iOS设备上的OurPact家长控制 [英] OurPact Parental Control over iOS device

问题描述

我最近问了一个问题，我是否可以对iOS设备进行家长控制.

I asked a question recently about whether I can have parental control over iOS devices.

问题的链接在下面:-

是否可能为iOS编写家长控制应用程序?

一位高级开发人员回答说，如果没有越狱，这是不可能的.

A senior developer answered and said this is not possible to do without jailbreak.

但是我找到了一个名为" OurPact "的应用程序，通过使用该应用程序，我可以控制任何其他设备.如果在iOS中无法做到，他们如何拥有家长控制权?

But i found an app named "OurPact" and by using that i can control any other device. How they can have parental control if this not possible in iOS?

推荐答案

OurPact使用移动设备管理(MDM)协议，该协议提供了一种告诉设备远程执行某些管理命令的方法.它的工作方式很简单.

OurPact use the Mobile Device Management (MDM) protocol, which provides a way to tell a device to execute certain management commands remotely. The way it works is straightforward.

在安装过程中:

• 用户或管理员告诉设备安装MDM有效负载.
• 设备连接到签到服务器.该设备将提供其身份证书进行身份验证，以及其UDID和推送通知主题.
• 如果服务器接受该设备，则该设备将其推送通知设备令牌提供给服务器.服务器应使用此令牌将推送消息发送到设备.此签到消息还包含PushMagic字符串.服务器必须记住该字符串，并将其包含在它发送给设备的任何推送消息中.

在正常操作期间:

• 服务器(在将来的某个时候)将推送通知发送到设备.
• 设备会根据推送通知在服务器上轮询命令.
• 设备执行命令.
• 设备与服务器联系以报告上一条命令的结果并请求下一条命令

访问权限

• 允许检查已安装的配置文件.
• 允许安装和删除配置文件.
• 允许设备锁定和密码删除.
• 允许擦除设备.
• 允许查询设备信息(设备容量，序列号).
• 允许查询网络信息(电话/SIM卡号，MAC地址).
• 允许检查已安装的配置文件.
• 允许安装和删除配置文件.
• 允许检查已安装的应用程序.
• 允许与限制相关的查询.
• 允许进行与安全性相关的查询.
• 允许操纵设置.可用性:在iOS 5.0和更高版本中可用.
• 允许应用程序管理.可用性:在iOS 5.0和更高版本中可用.

• Allow inspection of installed configuration profiles.
• Allow installation and removal of configuration profiles.
• Allow device lock and passcode removal.
• Allow device erase.
• Allow query of Device Information (device capacity, serial number).
• Allow query of Network Information (phone/SIM numbers, MAC addresses).
• Allow inspection of installed provisioning profiles.
• Allow installation and removal of provisioning profiles.
• Allow inspection of installed applications.
• Allow restriction-related queries.
• Allow security-related queries.
• Allow manipulation of settings. Availability: Available in iOS 5.0 and later.
• Allow app management. Availability: Available in iOS 5.0 and later.

关于移动设备管理

移动设备管理(MDM)协议为系统管理员提供了一种向运行iOS 4和更高版本的托管iOS设备，运行macOS v10.7和更高版本的macOS设备以及运行iOS 7的Apple TV设备发送设备管理命令的方法( Apple TV软件6.0)及更高版本.通过MDM服务，IT管理员可以检查，安装或删除配置文件.删除密码；并在受管设备上开始安全擦除.

The Mobile Device Management (MDM) protocol provides a way for system administrators to send device management commands to managed iOS devices running iOS 4 and later, macOS devices running macOS v10.7 and later, and Apple TV devices running iOS 7 (Apple TV software 6.0) and later. Through the MDM service, an IT administrator can inspect, install, or remove profiles; remove passcodes; and begin secure erase on a managed device.

MDM协议建立在HTTP，传输层安全性(TLS)和推送通知的基础上.相关的MDM签入协议提供了一种将初始注册过程委托给单独服务器的方法.

The MDM protocol is built on top of HTTP, transport layer security (TLS), and push notifications. The related MDM check-in protocol provides a way to delegate the initial registration process to a separate server.

MDM使用Apple推送通知服务(APNS)将唤醒"消息传递到受管设备.然后，该设备连接到预定的Web服务以检索命令并返回结果.

MDM uses the Apple Push Notification Service (APNS) to deliver a "wake up" message to a managed device. The device then connects to a predetermined web service to retrieve commands and return results.

要提供MDM服务，您的IT部门需要部署HTTPS服务器以充当MDM服务器，然后将包含MDM有效负载的配置文件分发到受管设备.

To provide MDM service, your IT department needs to deploy an HTTPS server to act as an MDM server, then distribute profiles containing the MDM payload to your managed devices.

受管设备使用身份通过TLS(SSL)向MDM服务器进行身份验证.此身份可以作为证书有效负载包含在配置文件中，也可以通过使用SCEP注册设备来生成.

A managed device uses an identity to authenticate itself to the MDM server over TLS (SSL). This identity can be included in the profile as a Certificate payload or it can be generated by enrolling the device with SCEP.

参考-

• 此处是有关如何创建经过验证的iOS移动设备管理(MDM)配置文件/证书.

• Here the complete guide about How to Create a Verified iOS Mobile Device Management (MDM) profile/certificate.
• Official Apple Document about MDM

这篇关于iOS设备上的OurPact家长控制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！