CN106921799A - A kind of mobile terminal safety means of defence and mobile terminal - Google Patents
A kind of mobile terminal safety means of defence and mobile terminal Download PDFInfo
- Publication number
- CN106921799A CN106921799A CN201710103409.XA CN201710103409A CN106921799A CN 106921799 A CN106921799 A CN 106921799A CN 201710103409 A CN201710103409 A CN 201710103409A CN 106921799 A CN106921799 A CN 106921799A
- Authority
- CN
- China
- Prior art keywords
- information
- trusted
- detected
- mobile terminal
- matched
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 claims abstract description 40
- 238000012545 processing Methods 0.000 claims abstract description 19
- 238000012795 verification Methods 0.000 claims description 65
- 238000012544 monitoring process Methods 0.000 claims description 50
- 238000001514 detection method Methods 0.000 claims description 11
- 238000005259 measurement Methods 0.000 abstract 5
- 238000004891 communication Methods 0.000 description 17
- 230000008569 process Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72448—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
- H04M1/72463—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Human Computer Interaction (AREA)
- Telephone Function (AREA)
Abstract
The embodiment of the invention discloses a kind of mobile terminal safety means of defence and mobile terminal, wherein method includes:The trusted application module that the measurement information to be checked that safety custody module under common running environment will get is sent to credible performing environment;Trusted application module receives measurement information to be checked, and detects whether measurement information to be checked matches with the first information prestored in the trusted storage space of credible performing environment;When measurement information to be checked and the first information are mismatched, trusted application module sends configured information to safety custody module;So that safety custody module is after configured information is received; mobile terminal is controlled to perform secure processing operations according to the configured information; the embodiment of the present invention is stored to trusted storage space by by checking information; the security of measurement information to be checked is detected in credible performing environment; even if mobile terminal factory reset; still retain checking information, protect the safety of information in mobile terminal.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a mobile terminal safety protection method and a mobile terminal.
Background
With the rapid development of terminal technology and internet technology, various mobile terminals, such as smart phones, tablet computers, and the like, have increasingly diversified functions, and nowadays, mobile terminals are used for communication, photographing, payment, and the like, and a large amount of private information of users is often stored in the mobile terminals, so that once the mobile terminals are lost, potential safety hazards in the aspect of information or property can be brought to the users of the mobile terminals.
At present, one method for security protection of a mobile terminal is as follows: the mobile terminal can determine whether the mobile terminal is in a lost state by self-detection, for example, when it is detected that the mobile terminal receives that one or more screen locking passwords input by the user are incorrect, it can be determined that the mobile terminal is in the lost state, and the mobile terminal can execute a locking operation to protect the safety of information in the mobile terminal. However, when the mobile terminal is restored to the factory setting, the verification information for detecting whether the mobile terminal is in the lost state is deleted, and the mobile terminal cannot perform security detection.
Disclosure of Invention
The embodiment of the invention provides a mobile terminal safety protection method and a mobile terminal, which can be used for detecting the safety of information to be detected in a trusted execution environment by storing verification information into a trusted storage space, and can still retain the verification information even if the mobile terminal is restored to factory settings, thereby protecting the safety of the information in the mobile terminal.
In a first aspect, an embodiment of the present invention provides a mobile terminal security protection method, where the method includes:
the security monitoring module in the common operation environment sends the acquired information to be detected to the trusted application module in the trusted execution environment;
the trusted application module receives the information to be detected and detects whether the information to be detected is matched with first information prestored in a trusted storage space of a trusted execution environment;
when the information to be detected is not matched with the first information, the trusted application module sends indication information to the safety monitoring module;
and the safety monitoring module receives the indication information and controls the mobile terminal to execute safety processing operation according to the indication information.
On the other hand, the embodiment of the invention provides a mobile terminal, which comprises a safety monitoring module in a common operation environment and a trusted application module in a trusted execution environment; the safety monitoring module comprises a first sending unit, a first receiving unit and an execution unit, and the trusted application module comprises a second receiving unit, a first detection unit and a second sending unit; wherein,
the first sending unit is configured to: sending the acquired information to be detected to the trusted application module;
the second receiving unit is configured to: receiving the information to be detected;
the first detection unit is used for: detecting whether the information to be detected is matched with first information prestored in a trusted storage space of a trusted execution environment, and triggering the second sending unit to send indication information to the safety monitoring module when the information to be detected is not matched with the first information;
the first receiving unit is used for: receiving the indication information;
the execution unit is to: and controlling the mobile terminal to execute the safety processing operation according to the indication information.
According to the embodiment of the invention, the acquired information to be detected is sent to the trusted application module in the trusted execution environment through the security monitoring module in the common operation environment; the trusted application module receives information to be detected and detects whether the information to be detected is matched with first information prestored in a trusted storage space of the trusted execution environment; when the information to be detected is not matched with the first information, the trusted application module sends indication information to the safety monitoring module; the method comprises the steps that the safety monitoring module controls the mobile terminal to execute safety processing operation according to the indication information after receiving the indication information, the verification information is stored in the credible storage space, the safety of the information to be detected is detected in the credible execution environment, the verification information is still reserved even if the mobile terminal is restored to factory settings, and the safety of the information in the mobile terminal is protected.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic block diagram of a mobile terminal according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a method for protecting the security of a mobile terminal according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an identity verification interface according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of a mobile terminal according to another embodiment of the present invention;
fig. 5 is a schematic block diagram of a mobile terminal according to another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
In particular implementations, mobile terminals described in embodiments of the invention include, but are not limited to, other portable devices such as mobile phones, laptop computers, or tablet computers having touch sensitive surfaces (e.g., touch screen displays and/or touch pads). It should also be understood that in some embodiments, the device is not a portable communication device, but is a desktop computer having a touch-sensitive surface (e.g., a touch screen display and/or touchpad).
In the discussion that follows, a mobile terminal that includes a display and a touch-sensitive surface is described. However, it should be understood that the mobile terminal may include one or more other physical user interface devices such as a physical keyboard, mouse, and/or joystick.
The mobile terminal supports various applications, such as one or more of the following: a drawing application, a presentation application, a word processing application, a website creation application, a disc burning application, a spreadsheet application, a gaming application, a telephone application, a video conferencing application, an email application, an instant messaging application, an exercise support application, a photo management application, a digital camera application, a web browsing application, a digital music player application, and/or a digital video player application.
Various applications that may be executed on the mobile terminal may use at least one common physical user interface device, such as a touch-sensitive surface. One or more functions of the touch-sensitive surface and corresponding information displayed on the mobile terminal may be adjusted and/or changed between applications and/or within respective applications. In this way, a common physical architecture (e.g., touch-sensitive surface) of the mobile terminal may support various applications with user interfaces that are intuitive and transparent to the user.
It is understood that TrustZone technology is a solution for secure operation proposed by ARM corporation for electronic devices. Referring to fig. 1, fig. 1 is a schematic block diagram of a mobile terminal according to an embodiment of the present invention. The TrustZone divides the system into two areas, namely a common running Environment (REE) and a Trusted Execution Environment (TEE). Wherein the software and hardware resources accessible by the TEE are separate from the REE. The TEE provides a secure execution environment for authorized secure software (trusted applications, TAs), while also protecting the confidentiality, integrity and access rights of the resources and data of the trusted applications TAs. In the present invention, the security monitoring module 11 operates in the REE, the Trusted Application (TA) module 12 operates in the TEE, and the storage space accessible by the application in the TEE is referred to as "trusted storage space 13". Through the TEE-TA signature technology, before the trusted application TA runs in the TEE, the TEE verifies the trusted application TA (for example, the TEE can verify the trusted application TA by adopting an RSA digital signature algorithm), and the trusted application TA can be allowed to run in the TEE only through the verification of the TEE if a correct secret key is used. It can be understood that after the factory setting is restored, the data in the trusted storage space 13 cannot be deleted or changed, and only the verified trusted application TA can change the data in the trusted storage space 13.
Sensitive information related to running in the TEE may be stored in the trusted memory space 13. In the present invention, the trusted memory space 13 may store the first information and/or the second information. The first information may be at least one of a screen locking password, an identifier of an SIM card, an identifier of a base station, an identifier of a wireless AP (access point), an identifier of a bluetooth device, an identifier of a factory reset, a login account of a target application, and the like, so as to record information such as a screen locking password set by a user, one or more frequently used SIM cards, one or more frequently connected base stations, a wireless AP, or a bluetooth device; the second information may be: at least one of preset fingerprint information, preset iris information, a preset password, a preset gesture password, a preset account, a password and the like is used for identifying whether the identity of the user is a legal visitor. It is understood that the second information may also be consistent with the lock screen password. It is understood that the screen-locking password may be a character, a gesture pattern, a fingerprint, an iris, or the like; the identity of the SIM card may be an Integrated Circuit Card Identity (ICCID) of the SIM card, or an International Mobile Subscriber Identity (IMSI); the identifier of the base station may be a Cell Global Identity (CGI); the identification of the wireless AP can be an SSID address of the wireless AP, an MAC address of the wireless AP and the like; the identity of the bluetooth may be the MAC address of the bluetooth; the mobile terminal can respectively store one or more pieces of marking information in the TEE and the REE to mark the state of the mobile terminal before loss, after the mobile terminal is restored to factory settings, the marking information in the REE is changed or deleted, and the changed or deleted marking information cannot pass the verification of the first information to identify that the mobile terminal is in the lost state; the login account of the target application can be the login account of applications such as QQ, WeChat, Taobao, and email, and can also be the login account of applications configured by other systems.
Optionally, the first information may also be information (such as a Hash value) obtained by encrypting at least one of a screen locking password, an identifier of a SIM card, an identifier of a base station, an identifier of a wireless ap (access point), an identifier of a bluetooth device, a login account of a target application, and the like by using an encryption algorithm (such as a Hash algorithm).
Optionally, the second information may also be: at least one of the preset fingerprint information, the preset iris information, the preset password, the preset gesture password, the preset account and the password is encrypted by an encryption algorithm (such as a Hash algorithm) to obtain information (such as a Hash value).
It can be understood that the trusted storage space may be a secure storage area, for example, an RPMB (replayprotected Memory block) inside an EMMC storage chip, where the RPMB is a partition separately divided from an EMMC hardware, and authorization management is required for read and write data of the RPMB.
Referring to fig. 2, fig. 2 is a schematic flowchart of a mobile terminal security protection method according to an embodiment of the present invention, and as shown in fig. 2, the mobile terminal security protection method may include the following steps:
step S210: and the security monitoring module in the common operation environment (REE) sends the acquired information to be detected to a Trusted Application (TA) module in the Trusted Execution Environment (TEE).
The information to be detected may be at least one of input unlocking information received by the mobile terminal on the screen locking interface, a current SIM card identifier, an identifier of a currently connected base station, an identifier of a currently connected wireless AP, an identifier of a currently connected bluetooth device, a login account of a target application, and the like. It can be understood that after the mobile terminal is started, the security monitoring module of the mobile terminal can acquire the identifier of the current SIM card; in the process of communicating with the base station, the safety monitoring module of the mobile terminal can acquire the identification of the base station in communication connection with the mobile terminal; in the process that the mobile terminal is communicated with the wireless AP, the safety monitoring module of the mobile terminal can acquire the identification of the wireless AP which is in communication connection with the mobile terminal; in the process of communicating with the Bluetooth equipment, the safety monitoring module of the mobile terminal can acquire the identification of the Bluetooth equipment in communication connection with the mobile terminal; when the mobile terminal logs in through the account number of the target application, the security monitoring module of the mobile terminal can acquire the login account number.
Step S220: the Trusted Application (TA) module receives the information to be detected and detects whether the information to be detected matches first information pre-stored in a trusted storage space of a Trusted Execution Environment (TEE).
The first information may be at least one of a screen locking password, an identifier of a SIM card, an identifier of a base station, an identifier of a wireless ap (access point), an identifier of a bluetooth device, a login account of a target application, and the like. At this time, one implementation of the Trusted Application (TA) module detecting whether the information to be detected matches with the first information pre-stored in the trusted storage space of the Trusted Execution Environment (TEE) may be: the method comprises the steps that a Trusted Application (TA) module reads first information prestored in a trusted storage space of a Trusted Execution Environment (TEE) and compares whether the first information to be detected is consistent with the first information, if yes, the information to be detected is matched with the first information, the information to be detected is safety information, the Trusted Application (TA) module can end a process and can also send prompt information to a safety monitoring module to prompt the safety of the information to be detected, and the safety monitoring module can end the process after receiving the prompt information; otherwise, the information to be detected is not matched with the first information, the information to be detected is unsafe information, and the Trusted Application (TA) module executes step S230.
Optionally, the first information may also be information obtained by encrypting at least one of an identifier of a SIM card, an identifier of a base station, an identifier of a wireless ap (access point), an identifier of a bluetooth device, a login account of a target application, and the like through an encryption algorithm. At this time, one implementation of the Trusted Application (TA) module detecting whether the information to be detected matches with the first information pre-stored in the trusted storage space of the Trusted Execution Environment (TEE) may be: the method comprises the steps that a Trusted Application (TA) module reads first information prestored in a trusted storage space of a Trusted Execution Environment (TEE), encryption operation is carried out on the information to be detected through an encryption algorithm to obtain encrypted information to be detected, whether the encrypted information to be detected is consistent with the first information or not is compared, if yes, the information to be detected is matched with the first information, the information to be detected is safety information, the Trusted Application (TA) module can finish a process, prompt information can also be sent to a safety monitoring module to prompt that the information to be detected is safe, and the safety monitoring module can finish the process after receiving the prompt information; otherwise, the information to be detected is not matched with the first information, the mobile terminal has potential safety hazard and may be in a lost state, and the Trusted Application (TA) module executes step S230.
For example, the information to be detected is input unlocking information received by the mobile terminal on a screen locking interface, the first information may be a screen locking password, and when the input unlocking information or the continuously input unlocking information for multiple times (for example, 3 times) is inconsistent with the screen locking password, it is detected that the mobile terminal has a potential safety hazard and may be in a lost state, and step S230 is executed.
For another example, the information to be detected is an identifier of the current SIM card, such as an IMSI number, i.e., a mobile phone number; the first information may comprise a list of trusted cell phone numbers, which may comprise cell phone numbers that the mobile terminal has used. When the Trusted Application (TA) module detects that the mobile phone number currently used by the mobile terminal is not an entry in the mobile phone number list, it is considered that the mobile terminal is replaced with a mobile phone number, which may be a potential safety hazard when a non-mobile terminal owner operates the mobile terminal, and step S230 is executed.
For another example, the information to be detected is an identifier of a currently connected base station, such as a CGI of the current base station, and the first information may include a CGI list of a trusted base station, where the CGI list of the base station may include base stations to which the mobile terminal has frequently connected. When a Trusted Application (TA) module detects that the CGI of the base station to which the mobile terminal is currently connected is not an entry in the CGI list of the base station, it is considered that the mobile terminal is used in an infrequent place, and may be a potential safety hazard that a non-mobile terminal owner is operating the mobile terminal, and step S230 is executed.
For another example, the information to be detected is a current login account of the target application, such as a current login account of "WeChat". The first information may include a list of trusted WeChat Login accounts, which may include WeChat accounts that the mobile terminal has logged in to. When the Trusted Application (TA) module detects that the current login account of the 'WeChat' in the mobile terminal is not an item in the WeChat login account list, the mobile terminal is considered to log in by using an unfamiliar WeChat login account, and possibly, a non-mobile terminal owner operates the mobile terminal, so that potential safety hazards exist, and step S230 is executed.
Step S230: the Trusted Application (TA) module sends indication information to the security monitoring module.
Specifically, when the information to be detected does not match the first information, the Trusted Application (TA) module may send indication information to the security monitoring module. The indication information may be information used for indicating that the information to be detected is not matched with the first information, for example, the indication information is a detection result of a Trusted Application (TA) module detecting the information to be detected; the indication information may also be a safety processing operation indication instruction for instructing the safety monitoring module to perform a safety processing operation.
Step S240: and the safety monitoring module receives the indication information and controls the mobile terminal to execute safety processing operation according to the indication information.
Wherein the security processing operation may be at least one of a lock-up operation, deleting data in the target space, sending information to the target contact, and the like. For example, after receiving the indication information, the security monitoring module of the mobile terminal may perform a locking operation to prevent others from operating the mobile terminal; data in a target space, such as information in a picture folder, an address book and the like, can also be deleted, so that private information of a user is prevented from being leaked; under the condition that the current SIM card is available, the mobile terminal can also send information to the target contact, wherein the information can be prompt information that potential safety hazards exist in the mobile terminal, and the information can also comprise information such as the current position, the current time, the mobile phone number of the current SIM card and the like.
It can be understood that after the mobile terminal performs the locking operation, the mobile terminal enters a locking state. In the locked state, the display screen of the mobile terminal may not work and/or the keyboard of the mobile terminal does not respond.
In an embodiment of the present invention, when the information to be detected does not match the first information, before step S230, the Trusted Application (TA) module may further receive input identity verification information, detect whether the identity verification information matches second information pre-stored in the trusted storage space, and execute step S240 only when the identity verification information does not match the second information pre-stored in the trusted storage space.
Wherein the second information may be: at least one of preset fingerprint information, preset iris information, a preset password, a preset gesture password, a preset account, a password and the like is used for identifying whether the identity of the user is a legal visitor. It is understood that the second information may also be consistent with the lock screen password. The preset account and password may also be a cloud account and password. One embodiment of the Trusted Application (TA) module receiving the input identity verification information may be: a Trusted Application (TA) module receives identity verification information input by a user through an input device, such as a keyboard, a fingerprint sensor, a touch screen, or a camera; or the Trusted Application (TA) module receives the identity verification information sent by the security monitoring module, where the identity verification information is the identity verification information received by the security monitoring module and input by the user through the input device.
One implementation of the Trusted Application (TA) module detecting whether the identity check information matches with second information pre-stored in the trusted storage space may be: the Trusted Application (TA) module reads second information prestored in a trusted storage space of a Trusted Execution Environment (TEE) and compares whether the second information is consistent with the identity verification information, if so, the identity verification information is matched with the second information, and the Trusted Application (TA) module can end the process or send prompt information to the safety monitoring module to prompt the identity verification to pass through, and the safety monitoring module can end the process after receiving the prompt information; otherwise, the identity verification information does not match the second information, the identity verification fails, and the Trusted Application (TA) module may perform step S240.
For example, when the information to be detected does not match the first information, the mobile terminal may enter the identity verification interface. Referring to fig. 3, fig. 3 is a schematic structural diagram of an identity verification interface according to an embodiment of the present invention, as shown in fig. 3, the identity verification interface may include a prompt area 310 and/or an identity verification information input area 320, the second information may be a preset account and a password, the mobile terminal Trusted Application (TA) module may receive the account and the password input in the identity verification information input area 320, and when the input account and the password are consistent with the preset account and the password, the mobile terminal may end a process or return to a previous interface through identity verification; otherwise, the identity check is not passed, and the Trusted Application (TA) module may perform step S240.
Optionally, the second information may also be that the second information may be: at least one of preset fingerprint information, preset iris information, a preset password, a preset gesture password, a preset account, a password and the like is encrypted through an encryption algorithm. At this time, one embodiment of the Trusted Application (TA) module detecting whether the identity check information matches with the second information pre-stored in the trusted storage space of the Trusted Execution Environment (TEE) may be: the method comprises the steps that a Trusted Application (TA) module reads second information prestored in a trusted storage space of a Trusted Execution Environment (TEE), encryption operation is carried out on the information to be detected through an encryption algorithm to obtain encrypted identity verification information, whether the encrypted identity verification information is consistent with the second information or not is compared, if yes, the identity verification information is matched with the second information, the Trusted Application (TA) module can end a process through identity verification, prompt information can be sent to a safety monitoring module to prompt safety of the information to be detected, after the safety monitoring module receives the prompt information, prompt information can be sent to the safety monitoring module to prompt the identity verification to pass, and after the safety monitoring module receives the prompt information, the process can be ended; otherwise, the identity verification information does not match the second information, the identity verification fails, and the Trusted Application (TA) module may perform step S240.
The embodiment of the invention sends the acquired information to be detected to a Trusted Application (TA) module under a Trusted Execution Environment (TEE) through a security monitoring module under a common operation environment (REE); a Trusted Application (TA) module receives information to be detected and detects whether the information to be detected is matched with first information prestored in a trusted storage space of a Trusted Execution Environment (TEE); when the information to be detected is not matched with the first information, a Trusted Application (TA) module sends indication information to a safety monitoring module; according to the method, the verification information is stored in the trusted storage space, the security of the information to be detected is detected in a Trusted Execution Environment (TEE), the verification information is still reserved even if the mobile terminal is restored to factory settings, and the security of the information in the mobile terminal is protected.
Referring to fig. 4, fig. 4 is a schematic block diagram of a mobile terminal according to another embodiment of the present invention. As shown in fig. 4, the mobile terminal includes: a security monitoring module 41 under a Trusted Execution Environment (TEE) and a Trusted Application (TA) module 42 under a Trusted Execution Environment (TEE); the safety monitoring module 41 includes a first sending unit 411, a first receiving unit 412 and an executing unit 413, and the Trusted Application (TA) module 42 includes a second receiving unit 421, a first detecting unit 422 and a second sending unit 423; wherein,
the first sending unit 411 is configured to: sending the acquired information to be detected to the Trusted Application (TA) module;
the second receiving unit 421 is configured to: receiving the information to be detected;
the first detection unit 422 is configured to: detecting whether the information to be detected is matched with first information prestored in a trusted storage space of a Trusted Execution Environment (TEE), and triggering the second sending unit 423 to send indication information to the security monitoring module when the information to be detected is not matched with the first information;
the first receiving unit 412 is configured to: receiving the indication information;
the execution unit 413 is configured to: and controlling the mobile terminal to execute the safety processing operation according to the indication information.
Optionally, the Trusted Application (TA) module 42 further comprises:
the acquisition unit is used for receiving input identity verification information when the information to be detected is not matched with the first information;
and the second detection unit is configured to detect whether the identity verification information matches second information pre-stored in the trusted storage space, and when the identity verification information does not match the second information pre-stored in the trusted storage space, trigger the second sending unit 423 to send instruction information to the security monitoring module.
Optionally, the first detecting unit 422 is specifically configured to:
carrying out encryption operation on the information to be detected through an encryption algorithm;
detecting whether the encrypted information to be detected is matched with first information prestored in a trusted storage space of a Trusted Execution Environment (TEE);
and when the encrypted information to be detected is not matched with the first information, the information to be detected is not matched with the first information.
Optionally, the second detecting unit is specifically configured to:
carrying out encryption operation on the identity verification information through an encryption algorithm;
detecting whether the encrypted identity verification information is matched with second information prestored in a trusted storage space of a Trusted Execution Environment (TEE);
and when the encrypted identity verification information is not matched with the second information, the identity verification information is not matched with the second information.
Optionally, the first information includes: at least one of an identifier of the SIM card, an identifier of the base station, an identifier of the wireless AP, an identifier of the Bluetooth device, an identifier of factory restoration settings, a login account of the target application, and the like.
Optionally, the second information includes: at least one of preset fingerprint information, preset iris information, a preset password, a preset account and password, a preset gesture password and the like.
Optionally, the secure processing operation comprises: at least one of a lock-up operation, deleting data in the target space, sending information to the target contact, and the like.
The embodiment of the invention sends the acquired information to be detected to a Trusted Application (TA) module under a Trusted Execution Environment (TEE) through a security monitoring module under the TEE; a Trusted Application (TA) module receives information to be detected and detects whether the information to be detected is matched with first information prestored in a trusted storage space of a Trusted Execution Environment (TEE); when the information to be detected is not matched with the first information, a Trusted Application (TA) module sends indication information to a safety monitoring module; according to the method, the verification information is stored in the trusted storage space, the security of the information to be detected is detected in a Trusted Execution Environment (TEE), the verification information is still reserved even if the mobile terminal is restored to factory settings, and the security of the information in the mobile terminal is protected.
Referring to fig. 5, a schematic block diagram of a mobile terminal according to another embodiment of the present invention is shown. The mobile terminal in the present embodiment as shown in fig. 5 may include: a first processor 510, a second processor 520, a first memory 530, a second memory 540, a trusted memory space 550, one or more input devices 560, and a communication module 570, among others. The first processor 510 is connected to the second processor 520, the first memory 530, the input device 560, and the communication module 570, etc. through a bus, and the second processor 520 is connected to the second memory 540, the trusted storage space 550, the input device 560, and the communication module 570, etc. through a bus. It should be noted that the first processor 510 and the second processor 520 may also be two virtual cores isolated by the mobile terminal based on one processor through a virtualization technology; similarly, the first storage 530 and the second storage 540 and the trusted storage 550 may also be three storage spaces isolated by the mobile terminal based on one storage through a virtualization technology. It is to be understood that the mobile terminal may also include an output device, such as a display screen, etc., and the present invention is not limited thereto.
The first processor 510 is a control center of the mobile terminal, connects various parts of the entire mobile terminal using various interfaces and lines, calls program codes or data stored in the first memory 530, and runs an operating system in the mobile terminal and an application program in a Trusted Execution Environment (TEE); the second processor is used to call program code or data stored in the second memory 540 or the trusted memory space 550 to run an application program in a Trusted Execution Environment (TEE). Specifically, the first processor 510 and the second processor 520 may be configured to perform the following steps:
the first processor 510 is configured to: sending the information to be detected acquired through the input device 560 or the communication device 570 to the second processor 520;
the second processor 520 is configured to: receiving the information to be detected and detecting whether the information to be detected matches first information pre-stored in a trusted storage space 550 of a Trusted Execution Environment (TEE); and when the information to be detected does not match the first information, sending indication information to the first processor 510;
the first processor 510 is further configured to: and receiving the indication information and controlling the mobile terminal to execute the safety processing operation according to the indication information.
Optionally, when the information to be detected does not match the first information, before the second processor 520 sends the indication information to the first processor 510, the second processor 520 is further configured to:
receiving the identity verification information input through the input unit 560;
detecting whether the identity verification information is matched with second information prestored in the trusted storage space;
when the identity check information does not match second information pre-stored in the trusted storage space, the operation of sending the indication information to the first processor 510 is performed.
Optionally, the second processor 520 performs the detecting whether the information to be detected matches with first information pre-stored in a trusted memory space of a Trusted Execution Environment (TEE) includes:
carrying out encryption operation on the information to be detected through an encryption algorithm;
detecting whether the encrypted information to be detected is matched with first information prestored in a trusted storage space of a Trusted Execution Environment (TEE);
and when the encrypted information to be detected is not matched with the first information, the information to be detected is not matched with the first information.
Optionally, the second processor 520 performs the detecting whether the identity check information matches with second information pre-stored in the trusted storage space includes:
carrying out encryption operation on the identity verification information through an encryption algorithm;
detecting whether the encrypted identity verification information is matched with second information prestored in a trusted storage space of a Trusted Execution Environment (TEE);
and when the encrypted identity verification information is not matched with the second information, the identity verification information is not matched with the second information.
Optionally, the first information includes: at least one of an identifier of the SIM card, an identifier of the base station, an identifier of the wireless AP, an identifier of the Bluetooth device, an identifier of factory restoration settings, a login account of the target application, and the like.
Optionally, the second information includes: at least one of preset fingerprint information, preset iris information, a preset password, a preset account and password, a preset gesture password and the like.
Optionally, the secure processing operation comprises: at least one of a lock operation, deleting data in the target space, sending information to the target contact through the communication module 570, and the like.
It should be understood that, in the embodiment of the present invention, the Processor, the first Processor 510 or the second Processor 520 may be a Central Processing Unit (CPU), or may be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The first memory 530 may include a read only memory and a random access memory, and provides instructions and data to the first processor 510. The second memory 540 or the trusted memory space 550 may include a read only memory and a random access memory and provide instructions and data to the second processor 520.
The input device 560 may include a touch pad, a fingerprint sensor (for collecting fingerprint information of a user and direction information of the fingerprint), a microphone, etc., and the output device may include a display (LCD, etc.), a speaker, etc.
The mobile terminal, which can help the user send and receive e-mails, browse web pages, access streaming media, etc., provides the user with wireless broadband internet access through the communication module 570. The communication module 570 may include a 3G/4G/5G communication module, a Bluetooth module, a WiFi module, and the like. Although fig. 5 shows the communication module 570, it is understood that it does not belong to the essential constitution of the mobile terminal, and may be omitted entirely within the scope not changing the essence of the invention as needed.
In a specific implementation, the first processor 510, the second processor 520, the first memory 530, the second memory 540, the trusted memory space 550, the input device 560, the communication module 570, the output device, and the like described in the embodiments of the present invention may perform the implementation manners described in the embodiments of the mobile terminal security protection method provided in the embodiments of the present invention, and may also perform the implementation manners of the mobile terminal described in the embodiments of the present invention, which is not described herein again.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the mobile terminal and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed mobile terminal and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A mobile terminal security protection method is characterized by comprising the following steps:
the security monitoring module in the common operation environment sends the acquired information to be detected to the trusted application module in the trusted execution environment;
the trusted application module receives the information to be detected and detects whether the information to be detected is matched with first information prestored in a trusted storage space of a trusted execution environment;
when the information to be detected is not matched with the first information, the trusted application module sends indication information to the safety monitoring module;
and the safety monitoring module receives the indication information and controls the mobile terminal to execute safety processing operation according to the indication information.
2. The method according to claim 1, wherein before the trusted application module sends indication information to the security monitoring module when the information to be detected does not match the first information, the method further comprises:
the trusted application module receives input identity verification information;
detecting whether the identity verification information is matched with second information prestored in the trusted storage space;
and when the identity verification information is not matched with second information prestored in the trusted storage space, executing the operation of sending the indication information to the safety monitoring module by the trusted application module.
3. The method according to claim 1, wherein the detecting whether the information to be detected matches with first information pre-stored in a trusted memory space of a trusted execution environment comprises:
carrying out encryption operation on the information to be detected through an encryption algorithm;
detecting whether the encrypted information to be detected is matched with first information prestored in a trusted storage space of a trusted execution environment;
and when the encrypted information to be detected is not matched with the first information, the information to be detected is not matched with the first information.
4. The method of claim 2, wherein the detecting whether the identity check information matches second information pre-stored in the trusted storage space comprises:
carrying out encryption operation on the identity verification information through an encryption algorithm;
detecting whether the encrypted identity verification information is matched with second information prestored in a trusted storage space of a trusted execution environment;
and when the encrypted identity verification information is not matched with the second information, the identity verification information is not matched with the second information.
5. The method according to any of claims 1-4, wherein the first information comprises: at least one of a screen locking password, an identifier of an SIM card, an identifier of a base station, an identifier of a wireless AP, an identifier of Bluetooth equipment, an identifier for restoring factory settings and a login account number of a target application;
the second information includes: at least one of preset fingerprint information, preset iris information, a preset password, a preset account and password and a preset gesture password;
the secure processing operation includes: at least one of locking operation, deleting data in the target space and sending information to the target contact.
6. A mobile terminal, characterized in that the mobile terminal comprises: the system comprises a safety monitoring module in a common operation environment and a trusted application module in a trusted execution environment; the safety monitoring module comprises a first sending unit, a first receiving unit and an execution unit, and the trusted application module comprises a second receiving unit, a first detection unit and a second sending unit; wherein,
the first sending unit is configured to: sending the acquired information to be detected to the trusted application module;
the second receiving unit is configured to: receiving the information to be detected;
the first detection unit is used for: detecting whether the information to be detected is matched with first information prestored in a trusted storage space of a trusted execution environment, and triggering the second sending unit to send indication information to the safety monitoring module when the information to be detected is not matched with the first information;
the first receiving unit is used for: receiving the indication information;
the execution unit is to: and controlling the mobile terminal to execute the safety processing operation according to the indication information.
7. The mobile terminal of claim 6, wherein the trusted application module further comprises:
the acquisition unit is used for receiving input identity verification information when the information to be detected is not matched with the first information;
and the second detection unit is used for detecting whether the identity verification information is matched with second information prestored in the trusted storage space or not, and triggering the second sending unit to send the indication information to the safety monitoring module when the identity verification information is not matched with the second information prestored in the trusted storage space.
8. The mobile terminal according to claim 6, wherein the first detecting unit is specifically configured to:
carrying out encryption operation on the information to be detected through an encryption algorithm;
detecting whether the encrypted information to be detected is matched with first information prestored in a trusted storage space of a trusted execution environment;
and when the encrypted information to be detected is not matched with the first information, the information to be detected is not matched with the first information.
9. The mobile terminal according to claim 7, wherein the second detecting unit is specifically configured to:
carrying out encryption operation on the identity verification information through an encryption algorithm;
detecting whether the encrypted identity verification information is matched with second information prestored in a trusted storage space of a trusted execution environment;
and when the encrypted identity verification information is not matched with the second information, the identity verification information is not matched with the second information.
10. A mobile terminal according to any of claims 6 to 9, wherein the first information comprises: at least one of a screen locking password, an identifier of an SIM card, an identifier of a base station, an identifier of a wireless AP, an identifier of Bluetooth equipment, an identifier for restoring factory settings and a login account number of a target application;
the second information includes: at least one of preset fingerprint information, preset iris information, a preset password, a preset account and password and a preset gesture password;
the secure processing operation includes: at least one of locking operation, deleting data in the target space and sending information to the target contact.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710103409.XA CN106921799A (en) | 2017-02-24 | 2017-02-24 | A kind of mobile terminal safety means of defence and mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710103409.XA CN106921799A (en) | 2017-02-24 | 2017-02-24 | A kind of mobile terminal safety means of defence and mobile terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106921799A true CN106921799A (en) | 2017-07-04 |
Family
ID=59454224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710103409.XA Withdrawn CN106921799A (en) | 2017-02-24 | 2017-02-24 | A kind of mobile terminal safety means of defence and mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106921799A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107466031A (en) * | 2017-08-08 | 2017-12-12 | 深圳市金立通信设备有限公司 | A kind of method and terminal for protecting data |
| CN109041059A (en) * | 2018-08-23 | 2018-12-18 | 中国联合网络通信集团有限公司 | A kind of mobile terminal safety authentication method, control platform and mobile terminal |
| WO2019072158A1 (en) * | 2017-10-13 | 2019-04-18 | 华为技术有限公司 | Security control method and computer system |
| CN109815662A (en) * | 2018-12-06 | 2019-05-28 | 北京握奇智能科技有限公司 | Gesture password identity identifying method and system under a kind of TEE environment |
| CN109863491A (en) * | 2019-01-22 | 2019-06-07 | 深圳市汇顶科技股份有限公司 | Living creature characteristic recognition system, method and terminal device |
| CN110135163A (en) * | 2019-03-28 | 2019-08-16 | 江苏通付盾信息安全技术有限公司 | A kind of safety detection method based on target application, apparatus and system |
| CN110598384A (en) * | 2019-09-16 | 2019-12-20 | Oppo(重庆)智能科技有限公司 | Information protection method, information protection device and mobile terminal |
| CN110691163A (en) * | 2018-07-06 | 2020-01-14 | 中国移动通信有限公司研究院 | Mobile terminal screen management method, device, medium and equipment |
| WO2020093214A1 (en) * | 2018-11-05 | 2020-05-14 | 深圳市欢太科技有限公司 | Application program login method, application program login device and mobile terminal |
| CN111209561A (en) * | 2018-11-21 | 2020-05-29 | 成都鼎桥通信技术有限公司 | Application calling method and device of terminal equipment and terminal equipment |
| CN111881459A (en) * | 2020-08-03 | 2020-11-03 | 沈阳谦川科技有限公司 | Equipment risk control and management system and detection method based on trusted computing environment |
| CN111949986A (en) * | 2020-02-19 | 2020-11-17 | 华控清交信息科技(北京)有限公司 | Service processing method, system and storage medium |
| CN112559241A (en) * | 2019-09-10 | 2021-03-26 | 成都鼎桥通信技术有限公司 | Method and device for realizing factory-level factory-reset in terminal |
| WO2022021534A1 (en) * | 2020-07-31 | 2022-02-03 | 捷开通讯(深圳)有限公司 | Data reading method, storage medium, and mobile terminal |
| WO2022028075A1 (en) * | 2020-08-03 | 2022-02-10 | 深圳市广和通无线股份有限公司 | Network connection method and apparatus, and computer device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103945385A (en) * | 2014-03-27 | 2014-07-23 | 宇龙计算机通信科技(深圳)有限公司 | Theft preventing method and device for mobile terminal |
| CN105335677A (en) * | 2014-07-24 | 2016-02-17 | 小米科技有限责任公司 | Anti-theft method and device of mobile terminal |
| CN105939512A (en) * | 2016-06-16 | 2016-09-14 | 捷开通讯(深圳)有限公司 | Mobile phone and anti-loss system for mobile phone |
| CN106211070A (en) * | 2016-06-30 | 2016-12-07 | 维沃移动通信有限公司 | The anti-theft protection method of a kind of mobile terminal and mobile terminal |
-
2017
- 2017-02-24 CN CN201710103409.XA patent/CN106921799A/en not_active Withdrawn
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103945385A (en) * | 2014-03-27 | 2014-07-23 | 宇龙计算机通信科技(深圳)有限公司 | Theft preventing method and device for mobile terminal |
| CN105335677A (en) * | 2014-07-24 | 2016-02-17 | 小米科技有限责任公司 | Anti-theft method and device of mobile terminal |
| CN105939512A (en) * | 2016-06-16 | 2016-09-14 | 捷开通讯(深圳)有限公司 | Mobile phone and anti-loss system for mobile phone |
| CN106211070A (en) * | 2016-06-30 | 2016-12-07 | 维沃移动通信有限公司 | The anti-theft protection method of a kind of mobile terminal and mobile terminal |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107466031A (en) * | 2017-08-08 | 2017-12-12 | 深圳市金立通信设备有限公司 | A kind of method and terminal for protecting data |
| WO2019072158A1 (en) * | 2017-10-13 | 2019-04-18 | 华为技术有限公司 | Security control method and computer system |
| US11687645B2 (en) | 2017-10-13 | 2023-06-27 | Huawei Technologies Co., Ltd. | Security control method and computer system |
| CN110691163B (en) * | 2018-07-06 | 2021-05-04 | 中国移动通信有限公司研究院 | Mobile terminal screen management method, device, medium and equipment |
| CN110691163A (en) * | 2018-07-06 | 2020-01-14 | 中国移动通信有限公司研究院 | Mobile terminal screen management method, device, medium and equipment |
| CN109041059A (en) * | 2018-08-23 | 2018-12-18 | 中国联合网络通信集团有限公司 | A kind of mobile terminal safety authentication method, control platform and mobile terminal |
| WO2020093214A1 (en) * | 2018-11-05 | 2020-05-14 | 深圳市欢太科技有限公司 | Application program login method, application program login device and mobile terminal |
| CN111209561A (en) * | 2018-11-21 | 2020-05-29 | 成都鼎桥通信技术有限公司 | Application calling method and device of terminal equipment and terminal equipment |
| CN109815662A (en) * | 2018-12-06 | 2019-05-28 | 北京握奇智能科技有限公司 | Gesture password identity identifying method and system under a kind of TEE environment |
| CN109863491A (en) * | 2019-01-22 | 2019-06-07 | 深圳市汇顶科技股份有限公司 | Living creature characteristic recognition system, method and terminal device |
| CN109863491B (en) * | 2019-01-22 | 2023-10-27 | 深圳市汇顶科技股份有限公司 | Biometric identification system, method and terminal equipment |
| CN110135163B (en) * | 2019-03-28 | 2021-11-05 | 江苏通付盾信息安全技术有限公司 | Security detection method, device and system based on target application |
| CN110135163A (en) * | 2019-03-28 | 2019-08-16 | 江苏通付盾信息安全技术有限公司 | A kind of safety detection method based on target application, apparatus and system |
| CN112559241A (en) * | 2019-09-10 | 2021-03-26 | 成都鼎桥通信技术有限公司 | Method and device for realizing factory-level factory-reset in terminal |
| CN110598384A (en) * | 2019-09-16 | 2019-12-20 | Oppo(重庆)智能科技有限公司 | Information protection method, information protection device and mobile terminal |
| CN110598384B (en) * | 2019-09-16 | 2022-02-22 | Oppo(重庆)智能科技有限公司 | Information protection method, information protection device and mobile terminal |
| CN111949986A (en) * | 2020-02-19 | 2020-11-17 | 华控清交信息科技(北京)有限公司 | Service processing method, system and storage medium |
| CN111949986B (en) * | 2020-02-19 | 2023-10-03 | 华控清交信息科技(北京)有限公司 | Service processing method, system and storage medium |
| WO2022021534A1 (en) * | 2020-07-31 | 2022-02-03 | 捷开通讯(深圳)有限公司 | Data reading method, storage medium, and mobile terminal |
| WO2022028075A1 (en) * | 2020-08-03 | 2022-02-10 | 深圳市广和通无线股份有限公司 | Network connection method and apparatus, and computer device and storage medium |
| CN111881459A (en) * | 2020-08-03 | 2020-11-03 | 沈阳谦川科技有限公司 | Equipment risk control and management system and detection method based on trusted computing environment |
| CN111881459B (en) * | 2020-08-03 | 2024-04-05 | 沈阳谦川科技有限公司 | Equipment risk control system and detection method based on trusted computing environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106921799A (en) | A kind of mobile terminal safety means of defence and mobile terminal | |
| CN112771826B (en) | Application program login method, application program login device and mobile terminal | |
| CN108171025B (en) | Method for realizing multi-user login mode, terminal and computer readable storage medium | |
| US10635456B2 (en) | Method for entering operating system desktop and mobile intelligent terminal | |
| WO2014029356A1 (en) | Method and mobile terminal for enhancing the security of a mobile terminal | |
| CN105447406A (en) | Method and apparatus for accessing storage space | |
| KR20100126478A (en) | System and method of authorizing execution of software code based on accessible entitlements | |
| CN107451813B (en) | Payment method, payment device and payment server | |
| KR20100126471A (en) | System and method of authorizing execution of software code based on at least one installed profile | |
| CN108335105B (en) | Data processing method and related equipment | |
| EP3176719B1 (en) | Methods and devices for acquiring certification document | |
| CN110691352B (en) | SIM card access control method, device, medium and equipment | |
| US20170169213A1 (en) | Electronic device and method for running applications in different security environments | |
| CN110598384B (en) | Information protection method, information protection device and mobile terminal | |
| CN106845181A (en) | The acquisition methods and electronic equipment of a kind of password | |
| US9984217B2 (en) | Electronic authentication of an account in an unsecure environment | |
| CN105809000A (en) | Information processing method and electronic device | |
| CN107368735B (en) | Application installation method, mobile terminal and computer readable storage medium | |
| CN106685945B (en) | Service request processing method, service handling number verification method and terminal thereof | |
| CN105930726A (en) | Processing method for malicious operation behavior and user terminal | |
| CN112434301A (en) | Risk assessment method and device | |
| CN106851613A (en) | Service request method, the verification method of business handling number and its terminal | |
| CN107085694B (en) | Information display processing method and device | |
| CN111709054B (en) | Privacy space information access control method and device and computer equipment | |
| WO2016026333A1 (en) | Data protection method, device and storage medium in connection between terminal and pc |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170704 |