CN106161481B - A kind of device of mobile terminal physical button isolation safe module prevention security risk - Google Patents

A kind of device of mobile terminal physical button isolation safe module prevention security risk Download PDF

Info

Publication number
CN106161481B
CN106161481B CN201610862710.4A CN201610862710A CN106161481B CN 106161481 B CN106161481 B CN 106161481B CN 201610862710 A CN201610862710 A CN 201610862710A CN 106161481 B CN106161481 B CN 106161481B
Authority
CN
China
Prior art keywords
triggering
result
information
unit
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610862710.4A
Other languages
Chinese (zh)
Other versions
CN106161481A (en
Inventor
张建国
宋斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Comerica Mobei Software (beijing) Co Ltd
Original Assignee
Comerica Mobei Software (beijing) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comerica Mobei Software (beijing) Co Ltd filed Critical Comerica Mobei Software (beijing) Co Ltd
Priority to CN201610862710.4A priority Critical patent/CN106161481B/en
Publication of CN106161481A publication Critical patent/CN106161481A/en
Application granted granted Critical
Publication of CN106161481B publication Critical patent/CN106161481B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/02Constructional features of telephone sets
    • H04M1/23Construction or mounting of dials or of equivalent devices; Means for facilitating the use thereof
    • H04M1/236Construction or mounting of dials or of equivalent devices; Means for facilitating the use thereof including keys on side or rear faces
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories

Abstract

The invention discloses a kind of devices of mobile terminal physical button isolation safe module prevention security risk, described device includes: security module, physical switch, authentication module, device hardware communication interface, mobile terminal operating system and application module, by with physical switch isolation or communication information security module and mobile terminal, information security module is enabled to realize data communication according to the wish of mobile terminal user, and communication connection is thoroughly disconnected after use, take precautions against the Malware in mobile terminal system, security risk caused by loophole or back door unauthorized access information security module.

Description

A kind of device of mobile terminal physical button isolation safe module prevention security risk
Technical field
The present invention relates to a kind of devices of field of computer technology communication security more particularly to a kind of mobile terminal physical to press The device of key isolation safe module prevention security risk.
Background technique
With the development of mobile internet, mobile terminal system has the mobile finance of more and more software supports, mobile card The purposes such as certificate and superencipherment, these softwares need that hardware security module is called to realize data encryption algorithm or storage/reading Confidential information.But the Malwares such as viral wooden horse on mobile terminal emerge one after another, are all-pervasive, even if user, which closes, to be made With the software of security module, but Malware is likely to be hidden in backstage, has intercepted and captured the access password of security module, and connect privately It connects security module and steals secret information or access encryption function, cause to seriously threaten to privacy of user or fund.
Conventional mobile device using security module common form there are two types of: one is security module is directly welded or On the prefabricated circuit board to mobile device, user realizing self disassembling or can not disconnect circuit;Another kind is to insert security module In the expansion slot of mobile device (such as SD card/TF card slot), user voluntarily can pull out or install, but user is generally not Security module can be pulled out easily and carried, because the security module volume very little after pulling out is easily lost.Therefore often at present Rule mobile device is difficult to realize user and fast, easily disconnects security module, this just gives Malware with opportunity.
Chinese patent: a kind of network safety isolator (application number: 201610349446.4) discloses a kind of network peace Full isolating device, including connector, the input terminal of the output end electrical connection firewall of connector, the output end electrical connection of firewall The input terminal of data extraction apparatus, the output end of the input terminal electrical connection hard disk of data extraction apparatus, the input terminal of hard disk are electrically connected number According to the output end of updating device, the output end of the input terminal electrical connection Internet of data update apparatus.Network security isolation Device, the RJ45 interface for using network general can be together in series for the port output and input with computer when in use, It is easily installed and dismantles, easy to use, viral and firewall the information by downloading network cloud in real time is compared, then Information is fed back to control switch by feed circuit, control switch automatically controls its closure, to block network.The patent Or the technological means of the traditional firewall used, viral and firewall the information by downloading network cloud in real time are compared To so that the invasion of Malware is controlled, if the virus or rogue program that once occur, the isolation features of isolating device have May not be able to realize, to cause the loss of system significant data, while system sensitive data are connected with network in real time, only according to By Firewall Protection and a kind of unsafe data guard method.
Summary of the invention
For the deficiencies of the prior art, the present invention provides a kind of mobile terminal physical button isolation safe module prevention safety The device of risk enables to user easily to operate the physical switch on mobile terminal, safe disconnection or the safe mould of connection Block avoids Malware from calling security module to cause damages silently to realize safer preventions, the mobile terminal Including at least mobile terminal operating system, application module, security module, physical switch and device hardware communication interface;
The device of mobile terminal physical button isolation safe module prevention security risk, which is characterized in that described mobile whole End includes at least application module, mobile terminal operating system, device hardware communication interface, physical switch and security module;
The physical switch is used to control the connecting path between the security module and the device hardware communication interface, Alternatively, the physical switch is used to control the power supply of the security module;
It is additionally provided between the physical switch and security module for verifying that the physical switch sends for disconnecting/connecting Connect the authentication module and/or the object of the connecting path bind command information between security module and device hardware communication interface It is additionally provided between reason switch and security module and powers for verifying the security module that is used to disconnect/connect that the physical switch is sent Bind command information authentication module, and the verification process of the authentication module is related to the ciphering process of the bind command And decrypting process.
According to a preferred embodiment, the authentication module includes at least trigger data library unit, triggering information is adopted Collect unit, triggering result timing unit and ciphertext unit;
The trigger data library unit includes at least the first trigger data library, the second trigger data library, third trigger data Library and the 4th trigger data library, wherein first trigger data library includes at least containing fingerprint image, palmprint image and face One or more image informations including contour images;Second trigger data library include at least containing compression frequency and/or Press the pressure information of duration;Third trigger data library includes at least containing acceleration direction and/or acceleration change Acceleration information;The 4th trigger data library including at least containing including sound frequency, tone color and intensity of sound one kind or Muli-sounds information.
According to a preferred embodiment, the ciphering process of the bind command includes: that the authentication module will be described Bind command information is divided into four data segments, and using the arrangement information of data corresponding to each data segment and data segment as more A be-encrypted data block;In ciphering process, the first triggering result when being successfully triggered using the first trigger data library completes the The encryption of one data block, encrypted information is as the first ciphertext blocks;Utilize first data block and the second trigger data The second triggering result when library successfully triggers completes the encryption of second data block, and encrypted information is as the second ciphertext Block;Third triggering result when being successfully triggered using second data block and third trigger data library realizes third data block Encryption, encrypted information is as third ciphertext blocks;When being successfully triggered using third data block and the 4th trigger data library The 4th triggering result complete fourth data block encryption.
According to a preferred embodiment, the decrypting process of the bind command includes: first trigger data library Image information based on mobile terminal triggering information acquisition unit acquisition completes triggering and obtains the first triggering as a result, and by described the One triggering result is sent to triggering result timing unit;Second trigger data library is based on mobile terminal and triggers information collection list Member acquisition pressure information complete triggering obtain the second triggering as a result, and by it is described second triggering result be sent to triggering result when Sequence unit;The third trigger data library triggering is completed based on the acceleration information of mobile terminal triggering information acquisition unit acquisition Third triggering is obtained as a result, and third triggering result is sent to triggering result timing unit;4th trigger data Triggering is completed based on the acoustic information of mobile terminal triggering information acquisition unit acquisition and obtains the 4th triggering as a result, and will be described in library 4th triggering result is sent to triggering result timing unit.
According to a preferred embodiment, the decrypting process of the bind command further includes;The triggering result timing Unit receive it is described first triggering result, it is described second triggering result, the third triggering result and it is described 4th triggering as a result, And reception sequence is set into reception sequence with it and is compared, when the reception sequence of the triggering result timing unit is arranged with it When reception sequence is identical, the first triggering result, the second triggering result, the third are triggered into result and the described 4th Triggering result is sent to ciphertext unit, occurs 3 when reception sequence is arranged in reception sequence and its of the triggering result timing unit When secondary or 3 times or more differences, the triggering information acquisition unit locking, no longer trigger collection information.
According to a preferred embodiment, the decrypting process of the bind command further include: the ciphertext unit will connect The the first triggering result received completes the decryption of the first ciphertext blocks as initial key, obtains the first data block;The ciphertext unit will Received second triggering result and the first data block are completed the second ciphertext blocks as second level beginning key and are decrypted, and the second data are obtained Block;Received third is triggered result and the second data block as three-level beginning key and completes third ciphertext blocks solution by the ciphertext unit It is close, obtain third data block;The ciphertext unit is complete as level Four key using received 4th triggering result and third data block It is decrypted at the 4th ciphertext blocks, obtains the 4th data block;And the first data block, the second data block, the are based on by the ciphertext unit It is connected described in the corresponding Data Synthesis of the arrangement information and each data segment of three data blocks and the data segment in the 4th data block Command information Data Concurrent send to security module to realize the disconnection of the device hardware communication interface and the security module/ Connection, or realize the power supply of disconnection/connection security module.
According to a preferred embodiment, the mobile terminal operating system is used to support mobile terminal module and normally transports Capable system environments;The application module is that the application program of direct service function is provided for user, and the application module is being located It needs that security module is called to carry out data operation or secret information storage and/or read when managing sensitive data;The security module It is responsible for mobile terminal and information password operation and/or secret information storage is provided;The device hardware communication interface is responsible for and peace Full module is connected and communicate with, and is responded the control instruction from operating system and is carried out information exchange with security module.
According to a preferred embodiment, the triggering information acquisition unit is connected simultaneously with the trigger data library unit For realizing the triggering to acquisition information;The trigger data library unit is connected with the triggering result timing unit, for real Now to the timing verification of triggering result;The triggering result timing unit is connected with ciphertext unit, for realizing triggering knot is utilized Fruit decrypts ciphertext blocks.
According to a preferred embodiment, the physical switch is for disconnecting security module and device hardware communication interface Between connecting path, or disconnect security module power supply connection, not needing can be straight by the verification process of authentication module It connects and disconnects;
Physical switch described in user's operation disconnects the access between the security module and the device hardware communication interface Or after the power supply of security module, the calling safety that can not be direct or indirect using the application module of the security module The function services that the data operation or secret information of module are stored and/or read.
According to a preferred embodiment, the physical switch is for disconnecting security module and device hardware communication interface Between connecting path, or disconnect security module power supply connection, not needing can be straight by the verification process of authentication module It connects and disconnects;
Physical switch described in user's operation disconnects the access between the security module and the device hardware communication interface Or after the power supply of security module, the calling safety that can not be direct or indirect using the application module of the security module The function services that the data operation or secret information of module are stored and/or read.
According to a preferred embodiment, described device is to realize isolation safe module prevention safety in the following way Risk: being equipped between the physical switch and security module of the mobile terminal for verifying being used for for the physical switch transmission The authentication module of the connecting path bind command information of disconnection/between connection security module and device hardware communication interface, alternatively, Be equipped between the physical switch and security module for verify that the physical switch sends for disconnect/connect security module The authentication module of the bind command information of power supply, verification process are related to the ciphering process and decrypting process of the bind command;
The ciphering process of the bind command includes: that the bind command information is divided into four data segments, and will be each The corresponding data of data segment and the arrangement information of data segment are as multiple be-encrypted data blocks;In ciphering process, is utilized The first triggering result when one trigger data library successfully triggers completes the encryption of first data block, encrypted information conduct First ciphertext blocks;The second triggering result when being successfully triggered using first data block and the second trigger data library completes second The encryption of data block, encrypted information is as the second ciphertext blocks;Utilize second data block and third trigger data Kucheng Third triggering result when function triggers realizes the encryption of third data block, and encrypted information is as third ciphertext blocks;Benefit The 4th triggering result when being successfully triggered with third data block and the 4th trigger data library completes the encryption of fourth data block;
The decrypting process of the bind command includes that first trigger data library is based on mobile terminal and triggers information collection The image information of unit acquisition completes triggering and obtains the first triggering as a result, and the first triggering result is sent to triggering result Timing unit;Second trigger data library triggering is completed based on the pressure information of mobile terminal triggering information acquisition unit acquisition The second triggering is obtained as a result, and the second triggering result is sent to triggering result timing unit;The third trigger data Triggering is completed based on the acceleration information of mobile terminal triggering information acquisition unit acquisition and obtains third triggering as a result, and by institute in library It states third triggering result and is sent to triggering result timing unit;The 4th trigger data library is based on mobile terminal triggering information and adopts The acoustic information of collection unit acquisition completes triggering and obtains the 4th triggering as a result, and the 4th triggering result is sent to triggering knot Fruit timing unit;
The triggering result timing unit receives the first triggering result, the second triggering result, third touching Hair result and it is described 4th triggering as a result, and by reception sequence with its set reception sequence be compared, when the triggering result Timing unit reception sequence with its be arranged reception sequence it is identical when, will it is described first trigger result, it is described second trigger result, The third triggering result and the 4th triggering result are sent to ciphertext unit, when the reception of the triggering result timing unit Sequence from its be arranged reception sequence occur 3 times or 3 times or more it is different when, the triggering information acquisition unit locks, and no longer acquires Trigger information;
The ciphertext unit completes the decryption of the first ciphertext blocks, acquisition the using received first triggering result as initial key One data block;The ciphertext unit is close as the completion second of second level beginning key using received second triggering result and the first data block Literary block decryption, obtains the second data block;Received third is triggered result and the second data block as three-level by the ciphertext unit Beginning key completes the decryption of third ciphertext blocks, obtains third data block;The ciphertext unit is by received 4th triggering result and the Three data blocks complete the decryption of the 4th ciphertext blocks as level Four key, obtain the 4th data block;And the is based on by the ciphertext unit One data block, the second data block, the arrangement information of third data block and the data segment in the 4th data block and each data segment Bind command information data described in corresponding Data Synthesis is sent to security module, to realize the device hardware communication interface With disconnection/connection of the security module, or realization disconnection/connection security module power supply.
The invention has the following advantages that
(1) present invention provides a kind of device of mobile terminal physical button isolation safe module prevention security risk, can So that user easily operates the physical switch on mobile terminal, safe disconnection or connection security module, more pacify to realize Full preventions, avoid Malware from calling security module to cause damages silently, and the mobile terminal includes at least mobile whole Hold operating system, application module, security module, physical switch and device hardware communication interface.
(2) it is equipped between physical switch of the present invention and security module for verifying being used for for the physical switch transmission simultaneously The authentication module of the connecting path bind command information of disconnection/between connection security module and device hardware communication interface, or behaviour The authentication module of the bind command information of security module power supply is disconnected/connects, verification process is related to the bind command Ciphering process and decrypting process, to ensure that the safety for connecting or disconnecting order that physical switch is sent;Meanwhile it avoiding What is generated during unconscious touching physical switch connects or disconnects order.
Detailed description of the invention
Fig. 1 is each functional module structure relation schematic diagram of mobile terminal of the invention;
Fig. 2 is authentication module structural relation schematic diagram of the invention;
Fig. 3 is the first trigger data library structure relation schematic diagram of the invention;
Fig. 4 is the second trigger data library structure relation schematic diagram of the invention;
Fig. 5 is third trigger data library structure relation schematic diagram of the invention;With
Fig. 6 is the 4th trigger data library structure relation schematic diagram of the invention.
Reference signs list
101: mobile terminal 102: application module
103: mobile terminal operating system 104: device hardware communication interface
105: physical switch 106: security module
107: authentication module 201: triggering information acquisition unit
202: trigger data library unit 203: triggering result timing unit
204: 301: the first trigger data library of ciphertext unit
302: image receiving unit 303: image storage unit
304: image identification unit 305: the first exports setting unit
306: the first output unit, 401: the second trigger data library
402: pressure information receiving unit 403: pressure information storage unit
404: pressure information recognition unit 405: the second exports setting unit
406: the second output units 501: third trigger data library
502: acceleration information receiving unit 503: acceleration information storage unit
504: acceleration information recognition unit 505: third exports setting unit
506: 601: the four trigger data library of third output unit
602: acoustic information receiving unit 603: sound information storage unit
604: acoustic information recognition unit 605: the four exports setting unit
606: the four output units
Specific embodiment
It is described in detail with reference to the accompanying drawings and examples.
The present invention provides a kind of device of mobile terminal physical button isolation safe module prevention security risk, the dresses It sets and user is enabled to easily to operate the physical switch 105 on mobile terminal, safe disconnection or connection security module 106, To realize safer preventions, avoid Malware that security module 106 is called to cause damages silently.Movement of the invention Terminal 101 can be implemented in a variety of manners.For example, terminal described in the present invention may include such as mobile phone, intelligence Phone, laptop, digit broadcasting receiver, PDA (personal digital assistant), PAD (tablet computer), PMP (portable more matchmakers Body player), the mobile terminal and such as number TV, desktop computer etc. terminal device of navigation device etc..In the following, false If terminal is mobile terminal.However, it will be understood by those skilled in the art that in addition to be used in particular for mobile purpose element it Outside, the construction of embodiment according to the present invention can also apply to the terminal of fixed type.
Fig. 1 shows each functional module structure relation schematic diagram of mobile terminal 101 of the present invention, the mobile terminal 101 include at least application module 102, mobile terminal operating system 103, device hardware communication interface 104, physical switch 105, peace Full module 106 and authentication module 107.The mobile terminal operating system 103 is used to support 101 software of mobile terminal normal operation System environments.According to a preferred embodiment, the operating system can be iOS operating system, Android operation system System or Windows Phone operating system, Windows operating system or (SuSE) Linux OS etc..The application module 102 is The software program of direct service function is provided for user, needs that security module 106 is called to be counted when handling sensitive data According to operation or secret information storage/reading.The security module 106 be responsible for mobile terminal 101 provide information password operation or The functions such as secret information storage.The physical switch 105, user can operate its be used to disconnect/connect security module 106 and equipment Connecting path between hardware communication interface 104, or operation disconnection/connection security module 106 are powered.The device hardware communication Interface 104 be responsible for is connected and communicate with security module 106, response the control instruction from operating system and with security module 106 Interaction.It is additionally provided between the physical switch 105 and security module 106 for verifying being used for for the transmission of physical switch 105 The authentication module of the connecting path bind command information of disconnection/between connection security module 106 and device hardware communication interface 104 107, or the authentication module 107 of bind command information that operation disconnection/connection security module 106 is powered, verification process is related to pair The ciphering process and decrypting process of the bind command.According to a preferred embodiment, the physical switch 105 is for breaking The connecting path between security module 106 and device hardware communication interface 104 is opened, or operation disconnects what security module 106 was powered When connection, do not need directly disconnect by the verification process of authentication module, to realize the authentication module 107 The function that connection between mobile terminal 101 quickly disconnects.
As shown in Fig. 2, the authentication module 107 includes at least triggering information acquisition unit 201, trigger data library unit 202, result timing unit 203 and ciphertext unit 204 are triggered., the triggering information acquisition unit 201 and the trigger data library Unit 202 is connected, for realizing the triggering of acquisition information.The trigger data library unit 202 and the triggering result timing list Member 203 is connected, and each trigger data library is for realizing respectively to the triggering information collection list in the trigger data library unit 202 The information of 201 acquisition of member carries out identification triggering, and exports triggering result extremely triggering result timing unit 203, while realizing triggering As a result timing verification.The triggering result timing unit 203 is connected with ciphertext unit 204, for realizing triggering result is utilized Carry out ciphertext blocks decrypting process.According to a preferred embodiment, the first output setting unit to the 4th output setting Triggering when the triggering result data setting of unit includes the triggering result data content and triggering failure when setting triggers successfully Result data content.
The triggering information gathering data library 201 includes image information, pressure information, acceleration information harmony for acquiring Triggering information corresponding with trigger data library unit 202 including message breath.The triggering information acquisition unit 201 will acquisition Information data is sent to database different in trigger data library unit 202.The trigger data library unit 202 is to include image Four trigger data libraries of information, pressure information, acceleration information and acoustic information.Including at least contain fingerprint image, First trigger data library 301 of one or more image informations including palmprint image and face contour image.Including at least The second trigger data library 401 containing compression frequency and/or pressing duration information.Including at least contain acceleration direction The third trigger data library 501 of size variation information and/or.Including at least contain sound frequency, tone color and intensity of sound 4th trigger data library 601 of one or more information inside.The triggering result timing unit 203 receives the first triggering knot Fruit to the 4th triggering result.And the reception sequence is set into reception sequence with it and is compared.When its reception sequence is set with it Set reception sequence it is identical when, by first triggering result to the 4th triggering result be sent to ciphertext unit 204.When its reception sequence with When reception sequence appearance 3 times or 3 times or more differences are arranged in it, the triggering information acquisition unit 201 of mobile terminal 101 is locked, no Trigger collection information again.The ciphertext unit 204 is used to receive the trigger data library 202 that triggering result timing unit 203 is sent In each trigger data library triggering result.The ciphertext unit 204 completes what physical switch 105 issued based on each triggering result The bind command information decrypting process, to realize the disconnected of the device hardware communication interface 104 and the security module 106 It opens/connects, or realize the power supply of disconnection/connection security module 106.
The trigger data library unit 202 includes the first trigger data library 301, the second trigger data library 401, third triggering Database 501 and the 4th trigger data library 601, each trigger data library for realizing respectively in the trigger data library unit 202 The information acquired to the triggering information acquisition unit 201 carries out identification triggering, and exports triggering result to triggering result timing Unit 203.Each trigger data library is for realizing respectively to the triggering information acquisition unit in the trigger data library unit 202 The information of 201 acquisitions carries out identification triggering, and exports triggering result to triggering result timing unit 203.
As shown in figure 3, first trigger data library 301 includes image receiving unit 302, image storage unit 303, figure As recognition unit 304, first exports setting unit 305 and the first output unit 306.Wherein, described image receiving unit 302 is used In the image information that reception triggering information acquisition unit 201 acquires, and send it to image identification unit 304.Described image Storage unit 303 is used to store the fingerprint image, palmprint image or face contour image information of user setting.Described image identification Unit 304 is for realizing the image for storing or being arranged in the image and image storage unit 303 sent to image receiving unit 302 Information compares identification, and will identify successfully or the result of recognition failures is sent to the first output unit 306.Wherein described One output setting unit 305 is configured for realizing the specific data content to output result, and the setting includes that setting is known Not Cheng Gong when output information and setting recognition failures when output information.First output unit 306 is based on image recognition Unit 304 send identify successfully or recognition failures information and first output setting unit 305 setting data content completion number According to output, it is the first triggering result which, which exports result,.
As shown in figure 4, second trigger data library 401 includes pressure information receiving unit 402, pressure information storage list Member 403, pressure information recognition unit 404, second export setting unit 405 and the second output unit 406, wherein described second is defeated Setting unit 405 is used to be arranged the data content of the second triggering result out.Wherein, the pressure information receiving unit 402 is used for The pressure information that triggering information acquisition unit 201 acquires is received, and sends it to pressure information recognition unit 404.The pressure Force information storage unit 403 is used to store the pressure information including compression frequency and/or pressing duration of user setting.Institute Pressure information recognition unit 404 is stated to deposit for realizing the pressure information and pressure information for sending pressure information receiving unit 402 In storage unit 403 store or be arranged pressure information compare identification, and will identify successfully or the result of recognition failures transmission To the second output unit 406.Wherein the second output setting unit 405 is for realizing the specific data content to output result It is configured, the output information when setting includes the output information and setting recognition failures when setting identifies successfully.It is described Second output unit 406 is successful based on the identification that pressure information recognition unit 404 is sent or recognition failures information and second exports The data content that setting unit 405 is arranged completes data output, and it is the second triggering result which, which exports result,.
As shown in figure 5, third trigger data library 501 is deposited including acceleration information receiving unit 502, acceleration information Storage unit 503, acceleration information recognition unit 504, third output setting unit 505 and third output unit 506, wherein described Third output setting unit 505 is used to be arranged the data content of third triggering result.Wherein, the acceleration information receiving unit 502 acceleration informations acquired for receiving triggering information acquisition unit 201, and send it to acceleration information recognition unit 504.What the acceleration information storage unit 503 was used to store user setting includes acceleration direction and/or acceleration magnitude Acceleration information including change information.The acceleration information recognition unit 504 is single for realizing receiving to acceleration information It is stored in the acceleration information and acceleration information storage unit 503 that member 502 is sent or the acceleration information of setting compares Identification, and will identify successfully or the result of recognition failures is sent to third output unit 506.Wherein the third output setting is single Member 505 is configured for realizing the specific data content to output result, and the setting includes defeated when setting identifies successfully Output information when information and setting recognition failures out.The third output unit 506 is based on acceleration information recognition unit 504 Transmission identify successfully or recognition failures information and third output setting unit 505 be arranged data content complete data output, It is that third triggers result that the data, which export result,.
As shown in fig. 6, the 4th trigger data library 601 includes acoustic information receiving unit 602, acoustic information storage list Member 603, acoustic information recognition unit the 604, the 4th export setting unit 605 and the 4th output unit 606, wherein the described 4th is defeated Setting unit 605 is used to be arranged the data content of the 4th triggering result out.Wherein, the acoustic information receiving unit 602 is used for The acoustic information that triggering information acquisition unit 201 acquires is received, and sends it to acoustic information recognition unit 604.The sound Sound information memory cell 603 is used to store one kind or more including sound frequency, tone color and intensity of sound of user setting Kind information.The acoustic information recognition unit 604 is for realizing the acoustic information harmony sent to acoustic information receiving unit 602 The acoustic information of storage or setting in sound information memory cell 603 compares identification, and will identify successfully or recognition failures Result be sent to the 4th output unit 606.Wherein the 4th output setting unit 605 is for realizing the tool to output result Volume data content is configured, the output when setting includes the output information and setting recognition failures when setting identifies successfully Information.Identification success or recognition failures information that 4th output unit 606 is sent based on acoustic information recognition unit 604 and The data content that 4th output setting unit 605 is arranged completes data output, and it is the 4th triggering result which, which exports result,.
Meanwhile it being additionally provided between the physical switch 105 and security module 106 and being sent out for verifying the physical switch 105 The connecting path bind command information being used to disconnect/connect between security module 106 and device hardware communication interface 104 sent Authentication module 107, or the authentication module 107 of operation disconnection/power supply of connection security module 106 bind command information, it is authenticated Journey is related to ciphering process and decrypting process to the bind command.The ciphering process includes: by the bind command information It is divided into four data segments, and using the arrangement information of the corresponding data of each data segment and data segment as multiple be-encrypted datas Block.In ciphering process, the first triggering result information when being successfully triggered using the first trigger data library 301 completes first number According to the encryption of block.Its encrypted information is as the first ciphertext blocks.Using first data block and the second trigger data library 401 at The second triggering result information when function triggers completes the encryption of second data block.Its encrypted information is as the second ciphertext Block.Third triggering result information when being successfully triggered using second data block and third trigger data library 501 realizes third The encryption of data block, encrypted information is as third ciphertext blocks.Utilize third data block and the 4th trigger data library 601 The 4th triggering result information when successfully triggering completes the encryption of fourth data block.
The decrypting process includes that first trigger data library 301 is based on mobile terminal 101 and triggers information acquisition unit The image information of 201 acquisitions completes triggering, and triggering result is sent to triggering result timing unit 203.It triggers result First triggering result.The pressure that information acquisition unit 201 acquires is triggered based on mobile terminal 101 in second trigger data library 401 Force information completes triggering, and triggering result is sent to triggering result timing unit 203.It is the second triggering knot that it, which triggers result, Fruit.Third trigger data library 501 is complete based on the acceleration information that mobile terminal 101 triggers the acquisition of information acquisition unit 201 Triggering result timing unit 203 is sent at triggering, and by triggering result.It is that third triggers result that it, which triggers result,.Described Four trigger data libraries 601 trigger the acoustic information that information acquisition unit 201 acquires based on mobile terminal 101 and complete triggering, and will Triggering result is sent to triggering result timing unit 203, and triggering result is the 4th triggering result.The triggering result timing list Member 203 receives the first triggering result to the 4th triggering result.And the reception sequence is set into reception sequence with it and is compared. When its reception sequence with its be arranged reception sequence it is identical when, by first triggering result to the 4th trigger result be sent to ciphertext unit 204.When its reception sequence from its be arranged reception sequence occur 3 times or 3 times or more it is different when, the triggering of locking mobile terminal 101 Information acquisition unit 201, no longer trigger collection information.The ciphertext unit 204 is sent out for receiving triggering result timing unit 203 The triggering result in each trigger data library in the trigger data library 202 sent.The ciphertext unit 204 triggers result for received first The decryption of the first ciphertext blocks is completed as initial key, obtains the first data block.The ciphertext unit 204 is triggered received second As a result the decryption of the second ciphertext blocks is completed as second level beginning key with the first data block, obtains the second data block.The ciphertext unit Received third is triggered result and the second data block as three-level beginning key by 204 completes the decryption of third ciphertext blocks, obtains third Data block.The ciphertext unit 204 is close as the completion the 4th of level Four key using received 4th triggering result and third data block Literary block decryption, obtains the 4th data block.And the first data block, the second data block, third data are based on by the ciphertext unit 204 The letter of bind command described in the corresponding Data Synthesis of the arrangement information and each data segment of block and the data segment in the 4th data block Breath data are sent to security module Unit 106.Realize the disconnected of the device hardware communication interface 104 and the security module 106 It opens/connects, or realize the power supply of disconnection/connection security module 106.
According to a preferred embodiment, physical switch 105 described in user's operation disconnects the security module 106 and institute After the power supply for stating the access or security module 106 between device hardware communication interface 104, the institute of the security module 106 is used State the calling security module 106 that application module 102 can not be direct or indirect data operation or secret information storage and/or The function services of reading.
Embodiment 1
It is realized between connection security module 106 and device hardware communication interface 104 with the present invention by physical switch 105 It is illustrated for connecting path, or the connection of the operation connection power supply of security module 106.Physical switch of the present invention 105 with It is equipped between security module 106 for verifying that the physical switch 105 sends for connecting security module 106 and device hardware The authentication module 107 of connecting path bind command information between communication interface 104, or operation connection security module 106 are powered Bind command information authentication module 107, verification process is related to ciphering process and decrypting process to the bind command.Institute State ciphering process include: the bind command information is divided into four data segments, and by the corresponding data of each data segment and The arrangement information of data segment is as 4 be-encrypted data blocks.In ciphering process, successfully touched using the first trigger data library 301 The first triggering result information when hair completes the encryption of first data block.Its encrypted information is as the first ciphertext blocks.Root According to a preferred embodiment, the first triggering result information can be " image information is proved to be successful ", " the first triggering number Triggered successfully according to library " etc. information.The second triggering knot when being successfully triggered using first data block and the second trigger data library 401 Fruit information completes the encryption of second data block.Its encrypted information is as the second ciphertext blocks.According to a preferred implementation Mode, the second triggering result information can be " pressure information is proved to be successful ", " triggering successfully in the second trigger data library " etc. Information.Third triggering result information when being successfully triggered using second data block and third trigger data library 501 realizes third The encryption of a data block, encrypted information is as third ciphertext blocks.According to a preferred embodiment, the third touching Hair result information can be the information such as " acceleration information is proved to be successful " and " triggering successfully in third trigger data library ".Utilize third The 4th triggering result information when a data block and the 4th trigger data library 601 successfully trigger completes adding for fourth data block It is close.Its encrypted information is as the 4th ciphertext blocks.According to a preferred embodiment, the 4th triggering result information can To be the information such as " acoustic information is proved to be successful " and " triggering successfully in the 4th trigger data library ".
The decrypting process includes that first trigger data library 301 is based on mobile terminal 101 and triggers information acquisition unit The image information of 201 acquisitions completes triggering, and triggering result is sent to triggering result timing unit 203.It triggers result First triggering result.According to a preferred embodiment, the image information of acquisition includes the finger of 101 user of mobile terminal Print image, palmprint image and face contour image.According to a preferred embodiment, when triggering information acquisition unit 201 is adopted When the image information of collection successfully completes the triggering with the first trigger data library 301, the first triggering result is the first output setting Output information when identifying successfully that unit 305 is arranged.
The pressure information that information acquisition unit 201 acquires is triggered based on mobile terminal 101 in second trigger data library 401 Triggering is completed, and triggering result is sent to triggering result timing unit 203.It is the second triggering result that it, which triggers result,.According to One preferred embodiment, the pressure information of acquisition include the frequency of the pressing physical switch 105 of 101 user of mobile terminal Rate and/or the duration for pressing physical switch 105.For example, its compression frequency can be realizes 5 pressings in 3 seconds, when pressing It is more than 0.5 second etc. that length, which can be single depression,.According to a preferred embodiment, when triggering information acquisition unit 201 acquires Pressure information when successfully completing the triggering with the second trigger data library 401, the second triggering result is that the second output setting is single Output information when identifying successfully of 405 setting of member.
The acceleration letter that information acquisition unit 201 acquires is triggered based on mobile terminal 101 in third trigger data library 501 Breath completes triggering, and triggering result is sent to triggering result timing unit 203.It is that third triggers result that it, which triggers result,.Root Acceleration information according to a preferred embodiment, acquisition includes acceleration magnitude and/or direction change information.For example, The variation of its acceleration magnitude is greater than the acceleration signal of acceleration of gravity to provide in continuous 3 seconds twice, or realizes in 3 seconds Acceleration direction change signal twice in succession etc..According to a preferred embodiment, when triggering information acquisition unit 201 is adopted When the acceleration information of collection successfully completes the triggering with third trigger data library 501, third triggering result is that third output is set Set output information when identifying successfully of the setting of unit 505.
The acoustic information that information acquisition unit 201 acquires is triggered based on mobile terminal 101 in the 4th trigger data library 601 Triggering is completed, and triggering result is sent to triggering result timing unit 203, triggering result is the 4th triggering result.According to The acoustic information of one preferred embodiment, acquisition includes the frequency, tone color and intensity of sound information of sound.For example, its The acoustic information that acoustic contrast's verifying can provide one section of personal recording and acquisition compares, or provides a song and adopt The acoustic information of collection compares.According to a preferred embodiment, when the sound letter that triggering information acquisition unit 201 acquires When breath successfully completes the triggering with the 4th trigger data library 601, the 4th triggering result is that the 4th output setting unit 605 is arranged Output information when identifying successfully.
The triggering result timing unit 203 receives the first triggering result to the 4th triggering result.And it is the reception is suitable Sequence sets reception sequence with it and is compared.When its reception sequence with its be arranged reception sequence it is identical when, by first triggering result Ciphertext unit 204 is sent to the 4th triggering result.When its reception sequence is arranged reception sequence appearance 3 times or 3 times or more with it When different, the triggering information acquisition unit 201 of mobile terminal 101, no longer trigger collection information are locked.
Ciphertext unit 204 is used to receive each trigger data in the trigger data library 202 that triggering result timing unit 203 is sent The triggering result in library.Ciphertext unit 204 completes the decryption of the first ciphertext blocks using received first triggering result as initial key, obtains Obtain the first data block.Ciphertext unit 204 is using received second triggering result and the first data block as second level beginning key completion the The decryption of two ciphertext blocks, obtains the second data block.Received third is triggered result and the second data block as three by ciphertext unit 204 Grade beginning key completes the decryption of third ciphertext blocks, obtains third data block.Ciphertext unit 204 is by received 4th triggering result and the Three data blocks complete the decryption of the 4th ciphertext blocks as level Four key, obtain the 4th data block.And first is based on by ciphertext unit 204 Data block, the second data block, the arrangement information of third data block and the data segment in the 4th data block and each data segment institute Corresponding data synthesizes the bind command information data and is sent to security module Unit 106.Realize that the device hardware communication connects The connection of mouth 104 and the security module 106, or realize the power supply of connection security module 106.
It should be noted that above-mentioned specific embodiment is exemplary, those skilled in the art can disclose in the present invention Various solutions are found out under the inspiration of content, and these solutions also belong to disclosure of the invention range and fall into this hair Within bright protection scope.It will be understood by those skilled in the art that description of the invention and its attached drawing are illustrative and are not Constitute limitations on claims.Protection scope of the present invention is defined by the claims and their equivalents.

Claims (7)

1. a kind of device of mobile terminal physical button isolation safe module prevention security risk, which is characterized in that the movement Terminal (101) includes at least application module (102), mobile terminal operating system (103), device hardware communication interface (104), object Reason switch (105) and security module (106);
The physical switch (105) is for controlling between the security module (106) and the device hardware communication interface (104) Connecting path, alternatively, the physical switch (105) is used to control the power supplies of the security module (106);
It is additionally provided between the physical switch (105) and security module (106) for verifying the physical switch (105) transmission For disconnecting/connecting the connecting path bind command information between security module (106) and device hardware communication interface (104) Authentication module (107), alternatively, being additionally provided between the physical switch (105) and security module (106) for verifying the physics The authentication module (107) for the bind command information for disconnecting/connecting security module (106) power supply that switch (105) is sent, and And the verification process of the authentication module (107) is related to the ciphering process and decrypting process of the bind command;
Alternatively, the physical switch (105) is for disconnecting between security module (106) and device hardware communication interface (104) Connecting path, or operation disconnect security module (106) power supply connection when, do not need the verification process by authentication module Directly disconnect;
Wherein, the authentication module (107) include at least trigger data library unit (202), triggering information acquisition unit (201), Trigger result timing unit (203) and ciphertext unit (204);
The trigger data library unit (202) includes at least the first trigger data library (301), the second trigger data library (401), the Three trigger data libraries (501) and the 4th trigger data library (601), wherein first trigger data library (301) includes at least containing There are one or more image informations including fingerprint image, palmprint image and face contour image;Second trigger data library (401) include at least containing compression frequency and/or press duration pressure information;Third trigger data library (501) includes At least acceleration information containing acceleration direction and/or acceleration change;The 4th trigger data library (601) includes at least Contain one or more acoustic informations including sound frequency, tone color and intensity of sound;
Wherein, the ciphering process of the bind command includes: that the bind command information is divided into four by the authentication module (105) A data segment, and using the arrangement information of data corresponding to each data segment and data segment as multiple be-encrypted data blocks;? In ciphering process, the first triggering result when being successfully triggered using the first trigger data library (301) completes first data block Encryption, encrypted information is as the first ciphertext blocks;It is successfully touched using first data block and the second trigger data library (401) The second triggering result when hair completes the encryption of second data block, and encrypted information is as the second ciphertext blocks;Utilize Third triggering result when two data blocks and third trigger data library (501) successfully trigger realizes adding for third data block Close, encrypted information is as third ciphertext blocks;It is successfully triggered using third data block and the 4th trigger data library (601) When the 4th triggering result complete fourth data block encryption;
Wherein, the physical switch (105) is for disconnecting between security module (106) and device hardware communication interface (104) Connecting path, or the connection of security module (106) power supply is disconnected, it does not need through the verification process of authentication module (107) i.e. It can directly disconnect;
Physical switch described in user's operation (105) disconnects the security module (106) and the device hardware communication interface (104) Between access or security module (106) power supply after, use the application module (102) nothing of the security module (106) The function clothes that the data operation or secret information of the method direct or indirect calling security module (106) are stored and/or read Business.
2. the device of mobile terminal physical button isolation safe module prevention security risk according to claim 1, special Sign is that the decrypting process of the bind command includes: that first trigger data library (301) is based on mobile terminal triggering information The image information of acquisition unit (201) acquisition completes triggering and obtains the first triggering as a result, and sending the first triggering result To triggering result timing unit (203);Second trigger data library (401) is based on mobile terminal and triggers information acquisition unit (201) pressure information acquired completes triggering and obtains the second triggering as a result, and the second triggering result is sent to triggering knot Fruit timing unit (203);Third trigger data library (501) is based on mobile terminal triggering information acquisition unit (201) acquisition Acceleration information complete triggering obtain third triggering as a result, and by the third triggering result be sent to triggering result timing list First (203);The 4th trigger data library (601) is based on the sound letter of mobile terminal triggering information acquisition unit (201) acquisition Breath completes triggering and obtains the 4th triggering as a result, and the 4th triggering result is sent to triggering result timing unit (203).
3. the device of mobile terminal physical button isolation safe module prevention security risk according to claim 2, special Sign is, the decrypting process of the bind command further include: the triggering result timing unit (203) receives first triggering As a result, it is described second triggering result, the third triggering result and it is described 4th triggering as a result, and by reception sequence and its set Reception sequence be compared, when it is described triggering result timing unit (203) reception sequence with its be arranged reception sequence it is identical when, The first triggering result, the second triggering result, third triggering result and the 4th triggering result are sent to Ciphertext unit (204) occurs 3 times or 3 when reception sequence is arranged in reception sequence and its of triggering result timing unit (203) When secondary above different, triggering information acquisition unit (201) locking, no longer trigger collection information.
4. the device of mobile terminal physical button isolation safe module prevention security risk according to claim 3, special Sign is, the decrypting process of the bind command further include: the ciphertext unit (204) using received first triggering result as Initial key completes the decryption of the first ciphertext blocks, obtains the first data block;The ciphertext unit (204) ties received second triggering Fruit and the first data block are completed the second ciphertext blocks as second level beginning key and are decrypted, and the second data block is obtained;The ciphertext unit (204) received third is triggered into result and the second data block as three-level beginning key and completes the decryption of third ciphertext blocks, acquisition the Three data blocks;The ciphertext unit (204) is using received 4th triggering result and third data block as level Four key completion the The decryption of four ciphertext blocks, obtains the 4th data block;And the first data block, the second data block, the are based on by the ciphertext unit (204) It is connected described in the corresponding Data Synthesis of the arrangement information and each data segment of three data blocks and the data segment in the 4th data block Command information Data Concurrent is sent to security module (106) to realize the device hardware communication interface (104) and the safety Disconnection/connection of module (106), or realize the power supply of disconnection/connection security module (106).
5. the device of mobile terminal physical button isolation safe module prevention security risk according to claim 1, special Sign is that the mobile terminal operating system (103) is used to support the system environments of mobile terminal module normal operation;It is described to answer It is that the application program of direct service function is provided for user with module (102), the application module (102) is in processing sensitive data When need to call security module (106) to carry out data operation or secret information storage and/or read;The security module (106) It is responsible for mobile terminal (101) and information password operation and/or secret information storage is provided;The device hardware communication interface (104) it is responsible for being connected and communicate with security module (106), control instruction of the response from operating system and and security module (106) information exchange is carried out.
6. the device of mobile terminal physical button isolation safe module prevention security risk according to claim 1, special Sign is that the triggering information acquisition unit (201) is connected and with the trigger data library unit (202) for realizing to acquisition The triggering of information;The trigger data library unit (202) is connected with the triggering result timing unit (203), for realizing right Trigger the timing verification of result;The triggering result timing unit (203) is connected with ciphertext unit (204), for realizing utilization Result is triggered to decrypt ciphertext blocks.
7. the dress of mobile terminal physical button isolation safe module prevention security risk according to one of claims 1 to 6, It sets, which is characterized in that described device is to realize isolation safe module prevention security risk in the following way:
The ciphering process of the bind command includes: that the bind command information is divided into four data segments, and by each data The corresponding data of section and the arrangement information of data segment are as multiple be-encrypted data blocks;In ciphering process, the first touching is utilized The first triggering result when hair database (301) successfully triggers completes the encryption of first data block, and encrypted information is made For the first ciphertext blocks;The second triggering result when being successfully triggered using first data block and the second trigger data library (401) is complete At the encryption of second data block, encrypted information is as the second ciphertext blocks;It is triggered using second data block and third Third triggering result when database (501) successfully triggers realizes the encryption of third data block, encrypted information conduct Third ciphertext blocks;The 4th triggering result when being successfully triggered using third data block and the 4th trigger data library (601) is completed The encryption of fourth data block;
The decrypting process of the bind command includes that first trigger data library (301) is based on mobile terminal triggering information and adopts The image information of collection unit (201) acquisition completes triggering and obtains the first triggering as a result, and being sent to the first triggering result It triggers result timing unit (203);Second trigger data library (401) is based on mobile terminal and triggers information acquisition unit (201) pressure information acquired completes triggering and obtains the second triggering as a result, and the second triggering result is sent to triggering knot Fruit timing unit (203);Third trigger data library (501) is based on mobile terminal triggering information acquisition unit (201) acquisition Acceleration information complete triggering obtain third triggering as a result, and by the third triggering result be sent to triggering result timing list First (203);The 4th trigger data library (601) is based on the sound letter of mobile terminal triggering information acquisition unit (201) acquisition Breath completes triggering and obtains the 4th triggering as a result, and the 4th triggering result is sent to triggering result timing unit (203);
The triggering result timing unit (203) receives the first triggering result, the second triggering result, third touching Hair result and it is described 4th triggering as a result, and by reception sequence with its set reception sequence be compared, when the triggering result Timing unit (203) reception sequence with its be arranged reception sequence it is identical when, will it is described first trigger result, it is described second trigger As a result, the third triggering result and the 4th triggering result are sent to ciphertext unit (204), when the triggering result timing The reception sequence of unit (203) from its be arranged reception sequence occur 3 times or 3 times or more it is different when, the triggering information collection list First (201) locking, no longer trigger collection information;
The ciphertext unit (204) completes the decryption of the first ciphertext blocks using received first triggering result as initial key, obtains First data block;The ciphertext unit (204) is complete as second level beginning key using received second triggering result and the first data block It is decrypted at the second ciphertext blocks, obtains the second data block;Received third is triggered result and the second number by the ciphertext unit (204) The decryption of third ciphertext blocks is completed as three-level beginning key according to block, obtains third data block;The ciphertext unit (204) will be received 4th triggering result and third data block are completed the 4th ciphertext blocks as level Four key and are decrypted, and the 4th data block is obtained;And by institute State row of the ciphertext unit (204) based on the data segment in the first data block, the second data block, third data block and the 4th data block Bind command information data described in the corresponding Data Synthesis of column information and each data segment is sent to security module (106), is used To realize disconnection/connection of the device hardware communication interface (104) and the security module (106), or realize disconnection/company Connect the power supply of security module (106).
CN201610862710.4A 2016-09-28 2016-09-28 A kind of device of mobile terminal physical button isolation safe module prevention security risk Active CN106161481B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610862710.4A CN106161481B (en) 2016-09-28 2016-09-28 A kind of device of mobile terminal physical button isolation safe module prevention security risk

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610862710.4A CN106161481B (en) 2016-09-28 2016-09-28 A kind of device of mobile terminal physical button isolation safe module prevention security risk

Publications (2)

Publication Number Publication Date
CN106161481A CN106161481A (en) 2016-11-23
CN106161481B true CN106161481B (en) 2019-08-30

Family

ID=57341266

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610862710.4A Active CN106161481B (en) 2016-09-28 2016-09-28 A kind of device of mobile terminal physical button isolation safe module prevention security risk

Country Status (1)

Country Link
CN (1) CN106161481B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107332989B (en) * 2017-06-27 2020-09-15 中国联合网络通信集团有限公司 Data protection system and data protection method of mobile terminal
CN111046414B (en) * 2018-10-15 2023-07-25 中兴通讯股份有限公司 Mobile terminal, switch control method, and computer-readable storage medium
CN113821774A (en) * 2021-09-07 2021-12-21 安徽继远软件有限公司 Terminal security risk module matching and verifying system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101171860A (en) * 2005-04-07 2008-04-30 法国电信公司 Security method and device for managing access to multimedia contents
CN101277230A (en) * 2008-04-22 2008-10-01 华为技术有限公司 Method and device for statistic of layering flow
CN201365347Y (en) * 2008-12-12 2009-12-16 东莞市智盾电子技术有限公司 Mobile telephone with independent built-in data assistant device
CN101939963A (en) * 2007-12-07 2011-01-05 法国电信公司 Method of controlling applications installed on a security module associated with a mobile terminal, associated security module, mobile terminal and server
CN104916022A (en) * 2015-06-16 2015-09-16 广州杰赛科技股份有限公司 Intelligent lock control method, mobile terminal and intelligent lock system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9479230B2 (en) * 2013-05-31 2016-10-25 Blackberry Limited Systems and methods for data offload in wireless networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101171860A (en) * 2005-04-07 2008-04-30 法国电信公司 Security method and device for managing access to multimedia contents
CN101939963A (en) * 2007-12-07 2011-01-05 法国电信公司 Method of controlling applications installed on a security module associated with a mobile terminal, associated security module, mobile terminal and server
CN101277230A (en) * 2008-04-22 2008-10-01 华为技术有限公司 Method and device for statistic of layering flow
CN201365347Y (en) * 2008-12-12 2009-12-16 东莞市智盾电子技术有限公司 Mobile telephone with independent built-in data assistant device
CN104916022A (en) * 2015-06-16 2015-09-16 广州杰赛科技股份有限公司 Intelligent lock control method, mobile terminal and intelligent lock system

Also Published As

Publication number Publication date
CN106161481A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
RU2718226C2 (en) Biometric data safe handling systems and methods
EP4081921B1 (en) Contactless card personal identification system
CN108763917B (en) Data encryption and decryption method and device
US10615973B2 (en) Systems and methods for detecting data insertions in biometric authentication systems using encryption
WO2016192165A1 (en) Data encryption method and apparatus
CN110378097A (en) Ensure sensing data safety
WO2017063517A1 (en) Near field communication establishing method and device
CN108900296B (en) Secret key storage method based on biological feature identification
CN106161481B (en) A kind of device of mobile terminal physical button isolation safe module prevention security risk
CN111885128A (en) Identity management method based on block chain
CN108322310A (en) It is a kind of to utilize safety equipment Card Reader login method and Security Login System
CN104751105A (en) Fingerprint data verification method, fingerprint data verification device, related equipment and system
CN109495252A (en) Data ciphering method, device, computer equipment and storage medium
WO2020186457A1 (en) Authentication method and apparatus for ip camera
CN107864124A (en) A kind of end message method for security protection, terminal and bluetooth lock
CN106778337A (en) Document protection method, device and terminal
WO2024012517A1 (en) End-to-end data transmission method, and device and medium
WO2017050152A1 (en) Password security system adopted by mobile apparatus and secure password entering method thereof
CN107169368A (en) A kind of computer system ensured information security
CN109639424A (en) A kind of virtual machine image encryption method and device based on different keys
CN108073820A (en) Security processing, device and the mobile terminal of data
CN105787319A (en) Iris recognition-based portable terminal and method for same
CN111698253A (en) Computer network safety system
CN108322907B (en) Card opening method and terminal
CN110084021A (en) Cabinet surface terminal, client, cabinet face data exchange method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant