CN102915415B - Safety control method and system of mobile terminal - Google Patents
Safety control method and system of mobile terminal Download PDFInfo
- Publication number
- CN102915415B CN102915415B CN201110222535.XA CN201110222535A CN102915415B CN 102915415 B CN102915415 B CN 102915415B CN 201110222535 A CN201110222535 A CN 201110222535A CN 102915415 B CN102915415 B CN 102915415B
- Authority
- CN
- China
- Prior art keywords
- password
- mobile terminal
- user
- image file
- described system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention is applied to the technical field of a mobile terminal, and provides a safety control method and a safety control system of the mobile terminal. The method comprises the following steps of: starting the system, locking the system after a mobile terminal system starts, detecting whether an accessed user identification card is effective or not, and unlocking the system when the accessed user identification card is effective; running the system, detecting whether an encrypted system image file exists or not if system refreshing operation is performed during running of the system, and performing system refreshing operation after unlocking the system image file when the encrypted system image file exists; and displaying a password input interface if system application software installation operation is performed, verifying an input password, and installing application software if the verification is passed. By the safety control method and the safety control system, the safety and the controllability of the mobile terminal system can be effectively improved.
Description
Technical field
The invention belongs to technical field of mobile terminals, particularly relate to a kind of method of controlling security and system of mobile terminal.
Background technology
Along with popularizing of mobile terminal device, the kind of mobile terminal operating system is also more and more.Android is a operating system developed by Google, and due to the increasing income property of its code, what be employed is more and more extensive.
But, because design philosophy that Android operation system is initial is a based on the operating system of leisure and amusement, therefore it also exists inborn defect in the security of terminal device, such as: in the refreshing of terminal device system, the system image file of required refreshing is placed in common TF by terminal user, after terminal user activates refresh mode, system image file in TF card is written in the memory device of terminal by terminal system automatically, completes the refreshing of terminal device system.There is obvious safety defect in this kind of method, though namely anyone, as long as when having system image file and TF card, the system of terminal device just can be refreshed, original system is caused to the destruction of essence.
Summary of the invention
The object of the embodiment of the present invention is the method for controlling security providing a kind of mobile terminal, is intended to the problem that the existing security of mobile terminal based on Android operation system of solution can not be high.
The embodiment of the present invention is achieved in that a kind of method of controlling security of mobile terminal, and described method comprises:
System setting up procedure, after mobile terminal system starts, locks described system, and whether the subscriber identification card detecting access is effective, when effective, unlocks described system;
System cloud gray model step, when described system cloud gray model, if what carry out is system flush operation, detects the system image file that whether there is encryption, when existing, being decrypted rear executive system refresh operation to described system image file;
If carry out be system software installation operation, display interface for password input, to input password verify, when being verified, described application software is installed.
Another object of the embodiment of the present invention is the safety control system providing a kind of mobile terminal, and described system comprises:
System start unit, for after mobile terminal system starts, locks described system, and whether the subscriber identification card detecting access is effective, when effective, unlocks described system;
System cloud gray model unit, for when described system cloud gray model, if what carry out is system flush operation, detects the system image file that whether there is encryption, when existing, being decrypted rear executive system refresh operation to described system image file;
If carry out be system software installation operation, display interface for password input, to input password verify, when being verified, described application software is installed.
An object again of the embodiment of the present invention is to provide a kind of mobile terminal comprising described mobile terminal safety control system.
In embodiments of the present invention, by the certification to identification card, can effectively prevent disabled user from using mobile terminal system when there is no identification card or identification card lost efficacy; By the certification to system refresh, can effectively prevent disabled user to mobile terminal operating system distort or transplant virus etc. rogue program; By the certification of installing application software, the installation of malice, illegal software effectively can be prevented; By above-mentioned method of controlling security, effectively improve security and the controllability of mobile terminal.
Accompanying drawing explanation
Fig. 1 is the realization flow figure of the mobile terminal safety control method that the embodiment of the present invention one provides;
Fig. 2 is the security control assembly schematic diagram that the embodiment of the present invention one provides;
Fig. 3 is the particular flow sheet of the system image file encryption that the embodiment of the present invention one provides;
Fig. 4 is the composition structural drawing of the mobile terminal safety control system that the embodiment of the present invention two provides.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The embodiment of the present invention, by the certification to identification card, can effectively prevent disabled user from using mobile terminal system when not having identification card or identification card lost efficacy; By the certification to system refresh, can effectively prevent disabled user to mobile terminal operating system distort or transplant virus etc. rogue program; By the certification of installing application software, the installation of malice, illegal software effectively can be prevented.In a word, by above-mentioned method of controlling security, security and the controllability of mobile terminal effectively can be improved.
In order to technical solutions according to the invention are described, be described below by specific embodiment.
embodiment one:
Fig. 1 shows the realization flow of the mobile terminal safety control method that the embodiment of the present invention one provides, and details are as follows for the method process:
In step S101, after mobile terminal system starts, described system is locked, and whether the subscriber identification card detecting access is effective, when effective, unlocks described system.
In the present embodiment, after mobile terminal (such as: mobile phone, panel computer etc.) system starts, for preventing the use of disabled user, described system is locked, user is only inserting identification card and when described identification card is effective or legal, could unlock institute's system.Wherein, effective or legal identification card is the identification card having carried out the operation such as registration, cipher key initialization in advance.
In the present embodiment, mobile terminal at least comprises an identification card interface, for the access of subscriber identification card.
In the present embodiment, complete the certification to identification card by the cooperation of the assemblies (as shown in Figure 2) such as the driving of the control of authority assembly (for password, authentication etc.) in mobile terminal system, subscriber identification card and DLL (dynamic link library), thus can effectively prevent disabled user from using mobile terminal system when there is no identification card or identification card lost efficacy.
In step s 102, when system cloud gray model, if what carry out is system flush operation, detects the system image file that whether there is encryption, when existing, rear executive system refresh operation being decrypted to described system image file.
In the present embodiment, when system cloud gray model, if when receiving the system refresh instruction of user, system boot loader (Bootloader), and detect user and whether select slip-stick artist's pattern, if yes then enter recovery (Recovery) module, and test assembly (comprising system cloud gray model unit etc.) by the For Solutions of Systems school closure in Recovery module and detect the system image file that whether there is encryption in described Recovery module, when existing, read described system image file, and described image file is decrypted (key that input pre-sets), executive system refresh operation after deciphering.Wherein, described system image file sends to mobile terminal after being encrypted by encryption personality card (such as: USB-KEY etc.) on management host.
In the present embodiment, what keeper used be provided with, and equipment that the system image file that uses when Windows operating system combining encryption personality card refreshes mobile terminal system manages is management host, by encrypting concrete steps that personality card is encrypted system image file as shown in Figure 3 on management host:
In step S301, when receiving the encrypted instruction of user, start up system image file management software;
In step s 302, detect whether access encryption personality card, when judged result is "Yes", perform step S304, when judged result is "No", perform step S303;
In step S303, prompting user accesses encryption personality card;
In step s 304, obtain the digital certificate in described encryption personality card, and input PIN code;
In step S305, whether effectively detect described digital certificate, when judged result is "Yes", perform step S306, when judged result is "No", returns and continue to perform step S302;
In the present embodiment, when judged result is "No", illustrate that this digital certificate is invalid, transfer to this encryption personality card, select other encryption specialty card again to access.
In step S306, select the system image file needing encryption, signed to needing the system image file of encryption by described digital certificate, and the system image file after signature is sent to mobile terminal.
In the present embodiment, test system in package assembly in assembly (as shown in Figure 2) and management host and encryption personality card etc. by the For Solutions of Systems school closure in Recovery module and combine certification to system refresh on mobile terminal, thus can effectively prevent disabled user to mobile terminal operating system distort or transplant virus wait rogue program, raising mobile terminal system security.
In step s 103, when system cloud gray model, if carry out be system software installation operation, display interface for password input, to input password verify, when being verified, described application software is installed.
In the present embodiment, described password comprises the password of password default and user's setting.System operationally, if when the installation operation of system software being detected, then by the control of authority assembly start up system application software of system, control of authority module (comprising detection module and display control module etc.) is installed, for detecting user, whether password was set, and when detecting that user arranged password, display interface for password input, when detecting that user did not arrange password, the interface for password input of display default password prompt text, and reminding user arranges password.Meanwhile, systematic difference software is installed the password of control of authority module to input and is verified, when being verified, just installs described application software, otherwise, forbid installing.
In the present embodiment, the certification of being installed application software by systematic difference software installation control of authority module, effectively can be prevented the installation of malice, illegal software, improve the security of mobile terminal and the satisfaction of user.
As another embodiment of the present invention, in order to improve the security of system further, described method is further comprising the steps of:
When system cloud gray model, whether the subscriber identification card of Real-Time Monitoring access is transferred to, and when transfering to, locks described system.
embodiment two:
Fig. 4 shows the composition structure of the mobile terminal safety control system that the embodiment of the present invention two provides, and for convenience of explanation, illustrate only the part relevant to the embodiment of the present invention.
This mobile terminal safety control system can be run on the unit that software unit, hardware cell or software and hardware in mobile terminal (such as mobile phone, panel computer etc.) combine.
This mobile terminal safety control system comprises system start unit 41 and system cloud gray model unit 42.Wherein, the concrete function of each unit is as follows:
System start unit 41, for after mobile terminal system starts, locks described system, and whether the subscriber identification card detecting access is effective, when effective, unlocks described system;
System cloud gray model unit 42, for when described system cloud gray model, if what carry out is system flush operation, detects the system image file that whether there is encryption, when existing, being decrypted rear executive system refresh operation to described system image file;
If carry out be system software installation operation, display interface for password input, to input password verify, when being verified, described application software is installed.
Preferably, in order to improve the security of system further, described system cloud gray model unit 42 also comprises monitoring modular 421:
Described monitoring modular 421 is for when described system cloud gray model, and whether the subscriber identification card of Real-Time Monitoring access is transferred to, and when transfering to, locks described system.
Wherein, described system image file is encrypted by encryption personality card on management host; Described password comprises the password of password default and user's setting.
Accordingly, described system cloud gray model unit 42 also comprises detection module 422 and display control module 423:
Whether described detection module 422 arranged password for detecting user;
Described display control module 423 is for when detecting that user arranged password, and display interface for password input, when detecting that user did not arrange password, show the interface for password input of default password prompt text, and reminding user arranges password.
The mobile terminal safety control system that the present embodiment provides can be used in the mobile terminal safety control method of aforementioned correspondence, and details, see the associated description of above-mentioned mobile terminal safety control method embodiment one, do not repeat them here.
In the present embodiment, by the certification to identification card, can effectively prevent disabled user from using mobile terminal system when there is no identification card or identification card lost efficacy; By the certification to system refresh, can effectively prevent disabled user to mobile terminal operating system distort or transplant virus etc. rogue program; By the certification of installing application software, the installation of malice, illegal software effectively can be prevented.In addition, whether the subscriber identification card accessed by Real-Time Monitoring is transferred to, and when transfering to, locking described system, can further improve the security of system.In a word, by above-mentioned method of controlling security, security and the controllability of mobile terminal effectively can be improved.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1. a method of controlling security for mobile terminal, is characterized in that, described method comprises:
System setting up procedure, after mobile terminal system starts, locks described system, and whether the subscriber identification card detecting access is effective, when effective, unlock described system, described mobile terminal at least comprises one for the identification card interface of access user identification card;
System cloud gray model step, when described system cloud gray model, if when receiving the system refresh instruction of user, boot loader, and detect user and whether select slip-stick artist's pattern, if yes then enter Recovery module, and the system image file that whether there is encryption in Recovery module described in component detection is tested by the For Solutions of Systems school closure in Recovery module, when existing, read described system image file, and described system image file is decrypted, executive system refresh operation after deciphering, wherein, described system image file sends to mobile terminal after being encrypted by encryption personality card on management host,
If what carry out is the installation operation of system software, display interface for password input, verifying to the password of input, when being verified, installing described application software, described password comprises the password that password default and user are arranged.
2. the method for claim 1, is characterized in that, described system cloud gray model step also comprises:
When described system cloud gray model, whether the subscriber identification card of Real-Time Monitoring access is transferred to, and when transfering to, locks described system.
3. the method for claim 1, is characterized in that, described display interface for password input specifically comprises:
Detect user and whether password was set;
If so, interface for password input is shown;
If not, the interface for password input of display default password prompt text, and reminding user arranges password.
4. a safety control system for mobile terminal, is characterized in that, described system comprises:
System start unit, for after mobile terminal system starts, described system is locked, and whether the subscriber identification card detecting access is effective, when effective, unlock described system, described mobile terminal at least comprises one for the identification card interface of access user identification card;
System cloud gray model unit, for when described system cloud gray model, if when receiving the system refresh instruction of user, boot loader, and detect user and whether select slip-stick artist's pattern, if yes then enter Recovery module, and the system image file that whether there is encryption in Recovery module described in component detection is tested by the For Solutions of Systems school closure in Recovery module, when existing, read described system image file, and described system image file is decrypted, executive system refresh operation after deciphering, wherein, described system image file sends to mobile terminal after being encrypted by encryption personality card on management host,
If what carry out is the installation operation of system software, display interface for password input, verifying to the password of input, when being verified, installing described application software, described password comprises the password that password default and user are arranged.
5. system as claimed in claim 4, it is characterized in that, described system cloud gray model unit comprises:
Monitoring modular, for when described system cloud gray model, whether the subscriber identification card of Real-Time Monitoring access is transferred to, and when transfering to, locks described system.
6. system as claimed in claim 4, it is characterized in that, described system cloud gray model unit also comprises:
Whether detection module, arranged password for detecting user;
Display control module, for when detecting that user arranged password, display interface for password input, when detecting that user did not arrange password, the interface for password input of display default password prompt text, and reminding user arranges password.
7. one kind comprises the mobile terminal of mobile terminal safety control system described in any one of claim 4 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110222535.XA CN102915415B (en) | 2011-08-04 | 2011-08-04 | Safety control method and system of mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110222535.XA CN102915415B (en) | 2011-08-04 | 2011-08-04 | Safety control method and system of mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102915415A CN102915415A (en) | 2013-02-06 |
| CN102915415B true CN102915415B (en) | 2015-06-24 |
Family
ID=47613778
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110222535.XA Active CN102915415B (en) | 2011-08-04 | 2011-08-04 | Safety control method and system of mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102915415B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139391B (en) * | 2013-02-27 | 2015-01-07 | 广东欧珀移动通信有限公司 | Method and device of permission validating installation or unloading of application program in mobile phone |
| CN103458403A (en) * | 2013-09-18 | 2013-12-18 | 北京网秦天下科技有限公司 | Mobile terminal and code setting method used for mobile terminal |
| CN103530553A (en) * | 2013-10-22 | 2014-01-22 | 山东神思电子技术股份有限公司 | Mobile terminal with authorization card and authorization method |
| CN105631259A (en) * | 2015-04-28 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Power-on verification method, power-on verification device and terminal |
| CN105184142A (en) * | 2015-09-09 | 2015-12-23 | 北京金山安全软件有限公司 | Locking method and device of system switch and mobile terminal |
| CN105608369B (en) * | 2015-10-30 | 2019-06-25 | 周奇 | The installation method and device of application software |
| CN107958151A (en) * | 2016-10-18 | 2018-04-24 | 深圳鼎智通讯股份有限公司 | Fingerprint authentication installs the system and its application method with unloading application |
| CN109584421A (en) * | 2018-12-07 | 2019-04-05 | 郭瑞东 | A kind of intelligent door lock authentication administrative system based on domestic safety chip |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043327A (en) * | 2007-03-16 | 2007-09-26 | 中兴通讯股份有限公司 | Anti-symmetric algorithmic based mobile terminal security lock network locking card protection and unlocking method |
| CN101673330A (en) * | 2008-09-10 | 2010-03-17 | 中国瑞达系统装备公司 | BIOS-based computer security protection method and system |
| CN101984691A (en) * | 2010-10-25 | 2011-03-09 | 东莞宇龙通信科技有限公司 | Upgrading method of system built-in software and mobile terminal |
| CN102033764A (en) * | 2010-11-30 | 2011-04-27 | 公安部第三研究所 | COS (Class of Service) firmware upgrading method of TF (T-Flash) card |
| CN102111477A (en) * | 2011-02-25 | 2011-06-29 | 宇龙计算机通信科技(深圳)有限公司 | Method, terminal and smart card for terminal security verification |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102687159A (en) * | 2009-10-19 | 2012-09-19 | 杉中顺子 | Terminal management system and terminal management method |
-
2011
- 2011-08-04 CN CN201110222535.XA patent/CN102915415B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043327A (en) * | 2007-03-16 | 2007-09-26 | 中兴通讯股份有限公司 | Anti-symmetric algorithmic based mobile terminal security lock network locking card protection and unlocking method |
| CN101673330A (en) * | 2008-09-10 | 2010-03-17 | 中国瑞达系统装备公司 | BIOS-based computer security protection method and system |
| CN101984691A (en) * | 2010-10-25 | 2011-03-09 | 东莞宇龙通信科技有限公司 | Upgrading method of system built-in software and mobile terminal |
| CN102033764A (en) * | 2010-11-30 | 2011-04-27 | 公安部第三研究所 | COS (Class of Service) firmware upgrading method of TF (T-Flash) card |
| CN102111477A (en) * | 2011-02-25 | 2011-06-29 | 宇龙计算机通信科技(深圳)有限公司 | Method, terminal and smart card for terminal security verification |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102915415A (en) | 2013-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102915415B (en) | Safety control method and system of mobile terminal | |
| CN111723383B (en) | Data storage and verification method and device | |
| CN102508791B (en) | Method and device for encrypting hard disk partition | |
| EP2727040B1 (en) | A secure hosted execution architecture | |
| US10915656B2 (en) | Rollback protection for login security policy | |
| JP6422059B2 (en) | Processing device, in-vehicle terminal device, processing device activation method, and processing device activation program | |
| CN102184352A (en) | Automatic protecting method for computer system based on Bluetooth device authentication | |
| CN101523399A (en) | Methods and systems for modifying an integrity measurement based on user athentication | |
| CN102262599B (en) | Trusted root-based portable hard disk fingerprint identification method | |
| US10680814B2 (en) | Device key security | |
| CN102833745B (en) | Method, communication equipment and communication system that a kind of software security is upgraded | |
| CN107430658A (en) | Fail-safe software certification and checking | |
| CN111651748A (en) | Safety access processing system and method for ECU in vehicle | |
| CN105308610A (en) | Method and system for platform and user application security on a device | |
| KR20130114703A (en) | Method and apparatus for managing security state transitions | |
| CN106156607A (en) | A kind of SElinux safety access method and POS terminal | |
| CN101477603A (en) | Computer security information card based on expanded BIOS technique and operation method thereof | |
| CN102983969B (en) | Security login system and security login method for operating system | |
| CN104361298B (en) | The method and apparatus of Information Security | |
| CN103838997A (en) | Single-chip microcomputer password verification method and device | |
| CN102594815B (en) | Before register system, user right is set and performs method, the device of corresponding operating | |
| CN104346299A (en) | Updating control method and device of mobile terminal | |
| CN116226942A (en) | Permission verification method and device for IC card, card reading equipment and storage medium | |
| Schneider et al. | Cyber Security in the Automotive Domain–An Overview | |
| CN107743306B (en) | Intelligent POS machine WIFI setting method based on multi-password control and intelligent POS machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 518057 computer building of the Great Wall, Nanshan District science and Technology Park, Shenzhen, Guangdong Patentee after: China the Great Wall science and technology group Limited by Share Ltd Address before: 518057 computer building of the Great Wall, Nanshan District science and Technology Park, Shenzhen, Guangdong Patentee before: China Changcheng Computer Shenzhen Co., Ltd. |
|
| CP01 | Change in the name or title of a patent holder |