WO2015188447A1 - Communication terminal and security management method and device thereof, and computer readable storage medium - Google Patents

Communication terminal and security management method and device thereof, and computer readable storage medium Download PDF

Info

Publication number
WO2015188447A1
WO2015188447A1 PCT/CN2014/084822 CN2014084822W WO2015188447A1 WO 2015188447 A1 WO2015188447 A1 WO 2015188447A1 CN 2014084822 W CN2014084822 W CN 2014084822W WO 2015188447 A1 WO2015188447 A1 WO 2015188447A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication terminal
authentication
security
usb connection
module
Prior art date
Application number
PCT/CN2014/084822
Other languages
French (fr)
Chinese (zh)
Inventor
杨飞
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015188447A1 publication Critical patent/WO2015188447A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Definitions

  • the present invention relates to the field of communications, and in particular, to a communication terminal, a security management method thereof, a device, and a computer readable storage medium. Background technique
  • a smart phone or terminal is a portable mobile communication device with a touch screen as a basic input and output device.
  • Its mainstream operating systems are Android, Mac-OS and WP7/WP8.
  • the Android system has the largest number of manufacturers and the largest market share because of the open platform. The following is an example of the Android system.
  • the software version of the Android system smartphone or terminal is mainly ICS4.0 and above, and it provides a graphic and personal identification number (PIN) in the lock screen mode of the security setting, and the lock screen security mode of the password, the user Personal information on your phone or terminal can be protected by setting a lock screen security method.
  • PIN graphic and personal identification number
  • USB Debugging For convenience, most smartphone users will keep “USB Debugging” in the On mode so that they can manage their phones at any time with a third-party smartphone management software on their computer via a USB cable.
  • the default security method of the current smart phone or terminal system is that as long as "USB debugging" is turned on on the mobile phone, the user can directly obtain the information on the mobile phone through the data line regardless of whether the user uses the lock screen security mode.
  • the default security method of this smart phone system is inconsistent with the original intention of the user to enable the lock screen security mode. It is equivalent to connecting the USB data cable and the computer, bypassing the user's security line for reading the personal information inside the mobile phone, the user's hand. Once the machine or terminal is lost or out of control, the user's personal information data will be stolen through this route. Summary of the invention
  • embodiments of the present invention provide a communication terminal, a security management method, apparatus, and computer readable storage medium.
  • the embodiment of the invention provides a communication terminal security management method, including:
  • secure access authentication is performed on the communication terminal, such as authentication, allowing the communication terminal to establish a USB connection with the external terminal.
  • performing security access authentication on the communication terminal includes: displaying a security authentication interface on the communication terminal prompting a user to input a security authentication key; and inputting a security authentication key and a user input
  • the security authentication keys stored in advance in the communication terminal are compared, and if the two are matched, the authentication is successful.
  • the secure access authentication includes at least one of PIN authentication, graphic authentication, and password authentication.
  • the communication terminal is an Android system communication terminal.
  • the communication terminal when the authentication fails, the communication terminal is prohibited from establishing a USB connection with the external terminal.
  • the embodiment of the invention further provides a communication terminal security management device, comprising: a USB connection detection module, a security management module, a security authentication module, and a USB connection execution module;
  • the USB connection detecting module is configured to: after detecting that the communication terminal and the external terminal are ready to establish a USB connection, send a USB connection preparation notification to the security management module;
  • the security management module is configured to: after receiving the USB connection preparation notification, determine whether the communication terminal currently sets a security access authentication, and if yes, send a security authentication notification to the security authentication module; After receiving the security authentication notification, the security authentication module performs security access authentication on the communication terminal, and sends an authentication success notification to the USB connection execution module when the authentication is passed;
  • the USB connection execution module after receiving the authentication success notification, allows the communication terminal to establish a USB connection with the external terminal.
  • the security authentication module includes a key receiving submodule and a matching submodule
  • the key receiving submodule is configured to receive a security authentication key input by a user through a security authentication interface
  • the matching submodule is configured to compare the security authentication key with a security authentication key pre-stored in the communication terminal, and if the two are matched, the authentication succeeds.
  • the communication terminal is an Android system communication terminal.
  • An embodiment of the present invention further provides a communication terminal, including a processor, a memory, a USB interface, and a display;
  • the memory is configured to store at least one program module
  • the processor is configured to perform the following process according to at least one program module in the memory:
  • the USB interface After detecting, by the USB interface, that the communication terminal and the external terminal are ready to establish a USB connection, determining whether the communication terminal is currently set with secure access authentication; if yes, performing secure access authentication, such as authentication, allowing the communication terminal to be The external terminal establishes a USB connection;
  • the display is configured to display respective status interfaces of the communication terminal.
  • the communication terminal is a communication terminal of an Android system.
  • the processor prohibits the communication terminal from establishing a USB connection with the external terminal according to the failure of the program module authentication.
  • the embodiment of the invention further provides a computer readable storage medium, the storage medium comprising a set of computer executable instructions, the instructions being used to execute the communication terminal security tube of the above embodiment Method.
  • the communication terminal and the security management method and device thereof and the computer readable storage medium provided by the embodiment of the present invention detect that the communication terminal and the external terminal are ready to establish a USB connection, and determine whether the communication terminal currently sets the security access authentication; , the security access authentication is performed on the communication terminal, and only the authentication is passed, the communication terminal is allowed to establish a USB connection with the external terminal; otherwise, the USB connection is not allowed to be established. It can be seen that, according to the solution provided by the present invention, before the communication terminal establishes an effective USB connection with the external terminal, if the communication terminal itself has a secure access authentication (for example, a power-on key or a lock screen key is set), the communication must be performed. The security access authentication is completed on the terminal.
  • a secure access authentication for example, a power-on key or a lock screen key is set
  • an effective USB connection can be established.
  • the user can access the content stored in the communication terminal through the USB terminal through the external terminal. Otherwise, the USB connection is prohibited;
  • the communication terminal with the secure access authentication is lost or not within the scope of the user control, other users may steal the data in the communication terminal through the USB connection, which may improve the security of the communication terminal; thereby improving the satisfaction of the user experience.
  • FIG. 1 is a schematic flowchart of a communication terminal security management method according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram 1 of a communication terminal security management apparatus according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a communication terminal security management apparatus according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of a communication terminal according to an embodiment of the present invention
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • the communication terminal security management method provided in this embodiment is mainly for performing security management when a communication terminal establishes a USB connection with an external terminal; for example, when a mobile phone and a computer are connected by USB, Mobile phone for security management.
  • the communication terminal security management method in this embodiment includes:
  • Step 101 It is detected that the communication terminal and the external terminal are ready to establish a USB connection.
  • the preparation of the USB connection means that the communication terminal has detected that the physical connection has been established with the external terminal through the USB interface, but the USB connection process of the communication terminal has not been called to establish an effective USB communication link connection; the external part in this embodiment
  • the terminal mainly refers to various PC terminals such as desktop computers and notebooks; of course, it is not excluded that it can be various tablet computers or even various mobile phone smart terminals.
  • Step 102 It is judged whether the communication terminal currently sets the security access authentication. If yes, go to step 103; otherwise, go to step 105.
  • the security access authentication here refers to the security authentication settings that need to be performed when accessing the communication terminal, for example, it can be a power-on password (for example, by setting a PIN (PIN: Personal Identification Number), a password, etc.) or a lock screen password (specifically Implemented by pattern, password or PIN).
  • PIN Personal Identification Number
  • PIN Personal Identification Number
  • PIN Personal Identification Number
  • PIN Personal Identification Number
  • PIN Personal Identification Number
  • Step 103 Perform secure access authentication on the communication terminal.
  • Step 104 Determine whether the security authentication is passed, and if yes, go to step 105; otherwise, go to step 106.
  • Step 105 Allow the communication terminal to establish a USB connection with the external terminal.
  • Step 106 Prevent the communication terminal from establishing a USB connection with the external terminal.
  • the security access authentication process on the communication terminal includes: displaying a security authentication interface on the communication terminal, prompting the user to input a security authentication key; and inputting the security authentication key input by the user and the security authentication pre-stored in the communication terminal
  • the key (that is, the security authentication key set by the user before) is compared. If the two are matched, the authentication succeeds.
  • the secure access authentication in this embodiment may include at least one of PIN authentication, graphics authentication, and password authentication. For example, if the user sets the lock screen graphically on the communication terminal, the security of the lock screen is displayed on the communication terminal during security authentication.
  • the interface is a graphical input interface, and the user can input the corresponding graphic to complete the authentication on the interface. If the user sets the lock screen by means of a digital password on the communication terminal, the corresponding lock screen authentication interface is displayed on the communication terminal, and the interface is a digital input interface at this time, and the user can input the corresponding number on the interface. The password completes the authentication.
  • the method further includes:
  • the communication terminal before the communication terminal establishes an effective USB connection with the external terminal, if the communication terminal itself has a secure access authentication (for example, a power-on key or a lock screen key, etc.), The secure access authentication is completed on the communication terminal. After the authentication is successful, an effective USB connection can be established. At this time, the user can access the content stored in the communication terminal through the USB terminal through the external terminal. Otherwise, the USB connection is prohibited; When the communication terminal with the secure access authentication is lost or not within the control range of the user, other users may steal the data in the communication terminal through the USB connection, thereby improving the security of the communication terminal; thereby improving the satisfaction of the user experience.
  • a secure access authentication for example, a power-on key or a lock screen key, etc.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • the embodiment provides a communication terminal security management apparatus, including: a USB connection detection module 11, a security management module 12, a security authentication module 13, and a USB connection execution module 14, wherein:
  • the USB connection detecting module 11 is configured to detect that the communication terminal and the external terminal are ready to be established. After the USB connection, the USB connection preparation notification is sent to the security management module 12 to notify the security management module 12 to perform subsequent management and control;
  • the security management module 12 is configured to: after receiving the USB connection preparation notification, determine whether the communication terminal currently sets the security access authentication, and if yes, send the security authentication notification to the security authentication module 13; the security authentication module 13 receives the security authentication notification. After that, the security access authentication is performed on the communication terminal, and the authentication success notification is sent to the USB connection execution module 14;
  • the USB connection execution module 14 allows the communication terminal to establish a USB connection with the external terminal after receiving the authentication success notification; and completes the USB connection between the communication terminal and the external terminal.
  • the security authentication module 13 in this embodiment specifically includes a key receiving submodule and a matching submodule, where:
  • the key receiving submodule is configured to receive a security authentication key input by the user through a security authentication interface of the communication terminal;
  • the matching submodule is configured to compare the security authentication key input by the user with a security authentication key pre-stored in the communication terminal (that is, a security authentication key set by the user before), if the graphic authentication and the password authentication are performed. At least one. For example, if the user sets the lock screen graphically on the communication terminal, when the security authentication is performed, the screen lock authentication interface is displayed on the communication terminal, and the interface is a graphic input interface, and the user can input on the interface. The corresponding graphic completes the authentication. If the user sets the lock screen by means of a digital password on the communication terminal, the corresponding lock screen authentication interface is displayed on the communication terminal, and the interface is a digital input interface at this time, and the user can input the corresponding number on the interface. The password completes the authentication.
  • the communication terminal in this embodiment may specifically be an Android system communication terminal; as shown in FIG. 3, the communication terminal security management apparatus may further include a USB status monitoring module 15 for detecting the communication terminal and the external at the USB connection detection module 11 After the terminal is ready to establish a USB connection, the security management module 12 determines whether the "USB debugging" of the communication terminal is turned on before determining whether the communication terminal currently sets the security access authentication; if not, the system directly prohibits the USB connection by default. Established; if there is an open, the security management module 12 performs the subsequent determination process.
  • each module of the device can be implemented completely on the side of the communication terminal, for example, the USB connection detection module 11 and the security management module described above.
  • the security authentication module 13, the USB connection execution module 14, and the USB status monitoring module 15 may be configured by a central processing unit (CPU) of a communication terminal, a processor (MPU, Micro Processing Unit), and a digital signal processor (DSP).
  • CPU central processing unit
  • MPU Micro Processing Unit
  • DSP digital signal processor
  • the security authentication module 13 is implemented by the CPU, MPU, DSP or FPGA of the communication terminal, and other parts are implemented on the external terminal side (for example, the USB connection detection module 11, the USB connection execution module 14, and the USB status monitoring module 15 are external terminals).
  • CPU, MPU, DSP or FPGA implementation Digital Signal Processor or FPGA (Field-Programmable Gate Array) implementation; or part of the implementation of the communication terminal (for example, part of the secure access authentication is implemented on the side of the communication terminal, the security management module 12,
  • the security authentication module 13 is implemented by the CPU, MPU, DSP or FPGA of the communication terminal, and other parts are implemented on the external terminal side (for example, the USB connection detection module 11, the USB connection execution module 14, and the USB status monitoring module 15 are external terminals).
  • CPU, MPU, DSP or FPGA implementation are examples of the USB connection detection module 11, the USB connection execution module 14, and the USB status monitoring module 15 are external terminals.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • the communication terminal (which may be various smart phones, IPAD or payment terminal, etc.) provided by the embodiment of the present invention includes a processor 23, a memory 22, a USB interface 21, and a display 24;
  • the memory 22 is configured to store at least one program module; the program module may include a program module for implementing security management in the foregoing embodiments;
  • the processor 23 is configured to perform the following process according to at least one program module in the memory: after detecting that the communication terminal and the external terminal are ready to establish a USB connection by using the USB interface 21 of the communication terminal, determining whether the communication terminal currently sets the security access authentication; If yes, perform security access authentication, such as authentication, to allow the communication terminal to establish a USB connection with the external terminal; otherwise, the communication terminal is prohibited from establishing a USB connection by the external terminal;
  • the display 24 is configured to display various status interfaces of the communication terminal; for example, display various security authentication interfaces.
  • the processor includes the following processes when it completes the security certification:
  • the secure access authentication in this embodiment may include at least one of PIN authentication, graphics authentication, and password authentication. For example, if the user sets the lock screen graphically on the communication terminal, when the security authentication is performed, the screen lock authentication interface is displayed on the communication terminal, and the interface is a graphic input interface, and the user can input on the interface. The corresponding graphic completes the authentication.
  • the corresponding lock screen authentication interface is displayed on the communication terminal, and the interface is a digital input interface at this time, and the user can input the corresponding number on the interface.
  • the password completes the authentication.
  • USB debugging for a communication terminal (such as an Android system communication terminal) having a "USB debugging" function in the system, if "USB debugging" is not started, the system prohibits the communication terminal from establishing a USB connection with the external terminal by default. . Therefore, in this embodiment, after the processor detects that the communication terminal and the external terminal are ready to establish a USB connection, and determines whether the communication terminal currently sets the security access authentication, the processor further includes: determining the communication terminal. USB debugging "is turned on; if it is not turned on, the establishment of the USB connection is directly prohibited; if it is turned on, the subsequent judgment process is performed.
  • Embodiment 4 is a diagrammatic representation of Embodiment 4:
  • the mobile terminal is an Android mobile phone
  • the external terminal is a computer as an example for further exemplary description. See Figure 5, including:
  • Step 501 The phone is powered on for initialization.
  • the USB daemon of the phone reads the "USB Debug" configuration item to determine whether to invoke the USB connection process; the Local Security Monitor daemon initiates and reads the system security encryption configuration item).
  • Step 502 Set the status of the "USB Debugging" of the mobile phone to ON, and set a security Encryption methods, such as graphics, PIN, password, etc.
  • Step 503 It is detected that the mobile phone and the computer are ready for USB connection; at this time, the USB connection process of the mobile phone is not yet called.
  • Step 504 It is judged whether the "USB debugging" of the mobile phone is turned on, and if so, the process goes to step 505, otherwise, the process goes to step 510.
  • Step 505 Determine whether the mobile phone is set to secure access authentication; if yes, go to step 506; otherwise, go to step 508.
  • the USB listening process of the mobile phone is called, the mobile phone system service management software module (Service Manager) is started, and the USB connection process of the mobile phone is not yet called.
  • Service Manager the mobile phone system service management software module
  • Step 506 Determine that the mobile phone has set the security access authentication, and then complete the authentication by receiving the security authentication key input by the user through the corresponding authentication interface.
  • This step can call the loc_security_manage() function of the mobile phone; the loc_security_manage() function calls Service Manager, and establishes communication with the System Security Manager and Terminal UI through the Socket Service; the Socket Service is responsible for calling the daemon such as real-time monitoring. Terminal communication is responsible for the display of each interface on the mobile phone. System Security Manager is responsible for the original security status monitoring of the mobile phone system and the verification management of graphics, PIN, password, etc. Step 507: Determine whether the authentication is successful, if yes, go to Step 508; otherwise, go to the step
  • Step 508 Allow the mobile phone to establish a USB connection with the computer.
  • loc_USB-connect() function of the mobile phone controls the Service Manager, allowing it to call the USB connection process, completing the USB interface enumeration and establishing a communication connection with the computer; after the USB interface enumeration is completed, loc_security_ manage The () function calls the Terminal UI and outputs the message "USB successfully connected to the computer" on the screen of the mobile phone, prompting the user to complete the connection.
  • Step 509 It is detected that the USB connection is dialed out and the USB connection is disconnected.
  • the USB listener sends this state parameter to the loc_security_manage() function; the loc_security_manage() function calls Service Manager. Inform the USB connection process to disconnect the USB interface.
  • Step 510 Prevent the mobile phone from establishing a USB connection with the computer terminal.
  • the loc_USB_connectO function of the mobile phone notifies the Service Manager that it is not allowed to call the USB connection process, and USB communication is prohibited.
  • the embodiment of the present invention further provides a computer readable storage medium, the storage medium comprising a set of computer executable instructions for performing a communication terminal security management method according to an embodiment of the present invention.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment of a combination of software and hardware. Moreover, the invention can be embodied in the form of a computer program product embodied on one or more computer usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

Abstract

Disclosed are a communication terminal and a security management method and device thereof, and a computer readable storage medium. The method comprises: after it is detected that a communication terminal prepares to establish a USB connection with an external terminal, judging whether security access authentication is currently set for the communication terminal; if yes, conducting security access authentication on the communication terminal, and only if the authentication has passed, permitting the communication terminal to establish the USB connection with the external terminal; otherwise, not permitting to establish the USB connection.

Description

通信终端及其安全管理方法、 装置和计算机可读存储介质 技术领域  Communication terminal and security management method thereof, device and computer readable storage medium
本发明涉及通信领域, 具体涉及一种通信终端及其安全管理方法、 装 置和计算机可读存储介质。 背景技术  The present invention relates to the field of communications, and in particular, to a communication terminal, a security management method thereof, a device, and a computer readable storage medium. Background technique
智能手机或终端( Smart Phone or Terminal ), 是一种方便携带的个人移 动通信设备, 以触摸屏作为基本的输入输出设备。 其主流的操作系统有 Android, Mac-OS及 WP7/WP8等。其中 Android系统因为平台开放的原因, 生产厂家最多,市场占有率最大,下面就以 Android系统进行示例性的说明。  A smart phone or terminal is a portable mobile communication device with a touch screen as a basic input and output device. Its mainstream operating systems are Android, Mac-OS and WP7/WP8. Among them, the Android system has the largest number of manufacturers and the largest market share because of the open platform. The following is an example of the Android system.
目前 Android系统智能手机或终端的软件版本主要为 ICS4.0及以上, 其在安全设置的锁屏方式中提供了图形及个人识别码 (PIN, Personal Identification Number ), 密码的锁屏安全方式, 用户通过设置锁屏安全方式 可以保护手机或终端上的个人信息。 随着移动支付的日益盛行, 智能手机 或终端中保存的用户的重要、敏感信息越来越多,如个人支付账号、邮箱、 密码、 文件、 相片等, 用户的安全意识也逐步提高, 越来越多的用户开始 启用智能手机系统提供的图形及 PIN码、 密码安全方式, 来保护个人信息 安全。 出于方便原因, 大部分智能手机用户会使 "USB调试" 一直处于开 启模式, 以便通过 USB数据线随时用电脑上的第三方智能手机管理软件来 管理自己的手机。 而目前的智能手机或终端的系统默认的安全方式是只要 "USB调试" 在手机上被打开, 不论用户是否使用了锁屏安全方式, 都可 以用电脑通过数据线直接获取手机上的信息。 这种智能手机系统默认的安 全方式与用户启用锁屏安全方式的初衷不符, 相当于通过 USB数据线和电 脑连接, 绕过了用户设定的读取手机内部个人信息的安全防线, 用户的手 机或终端一旦遗失或失控, 用户的个人信息数据会通过此途径被窃。 发明内容 At present, the software version of the Android system smartphone or terminal is mainly ICS4.0 and above, and it provides a graphic and personal identification number (PIN) in the lock screen mode of the security setting, and the lock screen security mode of the password, the user Personal information on your phone or terminal can be protected by setting a lock screen security method. With the increasing popularity of mobile payments, more and more important and sensitive information is stored in smartphones or terminals, such as personal payment accounts, mailboxes, passwords, files, photos, etc., and users' awareness of security is gradually increasing. The more users start to enable the graphics and PIN code and password security methods provided by the smartphone system to protect personal information. For convenience, most smartphone users will keep "USB Debugging" in the On mode so that they can manage their phones at any time with a third-party smartphone management software on their computer via a USB cable. The default security method of the current smart phone or terminal system is that as long as "USB debugging" is turned on on the mobile phone, the user can directly obtain the information on the mobile phone through the data line regardless of whether the user uses the lock screen security mode. The default security method of this smart phone system is inconsistent with the original intention of the user to enable the lock screen security mode. It is equivalent to connecting the USB data cable and the computer, bypassing the user's security line for reading the personal information inside the mobile phone, the user's hand. Once the machine or terminal is lost or out of control, the user's personal information data will be stolen through this route. Summary of the invention
为了解决现有存在的技术问题, 本发明实施例提供一种通信终端及其 安全管理方法、 装置和计算机可读存储介质。  In order to solve the existing technical problems, embodiments of the present invention provide a communication terminal, a security management method, apparatus, and computer readable storage medium.
本发明实施例提供了一种通信终端安全管理方法, 包括:  The embodiment of the invention provides a communication terminal security management method, including:
检测到通信终端与外部终端准备建立 USB连接后, 判断所述通信终端 当前是否设置了安全访问认证;  After detecting that the communication terminal and the external terminal are ready to establish a USB connection, determining whether the communication terminal currently sets the security access authentication;
如是, 在所述通信终端上进行安全访问认证, 如认证通过, 允许所述 通信终端与所述外部终端建立 USB连接。  If so, secure access authentication is performed on the communication terminal, such as authentication, allowing the communication terminal to establish a USB connection with the external terminal.
在本发明的一种实施例中, 在所述通信终端上进行安全访问认证包括: 在所述通信终端上显示安全认证界面提示用户输入安全认证密钥; 将用户输入的安全认证密钥与所述通信终端内预先存储的安全认证密 钥进行比对, 若经比对二者匹配, 则认证成功。  In an embodiment of the present invention, performing security access authentication on the communication terminal includes: displaying a security authentication interface on the communication terminal prompting a user to input a security authentication key; and inputting a security authentication key and a user input The security authentication keys stored in advance in the communication terminal are compared, and if the two are matched, the authentication is successful.
在本发明的一种实施例中, 所述安全访问认证包括 PIN认证、 图形认 证和密码认证中的至少一种。  In an embodiment of the invention, the secure access authentication includes at least one of PIN authentication, graphic authentication, and password authentication.
在本发明的一种实施例中, 所述通信终端为安卓系统通信终端。  In an embodiment of the invention, the communication terminal is an Android system communication terminal.
在本发明的一种实施例中, 在认证失败时, 禁止所述通信终端与所述 外部终端建立 USB连接  In an embodiment of the present invention, when the authentication fails, the communication terminal is prohibited from establishing a USB connection with the external terminal.
本发明实施例还提供了一种通信终端安全管理装置, 包括: USB连接 检测模块、 安全管理模块、 安全认证模块以及 USB连接执行模块;  The embodiment of the invention further provides a communication terminal security management device, comprising: a USB connection detection module, a security management module, a security authentication module, and a USB connection execution module;
所述 USB连接检测模块, 配置为检测到所述通信终端与外部终端准备 建立 USB连接后, 向所述安全管理模块发送 USB连接准备通知;  The USB connection detecting module is configured to: after detecting that the communication terminal and the external terminal are ready to establish a USB connection, send a USB connection preparation notification to the security management module;
所述安全管理模块, 配置为收到所述 USB连接准备通知后, 判断所述 通信终端当前是否设置了安全访问认证, 如是, 向所述安全认证模块发送 安全认证通知; 所述安全认证模块, 收到所述安全认证通知后, 在所述通信终端上进 行安全访问认证, 并在认证通过时将认证成功通知发给所述 USB连接执行 模块; The security management module is configured to: after receiving the USB connection preparation notification, determine whether the communication terminal currently sets a security access authentication, and if yes, send a security authentication notification to the security authentication module; After receiving the security authentication notification, the security authentication module performs security access authentication on the communication terminal, and sends an authentication success notification to the USB connection execution module when the authentication is passed;
所述 USB连接执行模块, 收到所述认证成功通知后, 允许所述通信终 端与所述外部终端建立 USB连接。  The USB connection execution module, after receiving the authentication success notification, allows the communication terminal to establish a USB connection with the external terminal.
在本发明的一种实施例中, 所述安全认证模块包括密钥接收子模块和 匹配子模块;  In an embodiment of the present invention, the security authentication module includes a key receiving submodule and a matching submodule;
所述密钥接收子模块, 配置为通过安全认证界面接收用户输入的安全 认证密钥;  The key receiving submodule is configured to receive a security authentication key input by a user through a security authentication interface;
所述匹配子模块, 配置为将所述安全认证密钥与所述通信终端内预先 存储的安全认证密钥进行比对, 若经比对二者匹配, 则认证成功。  The matching submodule is configured to compare the security authentication key with a security authentication key pre-stored in the communication terminal, and if the two are matched, the authentication succeeds.
在本发明的一种实施例中, 所述通信终端为安卓系统通信终端。  In an embodiment of the invention, the communication terminal is an Android system communication terminal.
本发明实施例还提供了一种通信终端, 包括处理器、 存储器、 USB接 口以及显示器;  An embodiment of the present invention further provides a communication terminal, including a processor, a memory, a USB interface, and a display;
所述存储器, 配置为存储至少一个程序模块;  The memory is configured to store at least one program module;
所述处理器, 配置为根据所述存储器中的至少一个程序模块执行以下 过程:  The processor is configured to perform the following process according to at least one program module in the memory:
通过所述 USB接口检测到通信终端与外部终端准备建立 USB连接后, 判断所述通信终端当前是否设置了安全访问认证; 如是, 进行安全访问认 证, 如认证通过, 允许所述通信终端与所述外部终端建立 USB连接;  After detecting, by the USB interface, that the communication terminal and the external terminal are ready to establish a USB connection, determining whether the communication terminal is currently set with secure access authentication; if yes, performing secure access authentication, such as authentication, allowing the communication terminal to be The external terminal establishes a USB connection;
所述显示器, 配置为显示所述通信终端的各状态界面。  The display is configured to display respective status interfaces of the communication terminal.
在本发明的一种实施例中, 所述通信终端为安卓系统的通信终端。 在本发明的一种实施例中, 所述处理器根据所述程序模块认证失败时, 禁止所述通信终端与所述外部终端建立 USB连接。  In an embodiment of the invention, the communication terminal is a communication terminal of an Android system. In an embodiment of the present invention, the processor prohibits the communication terminal from establishing a USB connection with the external terminal according to the failure of the program module authentication.
本发明实施例还提供了一种计算机可读存储介质, 所述存储介质包括 一组计算机可执行指令, 所述指令用于执行上述实施例的通信终端安全管 理方法。 The embodiment of the invention further provides a computer readable storage medium, the storage medium comprising a set of computer executable instructions, the instructions being used to execute the communication terminal security tube of the above embodiment Method.
本发明实施例提供的通信终端及其安全管理方法、 装置和计算机可读 存储介质, 检测到通信终端与外部终端准备建立 USB连接后, 判断该通信 终端当前是否设置了安全访问认证; 如有设置, 则在通信终端上进行安全 访问认证, 只有认证通过, 才允许通信终端与外部终端建立 USB连接; 否 则, 不允许建立该 USB连接。 可见, 本发明提供的方案, 在通信终端与外 部终端建立有效的 USB连接之前, 如果该通信终端自身设有安全访问认证 (例如设置了开机密钥或锁屏密钥等), 则必须在通信终端上先完成安全访 问认证, 认证成功后, 才能建立有效的 USB连接, 此时用户才能通过外部 终端经 USB连接访问到通信终端内存储的内容,否则,该 USB连接会被禁 止; 因此可避免设有安全访问认证的通信终端丟失或不在用户控制范围内 时, 其他用户通过 USB连接窃取通信终端中的资料的情况发生, 可提升通 信终端使用的安全性; 进而提升用户体验的满意度。 附图说明  The communication terminal and the security management method and device thereof and the computer readable storage medium provided by the embodiment of the present invention detect that the communication terminal and the external terminal are ready to establish a USB connection, and determine whether the communication terminal currently sets the security access authentication; , the security access authentication is performed on the communication terminal, and only the authentication is passed, the communication terminal is allowed to establish a USB connection with the external terminal; otherwise, the USB connection is not allowed to be established. It can be seen that, according to the solution provided by the present invention, before the communication terminal establishes an effective USB connection with the external terminal, if the communication terminal itself has a secure access authentication (for example, a power-on key or a lock screen key is set), the communication must be performed. The security access authentication is completed on the terminal. After the authentication is successful, an effective USB connection can be established. At this time, the user can access the content stored in the communication terminal through the USB terminal through the external terminal. Otherwise, the USB connection is prohibited; When the communication terminal with the secure access authentication is lost or not within the scope of the user control, other users may steal the data in the communication terminal through the USB connection, which may improve the security of the communication terminal; thereby improving the satisfaction of the user experience. DRAWINGS
图 1为本发明实施例提供的通信终端安全管理方法流程示意图; 图 2为本发明实施例提供的通信终端安全管理装置结构示意图一; 图 3为本发明实施例提供的通信终端安全管理装置结构示意图二; 图 4为本发明实施例提供的通信终端结构示意图;  1 is a schematic flowchart of a communication terminal security management method according to an embodiment of the present invention; FIG. 2 is a schematic structural diagram 1 of a communication terminal security management apparatus according to an embodiment of the present invention; FIG. 3 is a schematic diagram of a communication terminal security management apparatus according to an embodiment of the present invention; FIG. 4 is a schematic structural diagram of a communication terminal according to an embodiment of the present invention;
具体实施方式 detailed description
下面通过具体实施方式结合附图对本发明作进一步详细说明。  The present invention will be further described in detail below with reference to the accompanying drawings.
实施例一:  Embodiment 1:
本实施例提供的通信终端安全管理方法主要针对在通信终端与外部终 端建立 USB连接时进行安全管理; 例如在手机与电脑进行 USB连接时,对 手机进行安全管理。 请参见图 1 所示, 本实施例中的通信终端安全管理方 法包括: The communication terminal security management method provided in this embodiment is mainly for performing security management when a communication terminal establishes a USB connection with an external terminal; for example, when a mobile phone and a computer are connected by USB, Mobile phone for security management. Referring to FIG. 1, the communication terminal security management method in this embodiment includes:
步骤 101 : 检测到通信终端与外部终端准备建立 USB连接。  Step 101: It is detected that the communication terminal and the external terminal are ready to establish a USB connection.
此处的准备建立 USB连接是指检测到通信终端已经通过 USB接口与外 部终端建立了物理连接, 但还未调用通信终端的 USB连接进程建立有效的 USB通信链路连接; 本实施例中的外部终端主要指台式电脑、 笔记本等各 种 PC终端; 当然, 也不排除可以是各种平板电脑甚至是各种手机智能终端 等等。  The preparation of the USB connection here means that the communication terminal has detected that the physical connection has been established with the external terminal through the USB interface, but the USB connection process of the communication terminal has not been called to establish an effective USB communication link connection; the external part in this embodiment The terminal mainly refers to various PC terminals such as desktop computers and notebooks; of course, it is not excluded that it can be various tablet computers or even various mobile phone smart terminals.
步骤 102: 判断通信终端当前是否设置了安全访问认证, 如是, 转至步 骤 103; 否则, 转至步骤 105。  Step 102: It is judged whether the communication terminal currently sets the security access authentication. If yes, go to step 103; otherwise, go to step 105.
此处的安全访问认证是指访问通信终端时需要进行的安全认证设置, 例如可以是开机密码 (例如通过设置 PIN ( PIN: Personal Identification Number ), 密码等方式实现)或者锁屏密码(具体可通过图案、 密码或 PIN 等方式实现)。  The security access authentication here refers to the security authentication settings that need to be performed when accessing the communication terminal, for example, it can be a power-on password (for example, by setting a PIN (PIN: Personal Identification Number), a password, etc.) or a lock screen password (specifically Implemented by pattern, password or PIN).
步骤 103: 在通信终端上进行安全访问认证。  Step 103: Perform secure access authentication on the communication terminal.
步骤 104: 判断安全认证是否通过, 如是, 转至步骤 105; 否则, 转至 步骤 106。  Step 104: Determine whether the security authentication is passed, and if yes, go to step 105; otherwise, go to step 106.
步骤 105: 允许通信终端与外部终端建立 USB连接。  Step 105: Allow the communication terminal to establish a USB connection with the external terminal.
步骤 106: 禁止通信终端与外部终端建立 USB连接。  Step 106: Prevent the communication terminal from establishing a USB connection with the external terminal.
上述步骤 103中, 在通信终端上进行安全访问认证过程包括: 在通信终端上显示安全认证界面, 提示用户输入安全认证密钥; 将用户输入的安全认证密钥与通信终端内预先存储的安全认证密钥 (即用户之前设置好的安全认证密钥) 进行比对, 若经比对二者匹配, 则 认证成功。 根据上述分析, 本实施例中的安全访问认证可包括 PIN认证、 图形认证和密码认证中的至少一种。 例如, 如果用户在通信终端上通过图 形的方式设置了锁屏, 则在安全认证时, 在通信终端上显示锁屏认证的界 面, 该界面此时是图形输入界面, 用户可以在该界面上输入对应的图形完 成认证。 如果用户在通信终端上通过数字密码的方式设置了锁屏时, 在通 信终端上显示对应的锁屏认证的界面, 该界面此时则是数字输入界面, 用 户可以在该界面上输入对应的数字密码完成认证。 In the foregoing step 103, the security access authentication process on the communication terminal includes: displaying a security authentication interface on the communication terminal, prompting the user to input a security authentication key; and inputting the security authentication key input by the user and the security authentication pre-stored in the communication terminal The key (that is, the security authentication key set by the user before) is compared. If the two are matched, the authentication succeeds. According to the above analysis, the secure access authentication in this embodiment may include at least one of PIN authentication, graphics authentication, and password authentication. For example, if the user sets the lock screen graphically on the communication terminal, the security of the lock screen is displayed on the communication terminal during security authentication. In this case, the interface is a graphical input interface, and the user can input the corresponding graphic to complete the authentication on the interface. If the user sets the lock screen by means of a digital password on the communication terminal, the corresponding lock screen authentication interface is displayed on the communication terminal, and the interface is a digital input interface at this time, and the user can input the corresponding number on the interface. The password completes the authentication.
应当理解的是, 上述几种安全访问认证的方式只是作为示例性的说明。 本发明实施例提供的方案并不局限于上述几种安全认证方式。  It should be understood that the above several ways of secure access authentication are merely illustrative. The solution provided by the embodiment of the present invention is not limited to the foregoing several types of security authentication.
在本实施例中, 对于系统设有 "USB调试" 功能的通信终端 (例如安 卓系统通信终端), 如果 "USB调试" 没有打开, 则系统是默认禁止通信终 端当前与外部终端建立 USB连接的。 因此, 在本实施例中, 对于这类通信 终端, 在检测到通信终端与外部终端准备建立 USB连接后, 判断通信终端 当前是否设置了安全访问认证之前, 还包括:  In this embodiment, for a communication terminal (such as an AUX system communication terminal) having a "USB debugging" function in the system, if "USB debugging" is not turned on, the system prohibits the communication terminal from establishing a USB connection with an external terminal by default. Therefore, in this embodiment, after detecting that the communication terminal and the external terminal are ready to establish a USB connection, before determining whether the communication terminal currently sets the security access authentication, the method further includes:
判断通信终端的 "USB调试" 是否打开; 如没有打开, 则直接禁止该 USB连接的建立; 如果有打开, 才进行后续的判断过程。  It is judged whether the "USB debugging" of the communication terminal is turned on; if it is not turned on, the establishment of the USB connection is directly prohibited; if there is an open, the subsequent judgment process is performed.
可见, 本实施例提供的方案, 在通信终端与外部终端建立有效的 USB 连接之前, 如果该通信终端自身设有安全访问认证(例如设置了开机密钥 或锁屏密钥等), 则必须在通信终端上先完成安全访问认证, 认证成功后, 才能建立有效的 USB连接,此时用户才能通过外部终端经 USB连接访问到 通信终端内存储的内容, 否则, 该 USB连接会被禁止; 因此可避免设有安 全访问认证的通信终端丟失或不在用户控制范围内时, 其他用户通过 USB 连接窃取通信终端中的资料的情况发生, 可提升通信终端使用的安全性; 进而提升用户体验的满意度。  It can be seen that, in the solution provided by the embodiment, before the communication terminal establishes an effective USB connection with the external terminal, if the communication terminal itself has a secure access authentication (for example, a power-on key or a lock screen key, etc.), The secure access authentication is completed on the communication terminal. After the authentication is successful, an effective USB connection can be established. At this time, the user can access the content stored in the communication terminal through the USB terminal through the external terminal. Otherwise, the USB connection is prohibited; When the communication terminal with the secure access authentication is lost or not within the control range of the user, other users may steal the data in the communication terminal through the USB connection, thereby improving the security of the communication terminal; thereby improving the satisfaction of the user experience.
实施例二:  Embodiment 2:
请参见图 2所示,本实施例提供了一种通信终端安全管理装置,包括: USB连接检测模块 11、 安全管理模块 12、 安全认证模块 13以及 USB连接 执行模块 14, 其中:  Referring to FIG. 2, the embodiment provides a communication terminal security management apparatus, including: a USB connection detection module 11, a security management module 12, a security authentication module 13, and a USB connection execution module 14, wherein:
USB 连接检测模块 11, 配置为检测到通信终端与外部终端准备建立 USB连接后, 向安全管理模块 12发送 USB连接准备通知, 以通知安全管 理模块 12进行后续的管控; The USB connection detecting module 11 is configured to detect that the communication terminal and the external terminal are ready to be established. After the USB connection, the USB connection preparation notification is sent to the security management module 12 to notify the security management module 12 to perform subsequent management and control;
安全管理模块 12, 配置为收到 USB连接准备通知后, 判断通信终端当 前是否设置了安全访问认证,如是,向安全认证模块 13发送安全认证通知; 安全认证模块 13, 收到所述安全认证通知后, 在通信终端上进行安全 访问认证, 并将认证成功通知发给 USB连接执行模块 14;  The security management module 12 is configured to: after receiving the USB connection preparation notification, determine whether the communication terminal currently sets the security access authentication, and if yes, send the security authentication notification to the security authentication module 13; the security authentication module 13 receives the security authentication notification. After that, the security access authentication is performed on the communication terminal, and the authentication success notification is sent to the USB connection execution module 14;
USB连接执行模块 14, 收到认证成功通知后, 允许通信终端与外部终 端建立 USB连接; 并完成通信终端与外部终端的 USB连接。  The USB connection execution module 14 allows the communication terminal to establish a USB connection with the external terminal after receiving the authentication success notification; and completes the USB connection between the communication terminal and the external terminal.
本实施例中的安全认证模块 13具体包括密钥接收子模块和匹配子模块, 其中:  The security authentication module 13 in this embodiment specifically includes a key receiving submodule and a matching submodule, where:
密钥接收子模块, 配置为通过通信终端的安全认证界面接收用户输入 的安全认证密钥;  The key receiving submodule is configured to receive a security authentication key input by the user through a security authentication interface of the communication terminal;
匹配子模块, 配置为将用户输入的安全认证密钥与通信终端内预先存 储的安全认证密钥 (即用户之前设置好的安全认证密钥)进行比对, 若经 图形认证和密码认证中的至少一种。 例如, 如果用户在通信终端上通过图 形的方式设置了锁屏, 则在安全认证时, 在通信终端上显示锁屏认证的界 面, 该界面此时是图形输入界面, 用户可以在该界面上输入对应的图形完 成认证。 如果用户在通信终端上通过数字密码的方式设置了锁屏时, 在通 信终端上显示对应的锁屏认证的界面, 该界面此时则是数字输入界面, 用 户可以在该界面上输入对应的数字密码完成认证。  The matching submodule is configured to compare the security authentication key input by the user with a security authentication key pre-stored in the communication terminal (that is, a security authentication key set by the user before), if the graphic authentication and the password authentication are performed. At least one. For example, if the user sets the lock screen graphically on the communication terminal, when the security authentication is performed, the screen lock authentication interface is displayed on the communication terminal, and the interface is a graphic input interface, and the user can input on the interface. The corresponding graphic completes the authentication. If the user sets the lock screen by means of a digital password on the communication terminal, the corresponding lock screen authentication interface is displayed on the communication terminal, and the interface is a digital input interface at this time, and the user can input the corresponding number on the interface. The password completes the authentication.
本实施例中的通信终端具体可为安卓系统通信终端;请参见图 3所示, 通信终端安全管理装置还可包括 USB状态监测模块 15, 用于在 USB连接 检测模块 11检测到通信终端与外部终端准备建立 USB连接后, 安全管理 模块 12判断通信终端当前是否设置了安全访问认证之前, 判断通信终端的 "USB调试"是否打开; 如没有打开, 则系统默认直接禁止该 USB连接的 建立; 如果有打开, 安全管理模块 12才进行后续的判断过程。 The communication terminal in this embodiment may specifically be an Android system communication terminal; as shown in FIG. 3, the communication terminal security management apparatus may further include a USB status monitoring module 15 for detecting the communication terminal and the external at the USB connection detection module 11 After the terminal is ready to establish a USB connection, the security management module 12 determines whether the "USB debugging" of the communication terminal is turned on before determining whether the communication terminal currently sets the security access authentication; if not, the system directly prohibits the USB connection by default. Established; if there is an open, the security management module 12 performs the subsequent determination process.
值得的注意的是, 当本实施例中的通信终端安全管理装置通过软件实 现时, 该装置的各模块可完全在通信终端这一侧实现, 例如, 上述的 USB 连接检测模块 11、 安全管理模块 12、 安全认证模块 13、 USB连接执行模 块 14 以及 USB状态监测模块 15可以由通信终端的中央处理器(CPU, Central Processing Unit )、 处理器(MPU, Micro Processing Unit )、 数字信 号处理器(DSP, Digital Signal Processor )或可编程逻辑阵列(FPGA, Field - Programmable Gate Array ) 实现; 也可一部分在通信终端这一侧实现(例 如安全访问认证一部分在通信终端则一侧实现, 安全管理模块 12、 安全认 证模块 13由通信终端的 CPU、 MPU、 DSP或 FPGA实现), 其他部分在外 部终端这一侧实现(例如, USB连接检测模块 11、 USB连接执行模块 14 以及 USB状态监测模块 15由外部终端的 CPU、MPU、DSP或 FPGA实现)。  It is to be noted that when the communication terminal security management device in this embodiment is implemented by software, each module of the device can be implemented completely on the side of the communication terminal, for example, the USB connection detection module 11 and the security management module described above. 12. The security authentication module 13, the USB connection execution module 14, and the USB status monitoring module 15 may be configured by a central processing unit (CPU) of a communication terminal, a processor (MPU, Micro Processing Unit), and a digital signal processor (DSP). , Digital Signal Processor or FPGA (Field-Programmable Gate Array) implementation; or part of the implementation of the communication terminal (for example, part of the secure access authentication is implemented on the side of the communication terminal, the security management module 12, The security authentication module 13 is implemented by the CPU, MPU, DSP or FPGA of the communication terminal, and other parts are implemented on the external terminal side (for example, the USB connection detection module 11, the USB connection execution module 14, and the USB status monitoring module 15 are external terminals). CPU, MPU, DSP or FPGA implementation).
实施例三:  Embodiment 3:
请参见图 4所示, 本发明实施例提供的通信终端 (可以为各种智能手 机、 IPAD或支付终端等等) 包括处理器 23、 存储器 22、 USB接口 21以及 显示器 24;  Referring to FIG. 4, the communication terminal (which may be various smart phones, IPAD or payment terminal, etc.) provided by the embodiment of the present invention includes a processor 23, a memory 22, a USB interface 21, and a display 24;
存储器 22, 配置为存储至少一个程序模块; 该程序模块中可包括实现 上述各实施例中的安全管理的程序模块;  The memory 22 is configured to store at least one program module; the program module may include a program module for implementing security management in the foregoing embodiments;
处理器 23, 配置为根据存储器中的至少一个程序模块执行以下过程: 通过通信终端的 USB接口 21 检测到通信终端与外部终端准备建立 USB连接后, 判断该通信终端当前是否设置了安全访问认证; 如是, 进行 安全访问认证, 如认证通过, 才允许通信终端与外部终端建立 USB 连接; 否则, 禁止通信终端该外部终端建立 USB连接;  The processor 23 is configured to perform the following process according to at least one program module in the memory: after detecting that the communication terminal and the external terminal are ready to establish a USB connection by using the USB interface 21 of the communication terminal, determining whether the communication terminal currently sets the security access authentication; If yes, perform security access authentication, such as authentication, to allow the communication terminal to establish a USB connection with the external terminal; otherwise, the communication terminal is prohibited from establishing a USB connection by the external terminal;
显示器 24, 配置为显示通信终端的各状态界面; 例如显示各种安全认 证界面。 处理器完成安全认证时包括以下过程:  The display 24 is configured to display various status interfaces of the communication terminal; for example, display various security authentication interfaces. The processor includes the following processes when it completes the security certification:
在通信终端上显示安全认证界面提示用户输入安全认证密钥; 将用户输入的安全认证密钥与通信终端内预先存储的安全认证密钥 (即用户之前设置好的安全认证密钥) 进行比对, 若经比对二者匹配, 则 认证成功。 根据上述分析, 本实施例中的安全访问认证可包括 PIN认证、 图形认证和密码认证中的至少一种。 例如, 如果用户在通信终端上通过图 形的方式设置了锁屏, 则在安全认证时, 在通信终端上显示锁屏认证的界 面, 该界面此时是图形输入界面, 用户可以在该界面上输入对应的图形完 成认证。 如果用户在通信终端上通过数字密码的方式设置了锁屏时, 在通 信终端上显示对应的锁屏认证的界面, 该界面此时则是数字输入界面, 用 户可以在该界面上输入对应的数字密码完成认证。 Displaying a security authentication interface on the communication terminal prompting the user to input a security authentication key; The security authentication key input by the user is compared with the security authentication key (that is, the security authentication key set by the user beforehand) stored in the communication terminal. If the two are matched, the authentication succeeds. According to the above analysis, the secure access authentication in this embodiment may include at least one of PIN authentication, graphics authentication, and password authentication. For example, if the user sets the lock screen graphically on the communication terminal, when the security authentication is performed, the screen lock authentication interface is displayed on the communication terminal, and the interface is a graphic input interface, and the user can input on the interface. The corresponding graphic completes the authentication. If the user sets the lock screen by means of a digital password on the communication terminal, the corresponding lock screen authentication interface is displayed on the communication terminal, and the interface is a digital input interface at this time, and the user can input the corresponding number on the interface. The password completes the authentication.
应当理解的是, 上述几种安全访问认证的方式只是作为示例性的说明。 在本发明实施例中, 对于系统设有 "USB调试 "功能的通信终端 (例 如安卓系统通信终端), 如果" USB调试 "没有开打, 则系统是默认禁止通 信终端当前与外部终端建立 USB连接的。 因此, 在本实施例中, 对于这类 通信终端, 在处理器检测到通信终端与外部终端准备建立 USB连接后, 判 断通信终端当前是否设置了安全访问认证之前, 还包括: 判断通信终端的 "USB调试"是否打开; 如没有打开, 则直接禁止该 USB连接的建立; 如 果有打开, 才进行后续的判断过程。  It should be understood that the above several ways of secure access authentication are merely illustrative. In the embodiment of the present invention, for a communication terminal (such as an Android system communication terminal) having a "USB debugging" function in the system, if "USB debugging" is not started, the system prohibits the communication terminal from establishing a USB connection with the external terminal by default. . Therefore, in this embodiment, after the processor detects that the communication terminal and the external terminal are ready to establish a USB connection, and determines whether the communication terminal currently sets the security access authentication, the processor further includes: determining the communication terminal. USB debugging "is turned on; if it is not turned on, the establishment of the USB connection is directly prohibited; if it is turned on, the subsequent judgment process is performed.
实施例四:  Embodiment 4:
为了更好的理解本发明, 下面以通信终端为安卓系统的手机, 外部终 端为电脑为例, 做进一步的示例性说明。 请参见图 5所示, 包括:  In order to better understand the present invention, the mobile terminal is an Android mobile phone, and the external terminal is a computer as an example for further exemplary description. See Figure 5, including:
步骤 501 : 手机开机进行初始化。  Step 501: The phone is powered on for initialization.
在初始化过程中, 手机的 USB守护进程读取 "USB调试" 配置项来决 定是否调用 USB 连接进程; 手机本地安全监控守护进程 ( Local Security Monitor )启动并读取系统安全加密配置项)。  During the initialization process, the USB daemon of the phone reads the "USB Debug" configuration item to determine whether to invoke the USB connection process; the Local Security Monitor daemon initiates and reads the system security encryption configuration item).
步骤 502: 设置手机的 "USB 调试" 的状态为开启, 并设置一种安全 加密方式, 例如图形、 PIN、 密码等。 Step 502: Set the status of the "USB Debugging" of the mobile phone to ON, and set a security Encryption methods, such as graphics, PIN, password, etc.
步骤 503: 检测到手机与电脑准备进行 USB连接; 此时还暂不调用手 机的 USB连接进程。  Step 503: It is detected that the mobile phone and the computer are ready for USB connection; at this time, the USB connection process of the mobile phone is not yet called.
步骤 504:判断手机的 "USB调试"是否为开启,如是,转至步骤 505, 否则, 转至步骤 510。  Step 504: It is judged whether the "USB debugging" of the mobile phone is turned on, and if so, the process goes to step 505, otherwise, the process goes to step 510.
步骤 505: 判断手机是否设置了安全访问认证; 如是, 转至步骤 506; 否则, 转至步骤 508。  Step 505: Determine whether the mobile phone is set to secure access authentication; if yes, go to step 506; otherwise, go to step 508.
该步骤中调用手机的 USB的监听进程, 启动手机系统服务管理软件模 块( Service Manager ), 还暂不调用手机的 USB连接进程。  In this step, the USB listening process of the mobile phone is called, the mobile phone system service management software module (Service Manager) is started, and the USB connection process of the mobile phone is not yet called.
步骤 506: 判定手机设置了安全访问认证, 则通过相应的认证界面接收 用户输入的安全认证密钥完成认证。  Step 506: Determine that the mobile phone has set the security access authentication, and then complete the authentication by receiving the security authentication key input by the user through the corresponding authentication interface.
该步骤可调用手机的 loc— security— manage()函数; loc— security— manage() 函数调用 Service Manager,通过 Socket Service与 System Security Manager, Terminal UI建立通信; 其中 Socket Service负责调用实时监听等守护进程时 的通信保证; Terminal UI 负责手机上的各界面的显示, System Security Manager负责手机系统原生安全状态监控和图形、 PIN、密码等的校验管理; 步骤 507: 判断认证是否成功, 如是, 转至步骤 508; 否则, 转至步骤 This step can call the loc_security_manage() function of the mobile phone; the loc_security_manage() function calls Service Manager, and establishes communication with the System Security Manager and Terminal UI through the Socket Service; the Socket Service is responsible for calling the daemon such as real-time monitoring. Terminal communication is responsible for the display of each interface on the mobile phone. System Security Manager is responsible for the original security status monitoring of the mobile phone system and the verification management of graphics, PIN, password, etc. Step 507: Determine whether the authentication is successful, if yes, go to Step 508; otherwise, go to the step
510。 510.
步骤 508: 允许手机与电脑建立 USB连接。  Step 508: Allow the mobile phone to establish a USB connection with the computer.
该步骤中, 手机的 loc— USB—connect()函数控制 Service Manager, 允许 其调用 USB连接进程,完成 USB接口枚举和与电脑的通信连接建立; USB 接口枚举完成后, loc— security— manage()函数调用 Terminal UI, 在手机屏幕 上输出 "USB成功连接到电脑" 信息, 提示用户连接完成。  In this step, the loc_USB-connect() function of the mobile phone controls the Service Manager, allowing it to call the USB connection process, completing the USB interface enumeration and establishing a communication connection with the computer; after the USB interface enumeration is completed, loc_security_ manage The () function calls the Terminal UI and outputs the message "USB successfully connected to the computer" on the screen of the mobile phone, prompting the user to complete the connection.
步骤 509: 检测到 USB连线被拨出, 断开 USB连接。  Step 509: It is detected that the USB connection is dialed out and the USB connection is disconnected.
当 USB 连接线被拔出时, USB 监听进程将此状态参数发给 loc— security— manage()函数; loc— security— manage()函数调用 Service Manager, 通知 USB连接进程将 USB接口断开。 When the USB cable is unplugged, the USB listener sends this state parameter to the loc_security_manage() function; the loc_security_manage() function calls Service Manager. Inform the USB connection process to disconnect the USB interface.
步骤 510 : 禁止手机与电脑终端建立 USB 连接。 此时手机的, loc— USB— connectO函数通知 Service Manager,不允许其调用 USB连接进程, USB通信被禁止。  Step 510: Prevent the mobile phone from establishing a USB connection with the computer terminal. At this time, the loc_USB_connectO function of the mobile phone notifies the Service Manager that it is not allowed to call the USB connection process, and USB communication is prohibited.
本发明实施例还提供了一种计算机可读存储介质, 所述存储介质包括 一组计算机可执行指令, 所述指令用于执行本发明实施例所述通信终端安 全管理方法。  The embodiment of the present invention further provides a computer readable storage medium, the storage medium comprising a set of computer executable instructions for performing a communication terminal security management method according to an embodiment of the present invention.
本领域内的技术人员应明白, 本发明的实施例可提供为方法、 系统、 或计算机程序产品。 因此, 本发明可釆用硬件实施例、 软件实施例、 或结 合软件和硬件方面的实施例的形式。 而且, 本发明可釆用在一个或多个其 中包含有计算机可用程序代码的计算机可用存储介质 (包括但不限于磁盘 存储器和光学存储器等 )上实施的计算机程序产品的形式。  Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment of a combination of software and hardware. Moreover, the invention can be embodied in the form of a computer program product embodied on one or more computer usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、 设备(系统)、 和计算机程序 产品的流程图和 /或方框图来描述的。 应理解可由计算机程序指令实现流程 图和 /或方框图中的每一流程和 /或方框、以及流程图和 /或方框图中的流程和 /或方框的结合。 可提供这些计算机程序指令到通用计算机、 专用计算机、 嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器, 使得 在流程图一个流程或多个流程和 /或方框图一个方框或多个方框中指定的功 能的装置。  The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart and/or block diagrams, and combinations of flow and / or blocks in the flowcharts and / or block diagrams can be implemented by computer program instructions. These computer program instructions can be provided to a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing device processor to produce a machine such that a flow or a block diagram of a flow or a block diagram or A device that has multiple functions specified in the box.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理 设备以特定方式工作的计算机可读存储器中, 使得存储在该计算机可读存 储器中的指令产生包括指令装置的制造品, 该指令装置实现在流程图一个 流程或多个流程和 /或方框图一个方框或多个方框中指定的功能。  The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上, 使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现 的处理, 从而在计算机或其他可编程设备上执行的指令提供用于实现在流 程图一个流程或多个流程和 /或方框图一个方框或多个方框中指定的功能的 步骤。 These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce a computer implemented The processing, such as instructions executed on a computer or other programmable device, provides the steps for implementing the functions specified in one or more blocks of the flowchart or in a block or blocks of the flowchart.
以上内容是结合具体的实施方式对本发明所作的进一步详细说明, 不 能认定本发明的具体实施只局限于这些说明。 对于本发明所属技术领域的 普通技术人员来说, 在不脱离本发明构思的前提下, 还可以做出若干简单 推演或替换, 都应当视为属于本发明的保护范围。  The above is a further detailed description of the present invention in connection with the specific embodiments, and the specific embodiments of the present invention are not limited to the description. It is to be understood by those skilled in the art that the present invention may be practiced without departing from the spirit and scope of the invention.

Claims

权利要求书 Claim
1、 一种通信终端安全管理方法, 包括:  1. A communication terminal security management method, comprising:
检测到通信终端与外部终端准备建立 USB连接后, 判断所述通信终 端当前是否设置了安全访问认证;  After detecting that the communication terminal and the external terminal are ready to establish a USB connection, it is determined whether the communication terminal currently sets the security access authentication;
如是, 在所述通信终端上进行安全访问认证, 如认证通过, 允许所 述通信终端与所述外部终端建立 USB连接。  If so, secure access authentication is performed on the communication terminal, such as authentication, allowing the communication terminal to establish a USB connection with the external terminal.
2、 如权利要求 1所述的通信终端安全管理方法, 其中, 在所述通信 终端上进行安全访问认证包括:  2. The communication terminal security management method according to claim 1, wherein performing security access authentication on the communication terminal comprises:
在所述通信终端上显示安全认证界面提示用户输入安全认证密钥; 将用户输入的安全认证密钥与所述通信终端内预先存储的安全认证 密钥进行比对, 若经比对二者匹配, 则认证成功。  Displaying a security authentication interface on the communication terminal to prompt the user to input a security authentication key; comparing the security authentication key input by the user with a security authentication key pre-stored in the communication terminal, if the two match , the authentication is successful.
3、 如权利要求 1所述的通信终端安全管理方法, 其中, 所述安全访 问认证包括 PIN认证、 图形认证和密码认证中的至少一种。  3. The communication terminal security management method according to claim 1, wherein the security access authentication comprises at least one of PIN authentication, graphics authentication, and password authentication.
4、 如权利要求 1至 3任一项所述的通信终端安全管理方法, 其中, 所述通信终端为安卓系统通信终端。  The communication terminal security management method according to any one of claims 1 to 3, wherein the communication terminal is an Android system communication terminal.
5、 如权利要求 1至 3任一项所述的通信终端安全管理方法, 其中, 如认证失败, 禁止所述通信终端与所述外部终端建立 USB连接。  The communication terminal security management method according to any one of claims 1 to 3, wherein, if the authentication fails, the communication terminal is prohibited from establishing a USB connection with the external terminal.
6、 一种通信终端安全管理装置, 包括: USB连接检测模块、 安全管 理模块、 安全认证模块以及 USB连接执行模块;  6. A communication terminal security management device, comprising: a USB connection detection module, a security management module, a security authentication module, and a USB connection execution module;
所述 USB连接检测模块, 配置为检测到所述通信终端与外部终端准 备建立 USB连接后, 向所述安全管理模块发送 USB连接准备通知; 所述安全管理模块, 配置为收到所述 USB连接准备通知后, 判断所 述通信终端当前是否设置了安全访问认证, 如是, 向所述安全认证模块 发送安全认证通知;  The USB connection detecting module is configured to: after detecting that the communication terminal and the external terminal are ready to establish a USB connection, send a USB connection preparation notification to the security management module; the security management module is configured to receive the USB connection After the notification is prepared, it is determined whether the communication terminal currently sets the security access authentication, and if yes, sends a security authentication notification to the security authentication module;
所述安全认证模块收, 到所述安全认证通知后, 在所述通信终端上 进行安全访问认证, 并在认证通过时将认证成功通知发给所述 USB连接 执行模块; Receiving, by the security authentication module, after the security authentication notification, on the communication terminal Performing secure access authentication, and sending an authentication success notification to the USB connection execution module when the authentication is passed;
所述 USB连接执行模块, 收到所述认证成功通知后, 允许所述通信 终端与所述外部终端建立 USB连接。  The USB connection execution module, after receiving the authentication success notification, allows the communication terminal to establish a USB connection with the external terminal.
7、 如权利要求 6所述的通信终端安全管理装置, 其中, 所述安全认 证模块包括密钥接收子模块和匹配子模块;  The communication terminal security management device according to claim 6, wherein the security authentication module comprises a key receiving submodule and a matching submodule;
所述密钥接收子模块, 配置为通过安全认证界面接收用户输入的安 全认证密钥;  The key receiving submodule is configured to receive a security authentication key input by a user through a security authentication interface;
所述匹配子模块, 配置为将所述安全认证密钥与所述通信终端内预 先存储的安全认证密钥进行比对, 若经比对二者匹配, 则认证成功。  The matching sub-module is configured to compare the security authentication key with a pre-stored security authentication key in the communication terminal, and if the two are matched, the authentication succeeds.
8、 如权利要求 6或 7所述的通信终端安全管理装置, 其中, 所述通 信终端为安卓系统通信终端。  The communication terminal security management device according to claim 6 or 7, wherein the communication terminal is an Android system communication terminal.
9、 一种通信终端, 包括处理器、 存储器、 USB接口以及显示器; 所述存储器, 配置为存储至少一个程序模块;  A communication terminal, comprising: a processor, a memory, a USB interface, and a display; the memory configured to store at least one program module;
所述处理器, 配置为根据所述存储器中的至少一个程序模块执行以 下过程:  The processor is configured to perform the following processes according to at least one program module in the memory:
通过所述 USB接口检测到通信终端与外部终端准备建立 USB连接后, 判断所述通信终端当前是否设置了安全访问认证; 如是, 进行安全访问 认证, 如认证通过, 允许所述通信终端与所述外部终端建立 USB连接; 所述显示器, 配置为显示所述通信终端的各状态界面。  After detecting, by the USB interface, that the communication terminal and the external terminal are ready to establish a USB connection, determining whether the communication terminal is currently set with secure access authentication; if yes, performing secure access authentication, such as authentication, allowing the communication terminal to be The external terminal establishes a USB connection; the display is configured to display each state interface of the communication terminal.
10、 如权利要求 9所述的通信终端, 其中, 所述通信终端为安卓系 统的通信终端。  The communication terminal according to claim 9, wherein the communication terminal is a communication terminal of an Android system.
11、 如权利要求 9或 10所述的通信终端, 其中, 所述处理器根据所 述程序模块认证失败时, 禁止所述通信终端与所述外部终端建立 USB连 接。  The communication terminal according to claim 9 or 10, wherein the processor prohibits the communication terminal from establishing a USB connection with the external terminal when the authentication of the program module fails.
12、 一种计算机可读存储介质, 所述存储介质包括一组计算机可执 行指令,所述指令用于执行权利要求 1-5任一项所述的通信终端安全管理 方法。 12. A computer readable storage medium, the storage medium comprising a set of computer executable A line instruction for performing the communication terminal security management method according to any one of claims 1-5.
PCT/CN2014/084822 2014-06-09 2014-08-20 Communication terminal and security management method and device thereof, and computer readable storage medium WO2015188447A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410253838.1 2014-06-09
CN201410253838.1A CN105227521A (en) 2014-06-09 2014-06-09 Communication terminal and method for managing security, device

Publications (1)

Publication Number Publication Date
WO2015188447A1 true WO2015188447A1 (en) 2015-12-17

Family

ID=54832772

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/084822 WO2015188447A1 (en) 2014-06-09 2014-08-20 Communication terminal and security management method and device thereof, and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN105227521A (en)
WO (1) WO2015188447A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107402876A (en) * 2016-05-18 2017-11-28 中兴通讯股份有限公司 A kind of method and terminal of startup ADB debugging
CN106385677A (en) * 2016-09-14 2017-02-08 江苏北弓智能科技有限公司 Smartphone for carrying out safety communication in public network based on cloud management system
CN106776308B (en) * 2016-12-06 2020-04-17 福州高图信息技术有限公司 Uboot-based electronic product fault debugging method and system
CN111581617B (en) * 2020-05-18 2023-04-28 北京字节跳动网络技术有限公司 Software access method, device, equipment and storage medium
CN112423049B (en) * 2020-10-27 2024-04-30 深圳Tcl新技术有限公司 Information source connection display method, device, equipment and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101493867A (en) * 2008-01-25 2009-07-29 希姆通信息技术(上海)有限公司 Method and system for mutually transmitting shared data safely between mobile phone and computer
CN102360407A (en) * 2011-06-28 2012-02-22 惠州Tcl移动通信有限公司 Communication method for mobile phone and computer
CN102722663A (en) * 2012-05-16 2012-10-10 广东欧珀移动通信有限公司 Handheld smart device data security protection method
CN103024732A (en) * 2011-09-23 2013-04-03 Lg电子株式会社 Mobile terminal and method of providing security thereto
CN103559435A (en) * 2013-10-17 2014-02-05 华为技术有限公司 Method and device for controlling debugging ports of terminal equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101493867A (en) * 2008-01-25 2009-07-29 希姆通信息技术(上海)有限公司 Method and system for mutually transmitting shared data safely between mobile phone and computer
CN102360407A (en) * 2011-06-28 2012-02-22 惠州Tcl移动通信有限公司 Communication method for mobile phone and computer
CN103024732A (en) * 2011-09-23 2013-04-03 Lg电子株式会社 Mobile terminal and method of providing security thereto
CN102722663A (en) * 2012-05-16 2012-10-10 广东欧珀移动通信有限公司 Handheld smart device data security protection method
CN103559435A (en) * 2013-10-17 2014-02-05 华为技术有限公司 Method and device for controlling debugging ports of terminal equipment

Also Published As

Publication number Publication date
CN105227521A (en) 2016-01-06

Similar Documents

Publication Publication Date Title
US11128750B1 (en) Methods and devices for secure authentication to a compute device
JP6649411B2 (en) Method and apparatus for enabling a touch screen display of a mobile device
US11410156B2 (en) NFC payment method and terminal
TWI676910B (en) Method, device and system for displaying human-machine interface
WO2015188447A1 (en) Communication terminal and security management method and device thereof, and computer readable storage medium
WO2017020630A1 (en) Method, apparatus and system for processing order information
TWI546749B (en) Method for improving safety of electronic payment and system thereof
WO2017032029A1 (en) Method for encrypting application and user terminal
CN108763917B (en) Data encryption and decryption method and device
US9413534B2 (en) Mobile device-based keypad for enhanced security
EP3016349B1 (en) Method and apparatus for verifying terminal and computer program product
KR102616421B1 (en) Payment method using biometric authentication and electronic device thereof
WO2018107396A1 (en) Fingerprint recognition method and terminal device
WO2019047148A1 (en) Password verification method, terminal, and computer readable storage medium
TW201519126A (en) Mobile payment method and system
WO2017071361A1 (en) Method and device for accessing network
WO2017076051A1 (en) Method and apparatus for acquiring superuser permission
CN105005893A (en) Payment password input processing method based on mobile terminal and system thereof
CN112668032B (en) Method and system for encrypting and decrypting computer, server and mobile equipment
WO2016026333A1 (en) Data protection method, device and storage medium in connection between terminal and pc
WO2017197727A1 (en) Method and mobile terminal for data backup
WO2017185454A1 (en) Esim card binding processing method and apparatus, and terminal
WO2017185461A1 (en) Method and system for recovering tampered key information of virtual subscriber identity module
CN105787343B (en) External equipment authentication management method, apparatus and electronic equipment
TW201315274A (en) Wireless network apparatus and connection method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14894733

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14894733

Country of ref document: EP

Kind code of ref document: A1