist" settings interface to classify processes or software that do not appear in the local "whitelist" or "blacklist".

下面参照图 2描述智能化短信防火墙模式的工作流程。根据本发 明的有一个实施例, 智能化短信防火墙模式的工作流程如下:  The workflow of the intelligent SMS firewall mode will be described below with reference to FIG. According to an embodiment of the present invention, the workflow of the intelligent SMS firewall mode is as follows:

步骤 S201 : 监控有短信发出。  Step S201: Monitoring has a short message sent.

步骤 S202: 客户端将号码与对应进程名或软件名匹配, 并判断 是否属于本地 "黑名单"? 如果是本地"黑名单", 则终止短信发送, 转 入步骤 S206; 否则转入步骤 S203。  Step S202: The client matches the number with the corresponding process name or software name, and determines whether it belongs to the local "blacklist"? If it is a local "blacklist", the short message transmission is terminated, and the process goes to step S206; otherwise, the process goes to step S203.

步骤 S203 : 客户端将号码与对应进程名或软件名匹配, 并判断 是否属于本地 "白名单"? 如果是本地"白名单", 则允许短信发送, 转 入步骤 S206; 否则转入步骤 S204。  Step S203: The client matches the number with the corresponding process name or software name, and determines whether it belongs to the local "white list"? If it is a local "white list", the short message transmission is allowed, and the process goes to step S206; otherwise, the process goes to step S204.

步骤 S204: 客户端将号码与对应进程名或软件名匹配, 并判断 是否属于"流氓软件(木马程序) "? 如果是, 则终止短信发送, 并转 入步骤 S206; 否则转入步骤 S205。  Step S204: The client matches the number with the corresponding process name or software name, and determines whether it belongs to "rogue software (trojan program)"? If so, the short message transmission is terminated, and the process goes to step S206; otherwise, the process goes to step S205.

步骤 S205 : 客户端将号码与对应进程名或软件名匹配, 并判断 是否属于"绿色软件", 如果是, 则允许短信发送, 转入步骤 S206; 否则允许短信发送, 并在成功发送之后, 提醒用户, 然后进入短信防 火墙知识库建立流程。  Step S205: The client matches the number with the corresponding process name or software name, and determines whether it belongs to "green software". If yes, the message is allowed to be sent, and the process proceeds to step S206; otherwise, the message is allowed to be sent, and after successful transmission, the reminder The user then enters the SMS firewall knowledge base to establish the process.

步骤 S206: 本流程结束。  Step S206: The process ends.

此外, 本系统还提供了一种高强度防火墙模式, 即拦截所有的软 件发出短信。 参照图 3描述高强度防火墙模式的工作流程。  In addition, the system provides a high-intensity firewall mode that intercepts all software to send text messages. The workflow of the high-intensity firewall mode is described with reference to FIG. 3.

步骤 S301 : 有短信即将发出。  Step S301: A short message is about to be sent.

步骤 S302: 客户端将号码与对应的进程名或软件名匹配, 并中 断短信发送;  Step S302: The client matches the number with the corresponding process name or software name, and interrupts the sending of the short message;

步骤 S303 : 提示用户是否允许该进程发送短信? 如果用户允许, 则继续发送短信; 如果用户不允许, 则终止发送短信。 步骤 S304: 本流程结束。 Step S303: Prompt the user to allow the process to send a short message? If the user allows, continue to send text messages; if the user does not allow, stop sending text messages. Step S304: The process ends.

高强度防火墙模式主动拦截所有的软件发出短信, 提醒用户, 由 用户判断是否允许发送短信。  The high-intensity firewall mode actively intercepts all software to send text messages to remind users that the user is allowed to send text messages.

本发明的移动终端智能化短信防火墙系统包括客户端模块 M100 和服务器 M200。 参见图 4, 描述本发明的移动终端智能化短信防火 墙系统。  The intelligent short message firewall system of the mobile terminal of the present invention comprises a client module M100 and a server M200. Referring to Fig. 4, a mobile terminal intelligent short message firewall system of the present invention will be described.

移动终端智能化短信防火墙系统的客户端模块 M100负责移动终 端的重要事件的监控, 以及知识的积累, 与服务器通讯, 包括: 模式 设定子模块 M101 , 用于设定防火墙的工作模式, 用户可根据需要手 动设置防火墙的工作模式, 例如: 高强度防火墙模式、 判断是否属于 "黑名单"、 "白名单"、 "流氓软件"和"绿色软件"之一或其组合的智能 化短信防火墙模式; 短信监听子模块 M102, 对所有收发短信进行监 听; 短信拦截子模块 M104, 对短信进行拦截、 判断、 提醒; 客户端 知识积累子模块 M103 , 对所有用户的操作、 设置数据信息, 进行记 录缓存, 并决定对短信的处理方式; 客户端通讯子模块 M105 , 负责 与服务器之间的知识数据信息的传递。  The client module M100 of the mobile terminal intelligent SMS firewall system is responsible for monitoring the important events of the mobile terminal, and accumulating knowledge, and communicating with the server, including: a mode setting sub-module M101, which is used to set the working mode of the firewall, the user can Manually set the working mode of the firewall as needed, for example: high-intensity firewall mode, intelligent SMS mode that determines whether it is one of "blacklist", "whitelist", "rogue software" and "green software" or a combination thereof; The short message monitoring sub-module M102 listens to all sent and received short messages; the short message intercepting sub-module M104 intercepts, judges, and reminds the short message; the client knowledge accumulation sub-module M103 performs recording and buffering on all user operations and setting data information. And decide on the processing method of the short message; the client communication sub-module M105 is responsible for the transfer of the knowledge data information with the server.

模式设定子模块 M101 , 告知短信拦截子模块 M104启用哪一种 工作模式;客户端知识积累子模块 M103,将用户对软件的设定信息, 告知客户端通讯子模块 M105; 客户端通讯子模块 M105, 将用户对 软件的设定信息, 通知到服务器通讯子模块 M201。 同样的, 客户端 通讯子模块 M105也接收来自服务器通讯子模块传 M201递来的短信 防火墙知识库信息, 并传递给客户端知识积累子模块 M103 , 将短信 防火墙知识库进行更新。  The mode setting sub-module M101 informs the short message intercepting sub-module M104 which working mode is enabled; the client knowledge accumulation sub-module M103 notifies the user setting information of the software to the client communication sub-module M105; the client communication sub-module M105, the user's setting information of the software is notified to the server communication sub-module M201. Similarly, the client communication sub-module M105 also receives the SMS firewall knowledge base information transmitted from the server communication sub-module M201, and transmits it to the client knowledge accumulation sub-module M103 to update the SMS firewall knowledge base.

短信监听子模块 M102, 获知到短信发送事件, 立即通知短信拦 截子模块 M104。 短信拦截子模块 M104, 根据客户端知识积累子模 块 M103的短信防火墙知识库和 /或本地的"黑名单"、 "白名单", 进行 相应的拦截、 判断、 禁止或放行发送处理。  The SMS monitoring sub-module M102, to know the short message sending event, immediately informs the short message intercepting sub-module M104. The SMS interception sub-module M104, according to the client knowledge accumulation sub-module M103, the SMS firewall knowledge base and/or the local "blacklist" and "whitelist", performs corresponding interception, judgment, prohibition or release processing.

移动终端智能化短信防火墙系统的服务器 M200负责对来自客户 端数据的存储, 数据的统计计算, 与客户端通讯, 包括: 服务器知识 积累子模块 M203, 将来自客户端的知识数据信息进行存储; 统计计 算子模块 M202, 负责对知识数据信息的计算、 分析; 服务器通讯子 模块 M201 , 负责与客户端之间的知识数据信息的传递。 The server M200 of the mobile terminal intelligent SMS firewall system is responsible for storing the data from the client, the statistical calculation of the data, and communicating with the client, including: the server knowledge accumulation sub-module M203, storing the knowledge data information from the client; The operator module M202 is responsible for the calculation and analysis of the knowledge data information; the server communication sub-module M201 is responsible for the transfer of the knowledge data information with the client.

通讯子模块 M201 , 收到通讯子模块 M105的用户对软件的设定 信息, 传递至统计计算子模块 M202。 统计计算子模块 M202对所有 的用户设定信息进行统计计算,将结果更新至服务器知识积累子模块 M203, 服务器知识积累子模块 M203对短信防火墙知识库进行更新。 服务器知识积累子模块 M203将最新的短信防火墙知识库,通过服务 器通讯子模块 M201 , 传递给客户端通讯子模块 M105。  The communication sub-module M201 receives the setting information of the software of the user of the communication sub-module M105, and transmits it to the statistical calculation sub-module M202. The statistical calculation sub-module M202 performs statistical calculation on all user setting information, updates the result to the server knowledge accumulation sub-module M203, and the server knowledge accumulation sub-module M203 updates the SMS firewall knowledge base. The server knowledge accumulation sub-module M203 transmits the latest SMS firewall knowledge base to the client communication sub-module M105 through the server communication sub-module M201.

由以上描述可知, 本发明实质上描述了一种通过人机交互的方 式, 依托服务器的知识积累进行统计计算, 并针对不同的用户特征等 综合条件,建立短信防火墙。这种短信防火墙具备一个很重要的特性, 就是自学习能力。本系统包括智能化短信防火墙、高强度短信防火墙 等多种工作模式, 能够满足不同用户的需求场景。  It can be seen from the above description that the present invention substantially describes a method for human-computer interaction, relies on the knowledge accumulation of the server for statistical calculation, and establishes a short message firewall for different user characteristics and other comprehensive conditions. This SMS firewall has a very important feature, which is self-learning. The system includes multiple working modes such as intelligent SMS firewall and high-intensity SMS firewall, which can meet the needs of different users.

本发明的自学习的移动终端智能化短信防火墙的工作方法及系 统很好的解决了既要防止恶意、 流氓软件(木马程序) 的自动发短信 的行为, 又要兼顾市场上正规厂商、 产品 (广大用户认可) 的发送短 信行为这个两难的问题。 而且, 本系统是一种自学习的系统, 能够不 断的自我完善短信防火墙的精度。  The working method and system of the intelligent self-learning mobile terminal intelligent SMS firewall solve the problem of preventing automatic malicious texting of malicious and rogue software (trojan program), and also taking into consideration the regular manufacturers and products in the market ( The majority of users recognize the dilemma of sending text messages. Moreover, the system is a self-learning system that continuously improves the accuracy of the SMS firewall.

本发明具体的示意性实施例的上述描述仅为说明和描述的目而 提出。 其不是穷尽的, 也不是要将本发明限制于所公开的精确形式, 显然, 可在上述教示下进行许多修改和变化。为了解释本发明的某些 原理及其实际应用, 选择和描述了示意性实施例, 从而使本领域其他 技术人员可以实现和利用本发明的各个示意性实施例及其各种替换 和修改。 本发明的范围由所附权利要求及其等效形式所限定。  The above description of the specific illustrative embodiments of the invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention. The illustrative embodiments have been chosen and described in order to explain the embodiments of the invention and the embodiments of the invention The scope of the invention is defined by the appended claims and their equivalents.

Claims

权利要求书: Claims: 1、 一种自学习的移动终端智能化短信防火墙的工作方法, 包括 以下步骤: 1. A self-learning mobile terminal intelligent SMS firewall working method, comprising the following steps: 监控短信的发出, 当有短信发出时, 客户端将号码与对应进程名 或软件名匹配, 并判断发送短信的进程名或软件名是否属于本地 "黑 名单";  Monitoring the sending of the short message, when a short message is sent, the client matches the number with the corresponding process name or software name, and determines whether the process name or software name of the sent short message belongs to the local "black list"; 如果发送短信的进程名或软件名在本地"黑名单"中, 则终止短 信发送。  If the process name or software name of the sent SMS is in the local "blacklist", the short message is sent. 2、 如权利要求 1所述的方法, 进一步包括: 2. The method of claim 1 further comprising: 如果发送短信的进程名或软件名不在本地 "黑名单"中, 客户端 判断是否属于本地 "白名单";  If the process name or software name of the sent SMS message is not in the local "blacklist", the client determines whether it belongs to the local "whitelist"; 如果发送短信的进程名或软件名在本地"白名单"中, 则允许短 信发送。  If the process name or software name of the text message is in the local "white list", the short message is allowed to be sent. 3、 如权利要求 2所述的方法, 进一步包括: 3. The method of claim 2, further comprising: 如果发送短信的进程名或软件名不在本地 "白名单"中, 则根据 短信防火墙知识库的分类判断发送短信的进程或软件是否属于 "流氓 软件";  If the process name or software name of the short message is not in the local "white list", it is judged according to the classification of the SMS firewall knowledge base whether the process or software for sending the short message belongs to "rogue software"; 如果发送短信的进程或软件是 "流氓软件", 则终止短信发送。  If the process or software that sends the SMS is "rogue software", the SMS transmission is terminated. 4、 如权利要求 3所述的方法, 进一步包括: 4. The method of claim 3, further comprising: 如果发送短信的进程或软件不是 "流氓软件", 则判断发送短信 的进程或软件是否属于 "绿色软件";  If the process or software that sends the SMS is not "rogue software", it is determined whether the process or software that sent the SMS belongs to "green software"; 如果发送短信的进程或软件是 "绿色软件", 则允许短信发送。  If the process or software that sends the SMS is "green software", SMS is allowed to be sent. 5、 如权利要求 4所述的方法, 进一步包括: 5. The method of claim 4, further comprising: 如果发送短信的进程或软件不是 "绿色软件", 则提醒用户当前 某个进程或软件准备发送短信, 请求用户判断是否允许发送短信。 If the process or software that sends the SMS is not "green software", the user is reminded that a certain process or software is ready to send a text message, requesting the user to determine whether to allow the text message to be sent. 6、 如权利要求 5所述的方法, 进一步包括: 6. The method of claim 5, further comprising: 在用户判断是否允许发送短信之后,进入短信防火墙知识库建立 流程, 对于未分类的进程或软件进行分类。  After the user determines whether to allow the sending of the short message, the user enters the SMS firewall knowledge base to establish a process for classifying the unclassified process or software. 7、 如权利要求 6所述的方法, 其中短信防火墙知识库建立流程 包括: 7. The method of claim 6, wherein the SMS firewall knowledge base establishment process comprises: 客户端的短信监听子模块监听所有发出的短信;  The short message monitoring submodule of the client listens to all sent short messages; 客户端对所有发出成功的短信进行分析, 对应这些短信, 客户端 会做出提示, 并匹配出对应的进程名或软件名, 告知用户;  The client analyzes all the successfully sent SMS messages. Corresponding to these SMS messages, the client will prompt and match the corresponding process name or software name to inform the user; 用户对发出短信的进程或软件行为作出判断,并将这些进程或软 件设定为 "举报"或 "信任"类型;  The user makes a judgment on the process or software behavior of the outgoing SMS and sets these processes or software to the "report" or "trust" type; 设定完成之后, 将设定结果上报至服务器;  After the setting is completed, the setting result is reported to the server; 服务器存储所有用户上报的设定结果, 并定期进行统计计算分 析, 当被设定为 "举报"或 "信任"类型的进程或软件, 其被设定的 比例或阈值满足某个条件时, 便被系统裁定为 "流氓软件"或 "绿色 软件";  The server stores the setting results reported by all users, and performs statistical calculation analysis periodically. When a process or software of the type of "reporting" or "trust" is set, the set ratio or threshold meets a certain condition, Ruling by the system as "rogue software" or "green software"; 系统将这一结果存储或更新至服务器端的短信防火墙知识库中; 客户端定期与服务器同步更新客户端的短信防火墙知识库中的 数据。  The system stores or updates this result to the SMS firewall knowledge base on the server side; the client periodically updates the data in the client's SMS firewall knowledge base with the server. 8、 如权利要求 2所述的方法, 进一步包括: 8. The method of claim 2, further comprising: 如果发送短信的进程名或软件名不在本地 "白名单"中, 则提醒 用户当前某个进程或软件准备发送短信,请求用户判断是否允许发送 短信。  If the process name or software name of the short message is not in the local "white list", the user is reminded that a certain process or software is ready to send a text message, requesting the user to determine whether to allow the text message to be sent. 9、 如权利要求 3所述的方法, 进一步包括: 9. The method of claim 3, further comprising: 在用户判断是否允许发送短信之后, 提示用户对未出现在本地 "白名单"、 "黑名单" 中的上述发送短信的进程或软件进行分类。  After the user determines whether to allow the sending of the short message, the user is prompted to classify the above-mentioned process or software for sending the short message that does not appear in the local "white list" or "black list". 10、一种自学习的移动终端智能化短信防火墙系统, 包括客户端 模块和服务器, 其中客户端模块负责移动终端的重要事件的监控,以及知识的积 累, 与服务器通讯, 包括: 10. A self-learning mobile terminal intelligent SMS firewall system, including a client module and a server, The client module is responsible for monitoring the important events of the mobile terminal, and accumulating knowledge, communicating with the server, including: 模式设定子模块, 用于设定防火墙的工作模式;  a mode setting sub-module for setting a working mode of the firewall; 短信监听子模块, 对所有收发短信进行监听;  The SMS monitoring sub-module monitors all sent and received short messages; 短信拦截子模块, 对短信进行拦截、 判断、 提醒; 客户端知识积累子模块,对所有用户的操作、设置数据信息, 进行记录缓存, 并决定对短信的处理方式;  The SMS interception sub-module intercepts, judges, and reminds the short message; the client knowledge accumulation sub-module performs recording and buffering on all user operations and setting data information, and determines the processing method of the short message; 客户端通讯子模块,负责与服务器之间的知识数据信息的传 递;  The client communication sub-module is responsible for transmitting the knowledge data information with the server; 其中服务器负责对来自客户端数据的存储, 数据的统计计算, 与 客户端通讯, 包括:  The server is responsible for storing data from the client, statistical calculation of the data, and communicating with the client, including: 服务器知识积累子模块,将来自客户端的知识数据信息进行 存储;  a server knowledge accumulation sub-module for storing knowledge data information from the client; 统计计算子模块, 负责对知识数据信息的计算、 分析; 服务器通讯子模块,负责与客户端之间的知识数据信息的传  Statistical calculation sub-module, responsible for the calculation and analysis of knowledge data information; server communication sub-module, responsible for the transmission of knowledge data information with the client
PCT/CN2010/079522 2009-12-08 2010-12-07 Working method and system for self-learning intellectualized short message firewall of mobile terminal Ceased WO2011069438A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2009102535382A CN102088679A (en) 2009-12-08 2009-12-08 Working method and system of intelligent short message firewall of self-learning mobile terminal
CN200910253538.2 2009-12-08

Publications (1)

Publication Number Publication Date
WO2011069438A1 true WO2011069438A1 (en) 2011-06-16

Family

ID=44100243

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/079522 Ceased WO2011069438A1 (en) 2009-12-08 2010-12-07 Working method and system for self-learning intellectualized short message firewall of mobile terminal

Country Status (2)

Country Link
CN (1) CN102088679A (en)
WO (1) WO2011069438A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927481A (en) * 2013-12-17 2014-07-16 哈尔滨安天科技股份有限公司 Malicious code detecting method and system based on character string weight adjusting
US20150058205A1 (en) * 2013-07-11 2015-02-26 Tencent Technology (Shenzhen) Company Limited Method and apparatus for increasing security of an electronic payment

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101984692B (en) * 2010-11-15 2017-07-28 中兴通讯股份有限公司 A kind of method and device for preventing Malware from sending data
CN102395128B (en) * 2011-06-30 2015-12-09 北京邮电大学 A kind of fallacious message of mobile intelligent terminal sends defence method and system thereof
CN102325061B (en) * 2011-09-16 2014-07-02 北京星网锐捷网络技术有限公司 Network monitoring method, equipment and system
CN102404706B (en) * 2011-11-24 2014-08-13 中兴通讯股份有限公司 Method for managing tariff safety and mobile terminal
CN102624693A (en) * 2011-11-28 2012-08-01 江苏奇异点网络有限公司 White-list eliminablenetwork access information acquisition method
CN102624862A (en) * 2011-11-28 2012-08-01 江苏奇异点网络有限公司 Document access information acquiring and filtering method
CN102624863A (en) * 2011-11-28 2012-08-01 江苏奇异点网络有限公司 Method for acquiring Internet access behaviors of enterprise employees
CN102622393A (en) * 2011-11-28 2012-08-01 江苏奇异点网络有限公司 Method for acquiring document access information for enterprise local area network
CN102624580A (en) * 2011-11-28 2012-08-01 江苏奇异点网络有限公司 Method for monitoring computer hardware information of enterprise network in centralized manner
CN103218552B (en) * 2012-01-19 2016-01-20 华为终端有限公司 Based on method for managing security and the device of user behavior
CN102752730B (en) 2012-07-19 2014-04-16 腾讯科技(深圳)有限公司 Method and device for message handling
CN103906065B (en) * 2012-12-25 2017-08-22 中国电信股份有限公司 The method that mobile terminal and its monitoring short message are sent
CN103096278A (en) * 2013-01-25 2013-05-08 广东欧珀移动通信有限公司 A short message sending method, device and mobile terminal
CN104219060B (en) * 2013-06-03 2017-11-24 华为技术有限公司 Communication monitoring method, communication monitoring device and electronic equipment
CN104038504A (en) * 2014-06-25 2014-09-10 深圳市鸿宇顺科技有限公司 System and method for preventing Internet payment information from being stolen
CN104270763A (en) * 2014-10-27 2015-01-07 中国建设银行股份有限公司 Message protection method and system
CN105978749A (en) * 2016-04-27 2016-09-28 浪潮(北京)电子信息产业有限公司 Monitoring method of computer hardware information in local area network and system thereof
CN106170135A (en) * 2016-08-22 2016-11-30 安徽拓通信科技集团股份有限公司 A kind of monitoring method preventing program backstage from automatically sending note
CN107634940B (en) * 2017-08-30 2021-06-15 努比亚技术有限公司 Flow use control method, terminal, server and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1812604A (en) * 2006-03-01 2006-08-02 成都今辰科技发展有限公司 Short message fire wall system and method for setting-up short message fire wall
CN101184264A (en) * 2007-11-27 2008-05-21 北京网秦天下科技有限公司 Mobile phone telephone and message anti-disturbance and private communication method and system
CN101389074A (en) * 2008-10-17 2009-03-18 浙江大学 Short message monitoring method ensuring identity of sender based social network mechanism

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100480050B1 (en) * 2002-05-24 2005-03-30 엘지전자 주식회사 Short message store method for mobile communication device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1812604A (en) * 2006-03-01 2006-08-02 成都今辰科技发展有限公司 Short message fire wall system and method for setting-up short message fire wall
CN101184264A (en) * 2007-11-27 2008-05-21 北京网秦天下科技有限公司 Mobile phone telephone and message anti-disturbance and private communication method and system
CN101389074A (en) * 2008-10-17 2009-03-18 浙江大学 Short message monitoring method ensuring identity of sender based social network mechanism

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150058205A1 (en) * 2013-07-11 2015-02-26 Tencent Technology (Shenzhen) Company Limited Method and apparatus for increasing security of an electronic payment
US9811826B2 (en) * 2013-07-11 2017-11-07 Tencent Technology (Shenzhen) Company Limited Method and apparatus for increasing security of an electronic payment
CN103927481A (en) * 2013-12-17 2014-07-16 哈尔滨安天科技股份有限公司 Malicious code detecting method and system based on character string weight adjusting

Also Published As

Publication number Publication date
CN102088679A (en) 2011-06-08

Similar Documents

Publication Publication Date Title
WO2011069438A1 (en) Working method and system for self-learning intellectualized short message firewall of mobile terminal
US8971859B2 (en) Method for blocking crank calls by using cloud computing and a system thereof
CN101171862A (en) Apparatus and method for determining connection quality of a wireless device on a wireless communication network
WO2012159474A1 (en) Malicious behavior detection method and system based on smartphone radio interface layer
WO2012065381A1 (en) Method and apparatus for preventing malicious softwares from transmitting data
CN106878527B (en) Call control method and device
CN108337308B (en) Data communication method, device and system for LWM2M client and upper computer
WO2011143899A1 (en) Method and apparatus for collecting mobile communication data
US20110086649A1 (en) Methodology for Traffic Control Based on Cross-Carriers Short Message (SMS) Application
CN102457850A (en) An access point and a method for securely connecting the access point with a wireless workstation
CN107689928A (en) Data service handling method and device
CN102158830B (en) Real time monitoring system for mobile network spam
CN102098640B (en) Method, device and system for distinguishing and stopping equipment from sending SMS (short messaging service) spam
CN102111728A (en) Network connection management module and method of mobile terminal
CN107124744B (en) Network switching method and wireless access point
EP2472785A1 (en) Service linkage control system and method
CN117098143A (en) Service model optimization method, device, equipment and medium based on network change
WO2005029772A1 (en) A method for sparing the personal information in the lost mobile terminal
CN110336920A (en) A method of based on Transmission Control Protocol assessment mobile payment perception
CN115866535A (en) Method and system for realizing 5G message access by multiple protocols
CN101765193A (en) Method for scheduling resource in EDCH, user terminal and communication system
CN116963055A (en) Authentication method, authentication device, authentication apparatus, authentication storage medium, and authentication program product
CN113055921A (en) Troubleshooting method and terminal
CN108055707A (en) state switching method, device, terminal and storage medium
CN115406053A (en) Air conditioner internal and external unit communication method, device, air conditioner and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10835473

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10835473

Country of ref document: EP

Kind code of ref document: A1