CN104239804A - Data protecting method and device - Google Patents
Data protecting method and device Download PDFInfo
- Publication number
- CN104239804A CN104239804A CN201310226143.XA CN201310226143A CN104239804A CN 104239804 A CN104239804 A CN 104239804A CN 201310226143 A CN201310226143 A CN 201310226143A CN 104239804 A CN104239804 A CN 104239804A
- Authority
- CN
- China
- Prior art keywords
- data
- application program
- privacy rule
- information
- authorization information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a data protecting method. The method comprises: a judging step: judging whether data meets a privacy principle pre-created when a request of reading the data by an application program is received; a display step: if the data meets the privacy principle, displaying an interface demanding to input verification information; a verifying step: receiving the input verification information, and judging whether the verification information is correct; and a control step: if the verification information is correct, permitting the application program to read the data. The invention further provides a data protecting device. A user can read privacy data and non-privacy data by the same application program by using the data protecting method provided by the invention, therefore the operating path of the user can be reduced, and the reading efficiency of the data can be improved.
Description
Technical field
The specific embodiment of the invention relates to information security field, particularly a kind of data guard method and device.
Background technology
Along with the fast development of mobile terminal technology, mobile terminal obtains universal, thus is widely used in each age level and various user group, and in the mobile terminal caused thus, the safety problem of data is also more and more paid attention to by user.User, when using mobile terminal, can produce some private datas, note, message registration etc. that such as particular contact is sent, and these private datas need to be subject to protection to guarantee information security.
At present private data and non-private data are normally separated by the mode that private data in mobile terminal is protected, by the storage area needing the private data of protection to be stored in separately mobile terminal.When user wants to check private data, need to enter a special secret protection program and just can see these private datas.Such as; when checking note in the short message application program of user at mobile terminal; want to check a note being set as private data; then directly cannot see in this short message application program; but need to exit this short message application program, enter this secret protection program after the password authentification by this secret protection program and just can see that this has been set as the note of private data.Therefore, this mode needs user to switch back and forth between common applications and secret protection program to check, add the courses of action of user, reduce and check efficiency to data in terminal.
Summary of the invention
In view of this, be necessary to provide a kind of data guard method and device, make user just can read private data and non-private data by same application program, reduce the courses of action of user, improve the reading efficiency of data.
A kind of data guard method, comprises the following steps: determining step: when receiving application program and reading the request of data, judge whether these data meet the privacy rule be pre-created; Show step: if this privacy rule of this data fit, then show the interface requiring input validation information; Verification step: the authorization information receiving input, judges that whether this authorization information is correct; Rate-determining steps: if this authorization information is correct, then allow this application program to read this data.
A kind of data protecting device, comprising: judge module, for when receiving application program and reading the request of data, judges whether these data meet the privacy rule be pre-created; Display module, if for this privacy rule of this data fit, then shows the interface requiring input validation information; Authentication module, for receiving the authorization information of input, judges that whether this authorization information is correct; Control module, if correct for this authorization information, then allows this application program to read this data.
Compared to prior art, the present invention requires user rs authentication when application program needs to read private data, and this application program when reading non-private data without the need to user rs authentication, make user just can read private data and non-private data by same application program, reduce the courses of action of user, improve the reading efficiency of data.
For above and other object of the present invention, feature and advantage can be become apparent, preferred embodiment cited below particularly, and coordinate institute's accompanying drawings, be described in detail below.
Accompanying drawing explanation
Fig. 1 is a kind of structured flowchart of mobile terminal.
The process flow diagram of the data guard method that Fig. 2 provides for first embodiment of the invention.
Fig. 3 A and Fig. 3 B is the interface schematic diagram of record slip gesture.
Fig. 4 and Fig. 5 is the user interface map of message registration.
The process flow diagram of the data guard method that Fig. 6 provides for second embodiment of the invention.
The process flow diagram of the data guard method that Fig. 7, Fig. 8 and Fig. 9 provide for third embodiment of the invention.
The block diagram of the data protecting device that Figure 10 provides for fourth embodiment of the invention.
The block diagram of the data protecting device that Figure 11 provides for fifth embodiment of the invention.
The block diagram of the data protecting device that Figure 12 provides for sixth embodiment of the invention.
Embodiment
For further setting forth the present invention for the technological means that realizes predetermined goal of the invention and take and effect, below in conjunction with accompanying drawing and preferred embodiment, to according to the specific embodiment of the present invention, structure, feature and effect thereof, be described in detail as follows.
Fig. 1 shows a kind of structured flowchart of mobile terminal.As shown in Figure 1, mobile terminal 1 comprises one or more (only illustrating one in figure) storer 11, processor 12, memory controller 13, Peripheral Interface 14, radio-frequency module 15, input block 16 and display unit 17.These assemblies are by the mutual communication of one or more communication bus/signal wire.
Be appreciated that the structure shown in Fig. 1 is only signal, mobile terminal 1 also can comprise than assembly more or less shown in Fig. 1, or has the configuration different from shown in Fig. 1.Each assembly shown in Fig. 1 can adopt hardware, software or its combination to realize.
Storer 11 can be used for storing software program and module; as the data guard method in the embodiment of the present invention and programmed instruction/module corresponding to device; processor 12 is by running the software program and module that are stored in storer 11; thus perform the application of various function and data processing, namely realize above-mentioned data guard method.
Storer 11 can comprise high speed random access memory, also can comprise nonvolatile memory, as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, storer 11 can comprise the storer relative to the long-range setting of processor 12 further, and these remote memories can be connected to mobile terminal 1 by network.The example of above-mentioned network includes but not limited to internet, intranet, LAN (Local Area Network), mobile radio communication and combination thereof.Processor 12 and other possible assemblies can carry out the access of storer 11 under the control of memory controller 13.
Various input/output device is coupled to processor 12 and storer 11 by Peripheral Interface 14.Various softwares in processor 12 run memory 11, instruction and perform mobile terminal 1 various function and carry out data processing.
Radio-frequency module 15, for receiving and sending electromagnetic wave, realizes the mutual conversion of electromagnetic wave and electric signal, thus carries out communication with communication network or other equipment.Radio-frequency module 15 can comprise the various existing circuit component for performing these functions, such as, and antenna, radio-frequency (RF) transceiver, digital signal processor, encrypt/decrypt chip, subscriber identity module (SIM) card, storer etc.Radio-frequency module 15 can with various network as internet, intranet, wireless network carry out communication or carry out communication by wireless network and other equipment.Above-mentioned wireless network can comprise cellular telephone networks, WLAN (wireless local area network) or Metropolitan Area Network (MAN).Above-mentioned wireless network can use various communication standard, agreement and technology, include, but are not limited to global system for mobile communications (Global System for Mobile Communication, GSM), enhancement mode mobile communication technology (Enhanced Data GSM Environment, EDGE), Wideband CDMA Technology (wideband code division multiple access, W-CDMA), CDMA (Code Division Multiple Access) (Code division access, CDMA), tdma (time division multiple access, TDMA), bluetooth, adopting wireless fidelity technology (Wireless, Fidelity, WiFi) (as IEEE-USA standard IEEE 802.11a, IEEE 802.11b, IEEE 802.11g and/or IEEE 802.11n), the networking telephone (Voice over internet protocal, VoIP), worldwide interoperability for microwave access (Worldwide Interoperability for Microwave Access, Wi-Max), other are for mail, the agreement of instant messaging and short message, and any other suitable communications protocol, even can comprise those current agreements be developed not yet.
Input block 16 can be used for the character information receiving input, and produces and to arrange with user and function controls relevant keyboard, mouse, control lever, optics or trace ball signal and inputs.Particularly, input block 16 can comprise button 161 and touch-control surface 162.Button 161 such as can comprise the character keys for input character, and for the control button of trigging control function.The example controlling button comprises " returning main screen " button, start/shutdown button, key etc. of taking pictures.Touch-control surface 162 can collect user or neighbouring touch operation (such as user uses any applicable object or the operations of annex in touch-control surface 162 or near touch-control surface 162 such as finger, stylus) thereon, and according to the corresponding coupling arrangement of the driven by program preset.Optionally, touch-control surface 162 can comprise touch detecting apparatus and touch controller two parts.Wherein, touch detecting apparatus detects the touch orientation of user, and detects the signal that touch operation brings, and sends signal to touch controller; Touch controller receives touch information from touch detecting apparatus, and converts it to contact coordinate, then gives processor 12, and the order that energy receiving processor 12 is sent also is performed.In addition, the polytypes such as resistance-type, condenser type, infrared ray and surface acoustic wave can be adopted to realize touch-control surface 162.Except touch-control surface 162, input block 16 can also comprise other input equipments.Other above-mentioned input equipments include but not limited in physical keyboard, trace ball, mouse, control lever etc. one or more.
Display unit 17 is for showing the various graphic interfaces of the information inputted by user, the information being supplied to user and mobile terminal 1.These graphical user interface can be made up of figure, text, icon, video and its combination in any.In an example, display unit 17 comprises this display panel 171 of a display panel 171. and such as can be a display panels (Liquid Crystal Display, LCD), Organic Light Emitting Diode (Organic Light-Emitting Diode Display, OLED) display panel, electrophoretic display panel (Electro-Phoretic Display, EPD) etc.Further, touch-control surface 162 can be arranged on display panel 171 thus to form an entirety with display panel 171.
First embodiment
First embodiment of the invention provides a kind of data guard method, and it can be performed by above-mentioned mobile terminal 1, for the protection of the data in mobile terminal 1.The instantiation of this mobile terminal 1 includes, but are not limited to handheld computer, mobile phone, personal digital assistant or other similar arithmetic units.
Below in conjunction with specific embodiment, above-mentioned data guard method is described in detail as follows:
The process flow diagram of the data guard method that Fig. 2 provides for the first embodiment, this data guard method comprises the following steps:
Step S1, when receiving application program and reading the request of data, judges whether these data meet the privacy rule be pre-created;
Step S2, if this privacy rule of this data fit, then shows the interface requiring input validation information;
Step S3, receives the authorization information of input, judges that whether this authorization information is correct;
Step S4, if this authorization information is correct, then allows this application program to read this data.
According to above-mentioned data guard method; user rs authentication is required when application program needs to read private data; and this application program when reading non-private data without the need to user rs authentication; make user just can read private data and non-private data by same application program; reduce the courses of action of user, improve the reading efficiency of data.
In some instances, said method each step to realize details as follows:
The chat record that data described in step S1 can be the contact persons be stored in mobile terminal 1, note, message registration, Email even use chat tool to produce, and file or the file etc. belonging to this file such as text, picture, video, webpage.Wherein, the data such as described contact person, note, message registration in this mobile terminal 1 can be stored in the storer 11 of mobile terminal 1, internal memory or SIM card.The data such as this Email, chat record, text, picture, video, webpage, file can be stored in storer 11.
In an example, the described application program address list, note case, message registration, email client, chat tool client, text file reader, Photo Viewer, video player, browser etc. that can carry for the operating system of mobile terminal 1.In another example, described application program can also for installing and the third party's program run on a mobile terminal 1, such as mobile phone QQ address list, SIM card address list management device, incoming call lead to, magic fuse tube man, foxmail, Tengxun's video player, mobile phone QQ browser etc.
Described privacy rule is for distinguishing private data and non-private data.Described private data refers to the data only having the crowd specified just can view, and this crowd specified such as comprises the owner of mobile terminal 1 and the people some trusty of this owner mandate.Described non-private data refers to all data that the crowd of mobile terminal 1 can be used all to view.The data meeting this privacy rule are considered to private data.
Described privacy rule is defined by the owner of mobile terminal 1.Mobile terminal 1 receives the input operation of owner, and creates this privacy rule according to this input operation.Such as, if owner selects the menu item of " being set to privacy contact person " in the function menu of contact person " Zhang San ", then create all contact methods of privacy rule regulation " Zhang San ", comprise phone number, landline telephone, email address, and use the phone number of " Zhang San " to send and following send over all notes, to have carried out with the phone number of " Zhang San " and the following all message registrations carried out are all private data.Also such as, if owner selects the menu item of " being set to privacy picture " in the function menu of the pictures shown by mobile terminal 1, then create a privacy rule and specify this picture stored in mobile terminal 1 to be private data.
After the described privacy rule of establishment, also need for this privacy rule creates a corresponding initial information, this initial information is for the protection of the data meeting this privacy rule.Input operation according to owner also creates by this initial information.
In an example, this initial information is the password be made up of numeral, symbol, letter or its combination.Such as, the display unit 17 of mobile terminal 1 shows the user interface that arranges initial information, and owner can by the physical keyboard of mobile terminal 1 or a series of password be made up of numeral, symbol, letter or its combination of the dummy keyboard recalled input.Mobile terminal 1 receives this password inputted, using this password as this initial information stored in storer 11.
In an example, this initial information can be one section of phonetic order.Such as, owner inputs phonetic order by utterance in the process of certain the recording icon pressed on interface as shown in certain entity key (as key of taking pictures) of mobile terminal 1 or display unit 17, mobile terminal 1 records lower this phonetic order inputted, using this phonetic order as initial information stored in storer 11.
In an example, this initial information can be the finger print information of owner.This finger print information can realize based on fingerprint identification technology, and such as, mobile terminal 1 runs a fingerprint identification software, identify fingerprint input, then using identified finger print information as this initial information stored in storer 11.
In an example, this initial information can be the slip gesture of owner on Touch Screen 50.This slip gesture the mobile route of the contact point on this Touch Screen 50 can be represented by the finger of owner or pointer.Such as, the Touch Screen 50 of mobile terminal 1 shows the icon of multiple self-defined shape, as shown in Figure 3A, owner touches the part or all of icon in the plurality of icon successively continuously according to certain path use finger or pointer.Mobile terminal 1 records the touch order of each icon be touched, mobile route (as shown in Figure 3 B) is formed according to each icon of touch order line of this each icon, namely this mobile route represents the slip gesture of owner on Touch Screen 50, using represent slip gesture this mobile route as this initial information stored in storer 11.
In order to strengthen the security meeting the data of this privacy rule further, initial information corresponding to this privacy rule can also be set to the combination of in described password, phonetic order, fingerprint and slip gesture at least two kinds, such as this initial information comprises a password and a slip gesture, thus the complexity improving this initial information and the difficulty cracked.
Be appreciated that mobile terminal 1 can create a more than privacy rule, and each privacy rule has corresponding initial information, initial information corresponding to each privacy rule is for the protection of the data meeting corresponding privacy rule.Initial information corresponding to each privacy rule can be identical, also can be different.Can not conflict mutually between each privacy rule, such as, same data can not meet two or more privacy rule simultaneously.
In an example, private data and non-private data may be displayed in the same user interface of application program, but private data is different with the display mode of non-private data.Such as, in same user interface, non-private data normally shows, and each private data only shows a part, or replaces display with information such as predetermined symbol or words.As shown in Figure 4, in the user interface of message registration, non-privacy contact person " king two " and telephone number, air time and talk times are directly displayed out, privacy contact person " Zhang San " then only shows contact person " Zhang San " this entry, and this telephone number now, air time and talk times all replace display with No. *.User sees this No. * content replacing the contacts entries of display, can know that this contact person is set up in order to privacy contact person.When user selects to check private data in the user interface of this application program, application program sends the request of reading this private data again, then step S1 judges whether this private data meets some privacy rule, if this private data meets some privacy rule, then performs step S2.
In an example, this private data and non-private data also can not be presented in the same user interface of application program.Such as, the user interface of this application program, when showing non-private data, also shows the icon 60 that recalls private data, as shown in Figure 5.When user clicks this icon 60, this application program sends the request of each private data reading this icon 60 correspondence more successively, and then step S1 judges which privacy rule each private data meets respectively.When often judging that a private data meets a privacy rule, perform step S2.
The interface of the requirement input validation information described in step S2 is shown according to created initial information.If the initial information created is the password of numeral, symbol, letter or its combination composition, then show the dialog box of an input validation information.When the authorization information that user consists of the physical keyboard of mobile terminal 1 or the dummy keyboard input numeral recalled, symbol, letter or its combination, this dialog box can not directly show this authorization information, but can replace with No. * or other symbol, both facilitate user to judge whether mistake input according to the length of input validation information, and avoid again inputted authorization information to be seen by other people.
If the initial information created is one section of phonetic order, then show the interface of a phonetic entry.Press in the process of the recording icon in this interface user, mobile terminal 1 records the authorization information of the speech form of lower user's input.If the initial information created is finger print information, then shows an interface requiring input fingerprint, and open corresponding fingerprint identification software.If the initial information created is the slip gesture on Touch Screen 50, then shows and create this slip gesture as the same interface shown during initial information, as shown in Figure 3A, carrying out touch on the surface for user mobile to form slip gesture.
In step S3, judge that the mode whether this authorization information is correct comprises:
If the authorization information inputted is made up of numeral, symbol, letter or its combination, then judge that whether the numeral, symbol, letter or its initial information combining the cryptogram form of composition that store in storer 11 be consistent with this authorization information, if consistent, then judge that this authorization information is correct.
If the authorization information inputted is phonetic order, then can realize judging that whether this authorization information is correct based on speech recognition technology.Such as, identify the true content as the phonetic order of initial information, and identify the true content as the phonetic order of authorization information, then judge that whether this true content as the phonetic order of initial information is consistent with this true content as the phonetic order of authorization information, if consistent, then judge that this authorization information is correct.Speech recognition can be realize in mobile terminal 1 the machine, also phonetic order can be sent to cloud server place and carry out speech recognition.
If the authorization information inputted is finger print information, then judges that whether the finger print information as initial information stored in storer 11 is consistent with the finger print information as authorization information, if unanimously, then judge that this authorization information is correct.
If the authorization information inputted is the slip gesture on Touch Screen 50, then judge that whether the mobile route of the contact point that the mobile route of the described contact point representing slip gesture in storer 11 represents with this slip gesture as authorization information is consistent.If consistent, then judge that this authorization information is correct.
In step S4, if this authorization information is correct, then illustrates that the user of this authorization information of input belongs to the crowd having permission and check the data meeting this privacy rule, therefore, allow this application program to read this data.These data, after these data of reading, can show and check for user by application program.It should be noted that, if this application program is out of service, or mobile terminal 1 is locked, when this application program is run again, or after mobile terminal 1 is unlocked, if this application program needs to read this data, then still need the process through above-mentioned steps S1 to step S4 just can be allowed to read this data, namely this application program can not because being allowed to read this data by a user rs authentication throughout one's life.
In addition, be appreciated that, if the data meeting some privacy rule, when reading, have passed the checking of above-mentioned steps S3 to authorization information, allow this application program to read this data, so in the operational process of this application program, other all data meeting this privacy rule when needs read respectively, if all carry out the process of step S1 to step S4, will cause many unnecessary operations, such as user repeats to input same correct authorization information, reduces data reading performance using redundancy.Be allowed to because this application program reads the behavior meeting data of this privacy rule; and all data under this privacy rule are all protected by same initial information; therefore; other all data under this privacy rule also all should allow this application program to read; thus the reading efficiency of data can be improved, reduce the operation that user repeats input validation information.
Second embodiment
In order to improve the first embodiment step S1 in judge whether data meet the efficiency of this privacy rule; when avoiding needing to read these data at every turn; all to investigate each created privacy rule one by one; thus find the privacy rule of this data fit or prove that these data do not meet any privacy rule; consult shown in Fig. 6; second embodiment of the invention provides a kind of data guard method, and it also comprised before described step S1 compared to the data guard method of the first embodiment:
Step S1.1, when receiving data input, judging whether these data meet certain privacy rule, if so, then storing these data, and arranges a mark corresponding with this met privacy rule for these data.Such as, when receiving an incoming call, judge whether the message registration of caller meets some privacy rule, if, then store the information of this incoming call, comprise incoming call time, accumulative incoming call number of times etc., and add a zone bit corresponding with this privacy rule to the information of this stored incoming call, this zone bit is for marking this privacy rule of information conforms of this incoming call.If these data do not meet any privacy rule, then store these data but not for these data arrange described mark.
Correspondingly, in described step S1, when receiving application program and reading the request of data, can judge whether these data are provided with the mark corresponding with a privacy rule, such as, judge whether these data have the zone bit corresponding with a privacy rule.If these data are provided with the mark corresponding with a privacy rule, then judge this privacy rule of this data fit, if these data are not provided with the mark corresponding with any privacy rule, then judge that these data do not meet any privacy rule, thus avoid investigating each privacy rule one by one, improve and judge whether data meet the efficiency of this privacy rule.
3rd embodiment
According to the data guard method protected data that the second embodiment provides; needing user to input correct authorization information could allow this application program to read this data; the crowd of the authority without these data of access can be stoped to access this data; but the undesirable application program of some users cannot be prevented, more such as, steal the rogue program of privacy of user to read this data.
In order to solve the problem further; improve the security of data; consult shown in Fig. 7, Fig. 8 and Fig. 9; third embodiment of the invention provides a kind of data guard method; it is compared to the data guard method of the second embodiment, also comprises before allowing this application program to read the step of these data in step s 4 which:
Step S4.1, judges whether this application program has the reading authority of type belonging to these data.If not, then process ends, if so, then allows this application program to read this data, as shown in Figure 7.Such as, if these data are note, then when this application program has the reading authority of short message type, such as this application program is magic fuse tube man, incoming call leads to, and is just allowed to read this data.
In sum, step S4.1 can prevent the application program of the reading authority without type belonging to these data from reading this data, plays the effect preventing rogue program from stealing privacy to a certain extent.
In addition, step S4.2 is can further include before allowing this application program to read the step of these data in step s 4 which, in step S3, this step S4.2 can judge that this authorization information correctly performs (as shown in Figure 8) afterwards, also in described step S4.1, can judge that this application program performs (as shown in Figure 9) after having the reading authority of type belonging to these data.
Step S4.2, judges that whether this application program is with the identification information corresponding with these data.If so, this application program is then allowed to read this data, if not, then process ends.The described identification information corresponding with these data can realize in above-mentioned steps S1.1, namely while arrange a mark corresponding with this privacy rule for these data, arranges the identification information corresponding with these data.This identification information is such as the UID(User Identification of application program, and user identity proves), bag name, class name even title etc., as long as this identification information can identify corresponding application program uniquely.This set identification information can be one or more, and one or more application programs namely with this identification information are allowed to read this data.
In sum, step S4.2, according to the set identification information corresponding with these data, only when application program is with this identification information, just allows to read these data.Namely only have one or more application programs of specifying to be allowed to read this data, even and if other application program with the reading authority of type belonging to these data is not still allowed to read this data, further increase the security of these data.
4th embodiment
Consult shown in Figure 10, fourth embodiment of the invention provides a kind of data protecting device 100, and it comprises judge module 101, display module 102, authentication module 103 and control module 104.Be appreciated that above-mentioned each module refers to computer program or program segment, for performing certain one or more specific function.In addition, the differentiation of above-mentioned each module does not represent actual program code and must separate yet.
Judge module 101, for when receiving application program and reading the request of data, judges whether these data meet the privacy rule be pre-created.After this privacy rule is created, also need for this privacy rule creates a corresponding initial information, this initial information is for the protection of the data meeting this privacy rule.This initial information is the combination of a kind of in password, phonetic order, fingerprint, slip gesture or at least two kinds, and wherein this password is made up of numeral, symbol, letter or its combination.
Display module 102, if for this privacy rule of this data fit, then shows the interface requiring input validation information.
Authentication module 103, for receiving the authorization information of input, judges that whether this authorization information is correct.Specifically, authentication module 103 can judge that whether this authorization information is consistent with this initial information, if so, then judges that this authorization information is correct.
Control module 104, if correct for this authorization information, then allows this application program to read this data.
For the specific works process of above each module, the data guard method that can provide with further reference to first embodiment of the invention, no longer repeats at this.
In sum; according to the data protecting device 100 of the present embodiment; user rs authentication is required when application program needs to read private data; and this application program when reading non-private data without the need to user rs authentication; make user just can read private data and non-private data by same application program; reduce the courses of action of user, improve the reading efficiency of data.
5th embodiment
Consult shown in Figure 11, fifth embodiment of the invention provides a kind of data protecting device 200, and it, compared to the data protecting device 100 of the 4th embodiment, comprises memory module 201 further, and it for performing before the described judge module 101 of execution.
Memory module 201, for when receiving data input, judging whether these data meet certain privacy rule, if so, then storing these data, and arranges a mark corresponding with this met privacy rule for these data.
Correspondingly, when receiving application program and reading the request of data, described judge module 101 can judge whether these data are provided with the mark corresponding with a privacy rule, if so, then judges this privacy rule of this data fit.
For the specific works process of above each module, the data guard method that can provide with further reference to second embodiment of the invention, no longer repeats at this.
In sum, the data protecting device 200 of the present embodiment can be avoided investigating each privacy rule one by one, improves and judges whether data meet the efficiency of this privacy rule.
6th embodiment
Consult shown in Figure 12, sixth embodiment of the invention provides a kind of data protecting device 300, and it is compared to the data protecting device 200 of the second embodiment, and described control module 104 comprises the first control submodule 301 or second further and controls submodule 302.At authentication module 103, first controls submodule 301 can judge that this authorization information correctly performs afterwards, second controls submodule 302 can perform after this first control submodule 301 of execution, also can judge that this authorization information correctly performs afterwards at authentication module 103.
First controls submodule 301, for judging whether this application program has the reading authority of type belonging to these data, if so, then allows this application program to read these data or trigger second to control submodule 302.
Control submodule 301 according to first, can prevent the application program of the reading authority without type belonging to these data from reading this data, play the effect preventing rogue program from stealing privacy to a certain extent.
Second controls submodule 302, for judging that whether this application program is with the identification information corresponding with these data, if so, then allows this application program to read this data.The described identification information corresponding with these data can be arranged while arrange a mark corresponding with this privacy rule for these data by described memory module 201.This identification information can identify corresponding application program uniquely.
Submodule 302 is controlled according to second, one or more application programs of specifying are only had to be allowed to read this data, even and if other application program with the reading authority of type belonging to these data is not still allowed to read this data, further increase the security of these data.
For the specific works process of above each module, the data guard method that can provide with further reference to third embodiment of the invention, no longer repeats at this.
In addition, the embodiment of the present invention also provides a kind of computer-readable recording medium, is stored with computer executable instructions, and above-mentioned computer-readable recording medium is such as nonvolatile memory such as CD, hard disk or flash memory.Above-mentioned computer executable instructions completes various operations in above-mentioned data guard method for allowing computing machine or similar arithmetic unit.
The above, it is only preferred embodiment of the present invention, not any pro forma restriction is done to the present invention, although the present invention discloses as above with preferred embodiment, but and be not used to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, make a little change when the technology contents of above-mentioned announcement can be utilized or be modified to the Equivalent embodiments of equivalent variations, in every case be do not depart from technical solution of the present invention content, according to any brief introduction amendment that technical spirit of the present invention is done above embodiment, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.
Claims (14)
1. a data guard method, is characterized in that, the method comprises the following steps:
Determining step: when receiving application program and reading the request of data, judge whether these data meet the privacy rule be pre-created;
Show step: if this privacy rule of this data fit, then show the interface requiring input validation information;
Verification step: the authorization information receiving input, judges that whether this authorization information is correct;
Rate-determining steps: if this authorization information is correct, then allow this application program to read this data.
2. data guard method as claimed in claim 1, is characterized in that, also comprise before described determining step:
When receiving data input, judging whether these data meet described privacy rule, if so, then storing these data, and a mark corresponding with this privacy rule is set for these data.
3. data guard method as claimed in claim 2, is characterized in that, judges that the step whether these data meet the privacy rule be pre-created comprises in described determining step:
Judge whether these data are provided with the mark corresponding with this privacy rule, if so, then judge this privacy rule of this data fit.
4. data guard method as claimed in claim 1, is characterized in that, also comprise:
Be pre-created an initial information corresponding with this privacy rule;
The described step judging that whether this authorization information is correct comprises:
Judge that whether this authorization information is consistent with this initial information, if so, then judge that this authorization information is correct.
5. data guard method as claimed in claim 4, is characterized in that, this initial information is the combination of a kind of in password, phonetic order, fingerprint, slip gesture or at least two kinds, and wherein this password is made up of numeral, symbol, letter or its combination.
6. data guard method as claimed in claim 2, is characterized in that, also comprise before this application program of described permission reads the step of these data:
Judge whether this application program has the reading authority of type belonging to these data, if so, then allow this application program to read this data.
7. the data guard method as described in claim 2 or 6, is characterized in that, the described step arranging a mark corresponding with this privacy rule for these data also comprises:
The identification information corresponding with these data is set;
Also comprise before this application program of described permission reads the step of these data:
Judge that whether this application program is with this identification information, if so, then allow this application program to read this data.
8. a data protecting device, is characterized in that, this device comprises:
Judge module, for when receiving application program and reading the request of data, judges whether these data meet the privacy rule be pre-created;
Display module, if for this privacy rule of this data fit, then shows the interface requiring input validation information;
Authentication module, for receiving the authorization information of input, judges that whether this authorization information is correct;
Control module, if correct for this authorization information, then allows this application program to read this data.
9. data protecting device as claimed in claim 8, is characterized in that, also comprise:
Memory module, for when receiving data input, judging whether these data meet described privacy rule, if so, then storing these data, and arranges a mark corresponding with this privacy rule for these data.
10. data protecting device as claimed in claim 9, it is characterized in that, described judge module, for judging whether these data are provided with the mark corresponding with this privacy rule, if so, then judges this privacy rule of this data fit.
11. data protecting devices as claimed in claim 8, is characterized in that, described authentication module, for judging that whether this authorization information is consistent with this initial information corresponding with this privacy rule be pre-created, if so, then judges that this authorization information is correct.
12. data protecting devices as claimed in claim 11, is characterized in that, this initial information is the combination of a kind of in password, phonetic order, fingerprint, slip gesture or at least two kinds, and wherein this password is made up of numeral, symbol, letter or its combination.
13. data protecting devices as claimed in claim 9, it is characterized in that, described control module comprises:
First controls submodule, for judging whether this application program has the reading authority of type belonging to these data, if so, then allows this application program to read this data.
14. data protecting devices as described in claim 9 or 13, it is characterized in that, described memory module is also for arranging the identification information corresponding with these data;
Described control module also comprises:
Second controls submodule, for judging that whether this application program is with this identification information, if so, then allows this application program to read this data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310226143.XA CN104239804A (en) | 2013-06-07 | 2013-06-07 | Data protecting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310226143.XA CN104239804A (en) | 2013-06-07 | 2013-06-07 | Data protecting method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104239804A true CN104239804A (en) | 2014-12-24 |
Family
ID=52227845
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310226143.XA Pending CN104239804A (en) | 2013-06-07 | 2013-06-07 | Data protecting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104239804A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105099878A (en) * | 2015-06-29 | 2015-11-25 | 小米科技有限责任公司 | Information display method, device and terminal |
| CN105260658A (en) * | 2015-09-17 | 2016-01-20 | 广东欧珀移动通信有限公司 | Method and system for setting privacy interface |
| CN105405456A (en) * | 2015-11-03 | 2016-03-16 | 广东欧珀移动通信有限公司 | Recording method and device |
| CN105956493A (en) * | 2016-06-29 | 2016-09-21 | 乐视控股(北京)有限公司 | Mobile phone file protection method and mobile phone file protection device |
| CN106295423A (en) * | 2015-06-29 | 2017-01-04 | 阿里巴巴集团控股有限公司 | A kind of method for exhibiting data and client |
| CN106650416A (en) * | 2016-11-29 | 2017-05-10 | 深圳市金立通信设备有限公司 | Password setting and decrypting methods and terminal |
| CN106778321A (en) * | 2016-11-18 | 2017-05-31 | 东软集团股份有限公司 | Authority control method and device |
| CN107071769A (en) * | 2017-04-25 | 2017-08-18 | 努比亚技术有限公司 | The safety certification device and method of synchronizing information |
| CN107609361A (en) * | 2017-08-24 | 2018-01-19 | 深圳双创科技发展有限公司 | Identity logic verification method and terminal |
| CN107633161A (en) * | 2017-08-24 | 2018-01-26 | 深圳双创科技发展有限公司 | The terminal and Related product of the access control of protected data |
| CN107798252A (en) * | 2017-10-27 | 2018-03-13 | 维沃移动通信有限公司 | A kind of file access method and mobile terminal |
| CN109118454A (en) * | 2018-08-30 | 2019-01-01 | 北京旷视科技有限公司 | Image processing method, device, system, computer readable storage medium |
| CN109376545A (en) * | 2018-09-17 | 2019-02-22 | 麒麟合盛网络技术股份有限公司 | Method for secret protection and device |
| WO2019037004A1 (en) * | 2017-08-24 | 2019-02-28 | 深圳双创科技发展有限公司 | Access control terminal for protected data, and related product |
| WO2019037003A1 (en) * | 2017-08-24 | 2019-02-28 | 深圳双创科技发展有限公司 | Identity logic verification method and terminal |
| CN109768911A (en) * | 2018-12-05 | 2019-05-17 | 北京珠穆朗玛移动通信有限公司 | Message treatment method, mobile terminal and storage medium |
| CN110022536A (en) * | 2018-01-08 | 2019-07-16 | 中国移动通信有限公司研究院 | Verification information processing method, communication equipment, business platform and storage medium |
| CN110750408A (en) * | 2019-09-30 | 2020-02-04 | 湖南新云网科技有限公司 | Method, device and apparatus for controlling USB debug mode switch, and storage medium |
| CN112149075A (en) * | 2020-09-30 | 2020-12-29 | 中国银行股份有限公司 | Information processing method, device, equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1561129A (en) * | 2004-03-09 | 2005-01-05 | 惠州Tcl移动通信有限公司 | Mobile phone message security method |
| CN101184264A (en) * | 2007-11-27 | 2008-05-21 | 北京网秦天下科技有限公司 | Mobile phone telephone and message anti-disturbance and private communication method and system |
| CN101252748A (en) * | 2008-04-11 | 2008-08-27 | 北京北纬通信科技股份有限公司 | System and method for realizing privacy SMS on mobile terminal |
| US20090235068A1 (en) * | 2008-03-13 | 2009-09-17 | Fujitsu Limited | Method and Apparatus for Identity Verification |
| CN102467462A (en) * | 2010-11-17 | 2012-05-23 | 中国移动通信集团公司 | Method for protecting data stored in device and corresponding device |
| CN103002124A (en) * | 2012-11-01 | 2013-03-27 | 北京小米科技有限责任公司 | Method, device and equipment for processing communication data |
-
2013
- 2013-06-07 CN CN201310226143.XA patent/CN104239804A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1561129A (en) * | 2004-03-09 | 2005-01-05 | 惠州Tcl移动通信有限公司 | Mobile phone message security method |
| CN101184264A (en) * | 2007-11-27 | 2008-05-21 | 北京网秦天下科技有限公司 | Mobile phone telephone and message anti-disturbance and private communication method and system |
| US20090235068A1 (en) * | 2008-03-13 | 2009-09-17 | Fujitsu Limited | Method and Apparatus for Identity Verification |
| CN101252748A (en) * | 2008-04-11 | 2008-08-27 | 北京北纬通信科技股份有限公司 | System and method for realizing privacy SMS on mobile terminal |
| CN102467462A (en) * | 2010-11-17 | 2012-05-23 | 中国移动通信集团公司 | Method for protecting data stored in device and corresponding device |
| CN103002124A (en) * | 2012-11-01 | 2013-03-27 | 北京小米科技有限责任公司 | Method, device and equipment for processing communication data |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105099878A (en) * | 2015-06-29 | 2015-11-25 | 小米科技有限责任公司 | Information display method, device and terminal |
| CN106295423A (en) * | 2015-06-29 | 2017-01-04 | 阿里巴巴集团控股有限公司 | A kind of method for exhibiting data and client |
| CN105260658A (en) * | 2015-09-17 | 2016-01-20 | 广东欧珀移动通信有限公司 | Method and system for setting privacy interface |
| CN105405456A (en) * | 2015-11-03 | 2016-03-16 | 广东欧珀移动通信有限公司 | Recording method and device |
| CN105956493A (en) * | 2016-06-29 | 2016-09-21 | 乐视控股(北京)有限公司 | Mobile phone file protection method and mobile phone file protection device |
| CN106778321B (en) * | 2016-11-18 | 2020-06-05 | 东软集团股份有限公司 | Authority control method and device |
| CN106778321A (en) * | 2016-11-18 | 2017-05-31 | 东软集团股份有限公司 | Authority control method and device |
| CN106650416A (en) * | 2016-11-29 | 2017-05-10 | 深圳市金立通信设备有限公司 | Password setting and decrypting methods and terminal |
| CN107071769B (en) * | 2017-04-25 | 2020-10-27 | 上海盈联电信科技有限公司 | Information synchronization security authentication device and method |
| CN107071769A (en) * | 2017-04-25 | 2017-08-18 | 努比亚技术有限公司 | The safety certification device and method of synchronizing information |
| CN107609361A (en) * | 2017-08-24 | 2018-01-19 | 深圳双创科技发展有限公司 | Identity logic verification method and terminal |
| WO2019037004A1 (en) * | 2017-08-24 | 2019-02-28 | 深圳双创科技发展有限公司 | Access control terminal for protected data, and related product |
| WO2019037003A1 (en) * | 2017-08-24 | 2019-02-28 | 深圳双创科技发展有限公司 | Identity logic verification method and terminal |
| CN107633161B (en) * | 2017-08-24 | 2020-11-06 | 徐州政源信息科技有限公司 | Terminal for access control of protected data and related product |
| CN107633161A (en) * | 2017-08-24 | 2018-01-26 | 深圳双创科技发展有限公司 | The terminal and Related product of the access control of protected data |
| CN107798252A (en) * | 2017-10-27 | 2018-03-13 | 维沃移动通信有限公司 | A kind of file access method and mobile terminal |
| CN107798252B (en) * | 2017-10-27 | 2019-10-18 | 维沃移动通信有限公司 | A kind of file access method and mobile terminal |
| CN110022536A (en) * | 2018-01-08 | 2019-07-16 | 中国移动通信有限公司研究院 | Verification information processing method, communication equipment, business platform and storage medium |
| CN109118454A (en) * | 2018-08-30 | 2019-01-01 | 北京旷视科技有限公司 | Image processing method, device, system, computer readable storage medium |
| CN109376545A (en) * | 2018-09-17 | 2019-02-22 | 麒麟合盛网络技术股份有限公司 | Method for secret protection and device |
| CN109768911A (en) * | 2018-12-05 | 2019-05-17 | 北京珠穆朗玛移动通信有限公司 | Message treatment method, mobile terminal and storage medium |
| CN110750408A (en) * | 2019-09-30 | 2020-02-04 | 湖南新云网科技有限公司 | Method, device and apparatus for controlling USB debug mode switch, and storage medium |
| CN112149075A (en) * | 2020-09-30 | 2020-12-29 | 中国银行股份有限公司 | Information processing method, device, equipment and storage medium |
| CN112149075B (en) * | 2020-09-30 | 2023-09-26 | 中国银行股份有限公司 | Information processing method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104239804A (en) | Data protecting method and device | |
| US11934505B2 (en) | Information content viewing method and terminal | |
| US11909884B2 (en) | Secure distributed information system for public device authentication | |
| US9223948B2 (en) | Combined passcode and activity launch modifier | |
| US8769668B2 (en) | Touchscreen password entry | |
| KR101449681B1 (en) | Method, user device and computer-readable storage for displaying message using fingerprint | |
| US20140310805A1 (en) | Gesture-to-Password Translation | |
| US20150319173A1 (en) | Co-verification method, two dimensional code generation method, and device and system therefor | |
| EP3557835B1 (en) | Authorization credential migration method, terminal device and service server | |
| WO2015074496A1 (en) | Identity authentication method and device and storage medium | |
| EP2650808A1 (en) | Method for integrating account management function in input method software | |
| CN103235903A (en) | Processing method and device for hiding programs of mobile terminal | |
| WO2017147890A1 (en) | Verification code short message display method and mobile terminal | |
| US20190377863A1 (en) | Password input method, computer device and storage medium | |
| CN103793659A (en) | Method and system for setting password and method and system for verifying password | |
| CN105760741A (en) | Code input method, security chip and system | |
| CA2762129A1 (en) | Visual or touchscreen password entry | |
| US9305187B2 (en) | Data security management systems and methods | |
| CN107479886A (en) | A kind of method for information display and mobile terminal | |
| CN104836778A (en) | Method, device and system for realizing identifying code | |
| US9690917B2 (en) | Managing compromised passwords | |
| CN106447325A (en) | Processing method and device based on NFC (Near Filed Communication), and mobile terminal | |
| EP2466521B1 (en) | Obscuring visual login | |
| CN111752398A (en) | Verification code input method and device, electronic equipment and readable storage medium | |
| KR20140044145A (en) | User device, method of using function lock of the same and computer-readable recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141224 |