CN105160240A - Terminal password protection method and apparatus - Google Patents

Terminal password protection method and apparatus Download PDF

Info

Publication number
CN105160240A
CN105160240A CN201510428995.6A CN201510428995A CN105160240A CN 105160240 A CN105160240 A CN 105160240A CN 201510428995 A CN201510428995 A CN 201510428995A CN 105160240 A CN105160240 A CN 105160240A
Authority
CN
China
Prior art keywords
terminal
character string
password
control desk
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510428995.6A
Other languages
Chinese (zh)
Other versions
CN105160240B (en
Inventor
邓振波
苏云琳
黄鉴廷
燕晓龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201510428995.6A priority Critical patent/CN105160240B/en
Publication of CN105160240A publication Critical patent/CN105160240A/en
Application granted granted Critical
Publication of CN105160240B publication Critical patent/CN105160240B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Abstract

The application provides a terminal password protection method and apparatus, and relates to the technical field of computers. The method comprises the steps that: a control console obtains a verification password and sends the verification password to each terminal for storage through a network; the process for performing password protection by the terminal after storing the verification password comprises: input data received by the terminal is monitored; when the input data triggers an instruction for disenabling or uninstalling a terminal security protection function, a password input interface is drawn, wherein the password input interface is used for receiving an input character string; when the password input interface receives the character string and confirms the character string, the character string and the verification password locally stored in the terminal are subjected to comparison and matching; if the character string is matched with the verification password, the terminal is allowed to execute the instruction for disenabling the terminal security protection function; or otherwise, the terminal is rejected to execute the instruction for disenabling the terminal security protection function. A security protection module of the terminal in a local area network can be managed and controlled more conveniently and local area network information security is improved.

Description

A kind of terminal password protection method and device
Technical field
The application relates to field of computer technology, particularly relates to a kind of terminal password protection method and system.
Background technology
Computer network, refer to the multiple stage computing machines with standalone feature different for geographic position and external unit thereof, coupled together by communication line, in network operating system, the management of the network management software and network communication protocol and under coordinating, realizes the computer system that resource sharing and information are transmitted.And enterprise or mechanism are in order to ensure the information security of its LAN (Local Area Network) Computer, need to adopt the fail-safe software of control desk to terminal to unify to control, such as leak reparation, wooden horse killing etc.
In prior art, the fail-safe software controlled by control desk can carry out arbitrarily exiting or the action such as unloading by terminal, and for the information security of the LAN (Local Area Network) such as enterprise, if terminal can arbitrarily exit, unload the fail-safe software mutual with control desk, then cannot ensure the control of control desk to all terminals in net, thus the information security of the LAN (Local Area Network) such as enterprise cannot be ensured.
Summary of the invention
In view of the above problems, the present invention is proposed to provide a kind of overcoming the problems referred to above or a kind of terminal password protection system solved the problem at least in part and corresponding a kind of terminal password protection method.
According to one aspect of the present invention, provide the method for a kind of terminal password protection, comprising:
Control desk obtains authentication password, and described authentication password is sent to the storage of each terminal by network;
Terminal after storing described authentication password, the process of carrying out cryptoguard comprises:
The input data that monitor terminal receives;
Close when described input data-triggered or unload the instruction of described terminal security defencive function, then draw interface for password input, described interface for password input is for receiving the character string of input;
Receive character string when interface for password input and after being identified, then the authentication password that described character string and terminal local store being compared and mate;
If matched, then terminal is allowed to perform the instruction of closing described terminal security defencive function;
If do not matched, then refuse terminal and perform the instruction of closing described terminal security defencive function.
Optionally, after described character string matches with the local authentication password stored, permission terminal also comprises before performing the instruction closing or unload described terminal security defencive function:
Described character string is sent to control desk by described terminal;
The authentication password that described character string and this locality store compares and mates by control desk.
Optionally, described control desk obtains authentication password, and described authentication password is sent to each terminal by network stores and comprise:
Control desk adopts cryptographic algorithm that described authentication password is carried out digital signature;
By described carry out digital signature after authentication password be sent to each terminal by network.
Optionally, describedly receive character string after being identified when interface for password input, then the authentication password that described character string and terminal local store compared to mate and comprise:
Described cryptographic algorithm is adopted to carry out digital signature to character string described character string;
By the character string after carrying out digital signature with described carry out digital signature after authentication password compare and mate.
Optionally, also comprise:
Preset dynamic link library; After described input data-triggered closes the instruction of described terminal security defencive function, call described dynamic link library and perform the step after triggering the instruction of closing described terminal security defencive function.
Optionally, also comprise:
In the performed white list of the corresponding security protection module of safety protection function, preset first Uninstaller; Described initial Uninstaller is enable when described input data-triggered unloads the instruction of described terminal security defencive function;
Further, match if described, then allow terminal to perform the instruction of closing described terminal security defencive function and comprise:
The original uninstall procedure that first Uninstaller calls security protection module corresponding to safety protection function unloads.
According to another aspect of the present invention, additionally provide the method for a kind of terminal password protection, comprising:
Control desk obtains and stores authentication password;
In the terminal that control desk controls, the process of carrying out cryptoguard comprises:
The input data that monitor terminal receives;
Close when described input data-triggered or unload the instruction of described terminal security defencive function, then draw interface for password input, described interface for password input is for receiving the character string of input;
Described character string is sent to control desk by described terminal;
The authentication password that described character string and this locality store compares and mates by control desk;
If matched, then terminal is allowed to perform the instruction of closing described terminal security defencive function;
If do not matched, then refuse terminal and perform the instruction of closing described terminal security defencive function.
Accordingly, additionally provide the system of a kind of terminal password protection, comprising:
Control desk and each terminal;
Described control desk comprises:
Authentication password sending module, obtains authentication password for control desk, and described authentication password is sent to the storage of each terminal by network;
Described each terminal comprises:
Input monitoring module, for the input data that monitor terminal receives;
Start module, for closing the instruction of described terminal security defencive function when described input data-triggered, then draw interface for password input, described interface for password input is for receiving the character string of user's input;
First matching module, for receiving character string when interface for password input and after being identified, then the authentication password that described character string and terminal local store being compared and mate;
Allowing module, if for matching, then allowing terminal to perform the instruction closing or unload described terminal security defencive function;
Refusal module, if for not matching, then refuses terminal and performs the instruction closing or unload described terminal security defencive function.
Optionally, optionally, in each terminal, also comprised before described permission module: character string sending module, described character string is sent to control desk by described terminal;
Described control desk also comprises:
Second matching module, to compare described character string and the local authentication password stored for control desk and mates.
Optionally, described authentication password sending module comprises:
First encrypting module, adopts cryptographic algorithm that described authentication password is carried out digital signature for control desk;
First sending module, for by described carry out digital signature after authentication password be sent to each terminal by network.
Optionally, described first matching module comprises:
Second encrypting module, for adopting described cryptographic algorithm to carry out digital signature to character string described character string;
3rd matching module, for by the character string after carrying out digital signature with described carry out digital signature after authentication password compare and mate.
Optionally, also comprise:
First preset module, for preset dynamic link library; After described input data-triggered closes the instruction of described terminal security defencive function, call described dynamic link library and perform the step after triggering the instruction of closing described terminal security defencive function.
Optionally, also comprise:
Second preset module, in the performed white list of the corresponding security protection module of safety protection function, preset first Uninstaller; Described initial Uninstaller is enable when described input data-triggered unloads the instruction of described terminal security defencive function;
Further, described permission module comprises:
First Unload module, the original uninstall procedure calling security protection module corresponding to safety protection function for the first Uninstaller unloads.
Accordingly, additionally provide the system of a kind of terminal password protection, comprising:
Control desk and each terminal;
Described control desk comprises:
Authentication password receiver module, obtains for control desk and stores authentication password;
Matching module, to compare described character string and the local authentication password stored for control desk and mates;
Described each terminal comprises:
Input monitoring module, for the input data that monitor terminal receives;
Start module, for closing the instruction of described terminal security defencive function when described input data-triggered, then draw interface for password input, described interface for password input is for receiving the character string of user's input;
Character string sending module, described character string is sent to control desk by described terminal;
Allowing module, if for matching, allowing terminal to perform the instruction of closing described terminal security defencive function;
Refusal module, if for not matching, refusal terminal performs the instruction of closing described terminal security defencive function.
A kind of terminal password protection method according to the present invention can make terminal when closing or unload it and having the operation of the security protection module of safety protection function, this operation behavior of control terminal is unified by control desk, terminal is needed to input the unlocking pin corresponding to the authentication password controlled by control desk, just aforementioned operation can be carried out, solve terminal thus can arbitrarily the fail-safe software controlled by control desk be carried out exiting or the action such as unloading, and for the information security of the LAN (Local Area Network) such as enterprise, if terminal can arbitrarily exit, the fail-safe software that unloading is mutual with control desk, then cannot ensure the control of control desk to all terminals in net, thus the problem of the information security of the LAN (Local Area Network) such as enterprise cannot be ensured, achieve the information security for LAN (Local Area Network) such as enterprises, can to manage more easily and the security protection module of terminal in control LAN (Local Area Network), improve the beneficial effect of LAN information safety.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the schematic flow sheet of the embodiment of the method one of a kind of according to an embodiment of the invention terminal password protection;
Fig. 2 shows the schematic flow sheet of the embodiment of the method two of a kind of according to an embodiment of the invention terminal password protection;
Fig. 3 shows the schematic flow sheet of the system embodiment one of a kind of according to an embodiment of the invention terminal password protection;
Fig. 4 shows the schematic flow sheet of the system embodiment two of a kind of according to an embodiment of the invention terminal password protection.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
With reference to Fig. 1, it illustrates the schematic flow sheet of the embodiment of the method one of a kind of terminal password protection, specifically can comprise:
Step 110, control desk obtains authentication password, and described authentication password is sent to the storage of each terminal by network;
The security functions such as in embodiments of the present invention, comprise control desk and each terminal, control desk can be used for the security protection module of control terminal, and such as control terminal carries out virus base upgrading, patching bugs, cleaning plug-in unit.And control desk can control terminal in this application, make it arbitrarily not close or the security protection module (such as antivirus software) of discharging terminal, namely the module that it has safety protection function can not arbitrarily be closed or unload to control terminal.
In the present embodiment, control desk receives the authentication password of user's input, such as 123456, then this authentication password is sent to each terminal by its place network, in practice because control desk and terminal are in a LAN (Local Area Network) closed, described authentication password is sent to terminal by LAN (Local Area Network) by control desk.
And terminal is receiving described authentication password and after storing; the process of terminal password protection can be entered; after terminal receives described authentication password, this authentication password can be saved to the local ini file corresponding security protection module catalogue (such as antivirus software place catalogue) of safety protection function, so that subsequent calls.
Optionally, obtain authentication password at described control desk, and described authentication password is sent to each terminal by network stores and comprise:
Step S111, control desk adopts cryptographic algorithm that described authentication password is carried out digital signature;
Step S112, by described carry out digital signature after authentication password be sent to each terminal by network.
The authentication password received is carried out digital signature by such as control desk, such as MD5 (MessageDigestAlgorithmMD5 is carried out to the authentication password received, Chinese Message Digest Algorithm 5 by name) computing, then the MD5 value after computing is sent to terminal.
And corresponding, the authentication password after the digital signature that control desk then sends by terminal stores, such as aforementioned MD5 value.
Terminal after storing described authentication password, the process of carrying out cryptoguard comprises:
Step 120, the input data that monitor terminal receives;
For each terminal; the input data of its various mouse or keyboard can be monitored; so that whether the mouse of supervisory user or keyboard operation are close or the operation of security protection module of discharging terminal, namely whether the mouse that carries out of user or keyboard operation trigger the instruction closing or unload described terminal security defencive function.
In addition, for touch system, then supervisory user can carry out the data of touching input.
Certainly for other input forms, the application also can monitor it.
Step 130, close when described input data-triggered or unload the instruction of described terminal security defencive function, then draw interface for password input, described interface for password input is for receiving the character string of input;
Such as, mouse clicks UI (UserInterface, the user interface) window exiting security protection module, namely triggers the instruction of safety protection function of closing a terminal; Mouse clicks the UI (UserInterface of unloading security protection module; user interface) window, namely triggers the instruction of discharging terminal safety protection function, is so now introduced into cryptographic check process; namely first interface for password input is drawn, with the password of receiving terminal user input.
Also such as user is clicked by touch-screen and exits complete protection module, also triggers the instruction closing or unload described terminal security defencive function, so draws interface for password input.
Step 140, receives character string when interface for password input and after being identified, then the authentication password that described character string and terminal local store being compared and mate; If matched, then enter step 150; If do not matched, then proceed to step 160;
When terminal user is after interface for password input inputs character string to be tested and confirms, system then calls aforesaid verification password, and the character string to be tested terminal user inputted compares with the verification password of terminal storage mates.Authentication password stores in the ini file with local directory by such as aforementioned terminals, so terminal receive terminal user input character string and by terminal user confirm input after, extract the authentication password in ini file, compare with described character string to be verified and mate; If matched, then enter step 150, if do not matched, enter step 160.
On the basis of abovementioned steps S111 and step S112, describedly receive character string after being identified when interface for password input, then the authentication password that described character string and terminal local store compared to mate and comprise:
Step S141, adopts described cryptographic algorithm to carry out digital signature to character string described character string;
Step S142, by the character string after carrying out digital signature with described carry out digital signature after authentication password compare and mate.
Such as terminal carries out MD5 calculating to the character that user inputs, obtain MD5 value, then this MD5 value and control desk are sent to MD5 value that terminal carries out storing to compare and mate, two MD5 values are identical, then illustrate and match, proceed to step 150, if MD5 value difference, illustrate and do not match, then proceed to step 160.
Optionally, after described character string matches with the local authentication password stored, permission terminal also comprises before performing the instruction closing or unload described terminal security defencive function:
Steps A 11, described character string is sent to control desk by described terminal;
Steps A 12, the authentication password that described character string and this locality store compares and mates by control desk.
The character string that steps A 11 and steps A 12 receive by terminal is sent to control desk again, and the authentication password received with control desk compares mates.If matched, then notification terminal allows to perform the instruction of closing described terminal security defencive function, i.e. step 150; If do not matched, then notification terminal refusal performs the instruction of closing described terminal security defencive function, i.e. step 160.
For abovementioned steps S111, after so terminal sends to control desk after the character string that user inputs can being carried out digital signature by identical cryptographic algorithm, mate with the authentication password after the signature in control desk; Also by terminal, former character string can be sent to control desk, after digital signature being carried out to it by control desk, then mate with the authentication password after the signature in control desk.
Step 150, then allow terminal to perform the instruction of closing described terminal security defencive function;
Step 160, then refuse terminal and perform the instruction of closing described terminal security defencive function.
Perform in refusal terminal and close the instruction of described terminal security defencive function, also can enter step 140, the character string that user inputs again can be received and carry out matching process.
Wherein further, if matching error number of times exceedes threshold value, then can forbid user's input of character string again.
In addition, in the present embodiment, before native system performs, also comprise in terminal:
Step S50, preset dynamic link library; After described input data-triggered closes the instruction of described terminal security defencive function, call described dynamic link library and perform the step after triggering the instruction of closing described terminal security defencive function.
An i.e. preset DLL (DynamicLinkLibrary; dynamic link library) file; in the keyboard of user or the instruction of the described terminal security defencive function of mouse action triggering closedown, then call this DLL and draw interface for password input, and perform subsequent step 140 to step 160.When not matching, exiting this DLL, calling the original closing flow path of the corresponding security protection module of safety protection function, and this DLL can be exited.
In addition, in the present embodiment, before native system performs, also comprise in terminal:
Step S60, in the performed white list of the corresponding security protection module of safety protection function, preset first Uninstaller; Described initial Uninstaller is enable when described input data-triggered unloads the instruction of described terminal security defencive function;
For the program that corresponding for safety protection function security protection module (such as antivirus software) is carried out unloading; security protection module is needed to allow its operation just can allow to unload; so need this Uninstaller to be preset in the performed white list of security protection module, the instruction unloading described terminal security defencive function in the input data-triggered monitoring mouse and/or keyboard just can be enabled.
Namely draw interface for password input by the first Uninstaller, receive the character string of user's input, and character string is compared with the local authentication password stored mate.
Further, match if described, then allow terminal to perform the instruction of closing described terminal security defencive function and comprise:
The original uninstall procedure that first Uninstaller calls security protection module corresponding to safety protection function unloads.
After the character string of user's input and the authentication password that sends of control desk match, then the original Uninstaller calling security protection module by the first calling program unloads.
With reference to Fig. 2, it illustrates the schematic flow sheet of the embodiment of the method two of a kind of terminal password protection of the application, specifically can comprise:
Step 210, control desk obtains and stores authentication password;
In the present embodiment, optionally, this step also comprises:
Step B211, after adopting cryptographic algorithm to carry out digital signature the authentication password of reception, then stores.
In the terminal that control desk controls, the process of carrying out cryptoguard comprises:
Step 220, the input data that monitor terminal receives;
Step 230, close when described input data-triggered or unload the instruction of described terminal security defencive function, then draw interface for password input, described interface for password input is for receiving the character string of input;
Step 240, described character string is sent to control desk by described terminal;
In the present embodiment, optionally, corresponding to step B211, also comprise: step B212, after character string being adopted cryptographic algorithm to carry out digital signature, be sent to control desk again.
Step 250, the authentication password that described character string and this locality store compares and mates by control desk;
Based on aforementioned optional step B211 and step B212, the authentication password after the digital signature that the character string after digital signature and this locality then store by this step control desk is mated.
In addition, based on step B211, optionally, also comprise: the character string that terminal sends adopts described cryptographic algorithm to carry out digital signature by control desk;
And then the authentication password after the character string after digital signature and the local digital signature stored is mated.
Step 260, if matched, then allows terminal to perform the instruction of closing described terminal security defencive function;
Step 270, if do not matched, then refuses terminal and performs the instruction of closing described terminal security defencive function.
Described in the present embodiment and Fig. 1, embodiment similar steps principle is similar, at this not at detailed description.
With reference to Fig. 3, it illustrates the structural representation of the system embodiment one of a kind of terminal password protection of the application, specifically can comprise:
Control desk 310 and each terminal;
Described control desk 310 comprises:
Authentication password sending module 311, obtains authentication password for control desk, and described authentication password is sent to the storage of each terminal by network;
Described each terminal 320 comprises:
Input monitoring module 321, for the input data that monitor terminal receives;
Start module 322, for closing the instruction of described terminal security defencive function when described input data-triggered, then draw interface for password input, described interface for password input is for receiving the character string of user's input;
First matching module 323, for receiving character string when interface for password input and after being identified, then the authentication password that described character string and terminal local store being compared and mate;
Allowing module 324, if for matching, then allowing terminal to perform the instruction closing or unload described terminal security defencive function;
Refusal module 325, if for not matching, then refuses terminal and performs the instruction closing or unload described terminal security defencive function.
Optionally, in each terminal, also comprised before described permission module: character string sending module, described character string is sent to control desk by described terminal;
Described control desk also comprises:
Second matching module, to compare described character string and the local authentication password stored for control desk and mates.
Optionally, described authentication password sending module comprises:
First encrypting module, adopts cryptographic algorithm that described authentication password is carried out digital signature for control desk;
First sending module, for by described carry out digital signature after authentication password be sent to each terminal by network.
Optionally, described first matching module comprises:
Second encrypting module, for adopting described cryptographic algorithm to carry out digital signature to character string described character string;
3rd matching module, for by the character string after carrying out digital signature with described carry out digital signature after authentication password compare and mate.
Optionally, also comprise:
First preset module, for preset dynamic link library; After described input data-triggered closes the instruction of described terminal security defencive function, call described dynamic link library and perform the step after triggering the instruction of closing described terminal security defencive function.
Optionally, also comprise:
Second preset module, in the performed white list of the corresponding security protection module of safety protection function, preset first Uninstaller; Described initial Uninstaller is enable when described input data-triggered unloads the instruction of described terminal security defencive function;
Further, described permission module comprises:
First Unload module, the original uninstall procedure calling security protection module corresponding to safety protection function for the first Uninstaller unloads.
With reference to Fig. 4, it illustrates the structural representation of the system embodiment two of a kind of terminal password protection of the application, specifically can comprise:
Control desk 410 and each terminal;
Described control desk 410 comprises:
Authentication password receiver module 411, obtains for control desk and stores authentication password;
Matching module 412, to compare described character string and the local authentication password stored for control desk and mates; For matching result, terminal can be sent it to.
Described each terminal 420 comprises:
Input monitoring module 421, for the input data that monitor terminal receives;
Start module 422, for closing the instruction of described terminal security defencive function when described input data-triggered, then draw interface for password input, described interface for password input is for receiving the character string of user's input;
Character string sending module 423, described character string is sent to control desk by described terminal;
Allowing module 424, if for matching, then allowing terminal to perform the instruction of closing described terminal security defencive function;
Refusal module 425, if for not matching, then refuses terminal and performs the instruction of closing described terminal security defencive function.
Fig. 3 embodiment is corresponding with Fig. 1 embodiment of the method, and Fig. 4 embodiment is corresponding with Fig. 2 embodiment of the method, at this not at detailed description.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in a kind of terminal password proterctive equipment of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
The invention discloses the method for A1, the protection of a kind of terminal password, comprising:
Control desk obtains authentication password, and described authentication password is sent to the storage of each terminal by network;
Terminal after storing described authentication password, the process of carrying out cryptoguard comprises:
The input data that monitor terminal receives;
Close when described input data-triggered or unload the instruction of described terminal security defencive function, then draw interface for password input, described interface for password input is for receiving the character string of input;
Receive character string when interface for password input and after being identified, then the authentication password that described character string and terminal local store being compared and mate;
If matched, then terminal is allowed to perform the instruction of closing described terminal security defencive function;
If do not matched, then refuse terminal and perform the instruction of closing described terminal security defencive function.
A2, method as described in A1, after described character string matches with the local authentication password stored, allow terminal to perform closedown or also comprise before unloading the instruction of described terminal security defencive function:
Described character string is sent to control desk by described terminal;
The authentication password that described character string and this locality store compares and mates by control desk.
A3, method as described in A1 or A2, described control desk obtains authentication password, and described authentication password is sent to each terminal by network stores and comprise:
Control desk adopts cryptographic algorithm that described authentication password is carried out digital signature;
By described carry out digital signature after authentication password be sent to each terminal by network.
A4, method as described in A3, describedly receive character string and after being identified when interface for password input, then the authentication password that described character string and terminal local store compared to mate to comprise:
Described cryptographic algorithm is adopted to carry out digital signature to character string described character string;
By the character string after carrying out digital signature with described carry out digital signature after authentication password compare and mate.
A5, method as described in A1, also comprise:
Preset dynamic link library; After described input data-triggered closes the instruction of described terminal security defencive function, call described dynamic link library and perform the step after triggering the instruction of closing described terminal security defencive function.
A6, method as described in A1, also comprise:
In the performed white list of the corresponding security protection module of safety protection function, preset first Uninstaller; Described initial Uninstaller is enable when described input data-triggered unloads the instruction of described terminal security defencive function;
Further, match if described, then allow terminal to perform the instruction of closing described terminal security defencive function and comprise:
The original uninstall procedure that first Uninstaller calls security protection module corresponding to safety protection function unloads.
The method of B7, a kind of terminal password protection, comprising:
Control desk obtains and stores authentication password;
In the terminal that control desk controls, the process of carrying out cryptoguard comprises:
The input data that monitor terminal receives;
Close when described input data-triggered or unload the instruction of described terminal security defencive function, then draw interface for password input, described interface for password input is for receiving the character string of input;
Described character string is sent to control desk by described terminal;
The authentication password that described character string and this locality store compares and mates by control desk;
If matched, then terminal is allowed to perform the instruction of closing described terminal security defencive function;
If do not matched, then refuse terminal and perform the instruction of closing described terminal security defencive function.
The system of C8, a kind of terminal password protection, comprising:
Control desk and each terminal;
Described control desk comprises:
Authentication password sending module, obtains authentication password for control desk, and described authentication password is sent to the storage of each terminal by network;
Described each terminal comprises:
Input monitoring module, for the input data that monitor terminal receives;
Start module, for closing the instruction of described terminal security defencive function when described input data-triggered, then draw interface for password input, described interface for password input is for receiving the character string of user's input;
First matching module, for receiving character string when interface for password input and after being identified, then the authentication password that described character string and terminal local store being compared and mate;
Allowing module, if for matching, then allowing terminal to perform the instruction closing or unload described terminal security defencive function;
Refusal module, if for not matching, then refuses terminal and performs the instruction closing or unload described terminal security defencive function.
C9, system as described in C1,
In each terminal, also comprised before described permission module: character string sending module, described character string is sent to control desk by described terminal;
Described control desk also comprises:
Second matching module, to compare described character string and the local authentication password stored for control desk and mates.
C10, system as described in C8 or C9, described authentication password sending module comprises:
First encrypting module, adopts cryptographic algorithm that described authentication password is carried out digital signature for control desk;
First sending module, for by described carry out digital signature after authentication password be sent to each terminal by network.
C11, system as described in C8, described first matching module comprises:
Second encrypting module, for adopting described cryptographic algorithm to carry out digital signature to character string described character string;
3rd matching module, for by the character string after carrying out digital signature with described carry out digital signature after authentication password compare and mate.
C12, system as described in C8, also comprise:
First preset module, for preset dynamic link library; After described input data-triggered closes the instruction of described terminal security defencive function, call described dynamic link library and perform the step after triggering the instruction of closing described terminal security defencive function.
C13, system as described in C8, also comprise:
Second preset module, in the performed white list of the corresponding security protection module of safety protection function, preset first Uninstaller; Described initial Uninstaller is enable when described input data-triggered unloads the instruction of described terminal security defencive function;
Further, described permission module comprises:
First Unload module, the original uninstall procedure calling security protection module corresponding to safety protection function for the first Uninstaller unloads.
The system of D14, a kind of terminal password protection, comprising:
Control desk and each terminal;
Described control desk comprises:
Authentication password receiver module, obtains for control desk and stores authentication password;
Matching module, to compare described character string and the local authentication password stored for control desk and mates;
Described each terminal comprises:
Input monitoring module, for the input data that monitor terminal receives;
Start module, for closing the instruction of described terminal security defencive function when described input data-triggered, then draw interface for password input, described interface for password input is for receiving the character string of user's input;
Character string sending module, described character string is sent to control desk by described terminal;
Allowing module, if for matching, allowing terminal to perform the instruction of closing described terminal security defencive function;
Refusal module, if for not matching, refusal terminal performs the instruction of closing described terminal security defencive function.

Claims (10)

1. a method for terminal password protection, comprising:
Control desk obtains authentication password, and described authentication password is sent to the storage of each terminal by network;
Terminal after storing described authentication password, the process of carrying out cryptoguard comprises:
The input data that monitor terminal receives;
Close when described input data-triggered or unload the instruction of described terminal security defencive function, then draw interface for password input, described interface for password input is for receiving the character string of input;
Receive character string when interface for password input and after being identified, then the authentication password that described character string and terminal local store being compared and mate;
If matched, then terminal is allowed to perform the instruction of closing described terminal security defencive function;
If do not matched, then refuse terminal and perform the instruction of closing described terminal security defencive function.
2. method according to claim 1, after described character string matches with the local authentication password stored, permission terminal also comprises before performing the instruction closing or unload described terminal security defencive function:
Described character string is sent to control desk by described terminal;
The authentication password that described character string and this locality store compares and mates by control desk.
3. method according to claim 1 and 2, described control desk obtains authentication password, and described authentication password is sent to each terminal by network stores and comprise:
Control desk adopts cryptographic algorithm that described authentication password is carried out digital signature;
By described carry out digital signature after authentication password be sent to each terminal by network.
4. method according to claim 3, describedly receives character string after being identified when interface for password input, then the authentication password that described character string and terminal local store compared to mate to comprise:
Described cryptographic algorithm is adopted to carry out digital signature to character string described character string;
By the character string after carrying out digital signature with described carry out digital signature after authentication password compare and mate.
5. method according to claim 1, also comprises:
Preset dynamic link library; After described input data-triggered closes the instruction of described terminal security defencive function, call described dynamic link library and perform the step after triggering the instruction of closing described terminal security defencive function.
6. method according to claim 1, also comprises:
In the performed white list of the corresponding security protection module of safety protection function, preset first Uninstaller; Described initial Uninstaller is enable when described input data-triggered unloads the instruction of described terminal security defencive function;
Further, match if described, then allow terminal to perform the instruction of closing described terminal security defencive function and comprise:
The original uninstall procedure that first Uninstaller calls security protection module corresponding to safety protection function unloads.
7. a method for terminal password protection, comprising:
Control desk obtains and stores authentication password;
In the terminal that control desk controls, the process of carrying out cryptoguard comprises:
The input data that monitor terminal receives;
Close when described input data-triggered or unload the instruction of described terminal security defencive function, then draw interface for password input, described interface for password input is for receiving the character string of input;
Described character string is sent to control desk by described terminal;
The authentication password that described character string and this locality store compares and mates by control desk;
If matched, then terminal is allowed to perform the instruction of closing described terminal security defencive function;
If do not matched, then refuse terminal and perform the instruction of closing described terminal security defencive function.
8. a system for terminal password protection, comprising:
Control desk and each terminal;
Described control desk comprises:
Authentication password sending module, obtains authentication password for control desk, and described authentication password is sent to the storage of each terminal by network;
Described each terminal comprises:
Input monitoring module, for the input data that monitor terminal receives;
Start module, for closing the instruction of described terminal security defencive function when described input data-triggered, then draw interface for password input, described interface for password input is for receiving the character string of user's input;
First matching module, for receiving character string when interface for password input and after being identified, then the authentication password that described character string and terminal local store being compared and mate;
Allowing module, if for matching, then allowing terminal to perform the instruction closing or unload described terminal security defencive function;
Refusal module, if for not matching, then refuses terminal and performs the instruction closing or unload described terminal security defencive function.
9. system according to claim 1,
In each terminal, also comprised before described permission module: character string sending module, described character string is sent to control desk by described terminal;
Described control desk also comprises:
Second matching module, to compare described character string and the local authentication password stored for control desk and mates.
10. a system for terminal password protection, comprising:
Control desk and each terminal;
Described control desk comprises:
Authentication password receiver module, obtains for control desk and stores authentication password;
Matching module, to compare described character string and the local authentication password stored for control desk and mates;
Described each terminal comprises:
Input monitoring module, for the input data that monitor terminal receives;
Start module, for closing the instruction of described terminal security defencive function when described input data-triggered, then draw interface for password input, described interface for password input is for receiving the character string of user's input;
Character string sending module, described character string is sent to control desk by described terminal;
Allowing module, if for matching, allowing terminal to perform the instruction of closing described terminal security defencive function;
Refusal module, if for not matching, refusal terminal performs the instruction of closing described terminal security defencive function.
CN201510428995.6A 2012-09-20 2012-09-20 A kind of terminal password protection method and device Active CN105160240B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510428995.6A CN105160240B (en) 2012-09-20 2012-09-20 A kind of terminal password protection method and device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510428995.6A CN105160240B (en) 2012-09-20 2012-09-20 A kind of terminal password protection method and device
CN201210353634.6A CN102882714B (en) 2012-09-20 2012-09-20 A kind of terminal password protection method and device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201210353634.6A Division CN102882714B (en) 2012-09-20 2012-09-20 A kind of terminal password protection method and device

Publications (2)

Publication Number Publication Date
CN105160240A true CN105160240A (en) 2015-12-16
CN105160240B CN105160240B (en) 2018-03-20

Family

ID=47483868

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201510428995.6A Active CN105160240B (en) 2012-09-20 2012-09-20 A kind of terminal password protection method and device
CN201210353634.6A Active CN102882714B (en) 2012-09-20 2012-09-20 A kind of terminal password protection method and device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201210353634.6A Active CN102882714B (en) 2012-09-20 2012-09-20 A kind of terminal password protection method and device

Country Status (1)

Country Link
CN (2) CN105160240B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106055940A (en) * 2016-05-24 2016-10-26 宇龙计算机通信科技(深圳)有限公司 Application freezing management method and apparatus, and terminal

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105825097A (en) * 2016-03-14 2016-08-03 上海斐讯数据通信技术有限公司 System and method for checking and unlocking digital products through network terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691576A (en) * 2004-04-27 2005-11-02 微软公司 Account creation via a mobile device
US20060031289A1 (en) * 2002-10-25 2006-02-09 Bettina Experton System and method for automatically launching and accessing netwrok addresses and applications
CN1866870A (en) * 2006-02-23 2006-11-22 华为技术有限公司 Software validity checking system and method based on device management protocol
CN101119362A (en) * 2007-07-19 2008-02-06 南京联创网络科技有限公司 Self-defining installation, login and uninstall method of computer security agent

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7523155B2 (en) * 2004-03-18 2009-04-21 International Business Machines Corporation Method, system and program product for using open mobile alliance (OMA) alerts to send client commands/requests to an OMA DM server
CN101304318A (en) * 2008-07-04 2008-11-12 任少华 Safe network authentication system and method
CN101808317B (en) * 2009-02-18 2013-07-03 联想(北京)有限公司 Computer device and method for realizing wireless local area network security measure
CN101650768A (en) * 2009-07-10 2010-02-17 深圳市永达电子股份有限公司 Security guarantee method and system for Windows terminals based on auto white list

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060031289A1 (en) * 2002-10-25 2006-02-09 Bettina Experton System and method for automatically launching and accessing netwrok addresses and applications
CN1691576A (en) * 2004-04-27 2005-11-02 微软公司 Account creation via a mobile device
CN1866870A (en) * 2006-02-23 2006-11-22 华为技术有限公司 Software validity checking system and method based on device management protocol
CN101119362A (en) * 2007-07-19 2008-02-06 南京联创网络科技有限公司 Self-defining installation, login and uninstall method of computer security agent

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106055940A (en) * 2016-05-24 2016-10-26 宇龙计算机通信科技(深圳)有限公司 Application freezing management method and apparatus, and terminal

Also Published As

Publication number Publication date
CN102882714A (en) 2013-01-16
CN102882714B (en) 2015-08-19
CN105160240B (en) 2018-03-20

Similar Documents

Publication Publication Date Title
RU2575985C2 (en) Method and apparatus for vetting executable program using model
EP3345112B1 (en) Thresholds on scripts executable by unified extensible firmware interface systems
JP6019484B2 (en) Systems and methods for server-bound malware prevention
Miller et al. iOS Hacker's Handbook
CN102867147B (en) A kind of method and apparatus of file scan
CN107748668B (en) Method and device for upgrading application program
CN106131612B (en) The method and system of Android app dynamically load resource function module
WO2019067598A1 (en) Systems and method for deploying, securing, and maintaining computer-based analytic environments
CN102999720B (en) Program identification method and system
CN104517054A (en) Method, device, client and server for detecting malicious APK
CN103713904A (en) Method, related device and system for installing applications in working area of mobile terminal
CN104850427B (en) A kind of code upgrade method and device
CN106778348A (en) A kind of method and apparatus for isolating private data
CN104318160A (en) Malware searching and killing method and device
US11503066B2 (en) Holistic computer system cybersecurity evaluation and scoring
Ibrahim et al. SafetyNOT: on the usage of the SafetyNet attestation API in Android
CN105447383A (en) Browser operating environment detection method, client, server and browser operating environment detection system
CN103500114A (en) Method and device for installing application program
CN102999721B (en) A kind of program processing method and system
US11722526B1 (en) Security policy validation
CN102882714B (en) A kind of terminal password protection method and device
CN102982279A (en) Computer aided design virus infection prevention system and computer aided design virus infection prevention method
CN104915594A (en) Application running method and device
CN102915359A (en) File management method and device
CN104158907A (en) Method and device of downloading application program file

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20161228

Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26,

Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.

Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Applicant before: Beijing Qihoo Technology Co., Ltd.

Applicant before: Qizhi Software (Beijing) Co., Ltd.

GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee after: Qianxin Technology Group Co., Ltd.

Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee before: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.