The security middleware for mobile internet is composed of embedded hardware and monitoring software, where the hardware includes the CPU with Linux kernel, Flash memory, Ethernet interface, wireless network card with AP function. While the main program of the software system launches the sub-process to catch packets uploaded or downloaded from the client terminal, and then the sub-process pass the captured packets to main program. After analyzing the data, the adverse information of the packets is stored to the backend server. The security middleware is with AP function, supports the terminal of wireless interface to access the internet for communication. The users can define the data monitoring keyword which can come from network layer, transition layer or application layer. By monitoring the packets' transition process in the data link layer, we store the packets containing sensitive and discord information and send to the remote database server for the record. The equipment has low cost, small volume and light weight, convenient carrying and installation, especially suitable for public transportation subway and small office. The security middleware monitor does not affect the speed of internet access, and the energy consumption is low, more energy saving and environmental protection.