CN103973437A

CN103973437A - Method, device and system for acquiring RSA secret key authorization when terminal is locked

Info

Publication number: CN103973437A
Application number: CN201410212280.2A
Authority: CN
Inventors: 鲁强; 余骢骢
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2014-05-19
Filing date: 2014-05-19
Publication date: 2014-08-06
Anticipated expiration: 2034-05-19
Also published as: CN103973437B

Abstract

The invention discloses a method, device and system for acquiring RSA secret key authorization when a terminal is locked. The method includes the steps that first encrypted data which are led into the terminal and original data before encryption are acquired, the first encrypted data and the original data are matched, if the first encrypted data and the original data are successfully matched, RSA secret key authorization is conducted on the terminal, or else RSA secret key authorization is not conducted on the terminal. RSA secret key authorization can be automatically conducted on the terminal by matching data information of the terminal and data information of a server under the condition that the terminal does not need to be unlocked when the terminal is locked and an RSA authorization window cannot be popped up, ADB connection is established, data are led out or a locking password of the terminal is removed through the ADB connection, the terminal can be unlocked without refurbishment or other complex modes, use is more convenient, and the requirements of users are met.

Description

When a kind of terminal locking, obtain method, the Apparatus and system of RSA key mandate

Technical field

The data security protection field that the present invention relates to intelligent terminal, obtains method, the Apparatus and system of RSA key mandate while being specifically related to a kind of terminal locking.

Background technology

Android system, having another name called Android system, is a kind of freedom based on Linux and the operating system of open source code, is mainly used in mobile device and various intelligent terminal, as smart mobile phone and panel computer, by Google company and the open mobile phone leader of alliance and exploitation.At present, Google upgrades and has added RSA key mandate in the Android of redaction system, the intelligent terminal that Android system is installed only could normally be set up ADB (Android Debug Bridge, Android debugging bridge) connection by RSA key mandate in the situation that.Wherein, by ADB, we can debug Android program, are a kind of debugging acids of Android system.

When intelligent terminal is under lock-out state or screen lock state, this mandate bullet window is conductively-closed, makes intelligent terminal in the time allowing without user, cannot obtain the object of user data, plays the effect of data security protection.

Although RSA key mandated program designs based on protection user data.But in actual use, may be because a variety of causes causes the inconvenience that user itself uses, as user forgets screen locking password, now mobile phone is delivered to after sale, need after sale to have other paths to carry out RSA key mandate, then help user to carry out derived data, remove the operations such as screen locking password by ADB.Therefore needing has a kind of method, can be in the time of terminal locking with other by way of carrying out RSA key mandate.

Summary of the invention

The method, the Apparatus and system that while the object of the present invention is to provide a kind of terminal locking, obtain RSA key mandate, solve above technical problem.

For reaching this object, the present invention by the following technical solutions:

First aspect, obtains the method for RSA key mandate while the invention provides a kind of terminal locking, comprising:

Obtain the first enciphered data that imports terminal;

Obtain the initial data before encryption;

The first enciphered data is mated with initial data;

If the match is successful, terminal is carried out to RSA key mandate;

If it fails to match, terminal is not carried out to RSA key mandate;

Wherein, unique characteristic information that described initial data is terminal, described the first enciphered data is server is encrypted rear generation data to unique characteristic information of the terminal of obtaining.

Preferably, described step: described the first enciphered data is mated with described initial data, specifically comprise:

Decipher described the first enciphered data, obtain data decryption information;

Described data decryption information and described initial data are compared, judge that whether both are identical;

If identical, the match is successful;

Otherwise it fails to match.

Terminal is carried out data encryption to described initial data, generates the second enciphered data;

Described the second enciphered data and described the first enciphered data are compared, judge that whether both are identical;

If identical, the match is successful;

Otherwise it fails to match;

Mode or the algorithm of the data encryption that wherein, generation the second enciphered data adopts with generation the first enciphered data are identical.

Preferably, described in obtain and import the first enciphered data of terminal before, also comprise: establish a communications link with server;

Described and server establishes a communications link, and specifically comprises:

Make terminal set up the physical connection of communicating by letter with server by data wire;

Whether the USB debug function of sense terminals opens;

If so, set up preliminary data communication with server, import the first enciphered data from server;

Otherwise, sending communication connection abnormal prompt information, reminding subscriber terminal is not opened USB debug function, cannot connection server; Whether continue the USB debug function of sense terminals opens;

Preferably, described method also comprises: in the time that the USB of terminal locking and terminal debug function is not opened, if the control command of the USB debug function of the instruction inputting interface input unlatching terminal of terminal detected, open immediately the USB debug function of terminal, specifically comprise:

The instruction inputting interface opening a terminal;

Whether detect described instruction inputting interface has input to open the control command of USB debug function; If so, open the USB debug function of terminal.

Preferably, terminal comprises smart mobile phone, E-book reader, MP3 player, MP4 player and panel computer.

Preferably, described unique characteristic information comprises: the user identity card number of the equipment identities identification number of terminal and/or product ID and/or mobile device international identity code and/or binding terminal.

Second aspect, obtains the device of RSA key mandate while the invention provides a kind of terminal locking, comprising: memory, RSA authorization function module and data processing module;

Described memory is for storing the initial data before the first enciphered data and the encryption that imports terminal; Described data processing module connects respectively described memory and described RSA authorization function module, for described the first enciphered data is mated with described initial data, and exports the instruction of corresponding RSA authorization control according to matching result; Described RSA authorization function module is for determining whether terminal is carried out to RSA key mandate according to the RSA authorization control instruction of receiving;

Preferably, described data processing module comprises: encryption and decryption modular converter and Data Matching module;

Described encryption and decryption modular converter connects described memory, for deciphering described the first enciphered data, obtains data decryption information; Described Data Matching module connects described encryption and decryption modular converter, for described data decryption information and described initial data are compared, and exports the instruction of corresponding RSA authorization control according to comparative result;

Described described data decryption information and described initial data are compared, and export the instruction of corresponding RSA authorization control according to comparative result, specifically comprise:

Described Data Matching module is obtained described data decryption information and described initial data;

If identical, the RSA authorization control instruction of RSA key mandate is agreed to terminal to carry out in output;

Otherwise output refusal carries out the RSA authorization control instruction of RSA key mandate to terminal.

Described encryption and decryption modular converter connects described memory, for described initial data is encrypted, generates the second enciphered data; Described Data Matching module connects described encryption and decryption modular converter, for described the second enciphered data and described the first enciphered data are compared, and exports the instruction of corresponding RSA authorization control according to comparative result;

Described Data Matching module is obtained described the second enciphered data and described the first enciphered data;

Described Data Matching module compares described the second enciphered data and described the first enciphered data, judges that whether both are identical;

Otherwise output refusal carries out the RSA authorization control instruction of RSA key mandate to terminal;

Wherein, generate described the second enciphered data and to generate mode or the algorithm of data encryption that described the first enciphered data adopts identical.

Preferably, describedly determine whether terminal is carried out to RSA key mandate according to described RSA authorization control instruction; Specifically comprise:

If described RSA authorization function module is received the RSA authorization control instruction of agreeing to terminal to carry out RSA key mandate, terminal is carried out to RSA key mandate;

If described RSA authorization function module is received refusal and terminal is carried out to the RSA authorization control instruction of RSA key mandate, terminal do not carried out to RSA key mandate.

Preferably, described device also comprises: communication connection module, for establishing a communications link with server;

Described communication connection module comprises communication interface and communication connection administration module; Described and server establishes a communications link, and specifically comprises:

Connect the USB interface of described communication interface and server by data wire, set up the physical connection of data communication;

Whether the USB debug function of described communication connection administration module sense terminals opens;

If so, terminal and server are set up preliminary data communication, import described the first enciphered data from server;

Otherwise described communication connection administration module sends communication connection abnormal prompt information, reminding subscriber terminal is not opened USB debug function, cannot connection server; Whether continue the USB debug function of sense terminals opens.

Preferably, described device also comprises instruction inputting interface and control command processing module; Described communication connection administration module connects described control command processing module, and described control command processing module connects described instruction inputting interface;

In the time that the USB of terminal locking and terminal debug function is not opened, if the control command of the USB debug function of described instruction inputting interface input unlatching terminal detected, open immediately the USB debug function of terminal, specifically comprise:

The instruction inputting interface opening a terminal;

Described control command processing module detects and judges that whether the control command of described instruction inputting interface input is identical with the control command of the unlatching USB debug function setting in advance; If identical, the USB debug function of terminal is opened in described control command processing module control;

Wherein, described instruction inputting interface is for providing user's one input to open the operation interface of the control command of USB debug function.

Preferably, openable number dial or emergency dialing dish when described instruction inputting interface comprises terminal locking.

The third aspect, obtains the system of RSA key mandate while the invention provides a kind of terminal locking, comprise terminal and server;

Described terminal comprises: memory, RSA authorization function module and data processing module;

Wherein, unique characteristic information that described initial data is terminal, described the first enciphered data is server is encrypted rear acquisition data to unique characteristic information of the terminal of obtaining.

Preferably, described server comprises: encrypting module, information storage module and characteristic information inputting interface;

Information storage module is for storing unique characteristic information and described first enciphered data of the terminal of obtaining; Characteristic information inputting interface is for providing the inputting interface of unique characteristic information of filling terminal; Encrypting module, for unique characteristic information of the terminal of filling is carried out to data encryption, generates the first enciphered data.

Described encryption and decryption modular converter connects described memory, for described initial data is encrypted, obtains the second enciphered data; Described Data Matching module connects described encryption and decryption modular converter, for described the second enciphered data and described the first enciphered data are compared, and exports the instruction of corresponding RSA authorization control according to comparative result;

Preferably, described server also comprises USB interface; Described terminal also comprises communication connection module;

Described communication connection module comprises communication interface and communication connection administration module, for establishing a communications link with server, specifically comprises:

Connect described communication interface and described USB interface by data wire, set up the physical connection of data communication;

Preferably, described terminal also comprises instruction inputting interface and control command processing module; Described communication connection administration module connects described control command processing module, and described control command processing module connects described instruction inputting interface;

The instruction inputting interface opening a terminal;

Described control command processing module detects and judges that whether the control command of described instruction inputting interface input is identical with the control command of the unlatching USB debug function setting in advance; If identical, the USB debug function of terminal is opened in described control command processing module control.

Preferably, unique characteristic information of described filling terminal, specifically comprises:

Terminal and server are set up after preliminary data communication, and server sends the acquisition of information instruction with identifying code toward terminal;

Terminal receives described acquisition of information instruction, and identifying code is verified;

After being verified, from described memory, obtaining unique characteristic information of terminal and be sent to server;

Server receives unique characteristic information of terminal, and automatic filling is to described characteristic information inputting interface.

The instruction inputting interface opening a terminal;

Obtain the control command of unique characteristic information of terminal in described instruction inputting interface input;

Described control command processing module detects and judges that whether obtain instruction at the control command of described instruction inputting interface input and the unique characteristic information setting in advance identical; If identical, unique characteristic information of described instruction inputting interface reading terminals from described memory, and in described instruction inputting interface unique characteristic information of display terminal.

Unique characteristic information of the terminal of demonstration is manually filled to described characteristic information inputting interface.

Preferably, described terminal comprises smart mobile phone, E-book reader, MP3 player, MP4 player and panel computer.

Preferably, unique characteristic information of described terminal comprises: the user identity card number of the equipment identities identification number of terminal and/or product ID and/or mobile device international identity code and/or binding terminal.

Preferably, described terminal also comprises release interface, for instruction inputting interface start button is provided, opens described instruction inputting interface by triggering described instruction inputting interface start button.

Beneficial effect of the present invention: terminal obtains from server the first enciphered data that server generates according to unique characteristic information of terminal, what adopt due to the data encrypting and deciphering of terminal and server is identical algorithms, ensure data security, make to adopt other servers of non-algorithm or terminal cannot obtain the data message of this terminal, simultaneously, in the time that both all adopt this algorithm, can make terminal cannot eject RSA authorized window in locking time, by the data message of matched termination and server, make terminal under the situation without unlocking, also can automatically carry out RSA mandate, setting up ADB connects, then connect and carry out derived data or remove terminal locking password by ADB, and without carrying out brush machine or other complicated mode releases, use more convenient, meet user's demand.

Brief description of the drawings

Fig. 1 is the terminal of the first embodiment method flow diagram that obtains RSA key mandate in the time of screen locking.

Fig. 2 is the method flow diagram whether unique characteristic information that judges the first enciphered data and terminal of the first embodiment mates.

Fig. 3 is the terminal of the second embodiment method flow diagram that obtains RSA key mandate in the time of screen locking.

Fig. 4 is the terminal of the 3rd embodiment method flow diagram that obtains RSA key mandate in the time of screen locking.

Fig. 5 is the method flow diagram of opening the USB debug function of terminal under the screen lock state of the 3rd embodiment.

Fig. 6 is the first method flow chart that the server of the 4th embodiment generates the first enciphered data.

Fig. 7 is the second method flow chart that the server of the 4th embodiment generates the first enciphered data.

Fig. 8 is the system flow chart that obtains RSA key mandate under the screen lock state of the 5th embodiment.

In figure: 10, server; 11, processor; 12, information storage module; 13, encrypting module; 14, characteristic information inputting interface; 15, USB interface; 20, terminal; 21, communication connection module; 22, memory; 23, data processing module; 24, control command processing module; 25, RSA authorization function module; 26, instruction inputting interface; 27, release interface; 211, communication interface; 212, communication connection administration module; 231, encryption and decryption modular converter; 232, Data Matching module.

Embodiment

Further illustrate technical scheme of the present invention below in conjunction with accompanying drawing and by specific embodiment.Be understandable that, specific embodiment described herein is only for explaining the present invention, but not limitation of the invention.It also should be noted that, for convenience of description, in accompanying drawing, only show part related to the present invention but not full content.

Further illustrate technical scheme of the present invention below in conjunction with accompanying drawing and by specific embodiment.

In embodiments of the invention, unique characteristic information of terminal 20 comprises device id (Identification, identify label number), SN (Serial Number, product ID), IMEI (International Mobile Equipment Identification Number, mobile device international identity code), the user identity card of binding terminal No. 20 waits one or more in characteristic information, this unique characteristic information is for indicating and identification terminal 20, , terminal 20 and unique characteristic information are one to one, the terminal 20 that unique characteristic information is corresponding unique, there is not the situation of obscuring and repeating.

In embodiments of the invention, terminal 20 is for possessing the intelligent terminal 20 of data processing function, comprise smart mobile phone, E-book reader, MP3 (the Moving PictureExperts Group Audio Layer III of the system that possesses RSA key authorization function, dynamic image expert compression standard audio frequency aspect 3) player, MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert compression standard audio frequency aspect 4) player, PC, panel computer etc.

In embodiments of the invention, the locking of terminal 20 is that a kind of utilization arranges password the use of terminal 20 is carried out to the lock function of the security protection such as secret of security limitations, personal information.The form of expression can have multiple, and as the screen locking mode such as forbid that user operates, when terminal 20 needs release, the unlocking pin that needs input to specify, as fixing release gesture or numerical ciphers etc.

Wherein, RSA is a kind of cryptographic algorithm, is to be proposed together with Leonard Adleman tri-people by Ron Rivest, Adi Shamir for 1977, and RSA is exactly the alphabetical compositions that are stitched together of their three people's surname beginnings.RSA be first can be simultaneously for encrypting and the algorithm of digital signature, also easy to understand and operation.

It should be noted that, different terminals 20 can be used different operating interface, as the form of expression of instruction inputting interface 26 may be distinguished to some extent; The means that key entry instruction adopts are distinguished to some extent, as keyed in instruction for the touch-control by touch-screen, can be also instruction by a keyboard entry; To those skilled in the art, its principle is identical or close, all belongs to protection scope of the present invention.

Embodiment mono-:

When terminal 20 is during in unlocked state, while now connection between terminal 20 and server 10, RSA authorized window can normally show, user can normal running carry out RSA key mandate, connect thereby normally set up ADB, between terminal 20 and server 10, can carry out normal data interaction.

But in the time that terminal 20 is in the lock state; when terminal 20 is connected with server 10; RSA authorized window is conductively-closed; make server 10 cannot obtain the data of terminal 20; to play the object of protection user data or privacy; need first release to carry out associative operation to RSA authorized window, authorize to obtain RSA.But, if user oneself forget terminal 20 unlocking pin and cannot release, can be by adopting the present embodiment that the method for obtaining RSA key mandate of a kind of terminal 20 in the time locking is provided, make terminal 20 can realize and obtain RSA key mandate in the time of screen locking, to obtain the data of terminal 20 or to realize the operations such as the elimination of the screen locking password of terminal 20.

Please refer to Fig. 1, Fig. 1 is the terminal 20 of the first embodiment method flow diagram that obtains RSA key mandate in the time of screen locking.The method comprises:

Step S110, terminal 20 establish a communications link with server 10.

The mode that realizes the communication connection of terminal 20 and server 10 can have multiple, and modal is wired connection and wireless connections.Wireless connections comprise bluetooth, NFC (Near Field Communication, near-field communication) etc.The present embodiment adopts wired connection mode, is connected to server 10 by data wire, and what data wire adopted is usb data line, connects respectively the USB interface of terminal 20 and server 10 by data wire, realizes communication connection and data communication.

The control command of the first enciphered data is obtained in step S120, input.

When terminal 20 establishes a communications link with server 10, the screen of terminal 20 can enter release interface 27 automatically, if now terminal 20 does not enter release interface 27 in power down mode, also can trigger and make terminal 20 enter release interface 27 by buttons such as power key, HOME keys.

If terminal 20 enters release interface 27, be arranged at the instruction inputting interface start button at release interface 27 by touch-control, recall the instruction inputting interface 26 of terminal 20.It is multiple that the arranging of the touch control manner of instruction inputting interface start button can have, can open command inputting interface 26 as click commands inputting interface start button, drag the icon open command inputting interface 26 of instruction inputting interface start button etc.

After instruction inputting interface 26 is opened, can input relevant control command at instruction inputting interface 26.The control command of the first enciphered data is obtained in input, and the control command of obtaining the first enciphered data as predefined is " * #67766776001# ", and after terminal 20 detects that control command input is errorless, terminal 20 starts to import the first enciphered data from server 10.

Step S130, obtain the first enciphered data from server 10.

Before terminal 20 and server 10 are not set up ADB and are connected, server 10 cannot obtain from terminal 20 user's data, terminal 20 also cannot be obtained data from server 10, in the present embodiment, setting terminal 20 is not set up before ADB is connected and is set up specific message channel with server 10, transmit specific data by specific control command control terminal 20 and server 10, as the first enciphered data of unique characteristic information of terminal 20, server 10 etc.

Concrete, in step S120, if terminal 20 detects that to obtain the control command input of the first enciphered data errorless, terminal 20 sends the request message of the first enciphered data to server 10, after server 10 is verified, terminal 20 starts to import the first enciphered data from server 10.

Step S140, judge whether unique characteristic information of the first enciphered data and terminal 20 mates.

Import to after terminal 20 in the first enciphered data, unique characteristic information of the data processing module 23 of terminal 20 reading terminals 20 from local memory 22, and the first enciphered data and unique characteristic information are mated.

Please refer to Fig. 2, Fig. 2 is the method flow diagram whether unique characteristic information that judges the first enciphered data and terminal 20 of the first embodiment mates.

Step S140 specifically comprises:

S141, encryption and decryption modular converter 231 are decrypted the first enciphered data, obtain data decryption information.

The encryption method correspondence of the decryption method of encryption and decryption modular converter 231 and server 10, or the algorithm that both adopt is identical.

S142, unique characteristic information of data decryption information and terminal 20 is compared, judge that whether both are identical.

The first enciphered data is that server 10 is encrypted generation according to unique characteristic information of terminal 20, and encryption and decryption modular converter 231 is decrypted the data decryption information of rear acquisition to the first enciphered data should be identical with unique characteristic information of terminal 20.

If S143 is identical, show that the first enciphered data mates with unique characteristic information of terminal 20; Enter step S150.

S144 otherwise, show that the first enciphered data do not mate with unique characteristic information of terminal 20; Enter step S160.

Algorithm or mode that the encryption of the encrypting module 13 of encryption and decryption modular converter 231 and server 10 or deciphering adopt are identical.That is, for an initial data, after the encrypting module 13 of server 10 is encrypted, be sent in terminal 20, the encryption and decryption modular converter 231 of terminal 20 can obtain this initial data after deciphering.If the initial data of obtaining is wrong or different, show that terminal 20 and server 10 do not mate.Adopt the mode of this data encrypting and deciphering to carry out the risk that data communication can prevent that data from revealing.

If step S150 coupling, carries out RSA key mandate to terminal 20.

The algorithm of data encryption or mode have a lot, and generally all can there be own unique data ciphering method in manufacturer.If unique characteristic information coupling of the first enciphered data and terminal 20, shows that server 10, for the after market equipment corresponding to terminal 20, sends the RSA authorization control instruction of agreeing to terminal 20 to carry out RSA key mandate, terminal 20 is carried out to RSA key mandate.

If step S160 does not mate, terminal 20 is not carried out to RSA key mandate.

If unique characteristic information of the first enciphered data and terminal 20 does not mate, illustrate that server 10 is that after market equipment or the unique characteristic information that does not correspond to terminal 20 obtains the abnormal causes such as wrong, terminal 20 assert that present case is abnormal conditions, does not carry out RSA key mandate to terminal 20.

In the present embodiment, the server 10 corresponding to terminal 20 of same type, server 10 is the after market equipment corresponding to terminal 20, after market equipment is generally official, there is not the situation of intentional leakage privacy of user, so adopt the method for the present embodiment only just can come into force between corresponding terminal 20 and server 10, can not cause customer information to leak, in the situation that user oneself forgets Password, without manually carrying out the operations such as clearing password by brush machine or other complexity, can greatly alleviate personnel's workload after sale, greatly save the time.

For above-mentioned steps, be understandable that, wherein, step S120 is the step that can save, after terminal 20 establishes a communications link with server 10, automatic transmission can be set obtain the control signal of the first enciphered data, and obtain instruction without receiving to input, obtain the first enciphered data from server.

Embodiment bis-:

Please refer to Fig. 3, Fig. 3 is the terminal 20 of the second embodiment method flow diagram that obtains RSA key mandate in the time of screen locking.The method comprises:

Step S110, terminal 20 establish a communications link with server 10.

The mode that realizes the communication connection of terminal 20 and server 10 can have multiple, and modal is wired connection and wireless connections.Wireless connections comprise bluetooth, NFC (Near Field Communication, near-field communication) etc.The present embodiment adopt be wired connection mode, use be to be connected to server 10 by data wire, data wire adopt be usb data line, connect respectively the usb 15 of terminal 20 and server 10 by data wire, realize communication connection and data communication.

Step S130, obtain the first enciphered data from server 10.

Step S140 specifically comprises:

S145, encryption and decryption modular converter 231 are encrypted unique characteristic information of terminal 20, generate the second enciphered data.

The encryption method of encryption and decryption modular converter 231 is identical with the encryption method of server 10, or the algorithm that both adopt is identical.

S146, the second enciphered data and the first enciphered data are compared, judge that whether both are identical.

The first enciphered data and the second enciphered data are all the cipher modes of sampling identical algorithms, if the initial data before the unencryption that both adopt is identical, the first enciphered data and the second enciphered data also should be identical.If the initial data before the unencryption that both adopt is not identical, the first enciphered data and the second enciphered data should be not identical yet.

If S147 is identical, the first enciphered data is mated with unique characteristic information of terminal 20; Enter step S150.

S148 otherwise, enciphered data is not mated with unique characteristic information of terminal 20; Enter step S160.

The mode of the enciphered data that wherein, server 10 adopts with terminal 20 is identical.

If step S150 coupling, carries out RSA key mandate to terminal 20.

If unique characteristic information coupling of the first enciphered data and terminal 20 illustrates that server 10 is for the after market equipment corresponding to terminal 20, terminal 20 sends the RSA authorization control instruction of agreeing to mandate, and terminal 20 is carried out to RSA key mandate.

If step S160 does not mate, terminal 20 is not carried out to RSA key mandate.

Embodiment tri-:

In the first embodiment and the second embodiment, if terminal 20 is not opened USB function debugging function, the communication connection that terminal 20 and server 10 cannot be set up USB, can not set up specific message channel, cannot transmit as data such as the first enciphered datas of unique characteristic information of terminal 20, server 10.Therefore, be in the lock state in terminal 20, and USB function debugging function is not while opening, needs in the time of lock-out state, to open the method for USB function debugging function.

Please refer to Fig. 4, the method flow diagram that obtain RSA key mandate of the terminal 20 of Fig. 4 the 3rd embodiment in the time of screen locking.

Step S110, terminal 20 establish a communications link with server 10.

Terminal 20 is connected to server 10 by data wire, and what data wire adopted is usb data line, connects respectively the usb 15 of terminal 20 and server 10 by data wire, realizes communication connection and data communication.

Step S110 specifically comprises:

Step S111, terminal 20 are connected to the usb 15 of server 10 by data wire.

Step S112, data wire successful connection, whether the USB debug function of sense terminals 20 opens, if open, enters step S113; Otherwise terminal 20 and server 10 are set up data communication failure, enter step S114.

Step S113, terminal 20 and server 10 are tentatively set up data communication, enter step S120.

If the USB debug function of terminal 20 is opened, terminal 20 and server 10 are tentatively set up after data communication, can mutually transmit specific message and data according to presetting some specific instructions, as unique characteristic information, first enciphered data etc. of the request message of the first enciphered data, terminal 20.

Step S114, send USB and connect abnormal prompt information, return to step S112.

If the USB debug function of terminal 20 is not opened, terminal 20 and server 10 cannot be set up data communication, terminal 20 and server 10 can not carry out information interaction, terminal 20 can be sent USB and connect abnormal prompt information, this USB connects abnormal prompt information can show to point out user USB debug function not open in release interface 27 or screen, return to step S112 simultaneously, continue the USB debug function of sense terminals 20 and whether open.

The control command of the first enciphered data is obtained in step S120, input.Specifically comprise:

Step S121,20 instruction inputting interface 26 opens a terminal.

When terminal 20 establishes a communications link with server 10, the screen of terminal 20 can enter release interface 27 automatically.If now terminal 20 does not enter release interface 27 in power down mode, also can trigger and make terminal 20 enter release interface 27 by buttons such as power key, HOME keys.

If terminal 20 enters release interface 27, be arranged at the instruction inputting interface start button at release interface 27 by touch-control, recall the instruction inputting interface 26 of terminal 20.It is multiple that the arranging of the touch control manner of instruction inputting interface start button can have, as click commands inputting interface start button can open command inputting interface 26, drag the icon open command inputting interface 26 etc. of instruction inputting interface start button.

The control command of the first enciphered data is obtained in step S122, input.

After instruction inputting interface 26 is opened, can input relevant control command at instruction inputting interface 26.If now obtain the control command of the first enciphered data in 26 inputs of instruction inputting interface, after the control command processing module of terminal 20 confirms that input is errorless, the request message that terminal 20 can be sent toward server 10 the first enciphered data, obtains the first enciphered data.

Instruction inputting interface 26 can be different according to the different hardware environment forms of expression, as adopted the terminal 20 with peripheral hardware keyboard, after entry instruction inputting interface 26, can allow user to use keyboard to key in dependent instruction; If adopt the not terminal 20 of the touch-screen with peripheral hardware keyboard, the subsidiary touch control keyboard of instruction inputting interface 26 allows to input dependent instruction by touch-control on touch-screen.

Wherein, the subsidiary touch control keyboard of instruction inputting interface 26 is number dial or emergency dialing dish.

Step S123, import the first enciphered data from server 10.

Server 10 is received the request message of the first enciphered data, after being verified, obtains the first enciphered data from information storage module 12, and by this data importing terminal 10.

Step S130, obtain the first enciphered data from server 10.

Before terminal 20 and server 10 are not set up ADB and are connected, server 10 cannot obtain user data from terminal 20, in the present embodiment, can not set up before ADB is connected and set up specific message channel with server 10 by setting terminal 20, terminal 20 is connected with server 10 but does not set up before ADB connects to transmit specific data, as the first enciphered data of unique characteristic information of terminal 20, server 10 etc.

Terminal 20 imports the first enciphered data from server 10, after the first enciphered data imports successfully, these data is stored in to local memory 22.

Import to after terminal 20 in the first enciphered data, unique characteristic information of the data processing module 23 of terminal 20 reading terminals 20 from local memory 22, judges whether unique characteristic information of the first enciphered data and terminal 20 mates.

If step S150 coupling, carries out RSA key mandate to terminal 20.

If unique characteristic information coupling of the first enciphered data and terminal 20, illustrates that server 10 is for the after market equipment corresponding to terminal 20, terminal 20 sends the instruction of RSA authorization control, and terminal 20 is carried out to RSA key mandate.

If step S160 does not mate, terminal 20 is not carried out to RSA key mandate.

If unique characteristic information of the first enciphered data and terminal 20 does not mate; illustrate that server 10 obtains wrong etc. for not corresponding to the after market equipment of terminal 20 or unique characteristic information; terminal 20 assert that present case is abnormal conditions; terminal 20 is not carried out to RSA key mandate, play the object of protection user data.

In step S114, owing to not opening the USB debug function of terminal 20, terminal 20 and server 10 connection failures, if now will open the USB debug function of terminal 20, can carry out following method realization.

Step S114 also can replace with: the USB debug function of automatically opening terminal.Open without artificially going again.

Please refer to Fig. 5, Fig. 5 is the method flow diagram of opening the USB debug function of terminal 20 under the screen lock state of the 3rd embodiment.

Step S210,20 instruction inputting interface 26 opens a terminal.

The similar step S121 of operating procedure, if when terminal 20 locks, the USB debug function of terminal 20 is not opened, 20 instruction inputting interface 26 opens a terminal for 27 times at release interface.

Step S220, open the control command of USB debug functioies in instruction inputting interface 26 input.

Open the control command of USB debug functioies in instruction inputting interface 26 input, this control command can be by presetting, as: set this control command for " * #66776676 ".

Step S230, unlatching USB debug function.

Terminal 20 detects that whether the instruction that instruction inputting interface 26 inputs is consistent with the control command of the unlatching USB debug function setting in advance, and as unanimously, opens immediately USB debug function.

Embodiment tetra-:

Please refer to Fig. 6, Fig. 6 is the first method flow chart that the server 10 of the 4th embodiment generates the first enciphered data.The method comprises:

Step S300, server 10 establish a communications link with terminal 20.

Step S301, server 10 send with the characteristic information of identifying code and obtain instruction toward terminal 20.

Server 10 sends with the characteristic information of identifying code and obtains instruction toward terminal 20, and terminal 20 receives this characteristic information and obtains instruction, and the identifying code that this instruction is subsidiary is verified; Be verified rear unique characteristic information toward server 10 transmitting terminals 20; Verify obstructed later not toward unique characteristic information of server 10 transmitting terminals 20.

Step S302, server 10 receive unique characteristic information of terminal 20, automatic filling characteristic information inputting interface 14.

The encryption function of step S303, startup encrypting module 13, carries out data encryption to unique characteristic information of the terminal 20 that is filled in characteristic information inputting interface 14, generates the first enciphered data.

Please refer to Fig. 7, Fig. 7 is the second method flow chart that the server 10 of the 4th embodiment generates the first enciphered data.The method comprises:

Step S310,20 instruction inputting interface 26 opens a terminal.

Step S311, in the 26 input feature vector acquisition of information instructions of instruction inputting interface.

Characteristic information obtains instruction can be by presetting, as set instruction inputting interface 26 and input " * #677666776001# ", terminal 20 detects that instruction inputting interface 26 inputted as above information, after the 24 detection inputs of control command processing module are errorless, unique characteristic information of instruction inputting interface 26 reading terminals 20 from local memory 22.

Step S312, terminal 20 detect instruction input errorless after, unique characteristic information of display terminal 20 on instruction inputting interface 26 or release interface 27.

Step S310, S311 and S312 are the method step that obtains unique characteristic information of terminal 20, and in addition, the mode of unique characteristic information of obtaining terminal 20 is multiple in addition, as the packing box by product etc.

Step S313, on the characteristic information inputting interface 14 of server 10, manually type in shown unique characteristic information.

The function that step S314, encrypting module 13 log-on datas are encrypted, carries out data encryption to unique characteristic information of keying in, generates the first enciphered data.

In the present embodiment, server 10 can be by manually inputting the mode of unique characteristic information at characteristic information inputting interface 14, also can obtain unique characteristic information automatic filling characteristic information inputting interface 14 and automatically generate the first enciphered data from terminal 20 by data wire, whole RSA key licensing process can be completed automatically, meet user's diversified demand.

In the present embodiment, encrypting module 13 is for being installed on an after-sale service tool software on server 10, this software is with human-computer interaction interface, it is the characteristic information inputting interface 14 in the present embodiment, in this interface, the input mode of characteristic information has two kinds, one is automatic filling characteristic information, one is manual input feature vector information, when completing after the input of characteristic information, the enciphered data of clicking or trigger this software generates button, starts the characteristic information content of input to be encrypted, and generates the first enciphered data.

Embodiment five:

Please refer to Fig. 8, Fig. 8 is the system flow chart that obtains RSA key mandate under the screen lock state of the 5th embodiment.This system comprises: the terminal 20 with RSA authorization function and the server 10 that can carry out data encryption.

Terminal 20 comprises: communication connection module 21, memory 22, data processing module 23, control command processing module 24, RSA authorization function module 25, instruction inputting interface 26 and release interface 27.Wherein, data processing module 23 comprises encryption and decryption modular converter 231 and Data Matching module 232.

Concrete, communication connection module 21 comprises communication interface 211 and communication connection administration module 212, the communication connection for office terminal 20 with server 10.Wherein, communication interface 211 is the interface of USB type, while establishing a communications link with server 10, communication interface 211 is by the usb 15 of data wire connection server 10, be used for transmitting data, memory 22 connects communication connection modules 21, for unique characteristic information of storage terminal and the first enciphered data of obtaining from server 10.The algorithm that encryption and decryption modular converter 231 adopts is identical with the algorithm that the encrypting module 13 at server 10 adopts, for data are carried out to enciphering/deciphering.Data processing module 23 is for the data of terminal are carried out to relevant treatment, as judged, whether the first enciphered data is mated, data are carried out to enciphering/deciphering etc. with unique characteristic information of terminal.Control command processing module 24 is for according to the corresponding instruction of Information generation of input and process dependent instruction information, the information of input is included as the key entry information of instruction inputting interface 26, in the present embodiment, human-computer interaction interface comprises release interface 27 and instruction inputting interface 26.RSA authorization function module 25 connection data matching modules 232, determine whether terminal 20 to carry out RSA key mandate for the RSA authorization control instruction of sending according to Data Matching module 232.

Concrete, instruction inputting interface 26 comprises openable number dial or emergency dialing dish when terminal 20 locks, this number dial or emergency dialing dish provide load button, for providing user to input the control command that starts encryption and decryption modular converter 231.Release interface 27 comprises instruction inputting interface start button, by triggering this instruction inputting interface start button open command inputting interface 26.

Concrete, encryption and decryption modular converter 231, for deciphering the first enciphered data, obtains data decryption information.Data Matching module 232 is for judging whether the first enciphered data mates with unique characteristic information of terminal 20.Wherein, judge that the first enciphered data specifically comprises with the method whether unique characteristic information of terminal 20 mates:

Data Matching module 232 compares unique characteristic information of data decryption information and terminal 20, judges that whether both are identical; If identical, show that described the first enciphered data mates with unique characteristic information of terminal 20; Otherwise, show that described the first enciphered data do not mate with unique characteristic information of terminal 20.

Concrete, encryption and decryption modular converter 231 connects the memory 22 of terminal 20, can be from the memory of terminal 20 22 unique characteristic information of reading terminals 20; Encryption and decryption modular converter 231 also can be used for unique characteristic information to carry out data encryption, generates the second enciphered data.Data Matching module 232 judges that whether described the first enciphered data mates with unique characteristic information of terminal, also comprises:

Data Matching module 232 compares the second enciphered data and the first enciphered data, judges that whether both are identical; If identical, show that described the first enciphered data mates with unique characteristic information of terminal 20; Otherwise, show that described the first enciphered data do not mate with unique characteristic information of terminal 20.

Concrete, communication connection module 21 comprises communication interface 211 and communication connection administration module 212.Communication interface 211 is by the usb 15 of data wire connection server 10, for establishing a communications link with server 10.The communication connection with server 10 for office terminal 20 of communication connection administration module 212; Specifically comprise:

Whether the USB debug function of communication connection administration module 212 sense terminals 20 opens; If so, terminal 20 establishes a communications link with server 10; Otherwise terminal 20 is sent communication connection abnormal prompt information, reminding subscriber terminal 20 is not opened USB debug function, cannot connection server 10; Whether continue the USB debug function of sense terminals 20 opens.

Wherein, RSA authorization function module 25 obtains the agreement that Data Matching module 232 sends and terminal 20 is carried out, after the RSA authorization control instruction of RSA key mandate, just carry out RSA key mandate.

Concrete, control command processing module 24, in the time receiving the control command of the USB debug function of opening terminal 20, is opened the USB debug function of terminal 20.

Concrete, server 10 comprises: processor 11, information storage module 12, encrypting module 13, characteristic information inputting interface 14 and usb 15.

Wherein, the first enciphered data that information storage module 12 generates for unique characteristic information and the server 10 of storage terminal 20; Characteristic information inputting interface 14 is for providing the inputting interface of unique characteristic information of input terminal 20; Encrypting module 13, for the information of inputting at characteristic information inputting interface 14 is carried out to data encryption, generates the first enciphered data.

Characteristic information inputting interface 14 provides the mode of two kinds of input messages.

First kind of way is specially:

Server 10 sends the acquisition of information instruction with identifying code toward terminal 20; Terminal 20 receives this acquisition of information instruction, and identifying code is verified; After being verified, terminal 20 is toward unique characteristic information of server 10 transmitting terminals 20; Server 10 receives unique characteristic information of terminal 20, and automatic filling is to the characteristic information inputting interface 14 of encrypting module 13.

The second way is specially:

Obtain unique characteristic information of terminal 20 from the instruction inputting interface 26 of terminal 20; Unique characteristic information of terminal 20 is filled to characteristic information inputting interface 14.

The unique characteristic information that obtains terminal 20 from the instruction inputting interface 26 of terminal 20, specifically comprises: 20 instruction inputting interface 26 opens a terminal; Input unique characteristic information at instruction inputting interface 26 and obtain instruction; Terminal 20 receives that this unique characteristic information obtains after instruction, at unique characteristic information of instruction inputting interface 26 display terminals.

The human-computer interaction interface of the present embodiment, can be provided by the intelligent terminal with touch-screen, and this touch-screen comprises resistive touch screen and capacitive touch screen.

One of ordinary skill in the art will appreciate that all or part of step that realizes above-described embodiment can complete by hardware, also can carry out the hardware that instruction is relevant by program completes, this program can be stored in a readable storage medium storing program for executing, and storage medium can comprise memory, disk or CD etc.

The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.

Claims

1. obtain a method for RSA key mandate when terminal locking, it is characterized in that, comprising:

Obtain the first enciphered data that imports terminal;

Obtain the initial data before encryption;

The first enciphered data is mated with initial data;

If the match is successful, terminal is carried out to RSA key mandate;

If it fails to match, terminal is not carried out to RSA key mandate;

2. method according to claim 1, is characterized in that, described step: described the first enciphered data is mated with described initial data, specifically comprise:

If identical, the match is successful;

Otherwise it fails to match.

3. method according to claim 1, is characterized in that, described step: described the first enciphered data is mated with described initial data, specifically comprise:

If identical, the match is successful;

Otherwise it fails to match;

4. according to the method in claim 2 or 3, it is characterized in that, described in obtain and import the first enciphered data of terminal before, also comprise: establish a communications link with server;

Whether the USB debug function of sense terminals opens;

Otherwise, sending communication connection abnormal prompt information, reminding subscriber terminal is not opened USB debug function, cannot connection server; Whether continue the USB debug function of sense terminals opens.

5. method according to claim 4, it is characterized in that, also comprise: in the time that the USB of terminal locking and terminal debug function is not opened, open the control command of the USB debug function of terminal if the instruction inputting interface input of terminal detected, the USB debug function of opening immediately terminal, specifically comprises:

The instruction inputting interface opening a terminal;

6. method according to claim 1, is characterized in that, terminal comprises smart mobile phone, E-book reader, MP3 player, MP4 player and panel computer.

7. method according to claim 1, is characterized in that, described unique characteristic information comprises: the user identity card number of the equipment identities identification number of terminal and/or product ID and/or mobile device international identity code and/or binding terminal.

8. obtain a device for RSA key mandate when terminal locking, it is characterized in that, comprising: memory, RSA authorization function module and data processing module;

9. device according to claim 8, is characterized in that, described data processing module comprises: encryption and decryption modular converter and Data Matching module;

10. device according to claim 8, is characterized in that, described data processing module comprises: encryption and decryption modular converter and Data Matching module;

11. according to the device described in claim 9 or 10, it is characterized in that, describedly determines whether terminal is carried out to RSA key mandate according to described RSA authorization control instruction; Specifically comprise:

12. devices according to claim 11, is characterized in that, also comprise: communication connection module, for establishing a communications link with server;

13. devices according to claim 12, is characterized in that, also comprise instruction inputting interface and control command processing module; Described communication connection administration module connects described control command processing module, and described control command processing module connects described instruction inputting interface;

The instruction inputting interface opening a terminal;

14. devices according to claim 8, is characterized in that, terminal comprises smart mobile phone, E-book reader, MP3 player, MP4 player and panel computer.

15. devices according to claim 8, is characterized in that, described unique characteristic information comprises: the user identity card number of the equipment identities identification number of terminal and/or product ID and/or mobile device international identity code and/or binding terminal.

16. devices according to claim 13, is characterized in that, openable number dial or emergency dialing dish when described instruction inputting interface comprises terminal locking.

The system of obtaining RSA key mandate when 17. 1 kinds of terminal lockings, is characterized in that, comprises terminal and server;

18. systems according to claim 17, is characterized in that, described server comprises: encrypting module, information storage module and characteristic information inputting interface;

19. systems according to claim 18, is characterized in that, described data processing module comprises: encryption and decryption modular converter and Data Matching module;

20. systems according to claim 18, is characterized in that, described data processing module comprises: encryption and decryption modular converter and Data Matching module;

21. according to the system described in claim 19 or 20, it is characterized in that, describedly determines whether terminal is carried out to RSA key mandate according to described RSA authorization control instruction; Specifically comprise:

22. systems according to claim 21, is characterized in that, described server also comprises USB interface; Described terminal also comprises communication connection module;

23. systems according to claim 22, is characterized in that, described terminal also comprises instruction inputting interface and control command processing module; Described communication connection administration module connects described control command processing module, and described control command processing module connects described instruction inputting interface;

The instruction inputting interface opening a terminal;

24. systems according to claim 23, is characterized in that, unique characteristic information of described filling terminal, specifically comprises:

25. systems according to claim 23, is characterized in that, unique characteristic information of described filling terminal, specifically comprises:

The instruction inputting interface opening a terminal;

26. systems according to claim 17, is characterized in that, described terminal comprises smart mobile phone, E-book reader, MP3 player, MP4 player and panel computer.

27. systems according to claim 17, is characterized in that, unique characteristic information of described terminal comprises: the user identity card number of the equipment identities identification number of terminal and/or product ID and/or mobile device international identity code and/or binding terminal.

28. according to the system described in claim 24 or 25, it is characterized in that, described terminal also comprises release interface, for instruction inputting interface start button is provided, opens described instruction inputting interface by triggering described instruction inputting interface start button.

29. systems according to claim 28, is characterized in that, openable number dial or emergency dialing dish when described instruction inputting interface comprises terminal locking.