CN107992735B - Information processing method and device - Google Patents

Information processing method and device Download PDF

Info

Publication number
CN107992735B
CN107992735B CN201610949651.4A CN201610949651A CN107992735B CN 107992735 B CN107992735 B CN 107992735B CN 201610949651 A CN201610949651 A CN 201610949651A CN 107992735 B CN107992735 B CN 107992735B
Authority
CN
China
Prior art keywords
terminal
verification
application state
application
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610949651.4A
Other languages
Chinese (zh)
Other versions
CN107992735A (en
Inventor
辛军
彭华熹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN201610949651.4A priority Critical patent/CN107992735B/en
Publication of CN107992735A publication Critical patent/CN107992735A/en
Application granted granted Critical
Publication of CN107992735B publication Critical patent/CN107992735B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses an information processing method and an information processing system, wherein the information processing method comprises the following steps: and the application state information is used for sending the application state information to the cloud platform to determine whether the flash phenomenon occurs or not. The security component can automatically monitor the change of the application state to form the application state information, and the cloud platform submitting the application state information is convenient for the cloud platform to determine whether the flashing phenomenon occurs or not, so that the flashing phenomenon is monitored, and the malicious flashing phenomenon is monitored.

Description

Information processing method and device
Technical Field
The present invention relates to the field of information technologies, and in particular, to an information processing method and apparatus.
Background
The terminal needs to install the application before running. Some applications are preset applications that are pre-installed before the terminal leaves the factory, and some are installed after the terminal leaves the factory. The terminal is sold to the user and may need to go through one or more levels of dealers. Sometimes, in order to make profit, for example, illegal benefits, a dealer can flush the terminal and install a plurality of applications with safety problems; sometimes, some preset applications are deleted, which causes the problems that the terminal is incomplete or incomplete in some services, and the intelligence of the terminal is further influenced.
In the prior art, a technical scheme capable of well restraining the malicious terminal flashing is not provided temporarily, so that the problem that the malicious terminal flashing is to be solved is urgently needed to be solved.
Disclosure of Invention
In view of the above, embodiments of the present invention are directed to an information processing method and apparatus, which may be used at least to determine whether a flash phenomenon occurs in a terminal.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a first aspect of an embodiment of the present invention provides an information processing method, including:
the security component detects the application state in the terminal to form application state information;
and the application state information is used for sending the application state information to the cloud platform to determine whether the flash phenomenon occurs or not.
Based on the scheme, the safety component operates in the terminal;
the method further comprises the following steps:
acquiring positioning information when the application state in the terminal changes;
sending the application state information and the positioning information to a cloud platform;
the application state information is used for the cloud platform to determine whether the flashing phenomenon occurs or not, and the positioning information is used for the cloud platform to position the flashing position.
Based on the above scheme, the method further comprises:
receiving a judgment result sent by the cloud platform;
when the judgment result indicates that the flashing phenomenon occurs, displaying a verification interface;
detecting a verification operation acting on the verification interface;
and when the verification operation is not detected on the verification interface or the verification operation is not passed, the operation of changing the application state in the terminal is prevented.
Based on the above scheme, when the determination result indicates that the flashing phenomenon occurs, displaying a verification interface, including:
when the judgment result indicates that the flashing phenomenon occurs, displaying a graphic verification window;
the detecting a verification operation acting on the verification interface comprises:
detecting a graphic verification code input according to the display information of the graphic verification window;
the operation of preventing the application state in the terminal from being changed when the verification operation is not detected or the verification operation is not passed on the verification interface comprises the following steps:
and when the input graphic verification code is not detected or the input graphic verification code is wrong, preventing the operation of changing the application state in the terminal.
Based on the above scheme, the method further comprises:
sending the equipment identification information and the user identification information of the terminal to the cloud platform;
the device identification information and the user identification information are used together with the application state information for the cloud platform to judge whether the flash phenomenon occurs or not.
A second aspect of the embodiments of the present invention provides an information processing method, including:
receiving application state information in the terminal detected by the security component; the application state information is formed by the security component detecting the application state in the terminal;
and analyzing the application state information to determine whether the flashing phenomenon occurs.
Based on the above scheme, the method further comprises:
receiving positioning information; wherein the positioning information is detected when the application state in the terminal changes;
and performing flashing positioning according to the positioning information.
Based on the above scheme, the method further comprises:
sending a judgment result indicating whether the flashing phenomenon occurs to the terminal; and the judgment result is used for triggering the terminal to display a verification interface when the flashing phenomenon occurs.
Based on the above scheme, the method further comprises:
receiving device identification information and user identification information of the terminal from the terminal;
the analyzing the application state information and determining whether the terminal has a flashing phenomenon includes:
determining whether N terminals running in one user identifier in a first time window all have operation of changing the application state in the terminal or not according to the user identifier information and the equipment identifier information; n is an integer not less than 2;
and when N terminals running in one user identifier in the first time window all have the operation of changing the application state in the terminal, determining that the flash phenomenon occurs.
Based on the above scheme, the analyzing the application state information and determining whether the terminal has a flashing phenomenon includes:
analyzing the application state information, and determining whether the number of the applications with the changed application states in the second time window reaches a preset number;
and when the application number of which the application state changes in the second time window reaches the preset number, determining that the flash phenomenon occurs.
A third aspect of an embodiment of the present invention provides an information processing apparatus, located in a terminal, including:
the first detection unit is used for detecting the application state in the terminal by using the security component to form application state information;
and the application state information is used for sending the application state information to the cloud platform to determine whether the flash phenomenon occurs or not.
Based on the scheme, the safety component operates in the terminal,
the device further comprises:
the acquisition unit is used for acquiring the positioning information when the application state in the terminal changes;
the first sending unit is used for sending the application state information and the positioning information to a cloud platform;
the application state information is used for the cloud platform to determine whether the flashing phenomenon occurs or not, and the positioning information is used for the cloud platform to position the flashing position.
Based on the above scheme, the apparatus further comprises:
the first receiving unit is used for receiving the judgment result sent by the cloud platform;
the display unit is used for displaying a verification interface when the judgment result indicates that the flashing phenomenon occurs;
the second detection unit is used for detecting the verification operation acting on the verification interface;
and the execution unit is used for preventing the operation of changing the application state in the terminal when the verification operation is not detected or the verification operation is not passed on the verification interface.
Based on the above scheme, the display unit is specifically configured to display a graph verification window when the determination result indicates that the flashing phenomenon occurs;
the second detection unit is specifically used for detecting a graphic verification code input according to the display information of the graphic verification window;
the execution unit is specifically configured to prevent an operation of changing an application state in the terminal when the input pattern verification code is not detected or the input pattern verification code is incorrect.
Based on the above scheme, the first sending unit is configured to send the device identification information and the user identification information of the terminal to the cloud platform;
the device identification information and the user identification information are used together with the application state information for the cloud platform to judge whether the flash phenomenon occurs or not.
A fourth aspect of the embodiments of the present invention provides an information processing apparatus, applied to a cloud platform, including:
the second receiving unit is used for receiving the application state information in the terminal detected by the security component; the application state information is formed by the security component detecting the application state in the terminal;
and the analysis unit is used for analyzing the application state information and determining whether the flashing phenomenon occurs.
Based on the above scheme, the second receiving unit is further configured to receive positioning information; wherein the positioning information is detected when the application state in the terminal changes;
and the positioning unit is used for carrying out flashing positioning according to the positioning information.
Based on the above scheme, the apparatus further comprises:
a second sending unit, configured to send a determination result indicating whether a flashing phenomenon occurs to the terminal; and the judgment result is used for triggering the terminal to display a verification interface when the flashing phenomenon occurs.
Based on the above scheme, the second receiving unit is specifically configured to receive, from the terminal, device identification information and user identification information of the terminal;
the analysis unit is specifically configured to determine whether N terminals running in one user identifier in a first time window all have operations for changing an application state in the terminal according to the user identifier information and the device identifier information; n is an integer not less than 2; and when N terminals running in one user identifier in the first time window all have the operation of changing the application state in the terminal, determining that the flash phenomenon occurs.
Based on the above scheme, the analyzing unit is specifically configured to analyze the application state information, and determine whether the number of applications of which the application states change within the second time window reaches a predetermined number; and when the application number of which the application state changes in the second time window reaches the preset number, determining that the flash phenomenon occurs.
According to the information processing method and device provided by the embodiment of the invention, the security component can monitor the change of the application state in the terminal to form the application state information, and after the application state information is reported to the cloud platform, the cloud platform can conveniently determine whether the current terminal has the flashing phenomenon, so that malicious flashing can be prevented or positioned according to the determination of the flashing phenomenon.
Drawings
Fig. 1 is a schematic flowchart of a first information processing method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a second information processing method according to an embodiment of the present invention;
FIG. 3A is a flowchart illustrating a third information processing method according to an embodiment of the present invention;
FIG. 3B is a flowchart illustrating a fourth information processing method according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a first information processing apparatus according to an embodiment of the present invention;
FIG. 5A is a diagram illustrating a second information processing apparatus according to an embodiment of the present invention;
FIG. 5B is a diagram illustrating a third information processing apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an information system according to an embodiment of the present invention.
Detailed Description
The technical solution of the present invention is further described in detail with reference to the drawings and the specific embodiments of the specification.
As shown in fig. 1, the present embodiment provides an information processing method including:
step S110: detecting an application state in a terminal by using a security component in the terminal to form application state information;
and the application state information is used for sending the application state information to the cloud platform to determine whether the flash phenomenon occurs or not.
The information processing method described in this embodiment may be a method applied to a terminal, and is preferably applied to a communication terminal in this embodiment. The communication terminal can be used in various mobile terminals such as a mobile phone, a tablet computer or an internet of things terminal.
In step S110, a security component in the terminal is used, and the security component may be preset in the terminal before the terminal device is shipped, or may be installed after the terminal is shipped, and is preferably a preset security component.
The security component runs in a terminal background and is used for monitoring the application state in the terminal to form the application state information.
The application state information herein may include any information that the application state changes. For example, information of application deletion and application installation, and may also include information of application update. The application state information may include an application state indication and time information of an application state change.
As shown in fig. 1, the method further comprises:
step S120: acquiring positioning information when the application state in the terminal changes;
step S130: sending the application state information and the positioning information to a cloud platform;
the application state information is used for the cloud platform to determine whether the flashing phenomenon occurs or not, and the positioning information is used for the cloud platform to position the flashing position. In this embodiment, the terminal may also locate its positioning information, for example, GPS information obtained through Global Positioning System (GPS) positioning, or identification information of a base station or WiFi to which the terminal connects. After the base station and the WiFi equipment are set, the positioning information may exist in the communication system at different levels, the terminal establishes connection with the base station or the WiFi equipment, and the terminal can transmit the positioning information by transmitting the identification information of the base station or the WiFi equipment. And the cloud platform can perform auxiliary positioning according to the identification information after receiving the identification information.
In step S130, the application state information and the positioning information are sent to the cloud platform. In this embodiment, the step S130 may report the application state information and the positioning information to the cloud platform once the application state information indicating that the application state changes is detected, or report periodically. During specific implementation, the report can be performed by combining the network state of the terminal. For example, according to the network state of the terminal connection, if the terminal connection is a network of a specified type, the application state information and the positioning information are reported. The implementation type network may include a WiFi network or the like to reduce data traffic consumed by sending the application state information and the positioning information. In this embodiment, the application state information and the positioning information may be sent to the cloud platform respectively, or may also be sent to the cloud platform together at the same time, for example, the application state information may be sent to the cloud platform at a first time, and the positioning information may be sent to the cloud platform at a second time. The first time is different from the second time, so that the security component or the terminal can interact with the cloud platform twice at different times to send the application state information and the positioning information respectively. Of course, the application state information and the positioning information may be sent to the cloud platform by the terminal or the security component at one time.
The terminal monitors application state information by itself in this embodiment, and send application state information and locating information for the cloud platform, the cloud platform can confirm whether the phenomenon of flashing a flash appears according to application state information on the one hand, on the other hand can be according to locating information, fix a position the position of flashing a flash, like this, convenient follow-up position of flashing a flash according to fixing a position out carries out the pursuit and the law of illegal flashing a flash and malicious flashing a flash and pursues, thereby reduce the appearance of illegal flashing a flash and malicious flashing a flash phenomenon, promote the application safety at terminal.
In some embodiments, as shown in fig. 2, the method further comprises:
step S140: receiving a judgment result sent by the cloud platform;
step S150: when the judgment result indicates that the flashing phenomenon occurs, displaying a verification interface;
step S160: detecting a verification operation acting on the verification interface;
step S170: and when the verification operation is not detected on the verification interface or the verification operation is not passed, the operation of changing the application state in the terminal is prevented.
In this embodiment, if the application state of the terminal changes in the changing process, after the application state information is reported, a determination result returned by the cloud platform in time (e.g., in real time) may be received. The judgment result can be used for indicating the judgment of the cloud platform on whether the flashing phenomenon occurs.
And the terminal receives the judgment result, analyzes and determines that the flashing phenomenon occurs, and displays a verification interface. The verification interface may be used to prompt an operator to enter a verification code, or to perform a verification operation. The verification operation is mainly used for verifying whether the user initiates the change operation of the application state.
If illegal flashing or malicious flashing occurs, the flashing is carried out by using the flashing program, and if verification operation is required, time cost and operation cost of flashing are obviously increased, flashing difficulty is increased, and flashing processing can be prevented to a certain extent.
In some embodiments, the step S150 may include: displaying a graphical verification window when the decision is made to hire to indicate the flashing phenomenon;
the step S160 may include:
detecting a graphic verification code input according to the display information of the graphic verification window;
the step S170 may include:
and when the input graphic verification code is not detected or the input graphic verification code is wrong, preventing the operation of changing the application state in the terminal.
The verification of the graphic verification code is performed in this embodiment. The verification information is displayed through the graphic verification window, then a user is required to read the verification information, the verification can be indicated to pass by inputting the corresponding graphic verification code, otherwise, the graphic verification code is not received within the preset time or the input graphic verification code is wrong, the current malicious machine is considered to be a malicious machine, and the malicious machine needs to be stopped, so that the updating operation of the application state is prevented, for example, the application is prevented from being deleted or installed, and the like.
In some embodiments, the method further comprises:
sending the equipment identification information and the user identification information of the terminal to the cloud platform;
the device identification information and the user identification information are used together with the application state information for the cloud platform to judge whether the flash phenomenon occurs or not.
In this embodiment, the device Identification information may include an International Mobile Equipment Identity (IMEI), and the user Identification information may include an International Mobile Subscriber Identity number (IMSI). The user identification information can also comprise a mobile phone number and the like; but is not limited to the above information. In this embodiment, the device identification information and the user identification information may be used to determine whether to use for flashing according to a matching relationship between the device identification information and the user identification information. For example, if one IMSI is used for changing the application state in a plurality of terminals, it may be that malicious flash exists. In this embodiment, the accuracy of the judgment of the flashing phenomenon of the cloud platform can be improved by the occurrence of the device identification information and the user identification information.
As shown in fig. 3A, the present embodiment provides an information processing method including:
step S210: receiving application state information in the terminal detected by the security component; the application state information is formed by the security component detecting the application state in the terminal;
step S220: and analyzing the application state information to determine whether the flashing phenomenon occurs.
The method described in this embodiment may be applied to a cloud platform, and the cloud platform may determine whether a flash phenomenon occurs in the terminal through receiving application state information detected by the security component in the terminal,
for example, according to the reception of the application state information, it is found that a plurality of applications in the terminal are installed and deleted at the same time, or the installation of the similar application B added with the application a executing the a function, and the like, and it can be determined that the flash phenomenon occurs in the terminal.
Further, the air conditioner is provided with a fan,
the method further comprises the following steps:
step S230: receiving positioning information;
in some embodiments, the method further comprises:
receiving positioning information; wherein the positioning information is detected when the application state in the terminal changes;
step S240: and performing flashing positioning according to the positioning information.
In this embodiment, the step S230 may be executed synchronously with the step S210, or may be executed separately, and in order to reduce the number of times of interaction between the terminal and the cloud platform, it is selected that the positioning information and the application state information are received together from the terminal side, and in this case, the step S210 may include steps of: and the terminal receives the application state information and the positioning information.
In step S220, the application state information is analyzed to determine whether a flashing phenomenon occurs, and the flashing position can be easily located according to the location information, so as to implement flashing location.
Therefore, if the illegal flashing or malicious flashing needs to be struck subsequently, tracking can be carried out according to the positioning of the cloud platform, and the occurrence frequency of the phenomena of illegal flashing and malicious flashing can be reduced.
In some embodiments, the method further comprises:
sending a judgment result indicating whether the flashing phenomenon occurs to the terminal;
and the judgment result is used for triggering the terminal to display a verification interface when the flashing phenomenon occurs.
In this embodiment, the cloud platform may receive the application state information from the terminal in real time, make a determination in time, and return the determination result to the terminal. Therefore, after the terminal receives the judgment result, whether verification is needed or not can be determined in time, and whether the operation of the application state change is stopped or not is determined according to the verification result, so that redundant application or unsafe application is avoided, necessary application or preset application is deleted, and the application safety of the terminal is improved.
In some embodiments, the method further comprises:
receiving device identification information and user identification information of the terminal from the terminal;
the step S220 may include:
determining whether N terminals running in one user identifier in a first time window all have operation of changing the application state in the terminal or not according to the user identifier information and the equipment identifier information; n is an integer not less than 2;
and when N terminals running in one user identifier in the first time window all have the operation of changing the application state in the terminal, determining that the flash phenomenon occurs.
In this embodiment, the device identification information is an IMEI, and the user identification information may be the IMSI. In this embodiment, the cloud platform may include one or more servers, and receive the device identification information and the user identification information as well as the application state information and the positioning information from the terminal.
When one of the user identification information corresponds to a user identification; one piece of the device identification information corresponds to one terminal. When malicious or illegal swiping is performed, because a subscriber identity module SIM card or a universal subscriber identity module USIM card is lacked, a person swiping the phone can insert one SIM card or USIM card into a plurality of terminals to perform centralized swiping. If a subscriber identity runs in a plurality of terminals in a short time and the application state in the terminal is changed, the situation is very likely to cause illegal flashing or malicious flashing. In this embodiment, the application state information and the positioning information are combined with the user identification information and the device identification information, so that the recognition accuracy of malicious flash and illegal flash can be improved.
In some embodiments, the step S220 may include: analyzing the application state information, and determining whether the number of the applications with the changed application states in the second time window reaches a preset number; and when the application number of which the application state changes in the second time window reaches the preset number, determining that the flash phenomenon occurs. For example, if the terminal used by the user is a terminal, a plurality of applications are not usually deleted at one time, so the cloud platform in this embodiment may also have a very high probability of being maliciously flashed or illegally flashed according to the number of applications in the second time window in which the application state occurs.
As shown in fig. 4, the present embodiment provides an information processing apparatus including:
a first detection unit 110, configured to detect an application state in the terminal by using the security component to form application state information;
and the application state information is used for sending the application state information to the cloud platform to determine whether the flash phenomenon occurs or not.
The information processing device provided by the embodiment of the invention is included in a security component or a terminal, wherein the terminal can comprise a communication terminal such as a mobile phone or a tablet computer or other types of mobile terminals.
In some embodiments, as shown in fig. 4, the apparatus further comprises:
an obtaining unit 120, configured to obtain positioning information when an application state in the terminal changes;
a first sending unit 130, configured to send the application state information and the positioning information to a cloud platform;
the application state information is used for the cloud platform to determine whether the flashing phenomenon occurs or not, and the positioning information is used for the cloud platform to position the flashing position. The first detection unit 110 and the acquisition unit 120 may correspond to a processor or a processing circuit, which may include a central processing unit, a microprocessor, a digital signal processor, an application processor, or a programmable array. The processing circuit may comprise an application specific integrated circuit.
The processor or processing circuit may implement the operations of the first detection unit 110 and the acquisition unit 120 described above by executing predetermined codes. The first detecting unit 110 and the obtaining unit 120 may correspond to a same processor or processing circuit, or may be divided into different processors or processing circuits.
The first sending unit 130 may correspond to a communication interface, for example, a sending antenna in a terminal, and the first sending unit 130 may send the application state information and the positioning information to the cloud platform.
The information processing apparatus provided by this embodiment sends the cloud platform through the application state information and the positioning information, on one hand, the cloud platform determines whether a malicious flash or an illegal flash exists, on the other hand, the positioning tracking can also be performed, and the attack on the illegal flash or the malicious flash in the subsequent operation is facilitated, so as to reduce the occurrence of the malicious flash and the illegal flash.
In some embodiments, the apparatus further comprises:
the first receiving unit is used for receiving the judgment result sent by the cloud platform;
the display unit is used for displaying a verification interface when the judgment result indicates that the flashing phenomenon occurs;
the second detection unit is used for detecting the verification operation acting on the verification interface;
and the execution unit is used for preventing the operation of changing the application state in the terminal when the verification operation is not detected or the verification operation is not passed on the verification interface.
In this embodiment, the first receiving unit may correspond to a receiving antenna in a terminal, and may be configured to receive a determination result.
The display unit may include various displays, for example, a liquid crystal display, a projection display, an electronic ink display, or an Organic Light Emitting Diode (OLED) display.
The second detection unit may correspond to a touch panel or a voice recognition or image system that may capture gesture operations. The second detection unit may be used to detect a verification operation input by a user.
The execution unit, which may also correspond to the processor or the processing circuit, may prevent malicious flush or illegal flush according to a verification result indicating whether the verification is passed.
In some embodiments, the display unit is specifically configured to display a graphic verification window when the determination result indicates that the flashing phenomenon occurs; the second detection unit is specifically used for detecting a graphic verification code input according to the display information of the graphic verification window; the execution unit is specifically configured to prevent an operation of changing an application state in the terminal when the input pattern verification code is not detected or the input pattern verification code is incorrect.
The graphical verification window displayed by the display unit is displayed in this embodiment. The second detection unit detects the graphical verification code input by the user, for example, the graphical verification code input by the user through a physical keyboard or a virtual keyboard. The graph verification has high reliability compared with the text verification.
In some embodiments, the first sending unit 130 is configured to send the device identification information and the user identification information of the terminal to the cloud platform; the device identification information and the user identification information are used together with the application state information for the cloud platform to judge whether the flash phenomenon occurs or not.
In this embodiment, the first sending unit 130 may be configured to send the device identification information and the user identification information to the cloud platform, and if the cloud platform combines the device identification information and the user identification information, the accuracy of determining whether the flashing phenomenon occurs may be improved.
As shown in fig. 5A, the present embodiment provides an information processing apparatus applied to a cloud platform, including:
a second receiving unit 210, configured to receive application state information in the terminal detected by the security component; the application state information is formed by the security component detecting the application state in the terminal;
and an analyzing unit 220, configured to analyze the application state information, and determine whether a flashing phenomenon occurs.
The embodiment provides an information processing device applied to a cloud platform.
The second receiving unit 210 may correspond to a receiving antenna of the cloud platform, and may be configured to receive application state information and positioning information sent by the terminal.
The parsing unit 220 determines whether a flashing phenomenon occurs currently through parsing of the application state information.
In some embodiments, as shown in fig. 5B, the second receiving unit 210 is further configured to receive positioning information; wherein the positioning information is detected when the application state in the terminal changes;
the device further comprises:
and the positioning unit 230 is used for performing flashing positioning according to the positioning information.
The positioning unit 230 may perform the flashing positioning according to the positioning information. In this embodiment, the parsing unit 220 and the positioning unit 230 may correspond to a processor or a processing circuit. The processor or processing circuit is the same or similar in structure to the processor or processing circuit in the previous embodiment, and will not be repeated here.
In this embodiment, the information processing apparatus can determine whether a flashing phenomenon occurs and locate a flashing position by receiving and analyzing the application state information and the location information, thereby facilitating the tracking of malicious flashing and illegal flashing of the phenomenon.
In some embodiments, the apparatus further comprises:
a second sending unit, configured to send a determination result indicating whether a flashing phenomenon occurs to the terminal; and the judgment result is used for triggering the terminal to display a verification interface when the flashing phenomenon occurs.
The second transmitting unit in this embodiment may also correspond to a communication interface, for example, a transmitting antenna or a communication interface capable of transmitting data.
In some embodiments, the second receiving unit 210 is specifically configured to receive, from the terminal, device identification information and user identification information of the terminal; the parsing unit 220 is specifically configured to determine, according to the user identifier information and the device identifier information, whether each of N terminals operating in a first time window with a user identifier performs an operation of changing an application state in the terminal; n is an integer not less than 2; and when N terminals running in one user identifier in the first time window all have the operation of changing the application state in the terminal, determining that the flash phenomenon occurs.
In other embodiments, the parsing unit 220 is specifically configured to parse the application state information, and determine whether the number of applications of which the application states are changed in the second time window reaches a predetermined number; and when the application number of which the application state changes in the second time window reaches the preset number, determining that the flash phenomenon occurs.
In summary, the embodiment provides an information processing apparatus, which can simply, conveniently and quickly determine whether the flashing phenomenon and flashing positioning occur, and facilitate the tracking of subsequent malicious flashing or illegal flashing.
Several specific examples are provided below in connection with any of the embodiments described above:
example one:
the present example provides an information processing method, and an information processing system involved may be as shown in fig. 6. As shown in fig. 6, the information system includes a terminal and a cloud platform. The terminal may connect to the cloud platform through WiFi or a cell. The cloud platform may include an operation and maintenance management platform and a data analysis platform.
The terminal needs to preset a security component, and the cloud platform can be divided into a big data analysis platform and an operation and maintenance management platform. Big data analysis platforms can be used for data analysis. The operation and maintenance management platform is also used for management of the cloud platform.
The security component is preset in the terminal and used for monitoring the state of application software in the terminal, wherein the state of pre-installed application and whether other unknown third-party applications are illegally pre-installed are included, monitored data are uploaded to the cloud platform, whether the terminal is maliciously refreshed by a dealer is analyzed and judged through a big data analysis platform of the cloud platform, the security component on the terminal side pops up a graphic verification code according to the final judgment result of the cloud platform to confirm the behavior of a user, and therefore the time cost for maliciously refreshing the application by the dealer can be further increased.
The specific working process is as follows:
and a security component is preset in the terminal, operates in a background service mode and ensures that the process is not killed in a white list adding mode. Before the terminal leaves a factory, a list of pre-installed applications is stored in a security component in a configuration file mode, and the list can be updated in a cloud platform pushing mode.
The mobile phone preset security component can monitor the state of the application software and temporarily store the state locally, and mainly comprises the following state information:
the terminal model, IMEI of the terminal, IMSI of the terminal;
pre-installed application deletion time and a pre-installed application deletion list;
non-preinstalled application installation time and a non-preinstalled application installation list;
the position information of the terminal and the wifi name of the terminal connection. The terminal here may comprise a handset.
According to the networking condition of the terminal, the information monitored by the security component is uploaded to the cloud platform for analysis through unscheduled encryption, and the following two conclusions are obtained through designing related rules (algorithms):
pre-installed application deletion is either user-initiated deletion or a dealer malicious swipe application. A large number of unknown third-party applications preset in the terminal result from either user active security or distributor malicious swipe applications.
The terminal side further verifies the operated user according to the judgment result of the cloud platform, and the specific verification mode is as follows:
when the judgment result is that the dealer maliciously deletes the application in batch, the terminal side pops up an image verification code window to require the user to further verify, if the verification is passed, the application is deleted, and if the verification is not passed, the application is not deleted;
and when the judgment result is that the third party application of the position is maliciously installed by the dealer, the terminal side pops up an image verification code window to require the user to perform further verification, if the verification is passed, the third party application is installed, and if the verification is not passed, the third party application cannot be installed.
The rules for the terminal to upload information may be as follows:
uploading the relevant information monitored by the mobile phone side only when the terminal is in a WiFi state; thus, the flow of real terminal users can be saved;
the cloud platform data analysis rules are as follows:
if a large number of pre-installed applications are deleted in a large number of different mobile phones (mobile phone model, IMEI of the mobile phone) within a short time by the same SIM card (IMSI of the terminal), it is determined that the mobile phone is deleted by the dealer before leaving the factory.
And if a single mobile phone corresponds to a single SIM card and a small amount of pre-installed applications are deleted irregularly, the mobile phone is judged to be deleted actively by the user after leaving the factory.
And the same SIM card (IMSI of the terminal) is installed with a large amount of non-preinstalled applications in a large amount of different mobile phones (mobile phone models and IMEIs of the mobile phones) in a short time, and the mobile phone is judged to be installed by a dealer before the factory shipment.
And a single mobile phone corresponds to a single SIM card, and if a small amount of non-preinstalled applications are installed irregularly, the mobile phone is judged to be actively installed by a user after leaving a factory.
Through the position information and the WiFi name information of the mobile phone uploaded by big data analysis, the geographical position of the dealer who swipes the application can be tracked, and then the warehouse which swipes the application can be checked more directly.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (20)

1. An information processing method characterized by comprising:
the security component detects the application state in the terminal to form application state information; the security component runs in the terminal in a background service mode and is guaranteed not to be killed in a white list adding mode;
the application state information is used for sending to the cloud platform to determine whether a flashing phenomenon occurs or not, and is also used for determining whether pre-installation application deletion is caused by active deletion of a user or malicious flashing of a distributor, and whether a large number of unknown third-party applications preset in the terminal are caused by active installation of the user or malicious flashing of the distributor;
when the judgment result of the cloud platform is that the application is deleted in batches maliciously by the dealer, the terminal pops up an image verification code window to require the user to verify; deleting the application if the verification is passed; if the verification fails, the application is not deleted;
when the judgment result of the cloud platform is that the third-party application is maliciously installed in the position by the dealer, the terminal pops up an image verification code window to require the user to verify; installing the terminal if the verification is passed; if the verification fails, the installation cannot be performed.
2. The method of claim 1,
the security component operates in the terminal;
the method further comprises the following steps:
acquiring positioning information when the application state in the terminal changes;
sending the application state information and the positioning information to a cloud platform;
the application state information is used for the cloud platform to determine whether the flashing phenomenon occurs or not, and the positioning information is used for the cloud platform to position the flashing position.
3. The method of claim 1,
the method further comprises the following steps:
receiving a judgment result sent by the cloud platform;
when the judgment result indicates that the flashing phenomenon occurs, displaying a verification interface;
detecting a verification operation acting on the verification interface;
and when the verification operation is not detected on the verification interface or the verification operation is not passed, the operation of changing the application state in the terminal is prevented.
4. The method of claim 3,
when the judgment result indicates that the flashing phenomenon occurs, displaying a verification interface, including:
when the judgment result indicates that the flashing phenomenon occurs, displaying a graphic verification window;
the detecting a verification operation acting on the verification interface comprises:
detecting a graphic verification code input according to the display information of the graphic verification window;
the operation of preventing the application state in the terminal from being changed when the verification operation is not detected or the verification operation is not passed on the verification interface comprises the following steps:
and when the input graphic verification code is not detected or the input graphic verification code is wrong, preventing the operation of changing the application state in the terminal.
5. The method according to any one of claims 1 to 4,
the method further comprises the following steps:
sending the equipment identification information and the user identification information of the terminal to the cloud platform;
the device identification information and the user identification information are used together with the application state information for the cloud platform to judge whether the flash phenomenon occurs or not.
6. An information processing method characterized by comprising:
receiving application state information in the terminal detected by the security component; the application state information is formed by the security component detecting the application state in the terminal; the security component runs in the terminal in a background service mode and is guaranteed not to be killed in a white list adding mode;
analyzing the application state information to determine whether a flashing phenomenon occurs; determining whether the pre-installed application deletion is caused by active user deletion or malicious dealer application swiping, and determining whether a large number of unknown third-party applications preset in the terminal are caused by active user installation or malicious dealer application swiping;
when the judgment result of the cloud platform is that the application is deleted in batches by the dealer maliciously, the terminal pops up an image verification code window to require the user to verify; deleting the application if the verification is passed; if the verification fails, the application is not deleted; when the judgment result of the cloud platform is that the third-party application is maliciously installed in the position by the dealer, the terminal pops up an image verification code window to require the user to verify; installing the terminal if the verification is passed; if the verification fails, the installation cannot be performed.
7. The method of claim 6,
the method further comprises the following steps:
receiving positioning information; wherein the positioning information is detected when the application state in the terminal changes;
and performing flashing positioning according to the positioning information.
8. The method according to claim 6 or 7,
the method further comprises the following steps:
sending a judgment result indicating whether the flashing phenomenon occurs to the terminal; and the judgment result is used for triggering the terminal to display a verification interface when the flashing phenomenon occurs.
9. The method according to claim 6 or 7,
the method further comprises the following steps:
receiving device identification information and user identification information of the terminal from the terminal;
the analyzing the application state information and determining whether the terminal has a flashing phenomenon includes:
determining whether N terminals running in one user identifier in a first time window all have operation of changing the application state in the terminal or not according to the user identifier information and the equipment identifier information; n is an integer not less than 2;
and when N terminals running in one user identifier in the first time window all have the operation of changing the application state in the terminal, determining that the flash phenomenon occurs.
10. The method according to claim 6 or 7,
the analyzing the application state information and determining whether the terminal has a flashing phenomenon includes:
analyzing the application state information, and determining whether the number of the applications with the changed application states in the second time window reaches a preset number;
and when the application number of which the application state changes in the second time window reaches the preset number, determining that the flash phenomenon occurs.
11. An information processing apparatus characterized by comprising:
the first detection unit is used for detecting the application state in the terminal by using the security component to form application state information; the security component runs in the terminal in a background service mode and is guaranteed not to be killed in a white list adding mode;
the application state information is used for sending to the cloud platform to determine whether a flashing phenomenon occurs or not, and is also used for determining whether pre-installation application deletion is caused by active deletion of a user or malicious flashing of a distributor, and whether a large number of unknown third-party applications preset in the terminal are caused by active installation of the user or malicious flashing of the distributor;
the verification unit is used for popping up an image verification code window to require a user to verify when the judgment result of the cloud platform is that the application is deleted in batches by the dealer maliciously; deleting the application if the verification is passed; if the verification fails, the application is not deleted; when the judgment result of the cloud platform is that the third-party application of the malicious installation position of the dealer exists, popping up an image verification code window to request the user to verify; installing the terminal if the verification is passed; if the verification fails, the installation cannot be performed.
12. The apparatus of claim 11, wherein the security component operates in the terminal,
the device further comprises:
the acquisition unit is used for acquiring the positioning information when the application state in the terminal changes;
the first sending unit is used for sending the application state information and the positioning information to a cloud platform;
the application state information is used for the cloud platform to determine whether the flashing phenomenon occurs or not, and the positioning information is used for the cloud platform to position the flashing position.
13. The apparatus of claim 11,
the device further comprises:
the first receiving unit is used for receiving the judgment result sent by the cloud platform;
the display unit is used for displaying a verification interface when the judgment result indicates that the flashing phenomenon occurs;
the second detection unit is used for detecting the verification operation acting on the verification interface;
and the execution unit is used for preventing the operation of changing the application state in the terminal when the verification operation is not detected or the verification operation is not passed on the verification interface.
14. The apparatus of claim 13,
the display unit is specifically used for displaying a graph verification window when the judgment result indicates that the flashing phenomenon occurs;
the second detection unit is specifically used for detecting a graphic verification code input according to the display information of the graphic verification window;
the execution unit is specifically configured to prevent an operation of changing an application state in the terminal when the input pattern verification code is not detected or the input pattern verification code is incorrect.
15. The apparatus of claim 12,
the first sending unit is used for sending the equipment identification information and the user identification information of the terminal to the cloud platform;
the device identification information and the user identification information are used together with the application state information for the cloud platform to judge whether the flash phenomenon occurs or not.
16. An information processing apparatus, applied to a cloud platform, includes:
the second receiving unit is used for receiving the application state information in the terminal detected by the security component; the application state information is formed by the security component detecting the application state in the terminal; the security component runs in the terminal in a background service mode and is guaranteed not to be killed in a white list adding mode;
the analysis unit is used for analyzing the application state information and determining whether the flashing phenomenon occurs or not; determining whether the pre-installed application deletion is caused by active user deletion or malicious dealer application swiping, and determining whether a large number of unknown third-party applications preset in the terminal are caused by active user installation or malicious dealer application swiping;
when the judgment result of the cloud platform is that the application is deleted in batches by the dealer maliciously, the terminal pops up an image verification code window to require the user to verify; deleting the application if the verification is passed; if the verification fails, the application is not deleted; when the judgment result of the cloud platform is that the third-party application is maliciously installed in the position by the dealer, the terminal pops up an image verification code window to require the user to verify; installing the terminal if the verification is passed; if the verification fails, the installation cannot be performed.
17. The apparatus of claim 16,
the second receiving unit is further configured to receive positioning information; wherein the positioning information is detected when the application state in the terminal changes;
and the positioning unit is used for carrying out flashing positioning according to the positioning information.
18. The apparatus of claim 17,
the device further comprises:
a second sending unit, configured to send a determination result indicating whether a flashing phenomenon occurs to the terminal; and the judgment result is used for triggering the terminal to display a verification interface when the flashing phenomenon occurs.
19. The apparatus of claim 17,
the second receiving unit is specifically configured to receive, from the terminal, device identification information and user identification information of the terminal;
the analysis unit is specifically configured to determine whether N terminals running in one user identifier in a first time window all have operations for changing an application state in the terminal according to the user identifier information and the device identifier information; n is an integer not less than 2; and when N terminals running in one user identifier in the first time window all have the operation of changing the application state in the terminal, determining that the flash phenomenon occurs.
20. The apparatus of any one of claims 16 to 19,
the analysis unit is specifically configured to analyze the application state information, and determine whether the number of applications of which the application states change within a second time window reaches a predetermined number; and when the application number of which the application state changes in the second time window reaches the preset number, determining that the flash phenomenon occurs.
CN201610949651.4A 2016-10-26 2016-10-26 Information processing method and device Active CN107992735B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610949651.4A CN107992735B (en) 2016-10-26 2016-10-26 Information processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610949651.4A CN107992735B (en) 2016-10-26 2016-10-26 Information processing method and device

Publications (2)

Publication Number Publication Date
CN107992735A CN107992735A (en) 2018-05-04
CN107992735B true CN107992735B (en) 2021-07-13

Family

ID=62029412

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610949651.4A Active CN107992735B (en) 2016-10-26 2016-10-26 Information processing method and device

Country Status (1)

Country Link
CN (1) CN107992735B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103716780A (en) * 2013-12-25 2014-04-09 广西大学 User equipment flashing control method and user equipment flashing control system
CN104732384A (en) * 2013-12-24 2015-06-24 中兴通讯股份有限公司 Processing method and system for application software online payment
CN105100130A (en) * 2014-04-25 2015-11-25 北京奇虎科技有限公司 Terminal device and terminal device theft prevention method and system
CN105787349A (en) * 2016-02-29 2016-07-20 宇龙计算机通信科技(深圳)有限公司 Safe phone refreshing method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9591484B2 (en) * 2012-04-20 2017-03-07 T-Mobile Usa, Inc. Secure environment for subscriber device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104732384A (en) * 2013-12-24 2015-06-24 中兴通讯股份有限公司 Processing method and system for application software online payment
CN103716780A (en) * 2013-12-25 2014-04-09 广西大学 User equipment flashing control method and user equipment flashing control system
CN105100130A (en) * 2014-04-25 2015-11-25 北京奇虎科技有限公司 Terminal device and terminal device theft prevention method and system
CN105787349A (en) * 2016-02-29 2016-07-20 宇龙计算机通信科技(深圳)有限公司 Safe phone refreshing method and device

Also Published As

Publication number Publication date
CN107992735A (en) 2018-05-04

Similar Documents

Publication Publication Date Title
US10779159B2 (en) System, method, apparatus, and computer program product for providing mobile device support services
US10757102B2 (en) Methods, apparatus, and systems for identity authentication
US10147096B2 (en) Device diagnostic and data retrieval
CN105873068B (en) Method and device for identifying pseudo base station
US8855627B2 (en) System and method for enhanced diagnostics on mobile communication devices
CN111026640B (en) Vehicle-mounted equipment testing method, system, mobile terminal and storage medium
CN102804144A (en) Remotely locating and commanding a mobile device
CN107493378B (en) Method and device for logging in application program, computer equipment and readable storage medium
US20160174132A1 (en) Method and apparatus for limiting the use of a mobile communications device
CN105101122A (en) Verification code inputting method and device
CN107154919B (en) Safe login method and device
US20210035062A1 (en) Information prompt
CN105493098B (en) Terminal device, method for protecting terminal device, and terminal management server
CN110634191B (en) Authentication method, apparatus, medium, and device
WO2019134589A1 (en) Pseudo base station positioning method, terminal, and computer-readable storage medium
CN107992735B (en) Information processing method and device
US10158665B2 (en) Anti-malware detection and removal systems and methods
CN107968799B (en) Information acquisition method, terminal equipment and system
CN107347055B (en) User information processing method and device, storage medium and server
CN110944320B (en) Smart card identification method, smart card identification system and computer-readable storage medium
CN107995150A (en) Auth method and device
CN112333129B (en) Method, device, equipment and storage medium for determining equipment type
CN104967512A (en) Security verification prompting method and apparatus
KR101521476B1 (en) Device apparatus and computer-readable recording medium for protective of device
CN108595956B (en) Method and device for identifying embezzlement of digital signature, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant