CN103973437B

CN103973437B - The method, apparatus and system of RSA key mandate are obtained when a kind of terminal locking

Info

Publication number: CN103973437B
Application number: CN201410212280.2A
Authority: CN
Inventors: 鲁强; 余骢骢
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2014-05-19
Filing date: 2014-05-19
Publication date: 2018-07-20
Anticipated expiration: 2034-05-19
Also published as: CN103973437A

Abstract

The invention discloses when a kind of terminal locking obtain RSA key mandate method, apparatus and system, the method includes：The first encryption data for importing terminal and initial data before encrypting are obtained, the first encryption data is matched with initial data, if successful match, RSA key mandate is carried out to terminal, otherwise RSA key mandate is not carried out to terminal.The present invention can make terminal when locking can not pop up RSA authorized windows, pass through the data information of reflexless terminal and server, make terminal that can also carry out RSA mandates automatically in the case of without unlocking, set up ADB connections, then export data are carried out by ADB connections or removes terminal locking password, it is unlocked without carrying out brush machine or other complicated modes, using more convenient, meets the demand of user.

Description

The method, apparatus and system of RSA key mandate are obtained when a kind of terminal locking

Technical field

The present invention relates to the data safeties of intelligent terminal to protect field, and in particular to it is close that RSA is obtained when a kind of terminal locking The method, apparatus and system of key mandate.

Background technology

Android system also known as Android system, are a kind of freedom based on Linux and the operating system of open source code, It is mainly used in mobile device and various intelligent terminals, such as smart mobile phone and tablet computer, by Google companies and opens mobile phone Alliance leads and exploitation.Currently, Google updates in the android system of new version is added to RSA key mandate, it is equipped with The intelligent terminal of android system only could normally establish ADB (Android by RSA key mandate Debug Bridge, Android debug bridge) connection.Wherein, by ADB, we can debug Android program, be Android system A kind of debugging acid.

When intelligent terminal is under lock-out state or screen lock state, which is shielded, makes intelligent terminal not The purpose that user data can not be obtained when allowing through user plays the role of data safety protection.

Although RSA key mandated program is designed based on protection user data.It but in actual use, can It can due to various reasons cause the inconvenience that user itself uses, if user forgets screen-lock password, mobile phone is sent to after sale at this time, is sold After need other paths carry out RSA key mandate, then help user by ADB carry out export data, remove screen-lock password Deng operation.It would therefore be desirable to have a kind of method, can in terminal locking with other by way of carrying out RSA key mandate.

Invention content

The purpose of the present invention is to provide method, apparatus and system that RSA key mandate is obtained when a kind of terminal locking, come Solve the above technical problem.

For this purpose, the present invention uses following technical scheme：

In a first aspect, the present invention provides a kind of method for obtaining RSA key mandate when terminal locking, including：

Obtain the first encryption data for importing terminal；

Obtain initial data before encrypting；

First encryption data is matched with initial data；

If successful match, RSA key mandate is carried out to terminal；

If it fails to match, RSA key mandate is not carried out to terminal；

Wherein, the initial data is the unique features information of terminal, and first encryption data is server to obtaining Terminal unique features information be encrypted after the data that generate.

Preferably, the step：First encryption data is matched with the initial data, is specifically included：

First encryption data is decrypted, ciphertext data information is obtained；

The ciphertext data information is compared with the initial data, judges whether the two is identical；

If identical, successful match；

Otherwise, then it fails to match.

Initial data described in terminal-pair carries out data encryption, generates the second encryption data；

Second encryption data is compared with first encryption data, judges whether the two is identical；

If identical, successful match；

Otherwise, then it fails to match；

Wherein, generate the second encryption data and generate the first encryption data using data encryption by the way of or algorithm phase Together.

Preferably, described to obtain before importing the first encryption data of terminal, further include：Communication link is established with server It connects；

Described established with server communicates to connect, and specifically includes：

Terminal is set to establish the physical connection communicated with server by data line；

Whether the USB debugging functions of detection terminal have been switched on；

It is communicated if so, establishing preliminary data with server, the first encryption data is imported from server；

Otherwise, communication connection abnormal prompt information is sent out, prompts user terminal not open USB debugging functions, can not connect Server；Whether the USB debugging functions for continuing detection terminal have been switched on；

Preferably, the method further includes：When the USB debugging functions of terminal locking and terminal are not opened, if detecting The control instruction of the USB debugging functions of terminal is opened in the instruction input interface input of terminal, and the USB for opening terminal immediately debugs work( Can, it specifically includes：

The instruction input interface opened a terminal；

Whether detection described instruction input interface has the control instruction that USB debugging functions are opened in input；If so, opening eventually The USB debugging functions at end.

Preferably, terminal includes smart mobile phone, E-book reader, MP3 player, MP4 players and tablet computer.

Preferably, the unique features information includes：The equipment identities identification number and/or product ID of terminal and/ Or the user identity card number of mobile device international identity code and/or binding terminal.

Second aspect, the present invention obtain the device of RSA key mandate when providing a kind of terminal locking, including：Memory, RSA authorization functions module and data processing module；

The memory is used to store the first encryption data for importing terminal and initial data before encrypting；The data Processing module is separately connected the memory and the RSA authorization functions module, for by first encryption data with it is described Initial data is matched, and is exported corresponding RSA authorization controls according to matching result and instructed；The RSA authorization functions module For deciding whether to carry out RSA key mandate to terminal according to the RSA authorization controls instruction received；

Preferably, the data processing module includes：Encryption and decryption conversion module and data match module；

The encryption and decryption conversion module connects the memory, for decrypting first encryption data, obtains decryption number It is believed that breath；The data match module connects the encryption and decryption conversion module, is used for the ciphertext data information and the original Beginning data are compared, and are exported corresponding RSA authorization controls according to comparison result and instructed；

It is described to be compared the ciphertext data information with the initial data, and exported accordingly according to comparison result RSA authorization controls instruct, and specifically include：

The data match module obtains the ciphertext data information and the initial data；

If identical, export and agree to that the RSA authorization controls for carrying out RSA key mandate to terminal instruct；

Otherwise, then the RSA authorization controls instruction that refusal carries out terminal RSA key mandate is exported.

The encryption and decryption conversion module connects the memory, for the initial data to be encrypted, generates second Encryption data；The data match module connects the encryption and decryption conversion module, for by second encryption data with it is described First encryption data is compared, and is exported corresponding RSA authorization controls according to comparison result and instructed；

The data match module obtains second encryption data and first encryption data；

Both second encryption data is compared by the data match module with first encryption data, judge It is whether identical；

Otherwise, then the RSA authorization controls instruction that refusal carries out terminal RSA key mandate is exported；

Wherein, generate second encryption data and generate first encryption data using data encryption by the way of or Algorithm is identical.

Preferably, described to decide whether to carry out RSA key mandate to terminal according to RSA authorization controls instruction；Specifically Including：

If the RSA authorization functions module, which receives, agrees to that the RSA authorization controls for carrying out RSA key mandate to terminal instruct, RSA key mandate then is carried out to terminal；

If the RSA authorization functions module receives the RSA authorization controls instruction that refusal carries out terminal RSA key mandate, Then RSA key mandate is not carried out to terminal.

Preferably, described device further includes：Communication connection module is communicated to connect for being established with server；

The communication connection module includes communication interface and communication connection management module；It is described to establish communication link with server It connects, specifically includes：

The USB interface that the communication interface and server are connected by data line establishes the physical connection of data communication；

Whether the USB debugging functions of the communication connection management module detection terminal have been switched on；

It is communicated if so, terminal establishes preliminary data with server, first encryption data is imported from server；

Otherwise, the communication connection management module sends out communication connection abnormal prompt information, and user terminal is prompted not open USB debugging functions, can not Connection Service device；Whether the USB debugging functions for continuing detection terminal have been switched on.

Preferably, described device further includes instruction input interface and control instruction processing module；The communication link is taken over It manages module and connects the control instruction processing module, the control instruction processing module connects described instruction input interface；

When the USB debugging functions of terminal locking and terminal are not opened, if detecting, the input of described instruction input interface is opened The control instruction of the USB debugging functions of terminal is opened, the USB debugging functions of terminal is opened immediately, specifically includes：

The instruction input interface opened a terminal；

The control instruction processing module detect and judge described instruction input interface input control instruction with set in advance Whether the control instruction for the unlatching USB debugging functions set is identical；If identical, terminal is opened in the control instruction processing module control USB debugging functions；

Wherein, described instruction input interface is used to provide the behaviour for inputting the control instruction for opening USB debugging functions of user one Make interface.

Preferably, openable number dialer or emergency dialing disk when described instruction input interface includes terminal locking.

The third aspect, the present invention provide the system for obtaining RSA key mandate when a kind of terminal locking, including terminal and service Device；

The terminal includes：Memory, RSA authorization functions module and data processing module；

Wherein, the initial data is the unique features information of terminal, and first encryption data is server to obtaining Terminal unique features information be encrypted after the data that obtain.

Preferably, the server includes：Encrypting module, information storage module and characteristic information input interface；

Information storage module is used to store the unique features information of the terminal obtained and first encryption data；Feature Information input interface is used to provide the input interface of the unique features information of filling terminal；Encrypting module is used for the terminal to filling Unique features information carry out data encryption, generate the first encryption data.

The encryption and decryption conversion module connects the memory, for the initial data to be encrypted, obtains second Encryption data；The data match module connects the encryption and decryption conversion module, for by second encryption data with it is described First encryption data is compared, and is exported corresponding RSA authorization controls according to comparison result and instructed；

Preferably, the server further includes USB interface；The terminal further includes communication connection module；

The communication connection module includes communication interface and communication connection management module, for establishing communication link with server It connects, specifically includes：

The communication interface and the USB interface are connected by data line, establishes the physical connection of data communication；

Preferably, the terminal further includes instruction input interface and control instruction processing module；The communication link is taken over It manages module and connects the control instruction processing module, the control instruction processing module connects described instruction input interface；

The instruction input interface opened a terminal；

The control instruction processing module detect and judge described instruction input interface input control instruction with set in advance Whether the control instruction for the unlatching USB debugging functions set is identical；If identical, terminal is opened in the control instruction processing module control USB debugging functions.

Preferably, the unique features information of the filling terminal, specifically includes：

Terminal and server are established after preliminary data communicate, and server sends the acquisition of information with identifying code toward terminal Instruction；

Terminal receives described information acquisition instruction, is verified to identifying code；

After being verified, the unique features information of terminal is obtained from the memory and is sent to server；

Server receives the unique features information of terminal, automatic filling to the characteristic information input interface.

The instruction input interface opened a terminal；

The control instruction for the unique features information for obtaining terminal is inputted in described instruction input interface；

The control instruction processing module detect and judge the control instruction inputted in described instruction input interface in advance Whether the unique features acquisition of information instruction of setting is identical；If identical, described instruction input interface is read from the memory The unique features information of terminal, and in described instruction input interface display terminal unique features information.

By the unique features information filled by hand of the terminal of display to the characteristic information input interface.

Preferably, the terminal includes smart mobile phone, E-book reader, MP3 player, MP4 players and tablet Computer.

Preferably, the unique features information of the terminal includes：The equipment identities identification number and/or product serial of terminal Number and/or mobile device international identity code and/or bind terminal user identity card number.

Preferably, the terminal further includes unlock interface, for providing instruction input interface start button, described in triggering Instruction input interface start button opens described instruction input interface.

Beneficial effects of the present invention：Terminal obtain that server is generated according to the unique features information of terminal from server the One encryption data ensure that data safety, make use since the data encrypting and deciphering of terminal and server is using identical algorithms Other servers or terminal of non-algorithm can not obtain the data information of this terminal, meanwhile, when both using this algorithm, Terminal can be made when locking can not pop up RSA authorized windows, by the data information of reflexless terminal and server, make terminal It can also carry out RSA mandates automatically in the case of without unlocking, it is established that then ADB connections are carried out by ADB connections It exports data or removes terminal locking password, unlocked without carrying out brush machine or other complicated modes, use more convenient, satisfaction The demand of user.

Description of the drawings

Fig. 1 is the method flow diagram of acquisition RSA key mandate of the terminal of first embodiment in screen locking.

Fig. 2 judges the whether matched method stream of the unique features information of the first encryption data and terminal for first embodiment Cheng Tu.

Fig. 3 is the method flow diagram of acquisition RSA key mandate of the terminal of second embodiment in screen locking.

Fig. 4 is the method flow diagram of acquisition RSA key mandate of the terminal of 3rd embodiment in screen locking.

Fig. 5 be 3rd embodiment screen lock state under open terminal USB debugging functions method flow diagram.

Fig. 6 is that the server of fourth embodiment generates the first method flow chart of the first encryption data.

Fig. 7 is that the server of fourth embodiment generates the second method flow chart of the first encryption data.

Fig. 8 be the 5th embodiment screen lock state under obtain RSA key mandate system flow chart.

In figure：10, server；11, processor；12, information storage module；13, encrypting module；14, characteristic information inputs Interface；15, USB interface；20, terminal；21, communication connection module；22, memory；23, data processing module；24, control instruction Processing module；25, RSA authorization functions module；26, instruction input interface；27, unlock interface；211, communication interface；212, it communicates Connection management module；231, encryption and decryption conversion module；232, data match module.

Specific implementation mode

The technical solution further illustrated the present invention below in conjunction with the accompanying drawings and by specific embodiment.It is appreciated that It is that specific embodiment described herein is only used for explaining the present invention rather than limitation of the invention.Further need exist for explanation It is, for ease of description, only some but not all contents related to the present invention are shown in the drawings.

The technical solution further illustrated the present invention below in conjunction with the accompanying drawings and by specific embodiment.

In the embodiment of the present invention, the unique features information of terminal 20 includes device id (Identification, identity mark Know number), SN (Serial Number, product ID), IMEI (International Mobile Equipment Identification Number, mobile device international identity code), binding terminal 20 user identity card number etc. characteristic informations In it is one or more, the unique features information is for indicating and identification terminal 20, that is, terminal 20 and unique features information are one One is corresponding, and unique features information corresponds to unique terminal 20, and there is no obscure and repeat.

In the embodiment of the present invention, terminal 20 is the intelligent terminal 20 for having data processing function, including has RSA key Smart mobile phone, E-book reader, MP3 (the Moving Picture Experts Group Audio of the system of authorization function Layer III, dynamic image expert's compression standard audio level 3) player, MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard audio level 4) player, PC, tablet computer Deng.

In the embodiment of the present invention, the locking of terminal 20 is a kind of to be pacified to the use of terminal 20 using setting password Full limitation, personal information lock the function of the security protections such as secrecy.The form of expression can there are many, as user's operation is forbidden in screen locking Etc. modes, when terminal 20 needs unlock, the unlocking pin for needing input specified, such as fixed unlock gesture or numerical ciphers.

Wherein, RSA is a kind of Encryption Algorithm, is 1977 by Ron Rivest, Adi Shamir and Leonard Tri- people of Adleman propose that RSA is exactly that their three people's surnames start the alphabetical composition that is stitched together together.RSA is first energy Simultaneously for the algorithm of encrypted and digitally signed, it is also easy to understand and operates.

It should be noted that different operation interface can be used in different terminals 20, such as the performance shape at instruction input interface 26 Formula may different from；Means different from used by instruction is keyed in, such as can be that instruction is keyed in by the touch-control of touch screen, Or it instructs by a keyboard entry；To those skilled in the art, principle is same or similar, is belonged to In protection scope of the present invention.

Embodiment one：

When terminal 20 is in unlocked state, when being connected between terminal 20 and server 10 at this time, RSA authorized windows can Normally to show, user can normal operating carry out RSA key mandate, to normally establishing ADB connections, terminal 20 and server 10 Between can carry out normal data interaction.

But when terminal 20 is in the lock state, when terminal 20 and server 10 connect, RSA authorized windows are to be shielded , make server 10 that can not obtain the data of terminal 20, to play the purpose of protection user data or privacy, needs first to unlock Relevant operation can be carried out to RSA authorized windows, to obtain RSA mandates.But if user oneself forgets the unlocking pin of terminal 20 And can not unlock, it can make by using a kind of method of the acquisition RSA key mandate the present embodiment provides terminal 20 in locking Terminal 20 can be realized in screen locking obtains RSA key mandate, to obtain the data of terminal 20 or realize the screen locking of terminal 20 The operations such as the elimination of password.

Referring to FIG. 1, Fig. 1 is the method for acquisition RSA key mandate of the terminal 20 of first embodiment in screen locking Flow chart.This method includes：

Step S110, terminal 20 is established with server 10 and is communicated to connect.

Realize the communication connection of terminal 20 and server 10 mode can there are many, the most common are wired connections and nothing Line connects.Wireless connection includes bluetooth, NFC (Near Field Communication, near-field communication) etc..The present embodiment uses Wired connection mode is connected to server 10 by data line, and data line is distinguished using USB data line by data line The USB interface of terminal 20 and server 10 is connected, realizes communication connection and data communication.

Step S120, input obtains the control instruction of the first encryption data.

Terminal 20 and server 10 are established when communicating to connect, the screen of terminal 20 can automatically into unlock interface 27, if this When terminal 20 be in power down mode and do not enter unlock interface 27, can also be triggered by buttons such as power key, HOME keys make terminal 20 Into unlock interface 27.

If terminal 20 enters unlock interface 27, the instruction input interface start button of unlock interface 27 is set to by touch-control, Recall the instruction input interface 26 of terminal 20.The setting of the touch control manner of instruction input interface start button can there are many, such as point Hit instruction input interface start button can open command input interface 26, the icon unlatching of dragging instruction input interface start button refers to Enable input interface 26 etc..

After instruction input interface 26 is opened, you can input relevant control instruction at instruction input interface 26.Input obtains The control instruction of first encryption data, such as preset control instruction for obtaining the first encryption data is " * # 67766776001# ", after terminal 20 detects that control instruction input is errorless, terminal 20 starts to import the first encryption from server 10 Data.

Step S130, the first encryption data is obtained from server 10.

Terminal 20 and server 10 are not set up before ADB connects, and server 10 can not obtain the data of user from terminal 20, eventually End 20 also can not be from the acquisition data of server 10, the present embodiment, and setting terminal 20 does not set up before ADB is connected with server 10 and builds Specific message channel is found, specific data, such as terminal are transmitted by specific control instruction control terminal 20 and server 10 20 unique features information, first encryption data of server 10 etc..

Specifically, in step S120, if terminal 20 detects that the control instruction input for obtaining the first encryption data is errorless, eventually End 20 sends the request message of the first encryption data to server 10, and after server 10 is verified, terminal 20 starts from service Device 10 imports the first encryption data.

Step S140, judge whether the unique features information of the first encryption data and terminal 20 matches.

After the first encryption data imported into terminal 20, the data processing module 23 of terminal 20 is from local memory 22 The unique features information of reading terminals 20, and the first encryption data and unique features information are matched.

Referring to FIG. 2, Fig. 2 be first embodiment the unique features information for judging the first encryption data and terminal 20 whether Matched method flow diagram.

Step S140 is specifically included：

The first encryption data is decrypted in S141, encryption and decryption conversion module 231, obtains ciphertext data information.

The decryption method of encryption and decryption conversion module 231 and the encryption method of server 10 correspond to, or both the algorithm that uses It is identical.

S142, ciphertext data information is compared with the unique features information of terminal 20, judges whether the two is identical.

First encryption data is that generation is encrypted according to the unique features information of terminal 20 in server 10, and encryption and decryption turns The ciphertext data information that mold changing block 231 obtains after first encryption data is decrypted should be with the unique features information phase of terminal 20 Together.

If S143, identical, show the unique features information matches of the first encryption data and terminal 20；It enters step S150。

S144, otherwise shows that the first encryption data and the unique features information of terminal 20 mismatch；Enter step S160.

The algorithm or mode phase that the encryption or decryption of the encrypting module 13 of encryption and decryption conversion module 231 and server 10 use Together.That is, being directed to an initial data, it is transmitted in terminal 20 after the encrypting module 13 of server 10 is encrypted, terminal 20 adds solution Close conversion module 231 can obtain this initial data after decryption.If the initial data obtained is wrong or different, show terminal 20 It is mismatched with server 10.Data communication is carried out by the way of this data encrypting and deciphering can prevent the risk of leaking data.

If step S150, matching, RSA key mandate is carried out to terminal 20.

The algorithm or mode of data encryption have very much, and generally can all there be oneself unique data ciphering method in manufacturer.If the The unique features information matches of one encryption data and terminal 20 show that server 10 sets for the after-sale service corresponding to terminal 20 It is standby, it sends and agrees to that the RSA authorization controls for carrying out RSA key mandate to terminal 20 instruct, RSA key mandate is carried out to terminal 20.

If step S160, mismatching, RSA key mandate is not carried out to terminal 20.

If the unique features information of the first encryption data and terminal 20 mismatches, illustrate that server 10 is not correspond to terminal The 20 wrong equal abnormal causes of after market equipment or unique features acquisition of information, terminal 20 assert that present case is abnormal feelings Condition does not carry out RSA key mandate to terminal 20.

In the present embodiment, same type of terminal 20 corresponds to identical server 10, and server 10 is corresponding to terminal 20 After market equipment, the case where after market equipment is generally official, and there is no deliberately leakage privacy of user, then use The method of the present embodiment can just come into force only between corresponding terminal 20 and server 10, customer information will not be caused to leak, It, can without passing through the operations such as brush machine or other complicated manual progress clearing passwords in the case where user oneself forgets Password The workload for greatly alleviating after-sales staff, is greatly saved the time.

For above-mentioned steps, it is to be understood that wherein, step S120 is the step of can saving, i.e. terminal 20 and service After device 10 establishes communication connection, the automatic control signal for sending and obtaining the first encryption data can be set, obtained without receiving input Instruction fetch obtains the first encryption data from server.

Embodiment two：

Referring to FIG. 3, Fig. 3 is the method for acquisition RSA key mandate of the terminal 20 of second embodiment in screen locking Flow chart.This method includes：

Realize the communication connection of terminal 20 and server 10 mode can there are many, the most common are wired connections and nothing Line connects.Wireless connection includes bluetooth, NFC (Near Field Communication, near-field communication) etc..The present embodiment uses Be wired connection mode, use and server 10 be connected to by data line, data line leads to using USB data line The usb 15 that data line is separately connected terminal 20 and server 10 is crossed, realizes communication connection and data communication.

Step S120, input obtains the control instruction of the first encryption data.

Step S130, the first encryption data is obtained from server 10.

Step S140 is specifically included：

The unique features information of terminal 20 is encrypted for S145, encryption and decryption conversion module 231, generates the second encryption number According to.

The encryption method of encryption and decryption conversion module 231 is identical with the encryption method of server 10, or both use algorithm It is identical.

S146, the second encryption data is compared with the first encryption data, judges whether the two is identical.

First encryption data and the second encryption data are all the cipher modes for sampling identical algorithms, if the two use does not add Initial data before close is identical, and the first encryption data and the second encryption data are also answered identical.If the unencryption that the two uses Preceding initial data is different, and the first encryption data and the second encryption data should also differ.

If S147, identical, the unique features information matches of the first encryption data and terminal 20；Enter step S150.

The unique features information of S148, otherwise, encryption data and terminal 20 mismatch；Enter step S160.

Wherein, server 10 and terminal 20 using encryption data by the way of it is identical.

If step S150, matching, RSA key mandate is carried out to terminal 20.

If the unique features information matches of the first encryption data and terminal 20, illustrate that server 10 is corresponding to terminal 20 After market equipment, terminal 20 send the RSA authorization controls instruction for agreeing to authorize, RSA key mandate are carried out to terminal 20.

If step S160, mismatching, RSA key mandate is not carried out to terminal 20.

Embodiment three：

In the first embodiment and the second embodiment, if terminal 20 does not open USB function debugging functions, 20 kimonos of terminal Business device 10 can not establish the communication connection of USB, cannot establish specific message channel, can not transmit the unique features such as terminal 20 The data such as information, the first encryption data of server 10.Therefore, it is in the lock state in terminal 20, and USB function debugging functions When not opening, it is desirable to be able to the method for opening USB function debugging functions in lock-out state.

Referring to FIG. 4, the method stream of acquisition RSA key mandate of the terminal 20 of Fig. 4 3rd embodiments in screen locking Cheng Tu.

Terminal 20 is connected to server 10 by data line, and data line is distinguished using USB data line by data line The usb 15 of terminal 20 and server 10 is connected, realizes communication connection and data communication.

Step S110 is specifically included：

Step S111, terminal 20 is connected to the usb 15 of server 10 by data line.

Whether the USB debugging functions of step S112, data line successful connection, detection terminal 20 open, if opening, into step Rapid S113；Otherwise, terminal 20 and server 10 establish data communication failure, enter step S114.

Step S113, terminal 20 and server 10 tentatively establish data communication, enter step S120.

If after the USB debugging functions unlatching of terminal 20, terminal 20 and server 10 tentatively establish data communication, it can be according to pre- It first sets some specific instructions and mutually transmits specific message and data, such as request message of the first encryption data, terminal 20 Unique features information, the first encryption data etc..

Step S114, USB connection abnormal prompt information, return to step S112 are sent out.

If the USB debugging functions of terminal 20 are not opened, terminal 20 and server 10 can not establish data communication, 20 He of terminal Server 10 cannot carry out information exchange, and terminal 20 can send out USB connection abnormal prompt information, USB connection abnormal prompts letter Breath can be shown in unlock interface 27 or screen to prompt user's USB debugging functions not open, while return to step S112, continued Whether the USB debugging functions of detection terminal 20 open.

Step S120, input obtains the control instruction of the first encryption data.It specifically includes：

Step S121, open a terminal 20 instruction input interface 26.

When terminal 20 establishes communication connection with server 10, the screen of terminal 20 can be automatically into unlock interface 27.If this When terminal 20 be in power down mode and do not enter unlock interface 27, can also be triggered by buttons such as power key, HOME keys make terminal 20 Into unlock interface 27.

If terminal 20 enters unlock interface 27, the instruction input interface start button of unlock interface 27 is set to by touch-control, Recall the instruction input interface 26 of terminal 20.The setting of the touch control manner of instruction input interface start button can there are many, such as point Hit instruction input interface start button can the icon unlatching of open command input interface 26, dragging instruction input interface start button refer to Enable input interface 26 etc..

Step S122, input obtains the control instruction of the first encryption data.

After instruction input interface 26 is opened, you can input relevant control instruction at instruction input interface 26.If existing at this time The input of instruction input interface 26 obtains the control instruction of the first encryption data, the control instruction processing module confirmation input of terminal 20 After errorless, terminal 20 can send out the request message of the first encryption data toward server 10, obtain the first encryption data.

Instruction input interface 26 can be different according to the different hardware environment forms of expression, such as using the end with peripheral hardware keyboard End 20 after entry instruction input interface 26, allows user to key in dependent instruction using keyboard；According to without peripheral hardware keyboard The terminal 20 of touch screen, instruction input interface 26, which is attached to touch control keyboard, to be allowed to input dependent instruction by touch-control on the touchscreen.

Wherein, the subsidiary touch control keyboard in instruction input interface 26 is number dialer or emergency dialing disk.

Step S123, the first encryption data is imported from server 10.

Server 10 receives the request message of the first encryption data, after being verified, is obtained from information storage module 12 First encryption data, and the data are imported into terminal 10.

Step S130, the first encryption data is obtained from server 10.

Terminal 20 and server 10 are not set up before ADB connects, and server 10 can not obtain user data, this reality from terminal 20 Apply in example, can setting terminal 20 do not set up with server 10 and establish specific message channel before ADB is connected, make terminal 20 and service Device 10 connects but does not set up that ADB connections are preceding to transmit specific data, as the unique features information of terminal 20, server 10 the One encryption data etc..

Terminal 20 imports the first encryption data from server 10, which is stored in by the first encryption data after importing successfully Local memory 22.

After the first encryption data imported into terminal 20, the data processing module 23 of terminal 20 is from local memory 22 The unique features information of reading terminals 20, judges whether the unique features information of the first encryption data and terminal 20 matches.

If step S150, matching, RSA key mandate is carried out to terminal 20.

If the unique features information matches of the first encryption data and terminal 20, illustrate that server 10 is corresponding to terminal 20 After market equipment, terminal 20 send the instruction of RSA authorization controls, and RSA key mandate is carried out to terminal 20.

If step S160, mismatching, RSA key mandate is not carried out to terminal 20.

If the unique features information of the first encryption data and terminal 20 mismatches, illustrate that server 10 is not correspond to terminal 20 after market equipment or unique features acquisition of information are wrong etc., and terminal 20 assert that present case is abnormal conditions, not to end End 20 carries out RSA key mandate, plays the purpose of protection user data.

In step S114, due to not opening the USB debugging functions of terminal 20,10 connection failure of terminal 20 and server, this When to open terminal 20 USB debugging functions, following method realization can be carried out.

Step S114 can also be replaced with：Automatically turn on the USB debugging functions of terminal.Without artificially going to open again.

Referring to FIG. 5, method streams of the Fig. 5 for the USB debugging functions of unlatching terminal 20 under the screen lock state of 3rd embodiment Cheng Tu.

Step S210, open a terminal 20 instruction input interface 26.

Operating procedure similar step S121, if terminal 20 locks, the USB debugging functions of terminal 20 are not opened, are being unlocked Open a terminal under interface 27 20 instruction input interface 26.

Step S220, the control instruction of unlatching USB debugging functions is inputted at instruction input interface 26.

The control instruction for opening USB debugging functions is inputted at instruction input interface 26, which can be by setting in advance It is fixed, such as：The control instruction is set as " * #66776676 ".

Step S230, USB debugging functions are opened.

Terminal 20 detects whether instruction that instruction input interface 26 inputs with pre-set opens USB debugging functions Control instruction is consistent, such as consistent, opens USB debugging functions immediately.

Example IV：

Referring to FIG. 6, Fig. 6, which is the server 10 of fourth embodiment, generates the first method flow of the first encryption data Figure.This method includes：

Step S300, server 10 is established with terminal 20 and is communicated to connect.

Step S301, server 10 sends the characteristic information acquisition instruction with identifying code toward terminal 20.

Server 10 sends the characteristic information acquisition instruction with identifying code toward terminal 20, and terminal 20 receives this feature letter Acquisition instruction is ceased, the identifying code subsidiary to the instruction is verified；It is verified rear toward the unique of the transmission terminal 20 of server 10 Characteristic information；Verify the obstructed unique features information for not sending terminal 20 toward server 10 then later.

Step S302, server 10 receives the unique features information of terminal 20, automatic to fill characteristic information input interface 14。

Step S303, the encryption function for starting encrypting module 13, to being filled in the terminal 20 of characteristic information input interface 14 Unique features information carry out data encryption, generate the first encryption data.

Referring to FIG. 7, Fig. 7, which is the server 10 of fourth embodiment, generates the second method flow of the first encryption data Figure.This method includes：

Step S310, open a terminal 20 instruction input interface 26.

Step S311, it is instructed in 26 input feature vector acquisition of information of instruction input interface.

Characteristic information acquisition instruction can such as set instruction input interface 26 and input " * # by presetting 677666776001# ", terminal 20 detect that instruction input interface 26 has input information as above, and control instruction processing module 24 is examined After survey input is errorless, the unique features information of the reading terminals 20 from local memory 22 of instruction input interface 26.

Step S312, it after the detection of terminal 20 instruction input is errorless, is shown on instruction input interface 26 or unlock interface 27 The unique features information of terminal 20.

Step S310, S311 and S312 is the method and step for the unique features information for obtaining terminal 20, in addition, obtaining terminal The mode of 20 unique features information also there are many, such as the packing box that passes through product.

Step S313, on the characteristic information input interface 14 of server 10, shown unique features letter is manually typed in Breath.

Step S314, the encrypted function of 13 log-on data of encrypting module carries out data to the unique features information of key entry and adds It is close, generate the first encryption data.

In the present embodiment, server 10 can be by manually in the side of the input unique features information of characteristic information input interface 14 Formula also can fill characteristic information input interface 14 automatically from the acquisition of terminal 20 unique features information by data line and automatically generate First encryption data makes entire RSA key licensing process that can be automatically performed, meets the diversified demand of user.

In the present embodiment, encrypting module 13 is an after-sale service tool software being installed on server 10, the software With human-computer interaction interface, i.e., the characteristic information input interface 14 in the present embodiment, in the interface, the input side of characteristic information There are two types of formulas, and one kind is automatic filling characteristic information, and one kind is being manually entered characteristic information, when the input for completing characteristic information Afterwards, the encryption data for clicking or triggering the software generates button, that is, starts that the characteristic information content of input is encrypted, and generates First encryption data.

Embodiment five：

Referring to FIG. 8, system flow charts of the Fig. 8 for acquisition RSA key mandate under the screen lock state of the 5th embodiment.This is System includes：Terminal 20 with RSA authorization functions and the server 10 that data encryption can be carried out.

Terminal 20 includes：Communication connection module 21, memory 22, data processing module 23, control instruction processing module 24, RSA authorization functions module 25, instruction input interface 26 and unlock interface 27.Wherein, data processing module 23 includes encryption and decryption Conversion module 231 and data match module 232.

Specifically, communication connection module 21 includes communication interface 211 and communication connection management module 212, for managing The communication connection of terminal 20 and server 10.Wherein, communication interface 211 is the interface of USB Type, is communicated with the foundation of server 10 When connection, communication interface 211 is used for transmission data by the usb 15 of data line Connection Service device 10, and memory 22 connects Communication connection module 21, unique features information for storing terminal and the first encryption data obtained from server 10.Add Decrypt conversion module 231 use algorithm with server 10 encrypting module 13 use algorithm it is identical, for data into Row enciphering/deciphering.Data processing module 23 is used to carry out relevant treatment to the data of terminal, such as judges the first encryption data and terminal Unique features information whether match, enciphering/deciphering etc. carried out to data.Control instruction processing module 24 is used for the letter according to input Breath generates corresponding instruction and processing relevant instruction information, and the information of input includes believing for the key entry at instruction input interface 26 It ceases, in the present embodiment, human-computer interaction interface includes unlock interface 27 and instruction input interface 26.RSA authorization functions module 25 Data match module 232 is connected, the RSA authorization controls instruction for being sent out according to data match module 232 determined whether to end End 20 carries out RSA key mandate.

Specifically, openable number dialer or emergency dialing disk when instruction input interface 26 is including the locking of terminal 20, The number dialer or emergency dialing disk provide load button, start encryption and decryption conversion module 231 for providing user and inputting Control instruction.Unlock interface 27 includes instruction input interface start button, is referred to by triggering the instruction input interface start button unlatching Enable input interface 26.

Specifically, encryption and decryption conversion module 231 obtains ciphertext data information for decrypting the first encryption data.Data With module 232 for judging whether the first encryption data matches with the unique features information of terminal 20.Wherein, judge the first encryption The whether matched method of unique features information of data and terminal 20 specifically includes：

Both ciphertext data information is compared by data match module 232 with the unique features information of terminal 20, judge It is whether identical；If identical, show the unique features information matches of first encryption data and terminal 20；Otherwise, show institute The unique features information for stating the first encryption data and terminal 20 mismatches.

Specifically, encryption and decryption conversion module 231 connects the memory 22 of terminal 20, can be read from the memory 22 of terminal 20 Take the unique features information of terminal 20；Encryption and decryption conversion module 231 can also be used to carry out data encryption to unique features information, raw At the second encryption data.Data match module 232 judge first encryption data and terminal unique features information whether Match, further includes：

Second encryption data is compared by data match module 232 with the first encryption data, judges whether the two is identical； If identical, show the unique features information matches of first encryption data and terminal 20；Otherwise, show first encryption The unique features information of data and terminal 20 mismatches.

Specifically, communication connection module 21 includes communication interface 211 and communication connection management module 212.Communication interface 211 By the usb 15 of data line Connection Service device 10, communicated to connect for being established with server 10.Communicate to connect management module 212 are used for the communication connection of management terminal 20 and server 10；It specifically includes：

Whether the USB debugging functions of communication connection 212 detection terminal 20 of management module have been switched on；If so, terminal 20 with Server 10 establishes communication connection；Otherwise, terminal 20 sends out communication connection abnormal prompt information, and user terminal 20 is prompted not open USB debugging functions, can not Connection Service device 10；Whether the USB debugging functions for continuing detection terminal 20 have been switched on.

Wherein, it is close to the progress of terminal 20 RSA to obtain the agreement that data match module 232 is sent out for RSA authorization functions module 25 After the RSA authorization controls instruction of key mandate, RSA key mandate is just carried out.

Specifically, control instruction processing module 24 is used for when the control instruction for receiving the USB debugging functions for opening terminal 20 When, open the USB debugging functions of terminal 20.

Specifically, server 10 includes：Processor 11, information storage module 12, encrypting module 13, characteristic information input boundary Face 14 and usb 15.

Wherein, the first of unique features information and server 10 generation of the information storage module 12 for storing terminal 20 Encryption data；Characteristic information input interface 14 is used to provide the input interface of the unique features information of input terminal 20；Encrypt mould Block 13 is used to carry out data encryption to the information inputted in characteristic information input interface 14, generates the first encryption data.

Characteristic information input interface 14 provides the mode of two kinds of input informations.

First way is specially：

Server 10 sends the acquisition of information with identifying code toward terminal 20 and instructs；Terminal 20 receives the acquisition of information and refers to It enables, identifying code is verified；After being verified, terminal 20 sends the unique features information of terminal 20 toward server 10；Service Device 10 receives the unique features information of terminal 20, the characteristic information input interface 14 of automatic filling to encrypting module 13.

The second way is specially：

The unique features information of terminal 20 is obtained from the instruction input interface 26 of terminal 20；The unique features of terminal 20 are believed Breath is filled to characteristic information input interface 14.

The unique features information that terminal 20 is obtained from the instruction input interface 26 of terminal 20, specifically includes：Open a terminal 20 Instruction input interface 26；The instruction of unique features acquisition of information is inputted at instruction input interface 26；Terminal 20 receives unique spy After reference ceases acquisition instruction, the unique features information of 26 display terminal at instruction input interface.

The human-computer interaction interface of the present embodiment can be provided by the intelligent terminal with touch screen, which includes electricity Resistive touch screen and capacitive touch screen.

One of ordinary skill in the art will appreciate that realizing that all or part of step of above-described embodiment can pass through hardware It completes, relevant hardware can also be instructed to complete by program, which can be stored in a readable storage medium storing program for executing, deposit Storage media may include memory, disk or CD etc..

The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all the present invention spirit and Within principle, any modification, equivalent replacement, improvement and so on should all be included in the protection scope of the present invention.

Claims

1. a kind of method for obtaining RSA key mandate when terminal locking, which is characterized in that including：

Obtain the first encryption data for importing terminal；

Obtain initial data before encrypting；

First encryption data is matched with initial data；

If successful match, RSA key mandate is carried out to terminal；

If it fails to match, RSA key mandate is not carried out to terminal；

Wherein, the initial data is the unique features information of terminal, and first encryption data is end of the server to acquisition The data that the unique features information at end generates after being encrypted, the terminal are in the lock state；

First encryption data is matched with the initial data, is specifically included：

If identical, successful match；

Otherwise, then it fails to match；

Wherein, generate the second encryption data and generation the first encryption data using data encryption by the way of or algorithm it is identical.

2. according to the method described in claim 1, it is characterized in that, the step：By first encryption data and the original Beginning data are matched, and are specifically included：

First encryption data is decrypted, ciphertext data information is obtained；

If identical, successful match；

Otherwise, then it fails to match.

3. method according to claim 1 or 2, which is characterized in that it is described obtain import terminal the first encryption data it Before, further include：It establishes and communicates to connect with server；

Otherwise, communication connection abnormal prompt information is sent out, user terminal is prompted not open USB debugging functions, it can not Connection Service Device；Whether the USB debugging functions for continuing detection terminal have been switched on.

4. according to the method described in claim 3, it is characterized in that, further including：When terminal locking and the USB debugging functions of terminal When not opening, if detecting, the control instruction of the USB debugging functions of terminal is opened in the instruction input interface input of terminal, is opened immediately The USB debugging functions for opening terminal, specifically include：

The instruction input interface opened a terminal；

Whether detection described instruction input interface has the control instruction that USB debugging functions are opened in input；If so, opening terminal USB debugging functions.

5. according to the method described in claim 1, it is characterized in that, terminal includes smart mobile phone, E-book reader, MP3 broadcasts Put device, MP4 players and tablet computer.

6. according to the method described in claim 1, it is characterized in that, the unique features information includes：The equipment identities of terminal Identification number and/or product ID and/or mobile device international identity code and/or the user identity card number for binding terminal.

7. obtaining the device of RSA key mandate when a kind of terminal locking, which is characterized in that including：Memory, RSA authorization functions Module and data processing module；

The memory is used to store the first encryption data for importing terminal and initial data before encrypting；The data processing Module is separately connected the memory and the RSA authorization functions module, for by first encryption data with it is described original Data are matched, and are exported corresponding RSA authorization controls according to matching result and instructed；The RSA authorization functions module is used for Decide whether to carry out RSA key mandate to terminal according to the RSA authorization controls instruction received；

The data processing module includes：Encryption and decryption conversion module and data match module；

The encryption and decryption conversion module connects the memory, for the initial data to be encrypted, generates the second encryption Data；The data match module connects the encryption and decryption conversion module, is used for second encryption data and described first Encryption data is compared, and is exported corresponding RSA authorization controls according to comparison result and instructed；

It is described to be compared the ciphertext data information with the initial data, and corresponding RSA is exported according to comparison result Authorization control instructs, and specifically includes：

Second encryption data is compared by the data match module with first encryption data, whether judges the two It is identical；

Wherein, generate second encryption data and generate first encryption data using data encryption by the way of or algorithm It is identical.

8. device according to claim 7, which is characterized in that the data processing module includes：Encryption and decryption conversion module And data match module；

The encryption and decryption conversion module connects the memory, for decrypting first encryption data, obtains ciphertext data letter Breath；The data match module connects the encryption and decryption conversion module, is used for the ciphertext data information and the original number According to being compared, and corresponding RSA authorization controls are exported according to comparison result and are instructed；

9. device according to claim 7 or 8, which is characterized in that described to be according to RSA authorization controls instruction decision It is no that RSA key mandate is carried out to terminal；It specifically includes：

If the RSA authorization functions module, which receives, agrees to that the RSA authorization controls for carrying out RSA key mandate to terminal instruct, right Terminal carries out RSA key mandate；

If the RSA authorization functions module receives the RSA authorization controls instruction that refusal carries out terminal RSA key mandate, no RSA key mandate is carried out to terminal.

10. device according to claim 9, which is characterized in that further include：Communication connection module, for being built with server Vertical communication connection；

The communication connection module includes communication interface and communication connection management module；Described established with server communicates to connect, It specifically includes：

Otherwise, the communication connection management module sends out communication connection abnormal prompt information, and user terminal is prompted not open USB tune Function is tried, it can not Connection Service device；Whether the USB debugging functions for continuing detection terminal have been switched on.

11. device according to claim 10, which is characterized in that further include instruction input interface and control instruction processing Module；The communication connection management module connects the control instruction processing module, and the control instruction processing module connects institute State instruction input interface；

When the USB debugging functions of terminal locking and terminal are not opened, if detecting, the input of described instruction input interface is opened eventually The control instruction of the USB debugging functions at end is opened the USB debugging functions of terminal, is specifically included immediately：

The instruction input interface opened a terminal；

The control instruction processing module detect and judge described instruction input interface input control instruction with it is pre-set Whether the control instruction for opening USB debugging functions is identical；If identical, terminal is opened in the control instruction processing module control USB debugging functions；

Wherein, described instruction input interface is used to provide operation circle for inputting the control instruction for opening USB debugging functions of user one Face.

12. device according to claim 7, which is characterized in that terminal includes that smart mobile phone, E-book reader, MP3 are broadcast Put device, MP4 players and tablet computer.

13. device according to claim 7, which is characterized in that the unique features information includes：The equipment identities of terminal Identification number and/or product ID and/or mobile device international identity code and/or the user identity card number for binding terminal.

14. according to the devices described in claim 11, which is characterized in that can be opened when described instruction input interface includes terminal locking The number dialer or emergency dialing disk opened.

15. the system for obtaining RSA key mandate when a kind of terminal locking, which is characterized in that including terminal and server；

Wherein, the initial data is the unique features information of terminal, and first encryption data is end of the server to acquisition The data that the unique features information at end obtains after being encrypted, the terminal are in the lock state；

The encryption and decryption conversion module connects the memory, for the initial data to be encrypted, obtains the second encryption Data；The data match module connects the encryption and decryption conversion module, is used for second encryption data and described first Encryption data is compared, and is exported corresponding RSA authorization controls according to comparison result and instructed；

16. system according to claim 15, which is characterized in that the server includes：Encrypting module, information storage mould Block and characteristic information input interface；

Information storage module is used to store the unique features information of the terminal obtained and first encryption data；Characteristic information Input interface is used to provide the input interface of the unique features information of filling terminal；Encrypting module is used for the terminal of filling only One characteristic information carries out data encryption, generates the first encryption data.

17. system according to claim 16, which is characterized in that the data processing module includes：Encryption and decryption modulus of conversion Block and data match module；

18. system according to claim 17, which is characterized in that described to be according to RSA authorization controls instruction decision It is no that RSA key mandate is carried out to terminal；It specifically includes：

19. system according to claim 18, which is characterized in that the server further includes USB interface；The terminal is also Including communication connection module；

The communication connection module includes communication interface and communication connection management module, is communicated to connect for being established with server, It specifically includes：

20. system according to claim 19, which is characterized in that the terminal further includes instruction input interface and control Command process module；The communication connection management module connects the control instruction processing module, and the control instruction handles mould Block connects described instruction input interface；

The instruction input interface opened a terminal；

The control instruction processing module detect and judge described instruction input interface input control instruction with it is pre-set Whether the control instruction for opening USB debugging functions is identical；If identical, terminal is opened in the control instruction processing module control USB debugging functions.

21. system according to claim 20, which is characterized in that the unique features information of the filling terminal is specific to wrap It includes：

Terminal and server are established after preliminary data communicate, and server sends the acquisition of information with identifying code toward terminal and refers to It enables；

22. system according to claim 20, which is characterized in that the unique features information of the filling terminal is specific to wrap It includes：

The instruction input interface opened a terminal；

The control instruction processing module detects and judges the control instruction inputted in described instruction input interface and pre-set Unique features acquisition of information instruction it is whether identical；If identical, described instruction input interface reading terminals from the memory Unique features information, and in described instruction input interface display terminal unique features information；

23. system according to claim 15, which is characterized in that the terminal include smart mobile phone, E-book reader, MP3 player, MP4 players and tablet computer.

24. system according to claim 15, which is characterized in that the unique features information of the terminal includes：Terminal Equipment identities identification number and/or product ID and/or mobile device international identity code and/or the user identity for binding terminal Card number.

25. the system according to claim 21 or 22, which is characterized in that the terminal further includes unlock interface, for carrying For instruction input interface start button, described instruction input interface is opened by triggering described instruction input interface start button.

26. system according to claim 25, which is characterized in that can be opened when described instruction input interface includes terminal locking The number dialer or emergency dialing disk opened.